Content

Ingrian i215

Ingrian offers a range of appliances that are designed to secure any application that uses secure socket layer (SSL) transactions, while at the same time speeding up the performance. The company has recently added other features, including authentication, authorization, GZIP compression and an interface to external intrusion detection systems.

The growing demand for secure connections to web servers for e-commerce applications has led to a huge growth in SSL traffic. Because SSL uses public-key cryptography, negotiating an SSL connection requires a lot of resources to perform the exchange of session keys - a process called SSL handshake. This can place a heavy load on web servers and lead to large web server farms being necessary. The Ingrian i215 is designed to solve this problem by taking care of SSL negotiation itself, offloading that task from the web server. The i215 can perform 1,600 SSL handshakes per second, while keeping track of up to 32,000 concurrent SSL connections and their associated session keys.

It is not just secure HTTP traffic that benefits; the i215 can accelerate any protocol over SSL - including IMAP and POP mail protocols.

Another feature is caching of all secure static content, such as banners, buttons and navigation frames. This relieves the backend web server of the task of delivering this static content every time it is requested. The i215 can dramatically reduce the number of real backend web servers required.

There is much more to the i215 than just SSL acceleration. Every secure web site must have a site certificate to allow authenticated SSL connections to the outside world. The i215 can also act as a certificate authority (CA) for this public key infrastructure (PKI) application.

Certain types of intrusion attacks could be hidden in what are effectively SSL VPN tunnels. To combat this, the i215 has a specific option to mirror all SSL encrypted traffic in unencrypted form to a dedicated port, which can be connected to any network-based IDS.

The i215 has the ability to encrypt data for storage. For example, credit card numbers, which often form part of SSL traffic, can be encrypted by the i215 for storage in external databases - keeping such data safe against insider attacks from those who may have access to your storage systems or backup media.

Product title
Ingrian i215
Product info
Name: Ingrian i215 (Appliance group test) Description: Price: from $19,995 (platform); from $4,995 (service engine)
Strength
Web site performance is enhanced greatly, not only for SSL transactions but, if desired, for all HTTP traffic because of the caching.
Weakness
Focused on securing web server transactions and associated e-commerce demands - not a general-purpose security appliance.
Verdict
A high-performance SSL accelerator that combines authentication, authorization, compression and secure storage. and integrates with any IDS.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds