CCC Load Balancer Capabilities
Load balancing services distribute incoming network traffic across multiple instances or servers to ensure high availability, scalability, and reliability of applications.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.LB.F01 | Static Load Balancing | Employ load balancing algorithms that follow fixed rules, independent of the current server state. | 0 |
| CCC.LB.F02 | Dynamic Load Balancing | Employ load balancing algorithms that consider the current state of servers before distributing traffic. Load balancer adjusts traffic distribution in real-time based on the current server health, resource utilization, and traffic conditions. | 1 |
| CCC.LB.F03 | Layer 7 Routing | Providing distribution of incoming traffic based on the application layer or layer 7 (on ISO model) information. Some of the supported protocols on layer 7 are HTTP, HTTPS, HTTP/2, gRPC, and WebSockets. | 0 |
| CCC.LB.F04 | Layer 4 Routing | Providing distribution of incoming traffic based on the transport layer or layer 4 (on ISO model) information. It uses the combination of IP addresses and TCP/UDP port to distribute incoming traffic rather than inspecting the actual content of the packets. | 0 |
| CCC.LB.F05 | URL-Based Routing | Direct incoming requests to different backend resources based on the content of the request URL. | 0 |
| CCC.LB.F06 | HTTP Header-Based Routing | Direct incoming requests to different backend resources based on the values of HTTP headers. | 0 |
| CCC.LB.F07 | WebSocket Support | Ability to support web socket communication. | 0 |
| CCC.LB.F08 | Dual-stack Load Balancing | Ability to support traffic originated from both IPv4 and IPv6. | 0 |
| CCC.LB.F09 | Load Balancer Autoscaling | Ability for the load balancer to dynamically adjust its capacity in response to fluctuations in incoming traffic. | 0 |
| CCC.LB.F10 | Target Autoscaling | Ability for the load balancer to trigger scaling actions of the backend instances (targets) to handle fluctuations in incoming traffic. | 0 |
| CCC.LB.F11 | SSL/TLS Termination | Process of decrypting SSL or TLS encrypted traffic at the load balancer level rather than at the backend servers. This allows the load balancer to offload the decryption task from the backend servers. | 1 |
| CCC.LB.F12 | Target Health Checks | Ability to continuously perform health checks on backend backend targets in form of checking the response to HTTP request, TCP connection or checking other application-specific parameter | 1 |
| CCC.LB.F13 | Health Checks-based Target Removal | If the health check detects that a backend target is unhealthy the load balancer will remove that unhealthy target from its list of available backend instances. This ensures that traffic is no longer routed to the unhealthy target. | 1 |
| CCC.LB.F14 | Retries | Ability to retry delivery of failed requests to targets. The conditions under which the load balancer retries, how long to wait before retrying, and the maximum number of retries permitted are configurable. | 0 |
| CCC.LB.F15 | Session Affinity | Can configure subsequent requests from an initial client to be passed to the same target. | 1 |
| CCC.LB.F16 | URL Redirects | Redirect incoming traffic to a different URL or location. | 0 |
| CCC.LB.F17 | URL Rewrites | Rewrite URL paths before forwarding them to backend services. | 0 |
| CCC.LB.F18 | Custom Response | Ability to configure specific HTTP responses to be returned by the load balancer under defined conditions. | 0 |
| CCC.LB.F19 | Request and Response Header Transformations | Ability to modify HTTP headers of both incoming requests and outgoing responses. | 1 |
| CCC.LB.F20 | Traffic Splitting / Weighted Routing | Can distribute incoming traffic across multiple backend resources based on predefined weights or percentages (e.g., for canary deployments, A/B testing, blue-green deployments, or gradual traffic migrations). | 1 |
| CCC.LB.F21 | Traffic Mirroring | Can duplicate incoming network traffic and send it to a secondary destination for monitoring, analysis, or testing purposes. | 0 |
| CCC.LB.F22 | Rate Limiting / Throttling | Ability to limit the number of requests per second per client. This ensures that no single client or user overloads the backend servers, distributing requests fairly across multiple instances. | 1 |
| CCC.LB.F23 | Firewall Integration | Ability to seamlessly integrate with firewall services to ensure only legitimate and secure traffic reaches backend servers, blocking malicious requests. | 0 |
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. | 2 |
| CCC.Core.F04 | Transaction Rate Limits | The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit. | 2 |
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.F08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. | 0 |
| CCC.Core.F09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 2 |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. | 2 |
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. | 1 |
| CCC.Core.F15 | Cost Management | The service monitors data published by child or networked resources to infer usage patterns and generate cost reports for the service. | 0 |
| CCC.Core.F16 | Budgeting | The service may be configured to take a user-specified action when a spending threshold is met or exceeded on a child or networked resource. | 1 |
