Prevent Unauthorized Access to Systems
Cyberattacks and other forms of unauthorized access pose a constant threat to IT systems. Fortunately, many tools are available to counter these threats and shield your infrastructure.
On this page:
Authenticate users and devices
Authentication is the process of verifying the identity of a user, device, or other entity before granting access to a system, application, or network.
Akana supports a wide range of authentication methods. Implement an appropriate method based on your organization’s requirements:
- Username and password authentication with policies for password enforcement. See User Administration, Managing User Accounts, and Why is Password Rotation Important?
- Authentication protocols such as OAuth 2.0 and OpenID Connect for secure token API authentication. See OAuth API: Overview and OpenID Connect Support.
- SAML single sign-on for identity management, allowing login across multiple services. See Overview of SAML.
- Multifactor authentication (MFA) for additional security, requiring users to provide more than one form of authentication. For details, see TwoFA Settings Object, Post /api/login, GET /api/businesses/{BusinessID}/twofasettings, User workflow: Implementing two-factor authentication, and How do I configure settings for two-factor authentication of users?
- Client certificate authentication (two-way SSL) for situations requiring a higher level of security between the client and server. See How to Implement 2-Way SSL Using Policy Manager.
- API key authentication and JSON Web Token-based authentication. See Tutorial: OAuth Setup for JWT Support and Using the API Consumer Application Security Policy.
Grant access and permissions
The process of granting access rights and permissions is designed to ensure that only authorized users, user groups, devices, and other entities can access a system, application, or network.
Akana supports several options for granting access and permissions. Consider your organization’s requirements and then implement the appropriate option:
- Akana provides Authorization (AuthZ) and RBAC for managing and controlling access to APIs and sensitive resources. See Using the Authorization Policy and Organization Security/Roles. With RBAC, you can set permissions to allow access only to users with specific roles.
- With policy-based authorization, you can enforce access rules based on roles or policies as described in Organization Policies.
- You can control access to the system by other means. See Policy Manager Service Rules and About QoS Policies.
Implement firewalls
Firewalls serve as a barrier between a trusted internal network and untrusted external networks, such as the internet. Firewalls filter incoming and outgoing traffic based on criteria such as IP addresses, ports, and protocols to protect a network or system from unauthorized access.
Deploy Akana behind a firewall. Use the following sample configurations as a starting point:
Implement logging
Logging can be implemented to gather operational and security data for a system, identify performance and security issues, and minimize the risk of data breaches. Log files can be encrypted, and access can be restricted to comply with data protection and privacy regulations.
Akana offers various logging and monitoring features through Policy Manager and Community Manager:
- With Policy Manager, you can manage alerts to monitor events, failures, and system activities; detect insecure traffic; and avert data exposures. See Monitoring Tabs: Alerts and Logs.
- Community Manager supports API monitoring. See API Monitoring.
- Both Policy Manager and Community Manager offer real-time and historical charts for monitoring.
- You can configure monitoring at an organizational level, service level, container level, or per contract.
- You can customize logging to help ensure that sensitive data is masked.