What are security best practices to determine if WAF should redirect Internet traffic to cloud network as encrypted or unencrypted ?
Asked
Active
Viewed 150 times
1 Answers
0
Best practice is to encrypt all traffic - especially if it touches any network equipment you do not entirely control.
If the WAF is on a different LAN to the server network why would you not encrypt it? If your servers accept unencrypted traffic it to a large extent makes the WAF redundant - a malicious actor could just send the traffic direct.
There have even been instances of security agencies accessing traffic within internal communications. Google now trust absolutely nothing.
Hector
- 10,953
- 4
- 43
- 45