Microservice security

Question 1

Describe the monolithic architecture?

Answer 1

user interface
Business logic
Data access layer
->
<-
DB

Question 2

What are some downsides of using a monolithic architecture? (3)

Answer 2

Limited scalability

Single-point of failure

Must rebuild entire development to change a small constraint or check

Question 3

Describe the microservice architecture (5)

Answer 3

Loosely coupled

Communicate via APIs

Maintainable and testable

Independently deployable

Organized around business logic

Question 4

What is the structure of microservice architecture?

Answer 4

user interface -> microservice ->DB

Microservice [presentation-, business-, data-layer]

Interface connected to multiple microservices, each connected to individual DBs

Question 5

Name microservice security challenges (7)

Answer 5

Trust between services

Large attack area

Testing

Low visibility

Polyglot Architecture

Container management

Secret management

Question 6

Name causes of microservice security challenges (4)

Answer 6

Architectural complexity

Poor testing

Immature tools and standards

Developer inexperience

Question 7

Name consequences in microservice security (3)

Answer 7

Susceptible to attack

Performance overhead

Increased faults

Question 8

What are the abstractions in microservice security? (3)

Answer 8

Service/Application

Communication

Visualization/Cloud

Question 9

What are the objectives of microservice security? (5)

Answer 9

CIA

Resiliency

Visibility

Question 10

Describe what we mean by low visibility of microservice architectures

Answer 10

Usually deployed on cloud. Cloud infrastructure tend to be opaque and disparate (different from normal).

Question 11

What are some challenges in regards to cloud usage? (3)

Answer 11

Securing internet-facing service endpoints

Having access management from enterprise to cloud.

Secure inter-service communication

Question 12

Why is trust between services important?

Answer 12

Some microservices might be malicious and can compromise the services they communicate with

Question 13

What can cause insecure communication between services?

Answer 13

Insufficient auth

Improper authorization

Question 14

What is a polyglot architecture?

Answer 14

Using several languages

Service 1: Java
Service 2: Python

Question 15

What is a security challenge with polyglot architecture?

Answer 15

Need to have dedicated experts who specialize in a particular technology stack.

Difficult to have a sentralized security team taking care of every service.

Question 16

What are the 5 parts of security countermeasures in micro services?

Answer 16

Best practises

Methods

Deployment tools

Development tools

Patterns

Question 17

Name some best practices

Answer 17

Defense in depth

Encryption

least privileges

rate throttling (limit number of requests from a single user)

DevSecOps

Immutable container

Secure by design

Question 18

Name some methods

Answer 18

Standards (OAuth)

Protocols (Open ID connect, mTLS)

TOKENS (JWT)

Question 19

Name some dev tools

Answer 19

Container orchestration (docker, kubernetes)

Testing

Scanners

Question 20

Name some deploy tools

Answer 20

Certificate management

Real-time monitoring

Benchmarking

config management

Identity management

Question 21

Name some Patterns

Answer 21

API gateway

circuit breaker

Strangler

Question 22

What does rate throttling defend against?

Answer 22

DoS

Question 23

How can traffic be throttled?

Answer 23

Identify that congestion is approaching

Send feedback to sender of traffic, warning against sending more packages

Question 24

What is HSM

Answer 24

Hardware Security Module

Question 25

What is HSM bootstrapping?

Answer 25

Defends against attacks targeting hw hosting the services

Question 26

What is trusted execution environments?

Answer 26

Also called HSM bootstrapping

Guarantees confidentiality and integrity of execution environments

Question 27

Where is auth and authorization needed? (4)

Answer 27

API gateways

microservices

from API to micro

Between micro

Question 28

Name 3 types of API gateways

Answer 28

NAT gateway

Peering gateway

Internet gateway

Question 29

What is a NAT gateway?

Answer 29

Network address translation

Gateway allows traffic from internet to flow into private subnets

Question 30

What is an internet gateway?

Answer 30

Required when subnets are communicating with the internet

Question 31

What is a peering gateway?

Answer 31

Establishes and controls communication between two VPCs

Question 32

What is a VPC?

Answer 32

Virtual private clouds

Question 32

What is important in API gateway security?

Answer 32

Verifiable client identification at entry points (mandate every request to contain client-ID or access token)

Authorization policies to control access

Throttling request traffic (max number request per time, max number of simultaneous requests)

Question 33

Why is service level authorization used?

Answer 33

Gives each microservice control to enforce access control policies

Question 34

What is external Entity Identity Propagation?

Answer 34

The edge layer propagates an uthenticated external entity identity and a request to downstream micro services

Question 35

Where do external Entity Identity Propagation happen?

Answer 35

Between API-gateways and microservices

Question 36

How is external Entity Identity Propagation done?

Answer 36

A microservice has to understand the caller’s context (userID, roles/groups)

A data structure representing the external entity is generated, signed or encrypted by the trusted issuer and propagated to internal microservices.

Question 37

What is mTLS?

Answer 37

Mutual transport layer security

Each microservice has public- and private key.

Uses these to auth to the recipient microservices via mTLS

Question 38

How can service-to-service auth be done?

Answer 38

mTLS

Token-based

Question 39

Describe token-based auth

Answer 39

Caller service obtains a signed token by invoking a token service using its own service ID and password.

Attack tokens to outgoing requests

Question 40

Name 5 patterns

Answer 40

Circuit breaker

CQRS

Strangler

Phantom token

Sidecar proxy

Question 41

What is a Circuit breaker

Answer 41

A service failure protection, handle it so the failure does not propagate through system.

Real-time monitor and alert

Tolerates failures to certain threshold

After threshold, fallback methods are invoked

Question 41

What is CQRS

Answer 41

Comman query responsibility segregation

Separates read and update operations for a data store

This optimizes its performance, scalability, security

Question 41

Why does CQRS help with security?

Answer 41

Easier to ensure only the right domain writes on the data

Question 42

What is strangler?

Answer 42

Used when migrating from monolithic to microservices

Mitigates risks associated with large-scale modernization projects

Question 43

What is a phantom token?

Answer 43

Preserves privacy using opaque and JWT tokens

Question 44

What is the flow of phantom tokens? (4)

Answer 44

1. Client retrieves opaque token
2. Client forwards token in API-request
3. The reverse proxy looks up the JWT token by calling the Introspection endpoint of the Token service. This is for authorization reasons
4. Reverse proxy replaces opaque with JWT in the actual request to the microservice

Question 45

How can you use sidecars for security?

Answer 45

Add cross-cutting security controls to application components that is not natively designed with that functionality

Question 46

What is a sidecar proxy?

Answer 46

Sidecar is attached to a parent application.

Provides supporting features

Co-locates set of tasks with primary application, but places them inside their process or container

Question 47

2 types of communication between services?

Answer 47

Service-level authorization

Service-to-service authentication