Cloudflare provides a free service to encapsulate an existing website and
route traffic through their infrastructure. This allows them to apply
numerous defensive measures to help secure the site from a range of online
risks. In this course, we'll go through the process of setting up a site in
Cloudflare, assessing the security profile, then strengthening the
configuration to maximize the value of the additional defenses.
In an increasingly security conscious world, people are always looking for
shortcuts to enhance the security profile of their websites whilst keeping
cost and effort to a minimum. For new web assets, and particularly for old,
this can be a high-friction and often costly process to get right.
Cloudflare provides a free service that routes traffic to existing websites
through their infrastructure. They've rapidly emerged in recent years to
become a large player in the online world, with 5% of the globe's traffic
now dependent on Cloudflare. By encapsulating a website within their
service, they're able to provide services ranging from SSL-enabling sites
to implementing firewall rules and security controls, all without touching
the existing site. In this course, we'll look at Cloudflare's free
service, which can be set up in minutes. Whether you're just trying to get
SSL on your site or want to take advantage of the more advanced security
features Cloudflare offers, this course is a great way to increase security
in the fastest, cheapest way possible.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
The Cloudflare Model Hi. This is Troy Hunt and welcome to Getting Started with CloudFlare Security. CloudFlare is an amazing service that's become enormously dominant on the internet in recent years and may offer some fantastic services in the realm of security and performance and in this course I'm going to show you all about how to get started with their free security features to make your website a safer place for your customers. Let's go and have a look at what I'm going to talk about. In this first module I want to start out by taking a look at just how CloudFlare works. It's a very clever system, but it's not at all hard to wrap your head around either. So we'll start out by taking a bit of a look at the mechanics of the service. I then want to go and give you a sense of just how massive their scale is. CloudFlare pales a huge portion of the internet today and you'll understand what I mean about just how huge when you see the figures in just a moment. So yes, they're a very dominant player. Now with their massive global scale they've been able to offer a heap of really neat security features absolutely for free. So I'm going to give you a bit of an overview of what those features are in this module and then as we proceed through the remainder of the course, we'll actually go through and set up the CloudFlare service and get these features working for you. So this is going to be a very practical course that will help you get CloudFlare up and running and better securing your website. So let's go and jump into it right now.
Setting Up a New Site Now that we understand a bit more about what CloudFlare is all about, let's jump in and actually set up a new site. Now when I say new site, this is actually a site that we already have, but by CloudFlare's definition it's actually a naked site at the moment and we're now going to use CloudFlare's service to sit between the audience and the site and give us a heap of neat security features for free. So let's go on and take a look at the overview of what we're going to cover throughout this module. Here's what we're going to do. I want to start by taking a look at the demo site. So I do have an existing site that I want to use for this, just to make the whole thing a little bit more realistic. Now after we look at the site, we're going to set it up on CloudFlare, and again, this is the process that should take less than 5 minutes. Now by getting that site set up, we're also going to need to configure some DNS because ultimately we're going to use CloudFlare's name service for this site rather than my existing provider's name service. And of course, once we get that set up, we're going to test it and make sure everything is working just the way we'd expect it to. So with all this now established, let's jump over to the browser and I'll introduce you to the site that I'm going to use throughout this course.
Managing the Firewall In this module, I'd like to talk about managing the firewall in CloudFlare and this is one of the great security features they offer. So beyond SSL and actually having your traffic protected using HTTPS, CloudFlare offers a whole bunch of features that determine what traffic is allowed to come in, what traffic needs to go through further verification processes, and then what traffic should simply be kept out and we're going to look at all of this as we delve into managing the firewall. Let's go and see what's in the module. In this module we're going to talk a lot about threats and I want to start out by defining exactly what we mean by threats and how CloudFlare classifies and measures them. We're then going to move on and have a look at how we can customize the security level such that CloudFlare will respond differently based on the threat level of the traffic, so this is what's really going to start to help us keep the nasty stuff out and let the good stuff through. Now we're going to do that by applying rules and we'll see how we can either apply those across the entire site or apply them in a much more granular fashion, all the way down to a page resource. We're also going to use this module to establish exactly what the CloudFlare firewall can and can't do and we'll touch on some of the things that it can start to do once you move beyond the free tier as well. And that's really quite an important point here. Everything that we're looking at is still free. You can turn around and get this in a matter of minutes for zero dollars, so the price point is pretty important for context. So with that expectation set, let's move on and start understanding more about what we mean by threats.