0

We have a couple of very important internal restful services that are placed behind firewall. I Would like to know if having only firewall is going to protect our services or not ?

I would like to learn as much as possible so we can make the right decision protecting our data.

May be adding SSL and HMAC or OAuth are few options to consider however I am not expert in this field and any input is appreciated.

Raha
  • 1,959
  • 3
  • 19
  • 28

1 Answers1

2

I'm no security expert either, but all of our internal APIs have specific access controls, are served only over SSL and require access tokens for authentication.

I wouldn't open up an internal database to everybody, so I'm not leaving an API wide open either.

duffn
  • 3,690
  • 8
  • 33
  • 68
  • Thanks #duffin, good input. So you are saying that we should also protect the API. What kind of access token implementation do you use ? HMAC style ? – Raha Aug 13 '15 at 03:57
  • @Raha We use LoopBack for our APIs. https://docs.strongloop.com/display/public/LB/Making+authenticated+requests – duffn Aug 13 '15 at 11:22