The A10 Networks ADC must implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-237050	AADC-AG-000100	SV-237050r639597_rule		Medium

Description
Although maintaining high availability is normally an operational consideration, load balancing is also a useful strategy in mitigating network-based DoS attacks. If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Load balancing provides service redundancy which reduces the susceptibility of the enclave to many DoS attacks. Since one of the primary purposes of the Application Delivery Controller is to balance loads across multiple servers, it would be extremely unusual for it to not be configured to perform this function.

Description

Although maintaining high availability is normally an operational consideration, load balancing is also a useful strategy in mitigating network-based DoS attacks. If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Load balancing provides service redundancy which reduces the susceptibility of the enclave to many DoS attacks. Since one of the primary purposes of the Application Delivery Controller is to balance loads across multiple servers, it would be extremely unusual for it to not be configured to perform this function.

STIG	Date
A10 Networks ADC ALG Security Technical Implementation Guide	2021-03-25

Details

Check Text ( C-40269r639595_chk )
Review the device configuration. Ask the Administrator which Application Delivery Services are being provided by the device. The following command displays information for Server Load Balancing: show slb If no Server Load Balancing sessions exist, this is a finding.

Fix Text (F-40232r639596_fix)
Configure the device to balance the traffic load of provided services. This will require configuring Server Load Balancing.