BLOG POST

5 Traffic Authorization Best Practices For IT Security

 

November 12, 2015 | DevOps | joanna mastrocola

 

In any service-oriented architecture, securely governing the allowable communication between applications and services is key. It is equally as important to yield a secure way for developers and operations to directly communicate with applications and services.

Not sure how to do this? Traffic Authorization is the process of assigning everything in your infrastructure a unique identity with specific access control rules.  You need the ability to filter inbound and outbound traffic in an auditable fashion in order to achieve your compliance goals.

Traffic Authorization Tips

Here are our 5 Traffic Authorization Best Practices:

1) Don’t use passwords to grant access.

Instead, have a traffic authorization gatekeeper. A Gatekeeper is a reverse proxy that sits in from of the server, intercepting all inbound requests and verifying the token authenticity and authorization privileges of the client, using the Token Broker.   A gatekeeper also allows you to separate roles.

2) Use a Forwarder

A forwarder is a reverse proxy and you should use it to run on your local machine. It will intercept each connection to your server and place an authorization token on it. The authorization token is given to the forwarder by the Token Broker.

3) Set a Policy and Create Identities 

Always have a well defined security policy. The gatekeeper needs this policy, as this is what it enforces. Don’t forget to  assign client identities. Clients have to present an auth token to the gatekeeper.

4) Use Containers

Make deploying the application easier by using a Docker container so both the client and server can be launched and managed using the same tool: docker.

5) Make it easy on yourself… Avoid Software Defined Networking

Avoid using software defined networking to monitor and manage authorized inbound and outbound traffic. Not only is this method difficult to manage, but it also provides the risk that security will be loosened when people or code relax the traffic rules for their own purposes. Additionally, it is difficult to interact with these systems from outside of the cloud environment and thus all of your security is tied to the cloud vendor.

 

 

 

Share This