Remote Management Via API
- An appliance that can be automated via scripting exposes an application programming interface (API)
- is the means by which external entities interact with the appliance
- calling it with expected parameters and receiving the expected output
- is the means by which external entities interact with the appliance
Example
Google’s firewall service
- is a virtual firewall
- can be deployed and configured using either:
- CSP’s web console
- programmatically via a CLI or API
- to add firewall rule via API:
- dev creates JSON formatted request with appropriate rule syntax
- posts it to the firewall API endpoint
- most APIs are exposed to remote access connections
- failure of credential management can be exploited by threat actors
- use strong authentication policies:
- Do not use the root user account for any day-to-day logon activity or automation
- Configure specific accounts for automation
- allocated with least privileges only
- Configure specific accounts for automation
- Principals are enabled for programmatic access by assigning a secret key to the account
- Only the secret key can be used for programmatic access
- when a secret key is generated
- must immediately be transferred to the host and kept securely on the host
- Only use secure protocols for API communications
- Configure mutual authentication and access controls
- Do not use the root user account for any day-to-day logon activity or automation