Security Tests for Security Groups, Shifted Left - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Security Tests for Security Groups Shifted Left Developer Advocate, HashiCorp @joatmon08 Rosemary Wang

Slide 2

Slide 2 text

Rosemary Wang Developer Advocate, HashiCorp Infrastructure Engineer Writer, Essential Infrastructure as Code joatmon08.github.io

Slide 3

Slide 3 text

The application isn’t working!

Slide 4

Slide 4 text

Is there an endpoint security group (ESG) in Cisco ACI that allows traffic?

Slide 5

Slide 5 text

Oops, I forgot to add it!

Slide 6

Slide 6 text

How do you automatically synchronize IP addresses from a service catalog to an ESG?

Slide 7

Slide 7 text

Criteria • Must have secure by default configuration – Disable “Flood in Encapsulation” – Enforce preferred policy control – Set QoS priority class • Must be fully automated

Slide 8

Slide 8 text

Solution Security testing for ESG as code Example: • ESG module for Terraform • pytest Automatically sync services from catalog to Cisco ACI Example: • Service catalog in Consul • Automation with Consul- Terraform-Sync

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

github.com/joatmon08/terraform- aci-esg-nia

Slide 11

Slide 11 text

No content