Securing the Heart of

Automated InfrastructureWhy Security is DevOps

About Me: Jamesha Fisher

✴ DevOps Security Pirate

✴ Work at CloudPassage

✴ Security +

Automation =

Awesomeness

✴ Here to Discuss

✴ DevOpsSec

✴ Chef Server

Why is Security

DevOps? (also known as DevOpsSec?)

Security is in the Public Eye More than Ever

- Brand Name Vulnerabilities

- Breaches of Various Industries

- Digital Fraud and Crimes

Security Principles Match

with DevOps!

Confidentiality

Availability

Integrity

“For any information system to serve

its purpose, the information must be

available when it is needed.”

“Confidentiality is the requirement that

private or confidential information not

be disclosed to unauthorized

individuals. ”

“That a system and it’s data are not

manipulated for unauthorized

functionality or alteration.”

Fast

Ensure Uptime

Controlled, but not Silo’edCollaborative Repeatable & Standardized

Auditable/Processed

Why is this important

for deployment of Chef?

Planning: Availability

- How Many Nodes

Do You Have (or

Plan to)

- Are You Cloud or

Bare Metal?

- What do you Plan to

Do with Chef?

- How quickly do we

need to recover?

Planning: Integrity

- How do we

Configure Servers?

- How do we Ensure

Standards/Security

?

Planning: Confidentiality

- How do we want to

structure our Chef

Server?

- How are we going to

deploy?

- How are Users going

to access?

Testing:The Prep and Practice Firefight

Prep and Practice Firefighting : Availability

๏ Build Host and Set Up Chef-Server

๏ SSL Certs Too!

๏ Ensure minimum authorized users can

login

๏ Test Basic Operations/Worst Cases

Prep and Practice

Firefighting: Integrity

๏ Check SVA and CSM for

Consistency

๏ Pre and Post-Setup

๏ Verify that Firewall Rules work

๏ Make sure SSL is Valid and Setup

Prep and Practice

Firefighting: Confidentiality๏ Create Organizational Setup

๏ Create Users and Role/Based Access

๏ Test Authentication and Basic

Operations

๏ Users/Roles

DEMO TIME!

Deployment

Things to Keep in Mind

• Chef Cookbooks are your friends

• chef-client and omnibus_updater

• New Installs

• It’s going to take some time and adjustment

• Migration

• Download and move from old Chef Server

• Move Everything First, then Separate if Env->Org Migration

So In Conclusion...

Confidentiality

Availability

Integrity

- Plan for Recovery

- Test Setup and Basic Operations (at Least)

- Plan for the

repeatable and

enforceable

- Check for

Security….always!

- Plan out Chef Org

- Including Users,

Roles

- Test for Operability

Questions?

Sources - Images

- “Fleet Street Newspaper Wallpaper”, 2012, Muriva.

- CIA Triad, 2012, The EMail Admin, http://www.theemailadmin.com/wp-

content/uploads/2012/11/CIA.png

- Others are Stock Images purchased from 123f.com

- Paper Sources

- NIST Special Publication 800-33, csrc.nist.gov

- Information security. (2015, March 19). In Wikipedia, The Free Encyclopedia.

Retrieved 21:52, March 27, 2015, from

http://en.wikipedia.org/w/index.php?title=Information_security&oldid=652104012

- All about Enterprise Chef, http://docs.chef.io/enterprise/

- CloudPassage. http://www.cloudpassage.com