nginx

How NGINX App Protect Denial of Service Adapts to the Evolving Attack Landscape As we move more and more aspects of our daily lives online, cyberattackers are keeping pace in their efforts to degrade the level of service provided by the apps we rely on. Their motivations are numerous, ranging from revenge to influencing the stock price of affected companies to creating a smokescreen that distracts security teams from data breaches. In a previous blog, we describe how in the past security teams had to continually develop new defenses against volumetric denial-of-service (DoS) and distributed DoS (DDoS) attacks at the network and transport levels (Layers 3 and 4), which exhaust servers’ available bandwidth by flooding them with TCP/UDP connection requests. Now attackers have added a new tool to their arsenal – DoS and DDoS attacks that use HTTP requests or API calls [ more… ]

NGINX App Protect Denial of Service Blocks Application-Level DoS Attacks While digital transformation is accelerating business potential, unfortunately it’s also broadening the threat landscape. As security teams are occupied adjusting to increasing scope and responsibility, attackers are taking advantage, becoming more sophisticated than ever in the ways they abuse applications for financial gain. Compared to traditional denial-of-service (DoS) attacks at the network level, application‑level (Layer 7) DoS attacks are rising sharply, in large part because they can bypass traditional defenses that are not designed for modern application architectures. From the viewpoint of attackers, Layer 7 DoS attacks have two valuable features: they require very few resources to create significant disruption, and they are difficult to detect. Generated using sophisticated tools and precisely targeted requests, such attacks disrupt application servers and APIs by making them unable to process legitimate requests. When a server [ more… ]

Easier Deployment and Upgrade of NGINX Service Mesh Service meshes are rapidly becoming a critical component for the cloud native stack, especially for users of the Kubernetes platform. A service mesh provides critical observability, security, and traffic control so that your Kubernetes apps don’t need to implement these features, which frees developers to focus on business logic. NGINX Service Mesh is our fully integrated service mesh platform. It provides all the advantages of a service mesh while leveraging a data plane powered by NGINX Plus to enable key features like mTLS, traffic management, and high availability. NGINX Service Mesh Release 1.1.0 introduces three key enhancements that make it easier to deploy and manage our production‑ready service mesh in Kubernetes: Helm support, air‑gap installation, and in‑place upgrades. Helm Support NGINX Service Mesh includes the nginx-meshctl CLI tool for fully scriptable installation, upgrade, and [ more… ]

How to Simplify Kubernetes Ingress and Egress Traffic Management One of the ways a service mesh can actually make it more complicated to manage a Kubernetes environment is when it must be configured separately from the Ingress controller. Separate configurations aren’t just time‑consuming, either. They increase the probability of configuration errors that can prevent proper traffic routing and even lead to security vulnerabilities (like bad actors gaining access to restricted apps) and poor experiences (like customers not being able to access apps they’re authorized for). Beyond the time it takes to perform separate configurations, you end up spending more time troubleshooting errors. You can avoid these problems – and save time – by integrating NGINX Plus Ingress Controller with NGINX Service Mesh to control both ingress and egress mTLS traffic. In this video demo, we cover the complete steps. Supporting documentation is referenced [ more… ]