SlideShare a Scribd company logo
Automated Security
Hardening with
OpenStack-Ansible
Major Hayden
major.hayden@rackspace.com
@majorhayden
2
Major Hayden
Principal Architect
since 2006
since 2012
since 2011
3
Agenda
• Security tug-of-war
• Meeting halfway
• Get involved!
4
We can all agree on one thing:
information security is
insanely difficult
5
We want just enough security
to create valuable outcomes
for our customers
6
We avoid security changes that
increase drag and friction
within our organizations
7Photo credit: Bruce Guenter (Flickr)
If the auditors aren’t happy,
nobody is happy.
8
How do we make valuable security
changes without disruption (and
keep the auditors happy)?
9Photo credit: Jaime Walker (jw1697, Flickr)
Make security automatic
(And yes, I know that makes it sound easy.)
10
When the going gets tough,
the tough adopt standards
(This isn’t a famous quote. I just made it up for these slides.)
11
Information security tip:
People should feel like
security is something
they are a part of;
not something that is
being done to them.
(I learned this lesson the hard way.)
12
Which sounds better?
Option #1
“As developers, you don’t know how
to secure systems properly. We will tell you
what to do and you must have it done in three months.
If you don’t, we can’t take credit cards.”
13
Which sounds better?
Option #2
“Since you use Ansible, we wrote some automation that
fits into your existing deployment method and won’t
disrupt your production environments.
Can we work with you to test it this month?”
14
Automated security
for OpenStack must be:
Easy to implement
Simple to maintain
Non-disruptive to existing clouds
Effective against attacks
Open and transparent
15
PCI-DSS 3.1 Requirement 2.2:
“Develop configuration standards for all system
components. Assure that these standards address all
known security vulnerabilities and are consistent with
industry-accepted system hardening standards.”
16
Selecting the right standard
is challenging
Some are as
long as novels
Very few
directly apply
to Ubuntu
Some have
restrictive
licenses
17
Our selection:
Security Technical Implementation Guide (STIG)
from the Defense Information Systems Agency (DISA)
18
Active services
Authentication
Boot-time security
Consoles
File permissions/ownership
File integrity management
Kernel tuning
Mail
Package management
SSH daemon
Syscall Auditing
The STIG covers many
of the most critical
security domains
19
STIG(RHEL 6)
20
Ansible is a
software platform for
configuration management
and deployment
(among many other things)
21
OpenStack-Ansible deploys a
production-ready OpenStack system
using Ansible tasks and roles
22
OpenStack-Ansible has
a security hardening role
with two components:
Ansible Role
Applies automated
security hardening to
multiple systems
Documentation
With content
for deployers
as well as auditors
23
openstack-ansible-security
role features:
Applies 200+ security
configurations in 90 seconds
Highly configurable
Comes with a built-in auditing
mode for testing or for use with
compliance auditors
Carefully written to be non-
disruptive to existing
OpenStack clouds
24
Documentation
Configuration requirement from
the STIG
Link to the STIG viewer
Notes for deployers about
exceptions and additional
configurations
(auditors want to see these, too)
25
Documentation
References Ansible
variable configuration
options
Warnings and advice
26
Configuration
27
Configuration
Flip a boolean and redeploy
the entire role or use a tag to
only deploy certain parts.
28
How do I get it?
OpenStack-Ansible
deployers
Rackspace Private Cloud
customers
Anyone on Earth
Already available in OpenStack-Ansible’s Liberty,
Mitaka, and Newton releases!
Adjust apply_security_hardening to True and deploy!
Coming soon in Rackspace Private Cloud 12.2!
Speak with your account manager for more details.
Use it with your existing Ansible playbooks!
The role works well in OpenStack and non-
OpenStack environments (see the docs).
29Photo credit: fvanrenterghem (Flickr)
The road ahead:
Support for Ubuntu 16.04 and
CentOS 7
Rebase using the new
STIG guidelines for RHEL 7
Improved reporting and metrics
Identify configuration security
issues within OpenStack services
30
Design Summit:
Join the
OpenStack-Ansible developers
this Thursday/Friday in Austin!
IRC:
#openstack-ansible
Mailing list:
openstack-dev (tag with [openstack-
ansible][security])
Want to get involved?
Found a bug?
Have a new idea?
31
Links:
Documentation: http://docs.openstack.org/developer/openstack-ansible-
security/
Source code:
https://github.com/openstack/openstack-ansible-security
Automated Security Hardening with OpenStack-Ansible
Thank you!
Major Hayden
major.hayden@rackspace.com
@majorhayden

