Infrastructure as Code Towards Verifiable Infrastructure Security Abhisek Datta Head of Technology, Appsecco

Lets start with how attackers work An attacker wants to hack a target and for this, will perform a bunch of activities 1. Online Attack Surfaces 2. Breached Credentials 3. Known Vulnerable Software 4. (Easy to?) exploit security vulnerabilities 5. If nothing works • Invest skill and resources in 0days

What is the root cause? Inspite of so much investment in security, why does low hanging fruits still exist for an attacker to exploit?

How to be secure? By establishing TRUST

How does trust looks like? A DFD representing the Transaction Flow in a Online Banking Application Re-auth Anti- fraud Confirm with sender for high value transactions

The Challenge of Security at Scale This is the Amazon Microservices Graph The Challenge of Security at Scale is really – The SCALE

How do we solve this? (My Opinion) • By applying the principles of Secure Software Development Life-cycle while building Infrastructure • Requirement Analysis • Design • Versioning • Secure Development • Testing & Verification • Deployment • Rolling Update • Rollback (if required)

Infrastructure as Code

What is it? • The process of provisioning and managing infrastructure through machine readable code & configuration • It is an alternative approach compared to managing physical hardware and provisioning them with interactive setup and configuration tools

The Tooling with an Example 1. Setup 3 EC2 instances in AWS 2. Setup an EFS for shared state 3. Deploy containers 4. Collect output 5. Monitor for availability

Options for Adoption - Infrastructure IaaS Platform Tools Vendor GCP, AWS, Azure Terraform Hashicorp AWS Cloud Formations AWS Azure Azure Resource Manager Microsoft Google Cloud Deployment Manager Google

What can be done with it? • Codify infrastructure • Version control • Test & Verify • Bug Fix • Automated & Continuous Deployment

Verifiable Infrastructure What is it really?

Enterprise Security Requirements Can we agree, that the most important requirement is To not get breached?

How to be secure? By establishing TRUST

Secure Software Development Lifecycle Security Requirements Secure Architecture Secure Development Security Testing Exploit Mitigation Release Management

Mapping SSDLC to Infrastructure as Code SSDLC Secure Infrastructure Security Requirements Security Requirements Secure Architecture Secure Architecture Secure Development Infrastructure as Code Security Testing Static Analysis and Verification Exploit Mitigation Anomaly Detection and Prevention Release Management Release Management

An Example of Verifying Infrastructure A journey towards adopting infrastructure as code

A proposed network architecture

Codify the Infrastructure (Example uses AWS)

The Graph

The Threat Model

Now what? • Add security controls (mitigations) in architecture • Edit code to include the required resources and configuration • Push to repository • This triggers CI/CD • CI/CD runs test cases on code (if any) • CI/CD update the live infrastructure

Build Test Deploy Audit Update How does it all look like?

Questions? [email protected] That’s all for now.. J https://appsecco.com @abh1sek github.com/abhisek