book

Securing DevOps

Name: Securing DevOps
Author: Julien Vehent
ISBN: 9781617294136

by Julien Vehent

August 2018

Intermediate to advanced

384 pages

12h 18m

English

Manning Publications

Read now

Unlock full access

Securing DevOps
Copyright
dedication
contents
front matter
prefaceacknowledgmentsabout this bookHow this book is organizedRoadmapAbout the codeBook forumabout the authorabout the cover illustration
1 Securing DevOps
1.1 The DevOps approach1.1.1 Continuous integration1.1.2 Continuous delivery1.1.3 Infrastructure as a service1.1.4 Culture and trust1.2 Security in DevOps1.3 Continuous security1.3.1 Test-driven security1.3.2 Monitoring and responding to attacks1.3.3 Assessing risks and maturing securitySummary
Part 1. Case study: applying layers of security to a simple DevOps pipeline
2 Building a barebones DevOps pipeline
2.1 Implementation roadmap2.2 The code repository: GitHub2.3 The CI platform: CircleCI2.4 The container repository: Docker Hub2.5 The production infrastructure: Amazon Web Services2.5.1 Three-tier architecture2.5.2 Configuring access to AWS2.5.3 Virtual Private Cloud2.5.4 Creating the database tier2.5.5 Creating the first two tiers with Elastic Beanstalk2.5.6 Deploying the container onto your systems2.6 A rapid security auditSummary
3 Security layer 1: protecting web applications
3.1 Securing and testing web apps3.2 Website attacks and content security3.2.1 Cross-site scripting and Content Security Policy3.2.2 Cross-site request forgery3.2.3 Clickjacking and IFrames protection3.3 Methods for authenticating users3.3.1 HTTP basic authentication3.3.2 Password management3.3.3 Identity providers3.3.4 Sessions and cookie security3.3.5 Testing authentication3.4 Managing dependencies3.4.1 Golang vendoring3.4.2 Node.js package management3.4.3 Python requirementsSummary
4 Security layer 2: protecting cloud infrastructures
4.1 Securing and testing cloud infrastructure: the deployer4.1.1 Setting up the deployer4.1.2 Configuration notifications between Docker Hub and the deployer4.1.3 Running tests against the infrastructure4.1.4 Updating the invoicer environment4.2 Restricting network access4.2.1 Testing security groups4.2.2 Opening access between security groups4.3 Building a secure entry point4.3.1 Generating SSH keys4.3.2 Creating a bastion host in EC24.3.3 Enabling two-factor authentication with SSH4.3.4 Sending notifications on accesses4.3.5 General security considerations4.3.6 Opening access between security groups4.4 Controlling access to the database4.4.1 Analyzing the database structure4.4.2 Roles and permissions in PostgreSQL4.4.3 Defining fine-grained permissions for the invoicer application4.4.4 Asserting permissions in the deployerSummary

