Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Making Security Approachable for Developers and Operators

Armon Dadgar
October 12, 2018
Technology
0
140

Making Security Approachable for Developers and Operators

Security is a complex topic filled with jargon and subtle nuances. The "weakest link" challenge in security means we must be concerned with every threat vector and apply best practices universally. This becomes challenging when we need to bring developers and operators into the fold, since our infrastructure and applications are critical to the our security posture. Instead of expecting everybody to become an expert in security, we need to make security more approachable for these audiences. In this talk, we discuss how to apply best practices and make them accessible to developers and operators through APIs, secure by default platforms, and policy as code.

Armon Dadgar

October 12, 2018
Tweet

More Decks by Armon Dadgar

See All by Armon Dadgar
Navigating the Many Definitions of Multi-Cloud
armon
0
640
Leaving the Ivory Tower: Research in the Real World
armon
9
1.5k
Consul: Service Mesh for Microservices
armon
0
340
What, Why, and How of Zero-Trust Networking
armon
1
660
Terraform and Sentinel
armon
0
320
Policy as Code: Intro to Sentinel
armon
2
250
Brave New World: Infrastructure Automation
armon
2
580
What's new in Terraform 0.10 - HUG
armon
0
600
Nomad Overview and 0.6 New Features
armon
7
1.2k

Other Decks in Technology

See All in Technology
何故、UseCaseは1メソッドなのか
okuzawats
2
380
競プロ作問を支える技術
tsutaj
0
250
新リリース:microCMSテンプレート
microcms
1
780
LLMの普及による機械学習の民主化とMLPdMの重要性 / democratization-of-ml-and-importance-of-mlpdm-by-llm
yuya4
2
2.8k
少しずつでも出来るようになりたいもの、なに? / What do you want to be able to do step by step?
banjun
PRO
1
210
今後の開発規模拡大、QA人材を爆速で立ち上げる
ymty
1
1.3k
モノリスからの脱却に向けた 物流システムリプレイスの概要紹介 / Towards Decentralized Logistics System Replacement from Monolithic Structure
yumayabe
0
340
2023.06.01_LangChain/Llamaindex/Whisperを使ったアプリケーション開発のまとめと展望
pharma_x_tech
0
680
dx_osarai_about_connection
hatahata021
0
320
Semantic Kernel を使って ChatGPT Plugins をアプリに組み込んでみよう
okazuki
0
140
Blueskyちゃん作った話
kojira
0
100
応用から学ぶ強化学習
nearme_tech
0
200

Featured

See All Featured
Six Lessons from altMBA
skipperchong
16
2.5k
Writing Fast Ruby
sferik
613
58k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
9
780
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Building Your Own Lightsaber
phodgson
96
5k
Building Effective Engineering Teams - LeadDev
addyosmani
5
600
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
Happy Clients
brianwarren
90
6k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
Designing for Performance
lara
601
65k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k

Transcript

  1. Making Security Approachable for
    Developers and Operators

    View Slide

  2. Armon Dadgar
    Co-Founder and CTO, HashiCorp
    @armon

    View Slide

  3. PROVISION, SECURE AND RUN ANY INFRASTRUCTURE
    Nomad Consul
    Vault
    Vagrant Packer Terraform
    Consul Enterprise
    Terraform Enterprise
    Vault Enterprise
    PRODUCT SUITE
    OSS TOOL SUITE
    RUN
    Applications
    SECURE
    Application Infrastructure
    PROVISION
    Infrastructure
    FOR INDIVIDUALS FOR TEAMS
    Nomad Enterprise

    View Slide

  4. Goal:
    Make Security Approachable

    View Slide

  5. Developer
    “Security is approachable! I don’t think about it!”
    Narrator: We want to make security approachable for our developers…

    View Slide

  6. Security Mindset
    Start with Security Model
    Simplifying Assumptions
    Transparent to developers

    View Slide

  7. View Slide

  8. Castle & Moat Security
    Network Perimeter Based
    Traffic over ingress/egress filtered
    Network middleware heavy
    Firewalls, WAFs, SIEMs, etc.

