Tuesday, September 29, 2020

Network engineering continued

 This is a continuation of the earlier posts starting with this one: http://ravinote.blogspot.com/2020/09/best-practice-from-networking.html

47) Key Management: We have emphasized that keys are needed for encryption purposes. This calls for keys to be kept secure. With the help of standardized key management interfaces, we can use external KeySecure managers. Keys should be rotated every now and then.

48) API security: it is almost undeniable to have APIs with any network service. Every request made over the web must be secured. While there are many authentication protocols including OAuth, each request will be sufficiently secured if it has authorization and a digital signature. API keys are not always required.

49) Integration with authentication provider:  IPSec protocol has been integrated with Active Directory. This enables organizations to take advantage of authorizing domain users. Identity and Access management for cloud services can also be referred to.

50) Auditing: Audit serves to detect unwanted access and maintain compliance with regulatory agencies. Most network services enable auditing by each and every component in the control path. This is very much like the logging for components. In addition, the application exposes a way to retrieve the audits.

51) Offloading: Every bookkeeping, auxiliary, and routine activity that takes up system resources could be a candidate for hardware offloading so long as it does not have significant conditional logic and is fairly isolated. This improved performance in the data path especially when the activities can be consolidated globally.


No comments:

Post a Comment