SlideShare una empresa de Scribd logo

Immutable Infrastructure Security

Ricky Sanders
Ricky Sanders

Immutable Infrastructure Security: How emerging & disruptive technologies are strategic enablers for Enterprise IT Security Organizations.

Tecnología
1 de 71
Descargar para leer sin conexión
Immutable Security Featuring… “The story of Sisyphus the Security guy”
“Stop Hugging your VM’s because they don’t hug Back” -Werner Vogels, CTO of Amazon
About the Author - #whoami Ricky L. Sanders is an Enterprise Security Architect at a leading Automotive Manufacturer representing and advising the organization on the security design and impact of Cryptographic Management, Virtualization, Software Defined Networking, Cloud Computing, Application Security, and Emerging Technologies. He is a member of ISACA and ISC2. However, he has not always been an IT security practitioner. Before Ricky started working in IT he dreamt of economics, political science, and explaining complicated financial marketplaces. His interest led him to graduate with a Bachelors in Business Economics & Finance from the Kelley School of Business, Indiana (#1 Business School among all public Universities1). As the U.S. exited the 2009 financial collapse he gazed towards Information Technology. Ricky found passion for IT Risk Management and analyzing complicated system security designs. He was fascinated with the complexity of security across heterogeneous technologies. He felt energized to focus on an subject area riddled with political nuance. He decided to pursue a Masters from his Alma Mater at Indiana University in Information Systems (MIS) with a security and risk focus. His combined experiences and education square him up for complicated business analysis of IT security design and strategies. Ricky lives for his beautiful wife Jacquie and his dog. He truly believes in the quote etched into the ceiling at the Rockefeller Center, NY “Knowledge will be the stability of our times”. With that it is with great an equal pleasure that he extends this work to you.
About this Deck Purpose  This deck outlines the author’s opinion regarding Security Strategy for Immutable Infrastructure, Code-pipeline, PaaS, and Micro Service Architectures Disclaimer  The content is assumed as-is. The author takes no responsibility of the content. It is up to the reader to use their own judgment.  This deck refers to a few open source tools and technologies as examples. However, there are many competing tools and technologies that can be leveraged. I’m using these as example only and their use not meant as an endorsement. For specific details contact: Rick Sanders rickyleesanders88@gmail.com
Common Security Problems in IT  Production servers are never consistent  Production servers are misconfigured  Production servers are hard to patch because of technology drift  Privileged user management is impossible at scale  Unauthorized changes keep occurring, e.g. remote access and SSH  New vulnerabilities occur every day and we need to know  Auditing is hard and complex  Security Patches break stuff and cause planned downtime, therefore no one wants to approve security changes
Why is Security so hard? Before  Deploying servers was once a manual process which took a lot of work  Servers cost money, capacity, storage  I.T. is bad at decommissioning stuff because we might break something  Getting code to servers was really hard so we gave developers access to boxes  Secrets, SSH Keys, Certs, Connection Strings are tied to the host OS Now  OS’s are automatically deployed and redeployed from catalogs  Container Images can be automatically deployed from catalogs  Code is more portable when in Containers  Libraries can be automatically replaced from catalogs  Secrets, Connections strings etc. are no longer on the host, and instead move with the Container  So everything can be automatically built and deployed from a Gold Source these days..  The new tools deploy the Old and New Stack in parallel then failover to the new stack automatically and decom the old stack with near Zero downtime
“I don’t believe you. VM vendors promised all this before” - Every Security Guy I’ve spoke to So do we keep doing Security the same way as before and expect different results?
“VMware capabilities focused on the hosts. PaaS is automating further up the stack” “Deploy your Infrastructure-as-code. Security fixes a just new OS’s, Containers, Libraries from a versioned Repo”
The Old Way – Design to Deploy • Many hands “Touch the box” • Requires remote access and other nasty security stuff • It’s how Technology Drift occurs • Host OS Engineering teams release new builds with patches that get “bolted on during enhancements” • Old builds are being patched “live in production” Anything wrong with this picture?
Immutability
Code drives Immutability
You start with a brownfield stack
New code/Security Issues force automatic provisioning of Greenfield Stack
Auto failover and auto rollback if errors occur
HOST - OS The old Way – Monolithic Application Architecture are heavy and not easily deployable or scalable in clouds • VM’s are heavy “For now” and take time to provision • Custom Cloud Init. scripts are required to add path variables and connection strings and host specific data. Scaling gets hard! • Tightly Coupled Methods and Functions. What if we only want to scale a single service? Do we replicate the entire box and waste capacity? Crazy! • If a Library is bad and needs to be replaced the entire system is affected, Bad!
The New Way – Micro-service application architectures built on restful service
The New Way – Micro-service application architectures built on restful service “Security Teams will need to build out their Web Scanning and Restful Service scanning capabilities sets to enable these new designs at scale”
Where each service is de-coupled from the system and hosted “typically” in a Container technology Hypervisor / Physical Linux OS Linux OS Container Container Container Container Service 1 Service 1 Service 1 Service 1
And if you go Hypervisor you get to automate the replacement of Vulnerable OS Kernel's so … that’s cool Hypervisor Linux OS Linux OS Container Container Container Container Service 1 Service 1 Service 1 Service 1
