Content Delivery Network Security Best Practices

August 12, 2019 in Cyber Attacks, Firewalls

Despite what your lightning-fast Wi-Fi connection may indicate, the internet is not instantaneous. When someone visits your website, it takes time for content such as text, pictures, and videos to travel from the point of origin to wherever the website’s visitor is located. The further apart the two points are, the longer it takes for the content to be delivered.

Content delivery networks exist to expedite this process. Imagine your business is based in Boston and someone visits your website from San Francisco. If the content had to travel completely across the country, the website load time would be extremely long. CDNs improve this process by storing content on servers located throughout the country in data centers called “points of presence.”

The server located closest to the user (in this example, closest to San Francisco) is known as the “edge server.” Stored inside the edge server is a cached version of the website that contains the most recent content updates, such as the latest blog post or newest photos. Because the edge server is located much closer to the user than the source of origin, the content has less distance to travel and, therefore, can load at an accelerated pace.

CDNs have become standard tools for anyone with an active website because they preserve the user experience regardless of where users are located. Visitors don’t have to contend with long load times, even during traffic spikes. And website owners don’t have to worry about heavy traffic overloading the server of origin because the traffic is being distributed across multiple CDNs instead.

CDN Security Concerns

As with most digital tools, however, the rewards come with risks. Unlike firewalls, CDNs by themselves cannot block bad bots from infecting a website. CDN servers containing cached information can actually be hijacked and exploited in a variety of ways.

If a hacker gains access to cached information on a CDN that multiple businesses use, for example, the information of each business’s customers would become vulnerable. Cybercriminals could steal passwords, email addresses, and other sensitive information through the CDN.

Distributed denial-of-service attacks are another CDN security concern. A simulated test showed that 16 different CDNs were vulnerable to an exploit that caused servers to run the same command on repeat. Eventually, they became overloaded, taking the content offline.

How to Ensure CDN Security

Though CDNs come with security risks, they’re a necessary factor for any website owner who wants to bring in visitors from a distance and deliver a seamless user experience. That doesn’t mean websites need to be left vulnerable, however. There are steps you can take to ensure your CDN usage doesn’t compromise the security of your website.

1. Evaluate the CDN Carefully

There are multiple CDN providers on the market, and some are better than others. Carefully vet all your options before committing, and don’t be afraid to ask tough questions directly. You need to learn how often the data is cached and how often penetration testing is completed to ensure the server is secure. You should also explore what happens if your server fails. Are there failover security measures in place? Choosing the right provider can eliminate many CDN security concerns.

2. Use a Web Application Firewall

CDNs are vulnerable on their own, which is why you need to use a web application firewall in conjunction. A good consideration is a WAF that already has CDN capabilities built into its infrastructure. A WAF serves as a barrier between your content and the broader internet. The firewall blocks any traffic that exhibits red flags but seamlessly allows good website traffic. The benefits of using CDN servers increase significantly once those servers are secured.

3. Become Compatible With SSL Certificates

If you’re collecting information on your website or are processing credit card payments, you should have an SSL certificate in addition to a CDN. A CDN must be compatible with your SSL certificate to ensure the data being submitted on your website is still being encrypted as the traffic travels through the CDN. This essentially completes the encryption process from the CDN server to the user’s browser.

Slow and risky websites are equally unappealing to visitors. Anyone who wants to sustain and grow their traffic needs a CDN, but security should be the main consideration. Follow the steps above to equip your website to provide a user experience that’s just as secure as it is speedy.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security

Latest Articles
Follow SiteLock