    View Slide

  9. Castle & Moat Mentality
    Outside is adversarial and low trust
    Inside is vetted and high trust
    Network provides confidentiality and integrity

    View Slide

  10. Division of Labor
    Security Teams
    Network Teams
    Operation Teams
    Developer Teams

    View Slide

  11. Security Teams
    Responsible for Policies and Rules
    Firewall rules govern traffic flows
    IP-based, millions of rules

    View Slide

  12. Network Teams
    Responsible for network topology
    Must constrain traffic through middleware
    Zone A Zone B

    View Slide

  13. Operations Teams
    Responsible for infrastructure and application
    deployment
    Must deploy to correct zone

    View Slide

  14. Developer Teams
    Responsible for application development
    Security imposed at the network layer

    View Slide

  15. What’s wrong?

    View Slide

  16. Castle & Moat Model
    Simplifying abstraction, not perfect
    Make assumptions, which allow us to omit concerns

    View Slide

  17. Consider: Insiders
    Assumption: Insiders (employees, contractors, etc) are
    all trustworthy and have good intent.
    Real World: Insiders are not universally trustworthy,
    and a major source of breaches and data exfiltration.
    Insiders also subject fo phishing, malware, social
    engineering, etc.

    View Slide

  18. Consider: Network Integrity
    Assumption: Network Perimeter is effective and lets
    us assert an external low trust and internal high trust.
    Real World: Perimeter is porous. Workstations and
    mobile devices are connected via VPNs and corporate
    fabrics. Software bugs lead to remote code execution
    or attackers on box.

    View Slide

  19. Castle & Moat in Practice
    Real world does not match our assumptions
    Assumptions were good enough for a while
    Larger, more complex networks today
    All-or-nothing vs defense-in-depth

    View Slide

  20. Alternate Security Models

    View Slide

  21. Zero Trust Model
    Perimeter is 80% effective, not 100%
    Do not trust the private network (or insiders)
    Breaks our assumptions and approach
    Demands more of applications

    View Slide

  22. Secret Management
    Secrets are sprawled everywhere in plaintext
    Limited AuthN, AuthZ, and Audit of access
    Zero Trust requires better hygiene
    Centralized, Encrypted, Tightly Controlled
    Applications need secrets!

    View Slide

  23. Data Protection
    Sensitive data written in plaintext to storage
    Databases might use Transparent Disk Encrypt (TDE)
    Protects against stealing a disk drive
    Does not protect “SELECT * FROM CUSTOMERS”

    View Slide

  24. Data Protection
    Encrypt Data
    Store Encrypt Data
    Key Management
    Crypto APIs
    Databases
    Data Warehouse
    Application

    View Slide

  25. Data Protection
    Two factor compromise required
    Keys cannot be exported or exfiltrated
    Requires decryption to be done online
    Strictly better than Transparent Disk Encryption

    View Slide

  26. Traffic AuthN / AuthZ
    Applications assumed network integrity / confidentiality
    Not safe in Zero Trust model
    Need caller identity (AuthN)
    Need explicit caller authorization (AuthZ)
    Applications network traffic must be encrypted for
    confidentiality

    View Slide

  27. Application Concerns
    Existing Concerns
    SQL Injection
    XSS
    User Passwords
    Session Management
    Access Controls

    View Slide

  28. Application Concerns
    Existing Concerns
    SQL Injection
    XSS
    User Passwords
    Session Management
    Access Controls
    New Concerns
    Secret Management
    Data Protection
    AuthN / AuthZ of RPCs
    Traffic Encryption

    View Slide

  29. Complexity of Security
    Security is a deep and broad domain
    Not very accessible to beginners
    Language makes heavy use of jargon

    View Slide

  30. Java 7: Cipher Class Documentation:

    View Slide

  31. Java Documentation
    What is a block cipher?
    What is padding and why does it matter?
    What is AEAD / Authenticated Encryption with Associated
    Data?
    What are modes? GCM, CBC, CCM, ECB?
    What is an IV? How is it related to a nonce?

