puppet camp charlotte 2015: introduction to simp: an open source infrastructure for flexible policy...
TRANSCRIPT
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Disclaimer
The presentation that you are about to see is not,in any way, representative of, or endorsed by,the National Security Agency orthe Government of the United States of America.
As stated in their press release, the NSA,in releasing SIMP to the public,is attempting to reduce duplication of effort surrounding the general goals of the project.
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> About Me
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What Is SIMP?
SECURITY
DEVELOPMENT
OPERATIONS
SECURITY
ROGUE OPERATORS
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What Is SIMP?
SECURITY
DEVELOPMENT
OPERATIONS
SECURITY
ROGUE OPERATORS
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What is SIMP? >> How Does SIMP Work?
RegulationSpecs
OperationalNeeds
PuppetModules
Component Profiles
Profiles Roles
Hiera Data
Access Control Auditing Availability
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What is SIMP? >> Capabilities
LDAP
AIDE
Syslog
NFS
SNMP
RSync
SELinux SSH Audit
IPTables
Svckill Sudo
TPM
PKI
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Last Line of Defense
Repetitive Tasks
Mission Goals
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Rules and Regulations
NIST 800-53
SSG Profiles
FIPS 140-2
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Compliance Does Not Equal Security
COMPLIANCE
≠SECURITY
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> No Silver Bullets
Goals Workflow The Future The Community DemoDesign Tenants ?Background
Goals >> Flexible Compliance Over Time
SSG Profiles
- STIG- USGCB- C2S- CS2
- HIPPA- SOX- FISMA
Commercial
Hiera Data
GoalsBackground
Planned: Conformance
Goals Workflow The Future The Community DemoDesign Tenets ?Background
Design Tenets >> Environment Agnostic
EnvironmentAgnostic
ModuleIndependence
GlobalCatalysts
StartSecure
AcceptChange
Goals Design Tenets
Workflow The Future The Community Demo ?
Design Tenets >> Module Independence
EnvironmentAgnostic
ModuleIndependence
GlobalCatalysts
StartSecure
AcceptChange
Background Design TenetsGoals
Workflow The Future The Community Demo ?
Design Tenets >> Global Catalysts
EnvironmentAgnostic
ModuleIndependence
GlobalCatalysts
StartSecure
AcceptChange
Background Design TenetsGoals
Workflow The Future The Community Demo ?
Design Tenets >> Start Secure
EnvironmentAgnostic
ModuleIndependence
GlobalCatalysts
StartSecure
AcceptChange
SECU
RITY
OPERATIONS
Background Design TenetsGoals
Workflow The Future The Community Demo ?
Design Tenets >> Accept Change
EnvironmentAgnostic
ModuleIndependence
GlobalCatalysts
StartSecure
AcceptChange
Background Design TenetsGoals
Workflow The Future The Community DemoDesign Tenants ?
Workflow >> Fully Bootstrapped Infrastructure
DNS
Background Goals Design Tenants WorkflowDesign Tenants
Workflow The Future The Community DemoDesign Tenants ?
Workflow >> Environment Expansion
Background Goals Workflow
Workflow The Future The Community DemoDesign Tenants ?
The Future
Kerbero
s Support
Simplify
the B
uild Pro
cess
Auto-G
enera
te Va
grant B
ase B
oxes
Create
Amazon M
achine I
mages
Add Web
hooks to
our Build
Proce
ss
Integra
tion of Pulp an
d/or K
atello
Integra
tion of Vau
lt/Key
Whiz/
Etc...
Support
Late
st EL
K Stac
k
OpenSh
if In
tegra
tion
Impro
ve BIN
D and D
HCPD Su
pport
Background Goals WorkflowWorkflow The FutureWorkflow
Impro
ve D
ocumen
tation
Compliance
Reporting
Puppet 4
Incorp
orate P
uppet La
bs Apac
he Module
Merg
e 4.X an
d 5.X
Community M
odule Compati
bility
IPSec
- Brandon Klein <[email protected]>- Research - Computational and Automata Theory - FOSS-Based Self-Managing Systems- Providing SIMP AMIs
Oregon RegionSIMP 4.2.0 CentOS 6.6ami-81d4cfb1
- Brandon Klein <[email protected]>- Research - Computational and Automata Theory - FOSS-Based Self-Managing Systems- Providing SIMP AMIs
Workflow The Future The Community DemoDesign Tenants ?
The Community
Background Goals The Community
Workflow The Future The Community DemoDesign Tenants ?
The Community >> Join Us!
Join the Community!- Vagrant Boxes- Documentation - Module READMEs - Validation- Policy Validation- Acceptance Tests- FILE BUGS!
https://github.com/NationalSecurityAgency/SIMP
Background Goals The Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Setup
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Bootstrap
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Initial Build
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> DNS
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> DHCP
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> TFTP
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Client Keys
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> LDAP
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Demo >> Client >> Kickstart
Background Goals The Community DemoThe Community
Workflow The Future The Community DemoDesign Tenants ?
Q&A
?
Background Goals Demo ?