Automating Network Firewall Rule Creation using Powershell and CI/CD

•Als PPTX, PDF herunterladen•

1 gefällt mir•989 views

Presentation for SANS Cloud Security Summit. Topic: Network security automation Managing firewall rules is a complex task. During this talk, we'll discuss one way to automate the creation and management of those firewall rules using PowerShell and a continuous integration and deployment (CI/CD) pipeline. The basis of the presentation is an actual customer implementation of this end-to-end process. We will discuss the requirements for the solution and how this solution was developed and has grown from proof of concept to production. Although the implementation is Azure-specific, the talk will be abstracted to showcase the feasibility of this approach across multiple clouds. Demos presented during the talk will showcase the PowerShell script and then the end-to-end workflow using Azure DevOps.

Technologie

Runner
Belgian in the US
Cloud Solution Architect @ Microsoft
• Infrastructure
• Networking
• Open Source

DDoS
protection
Identity
management
Network
security
Application
security
Encryption

All major cloud providers offer a native L3/L4 firewall capability (Security Group)
A set of network security rules to allow/deny network traffic into/out of instances
• ~Like ACLs
• Instance tagging – security groups
• Stateful
• An object
Differences
• AWS has 2 implementations: security groups and network ACL (stateless)
• Azure allows IP-based and security group based rules mixed
• Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level

Organic cloud
adoption 
structured
cloud adoption
Security review
Micro-
segmentation
Catalyst: new
customer-
facing
application
coming live

Human error.
What if we needed to do it all
over again?
What if this needs to
repeated for a second
region?
We only had half a day to do
this right.

We needed to decide
Highly parallel
Single API call
Source code

Automation in step 1 in a DevOps Lifecycle.
DevOps is the union of people,
process, and products to
enable continuous delivery of
value to your end users.
“
”
Build
&
Test
Continuous
Delivery
Deploy
Operate
Monitor
&
Learn
Plan
&
Track
Develop

Read CSV
input
unsorted
Creates per-
subnet rules-
hashtable
Generates
per-subnet
IaC artifact
Validates IaC
artifact

Implemented 500 firewall rules in half a day
Flexible way to adapt firewall rules afterwards
Security review built-in to process
Standard format for developers to request firewall changes
Happy customer

https://github.com/NillsF/NSG-CSV-to-ARM

Weitere ähnliche Inhalte

Was ist angesagt?

Karpenter

Knoldus Inc.

네트워크 가상화 발표자료-SDN/NFV/Cloud

seungdols

Automating with NX-OS: Let's Get Started!

Cisco DevNet

Autoscaling Kubernetes

craigbox

Kubernetes: Reducing Infrastructure Cost & Complexity

DevOps.com

Using the KVMhypervisor in CloudStack

ShapeBlue

While Azure provides native load balancing capabilities, our KEMP Virtual LoadMaster (VLM) significantly improves on these via advance features like application delivery and load balancing in Layer 7 of the network stack. Other features that KEMP VLM delivers for Azure based and hybrid infrastructure deployments are: - Client authentication and single sign-on (SSO) High Performance Layer 4 & Layer 7 Application Load Balancing - Intelligent Global Site Traffic Distribution - Application Health Checking - IP and Layer 7 Persistence - Content Switching - SSL Acceleration and Offload - Compression - Caching - Advanced App Gateway Services - Provide better Load Balancing over the Internal Load Balancer - Sophisticated Traffic Manager https://kemptechnologies.com/solutions/microsoft-load-balancing/loadmaster-azure/ https://azure.microsoft.com/en-us/marketplace/partners/kemptech/vlm-azure/

Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure

Kemp

Aks pimarox from zero to hero

Johan Biere

Service mesh

Arnab Mitra

Productionizing Machine Learning with a Microservices Architecture

Databricks

Scalable Service-Oriented Middleware on IP (SOME/IP) is a proposal aimed at providing service-oriented communication in vehicles. SOME/IP nodes are able to dynamically discover and subscribe to available services through the SOME/IP Service Discovery protocol (SOME/IP SD). In this context, a key performance criterion to achieve the required responsiveness is the subscription latency that is the time it takes for a client to subscribe to a service. In this paper we provide a recap of SOME/SD and list a number of assumptions based on what we can foresee about the use of SOME/IP in the automotive domain. Then, we identify the factors having an effect on the subscription latency, and, by sensitivity analysis, quantify their importance regarding the worst-case service subscription latency. The analysis and experiments in this study provide practical insights into how to best configure SOME/IP SD protocol.