What I’m saying is that NEW Application Architectures, Code Management, VM management, and Container Management are strategic enablers for a successful Immutable Infrastructure strategy…Seems hard All orgs must unite!
“If your security processes are bad now, you will be happy to know that not much will change if teams don’t come together”
Container Basics
What are Containers? “Containers are not new, but recent advances in Linux security have made them more viable” Think… • FreeBSD Jails • OpenVZ • Solaris Zones • LXC for example This is enabled by the use of two Linux kernel capabilities: • C-groups: Are a resource management solution providing a generic process-grouping framework which limits and prioritizes system resources (CPU, memory, I/O, network, etc.) • Namespaces: Allow for lightweight process virtualization and enables processes to have different views of the system (mnt, pid, net, pic, uts, user) • SELinux (Redhat): Provides secure separation of containers by applying SELinux policy and labels. It integrates with virtual devices by using the sVirt technology. • AppArmour: Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. • SECCOMP: A computer security facility that provides an application sandboxing mechanism in the Linux kernel.
Docker aka the defacto standard today. We’ll use as an example. The Docker project provides the means of packaging applications in lightweight containers. Running applications within Docker containers offers the following advantages: • Smaller than Virtual Machines: Because Docker images contain only the content needed to run an application, saving and sharing is much more efficient with Docker containers than it is with virtual machines (which include entire operating systems) • Improved performance: Likewise, since you are not running an entirely separate operating system, a container will typically run faster than an application that carries with it the overhead of a whole new virtual machine. • Secure: Because a Docker container typically has its own network interfaces, file system, and memory, the application running in that container can in theory be isolated and secured from other activities on a host computer. • Flexible: With an application’s run time requirements included with the application in the container, a Docker container is capable of being run in multiple environments.
Docker Container Architecture Example “Host hardening becomes even more important as we vertically scale processes on a single host. If your getting host hardening wrong now then get ready for a single point of failure”
A Container is a just an Image. A lot like an OS Image… but different because it shares the underlying host kernel capabilities and resources
There are many types of container images. Apache, Ubuntu, Node.js, etc. Standard container images should be hardened and reviewed by Security before being released into the repository as “Production Ready”
These different Containers are just deployed from Registries to the Linux runtime environment
“Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities” -BanyanOps “Enterprise corporation should deploy their own container images and never allow images from the public repositories.” “Even corporate approved container images provided by vendors can be vulnerable so you need a operational process and dedicated resources monitor, engineer, and deploy new stuff.” -BanyanOps Container Images can be vulnerable too…
Container Management
Containers can scale restful services to 6,000 service per host causing a nightmare to Manage
Large Enterprises need a way to automate the deployment, scaling, and management of containerized applications
As an Example: Kubernetes aka the de-facto open source Standard • Automatically places containers based on their resource requirements • Scale your application services up and down automatically based on CPU usage • Automate rollouts and rollbacks during change events • Self-healing • Secret and configuration management • Automated Virtual Network Security (Virtual Switching, Virtual Firewalls, Security Policies) An open source container cluster manager originally designed by Google and donated to the Cloud Native Computing Foundation. It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts
Security Organizations can leverage this technology to automatically redeploy “gold image” containers and new secure code Security Organizations should consider the governance and operational process around leveraging Container Management capabilities and repositories.
Security Organizations can leverage this (And Similar) technology to automatically template L3 virtual networks to isolate tenants and application without manual configurations to the physical underlay network
Infrastructure as a Service is a Strategic Enabler If there is a hole in the boat, maybe we just use automation to move our containers to a safer boat that wont sink? e.g. Use your automated VM stack as a strategic enabler
Leveraging Infrastructure as a Service for immutable OS replacements You can leverage existing VMware and OpeStack capabilities to auto provision OS from service catalogs. After a vulnerable OS image has been patched. It should be replaced in the catalog. All containers leveraging that OS should be rebuilt on top of the newly secured OS. This will be difficult in a physical world unless you’ve deployed PXE bootstrap technologies for automated physical OS installs.
Release your Virtual Machines
VM Team I think we’re over- provisioning “If your over-provisioning now, then you’ll be pleasantly surprised in your constancy when you try immutable infrastructure”
So you don’t want to release your VM’s because of sprawl and capacity issues? “So, Let’s keep doing the same thing we’ve been doing and expect different results?”
Minimizing disruption when we rip and replace containers Etcd is a key/value store typically leveraged in container deployments. It is based on a distributed architecture and features hierarchical configuration system that can be used to build service discovery. So when containers are spinning up and down the can rely on etcd to define and connect to each other. Registrator automatically registers and deregisters services by inspecting containers as they are brought online or stopped. When this feature is combined with etcd we can bring up a container, all the data will be stored in etcd and propagated to all nodes in the cluster. What we’ll do with that information is up to us. Think about path variables, service accounts, connection strings etc. These are decoupled from the VM itself and stored on a server…Yay for Security! Now we can reduce the attack surface of secrets to a singe point of failure… at least we can protect it … right? Etcd – It’s a linux etc folder running as a distributed daemon that containers can call upon. E.g. highly decoupled configs.