| CCC.Core.F17 | Alerting | The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource. | 0 |
| CCC.Core.F19 | Resource Scaling | The service may be configured to scale child resources automatically or on-demand. | 1 |
| CCC.Core.F20 | Resource Tagging | The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried. | 0 |
| CCC.Core.F22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. | 0 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.LB.TH01 | Unrestricted Request Traffic Overwhelms Downstream Services | Absence of filtering or rate limiting permits malicious traffic to overload downstream services and facilitates brute-force activity. | 1 | 2 | 0 |
| CCC.LB.TH03 | Traffic Distribution Is Manipulated | Adjusting distribution policies can concentrate traffic on specific nodes causing DoS or redirect flows through unwanted paths. | 1 | 1 | 0 |
| CCC.LB.TH04 | Session Persistence Is Exploited | Improper session-affinity settings can enable session fixation or hijacking across backend targets. | 1 | 1 | 0 |
| CCC.LB.TH05 | Health Checks Are Exploited to Take Services Offline | Manipulating health-check endpoints or responses can cause healthy targets to be marked unavailable, leading to denial of service. | 1 | 1 | 0 |
| CCC.LB.TH06 | Sensitive Metadata Exposure via HTTP Headers | Response headers may reveal software versions, internal IPs, or other metadata useful for reconnaissance. | 1 | 1 | 0 |
| CCC.LB.TH07 | TLS Certificates Are Expired or Invalid | Stale or untrusted certificates weaken encrypted-traffic protection. | 1 | 1 | 0 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 4 |
| CCC.Core.TH02 | Data is Intercepted in Transit | Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data. | 1 | 1 | 1 |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. | 1 | 1 | 0 |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. | 1 | 1 | 0 |
| CCC.Core.TH12 | Resource Constraints are Exhausted | Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources. | 1 | 1 | 0 |
| CCC.Core.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes may be used to gather details about service and child resource elements such as APIs, file systems, or directories. This information can reveal vulnerabilities, misconfigurations, and the network topology, which can be used to plan an attack against the system, the service, or its child resources. | 1 | 1 | 0 |
| CCC.Core.TH16 | Publications are Disabled | Publication of events, metrics, and runtime logs may be disabled, leading to a lack of expected security and operational information being shared. This can impact system availability by delaying the detection of incidents while also impacting system design decisions and enforcement of operational thresholds, such as autoscaling or cost management. | 1 | 1 | 0 |
| CCC.Core.TH17 | Responses are Generated for Unauthorized Requests | The service may generate responses to requests from unauthorized entities. This could lead to the exposure of system details, which may be used to plan an attack against the service, system, or network. Additionally, allocating resources to service the request could lead to a denial of service for legitimate users, leading to a loss of availability anywhere in the system. | 1 | 1 | 0 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.LB.C01 | Enforce and Detect Rate Limiting | Detect and throttle malicious or excessive requests to prevent downstream resource exhaustion and brute-force activity. | Logging & Monitoring | 2 | 6 | 2 |
| CCC.LB.C06 | Secure Health-Check Telemetry | Monitor health-check endpoints for tampering and alert on abnormal status changes. | Logging & Monitoring | 1 | 2 | 1 |
| CCC.Core.C04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 5 | 3 |
| CCC.LB.C04 | Enforce Distribution Policies | Ensure traffic-splitting weights and algorithms are modified only by trusted identities. | Identity and Access Management | 1 | 2 | 1 |
| CCC.LB.C05 | Validate Session Affinity | Configure session persistence to minimise fixation and hijacking risks. | Identity and Access Management | 1 | 2 | 1 |
| CCC.LB.C09 | Restrict Management API Access | Limit load-balancer API calls to authorised identities and trusted networks. | Identity and Access Management | 1 | 2 | 1 |
| CCC.Core.C03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. | Identity and Access Management | 1 | 6 | 4 |
| CCC.Core.C05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 8 | 6 |
| CCC.LB.C02 | Auto-Scale Load Balancer Capacity | Expand load-balancer capacity to maintain availability during traffic spikes. | Data | 1 | 2 | 1 |
| CCC.LB.C07 | Scrub Sensitive Headers | Remove headers that disclose internal details or software versions from HTTP responses. | Data | 1 | 2 | 1 |
| CCC.Core.C01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. | Data | 1 | 8 | 5 |
| CCC.Core.C02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. | Data | 1 | 7 | 1 |
| CCC.Core.C06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 2 |
| CCC.Core.C10 | Restrict Data Replication to Trust Perimeter | Ensure that data is only replicated on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 1 |
| CCC.LB.C08 | Automate Certificate Renewal | Maintain valid TLS certificates by automating renewal and deployment before expiry. | Encryption | 1 | 2 | 1 |