More Related Content

What's hot

Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
marketingsyone
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
OW2
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes
Aqua Security
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV
OPNFV
 
Security threats with Kubernetes - Igor Khoroshchenko
 Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
Kuberton
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
Abderrahmane TEKFI
 
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Elasticsearch
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Tokyo meetup 20160224
Tokyo meetup 20160224Tokyo meetup 20160224
Tokyo meetup 20160224
Takao Setaka
 
Automate threat detections and avoid false positives
  Automate threat detections and avoid false positives  Automate threat detections and avoid false positives
Automate threat detections and avoid false positives
Elasticsearch
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop
Cisco Canada
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final project
BrianCooper73
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
Xavier Mertens
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Elasticsearch
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifs
Elasticsearch
 
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Madhu Akula
 

What's hot (20)

Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19Oscar Cabanillas - Elastic - OSL19
Oscar Cabanillas - Elastic - OSL19
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV
 
Security threats with Kubernetes - Igor Khoroshchenko
 Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
 
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Tokyo meetup 20160224
Tokyo meetup 20160224Tokyo meetup 20160224
Tokyo meetup 20160224
 
Automate threat detections and avoid false positives
  Automate threat detections and avoid false positives  Automate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final project
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifs
 
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
 

Viewers also liked

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Major Hayden
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)
Major Hayden
 
Xps 13 developer edition - slide share presentation-02.20.13
Xps 13 developer edition  - slide share presentation-02.20.13Xps 13 developer edition  - slide share presentation-02.20.13
Xps 13 developer edition - slide share presentation-02.20.13
Barton George
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
Major Hayden
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
bcoca
 
Sharepoint, Liferay & Co.: Social Business Integration in der Praxis
Sharepoint, Liferay & Co.: Social Business Integration in der PraxisSharepoint, Liferay & Co.: Social Business Integration in der Praxis
Sharepoint, Liferay & Co.: Social Business Integration in der Praxis
inovex GmbH
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
bcoca
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
bcoca
 
Benchmark slideshow
Benchmark slideshowBenchmark slideshow
Benchmark slideshow
Siddharth Kothari
 
Ansible & Vagrant
Ansible & VagrantAnsible & Vagrant
Ansible & Vagrant
Mukul Malhotra
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-Ansible
Major Hayden
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vault
Pascal Stauffer
 
Ansible for Enterprise
Ansible for EnterpriseAnsible for Enterprise
Ansible for Enterprise
Ansible
 
[세미나] Vagrant 이지원
[세미나] Vagrant 이지원[세미나] Vagrant 이지원
[세미나] Vagrant 이지원
지원 이
 
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
승엽 신
 
Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화
AWSKRUG - AWS한국사용자모임
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Mukul Malhotra
 

Viewers also liked (20)

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)
 
Xps 13 developer edition - slide share presentation-02.20.13
Xps 13 developer edition  - slide share presentation-02.20.13Xps 13 developer edition  - slide share presentation-02.20.13
Xps 13 developer edition - slide share presentation-02.20.13
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
 
Sharepoint, Liferay & Co.: Social Business Integration in der Praxis
Sharepoint, Liferay & Co.: Social Business Integration in der PraxisSharepoint, Liferay & Co.: Social Business Integration in der Praxis
Sharepoint, Liferay & Co.: Social Business Integration in der Praxis
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Benchmark slideshow
Benchmark slideshowBenchmark slideshow
Benchmark slideshow
 
