Web Security 101: What on Earth is a CDN?

Web security is in the news pretty much every day. A hack here, a data breach there; It’s hard to understand why these things happen and what we, as individuals, can do to protect ourselves.

In our first Web Security 101 feature, we’re enlisting the help of our friends at SiteLock to explain some common security issues that come along with managing a website on this crazy little thing called the Internet. First up: What is a CDN?

Despite what your Wi-Fi connection may tell you, the internet is not an instantaneous thing. When a user visits your site, it takes time for the text, pictures, and videos to travel from the point of origin to wherever the visitor is located. The further apart the two points are, the longer it takes for it to be delivered.

Enter Content Delivery Networks (CDN). Imagine your business is based in Toronto and someone visits your site from Miami. If the content had to travel completely across the border, the website load time would be much too long. CDNs expedite this process by storing content on servers located throughout the world in data centers called “points of presence.”

The server that is located closest to the end user is known as the “edge server.” Stored inside the edge server is a cached version of the site that contains the most recent content updates, such as blog posts or photos. Because the edge server is located much closer to the user than the source of origin, the content has less distance to travel and can load at an accelerated pace.


Photo by NASA / Unsplash

CDNs have become standard tools for anyone with a website because they preserve the user experience regardless of where they are located. Users don’t have to contend with long load times, especially during traffic spikes. Further, site owners don’t have to worry about heavy traffic overloading the server of origin because the traffic is being distributed across multiple CDNs.

CDN Security Concerns

As with most digital tools, the rewards come with risks. Unlike firewalls, CDNs cannot block bad bots from infecting a website by themselves. CDN servers containing cached information can be hijacked and exploited in a number of ways.

If a hacker gains access to cached information on a CDN that multiple businesses use to deliver their content, the information of each business’s customers would become vulnerable. This means that passwords, email addresses, and other sensitive info could be exposed through the CDN.

Larger scale distributed denial-of-service (DDoS) attacks are another CDN security concern. A simulated test showed that 16 different CDNs were vulnerable to an exploit that caused servers to run the same command on repeat. They ended up becoming overloaded, taking the content offline.


Photo by Philipp Katzenberger / Unsplash

How to Ensure CDN Security

Though CDNs come with security risks, they’re important for any website owner who wants to bring in users from a distance and deliver a seamless experience. That doesn’t mean websites need to be left vulnerable, though. Here are steps you can take to ensure your CDN usage doesn’t compromise the security of your site.

1. Evaluate the CDN Carefully

With multiple CDN providers on the market, carefully vet all your options before committing. You need to understand how often the data is cached and how often testing is completed to ensure the server security. You should also investigate what happens if your server fails. Are there failover security measures in place? Choosing the right provider can eliminate most CDN security concerns.

2. Use a Web Application Firewall

CDNs are vulnerable on their own, which is why you need to use a web application firewall alongside it. A good option is a WAF (Web Application Firewall) - which serves as a barrier between your content and the internet - that already has CDN capabilities built into its infrastructure. The firewall blocks any traffic that shows red flags but seamlessly allows good site traffic in. The benefits of using a CDN increases significantly with a WAF protecting incoming traffic from potentially exploiting the CDN servers.

3. Become Compatible with SSL Certificates

If you’re collecting info on your site or are processing credit card payments, you should have an SSL certificate. Sites that are protected by an SSL certificate must have a CDN that has SSL compatibility allowing the data to be encrypted as it travels from the website to the server. This also ensures the encryption completes the process from the CDN server to the end user’s browser.

Slow websites are unappealing to visitors. Anyone who wants to sustain and grow their traffic needs a CDN, but security should be a top consideration. Follow the steps above to ensure that your site provides a user experience that’s just as secure as it is speedy.

Get access to a CDN that has full SSL support and a WAF built-in by signing up for Rebel Web Security, powered by SiteLock. Get protected now.