• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Puppet for Security Compliance - GOSCON 2010
 

Puppet for Security Compliance - GOSCON 2010

on

  • 11,821 views

Teyo Tyree's slides from GOSCON 2010. He covers the benefits for a modern approach to systems management and compliance and the key advantages of a model-driven approach to configuration management.

Teyo Tyree's slides from GOSCON 2010. He covers the benefits for a modern approach to systems management and compliance and the key advantages of a model-driven approach to configuration management.

Statistics

Views

Total Views
11,821
Views on SlideShare
5,341
Embed Views
6,480

Actions

Likes
1
Downloads
114
Comments
0

13 Embeds 6,480

http://puppetlabs.com 5080
http://www.puppetlabs.com 1231
https://puppetlabs.com 106
http://puppetlabs.iron-point.com 36
http://www.planetpuppet.org 12
http://planetpuppet.org 4
http://192.168.1.100 3
http://static.slidesharecdn.com 2
http://feeds.feedburner.com 2
http://translate.googleusercontent.com 1
http://webcache.googleusercontent.com 1
http://ia.puppetlabs.com 1
http://puppetdev.iron-point.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Puppet for Security Compliance - GOSCON 2010 Puppet for Security Compliance - GOSCON 2010 Presentation Transcript

    • Puppet A Modern Approach to Systems Management and Compliance October 2010Wednesday, December 15, 2010
    • The Compliance ProblemWednesday, December 15, 2010
    • The Olde DaysWednesday, December 15, 2010
    • The Security AnalystWednesday, December 15, 2010
    • Not Aligned with Business NeedsWednesday, December 15, 2010
    • Tools and Custom ScriptsWednesday, December 15, 2010
    • The AuditorWednesday, December 15, 2010
    • Networks GrowWednesday, December 15, 2010
    • Networks GrowWednesday, December 15, 2010
    • The Compliance ParadoxWednesday, December 15, 2010
    • Puppet: A New ApproachWednesday, December 15, 2010
    • Puppet: A New Approach ★ Is a model driven framework to centrally manage IT systems.Wednesday, December 15, 2010
    • Puppet: A New Approach ★ Is a model driven framework to centrally manage IT systems. ★ Enforces consistent, known secure, configurations of target systems.Wednesday, December 15, 2010
    • Puppet: A New Approach ★ Is a model driven framework to centrally manage IT systems. ★ Enforces consistent, known secure, configurations of target systems. ★ Enables cross-functional collaboration within IT.Wednesday, December 15, 2010
    • Puppet: A New Approach ★ Is a model driven framework to centrally manage IT systems. ★ Enforces consistent, known secure, configurations of target systems. ★ Enables cross-functional collaboration within IT. ★ Enables reuse of service configurations across departments and organizations.Wednesday, December 15, 2010
    • Puppet: a framework for configuration managementWednesday, December 15, 2010
    • Declarative Configuration LanguageWednesday, December 15, 2010
    • A Language for Collaboration: DevOps Today: 99% of IT Silo’d Managed With Puppet Team OS Team App Team Config Team Sec SOX LAMP RAILS Puppet = dev/ops/sec Config OS App Config Security OS App ConfigWednesday, December 15, 2010
    • Operating System SupportWednesday, December 15, 2010
    • Cross Platform ArchitectureWednesday, December 15, 2010
    • Advantages?Wednesday, December 15, 2010
    • Advantages? ★ Puppet enforced policies can be applied over and over again.Wednesday, December 15, 2010
    • Advantages? ★ Puppet enforced policies can be applied over and over again. ★ Policies can be expressed as the desired state (not how to get there).Wednesday, December 15, 2010
    • Advantages? ★ Puppet enforced policies can be applied over and over again. ★ Policies can be expressed as the desired state (not how to get there). ★ Puppet’s enforced policies can be context sensitive.Wednesday, December 15, 2010
    • Advantages? ★ Puppet enforced policies can be applied over and over again. ★ Policies can be expressed as the desired state (not how to get there). ★ Puppet’s enforced policies can be context sensitive. ★ Puppet provides a log history over the lifecycle of a system.Wednesday, December 15, 2010
    • Advantages? ★ Puppet enforced policies can be applied over and over again. ★ Policies can be expressed as the desired state (not how to get there). ★ Puppet’s enforced policies can be context sensitive. ★ Puppet provides a log history over the lifecycle of a system. ★ Operates at cloud scale.Wednesday, December 15, 2010
    • With Puppet, auditing and remediation is a single automated configuration task.Wednesday, December 15, 2010
    • DemoWednesday, December 15, 2010
