5 Traffic Authorization Best Practices For IT Security
November 12, 2015 | DevOps | joanna mastrocola
In any service-oriented architecture, securely governing the allowable communication between applications and services is key. It is equally as important to yield a secure way for developers and operations to directly communicate with applications and services.
Not sure how to do this? Traffic Authorization is the process of assigning everything in your infrastructure a unique identity with specific access control rules. You need the ability to filter inbound and outbound traffic in an auditable fashion in order to achieve your compliance goals.
Here are our 5 Traffic Authorization Best Practices:
1) Don’t use passwords to grant access.
2) Use a Forwarder
A forwarder is a reverse proxy and you should use it to run on your local machine. It will intercept each connection to your server and place an authorization token on it. The authorization token is given to the forwarder by the Token Broker.
3) Set a Policy and Create Identities
4) Use Containers
5) Make it easy on yourself… Avoid Software Defined Networking
Avoid using software defined networking to monitor and manage authorized inbound and outbound traffic. Not only is this method difficult to manage, but it also provides the risk that security will be loosened when people or code relax the traffic rules for their own purposes. Additionally, it is difficult to interact with these systems from outside of the cloud environment and thus all of your security is tied to the cloud vendor.