Chapter 7 - 09 - Discuss Importance of Load Balancing in Network Security - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Module Flow Discuss Essential Network Security Protocols Discuss Security Benefits of Network Segmentation Understand Different Types of Proxy Servers and their Benefits 7 - an T ~ 4 Discuss Fundamentals of VPN and its importance in Network s i ecurity Understand Different Types of Firewalls and their Role Discuss Other Network Security Controls Understand Different Types of IDS/IPS and their Role Discuss Importance of Load Balancing in Network Security Understand Different Types of Honeypots Understand Various Antivirus/Anti-malware Software Discuss Importance of Load Balancing in Network Security Load balancers play a major role in an organization’s IT infrastructure. They ensure the availability of applications, servers, and other IT resources to the end users and customers. It improves the efficiency and robustness of the network environment. This section discusses load balancers, along with algorithms and tools used for load balancing. Module 07 Page 994 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Load Balancer O Aload balancer is a device responsible for distributing network traffic across multiple servers in a distributed system O It has the capability of controlling the number of requests to protect against rate-based attacks such as denial of service (DoS) or distributed denial of service (DDoS) Load Balancer A load balancer/server farm/server pool is a device responsible for distributing network traffic across multiple servers in a distributed system. It can be a physical device or a virtual device running on hardware or a process. It is implemented between client devices and back-end servers. A load balancer acts as a reverse proxy, and its main purpose is to disseminate all the incoming or external network and application traffic very effectively throughout several backend servers. By distributing client requests across all servers, it ensures maximum speed capacity utilization, prevents server overloads, and provides protection from rate-based attacks such as DoS or distributed denial of service (DDoS). For example, if a server goes down, the load balancer starts distributing the traffic among other online servers. Based on the demand, if a server is newly added, the load balancer starts distributing traffic to the new server as well. If a server is removed, the load balancer starts distributing the traffic among the remaining servers. Furthermore, load balancers can also increase the maximum number of concurrent users and can increase the consistency of the applications used by the clients. Using load-balancing techniques, the response time can be decreased, throughput can be improved for each task, and the burden on the servers can be decreased, resulting in enhanced overall performance. Load balancers are categorized into layer-4 and layer-7 load balancers. Layer-4 load balancers distribute requests based on the data present in the network and transport layer protocols such as IP, TCP, FTP, and UDP. Layer-7 load balancers are found in application-layer protocols such as HTTP. These two types of load balancers receive all the requests and distribute them to a specific server according to the configured algorithm. Module 07 Page 995 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 :cunnu:-unns \\l sessssnned EEE External Firewall Load Balancer Internal Firewall sesesresnnssnsrssnssnsnsinnrennnd... Figure 7.134: Working of a load balancer Module 07 Page 996 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Types of Load Balancing Algorithms Cl Session Least Connections Affinity The algorithm to forward all the client’s requests in that session to the same application server o Round-robin Random (rer ey The load balancer chooses the The roundrobin algorithm distributes server with the incoming WA requests sequentially according to sending a request to the server the weights assigned to the servers The load balancer selects two servers randomly and sends requests to the one chosen by applying the leastconnections algorithm Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Types of Load Balancing Algorithms The choice of the load balancing algorithm depends on the requirements of the organization. Session Affinity Session affinity ensures that all user requests in a session are forwarded to the same application server. Some applications require session affinity between the client and server to provide services correctly. Session affinity uses in-memory caching to track session cookies in the request and response headers. The algorithm tracks this session cookie to forward all the client’s requests in that session to the same application server. Round-robin The round-robin algorithm is a simple load balancing algorithm that distributes incoming requests to a group of servers sequentially. In this algorithm, the initial request is sent to the first server, the next request to the second server, and so on until the final request. The same steps are repeated for the next process. This algorithm can also be weighted in such a manner that the most powerful units receive requests first and handle more requests than other units. In most cases, round-robin load balancers presume that all servers are the same, are currently online, and hold the same load with the same storage and capacity. Therefore, round-robin load balancers do not distribute the traffic effectively or accurately. Module 07 Page 997 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 User1 !-! User 2 THIEA User3 v't. Server1 ! m S