Network security
Earlier in this chapter, we discussed how TLS works and how it prevents eavesdropping on network communications. However, there are other malicious attacks that do not require infiltrating the authentication and authorization processes.
For example, distributed denial of service (DDoS) is a type of cyberattack in which a system is overwhelmed by multiple source systems, usually as bots and automated scripts, so that legitimate users cannot access the system. Attacks generative massive volume of traffic to saturate and exhaust the system’s resources, such as CPU, memory, and network.
The following are the key strategies to protect the system from these network-level attacks.
Web application firewalls (WAFs)
A web application firewall (WAF) is a security solution specialized in protecting systems on the internet. A WAF can run in the cloud, in a data center, or a mixture of both, as a front-runner before traffic from the internet reaches deeper inside...
