Microservice security Flashcards
Describe the monolithic architecture?
user interface
Business logic
Data access layer
->
<-
DB
What are some downsides of using a monolithic architecture? (3)
Limited scalability
Single-point of failure
Must rebuild entire development to change a small constraint or check
Describe the microservice architecture (5)
Loosely coupled
Communicate via APIs
Maintainable and testable
Independently deployable
Organized around business logic
What is the structure of microservice architecture?
user interface -> microservice ->DB
Microservice [presentation-, business-, data-layer]
Interface connected to multiple microservices, each connected to individual DBs
Name microservice security challenges (7)
Trust between services
Large attack area
Testing
Low visibility
Polyglot Architecture
Container management
Secret management
Name causes of microservice security challenges (4)
Architectural complexity
Poor testing
Immature tools and standards
Developer inexperience
Name consequences in microservice security (3)
Susceptible to attack
Performance overhead
Increased faults
What are the abstractions in microservice security? (3)
Service/Application
Communication
Visualization/Cloud
What are the objectives of microservice security? (5)
CIA
Resiliency
Visibility
Describe what we mean by low visibility of microservice architectures
Usually deployed on cloud. Cloud infrastructure tend to be opaque and disparate (different from normal).
What are some challenges in regards to cloud usage? (3)
Securing internet-facing service endpoints
Having access management from enterprise to cloud.
Secure inter-service communication
Why is trust between services important?
Some microservices might be malicious and can compromise the services they communicate with
What can cause insecure communication between services?
Insufficient auth
Improper authorization
What is a polyglot architecture?
Using several languages
Service 1: Java
Service 2: Python
What is a security challenge with polyglot architecture?
Need to have dedicated experts who specialize in a particular technology stack.
Difficult to have a sentralized security team taking care of every service.
What are the 5 parts of security countermeasures in micro services?
Best practises
Methods
Deployment tools
Development tools
Patterns
Name some best practices
Defense in depth
Encryption
least privileges
rate throttling (limit number of requests from a single user)
DevSecOps
Immutable container
Secure by design
Name some methods
Standards (OAuth)
Protocols (Open ID connect, mTLS)
TOKENS (JWT)
Name some dev tools
Container orchestration (docker, kubernetes)
Testing
Scanners
Name some deploy tools
Certificate management
Real-time monitoring
Benchmarking
config management
Identity management
Name some Patterns
API gateway
circuit breaker
Strangler
What does rate throttling defend against?
DoS
How can traffic be throttled?
Identify that congestion is approaching
Send feedback to sender of traffic, warning against sending more packages
What is HSM
Hardware Security Module
What is HSM bootstrapping?
Defends against attacks targeting hw hosting the services
What is trusted execution environments?
Also called HSM bootstrapping
Guarantees confidentiality and integrity of execution environments
Where is auth and authorization needed? (4)
API gateways
microservices
from API to micro
Between micro
Name 3 types of API gateways
NAT gateway
Peering gateway
Internet gateway
What is a NAT gateway?
Network address translation
Gateway allows traffic from internet to flow into private subnets
What is an internet gateway?
Required when subnets are communicating with the internet
What is a peering gateway?
Establishes and controls communication between two VPCs
What is a VPC?
Virtual private clouds
What is important in API gateway security?
Verifiable client identification at entry points (mandate every request to contain client-ID or access token)
Authorization policies to control access
Throttling request traffic (max number request per time, max number of simultaneous requests)
Why is service level authorization used?
Gives each microservice control to enforce access control policies
What is external Entity Identity Propagation?
The edge layer propagates an uthenticated external entity identity and a request to downstream micro services
Where do external Entity Identity Propagation happen?
Between API-gateways and microservices
How is external Entity Identity Propagation done?
A microservice has to understand the caller’s context (userID, roles/groups)
A data structure representing the external entity is generated, signed or encrypted by the trusted issuer and propagated to internal microservices.
What is mTLS?
Mutual transport layer security
Each microservice has public- and private key.
Uses these to auth to the recipient microservices via mTLS
How can service-to-service auth be done?
mTLS
Token-based
Describe token-based auth
Caller service obtains a signed token by invoking a token service using its own service ID and password.
Attack tokens to outgoing requests
Name 5 patterns
Circuit breaker
CQRS
Strangler
Phantom token
Sidecar proxy
What is a Circuit breaker
A service failure protection, handle it so the failure does not propagate through system.
Real-time monitor and alert
Tolerates failures to certain threshold
After threshold, fallback methods are invoked
What is CQRS
Comman query responsibility segregation
Separates read and update operations for a data store
This optimizes its performance, scalability, security
Why does CQRS help with security?
Easier to ensure only the right domain writes on the data
What is strangler?
Used when migrating from monolithic to microservices
Mitigates risks associated with large-scale modernization projects
What is a phantom token?
Preserves privacy using opaque and JWT tokens
What is the flow of phantom tokens? (4)
- Client retrieves opaque token
- Client forwards token in API-request
- The reverse proxy looks up the JWT token by calling the Introspection endpoint of the Token service. This is for authorization reasons
- Reverse proxy replaces opaque with JWT in the actual request to the microservice
How can you use sidecars for security?
Add cross-cutting security controls to application components that is not natively designed with that functionality
What is a sidecar proxy?
Sidecar is attached to a parent application.
Provides supporting features
Co-locates set of tasks with primary application, but places them inside their process or container
2 types of communication between services?
Service-level authorization
Service-to-service authentication