    View Slide

  32. Approachable Security

    View Slide

  33. Path Forward
    Not reasonable to make developers security experts
    Externalization of concerns
    Specialization of labor
    Practitioner Education

    View Slide

  34. Splitting the Problems
    Platform Layer
    Application Middleware
    Frameworks
    Application Logic
    Broad Reach
    Limited Reach

    View Slide

  35. Platform Layer
    Platforms like K8S, Nomad, etc
    Lowest layer, and broadest reach
    Secret management
    AuthN / AuthZ of service traffic

    View Slide

  36. Platform Layer
    Platform Layer
    Application
    Traffic Proxy
    Secrets
    Isolated Namespace
    Plaintext

    Traffic
    Plaintext

    Secrets
    Fetch Secrets
    Authenticated

    Authorized
    Encrypted
    Traffic
    (Mutual TLS)

    View Slide

  37. Application Middleware
    Tools like HashiCorp Vault, Auth0, AWS KMS
    Services with APIs
    Key Management, Crypto APIs, User Passwords,
    Data Protection

    View Slide

  38. Vault for Cryptographic Offload
    “Transit” backend, key management / crypto API
    Define a named key
    API for high level operations (encrypt, decrypt, random
    bytes, etc)
    Simple REST call
    No knowledge of AES, GCM, IVs, etc. needed

    View Slide

  39. Frameworks
    Opinionated Frameworks (Rails, Django, etc)
    Guard against common application logic issues
    XSS, SQL Injection, Session Management, Access
    Controls

    View Slide

  40. Application Logic
    Always vulnerable to logic bugs
    Avoid re-inventing the wheel when possible
    Consume APIs (middleware) and Libraries
    (frameworks)
    Safe languages to many classes of issues

    View Slide

  41. Division of Labor
    Security Teams
    Network Teams
    Operation Teams
    Developer Teams

    View Slide

  42. Security Teams
    Responsible for Policies and Rules
    Logical Service Rules (not Firewall Rules)
    “Web Server to Database” not “IP1 to IP2”
    Thousands vs Millions of Rules

    View Slide

  43. Network Teams
    Responsible for network topology
    Traffic not constrained through middleware
    Applications not assuming networking integrity

    View Slide

  44. Operations Teams
    Responsible for infrastructure and application
    deployment
    Provide facilities for secret management, data
    protection, traffic filtering on endpoints

    View Slide

  45. Developer Teams
    Responsible for application development
    Leverage frameworks, security middleware, and
    platform features
    Understand the threat model
    Concerns externalized but not transparent

    View Slide

  46. Practitioner Education
    Specialization of labor
    T-Shaped Specialists
    Security language needs to be accessible

    View Slide

  47. Teaching Security
    Motivate the problems.
    Mandate: Encrypt your data
    Prompt: Consider if an attacker can reach the
    database
    Simple explanations
    Descriptive power vs precision

    View Slide

  48. Conclusion

    View Slide

  49. Traditional Security
    Castle & Moat / Perimeter Based
    Based on simplifying assumptions that are wrong
    Allowed developers to ignore many security concerns

    View Slide

  50. Zero Trust
    Zero Trust acknowledges perimeter is 80% effective
    Network does not provide integrity or confidentiality
    Requires secret management, data protection, service
    segmentation

    View Slide

  51. Growing Application Concerns
    Developers already have many concerns (XSS, SQL
    Inject, etc)
    Lack of network trust adds even more to their plate
    Impractical to assume deep security expertise

    View Slide

  52. Involving and Scaling Developers
    Security Aware / T-Shaped Practitioners
    Zero Trust embedded into the Platform
    Externalize to Frameworks, Services, and Platforms
    Specialization of Labor
    Practitioner-oriented education

    View Slide

  53. Thanks!
    Twitter: @armon
    https://hashicorp.com

    View Slide