April 2019
Intermediate to advanced
52 pages
1h 7m
English
Content preview from Modern Defense in Depth
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 3. Cloud-Based Lines of Defense for Web Application Security
In this chapter, you learn what lines of defense I highly recommend to fully protect web applications deployed in cloud environments. This discussion begins with the very outside edge of the cloud, which is where traffic enters the cloud environment from the internet. You can think of this as a boundary between the internet and the cloud resources deployed downstream. This discussion ends with the very inside edge, which you can think of as the very last line of defense before a web application is actually accessed by a user or attacker on the internet. All of the technologies discussed in this section make up the lines of defense in what I call the modern cloud edge.
Defensive Line 1: Edge Routers
Edge routers can often act as the first line of defense because they are fully capable of discarding unwanted traffic, given that they are processing it anyway. Organizations that either implement Border Gateway Protocol (BGP) FlowSpec on their own edge routers or work with cloud providers (who do the same to offload other downstream lines of defense) have discovered the best approach to defend against various attacks using this line of defense.
Although not always thought of in the terms of security (because edge routers are often managed by network teams and not security teams), as already mentioned, edge routers are fully capable of acting as the first line of defense to defend networks, websites, and applications. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.