Layer7 API Management

Hi All,

We have a requirement to configure service that should only accessible through hostname and port. This is a requirement from the internal business unit. I am aware that any external clients accessing our API's though gateway should only be given access to either 8443 and 443 or secured custom port. So i would like to know what is recommended from Layer7 API gateway guidelines to give this kind of access internally. Is there any security risk involved in doing so?


------------------------------
Regards,
Arjun
Layer7 Consultant
------------------------------

I would recommend creating a dedicated listen port for that service and link that listen port to that service so it's the only one it can resolve. There is no security risk that I can think of, but that doesn't mean one doesn't exist that neither of us would be considering. Your security team should probably vet the change request and so that they can be sure it all works securely if you are concerned about security risks.
Original Message:
Sent: 07-04-2019 07:39 AM
From: Arjun Pilli
Subject: Security Risk in using custom port to bypass service resolution

Hi All,

We have a requirement to configure service that should only accessible through hostname and port. This is a requirement from the internal business unit. I am aware that any external clients accessing our API's though gateway should only be given access to either 8443 and 443 or secured custom port. So i would like to know what is recommended from Layer7 API gateway guidelines to give this kind of access internally. Is there any security risk involved in doing so?


------------------------------
Regards,
Arjun
Layer7 Consultant
------------------------------