Member-only story
Introduction
In this post, I will summarize at an overview level how Istio guarantees the security of inter-service communication and how it guarantees it.
What we exactly want to secure in inter-service communication and the conventional security model ?
What we want to secure as inter-service communication is
to control the access source that communicates and protect it from attacks such as eavesdropping, spoofing, and falsification.
in short:
- Defense against man in the middle attacks
- Access control
Is listed as a security requirement. As a conventional security model, these have been secured by constructing a private network and restricting access sources on an IP basis
What approach did Istio take?
In today’s container-based systems, IP addresses change frequently and dynamically, so this approach breaks down. Therefore, Isito decided to define an ID for each workload and perform access control based on the ID. What kind of approach is it specifically?
