SlideShare a Scribd company logo

Automating Network Firewall Rule Creation using Powershell and CI/CD

Download as PPTX, PDF
Nills Franssens
Nills Franssens

Presentation for SANS Cloud Security Summit. Topic: Network security automation Managing firewall rules is a complex task. During this talk, we'll discuss one way to automate the creation and management of those firewall rules using PowerShell and a continuous integration and deployment (CI/CD) pipeline. The basis of the presentation is an actual customer implementation of this end-to-end process. We will discuss the requirements for the solution and how this solution was developed and has grown from proof of concept to production. Although the implementation is Azure-specific, the talk will be abstracted to showcase the feasibility of this approach across multiple clouds. Demos presented during the talk will showcase the PowerShell script and then the end-to-end workflow using Azure DevOps.

Technology
1 of 13
Runner Belgian in the US Cloud Solution Architect @ Microsoft • Infrastructure • Networking • Open Source
DDoS protection Identity management Network security Application security Encryption
All major cloud providers offer a native L3/L4 firewall capability (Security Group) A set of network security rules to allow/deny network traffic into/out of instances • ~Like ACLs • Instance tagging – security groups • Stateful • An object Differences • AWS has 2 implementations: security groups and network ACL (stateless) • Azure allows IP-based and security group based rules mixed • Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level
Organic cloud adoption  structured cloud adoption Security review Micro- segmentation Catalyst: new customer- facing application coming live
Human error. What if we needed to do it all over again? What if this needs to repeated for a second region? We only had half a day to do this right.
We needed to decide Highly parallel Single API call Source code
Automation in step 1 in a DevOps Lifecycle. DevOps is the union of people, process, and products to enable continuous delivery of value to your end users. “ ” Build & Test Continuous Delivery Deploy Operate Monitor & Learn Plan & Track Develop
Read CSV input unsorted Creates per- subnet rules- hashtable Generates per-subnet IaC artifact Validates IaC artifact
Implemented 500 firewall rules in half a day Flexible way to adapt firewall rules afterwards Security review built-in to process Standard format for developers to request firewall changes Happy customer
https://github.com/NillsF/NSG-CSV-to-ARM

Recommended

ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
TuynNguyn819213
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
ssuserc3d7ec1
 
Writing User Stories for an Amazon Alexa app
Writing User Stories for an Amazon Alexa appWriting User Stories for an Amazon Alexa app
Writing User Stories for an Amazon Alexa app
Todd Kovalsky
 
SQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securitySQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web security
Moutasm Tamimi
 
Oracle architecture ppt
Oracle architecture pptOracle architecture ppt
Oracle architecture ppt
Deepak Shetty
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
Malware Analysis
Malware Analysis Malware Analysis
Malware Analysis
MichaelRodriguesdosS1
 

Recommended

ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
ASVS 5.0 – The rise of the Security Verification Standard - AppSec Global San...
TuynNguyn819213
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
ssuserc3d7ec1
 
Writing User Stories for an Amazon Alexa app
Writing User Stories for an Amazon Alexa appWriting User Stories for an Amazon Alexa app
Writing User Stories for an Amazon Alexa app
Todd Kovalsky
 
SQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securitySQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web security
Moutasm Tamimi
 
Oracle architecture ppt
Oracle architecture pptOracle architecture ppt
Oracle architecture ppt
Deepak Shetty
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
Malware Analysis
Malware Analysis Malware Analysis
Malware Analysis
MichaelRodriguesdosS1
 
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
Edureka!
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
Vignesh Ganesan I Microsoft MVP
 
Logging with log4j v1.2
Logging with log4j v1.2Logging with log4j v1.2
Logging with log4j v1.2
Kamal Mettananda
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]
Olivier Dony
 
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Prathamesh Joshi
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
solarisyougood
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Nelson Calero
 
Memory management in oracle
Memory management in oracleMemory management in oracle
Memory management in oracleDavin Abraham
 
Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2
Otto Paiz
 
NCC assingment l4dc ddoocp
NCC assingment l4dc ddoocpNCC assingment l4dc ddoocp
NCC assingment l4dc ddoocp
David Parker
 
HCI Principles for Mobile Devices
HCI Principles for Mobile DevicesHCI Principles for Mobile Devices
HCI Principles for Mobile Devices
cesani
 
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
vasuballa
 
Database migration
Database migrationDatabase migration
Database migrationOpris Monica
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
Camilo Fandiño Gómez
 
10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible
Lukas Eder
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
Ammar Hasayen
 
Less14 br concepts
Less14 br conceptsLess14 br concepts
Less14 br concepts
Amit Bhalla
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Heuristic methods used in sqlmap
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
Miroslav Stampar
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
aspyker
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 

More Related Content

What's hot

MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
Edureka!
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
Vignesh Ganesan I Microsoft MVP
 
Logging with log4j v1.2
Logging with log4j v1.2Logging with log4j v1.2
Logging with log4j v1.2
Kamal Mettananda
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]
Olivier Dony
 
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Prathamesh Joshi
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
solarisyougood
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Nelson Calero
 
Memory management in oracle
Memory management in oracleMemory management in oracle
Memory management in oracleDavin Abraham
 
Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2
Otto Paiz
 
NCC assingment l4dc ddoocp
NCC assingment l4dc ddoocpNCC assingment l4dc ddoocp
NCC assingment l4dc ddoocp
David Parker
 
HCI Principles for Mobile Devices
HCI Principles for Mobile DevicesHCI Principles for Mobile Devices
HCI Principles for Mobile Devices
cesani
 
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
vasuballa
 
Database migration
Database migrationDatabase migration
Database migrationOpris Monica
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
Camilo Fandiño Gómez
 
