Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Tests for Security Groups, Shifted Left

Rosemary Wang
October 20, 2021
Technology
1
160

Security Tests for Security Groups, Shifted Left

Originally presented at Cisco DevNet Create, October 2021.

How can you shift security testing left to prevent an insecure network policy from being pushed to production? In this talk, I’ll show how you can security test network policies in a Cisco ACI configuration managed by Consul-Terraform-Sync - before you apply the changes to live infrastructure!

Rosemary Wang

October 20, 2021
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Secure Day 2 operations with Boundary and Vault
joatmon08
0
15
Can You Test Your Infrastructure as Code?
joatmon08
1
51
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
21
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
26
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
31
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
40
Building a Developer Platform? Ask these questions.
joatmon08
0
27
From Cloud-Hosted to Cloud-Native
joatmon08
0
53
Refactoring Applications for Dynamic Secrets
joatmon08
1
37

Other Decks in Technology

See All in Technology
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
TypeScript、上達の瞬間
sadnessojisan
46
13k
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
複雑なState管理からの脱却
sansantech
PRO
1
130
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
強いチームと開発生産性
onk
PRO
33
11k
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
660
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
460
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430

Featured

See All Featured
Teambox: Starting and Learning
jrom
133
8.8k
Statistics for Hackers
jakevdp
796
220k
Automating Front-end Workflow
addyosmani
1366
200k
Music & Morning Musume
bryan
46
6.2k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Scaling GitHub
holman
458
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Unsuck your backbone
ammeep
668
57k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k

Transcript

  1. Security Tests for Security Groups Shifted Left Developer Advocate, HashiCorp

    @joatmon08 Rosemary Wang

  2. Rosemary Wang Developer Advocate, HashiCorp Infrastructure Engineer Writer, Essential Infrastructure

    as Code joatmon08.github.io

  3. The application isn’t working!

  4. Is there an endpoint security group (ESG) in Cisco ACI

    that allows traffic?

  5. Oops, I forgot to add it!

  6. How do you automatically synchronize IP addresses from a service

    catalog to an ESG?

  7. Criteria • Must have secure by default configuration – Disable

    “Flood in Encapsulation” – Enforce preferred policy control – Set QoS priority class • Must be fully automated

  8. Solution Security testing for ESG as code Example: • ESG

    module for Terraform • pytest Automatically sync services from catalog to Cisco ACI Example: • Service catalog in Consul • Automation with Consul- Terraform-Sync
  9. None

  10. github.com/joatmon08/terraform- aci-esg-nia

  11. None