So when we replace a VM because of a security issue, the lightweight containers (Our applications) can quickly move to a new machine and be recognize because etdc & service discovery is working hard behind he scenes..VM’s
Development Production Technology Drift
“Unauthorized changes always happen, therefore we must scan all the time just to be sure” Are we treating the symptom or finding the cause of the security issue?
Maybe a better Question… How can we be sure that the base OS and Containers have not been changed from the catalog Image?
Configuration Management is like a File Integrity Monitor….a new way to do an old security thing  Chef, Puppet, etc..
• A Chef server acts as a hub for configuration data. The Chef server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by the chef- client. • Nodes use the chef-client to ask the Chef server for configuration details, such as recipes, templates, and file distributions. • The chef-client then does as much of the configuration work as possible on the nodes themselves (and not on the Chef server). • This scalable approach distributes the configuration effort throughout the organization. Configuration Management example with Chef
You can leverage a tool like to Chef to push runs lists down to your nodes running containers A run-list defines all of the information necessary for Chef to configure a node into the desired state. A run-list is: An ordered list of roles and/or recipes that are run in the exact order defined in the run-list; if a recipe appears more than once in the run-list, the chef-client will not run it twice Always specific to the node on which it runs; nodes may have a run-list that is identical to the run-list used by other nodes
You run lists can ensure no-one can access the box • Remove SSH/Telnet • Lockdown system admin group to daemons running root etc. • Enforce Linux based Mandatory Access controls required for Containers • And if one of these items mysteriously changes… • Chef will revert the configuration back to the “desired-state” Configuration Management is a File Integrity Monitor that has the capability to correct itself back to the “Desired State”.
If you’re a paranoid security professional you could leverage Chef Inspec or “Choose your flavor” of agent based security compliance tool to measure effectiveness of the immutable infrastructure strategy
Development Production Enabling Immutable Infrastructure Security Maybe security issues measure the effectiveness of the immutable infrastructure strategy?
Code Pipelines & Immutable Infrastructure Code Pipelines Wild-Wild West VS
“Code Pipeline capabilities are a strategic enabler for a successful Immutable Infrastructure and Security Strategy” “If your code management processes are bad now, you’ll be pleasantly surprised in your consistency to fail when you move to PaaS and Immutable Strategies” “Building your pipeline based on infrastructure and engineering steps is like solving the wrong problem precisely”
“It’s all about the Code”
Stop letting code follow the Infrastructure Anything wrong with this picture?
It’s like a moving target that leads to technology drift
When you have new code/containers in the pipeline then deploy them to a new Container and VM (If there is no capacity on existing Linux VM’s)
Code Pipeline Commit Code Build / Compile Security Scan Grab a fresh Container Image Grab a VM if you need it Write Binaries to a Container Check the Container w/ code into the repo for versioning Deploy Container to the VM we have provisioned Container Pipeline Host OS (VM) Pipeline Add gold OS Image to Repo Make OS Image available for auto- provisioning Auto deploy OS when new code is deployed Scan and build Compliant Immutable OS Image Scan and build Compliant Immutable Container Image Make Container available for auto-provisioning Auto deploy Container when new code is deployedAdd gold Container to Repo Dynamic Security Scans File Integrity Monitoring with Configuration Management Version the New immutable Container w/ Code Feed Loop to teams for Security Remediation Feed Loop to teams for Security Remediation
Do we need to scan production systems in this model? Here’s the disruptive part ….
Development Production Remember this? Security Maybe security issues measure the effectiveness of the immutable infrastructure strategy?
Development Production Effective immutable strategies should give us this
Versioned Catalog with • Base OS • Base Container • Container w/ Code Production Effective immutable strategies should give us this
Simple Math ….
You’re selling me unicorns. I still don’t believe you even with Configuration Management.. Okay….then store cryptographic hashes of your immutable images in your repo for auditing purposes Containers w/ Code Base Linux OS Containers w/ Code Base Linux OS
And therefore a vulnerability, is a vulnerability, is a vulnerability….
Benefits? • Reduced Security Licensing for Tools • Less Security Agents with root privileges running on boxes • Scan times reduced because we’re scanning less stuff • Frequency increases because we’re scanning less stuff • Easier on audit staff • Mathematically provable, not just unicorns
So should we stop scanning the production systems in this model? Probably not immediately….. Not until you can validate that your Configuration Management and Hash capabilities are mature… But it’s a nice Target …
Or we can keep doing what we’ve been doing?
Other areas you could dedicate a book too  Security Scanning integration points in the pipeline  Decoupled libraries and immutable code libraries  Immutable Virtual Network Security Design Patterns  Container Image and Host OS Trust tied to TPM chips  Agentless Container technologies  Emerging JavaScript micro service application architectures and the gaps in JavaScript security tool capabilities
The End
Questions Rickyleesander88@gmail.com

