Fortifying Network Security across All WAN Links with Additional Layers of Protection

>  Stateful Inspection Firewall
The Q-Balancer solution is incorporated with stateful inspection firewall that allows or blocks traffic based on state, IP, port, and protocol. The inbuilt firewall monitors all activity from the opening of a connection until it is closed. When new packets arrive, the inbuilt firewall compares information in the packet header to the state table and determines whether it is part of an established connection. If it is part of an existing connection, then the packet is allowed to pass through without further analysis. If the packet doesn't match an existing connection, it is then evaluated according to the rule sets for new connections. Filtering decisions are made based on both user-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.

>  DNS Firewall
DNS firewall prevents network users and systems from connecting known-malicious sites. While conventional DNS servers can't distinguish between normal and malicious domains and not to mention to block access to specific domains, the Q-Balancer inbuilt DNS firewall selectively intercepts DNS resolution for known-malicious network assets including domain names, IP addresses, and name servers.

The inbuilt DNS firewall works by employing DNS Response Policy Zones (RPZs) and actionable threat intelligence to prevent the access to specific sites. The inbuilt DNS firewall also provides information on the blocked DNS queries, helping IT isolate infected devices for remediation. The inbuilt DNS firewall can block:

Phishing-related domains– When the DNS Firewall is enabled, the office user who attempts to access the phishing site will be prevented from doing so, and is therefore protected from the potential threat that could cause.

Malware-related domains– According to the Threat Report, 91% of malware are using DNS services to build attacks. A global 2019 DNS Security survey conducted by IDC revealed that 82% of respondents said they had been targeted by a DNS attack in the last 12 months, yet traditional firewalls is not enough to mitigate this type of threat. The inbuilt DNS firewall protects enterprises against malware that use DNS to communicate with command-and-control (C&C) malwares.

Botnet command and control– The inbuilt DNS firewall helps IT rapidly pinpoint compromised devices, isolating them and preventing their DNS communications with malicious C&C servers and botnets.

Identify infected hosts– With the visibility to the log for blocked DNS queries, you can identify the infected hosts with the information, e.g., name, IP address, time, etc., for improved threat remediation and security response.

>  DDoS Attack Prevention
A denial-of-service (DoS) attack is sending the overwhelming data requests to a targeted system. The attacker attempts to exhaust normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, and eventually the attack prevents normal traffic from arriving at its destination.

A distributed DoS (DDoS) attack is launched from numerous compromised computer systems as slave computers, often distributed globally in what are referred to as zombies or bots. In a DDoS attack, the attacker has remote control over a group of bots, which is called a botnet. Once a botnet has been established, the attacker (or botmaster) is able to direct the comprised machines by sending updated instructions to each bot through a command and control server. When the IP address of a victim is targeted, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, leading to a denial-of-service to normal traffic.

The Q-Balancer DDoS attack prevention is incorporated with the ability to detect and filter malicious traffic, resisting or preventing the impact of DDoS attacks on business networks. The Q-Balancer DDoS attack prevention protects enterprise network against the most commonly used DDoS attacks below:

UDP Flooding– A UDP flooding, by definition, is any DDoS attack that floods a target with UDP packets. The goal of the attack is to flood random ports on a remote host. This causes the host to repeatedly check for the application listening at that port, and (when no application is found) reply with an ICMP ‘Destination Unreachable’ packet. This process exhausts host resources, which can ultimately lead to inaccessibility.

ICMP Flooding– Just like the UDP flooding attack, an ICMP flooding overwhelms the target system with ICMP Echo Request packets, generally sending packets as fast as possible without waiting for replies. Other than system resources the ICMP flooding attack can consume both outgoing and incoming bandwidth, since the target systems will often attempt to respond with ICMP Echo Reply packets, resulting in a significant overall system slowdown.

SYN Flooding– In a SYN Flooding attack, the attacker uses the TCP connection sequence to make the target system unavailable. The attacker sends SYN requests to the target system which then responds with a SYN-ACK response. The sender is then supposed to respond with an ACK response but instead the attacker doesn’t respond (or uses a spoofed IP address to send SYN requests instead). The target system continues to wait for acknowledgement for each of the requests, binding resources until no new connections can be made, and ultimately resulting in denial of service.

HTTP Flooding– In a HTTP Flooding attack the attacker users HTTP GET or POST requests to launch an assault on an individual web server or application. HTTP floodings are a Layer 7 attack and don’t use malformed or spoofed packets, and require less bandwidth than other attacks to bring down the target system or server. The attack is most effective when it forces the server or application to allocate the maximum resources possible in response to every single request.

Port Scanning– An attacker launches a Port Scanning by using a listening service to see what ports are open, and so as to evaluate whether or not those services are vulnerable to common exploits or configuration issues on the target system. A port scanning attack occurs when an attacker sends packets to target system, which can vary the destination port. Most online systems get scanned every day.

>  ARP Spoofing Attack Protection
Unlike devices on the internet, devices in the LAN don’t communicate directly via IP addresses. Instead, they use physical hardware addresses for addressing in local IPv4 networks. For the communication between hosts on LAN, the target MAC address needs to be initially determined before the packets can be delivered to the target. This process is mainly completed by address resolution protocols (ARP).

ARP spoofing is a type of attack in which an attacker sends a fake or spoofed ARP message over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. As a result, the attacker can intercept, modify or block communications to the legitimate MAC address.

The Q-Balancer is able to protect enterprise network against the threat of ARP spoofing, and the solution allows enterprises to control network access for devices on LAN based on the static ARP entries. Traffic is allowed through only when the host IP address matches a specified MAC address on the static ARP table. Traffic from the IP hosts which cannot be found on the static ARP table would be dropped and logged.

Top Benefits

  • Fortified network security

  • Application, user and device control

  • Enhanced compliance

  • Mitigated network security threat through distributed Denial-of-Service (DDoS) Prevention

  • Enterprise-grade encryption

  • Improved productivity

  • Visibility