Chapter 6. Public-Facing Services
In Chapter 5, I discussed the need to divide the network architecture and all your backend services into cleanly segregated pieces through the process of microsegmentation. Microsegmentation is great at having a clean and simple backend process that can be secured thoroughly. Although this process of domain segregation may work well for backend services, the end user–facing systems have to be designed with the requirements and security of the user in mind. These public-facing services are also called edge servers because they happen to live at the edge of your application.
Having a clean and separate edge infrastructure helps in decoupling the domain design of your backend services from the ever-evolving requirements of the end user. Figure 6-1 shows an example of a typical application where the edge is cleanly separated from the rest of the backend microservices.
Figure 6-1. This chapter focuses on the “public-facing edge server” area, which acts as the first point of contact with your application for anyone trying to access your services from the internet.
Let me begin this chapter by saying that the services on the public-facing edge servers are inherently less secure than the backend services. For any system, potential threats can be classified into three categories: possible, plausible, and probable. A lot of attacks are possible in theory. ...