Recomendados

Better decision making with proper business intelligence
Better decision making with proper business intelligenceBetter decision making with proper business intelligence
Better decision making with proper business intelligence
madhavlankapati
 
Security metrics
Security metrics Security metrics
Security metrics
PRAYAGRAJ11
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdf
Cristina Vidu
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud Computing
John Bauer
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Future Watch: Health and wellbeing in a digital age - vision 2025
Future Watch: Health and wellbeing in a digital age - vision 2025Future Watch: Health and wellbeing in a digital age - vision 2025
Future Watch: Health and wellbeing in a digital age - vision 2025
Team Finland Future Watch
 
The Data Operating System: Changing the Digital Trajectory of Healthcare
The Data Operating System: Changing the Digital Trajectory of HealthcareThe Data Operating System: Changing the Digital Trajectory of Healthcare
The Data Operating System: Changing the Digital Trajectory of Healthcare
Health Catalyst
 
Medical Device Threat Modeling with Templates
Medical Device Threat Modeling with TemplatesMedical Device Threat Modeling with Templates
Medical Device Threat Modeling with Templates
Priyanka Aash
 

Recomendados

Better decision making with proper business intelligence
Better decision making with proper business intelligenceBetter decision making with proper business intelligence
Better decision making with proper business intelligence
madhavlankapati
 
Security metrics
Security metrics Security metrics
Security metrics
PRAYAGRAJ11
 
UiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdfUiPath - IT Automation (1).pdf
UiPath - IT Automation (1).pdf
Cristina Vidu
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud Computing
John Bauer
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Future Watch: Health and wellbeing in a digital age - vision 2025
Future Watch: Health and wellbeing in a digital age - vision 2025Future Watch: Health and wellbeing in a digital age - vision 2025
Future Watch: Health and wellbeing in a digital age - vision 2025
Team Finland Future Watch
 
The Data Operating System: Changing the Digital Trajectory of Healthcare
The Data Operating System: Changing the Digital Trajectory of HealthcareThe Data Operating System: Changing the Digital Trajectory of Healthcare
The Data Operating System: Changing the Digital Trajectory of Healthcare
Health Catalyst
 
Medical Device Threat Modeling with Templates
Medical Device Threat Modeling with TemplatesMedical Device Threat Modeling with Templates
Medical Device Threat Modeling with Templates
Priyanka Aash
 
2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf
ErickaDiaz24
 
Ai in healthcare
Ai in healthcareAi in healthcare
Ai in healthcare
muskannn
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
Whitepaper Robotic Process Automation
Whitepaper Robotic Process AutomationWhitepaper Robotic Process Automation
Whitepaper Robotic Process Automation
Sandeep Maurya 8800719707
 
Business Process Automation A Productivity Lever
Business Process Automation A Productivity LeverBusiness Process Automation A Productivity Lever
Business Process Automation A Productivity Lever
Knoldus Inc.
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
 
ITSM Solutions and DevOps Alignment
ITSM Solutions and DevOps AlignmentITSM Solutions and DevOps Alignment
ITSM Solutions and DevOps Alignment
PagerDuty
 
DIGITAL HEALTH TRENDS.pdf
DIGITAL HEALTH TRENDS.pdfDIGITAL HEALTH TRENDS.pdf
DIGITAL HEALTH TRENDS.pdf
WynlorAbarca1
 
It Consulting Slides
It Consulting SlidesIt Consulting Slides
It Consulting Slides
Joe O'Mahoney
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
Management Information System & Technology
Management Information System & TechnologyManagement Information System & Technology
Management Information System & Technology
Akash Jauhari
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Noc to soc transformation zeeshan ahmed
Noc to soc transformation zeeshan ahmedNoc to soc transformation zeeshan ahmed
Noc to soc transformation zeeshan ahmed
Zeeshan_Ahmed
 
ITIL Practical Guide - Service Operation
ITIL Practical Guide - Service OperationITIL Practical Guide - Service Operation
ITIL Practical Guide - Service Operation
Axios Systems
 
Determining Information Needs.
Determining Information Needs.Determining Information Needs.
Determining Information Needs.
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Addressing Big Data Challenges - The Hadoop Way
Addressing Big Data Challenges - The Hadoop WayAddressing Big Data Challenges - The Hadoop Way
Addressing Big Data Challenges - The Hadoop Way
Xoriant Corporation
 
Order Fallout Management Telecom Framework
Order Fallout Management Telecom FrameworkOrder Fallout Management Telecom Framework
Order Fallout Management Telecom Framework
Infosys
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Jerimi Soma
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
ucisa
 
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdfTHE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
Mitra Solutions
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
Bhagyashree Barde
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
Jack Whitsitt
 

Más contenido relacionado

La actualidad más candente

Business Process Automation A Productivity Lever
Business Process Automation A Productivity LeverBusiness Process Automation A Productivity Lever
Business Process Automation A Productivity Lever
Knoldus Inc.
 
