Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Tests for Security Groups, Shifted Left

Rosemary Wang
October 20, 2021
Technology
1
150

Security Tests for Security Groups, Shifted Left

Originally presented at Cisco DevNet Create, October 2021.

How can you shift security testing left to prevent an insecure network policy from being pushed to production? In this talk, I’ll show how you can security test network policies in a Cisco ACI configuration managed by Consul-Terraform-Sync - before you apply the changes to live infrastructure!

Rosemary Wang

October 20, 2021
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Can You Test Your Infrastructure as Code?
joatmon08
1
11
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
12
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
9
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
13
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
24
Building a Developer Platform? Ask these questions.
joatmon08
0
10
From Cloud-Hosted to Cloud-Native
joatmon08
0
41
Refactoring Applications for Dynamic Secrets
joatmon08
1
29
Catching Commits to Secure Infrastructure as Code
joatmon08
1
39

Other Decks in Technology

See All in Technology
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
340
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
Databricks におけるデータエンジニアリング
databricksjapan
0
380
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.6k
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
600
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
340
Databricksを活用してDELISH KITCHENのレシピレコメンドを開発した話
furu8
0
250
Janus
bkuhlmann
1
490
転移学習とドメイン適応の基礎
kmatsui
2
570
NgRx Signal Store
rainerhahnekamp
0
120
Microsoft Cloudで 開発ライフサイクルを保護する
kkamegawa
0
140

Featured

See All Featured
Producing Creativity
orderedlist
PRO
336
39k
How to Ace a Technical Interview
jacobian
272
22k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
The Brand Is Dead. Long Live the Brand.
mthomps
48
28k
Building Adaptive Systems
keathley
30
1.8k
Code Reviewing Like a Champion
maltzj
513
39k
Building Applications with DynamoDB
mza
88
5.6k
Design by the Numbers
sachag
274
18k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
Facilitating Awesome Meetings
lara
41
5.6k
Optimizing for Happiness
mojombo
370
69k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k

Transcript

  1. Security Tests for Security Groups Shifted Left Developer Advocate, HashiCorp

    @joatmon08 Rosemary Wang

  2. Rosemary Wang Developer Advocate, HashiCorp Infrastructure Engineer Writer, Essential Infrastructure

    as Code joatmon08.github.io

  3. The application isn’t working!

  4. Is there an endpoint security group (ESG) in Cisco ACI

    that allows traffic?

  5. Oops, I forgot to add it!

  6. How do you automatically synchronize IP addresses from a service

    catalog to an ESG?

  7. Criteria • Must have secure by default configuration – Disable

    “Flood in Encapsulation” – Enforce preferred policy control – Set QoS priority class • Must be fully automated

  8. Solution Security testing for ESG as code Example: • ESG

    module for Terraform • pytest Automatically sync services from catalog to Cisco ACI Example: • Service catalog in Consul • Automation with Consul- Terraform-Sync
  9. None

  10. github.com/joatmon08/terraform- aci-esg-nia

  11. None