I have wrote about some general articles about microservices and software security separately.
Microservices - Article Series
I wrote series of articles related to Microservices Architecture during the last few months.
Software Security -Article Series
Here is the series of articles related to Software Security.
Now lets talk about how to implement security in microservices based system. Fundamentals remains same, but there are some unique challengers in microservices systems that we need to be aware off.
The main challenge is that microservices system can have a lots of moving parts. They are running in its own environment. The system is extremely distributed and each component in the system has to be secured.
Security the network
Communication between microservices is the most important element in microservices systems. So the network and the communication between the services must be as secure as possible.
- Implement TLS, of course the newer version, not the 1.0 or 1.1. It uses cryptographically secure techniques to mutually authenticate individual microservices and encrypt the traffic between them.
2. Restrict IPs. In other words we should not allow unknown or unauthorized systems to access the services. We can define IP whitelist. This list define what are the addresses that can access each service.
3. Use gateway. In other words, every inter-service calls go thru the gateway. In this case things such as authentication/authorization can be handle thru the gateway. Also monitoring, rate-limits and much more.