I am implementing a solution with set of Micro Services (Web API 2 Rest Services) with Rabbit MQ as the message broker. The Edge server is Authenticated using OAuth based Identity server. Internal Micro Sevices calls are not Authorized or Authenticated.
My objective is to secure all internal Micro Services with Authentication and Authorization. Need to secure internal communication from MiTM attack or eavesdropping.
One thing we can do is relaying the edge server's Auth Token into internal Micro Services. But if someone captures the Auth token, they can perform a Confuse Deputy attack ( act as a legitimate Micro Service ). And anyone can intercept or eavesdrop the communication in between Micro Services.
Please let me know a better solution for this.
Thanks in advance.