Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future
-
Upload
pete-cheslock -
Category
Technology
-
view
1.044 -
download
2
Transcript of Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future
![Page 1: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/1.jpg)
Why We Can’t Have Nice Things A Tale of Woe, and Hope for the Future
Pete Cheslock
@petecheslock
![Page 2: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/2.jpg)
@petecheslock
![Page 3: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/3.jpg)
@petecheslock
Wal
l of C
onfu
sion
Dev Ops Sec
![Page 4: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/4.jpg)
@petecheslock
![Page 5: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/5.jpg)
@petecheslock
DevOps
Sec
@hijinksensue
![Page 6: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/6.jpg)
@petecheslock
![Page 7: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/7.jpg)
@petecheslock
![Page 8: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/8.jpg)
Pete CheslockNot an InfoSec
Twitters: @petecheslock
theshipshow.com
threatstack.com
![Page 9: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/9.jpg)
– President Josiah Bartlet
"The most costly disruptions always
happen when something we take
completely for granted stops working for a
minute."
![Page 10: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/10.jpg)
@petecheslock
![Page 11: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/11.jpg)
@petecheslock
![Page 12: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/12.jpg)
@petecheslock
![Page 13: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/13.jpg)
@petecheslock
![Page 14: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/14.jpg)
@petecheslock
![Page 15: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/15.jpg)
@petecheslock
![Page 16: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/16.jpg)
@petecheslock
![Page 17: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/17.jpg)
@petecheslock
![Page 18: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/18.jpg)
@petecheslock
![Page 19: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/19.jpg)
@petecheslock
It’s time that we recognize that all these new tools which are helping to enable our teams to work so well are also introducing new attack vectors.
![Page 20: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/20.jpg)
@petecheslock
risk = (threat) x (probability) x (business impact)
http://sysadvent.blogspot.com/2014/12/day-24-12-days-of-secdevops.html
- Jen Andre
![Page 21: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/21.jpg)
@petecheslock
What data are you sending?
What happens if that system is compromised?
![Page 22: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/22.jpg)
@petecheslock
WE TAKE SECURITY SERIOUSLY
http://blog.b3k.us/2012/01/24/some-rules.html
“These are not features: Security, Availability, Performance.”- Benjamin Black
![Page 23: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/23.jpg)
@petecheslock
![Page 24: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/24.jpg)
@petecheslock
![Page 25: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/25.jpg)
@petecheslock
![Page 26: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/26.jpg)
@petecheslock
https://github.com/codahale/sneakerhttps://vaultproject.iohttps://github.com/square/keywhizhttps://github.com/LuminalOSS/credstashhttps://github.com/oleiade/trousseau - Storing sensitive data
https://github.com/cloudflare/redoctober - High value secrets
https://github.com/jschauma/jass - really helpful tool for sharing of secrets using SSH keys.
![Page 27: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/27.jpg)
@petecheslock
![Page 28: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/28.jpg)
@petecheslock
![Page 29: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/29.jpg)
@petecheslock
Keep It Simple
Skip the ITIL IR Plan for now
![Page 30: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/30.jpg)
![Page 31: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/31.jpg)
@petecheslock
![Page 32: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/32.jpg)
@petecheslock
![Page 33: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/33.jpg)
@petecheslock
![Page 34: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/34.jpg)
@petecheslock
![Page 35: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/35.jpg)
@petecheslock
“FWIW, I have most of a sub-key implementation done, but that still won’t solve your problem, as it will be years before that implementation is widely deployed…”
![Page 36: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/36.jpg)
@petecheslock
Compile your Source Build a Package Sign the Package Test the Package
Deploy the Package
You can’t hate the curl bash and be OK deploying from Github
![Page 37: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/37.jpg)
@petecheslock
aptly deb-s3
freight/sync to s3 packagecloud.io
![Page 38: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/38.jpg)
@petecheslock
![Page 39: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/39.jpg)
@petecheslock
![Page 40: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/40.jpg)
@petecheslock
![Page 41: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/41.jpg)
@petecheslock
https://www.ssllabs.com/ssltest/
![Page 42: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/42.jpg)
@petecheslock
![Page 43: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/43.jpg)
@petecheslock
Safe Access to Production
![Page 44: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/44.jpg)
@petecheslock
– Mark Burgess
“Every time someone logs onto a system interactively, they compromise everyone's
knowledge of that system”
![Page 45: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/45.jpg)
@petecheslock
Trust, but Verify.
![Page 46: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/46.jpg)
@petecheslock
auditd + OSSEC
…and SELinux
http://stopdisablingselinux.com/
![Page 47: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/47.jpg)
@petecheslock
Controlled Access Protection Profilehttp://www.commoncriteriaportal.org/files/ppfiles/capp.pdf
Labeled Security Protection Profilehttp://www.commoncriteriaportal.org/files/ppfiles/lspp.pdf
National Industrial Security Program Operating Manual (NISPOM)http://www.fas.org/sgp/library/nispom.htm
Security Technical Implementation Guideshttp://iase.disa.mil/stigs/Pages/index.aspx
![Page 48: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/48.jpg)
![Page 49: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/49.jpg)
@petecheslock
![Page 50: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/50.jpg)
@petecheslock
![Page 51: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/51.jpg)
@petecheslock
Start Small
Identify High Risks
![Page 52: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/52.jpg)
@petecheslock
Security Culture is People
![Page 53: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/53.jpg)
@petecheslock
![Page 54: Why We Can't Have Nice Things, A Tale of Woe and a Hope For the Future](https://reader030.fdocuments.in/reader030/viewer/2022032422/55a931421a28ab40368b456d/html5/thumbnails/54.jpg)
@petecheslock