Are you currently experiencing an attack?

Are you currently experiencing an attack?

Load Balancing and Security

Summary

Load balancing provides many benefits for the organizations that use it. However, it adds a significant amount of complexity to the processing of traffic. This raises a question: what additional vulnerabilities might it create for the user?

Keep reading: Related Content

More Topics

Summary

Load balancing provides many benefits for the organizations that use it. However, it adds a significant amount of complexity to the processing of traffic. This raises a question: what additional vulnerabilities might it create for the user?

Load Balancing and Security

Load balancing provides many benefits for the organizations that use it. However, it adds a significant amount of complexity to the processing of traffic. This raises a question: what additional vulnerabilities might it create for the user?

When done correctly, load balancing is a fairly self-contained process, with little coupling into the backend services to which it distributes traffic. (For more information, see What is Load Balancing? and How Load Balancing Works.) Therefore, it would seem to introduce little additional risk to the organization that uses it. Although this is mostly true, there are still several security issues that organizations must consider. Fortunately, they are not difficult to mitigate.

Traditionally, a load balancer (LB) was either a dedicated hardware device, or an Internet-facing server running an LB service. Both forms had advantages and disadvantages. For example, dedicated hardware can be very performant, but commodity servers running LB software are usually much cheaper. Today, cloud load balancing is rapidly becoming the most popular form of LB. It offers many advantages (including a number of capabilities that weren’t available previously), at a low cost.

Regardless of the type of LB being used, the same types of security issues must be considered:

  • Vulnerabilities in the load balancer itself
  • Vulnerabilities in its configuration
  • Vulnerabilities in its use

Vulnerabilities in the load balancer: Whether it’s hardware or software, the load balancer is potentially an exploitable target for attackers.

Traditional LB systems present the highest risk, especially when the backend system uses a castle-and-moat approach to security. In this situation, if the load balancer is behind the network perimeter (even if only partially), then it is potentially a point of entry for cybercriminals. A vulnerability in the LB could be leveraged into a penetration of the network. 

This risk has largely been eliminated with cloud load balancing, which tends to be less vulnerable to exploitation. The large cloud providers are diligent about offering secure products, and they quickly fix any problems that are found. 

More importantly, cloud LB products are stand-alone services. By their nature, they are not tightly coupled to their backends. Therefore, even if a cloud LB were exploited, it would be difficult for the attacker to leverage this into a compromise of the backend system. The most likely outcome is that the attacker could only interfere with the operation of the LB itself. This would result in a simple DoS (Denial of Service) attack, which the victim could quickly recognize and remediate.

Vulnerabilities in the LB configuration: There are different ways to setup and use an LB. Some of these choices will have implications for security. Organizations need to carefully consider the options for the LB products that they use, and configure them according to best practices for security.

For example, LBs must maintain session data for each client. One approach is to include the data in the URLs that each client accesses. However, this creates a potential security risk, because URLs can be rewritten by the client. An attacker could submit requests with URLs containing scripts or other exploit attempts. To avoid this problem, the LB should be configured to maintain session data in other ways, such as client cookies. 

Vulnerabilities when using an LB: The load balancing process can introduce a unique vulnerability to the system that uses it. It is very common today for a LB system to include a reactive autoscaler. (For more information on this, see What is autoscaling?) If it does, attackers can abuse it by waging a “yo-yo attack.”

Here, the attacker sends the targeted system a massive amount of (spurious) traffic. After a short delay, the LB responds by scaling up, and bringing more backend resources online. The attacker immediately stops sending traffic; at this point, the LB is once again receiving only legitimate requests, at a normal volume. The LB waits for a short while, to ensure that traffic conditions have really changed, before it scales down thebackend resources again. Once this occurs, the attacker launches another wave of traffic, to make the LB autoscale upward again. This cycle repeats over and over again.

This is called a yo-yo attack, because incoming traffic goes up and down. It creates two problems for the victim.

First, it is a partial DoS (Denial of Service), because it degrades system performance for part of each cycle (the period in which traffic has increased, but more resources have not yet come online). Second, it drastically increases the ratio of backend resource usage to legitimate client demand. This forces the victim to pay for a lot of resources that aren’t actually needed, which can inflict substantial financial damage. Meanwhile, the attacker is able to wage a DoS attack for relatively low cost, because  the attack consumes bandwidth and other resources for only part of each cycle.

Yo-yo attacks can be problematic for victims who are not prepared for them. Fortunately, there are ways to mitigate these assaults. A good web security platform has ways of recognizing and preventing these attacks from succeeding. For example, a client which is sending traffic in yo-yo patterns can be blocked outright. 

Or, another approach is to deceive the attacker. The system can delay its responses to these clients, making it difficult for attackers to accurately gauge its current state and status. This disrupts the pattern of the attack.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.