Ansible & Vagrant
Ansible & VagrantAnsible & Vagrant
Ansible & Vagrant
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-Ansible
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vault
 
Ansible for Enterprise
Ansible for EnterpriseAnsible for Enterprise
Ansible for Enterprise
 
[세미나] Vagrant 이지원
[세미나] Vagrant 이지원[세미나] Vagrant 이지원
[세미나] Vagrant 이지원
 
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
 
Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 

Similar to Automated Security Hardening with OpenStack-Ansible

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
Yusuf Hadiwinata Sutandar
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
John Kinsella
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
Frances Coronel
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
Major Hayden
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
Marcel Winandy
 
AWS Well-Architected Framework (nov 2017)
AWS Well-Architected Framework (nov 2017)AWS Well-Architected Framework (nov 2017)
AWS Well-Architected Framework (nov 2017)
Rick Hwang
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
LabSharegroup
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
Aaron Rinehart
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
Adrian Sanabria
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)
Ian Sommerville
 
Agile security
Agile securityAgile security
Agile security
Arthur Donkers
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 
openSUSE Conference 2022: An overview over SUSE Product Security
openSUSE Conference 2022: An overview over SUSE Product SecurityopenSUSE Conference 2022: An overview over SUSE Product Security
openSUSE Conference 2022: An overview over SUSE Product Security
Marcus Meissner
 
Deepfence.pdf
Deepfence.pdfDeepfence.pdf
Deepfence.pdf
Vishwas N
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc   cosac - 201...Enumerating software security design flaws throughout the ssdlc   cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 

Similar to Automated Security Hardening with OpenStack-Ansible (20)

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
 
What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?What Happened to Mathematically Provable Security?
What Happened to Mathematically Provable Security?
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
AWS Well-Architected Framework (nov 2017)
AWS Well-Architected Framework (nov 2017)AWS Well-Architected Framework (nov 2017)
AWS Well-Architected Framework (nov 2017)
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)
 
Agile security
Agile securityAgile security
Agile security
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
 
openSUSE Conference 2022: An overview over SUSE Product Security
openSUSE Conference 2022: An overview over SUSE Product SecurityopenSUSE Conference 2022: An overview over SUSE Product Security
openSUSE Conference 2022: An overview over SUSE Product Security
 
Deepfence.pdf
Deepfence.pdfDeepfence.pdf
Deepfence.pdf
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc   cosac - 201...Enumerating software security design flaws throughout the ssdlc   cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 

More from Major Hayden

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel Integration
Major Hayden
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talk
Major Hayden
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developers
Major Hayden
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Major Hayden
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an Impostor
Major Hayden
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and Ansible
Major Hayden
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San Antonio
Major Hayden
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical Talk
Major Hayden
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
Major Hayden
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
Major Hayden
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data Security
Major Hayden
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24
Major Hayden
 

More from Major Hayden (12)

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel Integration
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talk
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developers
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an Impostor
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and Ansible
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San Antonio
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical Talk
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data Security
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24
 

Recently uploaded

AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
karim wahed
 
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTIONBITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
ssuser2b426d1
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
akshesh doshi
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
VishrutGoyani1
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
ThousandEyes
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS Construction ERP Software
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
sachin chaurasia
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
aslasdfmkhan4750
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
miso_uam
 
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
Hironori Washizaki
 
WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
Severalnines
 
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptxAddressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Sparity1
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
karim wahed
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
DNUG e.V.
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
sudsdeep
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
karim wahed
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
karim wahed
 
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Softwares
 
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
josephinedrea942
 

Recently uploaded (20)

AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
 
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTIONBITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
BITCOIN HEIST RANSOMEWARE ATTACK PREDICTION
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
 
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
 
WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
 
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptxAddressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Course Introducti...
 
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
 
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
 

Automated Security Hardening with OpenStack-Ansible