Active Directory Penetration Testing, cionsystems.com.pdf
Puppet Camp Charlotte 2015: Introduction to SIMP: An Open Source Infrastructure for Flexible Policy Compliance
1.
2. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Disclaimer
The presentation that you are about to see is not,
in any way, representative of, or endorsed by,
the National Security Agency or
the Government of the United States of America.
As stated in their press release, the NSA,
in releasing SIMP to the public,
is attempting to reduce duplication of effort
surrounding the general goals of the project.
3. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> About Me
4. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What Is SIMP?
SECURITY
DEVELOPMENT
OPERATIONS
SECURITY
ROGUE OPERATORS
5. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What Is SIMP?
SECURITY
DEVELOPMENT
OPERATIONS
SECURITY
ROGUE OPERATORS
6. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What is SIMP? >> How Does SIMP Work?
Regulation
Specs
Operational
Needs
Puppet
Modules
Component
Profiles
Profiles Roles
Hiera Data
Access Control Auditing Availability
7. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> What is SIMP? >> Capabilities
LDAP
AIDE
Syslog
NFS
SNMP
RSync
SELinux SSH Audit
IPTables
Svckill Sudo
TPM
PKI
8. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Last Line of Defense
Repetitive Tasks
Mission Goals
9. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Rules and Regulations
NIST 800-53
SSG Profiles
FIPS 140-2
10. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> Compliance Does Not Equal Security
COMPLIANCE
≠
SECURITY
11. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Background >> No Silver Bullets
12. Goals Workflow The Future The Community DemoDesign Tenants ?Background
Goals >> Flexible Compliance Over Time
SSG Profiles
- STIG
- USGCB
- C2S
- CS2
- HIPPA
- SOX
- FISMA
Commercial
Hiera Data
GoalsBackground
Planned: Conformance
13. Goals Workflow The Future The Community DemoDesign Tenets ?Background
Design Tenets >> Environment Agnostic
Environment
Agnostic
Module
Independence
Global
Catalysts
Start
Secure
Accept
Change
Goals Design Tenets
14. Workflow The Future The Community Demo ?
Design Tenets >> Module Independence
Environment
Agnostic
Module
Independence
Global
Catalysts
Start
Secure
Accept
Change
Background Design TenetsGoals
15. Workflow The Future The Community Demo ?
Design Tenets >> Global Catalysts
Environment
Agnostic
Module
Independence
Global
Catalysts
Start
Secure
Accept
Change
Background Design TenetsGoals
16. Workflow The Future The Community Demo ?
Design Tenets >> Start Secure
Environment
Agnostic
Module
Independence
Global
Catalysts
Start
Secure
Accept
Change
SECURITY
OPERATIONS
Background Design TenetsGoals
17. Workflow The Future The Community Demo ?
Design Tenets >> Accept Change
Environment
Agnostic
Module
Independence
Global
Catalysts
Start
Secure
Accept
Change
Background Design TenetsGoals
18. Workflow The Future The Community DemoDesign Tenants ?
Workflow >> Fully Bootstrapped Infrastructure
DNS
Background Goals Design Tenants WorkflowDesign Tenants
19. Workflow The Future The Community DemoDesign Tenants ?
Workflow >> Environment Expansion
Background Goals Workflow
20. Workflow The Future The Community DemoDesign Tenants ?
The Future
KerberosSupport
Sim
plifytheBuild
Process
Auto-GenerateVagrantBaseBoxes
CreateAm
azon
M
achineIm
ages
Add
W
ebhooksto
ourBuild
Process
Integration
ofPulp
and/orKatello
Integration
ofVault/KeyW
hiz/Etc...
SupportLatestELK
Stack
OpenShif
Integration
Im
proveBIND
and
DHCPD
Support
Background Goals WorkflowWorkflow The FutureWorkflow
Im
proveDocum
entation
Com
plianceReporting
Puppet4IncorporatePuppetLabsApacheM
odule
M
erge4.X
and
5.X
Com
m
unityM
oduleCom
patibility
IPSec
21. - Brandon Klein
<btklein@sandia.gov>
- Research
- Computational and
Automata Theory
- FOSS-Based Self-Managing
Systems
- Providing SIMP AMIs
Oregon Region
SIMP 4.2.0 CentOS 6.6
ami-81d4cfb1
- Brandon Klein
<btklein@sandia.gov>
- Research
- Computational and
Automata Theory
- FOSS-Based Self-Managing
Systems
- Providing SIMP AMIs
Workflow The Future The Community DemoDesign Tenants ?
The Community
Background Goals The Community
22. Workflow The Future The Community DemoDesign Tenants ?
The Community >> Join Us!
Join the Community!
- Vagrant Boxes
- Documentation
- Module
READMEs
- Validation
- Policy
Validation
- Acceptance
Tests
- FILE BUGS!
https://github.com/NationalSecurityAgency/SIMP
Background Goals The Community
23. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Setup
Background Goals The Community DemoThe Community
24. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Bootstrap
Background Goals The Community DemoThe Community
25. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Initial Build
Background Goals The Community DemoThe Community
26. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> DNS
Background Goals The Community DemoThe Community
27. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> DHCP
Background Goals The Community DemoThe Community
28. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> TFTP
Background Goals The Community DemoThe Community
29. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> Client Keys
Background Goals The Community DemoThe Community
30. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Server >> LDAP
Background Goals The Community DemoThe Community
31. Workflow The Future The Community DemoDesign Tenants ?
Demo >> Client >> Kickstart
Background Goals The Community DemoThe Community
32. Workflow The Future The Community DemoDesign Tenants ?
Q&A
?
Background Goals Demo ?