• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Rugged DevOps: Bridging Security and DevOps
 

Rugged DevOps: Bridging Security and DevOps

on

  • 2,647 views

Rugged DevOps: Bridging Security and DevOps Communities and Practices. These are the slides for the ignite talk by the same name at DevOps Days Austin 2012.

Rugged DevOps: Bridging Security and DevOps Communities and Practices. These are the slides for the ignite talk by the same name at DevOps Days Austin 2012.

Statistics

Views

Total Views
2,647
Views on SlideShare
2,019
Embed Views
628

Actions

Likes
2
Downloads
13
Comments
0

4 Embeds 628

http://blog.ruggeddevops.org 618
https://www.linkedin.com 8
http://posterous.com 1
http://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Rugged DevOps: Bridging Security and DevOps Rugged DevOps: Bridging Security and DevOps Presentation Transcript

    • Rugged DevOpsBridging Security and DevOps
    • @wickettCloud Ops TeamLead, @NIGlobalCISSP, GWAPT,CCSK, GSEC,GCFWjames@wickett.meruggeddevops.org@LASCONATX
    • I recognize that my code will be attacked by talentedand persistent adversaries who threaten our physical,economic, and national security. I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.I am rugged, not because it is easy, but because it isnecessary... and I am up for the challenge.
    • Security vs. Rugged• Absence of • Verification of Events quality• Cost • Benefit• Negative • Positive• FUD • Known values• Toxic • Affirming
    • Rugged-ities • Maintainability • Availability • Survivability • Defensibility • Security • Longevity • Portability • Reliability
    • Ruggedization TheoryBuilding solutions to handleadversity will causeunintended, positive benefitsthat will provide value thatwould have been unrealizedotherwise.
    • "Secondly, our network got a lot stronger as a result of the LulzSec attacks." -Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012
    • Cloud Firewalls and DMZ (aka Security Groups)firewall firewall firewall Web Web Web DMZ x3 firewall firewall DMZ x2 Middle Tier Middle Tier firewall firewall DB LDAP DMZ x2
    • Rugged Benefits• Control and traffic whitelisting• Config management• Reproducible, automated and source controlled• No accidental data traversal across products or dev/test/prod tiers• Dev and Test identical to Prod tier
    • It’s not our problem anymore
    • source: Gene Kim, “When IT says No @SXSW 2012”
    • Security sees...• They give advice that goes unheeded• Business decisions made w/o regard of risk• Irrelevancy in the organization• Constant bearer of bad news• Feels ignored by their peers (you know, those devops guys)• Inequitable distribution of labor
    • RUGGED source: Jessica Allen, http://drbl.in/bgwy
    • Rugged DevOps• repeatable – no manual steps• reliable - no DoS here• reviewable – aka audit• rapid – fast to build, deploy, restore• resilient – automated reconfiguration• reduced - limited attack surface
    • #occupy_stage
    • If you want to build a ship, dontdrum up people together to collectwood and dont assign them tasksand work, but rather teach them tolong for the endless immensity ofthe sea- Antoine Jean-Baptiste Marie Roger de Saint Exupéry
    • The Philosophy of Rugged DevOps &Principles of BehaviorDriven Development
    • Introducing Gauntletgauntlet, n.an attack from all sides an always-attacking environment for developers with attacks written in easy-to-read language accessible to everyone involved in dev, ops, security, ...
    • Put your code through the Gauntlet custom attacks dirbuster metasploit sqlmap fuzzers nessus w3af nmap Your web app You
    • Join Us• #occupy_stage on Rugged DevOps• join the email list join.ruggeddevops.org• twitter: @ruggeddevops• Gauntlet? Ping me on twitter (@wickett)