?

Secure Modern Apps & Microservices With NGINX

Bookmark
14 Launches
Solution Overview

As the tech industry make a shift from monolithic apps to microservices, two aspects of app delivery are very important: the speed with which the services are delivered and the security of the services. While microservices can be more secure, the architecture can create new attack vectors, as what were once internal API calls for monolith – and are now delivered across the network, and sometimes across the internet, to other services.

Since microservices are running via HTTP, the security concerns of traditional application security translate directly to microservices. Data injection attacks, cross-site scripting, privilege escalation and command execution are still relevant. Additionally, if the microservices don’t have sufficient monitoring in place or defenses built in, business logic attacks can go undetected.

This lab addresses the security concerns for microservices by introducing Nginx security modules like Nginx Plus ingress container with Nginx App Protect(NAP) and Nginx API Gateway with NAP.

Goals & Objectives

Module 1: In this module lab users will be performing the below tasks.

  • Explore the K8s cluster and deploy the arcadia application using manifests files
  • Explore K8s dashboard to view the various deployments
  • Deploy Nginx Plus Ingress container and access the arcadia application
  • Execute application attacks and demonstrate the application is vulnerable to Layer 7 attacks
  • Visualize the dashboards to analyze the live metrics

Module 2: In this module lab users will be performing the below tasks.

  • Delete the previously deployed Nginx Plus Ingress controller
  • Deploy new Nginx Plus Ingress controller with NAP enabled
  • Execute application attacks and observe the application is now protected against Layer 7 attacks
  • Visualize the dashboards to analyze the live metrics

Module 3: In this module lab users will be performing the below tasks.

  • Configure api-gw VM using the ansible code
  • Setup API-GW thru the Nginx Controller
  • Execute API calls and perform transactions
  • Execute API calls to demonstrate the API’s are vulnerable to Layer 7 attacks
  • Check Logs in Kibana to get the logs details

Module 4: In this module lab users will be performing the below tasks.

  • Setup Nginx App protect on the Api-Gw virtual machine
  • Configure the Nginx App protect to protect the API using the swagger open API file
  • Execute attacks against API calls and observe they are protected
  • Check Logs in Kibana

Hardware & Software

  • 1 x Windows Jumphost (Win10)
  • 1 x Nginx API GW/App Protect (Ubuntu 18.04)
  • 3 x Kubernetes cluster Nodes (Ubuntu 18.04)
  • 1 x Active Directory Server (Win Server 2012 R2)
  • 1 x Ansible Tower server (Centos 7)
  • 1 x Nginx Controller 3.7.0 (Centos 7)

Comments