For servers that are not internet facing, do they need to be authenticated to each other and should their communication be over HTTPS? [duplicate]

Question

My gut instinct is that best practice would be to ensure that all internal servers communicate over HTTPS and that all servers are authenticated to each other.

That would indeed be dream case scenario.

However, I'm trying to consider if it is ever acceptable for an internal server to communicate, via HTTP, to another internal server without needing to authenticate to that server.

The risk is surely that someone malicious in the network could reek havoc by not only being able to read all traffic between those servers but by replacing the receiving server with one that is under their control.

Any comment on this would be greatly appreciated.

If someone is able to replace one of your servers with another one, you have problems that HTTPS would be unable to solve... — ThoriumBR, Commented Nov 7, 2018 at 13:44

DarkMatter · Accepted Answer · 2018-11-07 14:58:50Z

0

It is easy enough to encrypt traffic and setup/maintain valid internal certificates that I the pros are well worth the effort. Encrypt your internal traffic.

answered Nov 7, 2018 at 14:58

DarkMatter

2,6912 gold badges7 silver badges23 bronze badges

Add a comment |

Stack Exchange Network

For servers that are not internet facing, do they need to be authenticated to each other and should their communication be over HTTPS? [duplicate]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
network
http
server
.

Linked

Hot Network Questions

For servers that are not internet facing, do they need to be authenticated to each other and should their communication be over HTTPS? [duplicate]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged networkhttpserver.

Linked

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
network
http
server
.