URS REST API Security Considerations and Basic Hardening Steps
In addition to the information provided in the Security section, on page number 59 of the Universal Routing 8.1 Deployment Guide, the following recommendation is to be considered for the REST API.
It is possible that through the REST API provided by URS, sensitive data stored in strategies processing interactions might be accessed, and URS forced to perform resource-consuming activities (DoS attack).
Major security vulnerabilities of the RESTful API implementation are:
- No ability to provision HTTP responses with security headers of any kind.
- No firewall features of any kind (port filtering, etc.).
Given the above, securing access to the URS web API is important.
Hardening Steps for URS REST API
You can perform the following steps to harden the URS REST API (that is, secure the URS REST API by reducing its surface of vulnerability):
- Provision TLS/SSL transport-level security for communications via HTTP and SOAP ports. This is configured in the Server Info tab of the router application as described in the Genesys Security Deployment Guide.
- Configure the firewall to allow connections to URS ports only from 100% trusted zones with no exceptions. This is very important because, access to the URS HTTP port means access to all features of the URS REST API.