Security features in NetScaler®
Since NetScaler often sits in front of many different services, this might make it a popular target for hackers. This might for instance affect PCI-DSS services, such as VISA or PayPal. Or just plain web services, perhaps an intranet portal or some other sort of sensitive data.
So the goal is to configure NetScaler to deflect common forms of attack and activate counter-measures when someone is trying a particular form of attack.
A popular question that is often asked is: should NetScaler be in front of the firewall or should the firewall be the first line of defense?
NetScaler has many prebuilt defense mechanisms against, for instance, Denial of Service (DoS) attacks on the TCP layer. The default TCP profile nstcp_default_profile has a setting called TCP SYN Cookie that in essence stops DDoS attacks using
TCP SYN Flood.
Under TCP Profiles we also have the option to enable SYN Spoof Protection, this feature is not enabled by default but it can help NetScaler to...
