Kevin Gilpin, profile picture
Uploaded byKevin Gilpin
881 views

Zero trust server management - lightning

The document discusses zero-trust server management as an alternative to traditional server access management using Active Directory and VPN. Zero-trust involves dividing systems into sub-systems with least privilege access for all users, machines, and code. It also recommends using public key authentication and bastion hosts to create security zones for access to servers rather than relying on Active Directory in cloud environments.

Embed presentation

Downloaded 16 times
Zero-Trust Server Management Boston DevOps August 2014
Traditional server access management has been based on Active Directory and VPN / perimeter
Data center - “Chewy interior” Perimeter - “Crunchy exterior”
What do you do when your perimeter is taken away?
Service A Service B Service C Service D
Zero-Trust: No “root” privilege Division of systems into sub-systems Least privilege among all users, machines and code
Zero-Trust is the future of infrastructure management http://www.slideshare.net/mdkail/it-ops-2014-technology-roadmap
What’s the practical challenge to implement zero-trust auth for systems management?
Don’t try and use Active Directory in the cloud. It won’t work, for more reasons than I can list here.
Front-End Back-End ◁ Corporate, password authentication ◁ Second factor ◁ Location-independent ◁ Public key authentication ◁ No shared keys ◁ Integrated with security “zones” such as cloud accounts and security groups Identity hand-off
ssh Corporate Password Authority ssh Bastion Service A Service B ssh Public key and systems authz authority
Apply intelligent use of openssh and PAM ◁ Public keys available as a network service ◁ Granular authorization via PAM ◁ Automatic audit of login/logout events
Use Bastions to create security zones ◁ Dedicated admin bastion(s) for access to management services such as Chef/Puppet server, log server, Conjur ◁ General-purpose bastions for access to everything else ◁ Let the back-end authz system provide most of the access control
Zero-Trust Server Management Boston DevOps August 2014

More Related Content

PDF
Building A Self-Documenting Application: A Study in Chef and Compliance
byKevin Gilpin
 
PPT
Bio IT World 2015 - DevOps Security and Transparency
byKevin Gilpin
 
PPTX
SecDevOps 2.0 - Managing Your Robot Army
byconjur_inc
 
PPTX
Is DevOps Braking Your Company?
byconjur_inc
 
PPTX
The user s identities
byGiuliano Latini
 
PPTX
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
bycentralohioissa
 
PDF
BeyondCorp - Google Security for Everyone Else
byIvan Dwyer
 
PPTX
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
byAlert Logic
 
Building A Self-Documenting Application: A Study in Chef and Compliance
byKevin Gilpin
 
Bio IT World 2015 - DevOps Security and Transparency
byKevin Gilpin
 
SecDevOps 2.0 - Managing Your Robot Army
byconjur_inc
 
Is DevOps Braking Your Company?
byconjur_inc
 
The user s identities
byGiuliano Latini
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
bycentralohioissa
 
BeyondCorp - Google Security for Everyone Else
byIvan Dwyer
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
byAlert Logic
 

What's hot

PPTX
Security for cloud native workloads
byRuncy Oommen
 
PDF
BeyondCorp and Zero Trust
byIvan Dwyer
 
PPTX
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
bycentralohioissa
 
PDF
Microsegmentation from strategy to execution
byAlgoSec
 
PPTX
2018 11-19 improving business agility with security policy automation final
byAlgoSec
 
PPTX
How to Overcome Network Access Control Limitations for Better Network Security
byCryptzone
 
PDF
CSA SV Threat detection and prediction
byVishwas Manral
 
PDF
[OPD 2019] Governance as a missing part of IT security architecture
byOWASP
 
PPTX
CSA Presentation - Software Defined Perimeter
byVishwas Manral
 
PPTX
Technologies You Need to Safely Use the Cloud
byCloudPassage
 
PPTX
Jason Kent - AppSec Without Additional Tools
bycentralohioissa
 
PDF
Dev seccon london 2016 intelliment security
byDevSecCon
 
PDF
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
byDevOps.com
 
PDF
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
PPTX
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
PDF
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
PDF
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 
PDF
VMUGIT UC 2013 - 03b Trend Micro
byVMUG IT
 
PDF
BeyondCorp: Closing the Adherence Gap
byIvan Dwyer
 
PDF
Introducing a Security Feedback Loop to your CI Pipelines
byCodefresh
 
Security for cloud native workloads
byRuncy Oommen
 
BeyondCorp and Zero Trust
byIvan Dwyer
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
bycentralohioissa
 
Microsegmentation from strategy to execution
byAlgoSec
 
2018 11-19 improving business agility with security policy automation final
byAlgoSec
 
How to Overcome Network Access Control Limitations for Better Network Security
byCryptzone
 
CSA SV Threat detection and prediction
byVishwas Manral
 
[OPD 2019] Governance as a missing part of IT security architecture
byOWASP
 
CSA Presentation - Software Defined Perimeter
byVishwas Manral
 
Technologies You Need to Safely Use the Cloud
byCloudPassage
 
Jason Kent - AppSec Without Additional Tools
bycentralohioissa
 
Dev seccon london 2016 intelliment security
byDevSecCon
 
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
byDevOps.com
 
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 
VMUGIT UC 2013 - 03b Trend Micro
byVMUG IT
 
