Multi-tiered Network-based Application Service Security
There are a number of options one can take to prevent malicious users from attacking application services. Some of these attacks are in the form of floods of incomplete connection requests or can take the form of compromized PC's being controlled to direct requests to certain sites and others at the same time. The graphic below outlines some of the implementation options that a ServerIron(s) [an Application Delivery Controller] can be leveraged to thwart such attacks..
List below outlines features that can be enabled on an Application Delivery Controller like ServerIron to protection applications and services from denial of service attacks. Some of these highlighted in recent YouTube video...
SYN attack protection (from floods of malicious incomplete connections)
Denial of Service (DoS) attack protection (proxy the TCP three-way handshake to offload from servers)
TRL (transaction rate limiting)
CCL (concurrent connections /rate limiting)
ACLs (restrict access to specific IP addresses)
Service port attack protection (traffic to non-defined port is dropped in HW)
Mgmt traffic attack protection
For examples on how to implement these various options on ServerIron, consult the admin guide links below.