Kemp Security Series 2020 – Part 0: LoadMaster SecurityDavid O'Connor
Kemp Technologies LoadMaster® is an industry leading, award winning load balancer with the most flexible multi-cloud deployment options, subscription and metered licensing, customers can easily augment or replace existing load balancers from any provider … which is fantastic, but did you about know Kemp’s security posture?
The Kemp Technologies LoadMaster is built on an optimized Linux Operating System (OS). The optimizations are focussed on capabilities in Layer 7 handling for applications and firewall appropriate features. By this, I mean that by default all ports are closed, as you configure your specific applications (and associated protocols), you enable only the specific ports that are required to enable that application. Protection for DOS attacks like slow loris, IP management (Access Control Lists) and Packet Routing Filters are natively built into the OS. All unnecessary services and applications are removed.
The LoadMaster OS user authentication is tightly controlled. Kemp provides the ability for system administrators to customize the security posture or further tighten policies regarding whom can access the LoadMaster. Further information is available here.
Logging the correct data in the logs and monitoring those logs closely is vital for a sound security posture. The LoadMaster OS provides detailed system logging to alert suspicious activities, track user activities and assist in post-event investigations.
Also, included in the LoadMaster OS is Intrusion Prevention / Intrusion Detection Systems (IPS/IDS) running Snort rules to add an extra layer of security.
Tried and Tested
Kemp Technologies regularly submits the LoadMaster for penetration testing from industry-leading security auditors. The LoadMaster SSL/TLS implementation is also kept up to date with current industry best practice and tested against sites such as Qualys SSL Labs. The results of these tests can be made available to interested customers. This continuous testing ensures that in addition to the proven success of the LoadMaster in Kemp’s 100,000 global application deployments in public, private and closed networks, it has been thoroughly vetted by known industry security leaders.
Kemp Technologies is an ISO9001 certified organization and has a solid plan of action in the event a security vulnerability is discovered. Despite Kemp’s best efforts to proactively resolve any potential threat prior to the release of Kemp’s code, security vulnerabilities may be identified that need remediation work. Steps include, incident reporting, analysis, containment, mitigation and resolution with communication to all stakeholders throughout. In the event that you discover an issue with the Kemp Technologies LoadMaster, please email email@example.com to report the identified issue. Kemp Technologies also publishes responses to Common Vulnerabilities and Exposures (CVEs), which includes known vulnerabilities in the Kemp Technologies LoadMaster. Kemp advises all key administrators to subscribe to https://support.kemptechnologies.com to receive announcements for detailed updates. They would advise all key administrators to subscribe to https://support.kemptechnologies.com to receive announcements for detailed updates.
This article was originally published on Kemp Technologies’ Blog, and was written by David O’Connor.
David O’Connor is a Product Manager in Kemp working in Limerick, Ireland. He holds a bachelor’s degree in Computer Engineering from University of Limerick. David has a telecoms background with previous roles in development, customer support and presales with a focus on product-market fit and creating tech products that customers love.