It Consulting Slides
It Consulting SlidesIt Consulting Slides
It Consulting Slides
Joe O'Mahoney
 
Management Information System & Technology
Management Information System & TechnologyManagement Information System & Technology
Management Information System & Technology
Akash Jauhari
 

La actualidad más candente (20)

2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf
 
Ai in healthcare
Ai in healthcareAi in healthcare
Ai in healthcare
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Whitepaper Robotic Process Automation
Whitepaper Robotic Process AutomationWhitepaper Robotic Process Automation
Whitepaper Robotic Process Automation
 
Business Process Automation A Productivity Lever
Business Process Automation A Productivity LeverBusiness Process Automation A Productivity Lever
Business Process Automation A Productivity Lever
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
ITSM Solutions and DevOps Alignment
ITSM Solutions and DevOps AlignmentITSM Solutions and DevOps Alignment
ITSM Solutions and DevOps Alignment
 
DIGITAL HEALTH TRENDS.pdf
DIGITAL HEALTH TRENDS.pdfDIGITAL HEALTH TRENDS.pdf
DIGITAL HEALTH TRENDS.pdf
 
It Consulting Slides
It Consulting SlidesIt Consulting Slides
It Consulting Slides
 
Incident Response
Incident Response Incident Response
Incident Response
 
Management Information System & Technology
Management Information System & TechnologyManagement Information System & Technology
Management Information System & Technology
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Noc to soc transformation zeeshan ahmed
Noc to soc transformation zeeshan ahmedNoc to soc transformation zeeshan ahmed
Noc to soc transformation zeeshan ahmed
 
ITIL Practical Guide - Service Operation
ITIL Practical Guide - Service OperationITIL Practical Guide - Service Operation
ITIL Practical Guide - Service Operation
 
Determining Information Needs.
Determining Information Needs.Determining Information Needs.
Determining Information Needs.
 
Addressing Big Data Challenges - The Hadoop Way
Addressing Big Data Challenges - The Hadoop WayAddressing Big Data Challenges - The Hadoop Way
Addressing Big Data Challenges - The Hadoop Way
 
Order Fallout Management Telecom Framework
Order Fallout Management Telecom FrameworkOrder Fallout Management Telecom Framework
Order Fallout Management Telecom Framework
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdfTHE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
THE MiTRA SOLUTIONS PROFILE COMPANY PROFILE.pdf
 

Destacado

NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
Jack Whitsitt
 
Somerdata AROW Data Diode
Somerdata AROW Data DiodeSomerdata AROW Data Diode
Somerdata AROW Data Diode
Somerdata
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
Amazon Web Services
 

Destacado (9)

Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 
Somerdata AROW Data Diode
Somerdata AROW Data DiodeSomerdata AROW Data Diode
Somerdata AROW Data Diode
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
Li-Fi Technology PPT
Li-Fi Technology PPT Li-Fi Technology PPT
Li-Fi Technology PPT
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 

Similar a Immutable Infrastructure Security

The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Black Duck by Synopsys
 
Who Needs Network Management in a Cloud Native Environment?
Who Needs Network Management in a Cloud Native Environment?Who Needs Network Management in a Cloud Native Environment?
Who Needs Network Management in a Cloud Native Environment?
Eshed Gal-Or
 
Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chain
Michele Chubirka
 

Similar a Immutable Infrastructure Security (20)

Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data Scientists
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
Containerization
ContainerizationContainerization
Containerization
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetes
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiated
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Who Needs Network Management in a Cloud Native Environment?
Who Needs Network Management in a Cloud Native Environment?Who Needs Network Management in a Cloud Native Environment?
Who Needs Network Management in a Cloud Native Environment?
 
Owasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chainOwasp appsec container_security_supply_chain
Owasp appsec container_security_supply_chain
 
Private cloud cloud-phoenix-april-2014
Private cloud cloud-phoenix-april-2014Private cloud cloud-phoenix-april-2014
Private cloud cloud-phoenix-april-2014
 
Containerization Principles Overview for app development and deployment
Containerization Principles Overview for app development and deploymentContainerization Principles Overview for app development and deployment
Containerization Principles Overview for app development and deployment
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
Docker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdminDocker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdmin
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Immutable Infrastructure Security

