SlideShare a Scribd company logo

Melbourne Chef Meetup: Automating Azure Compliance with InSpec

Matt Ray
Matt Ray

June 26, 2017 presentation. With the move to infrastructure as code and continuous integration/continuous delivery pipelines, it looked like releases would become more frequent and less problematic. Then the auditors showed up and made everyone stop what they were doing. How could this have been prevented? What if the audits were part of the process instead of a roadblock? What sort of visibility do we have into the state of our Azure infrastructure compliance? This talk will provide an overview of Chef's open-source InSpec project (https://inspec.io) and how you can build "Compliance as Code" into your Azure-based infrastructure.

Technology
1 of 63
Download to read offline
Automating Azure Compliance with InSpec Chef Melbourne June 26, 2017
Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
Chef Workflow
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
C o m p l i a n c e
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Security != Compliance
Secure Compliant
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
Open Source Community •InSpec •https://inspec.io •Chef Audit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io •#inspec in
Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify New Workflow
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
INSPEC DEMO
InSpec Azure •https://github.com/chef/inspec-azure •Uses Azure Ruby SDK •~/.azure/credentials •http://seththoenen.com/cloud-inspec/getting-started-azure
InSpec Azure azure_resource_group azure_virtual_machine azure_virtual_machine_datadisks
azure_resource_group control 'azure-1' do impact 1.0 title 'Checks that there is only one storage account in the resource group' describe azure_resource_group(name: 'MyResourceGroup').where { type == 'Microsoft.Storage/storageAccounts' }.entries do its('count') { should eq 1 } end end
azure_virtual_machine control 'azure-1' do impact 1.0 title 'Make sure Ubuntu Servers are built from an Ubuntu template' describe azure_virtual_machine(name: '[YOUR VM NAME]', resource_group: '[YOUR RESOURCE GROUP]') do its('sku') { should eq '16.04.0-LTS' } its('publisher') { should eq 'Canonical' } its('offer') { should eq 'UbuntuServer' } end end
Melbourne Chef Meetup: Automating Azure Compliance with InSpec

Recommended

Machine learning services with SQL Server 2017
Machine learning services with SQL Server 2017Machine learning services with SQL Server 2017
Machine learning services with SQL Server 2017
Mark Tabladillo
 
Extending Windows Admin Center to manage your applications and infrastructure...
Extending Windows Admin Center to manage your applications and infrastructure...Extending Windows Admin Center to manage your applications and infrastructure...
Extending Windows Admin Center to manage your applications and infrastructure...
Microsoft Tech Community
 
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Leighton Nelson
 
Bootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxBootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on Linux
Maximiliano Accotto
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop SecurityDataWorks Summit
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Travis Wright
 
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
 
Apache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army KnifeApache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army Knife
DataWorks Summit
 

Recommended

Machine learning services with SQL Server 2017
Machine learning services with SQL Server 2017Machine learning services with SQL Server 2017
Machine learning services with SQL Server 2017
Mark Tabladillo
 
Extending Windows Admin Center to manage your applications and infrastructure...
Extending Windows Admin Center to manage your applications and infrastructure...Extending Windows Admin Center to manage your applications and infrastructure...
Extending Windows Admin Center to manage your applications and infrastructure...
Microsoft Tech Community
 
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
Leighton Nelson
 
Bootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxBootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on Linux
Maximiliano Accotto
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop SecurityDataWorks Summit
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Travis Wright
 
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
 
Apache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army KnifeApache Knox - Hadoop Security Swiss Army Knife
Apache Knox - Hadoop Security Swiss Army Knife
DataWorks Summit
 
Breaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over HadoopBreaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over Hadoop
DataWorks Summit
 
Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption
Cloudera, Inc.
 
Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
Maria Colgan
 
Pass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft ProfessionalPass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft Professional
Kellyn Pot'Vin-Gorman
 
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructureSecuring oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
vasuballa
 
Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!
Maaz Anjum
 
PASS Summit 2020
PASS Summit 2020PASS Summit 2020
PASS Summit 2020
Kellyn Pot'Vin-Gorman
 
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
{code} by Dell EMC
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
Rommel Garcia
 
Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools
jones4u
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
 
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemManaging enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
 
Nl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenchesNl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenches
Bolke de Bruin
 
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Principled Technologies
 
Hdp security overview
Hdp security overview Hdp security overview
Hdp security overview
Hortonworks
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayDataWorks Summit
 
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the EnterpriseDeploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Big-Data-as-a-Service (BDaaS) Meetup
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Ranger
trihug
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Shivaji Dutta
 
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 editionHadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Steve Loughran
 
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Matt Ray
 
Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 

More Related Content

What's hot

Breaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over HadoopBreaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over Hadoop
DataWorks Summit
 
Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption
Cloudera, Inc.
 
Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
Maria Colgan
 
Pass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft ProfessionalPass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft Professional
Kellyn Pot'Vin-Gorman
 
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructureSecuring oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
vasuballa
 
Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!
Maaz Anjum
 
PASS Summit 2020
PASS Summit 2020PASS Summit 2020
PASS Summit 2020
Kellyn Pot'Vin-Gorman
 
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
{code} by Dell EMC
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
Rommel Garcia
 
Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools
jones4u
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
 
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemManaging enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
 
Nl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenchesNl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenches
Bolke de Bruin
 
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Principled Technologies
 
Hdp security overview
Hdp security overview Hdp security overview
Hdp security overview
Hortonworks
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayDataWorks Summit
 
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the EnterpriseDeploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Big-Data-as-a-Service (BDaaS) Meetup
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Ranger
trihug
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Shivaji Dutta
 
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 editionHadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Steve Loughran
 

What's hot (20)

Breaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over HadoopBreaching the 100TB Mark with SQL Over Hadoop
Breaching the 100TB Mark with SQL Over Hadoop
 
Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption Overview of HDFS Transparent Encryption
Overview of HDFS Transparent Encryption
 
Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
 
Pass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft ProfessionalPass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft Professional
 
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructureSecuring oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
 
Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!Database Provisioning in EM12c: Provision me a Database Now!
Database Provisioning in EM12c: Provision me a Database Now!
 
PASS Summit 2020
PASS Summit 2020PASS Summit 2020
PASS Summit 2020
 
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
 
Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools Mysql Enterprise Edition Feature and Tools
Mysql Enterprise Edition Feature and Tools
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security Architecture
 
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemManaging enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
 
Nl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenchesNl HUG 2016 Feb Hadoop security from the trenches
Nl HUG 2016 Feb Hadoop security from the trenches
 
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
Keep remote desktop power users productive with Dell EMC PowerEdge R840 serve...
 
Hdp security overview
Hdp security overview Hdp security overview
Hdp security overview
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
 
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the EnterpriseDeploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Ranger
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
 
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 editionHadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
Hadoop and Kerberos: the Madness Beyond the Gate: January 2016 edition
 

Similar to Melbourne Chef Meetup: Automating Azure Compliance with InSpec

Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Matt Ray
 
Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
Matt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
AgileNZ Conference
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017
Matt Ray
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Alert Logic
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
Matt Ray
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
devopsdaysaustin
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
NETWAYS
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
Mandi Walls
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
NETWAYS
 
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure SecurityUsing Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
Mandi Walls
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
Prescriptive System Security with InSpec
Prescriptive System Security with InSpecPrescriptive System Security with InSpec
Prescriptive System Security with InSpec
All Things Open
 
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
 

Similar to Melbourne Chef Meetup: Automating Azure Compliance with InSpec (20)

Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
 
Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure SecurityUsing Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Prescriptive System Security with InSpec
Prescriptive System Security with InSpecPrescriptive System Security with InSpec
Prescriptive System Security with InSpec
 
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
 

More from Matt Ray

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Matt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
Matt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
Matt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
Matt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Matt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
Matt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Matt Ray
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
Matt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
Matt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
Matt Ray
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
Matt Ray
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
Matt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
Matt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
Matt Ray
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
Matt Ray
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
Matt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
Matt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Matt Ray
 

More from Matt Ray (20)

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
 

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Melbourne Chef Meetup: Automating Azure Compliance with InSpec

  • 1. Automating Azure Compliance with InSpec Chef Melbourne June 26, 2017
  • 2. Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
  • 3.
  • 5.
  • 6.
  • 7. SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 8. How will I verify this?
  • 9. Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 10. Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 11. More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 18.
  • 19. Two-thirds of organizations did not adequately test the security of all in-scope systems
  • 20. Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 21.
  • 22. Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 23. Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
  • 24. We Have A Communications Problem
  • 25.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 38. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
  • 39. Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 40. What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
  • 41. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
  • 42. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
  • 43. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
  • 44. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
  • 45. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
  • 47. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
  • 49. InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 50. Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
  • 51. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms
  • 52. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
  • 53. Open Source Community •InSpec •https://inspec.io •Chef Audit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io •#inspec in
  • 54. Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify New Workflow
  • 55. CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 56. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 57.
  • 59. InSpec Azure •https://github.com/chef/inspec-azure •Uses Azure Ruby SDK •~/.azure/credentials •http://seththoenen.com/cloud-inspec/getting-started-azure
  • 61. azure_resource_group control 'azure-1' do impact 1.0 title 'Checks that there is only one storage account in the resource group' describe azure_resource_group(name: 'MyResourceGroup').where { type == 'Microsoft.Storage/storageAccounts' }.entries do its('count') { should eq 1 } end end
  • 62. azure_virtual_machine control 'azure-1' do impact 1.0 title 'Make sure Ubuntu Servers are built from an Ubuntu template' describe azure_virtual_machine(name: '[YOUR VM NAME]', resource_group: '[YOUR RESOURCE GROUP]') do its('sku') { should eq '16.04.0-LTS' } its('publisher') { should eq 'Canonical' } its('offer') { should eq 'UbuntuServer' } end end