From 495ac3d04ef271286d23200d51319eabea96dac2 Mon Sep 17 00:00:00 2001 From: jsalowey Date: Sun, 25 Feb 2024 20:16:15 -0800 Subject: [PATCH] Update draft-salowey-wimse-arch.md modified based on Yaroslav's --- draft-salowey-wimse-arch.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-salowey-wimse-arch.md b/draft-salowey-wimse-arch.md index 1c62e96..b483708 100644 --- a/draft-salowey-wimse-arch.md +++ b/draft-salowey-wimse-arch.md @@ -65,11 +65,11 @@ TODO Introduction ### Traffic Interception -Workloads communicating within an an applications may face different threats to traffic interception in different deployments. In many deployments security controls are deployed for internal communications at lower layers to reduce the risk of traffic observation and modification for network communications. When a security layer such as TLS is deployed in these environments the protection is usually hop-by-hop rather than end-to-end. Where TLS or other protection mechanisms terminate, information is left in the clear and information may be disclosed or modified. +Workloads communicating within an an applications may face different threats to traffic interception in different deployments. In many deployments security controls are deployed for internal communications at lower layers to reduce the risk of traffic observation and modification for network communications. When a security layer such as TLS is deployed in these environments TLS may be termiated in various places including the workload itself and in various middleware devices such as load balancers, gateways, proxies, and firewalls. Therefore protection is provided only between each adjacent pair of TLS endpoints. There are no guarantees of confidentiality, integrity and correct identity passthrough in those middleware devices and services. ### Information Disclosure -Observation and interception of network traffic is not the only means of disclosure in these systems. Other vectors of information leakage is through disclosure in log files and other observability and troubleshooting mechanisms. For example, an application may log the contents of HTTP headers containing JWT bearer tokens. The information in this logs may be made available to other systems with less stringent access controls which may result in this token falling into an attackers hands who then uses it to compromise a system. +Observation and interception of network traffic is not the only means of disclosure in these systems. Other vectors of information leakage is through disclosure in log files and other observability and troubleshooting mechanisms. For example, an application may log the contents of HTTP headers containing JWT bearer tokens. The information in this logs may be made available to other systems with less stringent access controls which may result in this token falling into an attackers hands who then uses it to compromise a system. This creates privacy risks and potential surface for reconnaissance attacks. If observed tokens can be reused, this also may allow attackers to impersonate workloads. ### Workload Compromise