  • 1. Immutable Security Featuring… “The story of Sisyphus the Security guy”
  • 2. “Stop Hugging your VM’s because they don’t hug Back” -Werner Vogels, CTO of Amazon
  • 3. About the Author - #whoami Ricky L. Sanders is an Enterprise Security Architect at a leading Automotive Manufacturer representing and advising the organization on the security design and impact of Cryptographic Management, Virtualization, Software Defined Networking, Cloud Computing, Application Security, and Emerging Technologies. He is a member of ISACA and ISC2. However, he has not always been an IT security practitioner. Before Ricky started working in IT he dreamt of economics, political science, and explaining complicated financial marketplaces. His interest led him to graduate with a Bachelors in Business Economics & Finance from the Kelley School of Business, Indiana (#1 Business School among all public Universities1). As the U.S. exited the 2009 financial collapse he gazed towards Information Technology. Ricky found passion for IT Risk Management and analyzing complicated system security designs. He was fascinated with the complexity of security across heterogeneous technologies. He felt energized to focus on an subject area riddled with political nuance. He decided to pursue a Masters from his Alma Mater at Indiana University in Information Systems (MIS) with a security and risk focus. His combined experiences and education square him up for complicated business analysis of IT security design and strategies. Ricky lives for his beautiful wife Jacquie and his dog. He truly believes in the quote etched into the ceiling at the Rockefeller Center, NY “Knowledge will be the stability of our times”. With that it is with great an equal pleasure that he extends this work to you.
  • 4. About this Deck Purpose  This deck outlines the author’s opinion regarding Security Strategy for Immutable Infrastructure, Code-pipeline, PaaS, and Micro Service Architectures Disclaimer  The content is assumed as-is. The author takes no responsibility of the content. It is up to the reader to use their own judgment.  This deck refers to a few open source tools and technologies as examples. However, there are many competing tools and technologies that can be leveraged. I’m using these as example only and their use not meant as an endorsement. For specific details contact: Rick Sanders rickyleesanders88@gmail.com
  • 5. Common Security Problems in IT  Production servers are never consistent  Production servers are misconfigured  Production servers are hard to patch because of technology drift  Privileged user management is impossible at scale  Unauthorized changes keep occurring, e.g. remote access and SSH  New vulnerabilities occur every day and we need to know  Auditing is hard and complex  Security Patches break stuff and cause planned downtime, therefore no one wants to approve security changes
  • 6. Why is Security so hard? Before  Deploying servers was once a manual process which took a lot of work  Servers cost money, capacity, storage  I.T. is bad at decommissioning stuff because we might break something  Getting code to servers was really hard so we gave developers access to boxes  Secrets, SSH Keys, Certs, Connection Strings are tied to the host OS Now  OS’s are automatically deployed and redeployed from catalogs  Container Images can be automatically deployed from catalogs  Code is more portable when in Containers  Libraries can be automatically replaced from catalogs  Secrets, Connections strings etc. are no longer on the host, and instead move with the Container  So everything can be automatically built and deployed from a Gold Source these days..  The new tools deploy the Old and New Stack in parallel then failover to the new stack automatically and decom the old stack with near Zero downtime
  • 7. “I don’t believe you. VM vendors promised all this before” - Every Security Guy I’ve spoke to So do we keep doing Security the same way as before and expect different results?
  • 8. “VMware capabilities focused on the hosts. PaaS is automating further up the stack” “Deploy your Infrastructure-as-code. Security fixes a just new OS’s, Containers, Libraries from a versioned Repo”
  • 9. The Old Way – Design to Deploy • Many hands “Touch the box” • Requires remote access and other nasty security stuff • It’s how Technology Drift occurs • Host OS Engineering teams release new builds with patches that get “bolted on during enhancements” • Old builds are being patched “live in production” Anything wrong with this picture?
  • 12. You start with a brownfield stack
  • 13. New code/Security Issues force automatic provisioning of Greenfield Stack
  • 14. Auto failover and auto rollback if errors occur
  • 15. HOST - OS The old Way – Monolithic Application Architecture are heavy and not easily deployable or scalable in clouds • VM’s are heavy “For now” and take time to provision • Custom Cloud Init. scripts are required to add path variables and connection strings and host specific data. Scaling gets hard! • Tightly Coupled Methods and Functions. What if we only want to scale a single service? Do we replicate the entire box and waste capacity? Crazy! • If a Library is bad and needs to be replaced the entire system is affected, Bad!
  • 16. The New Way – Micro-service application architectures built on restful service
  • 17. The New Way – Micro-service application architectures built on restful service “Security Teams will need to build out their Web Scanning and Restful Service scanning capabilities sets to enable these new designs at scale”
  • 18. Where each service is de-coupled from the system and hosted “typically” in a Container technology Hypervisor / Physical Linux OS Linux OS Container Container Container Container Service 1 Service 1 Service 1 Service 1
  • 19. And if you go Hypervisor you get to automate the replacement of Vulnerable OS Kernel's so … that’s cool Hypervisor Linux OS Linux OS Container Container Container Container Service 1 Service 1 Service 1 Service 1
  • 20. What I’m saying is that NEW Application Architectures, Code Management, VM management, and Container Management are strategic enablers for a successful Immutable Infrastructure strategy…Seems hard All orgs must unite!