Insights on the configuration and performances of SOME/IP Service Discovery

Nicolas Navet

Tối ưu hiệu năng đáp ứng các yêu cầu của hệ thống 4G core

Vietnam Open Infrastructure User Group

Kubernetes internals (Kubernetes 해부하기)

DongHyeon Kim

building microservices

Cisco DevNet

Azure kubernetes service (aks)

Akash Agrawal

Introduction to OpenFlow

Joel W. King

IBM WebSphere MQ Introduction

ejlp12

The RabbitMQ Message Broker

Martin Toshev

02 api gateway

Janani Velmurugan

CCNAv5 - S3: Chapter1 Introduction to Scaling Networks

Vuz Dở Hơi

Was ist angesagt? (20)

Karpenter

네트워크 가상화 발표자료-SDN/NFV/Cloud

Automating with NX-OS: Let's Get Started!

Autoscaling Kubernetes

Kubernetes: Reducing Infrastructure Cost & Complexity

Using the KVMhypervisor in CloudStack

Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure

Aks pimarox from zero to hero

Service mesh

Productionizing Machine Learning with a Microservices Architecture

Insights on the configuration and performances of SOME/IP Service Discovery

Tối ưu hiệu năng đáp ứng các yêu cầu của hệ thống 4G core

Kubernetes internals (Kubernetes 해부하기)

building microservices

Azure kubernetes service (aks)

Introduction to OpenFlow

IBM WebSphere MQ Introduction

The RabbitMQ Message Broker

02 api gateway

CCNAv5 - S3: Chapter1 Introduction to Scaling Networks

Ähnlich wie Automating Network Firewall Rule Creation using Powershell and CI/CD

Netflix Cloud Architecture and Open Source

aspyker

Regulated Reactive - Security Considerations for Building Reactive Systems in...

Ryan Hodgin

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

How we think about and architect network security has stayed fairly constant for quite some time. Until we moved to the cloud. Things may look the same on the surface, but dig a little deeper and you quickly realize that network security for cloud computing and hybrid networks requires a different mindset, different tools, and a new approach. Hybrid networks complicate management, both in your data center and in the cloud. Each side uses a different basic configuration and security controls, so the challenge is to maintain consistency across both, even though the tools you use – such as your nifty next generation firewall – might not work the same (if at all) in both environments. Presented by AlgoSec and Rich Mogull, Analyst and CEO at Securosis, this webinar explains how cloud network security is different, and how to pragmatically manage it for both pure cloud and hybrid cloud networks. We will start with some background material and Cloud Networking 101, then move into cloud network security controls, and specific recommendations on how to use and manage them in a hybrid environment.

A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment

AlgoSec

AWS Security Architecture - Overview

Sai Kesavamatham

Getting Started With AWS Security

Amazon Web Services

Microservices with Azure Service Fabric

Davide Benvegnù

http://www.secludit.com We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.

How to detect side channel attacks in cloud infrastructures

Pasquale Puzio

AWS, Azure and Google Cloud have disrupted the traditional infrastructure market. After realizing that security is a major roadblock to cloud adoption, they are putting money and effort to built-in security features. But hybrid setups remain a challenge for companies and there is a learning curve for security teams to be proficient on cloud. Find out how to choose the best toolset to secure your data in the cloud.

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...

Outpost24

Managed Threat Detection and Response

Alert Logic

Managed Threat Detection & Response for AWS Applications

Alert Logic

Service fabric and azure service fabric mesh

Mikkel Mørk Hegnhøj

Hybrid - Seguridad en Contenedores v3.pptx

HansFarroCastillo1

A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture using the VM-Series next-generation firewall. Speaker: Bisham Kishnani, Consulting Engineer (APJC) – DataCenter & Virtualization, Palo Alto Networks

5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...

Amazon Web Services

[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking

OpenStack Korea Community

Security in the cloud Workshop HSTC 2014

Akash Mahajan

OpenStack - Security Professionals Information Exchange

Cybera Inc.

Cisco ACI for the Microsoft Cloud Platform

Shashi Kiran

Discuss following: What does it really take to make sure your application is production ready? With new privacy regulations being added, many aspects need to be taken into account when deciding when to deliver your final application is ready for production. Can your application handle multiple users with different levels of access? Can you extend your application to use existing authentication and authorization platforms? Have you invested in using Mutual TLS for communication between components? How do you manage the certificates and passwords used within your product? Is CICD your friend or your enemy when it comes to delivering your product? Have you considered the availability and scalability of the application?