10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible
Lukas Eder
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
Ammar Hasayen
 
Less14 br concepts
Less14 br conceptsLess14 br concepts
Less14 br concepts
Amit Bhalla
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Heuristic methods used in sqlmap
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
Miroslav Stampar
 

What's hot (20)

MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
MySQL Tutorial For Beginners | Relational Database Management System | MySQL ...
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
 
Logging with log4j v1.2
Logging with log4j v1.2Logging with log4j v1.2
Logging with log4j v1.2
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]
 
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012Deploying customizations across microsoft dynamics ax 2012 environments ax2012
Deploying customizations across microsoft dynamics ax 2012 environments ax2012
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
Presentation upgrade, migrate & consolidate to oracle database 12c &amp...
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
 
Memory management in oracle
Memory management in oracleMemory management in oracle
Memory management in oracle
 
Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2Oracle database 12c sql worshop 2 student guide vol 2
Oracle database 12c sql worshop 2 student guide vol 2
 
NCC assingment l4dc ddoocp
NCC assingment l4dc ddoocpNCC assingment l4dc ddoocp
NCC assingment l4dc ddoocp
 
HCI Principles for Mobile Devices
HCI Principles for Mobile DevicesHCI Principles for Mobile Devices
HCI Principles for Mobile Devices
 
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2OOW15 - technical upgrade best practices for oracle e-business suite 12.2
OOW15 - technical upgrade best practices for oracle e-business suite 12.2
 
Database migration
Database migrationDatabase migration
Database migration
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible10 SQL Tricks that You Didn't Think Were Possible
10 SQL Tricks that You Didn't Think Were Possible
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
 
Less14 br concepts
Less14 br conceptsLess14 br concepts
Less14 br concepts
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Heuristic methods used in sqlmap
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
 

Similar to Automating Network Firewall Rule Creation using Powershell and CI/CD

Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
aspyker
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
Amazon Web Services
 
Microservices with Azure Service Fabric
Microservices with Azure Service FabricMicroservices with Azure Service Fabric
Microservices with Azure Service Fabric
Davide Benvegnù
 
How to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresHow to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructures
Pasquale Puzio
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
Mikkel Mørk Hegnhøj
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
HansFarroCastillo1
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
OpenStack Korea Community
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
Shikha Srivastava
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
JasonOstrom1
 

Similar to Automating Network Firewall Rule Creation using Powershell and CI/CD (20)

Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Microservices with Azure Service Fabric
Microservices with Azure Service FabricMicroservices with Azure Service Fabric
Microservices with Azure Service Fabric
 
How to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructuresHow to detect side channel attacks in cloud infrastructures
How to detect side channel attacks in cloud infrastructures
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
 

More from Nills Franssens

Gentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetesGentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetes
Nills Franssens
 
Automation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governanceAutomation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governance
Nills Franssens
 
Containers and Kubernetes
Containers and KubernetesContainers and Kubernetes
Containers and Kubernetes
Nills Franssens
 
Nodeless and serverless kubernetes
Nodeless and serverless kubernetesNodeless and serverless kubernetes
Nodeless and serverless kubernetes
Nills Franssens
 
Bay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update sessionBay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update session
Nills Franssens
 
Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.
Nills Franssens
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivity
Nills Franssens
 
My most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenchesMy most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenches
Nills Franssens
 

More from Nills Franssens (8)

Gentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetesGentle introduction to containers and kubernetes
Gentle introduction to containers and kubernetes
 
Automation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governanceAutomation - Azure training day Cloud security and governance
Automation - Azure training day Cloud security and governance
 
Containers and Kubernetes
Containers and KubernetesContainers and Kubernetes
Containers and Kubernetes
 
Nodeless and serverless kubernetes
Nodeless and serverless kubernetesNodeless and serverless kubernetes
Nodeless and serverless kubernetes
 
Bay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update sessionBay Area Azure Meetup - Ignite update session
Bay Area Azure Meetup - Ignite update session
 
Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivity
 
My most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenchesMy most complex ARM template - Story from the trenches
My most complex ARM template - Story from the trenches
 

Recently uploaded

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

Automating Network Firewall Rule Creation using Powershell and CI/CD

  • 1.
  • 2. Runner Belgian in the US Cloud Solution Architect @ Microsoft • Infrastructure • Networking • Open Source
  • 4. All major cloud providers offer a native L3/L4 firewall capability (Security Group) A set of network security rules to allow/deny network traffic into/out of instances • ~Like ACLs • Instance tagging – security groups • Stateful • An object Differences • AWS has 2 implementations: security groups and network ACL (stateless) • Azure allows IP-based and security group based rules mixed • Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level
  • 5. Organic cloud adoption  structured cloud adoption Security review Micro- segmentation Catalyst: new customer- facing application coming live
  • 6. Human error. What if we needed to do it all over again? What if this needs to repeated for a second region? We only had half a day to do this right.
  • 7. We needed to decide Highly parallel Single API call Source code
  • 8. Automation in step 1 in a DevOps Lifecycle. DevOps is the union of people, process, and products to enable continuous delivery of value to your end users. “ ” Build & Test Continuous Delivery Deploy Operate Monitor & Learn Plan & Track Develop
  • 9.
  • 10. Read CSV input unsorted Creates per- subnet rules- hashtable Generates per-subnet IaC artifact Validates IaC artifact
  • 11.
  • 12. Implemented 500 firewall rules in half a day Flexible way to adapt firewall rules afterwards Security review built-in to process Standard format for developers to request firewall changes Happy customer

Editor's Notes

  1. DevOps is the union of people, process and products to enable the continuous delivery of value to your end customers