  • 21. “If your security processes are bad now, you will be happy to know that not much will change if teams don’t come together”
  • 23. What are Containers? “Containers are not new, but recent advances in Linux security have made them more viable” Think… • FreeBSD Jails • OpenVZ • Solaris Zones • LXC for example This is enabled by the use of two Linux kernel capabilities: • C-groups: Are a resource management solution providing a generic process-grouping framework which limits and prioritizes system resources (CPU, memory, I/O, network, etc.) • Namespaces: Allow for lightweight process virtualization and enables processes to have different views of the system (mnt, pid, net, pic, uts, user) • SELinux (Redhat): Provides secure separation of containers by applying SELinux policy and labels. It integrates with virtual devices by using the sVirt technology. • AppArmour: Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. • SECCOMP: A computer security facility that provides an application sandboxing mechanism in the Linux kernel.
  • 24. Docker aka the defacto standard today. We’ll use as an example. The Docker project provides the means of packaging applications in lightweight containers. Running applications within Docker containers offers the following advantages: • Smaller than Virtual Machines: Because Docker images contain only the content needed to run an application, saving and sharing is much more efficient with Docker containers than it is with virtual machines (which include entire operating systems) • Improved performance: Likewise, since you are not running an entirely separate operating system, a container will typically run faster than an application that carries with it the overhead of a whole new virtual machine. • Secure: Because a Docker container typically has its own network interfaces, file system, and memory, the application running in that container can in theory be isolated and secured from other activities on a host computer. • Flexible: With an application’s run time requirements included with the application in the container, a Docker container is capable of being run in multiple environments.
  • 25. Docker Container Architecture Example “Host hardening becomes even more important as we vertically scale processes on a single host. If your getting host hardening wrong now then get ready for a single point of failure”
  • 26. A Container is a just an Image. A lot like an OS Image… but different because it shares the underlying host kernel capabilities and resources
  • 27. There are many types of container images. Apache, Ubuntu, Node.js, etc. Standard container images should be hardened and reviewed by Security before being released into the repository as “Production Ready”
  • 28. These different Containers are just deployed from Registries to the Linux runtime environment
  • 29. “Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities” -BanyanOps “Enterprise corporation should deploy their own container images and never allow images from the public repositories.” “Even corporate approved container images provided by vendors can be vulnerable so you need a operational process and dedicated resources monitor, engineer, and deploy new stuff.” -BanyanOps Container Images can be vulnerable too…
  • 31. Containers can scale restful services to 6,000 service per host causing a nightmare to Manage
  • 32. Large Enterprises need a way to automate the deployment, scaling, and management of containerized applications
  • 33. As an Example: Kubernetes aka the de-facto open source Standard • Automatically places containers based on their resource requirements • Scale your application services up and down automatically based on CPU usage • Automate rollouts and rollbacks during change events • Self-healing • Secret and configuration management • Automated Virtual Network Security (Virtual Switching, Virtual Firewalls, Security Policies) An open source container cluster manager originally designed by Google and donated to the Cloud Native Computing Foundation. It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts
  • 34. Security Organizations can leverage this technology to automatically redeploy “gold image” containers and new secure code Security Organizations should consider the governance and operational process around leveraging Container Management capabilities and repositories.
  • 35. Security Organizations can leverage this (And Similar) technology to automatically template L3 virtual networks to isolate tenants and application without manual configurations to the physical underlay network
  • 36. Infrastructure as a Service is a Strategic Enabler If there is a hole in the boat, maybe we just use automation to move our containers to a safer boat that wont sink? e.g. Use your automated VM stack as a strategic enabler
  • 37. Leveraging Infrastructure as a Service for immutable OS replacements You can leverage existing VMware and OpeStack capabilities to auto provision OS from service catalogs. After a vulnerable OS image has been patched. It should be replaced in the catalog. All containers leveraging that OS should be rebuilt on top of the newly secured OS. This will be difficult in a physical world unless you’ve deployed PXE bootstrap technologies for automated physical OS installs.
  • 39. VM Team I think we’re over- provisioning “If your over-provisioning now, then you’ll be pleasantly surprised in your constancy when you try immutable infrastructure”
  • 40. So you don’t want to release your VM’s because of sprawl and capacity issues? “So, Let’s keep doing the same thing we’ve been doing and expect different results?”
  • 41. Minimizing disruption when we rip and replace containers Etcd is a key/value store typically leveraged in container deployments. It is based on a distributed architecture and features hierarchical configuration system that can be used to build service discovery. So when containers are spinning up and down the can rely on etcd to define and connect to each other. Registrator automatically registers and deregisters services by inspecting containers as they are brought online or stopped. When this feature is combined with etcd we can bring up a container, all the data will be stored in etcd and propagated to all nodes in the cluster. What we’ll do with that information is up to us. Think about path variables, service accounts, connection strings etc. These are decoupled from the VM itself and stored on a server…Yay for Security! Now we can reduce the attack surface of secrets to a singe point of failure… at least we can protect it … right? Etcd – It’s a linux etc folder running as a distributed daemon that containers can call upon. E.g. highly decoupled configs.
