Cyber Security

Definition

A mechanism used in software systems to control the number of requests or actions a client can make to a server or API within a specified time window. It ensures system stability, prevents abuse, and ensures fair resource distribution.

Advantages

• Prevents Overloading

• Improves Security DDoS and prevents injection retrials

• Ensure fair Usage

• Protects Backend Services

• Prevent Brute Force Attacks

• Prevent Web Scraping & Data Harvesting

• Prevent Account Takeover (ATO)

Implementation Strategies

• Token Bucket Algorithm: Allows a fixed number of tokens (requests) per time period.

• Leaky Bucket Algorithm: Processes requests at a constant rate regardless of bursts, ensuring smooth traffic flow.

• Fixed Window: Limits requests within a fixed time window (e.g., 100 requests per minute).

• Sliding Window: Maintains a rolling time window for request counting, offering better accuracy than fixed windows.

• Quota-Based Limits: Allocates a set number of requests per day, week, or month.

• IP-Based Rate Limiting: Limits requests based on the user's IP address.

• User-Specific Limits: Sets personalized limits based on user accounts or API keys.

A reverse proxy is a server that sits between clients and backend servers. It accepts client requests, forwards them to one or more backend servers, and then returns the server’s response to the client — all while hiding the identity and structure of the backend servers.

How it enhances security

• Hides backend infrastructure — attackers see only the reverse proxy’s IP and not the real servers.

• Acts as a gatekeeper — can filter, block, or sanitize malicious traffic before it reaches the backend.

• DDoS mitigation — absorbs or limits excessive requests.

• TLS/SSL termination — ensures secure encrypted connections and relieves backend servers from handling encryption.

• Integrates with WAFs & IDS/IPS — to detect and block known attacks like SQL injection, XSS, etc.

• Rate limiting & access control — to prevent abuse and unauthorized access.

NATting = Network Address Translation — a networking process where a router or firewall modifies IP addresses in packet headers as traffic passes between networks.

Purpose:

• IP conservation: Multiple private IPs share a single public IP.

• Security: Hides internal IP structure from the internet.

• Routing flexibility: Allows internal address changes without affecting external communication.
  
  

Types:

1. Static NAT – 1-to-1 mapping between a private IP and a public IP.
   
   

2. Dynamic NAT – Private IPs mapped to available public IPs from a pool.
   
   

3. PAT (Port Address Translation) / Overloading – Many private IPs share a single public IP using different port numbers.
   
   

Example:
Your laptop (192.168.1.10) sends a request to Google → router changes it to public IP (e.g., 203.0.113.5) → Google replies → router maps it back to your laptop.

how it can route to internal multiple different IPs

It routes to multiple internal IPs using PAT (Port Address Translation) or port-forwarding rules.

How it works:

• NAT device keeps a translation table mapping:
  (Public IP, Port) → (Internal IP, Port)
  
  

• When packets arrive from the internet, the router checks the destination port and forwards them to the correct internal IP.
  
  

Example:
Public IP: 203.0.113.5

• Internal Mapping for public ports:

80 192.168.1.10:80    Web Server 1

8080 192.168.1.20:80 Web Server 2

22 192.168.1.30:22 SSH Server

Like ZenMap & NMap

Tradditional Vs Next generation

Full inspection approach

FWAAS: Firewall as a service