Which of the following statements are true in regards to the security/threat model?

The Consul security/threat model includes many guiding principals to ensure the protection of the Consul service.

Which of the following statements are true in regards to the security/threat model? (select three)
A . all servers must join the cluster to begin participating in Raft
B. verify_outgoing should be enabled, at a minimum, to verify server authenticity
C. encryption should be enabled for only the TCP protocol as UDP doesn’t carry sensitive data
D. verify_incoming should be enabled to provide agent verification via mutual authentication
E. ACLs should be enabled with a default deny policy

Answer: A,B,E

Explanation:

As part of the security/threat module, Consul ACLs should always be enabled and explicitly configured to deny requests. This ensures that all requests to Consul are authenticated using an ACL token or they are permitted access using the anonymous token.

Ensuring that all clusters join the cluster with proper authentication and authorization ensures that non-members can’t access data stored within Consul.

verify_outgoing should be enabled in Consul, at a minimum, to verify server authenticity with each server having a unique TLS certificate. You should also enable verify_server_hostname which will prevent a client from modifying the configuration file and restarting the agent as a server to gain access to Consul data

Incorrect Answers:

Encryption should be enabled for both TCP and UDP protocols to prevent any plaintext communication between Consul agents.

While it’s not a bad idea to enable verify_incoming, it’s not required to enforce the threat model since requests should also include a valid ACL token.