---
title: Secure network communication
description: It is extremely important to keep your AM instances safe from both internal and external attacks. This can be a challenge when you cannot control who connects to your instances.
component: pingam
version: 8.1
page_id: pingam:security:securing-communications
canonical_url: https://docs.pingidentity.com/pingam/8.1/security/securing-communications.html
keywords: ["Security", "Setup & Configuration", "Deployment"]
page_aliases: ["security-guide:securing-communications.adoc"]
---

# Secure network communication

It is extremely important to keep your AM instances safe from both internal and external attacks. This can be a challenge when you cannot control who connects to your instances.

For example, a client could send unprotected credentials in an HTTP Authorization header. Even if AM were to reject the request, the credentials would already be leaked to any eavesdroppers.

The best way to protect your environment is to enforce the use of secure HTTPS communication.

The following table summarizes best practices about network security in AM environments:

| Task                                                                                                                                                                    | Resources                                                   |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
| **Enforce secure connections**Secure connections between AM and the rest of your platform, whether it is DS servers or your applications.                               | [Secure HTTP and LDAP connections](secure-connections.html) |
| **Use a reverse proxy**Configure AM behind a reverse proxy. This will protect AM against DoS attacks and restrict access to AM and its endpoints to networks you trust. | [Configure AM behind a reverse proxy](reverse-proxy.html)   |
| **Configure CORS filters**Configure a CORS filter such that only your trusted clients and applications can make cross-domain calls to your AM instances.                | [Configure CORS support](enable-cors-support.html)          |
| **Adjust AM's cookie domain**Configure AM cookie domain so that AM communicates with the hosts in the required domains and sub-domains.                                 | [Change the cookie domain](changing-cookie-domain.html)     |
| **Learn about the CSRF protection filter for REST endpoints**By default, AM protects its `/json` endpoints using a header filter.                                       | [Protect against CSRF attacks](rest-CSRF.html)              |