    • Puppet and SCAPWednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only.Wednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only. ★ Remediation tools are Windows only.Wednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only. ★ Remediation tools are Windows only. ★ Puppet provides auditing and remediation in a single step.Wednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only. ★ Remediation tools are Windows only. ★ Puppet provides auditing and remediation in a single step. ★ Puppet is being used for configuration and security management across government agencies.Wednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only. ★ Remediation tools are Windows only. ★ Puppet provides auditing and remediation in a single step. ★ Puppet is being used for configuration and security management across government agencies. ★ Puppet currently support AIX, HP-UX, LINUX, Mac OS X.Wednesday, December 15, 2010
    • Puppet and SCAP ★ Current SCAP tools are auditing only. ★ Remediation tools are Windows only. ★ Puppet provides auditing and remediation in a single step. ★ Puppet is being used for configuration and security management across government agencies. ★ Puppet currently support AIX, HP-UX, LINUX, Mac OS X. ★ Broadly adopted outside of GOV.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVLWednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource. ★ Puppet is well suited and widely deployed for configuration management, security compliance is a subset of overall configuration management.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource. ★ Puppet is well suited and widely deployed for configuration management, security compliance is a subset of overall configuration management. ★ Puppet Language is machine parse-able and the compiled catalog of resources cleanly represents the desired state of each resource on a system.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource. ★ Puppet is well suited and widely deployed for configuration management, security compliance is a subset of overall configuration management. ★ Puppet Language is machine parse-able and the compiled catalog of resources cleanly represents the desired state of each resource on a system. ★ Each resource is audited for state and the result of that audit is logged as an event.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource. ★ Puppet is well suited and widely deployed for configuration management, security compliance is a subset of overall configuration management. ★ Puppet Language is machine parse-able and the compiled catalog of resources cleanly represents the desired state of each resource on a system. ★ Each resource is audited for state and the result of that audit is logged as an event. ★ High level Puppet language is machine readable.Wednesday, December 15, 2010
    • Puppet and OVAL/ORVL ★ Puppet provides a high level auditing and configuration management language. ★ Each managed element is represented as an abstract resource. ★ Puppet is well suited and widely deployed for configuration management, security compliance is a subset of overall configuration management. ★ Puppet Language is machine parse-able and the compiled catalog of resources cleanly represents the desired state of each resource on a system. ★ Each resource is audited for state and the result of that audit is logged as an event. ★ High level Puppet language is machine readable. ★ Puppet managed resources can be generated from external datasources.Wednesday, December 15, 2010
    • Who is using this approach?Wednesday, December 15, 2010
    • Who is using this approach? ★ Los Alamos National LaboratoriesWednesday, December 15, 2010
    • Who is using this approach? ★ Los Alamos National Laboratories ★ SPAWAR (STIG compliance)Wednesday, December 15, 2010
    • Who is using this approach? ★ Los Alamos National Laboratories ★ SPAWAR (STIG compliance) ★ Lockheed MartinWednesday, December 15, 2010
    • Who is using this approach? ★ Los Alamos National Laboratories ★ SPAWAR (STIG compliance) ★ Lockheed Martin ★ Northrup GrummanWednesday, December 15, 2010
    • Who is using this approach? ★ Los Alamos National Laboratories ★ SPAWAR (STIG compliance) ★ Lockheed Martin ★ Northrup Grumman ★ SecState (An SCAP audit and remediation tool.)Wednesday, December 15, 2010
    • What is next?Wednesday, December 15, 2010
    • Puppet as a constraint language.Wednesday, December 15, 2010
    • Post Catalog ProcessingWednesday, December 15, 2010
    • Device ManagementWednesday, December 15, 2010
    • Zero Day Automated FixesWednesday, December 15, 2010
    • Supported Compliance Modules in the Puppet ForgeWednesday, December 15, 2010
    • Links ★ https://fedorahosted.org/secstate/ ★ http://scap.nist.gov/specifications/xccdf/ ★ https://svn.forge.mil/svn/repos/slim/slim/docs/ ★ https://svn.forge.mil/svn/repos/slim/slim/base/dev/rhel5/rpm/ trunk/channels/x86_64/puppet/ ★ http://oval.mitre.org/adoption/supporters.html ★ http://www.puppetlabs.com/blog/los-alamos-national-laborator- publishes-puppet-white-paper-for-mac-os-x-configuration- management ★ http://github.com/jamtur01/puppet-hardening ★ http://docs.puppetlabs.com/guides/introduction.htmlWednesday, December 15, 2010
    • Questions?Wednesday, December 15, 2010
    • Puppet Labs is hiring! jobs@puppetlabs.com twitter: @brainfinger email: teyo@puppetlabs.comWednesday, December 15, 2010