0
0
HLDsystem_design~12 mins

Why security must be designed in in HLD - Architecture Impact

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
System Overview - Why security must be designed in

This system explains why security must be built into software and systems from the start. It shows how security components protect data and services against attacks and failures. The goal is to ensure safe, reliable, and trusted system operation.

Architecture Diagram
User
  |
  v
Firewall
  |
  v
Load Balancer
  |
  v
API Gateway
  |
  v
Authentication Service <-> Authorization Service
  |
  v
Application Service
  |
  v
Database
  |
  v
Audit Logs

Cache <-> Application Service
Components
User
actor
End user who accesses the system
Firewall
security_gateway
Blocks unauthorized network traffic before it reaches the system
Load Balancer
load_balancer
Distributes incoming requests evenly to prevent overload
API Gateway
api_gateway
Central entry point that enforces security policies and routes requests
Authentication Service
security_service
Verifies user identity before allowing access
Authorization Service
security_service
Checks user permissions to control access to resources
Application Service
service
Handles business logic and processes user requests
Database
database
Stores application data securely
Audit Logs
logging_service
Records security events and user actions for monitoring and compliance
Cache
cache
Speeds up data access while respecting security controls
Request Flow - 14 Hops
UserFirewall
FirewallLoad Balancer
Load BalancerAPI Gateway
API GatewayAuthentication Service
Authentication ServiceAuthorization Service
Authorization ServiceApplication Service
Application ServiceCache
CacheApplication Service
Application ServiceDatabase
DatabaseApplication Service
Application ServiceAudit Logs
Application ServiceAPI Gateway
API GatewayLoad Balancer
Load BalancerUser
Failure Scenario
Component Fails:Authentication Service
Impact:Users cannot verify identity, so no access is granted, blocking all requests.
Mitigation:Use redundant authentication servers and fallback mechanisms to maintain availability.
Architecture Quiz - 3 Questions
Test your understanding
Which component first blocks unauthorized network traffic?
AFirewall
BAPI Gateway
CLoad Balancer
DAuthentication Service
Design Principle
Security must be designed in from the start to protect the system at multiple layers. Components like firewalls, authentication, and authorization work together to prevent unauthorized access. Logging and redundancy ensure monitoring and availability. This layered approach reduces risks and builds trust.