Zero Trust with Reverse Proxy

GCP Comics #8 Security with reverse proxy

A reverse proxy stands in front of your data, services, or virtual machines, catching requests from anywhere in the world and carefully checking each one to see if it is allowed.

In order to decide (yes or no) the proxy will look at who and what.

  • Who are you (the individual making the request)? Do you have access permission (authorization)?
  • What are you using to make the request? How healthy is your device right now? What location are you at? At what time are you making the request?

This issue of GCP Comics presents an example of accessing some rather confidential data from an airplane, and uses that airplane as a metaphor to explain what the proxy is doing.

Zero Trust with Reverse Proxy

Reverse proxies work as part of the load balancing step when requests are made to web apps or services, and they can be thought of as another element of the network infrastructure that helps route requests to the right place. If the request is invalid, either because it is from an unauthorized person or an unsafe device, then the proxy may deny the request.

Why might the proxy say no to my request?

  • I’m in Engineering, but I am trying to access Finance data.
  • I’m not even a part of the company.
  • My job changed, and I lost access.

Looking at the device originating the request, the proxy could deny access due to:

  • Device operating system out of date
  • Malware detected
  • Device hasn’t checked in recently
  • Local software agents are not working properly
  • Disk encryption missing
  • Device doesn’t have screen lock

Resources

For more on proxies and Zero Trust, check out the following resources:

Want more GCP Comics? Visit gcpcomics.com & follow us on medium pvergadia & max-saltonstall, and on Twitter at @pvergadia and @maxsaltonstall and to not miss the next issue!

--

--

--

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Recommended from Medium

Epic Women in Cyber — Dr. Wendy Ng

Authorization in Action - A Deeper Look at AuthZ and Access Tokens

What’s the Fastest Crypto Hash Around, and Can I Generate An Encryption Key and a MAC?

The GDPR and how the U.S. can (is) learn(ing) from it

HTB —Mango Machine

HOW TO PATICIPATE IN THE PARROT TOKEN SALES

Rju Tsq Sz Koxjuhm: The Multiplication Cipher

{UPDATE} Guess TV Show Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Priyanka Vergadia

Priyanka Vergadia

Developer Advocate @Google, Artist & Traveler! Twitter @pvergadia

More from Medium

MongoDB Atlas in Google Cloud accessed by Private Service Connect

Understanding Google Cloud IAM concepts with stick figures

VPN with Overlapping Networks on GCP using Aviatrix

Automate GKE deployments using Cloud Build and Cloud Deploy