If you haven’t spent the past year on a desert island, you know that networking environments can feel like a security battlefield. Network and application security leads the list of things keeping IT teams awake at night. Even amateur attackers have a broad range of tools at their disposal to probe and infiltrate your servers and network infrastructure. EQ/OS 10 was designed to provide you with the tools you need to fight back.

Attacks on web-based applications take on a variety of forms. Successful attacks have been launched on Web servers, application scripting languages and the pages that implement the applications. In addition, network infrastructure such as routers, switches and ADCs have been used as a means of subverting or gaining entry to other elements of the application delivery stack.

EQ/OS 10’s security architecture builds on the following critical security concepts:

Authentication, Encryption and Verification

As a gateway between untrusted networks (AKA the Internet) and sensitive internal servers, databases and software, EQ/OS 10 enables the benefits of Public Key Infrastructure to allow our customers to meet compliance requirements and to secure their data and that of their customers.

If all Web based applications and services were secured by SSL/TLS encryption and authentication, the Internet would be a much safer place. EQ/OS helps alleviate the cost, complexity and performance considerations that often prevent companies from deploying HTTPS based sites and applications. >

Cost reduction through certificate sharing saves money by eliminating the need to purchase multiple certificates. Hardware based SSL acceleration eliminates the heavy CPU load that security protocols typically impose on servers, reducing the need for server upgrades and large server farms. Finally, EQ/OS 10 makes these complex security concepts easy for administrators to understand and implement.

Role-based access

EQ/OS 10’s security model provides access control for every configuration object. As a result, an Equalizer system running EQ/OS 10 software may be configured very specifically to provide only the access that a user needs to a particular system component. Server administrators may need read-only access to network objects such as VLANs and subnets but need full administrative control for the servers and clusters that live on those networks. Larger enterprises that share ADCs between departments need the ability to control access based on organizational rules. The benefit to EQ/OS 10 users is confidence that only appropriate and authorized staff have the ability to view or modify critical system configurations.

Implicit deny

It is a well-known rule among security-minded administrators that unless someone who has considered the consequences explicitly permits an action, that action should be prohibited by default. EQ/OS 10 builds on this concept for controlling network traffic between networks and VLANs as well as for administrative control of configuration objects. Enabling our customers to implement a well considered security model is a priority for Coyote Point’s product teams.

Least Privilege and Defense in depth

We designed EQ/OS 10 knowing that every exposed interface was a potential entry point for attackers. Understanding that management tools like SNMP or web GUIs have been used in the past to gain control of network appliances, Coyote Point built the EQ/OS 10 platform with a granular privilege model that allows each component to execute with only the capabilities it requires to do its job.

Coyote Point isolates core Application Delivery functionalities from administrative components using a well defined configuration management subsystem. This creates an environment in which even a successful attack would not interrupt or divert critical application delivery.

Coyote Point takes application security Very Seriously. We built EQ/OS to help our customers meet their security goals. After all, what good is a reliable, high performing Web application delivery platform if you can’t trust it to guard your property?