CDN service in use
What has been found
A Content Delivery Network (CDN) service is in use. CDNs provide strong protection against Distributed Denial of Service (DDoS) attacks and frequently include built-in web application firewall (WAF) capabilities that mitigate common web-based threats. Their use demonstrates proactive adoption of layered defence and resilience best practices.
Why this strengthens security
Content Delivery Networks enhance both the performance and security of online services by distributing traffic across multiple nodes and shielding origin servers from direct exposure. Properly configured, they block common attack types such as SQL injection, cross-site scripting (XSS), and protocol abuse. CDNs also reduce the attack surface by absorbing malicious traffic before it reaches the internal infrastructure, increasing overall resilience against availability and data integrity threats.
Potential improvements
-
Review CDN configuration: Ensure the CDN is correctly integrated with your origin servers and that caching, rate limiting, and firewall rules align with your security policy.
-
Restrict origin access: Verify that origin servers are accessible only through the CDN and cannot be reached directly from the internet.
-
Enable WAF capabilities: Activate and maintain WAF features to block common exploits and tailor rulesets to your application context.
-
Monitor CDN telemetry: Continuously review CDN logs, analytics, and alerts for indicators of abuse or emerging threats.
-
Enforce encryption: Ensure HTTPS/TLS is used for all communication between clients, the CDN, and the origin infrastructure to preserve data confidentiality and integrity.
How to verify ongoing effectiveness:
-
Conduct scans to verify that the origin server is only accessible via the CDN and not exposed directly.
-
Confirm WAF is active and properly tuned to block threats without disrupting legitimate traffic.
-
Monitor logs for signs of unusual activity or potential attacks.