Document updated on Mar 13, 2023
Zero-trust policy
Real-world API deployments suffer attacks every day, even if you don’t notice it. Where there is an accessible server, there is malicious activity.
The Zero Trust security is a software architecture design choice to deny by default any activity unless specifically allowed. This type of policy is very secure, but usually adds a lot of burden on infrastructure administrators. KrakenD offers a balance of tools and default secure choices to ease the administration while keeping the software secure.
Zero Trust pillars
- Explicit declaration
- Least-privilege access
- Assume breach
Nothing behind the corporate firewall is safe. Nothing behind the gateway is safe. The Zero Trust model assumes breach and verifies each request as it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”
Every access request with tokens is fully authorized, and decrypted before granting access. Segmentation by multiple criteria and least-privilege access principles are applied to minimize lateral movement.
KrakenD assumes the following behaviors when serving an API:
- No endpoints exposed unless explicitly declared:
- No possible scan of the upstream services
- No Zombie APIs as all routes are typed. No possibility to leave unnoticed endpoints behind
- No header, query string, or cookie forwarding unless explictly declared which ones:
- Injections limited because only what is explicitly declared is the atack surface
- TLS defaults to TLS v1.3, the most secure, and rejects older versions
- OWASP recommendations applied risks mitigated, including but not limited to the Top 10:
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A10:2021-Server-Side Request Forgery