Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet Camp Charlotte 2015: Introduction to SIMP: An Open Source Infrastructure for Flexible Policy Compliance

2,382 views

Published on

Trevor Vaughan

Published in: Software
  • Be the first to comment

  • Be the first to like this

Puppet Camp Charlotte 2015: Introduction to SIMP: An Open Source Infrastructure for Flexible Policy Compliance

  1. 1. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> Disclaimer The presentation that you are about to see is not, in any way, representative of, or endorsed by, the National Security Agency or the Government of the United States of America. As stated in their press release, the NSA, in releasing SIMP to the public, is attempting to reduce duplication of effort surrounding the general goals of the project.
  2. 2. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> About Me
  3. 3. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> What Is SIMP? SECURITY DEVELOPMENT OPERATIONS SECURITY ROGUE OPERATORS
  4. 4. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> What Is SIMP? SECURITY DEVELOPMENT OPERATIONS SECURITY ROGUE OPERATORS
  5. 5. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> What is SIMP? >> How Does SIMP Work? Regulation Specs Operational Needs Puppet Modules Component Profiles Profiles Roles Hiera Data Access Control Auditing Availability
  6. 6. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> What is SIMP? >> Capabilities LDAP AIDE Syslog NFS SNMP RSync SELinux SSH Audit IPTables Svckill Sudo TPM PKI
  7. 7. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> Last Line of Defense Repetitive Tasks Mission Goals
  8. 8. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> Rules and Regulations NIST 800-53 SSG Profiles FIPS 140-2
  9. 9. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> Compliance Does Not Equal Security COMPLIANCE ≠ SECURITY
  10. 10. Goals Workflow The Future The Community DemoDesign Tenants ?Background Background >> No Silver Bullets
  11. 11. Goals Workflow The Future The Community DemoDesign Tenants ?Background Goals >> Flexible Compliance Over Time SSG Profiles - STIG - USGCB - C2S - CS2 - HIPPA - SOX - FISMA Commercial Hiera Data GoalsBackground Planned: Conformance
  12. 12. Goals Workflow The Future The Community DemoDesign Tenets ?Background Design Tenets >> Environment Agnostic Environment Agnostic Module Independence Global Catalysts Start Secure Accept Change Goals Design Tenets
  13. 13. Workflow The Future The Community Demo ? Design Tenets >> Module Independence Environment Agnostic Module Independence Global Catalysts Start Secure Accept Change Background Design TenetsGoals
  14. 14. Workflow The Future The Community Demo ? Design Tenets >> Global Catalysts Environment Agnostic Module Independence Global Catalysts Start Secure Accept Change Background Design TenetsGoals
  15. 15. Workflow The Future The Community Demo ? Design Tenets >> Start Secure Environment Agnostic Module Independence Global Catalysts Start Secure Accept Change SECURITY OPERATIONS Background Design TenetsGoals
  16. 16. Workflow The Future The Community Demo ? Design Tenets >> Accept Change Environment Agnostic Module Independence Global Catalysts Start Secure Accept Change Background Design TenetsGoals
  17. 17. Workflow The Future The Community DemoDesign Tenants ? Workflow >> Fully Bootstrapped Infrastructure DNS Background Goals Design Tenants WorkflowDesign Tenants
  18. 18. Workflow The Future The Community DemoDesign Tenants ? Workflow >> Environment Expansion Background Goals Workflow
  19. 19. Workflow The Future The Community DemoDesign Tenants ? The Future KerberosSupport Sim plifytheBuild Process Auto-GenerateVagrantBaseBoxes CreateAm azon M achineIm ages Add W ebhooksto ourBuild Process Integration ofPulp and/orKatello Integration ofVault/KeyW hiz/Etc... SupportLatestELK Stack OpenShif Integration Im proveBIND and DHCPD Support Background Goals WorkflowWorkflow The FutureWorkflow Im proveDocum entation Com plianceReporting Puppet4IncorporatePuppetLabsApacheM odule M erge4.X and 5.X Com m unityM oduleCom patibility IPSec
  20. 20. - Brandon Klein <btklein@sandia.gov> - Research - Computational and Automata Theory - FOSS-Based Self-Managing Systems - Providing SIMP AMIs Oregon Region SIMP 4.2.0 CentOS 6.6 ami-81d4cfb1 - Brandon Klein <btklein@sandia.gov> - Research - Computational and Automata Theory - FOSS-Based Self-Managing Systems - Providing SIMP AMIs Workflow The Future The Community DemoDesign Tenants ? The Community Background Goals The Community
  21. 21. Workflow The Future The Community DemoDesign Tenants ? The Community >> Join Us! Join the Community! - Vagrant Boxes - Documentation - Module READMEs - Validation - Policy Validation - Acceptance Tests - FILE BUGS! https://github.com/NationalSecurityAgency/SIMP Background Goals The Community
  22. 22. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> Setup Background Goals The Community DemoThe Community
  23. 23. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> Bootstrap Background Goals The Community DemoThe Community
  24. 24. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> Initial Build Background Goals The Community DemoThe Community
  25. 25. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> DNS Background Goals The Community DemoThe Community
  26. 26. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> DHCP Background Goals The Community DemoThe Community
  27. 27. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> TFTP Background Goals The Community DemoThe Community
  28. 28. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> Client Keys Background Goals The Community DemoThe Community
  29. 29. Workflow The Future The Community DemoDesign Tenants ? Demo >> Server >> LDAP Background Goals The Community DemoThe Community
  30. 30. Workflow The Future The Community DemoDesign Tenants ? Demo >> Client >> Kickstart Background Goals The Community DemoThe Community
  31. 31. Workflow The Future The Community DemoDesign Tenants ? Q&A ? Background Goals Demo ?

×