Ensuring Reliable Network Connectivity with High Availability Load Balancing

By: Adil Baghir, Technology Consultant Lead, Middle East & Africa at A10 Networks

The load balancer market is expected to grow to US$ 5billion by 2023, and trends such as mobile broadband, multi-cloud and hybrid cloud, virtualisation, remote working, and bring your own device (BYOD) have helped to fuel this growth. The result is that tremendous pressure is being placed on IT departments to ensure high availability for mission-critical applications such as ERP, communication and collaboration systems, and virtual desktop infrastructure (VDI).

The need for high availability

High availability, which is the ability of a system or system component to be continuously operational for a desirably long period of time, can help IT departments implement an architecture that uses redundancy and fault tolerance to enable continuous operation and fast disaster recovery. This is true for every element of the data centre—from high availability for applications to high availability for the load balancer or application delivery controller (ADC) that manages network traffic within and across the data centres in an environment.

High availability begins with identifying and eliminating single points of failure in the infrastructure that might trigger a service interruption—for example, by deploying redundant components to provide fault tolerance in the event that one of the devices fails. Load balancing, whether provided through a standalone device or as a feature of an ADC, facilitates this process by performing health checks on servers, detecting potential failures, and redirecting traffic as needed to ensure uninterrupted service.

While ensuring fault tolerance for servers is obviously critical, a high availability architecture must also consider the load balancing layer itself. If this becomes unable to perform its function effectively, the servers below run the risk of overflow, potentially compromising their own health as well as application performance and application availability. This makes redundancy just as important for the load balancer or ADC as for any other component in the data centre.

As with a high availability server cluster, there are several ways in which load balancers or ADCs can be deployed to provide high availability, including:

  • Active-standby – The most common configuration, the active-standby model includes a fully redundant instance of each ADC which is brought online only in the event that its primary node fails. Each active ADC can be configured differently, though each active-standby pair will share the same configuration.
  • Active-active – In this model, multiple similarly configured ADCs are deployed for routine use. In the event that one node fails, its traffic is taken over by one or more of the remaining nodes and load balanced as needed to ensure consistent service. This approach assumes that there will be sufficient capacity available across the cluster for it to function even when one ADC is unavailable.
  • N+1 – Providing redundancy at a lower cost than active-standby, an N+1 configuration includes one or more extra ADCs that can be brought online in the event that any of the primary ADCs fails.

In each case, rapid failover enables fault tolerance and disaster recovery for the load balancing function so that application performance and application availability are not affected by the failure. Failover and traffic management is typically managed through a version of the Virtual Router Redundancy Protocol redundancy standard.

Key high availability features for load balancing or ADC

In addition to ensuring high availability for your ADC, you should also make sure that your ADC provides high availability for the applications whose traffic it manages. In the event that a server fails, the ADC can reroute traffic to another available server in the cluster. Key features that enable this function include:

  • Load balancing methods – There are several methods that can be used for server selection, including round robin, least connections, weighted round robin, weighted least connections, fastest response, and more. Your ADC should offer all these options to allow the most suitable configuration for your environment and priorities.
  • Health monitoring – To ensure rapid failover with little or no downtime, server health should be continuously assessed based on a number of indicators, including:
    • Time series of total bytes in and out from each server
    • Time series of traffic rates (in Mbps) in and out from each server
    • Percent of error traffic over range
    • Number of good SSL connections
    • Average application server latency by service
    • Client-side latency SRTT, max, min, and average as a time series
    • Custom health checks such as measuring the response time for specific SQL database queries

Why this is so critical?

As enterprises become further dependent on the Internet to get business done, the threat of downtime can become a competitive disadvantage. Direct financial losses are substantial and a primary reason why businesses need to establish a high availability solution. Apart from the direct cost of downtime we also see business continuity, in terms of reputation and data loss, as another factor encouraging businesses to ensure high availability is implemented. Firstly, reputation will improve as the business and brand is known for its reliability versus its competitors. Secondly, reducing risk of data loss is essential as due to the severe penalties incurred under the terms of the GDPR. A highly available infrastructure also mitigates the negative impact of outages to revenue and productivity.

Phishing in a Pandemic: How to Combat Social Engineering Attacks

By Aamir Lakhani, Global Security Strategist and Lead Researcher for FortiGuard Labs.

Over the past few months, threat intelligence teams around the world have been tracking a significant increase in phishing attacks. These attacks coincide with a temporary drop in more traditional attacks, indicating that attackers, like workers, are modifying their efforts in order to accommodate changes due to the pandemic. In fact, our recent Global Threat Landscape Report details this and more.

