Chapter 6. Security
In today’s world, security is paramount. Sophisticated attackers are constantly probing for vulnerabilities that can lead to user data being stolen and systems being disrupted. These attacks can ruin a company’s reputation and cost hundreds of thousands of dollars. At the same time, securing against these attacks is being made harder as microservices deployments get larger and more complicated—thereby increasing their attack surface.
There are many aspects to securing your systems, and while a service mesh cannot address all of them, it plays an important role. A service mesh implements security improvements via the sidecar proxies that intercept all traffic in and out of services. A service mesh can provide:
-
Encryption of traffic between services
-
Enforcement of rules about which services can communicate with one another and what kinds of requests are allowed—for example, which HTTP paths can be accessed
-
Some mitigation against denial of service attacks by increasing service reliability (covered in Chapter 8)
However, because it operates at the platform level, a service mesh cannot provide:
-
Automatic patching of vulnerable libraries
-
Elimination of security bugs in service code
-
User authentication and authorization (for example, validating passwords)
-
Intrusion detection1
-
Other service-level security improvements
The security improvements a service mesh provides—encryption of traffic between services and enforcement of rules about which services ...
Get Consul: Up and Running now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