  • 42. So when we replace a VM because of a security issue, the lightweight containers (Our applications) can quickly move to a new machine and be recognize because etdc & service discovery is working hard behind he scenes..VM’s
  • 44. “Unauthorized changes always happen, therefore we must scan all the time just to be sure” Are we treating the symptom or finding the cause of the security issue?
  • 45. Maybe a better Question… How can we be sure that the base OS and Containers have not been changed from the catalog Image?
  • 46. Configuration Management is like a File Integrity Monitor….a new way to do an old security thing  Chef, Puppet, etc..
  • 47. • A Chef server acts as a hub for configuration data. The Chef server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by the chef- client. • Nodes use the chef-client to ask the Chef server for configuration details, such as recipes, templates, and file distributions. • The chef-client then does as much of the configuration work as possible on the nodes themselves (and not on the Chef server). • This scalable approach distributes the configuration effort throughout the organization. Configuration Management example with Chef
  • 48. You can leverage a tool like to Chef to push runs lists down to your nodes running containers A run-list defines all of the information necessary for Chef to configure a node into the desired state. A run-list is: An ordered list of roles and/or recipes that are run in the exact order defined in the run-list; if a recipe appears more than once in the run-list, the chef-client will not run it twice Always specific to the node on which it runs; nodes may have a run-list that is identical to the run-list used by other nodes
  • 49. You run lists can ensure no-one can access the box • Remove SSH/Telnet • Lockdown system admin group to daemons running root etc. • Enforce Linux based Mandatory Access controls required for Containers • And if one of these items mysteriously changes… • Chef will revert the configuration back to the “desired-state” Configuration Management is a File Integrity Monitor that has the capability to correct itself back to the “Desired State”.
  • 50. If you’re a paranoid security professional you could leverage Chef Inspec or “Choose your flavor” of agent based security compliance tool to measure effectiveness of the immutable infrastructure strategy
  • 51. Development Production Enabling Immutable Infrastructure Security Maybe security issues measure the effectiveness of the immutable infrastructure strategy?
  • 52. Code Pipelines & Immutable Infrastructure Code Pipelines Wild-Wild West VS
  • 53. “Code Pipeline capabilities are a strategic enabler for a successful Immutable Infrastructure and Security Strategy” “If your code management processes are bad now, you’ll be pleasantly surprised in your consistency to fail when you move to PaaS and Immutable Strategies” “Building your pipeline based on infrastructure and engineering steps is like solving the wrong problem precisely”
  • 54. “It’s all about the Code”
  • 55. Stop letting code follow the Infrastructure Anything wrong with this picture?
  • 56. It’s like a moving target that leads to technology drift
  • 57. When you have new code/containers in the pipeline then deploy them to a new Container and VM (If there is no capacity on existing Linux VM’s)
  • 58. Code Pipeline Commit Code Build / Compile Security Scan Grab a fresh Container Image Grab a VM if you need it Write Binaries to a Container Check the Container w/ code into the repo for versioning Deploy Container to the VM we have provisioned Container Pipeline Host OS (VM) Pipeline Add gold OS Image to Repo Make OS Image available for auto- provisioning Auto deploy OS when new code is deployed Scan and build Compliant Immutable OS Image Scan and build Compliant Immutable Container Image Make Container available for auto-provisioning Auto deploy Container when new code is deployedAdd gold Container to Repo Dynamic Security Scans File Integrity Monitoring with Configuration Management Version the New immutable Container w/ Code Feed Loop to teams for Security Remediation Feed Loop to teams for Security Remediation
  • 59. Do we need to scan production systems in this model? Here’s the disruptive part ….
  • 60. Development Production Remember this? Security Maybe security issues measure the effectiveness of the immutable infrastructure strategy?
  • 61. Development Production Effective immutable strategies should give us this
  • 62. Versioned Catalog with • Base OS • Base Container • Container w/ Code Production Effective immutable strategies should give us this
  • 64. You’re selling me unicorns. I still don’t believe you even with Configuration Management.. Okay….then store cryptographic hashes of your immutable images in your repo for auditing purposes Containers w/ Code Base Linux OS Containers w/ Code Base Linux OS
  • 65. And therefore a vulnerability, is a vulnerability, is a vulnerability….
  • 66. Benefits? • Reduced Security Licensing for Tools • Less Security Agents with root privileges running on boxes • Scan times reduced because we’re scanning less stuff • Frequency increases because we’re scanning less stuff • Easier on audit staff • Mathematically provable, not just unicorns
  • 67. So should we stop scanning the production systems in this model? Probably not immediately….. Not until you can validate that your Configuration Management and Hash capabilities are mature… But it’s a nice Target …
  • 68. Or we can keep doing what we’ve been doing?
  • 69. Other areas you could dedicate a book too  Security Scanning integration points in the pipeline  Decoupled libraries and immutable code libraries  Immutable Virtual Network Security Design Patterns  Container Image and Host OS Trust tied to TPM chips  Agentless Container technologies  Emerging JavaScript micro service application architectures and the gaps in JavaScript security tool capabilities