Webinar series: por Agustin Celano @ar_devsecops Martes 2020.07.14 19hs UTC-3

Acerca del Ponente • Baite C& S (baite.com.ar) • 10 años de experiencia en Ciberseguridad • Últimos 3 años enfocado en Security-as-Code • 5 años de experiencia dictando capacitaciones • Instructor Cisco • Instructor DevOps Institute • Cursos propios • DevOps Institute Ambassador & REP /agustincelano @agustincelano /celagus agustin.celano@baite.com.ar AGUSTIN CELANO CISSP | DSOE | DOL | PCAP | CCNP

• Proyecto creado con el objetivo de difundir contenido de interés para la comunidad DevSecOps • 100% comunitario y vendorless. No participa, ni financia, ni se recomienda algún vendor en particular. El mantenimiento es en base al esfuerzo de tod@s! • Contenido: • Información general • Noticias • Webinars • Tutoriales • Lecturas • Cursos • Certificaciones disponibles • Tools • Etc… Proyecto DSOC-Hub charlas@devsecops.ar Si crees en la información libre y queres crecer y hacer crecer a otros…

Tópicos • Introducción a Ansible • Fortalezas de Ansible • Arquitectura • Tower y AWX • Demo

¿Qué es Ansible? Originalmente pensada para Configuration Management Al día de hoy se ha convertido en una muy completa plataforma de automatización open source PROVISIONING CONF MGMT ORCHESTRATION COMPLIANCE- AS-CODE TASK AUTOMATION IAM AUTOMATON

YAML JINJA

No content

No content

IaC

No content

No content

No content

No content

Resultados ok → la tarea corrió y no se detectaron desvíos changed → la tarea corrió y se detectaron desvíos skipping → la tarea se excluyó debido a condicionales failed → la tarea no se ejecutó debido a errores Unreachable → el host no es alcanzable

Roles • Estructura que permite ordenar y portar tareas de Ansible con sus respectivos templates y variables para ser importadas en otros entornos. • Se pueden compartir y utilizar roles de terceros a través de Ansible Galaxy https://galaxy.ansible.com

No content

No content

¡Demo time!

Modo Adhoc Playbook Ejemplo de Instrucciones Simples Adhoc vs Playbook cmd$ ansible LINUX -m command -a “cat /etc/os-release” --- - hosts: LINUX tasks: - name: Ejecutar comando command: cat /etc/os-release register: OUT - name: Debug OUT debug: msg={{ OUT.stdout_lines }} cmd$ ansible-playbook command.yml

Logging NIST Cybersecurity Framework v1.1 ISO 27002:2013 CIS v7.1 PCI-DSS v3.2.1 SWIFT CSP 2020 Protective Technology (PR.PT): PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy Anomalies and Events (DE.AE): DE.AE-2: Detected events are analysed to understand attack targets and methods Logging and monitoring (12.4) 12.4.1: Event logging Control 6. Maintenance, Monitoring and Analysis of Audit Logs Subcontrol(s): 6.2, 6.5 Requirement 10: Track and monitor all access to network resources and cardholder data Applicable Subsection(s): 10.2, 10.6 6.4 Logging and Monitoring Record security events and detect anomalous actions and operations within the local SWIFT environment.

Patching NIST Cybersecurity Framework v1.1 ISO 27002:2013 CIS v7.1 PCI-DSS v3.2.1 SWIFT CSP 2020 Information Protection Processes and Procedures (PR.IP) PR.IP-12: A vulnerability management plan is developed and implemented RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organisation from internal and external sources (e.g. internal testing, security bulletins, or security researchers) Technical vulnerability management (12.6) 12.6.1: Management of technical vulnerabilities Control 3. Continuous Vulnerability Management Subcontrol(s): 3.4 Control 18. Application Software Security Subcontrol(s): 18.7 Requirement 6: Develop and maintain secure systems and applications Applicable Subsection(s): 6.2 2.2 Security Updates Minimize the occurrence of known technical vulnerabilities within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk.

Vulnerability Management NIST Cybersecurity Framework v1.1 ISO 27002:2013 CIS v7.1 PCI-DSS v3.2.1 SWIFT CSP 2020 Continuous Monitoring (DE.CM) DE.CM-8: Vulnerability scans are performed ID.RA-1: Asset vulnerabilities are identified and documented RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organisation from internal and external sources Technical vulnerability management 12.6.1: Management of technical vulnerabilities Control 3. Continuous Vulnerability Management Subcontrol(s): 3.1, 3.2 Requirement 11: Regularly test security systems and processes Applicable Subsection(s): 11.2 2.7. Vulnerability Scanning Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process.

Hardening & Baseline Management NIST Cybersecurity Framework v1.1 ISO 27002:2013 CIS v7.1 PCI-DSS v3.2.1 SWIFT CSP 2020 Information Protection Processes and Procedures (PR.IP) PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained Security requirements of information systems (14.1) 14.1.1: Information security requirements analysis and specification Control 5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Subcontrol(s): 5.1, 5.4, 5.5 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Applicable Subsection(s): 2.2, 2.5 2.3 System Hardening Reduce the cyber attack surface of SWIFT-related components by performing system hardening.

Identity & Access Management NIST Cybersecurity Framework v1.1 ISO 27002:2013 CIS v7.1 PCI-DSS v3.2.1 SWIFT CSP 2020 Access Control (PR.AC) PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties User access management (9.2) 9.2.3: Management of privileged access rights Control 16. Account Monitoring and Control Subcontrol(s): 16.7 Requirement 8: Identify and authenticate access to system components Applicable Subsection(s): 8.1, 8.5 1.2 Operating System Privileged Account Control Restrict and control the allocation and usage of administrator-level operating system accounts.

No content