Security in Distributed Systems 🛡️💻

In modern system design, security is a critical non-functional requirement. A system's reliability and user trust depend entirely on its ability to protect data and functionality from malicious actors.

🌍

References & Disclaimer

This content is adapted from Mastering System Design from Basics to Cracking Interviews (Udemy). It has been curated and organized for educational purposes on this portfolio. No copyright infringement is intended.

🛑 Why Security Matters

Security is not just an add-on; it's foundational to the integrity of any large-scale system.

User Trust: A single breach can destroy years of brand reputation.
Data Protection: Legal and ethical obligations to protect sensitive user info (PII).
System Reliability: Security attacks like DDoS can directly cause total system failure.

Real-World Data Breaches:

Equifax (2017): 147 million individuals affected due to an unpatched server.
Yahoo! (2013): Approximately 3 billion user accounts compromised.
Target (2013): 40 million credit card records stolen via a third-party vendor.

🌐 Security in Distributed Systems

Distributed systems are inherently more vulnerable because they have more "entry points" and complex inter-service communications.

Key Security Considerations:

Data in Transit & At Rest: Ensuring data is encrypted everywhere it goes.
Authentication (AuthN): Verifying who is accessing the system.
Authorization (AuthZ): Verifying what they are allowed to do.
Secure APIs: Protecting endpoints from exploitation.
Network Protection: Hardening the boundaries between services.

📐 The CIA Triad: Core of System Security

The CIA triad is the industry-standard model for designing secure systems.

1. Confidentiality

Preventing unauthorized access to information. Only authorized users or systems should be able to view sensitive data.

Mechanism: Encryption, Access Control Lists (ACLs).

2. Integrity

Ensuring that data is not tampered with or altered by unauthorized parties.

Mechanism: Digital signatures, Hashing (SHA-256), Versioning.

3. Availability

Ensuring that the system and its data are accessible to authorized users when needed.

Mechanism: Redundancy, DDoS protection, Load Balancing.

🏹 Threat Modeling: Understanding Your Adversary

Threat modeling involves identifying potential threats early in the design phase so you can build defenses into the architecture.

The STRIDE Model

Developed by Microsoft, STRIDE helps teams categorize different types of security threats:

Threat	Security Property	Definition
Spoofing	Authenticity	Pretending to be someone or something else.
Tampering	Integrity	Modifying data or code without authorization.
Repudiation	Non-repudiability	Denying that an action was performed.
Info Disclosure	Confidentiality	Exposing private data to unauthorized parties.
Denial of Service	Availability	Disrupting access to services for legitimate users.
Elevation of Privilege	Authorization	Gaining higher access levels than permitted.

🦠 Common Attack Vectors & Defense

1. DDoS (Distributed Denial of Service)

Flooding a system with traffic to disrupt service availability.

Defense: Rate limiting, WAF (Web Application Firewall), Traffic scrubbing (e.g., Cloudflare).

2. Man-in-the-Middle (MITM)

An attacker intercepts communication between two parties.

Defense: HTTPS (TLS), Certificate Pinning, VPNs.

3. Injection Attacks (e.g., SQL Injection)

Injecting malicious code or queries into an application's inputs.

Defense: Input validation, Parameterized queries, ORM usage.

4. Spoofing Attacks

Impersonating another user or system (e.g., DNS or IP spoofing).

Defense: Multi-factor authentication (MFA), Token-based auth (JWT), IP Whitelisting.

🔄 Security in the SDLC (Shift Left)

Modern security is embedded into every stage of the Software Development Lifecycle (SDLC), a practice known as Shift Left.

Requirements

Perform Threat Modeling to define potential attackers and assets to protect.

Design

Incorporate Secure Architecture patterns (e.g., Zero Trust, VPCs).

Development

Use Secure Coding standards and perform static analysis (SAST).

Testing

Run Security Tests, Fuzzing, and dynamic analysis (DAST).

Deployment

Implement Secrets Management (e.g., HashiCorp Vault) and secure CI/CD.

Maintenance

Continuous Patch Management and vulnerability scanning.

🏆 Best Practices

Adopt Security by Design: Build security into the foundation, don't patch it on later.
Encrypt Everything: Use TLS for data in transit and AES for data at rest.
Harden Infrastructure: Use Firewalls, VPCs, and disable unused ports.
Validate All Inputs: Never trust data coming from a client or external service.
Principle of Least Privilege: Grant users only the minimum access they need for their job.
Monitor and Log: Track all activity to detect and respond to incidents in real-time.

Interview Questions – Security Focused 💡

1. How would you design a secure authentication system for a distributed application?

Answer:

Protocol: Use OAuth 2.0 / OpenID Connect for identity federation.
Tokens: Issue JWT access tokens (~15 min expiry) and refresh tokens (secure storage, short TTL).
Security Layers: Enforce HTTPS, use stateless validation (RS256/HMAC), and store tokens in encrypted HTTP-only cookies.
Mitigation: Implement MFA, periodic secret rotation, and rate-limiting on login attempts.

2. Explain how the CIA triad applies to system design.

Answer:

Confidentiality: Protect data from unauthorized eyes (HTTPS, KMS Encryption, IAM).
Integrity: Ensure data isn't tampered with (HMACs, Digital Signatures, Input Validation).
Availability: Keep services online during attacks (Load Balancing, Autoscaling, WAF).
Tip: Always balance trade-offs. For example, excessive security might impact availability or user experience.

3. What are common security threats in a microservices architecture?

Answer:

Threats: Unauthorized inter-service calls, data leakage over internal APIs, spoofing.
Mitigation: Use mTLS for service-to-service auth, implement a Zero-Trust model (authenticate every call), and centralize logging/monitoring via an API Gateway.

4. How would you protect your system from a DDoS attack?

Answer:

Edge Protection: Rate limiting and WAF (Cloudflare/AWS Shield) to block malicious patterns.
Infrastructure: Use Global Load Balancers and Auto-scaling (Kubernetes HPA) to absorb traffic spikes.
Detection: Monitor for sudden spikes in request volume or latency.

5. What role does TLS/HTTPS play in system security?

Answer:

Ensures confidentiality (encryption) and integrity (tampering detection).
Authenticates the server identity via certificates.
Best Practice: Use automated cert rotation (Let's Encrypt), enforce HSTS, and disable legacy protocols like TLS 1.0/1.1.

6. How can you ensure secure data storage in a cloud-based system?

Answer:

Encryption: Use KMS-managed keys for data at rest.
Access: Follow the Principle of Least Privilege using RBAC and IAM.
Secrets: Use dedicated vaults (AWS Secrets Manager, HashiCorp Vault).
Auditing: Keep trails of who accessed what and when.

7. What is threat modeling and how would you incorporate it?

Answer: It's the process of identifying assets, threat actors, and attack vectors (using models like STRIDE).

Integration: Conduct during the design phase of the SDLC.
Iteration: Re-evaluate with every major architectural change.

Summary: Security is a multi-layered discipline. By applying the CIA triad, using models like STRIDE, and shifting security left into the SDLC, we can build distributed systems that are not just scalable, but resilient against an ever-evolving threat landscape.

Disaster Recovery Authentication & Authorization