securing the heart of automated infrastructure
TRANSCRIPT
Securing the Heart of
Automated InfrastructureWhy Security is DevOps
About Me: Jamesha Fisher
✴ DevOps Security Pirate
✴ Work at CloudPassage
✴ Security +
Automation =
Awesomeness
✴ Here to Discuss
✴ DevOpsSec
✴ Chef Server
Why is Security
DevOps? (also known as DevOpsSec?)
Security is in the Public Eye More than Ever
- Brand Name Vulnerabilities
- Breaches of Various Industries
- Digital Fraud and Crimes
Security Principles Match
with DevOps!
Confidentiality
Availability
Integrity
“For any information system to serve
its purpose, the information must be
available when it is needed.”
“Confidentiality is the requirement that
private or confidential information not
be disclosed to unauthorized
individuals. ”
“That a system and it’s data are not
manipulated for unauthorized
functionality or alteration.”
Fast
Ensure Uptime
Controlled, but not Silo’edCollaborative Repeatable & Standardized
Auditable/Processed
Why is this important
for deployment of Chef?
Planning: Availability
- How Many Nodes
Do You Have (or
Plan to)
- Are You Cloud or
Bare Metal?
- What do you Plan to
Do with Chef?
- How quickly do we
need to recover?
Planning: Integrity
- How do we
Configure Servers?
- How do we Ensure
Standards/Security
?
Planning: Confidentiality
- How do we want to
structure our Chef
Server?
- How are we going to
deploy?
- How are Users going
to access?
Testing:The Prep and Practice Firefight
Prep and Practice Firefighting : Availability
๏ Build Host and Set Up Chef-Server
๏ SSL Certs Too!
๏ Ensure minimum authorized users can
login
๏ Test Basic Operations/Worst Cases
Prep and Practice
Firefighting: Integrity
๏ Check SVA and CSM for
Consistency
๏ Pre and Post-Setup
๏ Verify that Firewall Rules work
๏ Make sure SSL is Valid and Setup
Prep and Practice
Firefighting: Confidentiality๏ Create Organizational Setup
๏ Create Users and Role/Based Access
๏ Test Authentication and Basic
Operations
๏ Users/Roles
DEMO TIME!
Deployment
Things to Keep in Mind
• Chef Cookbooks are your friends
• chef-client and omnibus_updater
• New Installs
• It’s going to take some time and adjustment
• Migration
• Download and move from old Chef Server
• Move Everything First, then Separate if Env->Org Migration
So In Conclusion...
Confidentiality
Availability
Integrity
- Plan for Recovery
- Test Setup and Basic Operations (at Least)
- Plan for the
repeatable and
enforceable
- Check for
Security….always!
- Plan out Chef Org
- Including Users,
Roles
- Test for Operability
Questions?
Sources - Images
- “Fleet Street Newspaper Wallpaper”, 2012, Muriva.
- CIA Triad, 2012, The EMail Admin, http://www.theemailadmin.com/wp-
content/uploads/2012/11/CIA.png
- Others are Stock Images purchased from 123f.com
- Paper Sources
- NIST Special Publication 800-33, csrc.nist.gov
- Information security. (2015, March 19). In Wikipedia, The Free Encyclopedia.
Retrieved 21:52, March 27, 2015, from
http://en.wikipedia.org/w/index.php?title=Information_security&oldid=652104012
- All about Enterprise Chef, http://docs.chef.io/enterprise/
- CloudPassage. http://www.cloudpassage.com