This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Securing Apigee Edge itself

Posted on 05-29-2019 07:28 PM
nathanaw
New Member
Reply posted on --/--/---- --:-- AM

Building Secure APIs are important but Securing Apigee Edge itself is equally important. There are access tokens, private keys in Apigee.

If the gateway itself is compromised, all else is irrelevant.

Other than regular patch updates and reducing attack surface (such as ports), what are other ways to secure the gateway from an end to end perspective?

What kind of hardening could one further do?

Thank you.

Nathan Aw (Singapore)

0 1 179
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cjking
Staff
Reply posted on --/--/---- --:-- AM

Some other hardening options you might like to consider:

* Change default passwords:

https://docs.apigee.com/private-cloud/v4.19.01/resetting-passwords

* Configure Apigee to authenticate with a SAML provider that supports/requires multi-factor auth:

https://docs.apigee.com/private-cloud/v4.19.01/installation-and-configuration-saml-edge?hl=en

* Enable TLS for the Web UI & Management API

https://docs.apigee.com/private-cloud/v4.19.01/configuring-ssl-edge-premises?hl=en

* Ingest Management logs into your SIEM

0 Likes