BeyondCorp: Closing the Adherence Gap
byIvan Dwyer
 
Introducing a Security Feedback Loop to your CI Pipelines
byCodefresh
 

Similar to Zero trust server management - lightning

PDF
How Zero Trust Changes Identity & Access
byIvan Dwyer
 
PDF
zero trust - how to build zero trust.pdf
byAliAlwesabi
 
PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PPTX
zerotrustmodelpresentation-200107094517.pptx
byniyazhasanov35
 
PDF
The 1st Step to Zero Trust: Asset Management for Cybersecurity
bynathan-axonius
 
PDF
Dave Lewis | Zero Trust & The Flaming Sword of Justice | Codemotion Madrid 2018
byCodemotion
 
PDF
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
PPTX
Zero Trust Model
byYash
 
PDF
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
byjvinay0898
 
PDF
How Zero Trust Makes the Mission Simple & Secure
byscoopnewsgroup
 
PPTX
Can't Touch This: Detecting Lateral Movement In Zero Touch Environments
byPhillip Marlow
 
PPTX
Zero_Trust_Architecture_25_Slides_MSCS.pptx
bycybhar91
 
PDF
Optimize Your Zero Trust Infrastructure
byPing Identity
 
PDF
A new Frontier in Cybersecurity - ZTNA.pdf
byBert Blevins
 
PPTX
Zero Trust Architecture Zero Trust ArchitectureZero Trust ArchitectureZero Tr...
byMohammadShamsuddin16
 
PDF
Moving to an endpoint centric zero trust security model
byAdamAzrylJohan
 
PPTX
What is Zero Trust
byOkta-Inc
 
PDF
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
bynull - The Open Security Community
 
PPTX
Understanding Zero Trust Security for IBM i
byPrecisely
 
PDF
Why Zero Trust Yields Maximum Security
byPriyanka Aash
 
How Zero Trust Changes Identity & Access
byIvan Dwyer
 
zero trust - how to build zero trust.pdf
byAliAlwesabi
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
zerotrustmodelpresentation-200107094517.pptx
byniyazhasanov35
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
bynathan-axonius
 
Dave Lewis | Zero Trust & The Flaming Sword of Justice | Codemotion Madrid 2018
byCodemotion
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
Zero Trust Model
byYash
 
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
byjvinay0898
 
How Zero Trust Makes the Mission Simple & Secure
byscoopnewsgroup
 
Can't Touch This: Detecting Lateral Movement In Zero Touch Environments
byPhillip Marlow
 
Zero_Trust_Architecture_25_Slides_MSCS.pptx
bycybhar91
 
Optimize Your Zero Trust Infrastructure
byPing Identity
 
A new Frontier in Cybersecurity - ZTNA.pdf
byBert Blevins
 
Zero Trust Architecture Zero Trust ArchitectureZero Trust ArchitectureZero Tr...
byMohammadShamsuddin16
 
Moving to an endpoint centric zero trust security model
byAdamAzrylJohan
 
What is Zero Trust
byOkta-Inc
 
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
bynull - The Open Security Community
 
Understanding Zero Trust Security for IBM i
byPrecisely
 
Why Zero Trust Yields Maximum Security
byPriyanka Aash
 

Recently uploaded

PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
apidays New York 2025 | AI in Application Security
byapidays
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
final.pdf
byomarbishtawi04
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 

Zero trust server management - lightning

  • 1.
    Zero-Trust Server Management Boston DevOps August 2014
  • 2.
    Traditional server accessmanagement has been based on Active Directory and VPN / perimeter
  • 3.
    Data center -“Chewy interior” Perimeter - “Crunchy exterior”
  • 4.
    What do youdo when your perimeter is taken away?
  • 5.
    Service A ServiceB Service C Service D
  • 6.
    Zero-Trust: No “root”privilege Division of systems into sub-systems Least privilege among all users, machines and code
  • 7.
    Zero-Trust is thefuture of infrastructure management http://www.slideshare.net/mdkail/it-ops-2014-technology-roadmap
  • 10.
    What’s the practicalchallenge to implement zero-trust auth for systems management?
  • 11.
    Don’t try anduse Active Directory in the cloud. It won’t work, for more reasons than I can list here.
  • 12.
    Front-End Back-End ◁Corporate, password authentication ◁ Second factor ◁ Location-independent ◁ Public key authentication ◁ No shared keys ◁ Integrated with security “zones” such as cloud accounts and security groups Identity hand-off
  • 13.
    ssh Corporate PasswordAuthority ssh Bastion Service A Service B ssh Public key and systems authz authority
  • 14.
    Apply intelligent useof openssh and PAM ◁ Public keys available as a network service ◁ Granular authorization via PAM ◁ Automatic audit of login/logout events
  • 15.
    Use Bastions tocreate security zones ◁ Dedicated admin bastion(s) for access to management services such as Chef/Puppet server, log server, Conjur ◁ General-purpose bastions for access to everything else ◁ Let the back-end authz system provide most of the access control
  • 16.
    Zero-Trust Server Management Boston DevOps August 2014