More people are now working from home, and they are connecting back into the office from their home networks, and quite often, using their personal computers. Attackers are looking to target these users’ devices as a way into the corporate network or cloud. They attempt to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information via email or over the phone. They do this by impersonating legitimate organizations, such as the Centers for Disease Control and the World Health Organization, and offering fake informational updates, discounted masks and other supplies, and even promises of accelerated access to vaccines. Similar attacks target healthcare workers, political movements, or even the recently unemployed using the same sort of tactics.

Of course, such tactics are not new. We regularly see spikes in social engineering tactics around major events and catastrophes. Criminals respond to hurricanes and other natural disasters by pretending to be relief organizations, and major sporting events such as the World Cup where they lure victims with promises of discounted tickets or free streaming services.

Social Engineering Works

The reason that social engineering – an attack strategy that uses psychology to target victims – is so prevalent, is because it works. According to Verizon’s 2019 Data Breach Investigations Report (DBIR), nearly one-third of all data breaches involved phishing in one way or another. Cybercriminals are opportunistic, and they constantly prey on the only vulnerability that cannot be patched – humans.

It is a perpetual bombardment, every minute of the day, 24x7x365. And the odds are in the favor of the attacker, because they only need one unsuspecting person to click on a malicious link or attachment to open up the gates into the corporate network. And the truth is, nobody is immune – from entry-level employees, contractors, and interns at one end, on up to the C-Suite at the other. Business partners can also be indirect targets, mining them to obtain information to soften up targets. And for those of us now connecting to the office through our home networks, even our children are potential targets. Even seasoned security professionals get caught off-guard, in part because attack tactics have become more sophisticated. 

The goal, of course, is to gain access to our networks and sensitive information, either to steal it, corrupt it, or hold it for ransom. Most often, however, spear phishing is just the tip of the attack, and can easily go unnoticed by a victim who has been compromised. 

Training Alone is Not Enough

Of course, cybersecurity awareness has grown – up to 95% of employees now receive phishing training so they can learn to spot suspicious emails. This is important progress, as most breaches start with a phishing email followed by an unsuspecting employee who opens a malicious file or clicks on a bad link. Despite this training push, however, the number of employees that can tell the difference between a legitimate email and a malicious one remains frighteningly low. That’s because cybercriminals are experts at the art of masquerading, manipulating, influencing, and devising lures to trick targets into divulging sensitive data, and/or giving them access to our networks and/or facilities. 

There are two challenges at play here: employees are not taking cybersecurity seriously, and cyberattacks are getting even more sophisticated. For example, there are still far too many employees who never change their passwords, and two-thirds who still do not use a password management tool. At the same time, years of training people to identify phishing emails, avoid clicking on suspicious links, and follow best practices with their passwords have not panned out the way InfoSec professionals would have liked. 

The thing is, people know they need to use complex passwords, but they still use obvious choices that hackers can easily guess or discover by simply browsing a target’s social media sites, such as their pet’s name, the name or birthday of their child, or the year they graduated from college. 

The problem is not awareness – it is rooted in human behavior. Safe password practices – using long passwords with non-sensical characters and numbers, for example – take extra effort to implement. And when it comes right down to it, employees have shown that, for whatever reason, the extra effort is not worth their time and energy. 

Security 101: It’s All About People, Products, and Process 

The first step is to help employees feel like they are part of the security team. Helping them understand the repercussions of a security event, and how it can personally affect them, is a good place to start. Seeing connections such as these – between safe cybersecurity practices and the positive impact they feel they are making when everyone is engaged and responsible – should lead to direct improvements in how people behave when they are confronted with suspicious cyber behavior or questionable email or websites.

Next, give employees the tools they need to succeed. For example, in most organizations there is typically no easy way for employees to manage a multiplicity of complex passwords. If they choose to use a password management program, one which generates and manages complex passwords, it is only because of their own initiative. 

And finally, change the process by taking as much of the risk out of their hands as possible. Organizations need to update email security gatewayswith sandboxing and content disarm and reconstruction (CDR) tools to eliminate malicious attachments and links. They need to use web application firewalls to secure access to websites and identify and disable malicious links or embedded code or deploy cloud-based solutions and endpoint detection and response (EDR) tools so users are protected both on- and off-premise. They also need to add proactive access controls to ensure that connections originating from compromised home networks and personal devices can’t be used as a conduit for an attack.

Final Thoughts on Fulfilling Security Responsibilities

Regardless of the details, the most important key to improving an organization’s risk profile is still getting employees involved, one way or another, in accepting and fulfilling their security responsibilities. With training, the right tools, and effective processes, including support from top-tier company leaders, security teams can help everyone take cybersecurity seriously — and take a serious bite out of cybercrime.