5 Security layer 3: securing communications
5.1 What does it mean to secure communications?5.1.1 Early symmetric cryptography5.1.2 Diffie-Hellman and RSA5.1.3 Public-key infrastructures5.1.4 SSL and TLS5.2 Understanding SSL/TLS5.2.1 The certificate chain5.2.2 The TLS handshake5.2.3 Perfect forward secrecy5.3 Getting applications to use HTTPS5.3.1 Obtaining certificates from AWS5.3.2 Obtaining certificates from Let’s Encrypt5.3.3 Enabling HTTPS on AWS ELB5.4 Modernizing HTTPS5.4.1 Testing TLS5.4.2 Implementing Mozilla’s Modern guidelines5.4.3 HSTS: Strict Transport Security5.4.4 HPKP: Public Key PinningSummary
6 Security layer 4: securing the delivery pipeline
6.1 Access control to code-management infrastructure6.1.1 Managing permissions in a GitHub organization6.1.2 Managing permissions between GitHub and CircleCI6.1.3 Signing commits and tags with Git6.2 Access control for container storage6.2.1 Managing permissions between Docker Hub and CircleCI6.2.2 Signing containers with Docker Content Trust6.3 Access control for infrastructure management6.3.1 Managing permissions using AWS roles and policies6.3.2 Distributing secrets to production systemsSummary
Part 2. Watching for anomalies and protecting services against attacks
7 Collecting and storing logs
7.1 Collecting logs from systems and applications7.1.1 Collecting logs from systems7.1.2 Collecting application logs7.1.3 Infrastructure logging7.1.4 Collecting logs from GitHub7.2 Streaming log events through message brokers7.3 Processing events in log consumers7.4 Storing and archiving logs7.5 Accessing logsSummary
8 Analyzing logs for fraud and attacks
8.1 Architecture of a log-analysis layer8.2 Detecting attacks using string signatures8.3 Statistical models for fraud detection8.3.1 Sliding windows and circular buffers8.3.2 Moving averages8.4 Using geographic data to find abuses8.4.1 Geoprofiling users8.4.2 Calculating distances8.4.3 Finding a user’s normal connection area8.5 Detecting anomalies in known patterns8.5.1 User-agent signature8.5.2 Anomalous browser8.5.3 Interaction patterns8.6 Raising alerts to operators and end users8.6.1 Escalating security events to operators8.6.2 How and when to notify end usersSummary
9 Detecting intrusions
9.1 The seven phases of an intrusion: the kill chain9.2 What are indicators of compromise?9.3 Scanning endpoints for IOCs9.4 Inspecting network traffic with Suricata9.4.1 Setting up Suricata9.4.2 Monitoring the network9.4.3 Writing rules9.4.4 Using predefined rule-sets9.5 Finding intrusions in system-call audit logs9.5.1 The execution vulnerability9.5.2 Catching fraudulent executions9.5.3 Monitoring the filesystem9.5.4 Monitoring the impossible9.6 Trusting humans to detect anomaliesSummary
10 The Caribbean breach: a case study in incident response
10.1 The Caribbean breach10.2 Identification10.3 Containment10.4 Eradication10.4.1 Capturing digital forensics artifacts in AWS10.4.2 Outbound IDS filtering10.4.3 Hunting IOCs with MIG10.5 Recovery10.6 Lessons learned and the benefits of preparationSummary
Part 3. Maturing DevOps security
11 Assessing risks
11.1 What is risk management?11.2 The CIA triad11.2.1 Confidentiality11.2.2 Integrity11.2.3 Availability11.3 Establishing the top threats to an organization11.4 Quantifying the impact of risks11.4.1 Finances11.4.2 Reputation11.4.3 Productivity11.5 Identifying threats and measuring vulnerability11.5.1 The STRIDE threat-modeling framework11.5.2 The DREAD threat-modeling framework11.6 Rapid risk assessment11.6.1 Gathering information11.6.2 Establishing a data dictionary11.6.3 Identifying and measuring risks11.6.4 Making recommendations11.7 Recording and tracking risks11.7.1 Accepting, rejecting, and delegating risks11.7.2 Revisiting risks regularlySummary
12 Testing security
12.1 Maintaining security visibility12.2 Auditing internal applications and services12.2.1 Web-application scanners12.2.2 Fuzzing12.2.3 Static code analysis12.2.4 Auditing Cloud Infrastructure12.3 Red teams and external pen testing12.4 Bug bounty programsSummary
13 Continuous security
13.1 Practice and repetition: 10,000 hours of security13.2 Year 1: integrating security into DevOps13.2.1 Don’t judge too early13.2.2 Test everything and make dashboards13.3 Year 2: preparing for the worst13.3.1 Avoid duplicating infrastructure13.3.2 Build versus buy13.3.3 Getting breached13.4 Year 3: driving the change13.4.1 Revisit security priorities13.4.2 Progressing iteratively
Index
Lists
List of TablesList of Illustrations

Content preview from Securing DevOps

8 Analyzing logs for fraud and attacks

This chapter covers

Examining the components of a logging pipeline’s analysis layer
Detecting fraud and attacks using string signatures, statistics, and historical data
Managing techniques for alerting users without overwhelming them

In chapter 7, you learned how to build a logging pipeline to collect, stream, analyze, store, and access logs across the infrastructure. A multilayered pipeline creates a flexible infrastructure where logs from different origins are used to monitor the activity of the organization’s services. Chapter 7 gave an overview of the functionalities provided by each layer of the pipeline. In this chapter, we’ll focus on the third layer, the analysis layer, and dive into techniques ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781617294136Publisher Support Publisher Website Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Securing DevOps

by Julien Vehent

8 Analyzing logs for fraud and attacks

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.