O'Reilly Security - Continuous Auditing For Effective Compliance with Rudder

Jonathan CLARKE

Continuous auditingfor effective compliance

[email protected]@jooooooon42

Co-founder &Chief Product Officer @

mailto:[email protected]

Normation – CC-BY-SAnormation.com 2

It’s a continuous world

Continuous *



Integration Delivery

Improvement(agile, devops)

Continuous *



adjective1. without interruption2. progressive

Synonyms: sustained, round-the-clock, relentless

Continuous


Continuous everything

Continuous *

Normation – CC-BY-SAnormation.com


ContinuousGrowth

Continuous *



ContinuousGrowth

ContinuouslyConnected

Continuous *



ContinuousGrowth

ContinuousThreats


Continuous *



We need a continuous response

ContinuousGrowth

ContinuousThreats


Continuous *


Continuous auditingfor effective compliance


Security policies: what and how?

Industryregulations

Bestpractices

CorporateregulationsLaws

Rules come from different levels



Industryregulations

Bestpractices


Organisationalprocess

Technicaldirectives




Industryregulations

Bestpractices




Technicaldirectives

We can’t automatehumans!



Industryregulations

Bestpractices



Technicaldirectives




Examples of security technical directives

1. Auto logout after aperiod of inactivity





2. Password policy(strength, duration, ...)






3. No compilers onproduction servers







4. Warning message onserver remote access








5. Patch vulnerablesoftware package









GOAL

Harden access

Harden access

Avoid potentialexploits

Obey the law

Avoid knownexploits


Security policies: traditional lifecycle

Typical lifecycle of security policy

Policy Apply onnew servers

OKRegular audits(3-12 months)

REMEDIATION


Security policies: traditional lifecycle

Typical lifecycle of security policy

Policy Apply onnew servers

OKRegular audits(3-12 months)?

REMEDIATION

DRIFT


Introducing Rudder

Rudder: nounPiece used for steering a ship.

Used to correct heading when trajectory drifts off course.


Introducing Rudder

Define desired state

Target

Imperative Declarative Install package xvs

Package x should be installed

Restart service zvs

Service z should be running

Copy file template y.tplvs

File y should contain line abc=def


Introducing Rudder

Rudder’s lifecycle

Definedesired

stateDistribute to

agents

OK

NOK

Check statelocally

OS-SpecificImplementations

Report


Introducing Rudder

Rudder’s continuous lifecycle

Definedesired

stateDistribute to

agents

OK

NOK

Check statelocally


Report

REPEAT


Introducing Rudder

High-level overview


Introducing Rudder

Drill-down to each individual state

Compliant


Building blocks can be used to check anything







GOAL

Harden access

Harden access

Obey the law


Avoid knownexploits








5. Patch vulnerablesoftware packages

GOAL

Harden access

Harden access

Obey the law

IMPLEMENTATION

File/Registryedit

File/Registryedit

Packageremove

File/Registryedit

Packageinstall/update


Avoid knownexploits



Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/dillpixel/

https://www.flickr.com/photos/dillpixel/





GOAL

Harden access

IMPLEMENTATION

File/Registryedit


Avoid localexploits

Packageremove




GOAL IMPLEMENTATION


Building blocks in Rudder (aka generic methods)



Packageabsent

Packageabsent

Security directive #2

Fileenforce

Servicerunning


Packagepresent

Fileedit




Packageabsent

Packageabsent


Fileenforce

Servicerunning


Packagepresent

Fileedit


RULERULE

Corporate security policy Security best practices



Packageabsent

Packageabsent


Fileenforce

Servicerunning


Packagepresent

Fileedit


Corporate security policy Security best practices

RULERULE


From continuous auditing to continuous remediation

Continuous auditing

Continuous remediation



Rudder’s continuous lifecycle

Definedesired

stateDistribute to

agents

OK

NOK

Check statelocally


Report

REPEAT



Node by node Policy by policy



Rudder’s lifecycle with remediation

Definedesired

stateDistribute to

agents

OK

NOK

Check statelocally


Report

Remediate

REPEAT


RudderOpen source

Automation & Compliance

www.rudder-project.org@RudderProject

http://www.rudder-project.org/


A bit more about Rudder

CloudServers

Desktop Embedded/IoT

Mobile

Any scaleTypical deployments

100s-1000s of servers.Biggest known today is 7000.

2→

> 10 000

Multi-platformMetal, virtual, cloud, …

Multi-OSC agent on UNIX/Linux,

DSC on Windows

Platform support


A bit more about Rudder

APIAutomate new nodes, policy,

extract compliance

CLI / CodeCreate new configuration templates,

everyday management tasks

WebUse existing configuration

patterns, observe compliance

Separation of roles


Summary

Continuous IT

Continuous auditing

Continuous remediation


Summary

Fire & Forget

Worry about next thing

Continuous improvement

Thanks for listening!Any questions?

This presentation is shared under a FLOSS licence, CC-BY-SA,and available on http://www.slideshare.net/normation/.

Jonathan [email protected]

@jooooooon42Co-founder &

Chief Product Officer @

http://www.slideshare.net/normation/

mailto:[email protected]

O'Reilly Security - Continuous Auditing For Effective Compliance with Rudder

Software

Transcript of O'Reilly Security - Continuous Auditing For Effective Compliance with Rudder