From Containerized Application to Secure and Scaling With Kubernetes

Shikha Srivastava

BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx

JasonOstrom1

Ähnlich wie Automating Network Firewall Rule Creation using Powershell and CI/CD (20)

Netflix Cloud Architecture and Open Source

Regulated Reactive - Security Considerations for Building Reactive Systems in...

Azure 101: Shared responsibility in the Azure Cloud

A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment

AWS Security Architecture - Overview

Getting Started With AWS Security

Microservices with Azure Service Fabric

How to detect side channel attacks in cloud infrastructures

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...

Managed Threat Detection and Response

Managed Threat Detection & Response for AWS Applications

Service fabric and azure service fabric mesh

Hybrid - Seguridad en Contenedores v3.pptx

5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...

[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking

Security in the cloud Workshop HSTC 2014

OpenStack - Security Professionals Information Exchange

Cisco ACI for the Microsoft Cloud Platform

From Containerized Application to Secure and Scaling With Kubernetes

BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx

Mehr von Nills Franssens

Gentle introduction to containers and kubernetes

Nills Franssens

Automation - Azure training day Cloud security and governance

Nills Franssens

Containers and Kubernetes

Nills Franssens

Nodeless and serverless kubernetes

Nills Franssens

Bay Area Azure Meetup - Ignite update session

Nills Franssens

Making sense of containers, docker and Kubernetes on Azure.

Nills Franssens

The container ecosystem @ MicrosoftA story of developer productivity

Nills Franssens

My most complex ARM template - Story from the trenches

Nills Franssens

Mehr von Nills Franssens (8)

Gentle introduction to containers and kubernetes

Automation - Azure training day Cloud security and governance

Containers and Kubernetes

Nodeless and serverless kubernetes

Bay Area Azure Meetup - Ignite update session

Making sense of containers, docker and Kubernetes on Azure.

The container ecosystem @ MicrosoftA story of developer productivity

My most complex ARM template - Story from the trenches

Kürzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘

Manulife - Insurer Innovation Award 2024

Data Cloud, More than a CDP by Matt Robison

Scaling API-first – The story of a global engineering organization

Apidays New York 2024 - The value of a flexible API Management solution for O...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Exploring the Future Potential of AI-Enabled Smartphone Processors

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Artificial Intelligence: Facts and Myths

Partners Life - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Strategies for Landing an Oracle DBA Job as a Fresher

Boost Fertility New Invention Ups Success Rates.pdf

Top 10 Most Downloaded Games on Play Store in 2024

Automating Network Firewall Rule Creation using Powershell and CI/CD

2. Runner Belgian in the US Cloud Solution Architect @ Microsoft • Infrastructure • Networking • Open Source

3. DDoS protection Identity management Network security Application security Encryption

4. All major cloud providers offer a native L3/L4 firewall capability (Security Group) A set of network security rules to allow/deny network traffic into/out of instances • ~Like ACLs • Instance tagging – security groups • Stateful • An object Differences • AWS has 2 implementations: security groups and network ACL (stateless) • Azure allows IP-based and security group based rules mixed • Assigned to different levels: AWS is instance level, Azure is instance or subnet level, GCP is VPC level

5. Organic cloud adoption  structured cloud adoption Security review Micro- segmentation Catalyst: new customer- facing application coming live

6. Human error. What if we needed to do it all over again? What if this needs to repeated for a second region? We only had half a day to do this right.

7. We needed to decide Highly parallel Single API call Source code

8. Automation in step 1 in a DevOps Lifecycle. DevOps is the union of people, process, and products to enable continuous delivery of value to your end users. “ ” Build & Test Continuous Delivery Deploy Operate Monitor & Learn Plan & Track Develop

10. Read CSV input unsorted Creates per- subnet rules- hashtable Generates per-subnet IaC artifact Validates IaC artifact

11.

12. Implemented 500 firewall rules in half a day Flexible way to adapt firewall rules afterwards Security review built-in to process Standard format for developers to request firewall changes Happy customer

13. https://github.com/NillsF/NSG-CSV-to-ARM

Hinweis der Redaktion

DevOps is the union of people, process and products to enable the continuous delivery of value to your end customers

Automating Network Firewall Rule Creation using Powershell and CI/CD

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Automating Network Firewall Rule Creation using Powershell and CI/CD

Ähnlich wie Automating Network Firewall Rule Creation using Powershell and CI/CD (20)

Mehr von Nills Franssens

Mehr von Nills Franssens (8)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Automating Network Firewall Rule Creation using Powershell and CI/CD

Hinweis der Redaktion