Devops Notes........................................................, Study notes of Software Development

Devops notes....................................................................................................................................................................................................................................................................

Typology: Study notes

2021/2022

Uploaded on 05/19/2022

ravi-teja-muvvala
ravi-teja-muvvala 🇮🇳

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SECURITY AND SECUIRTY AUDITS
1) What Is Security?
Security is easily remembered by the acronym CIA, which stands for
confidentiality, integrity, and availability.
i) Confidentiality means that no unauthorized people are able to
access information;
ii) Integrity means that no unauthorized people are able to modify
information; and
iii) Availability means that authorized people are able to access
information
Authorization has two elementsthat answer the following questions:
Who is trying to access or modifyinformation and
Do they have the right to perform the operation they
requested? Both of these elements are supported by a
variety of techniques.
2) Threats
The point of view of an attacker provides one perspective for you to
take when designing your system or subsystem.
Microsoft has introduced the acronym STRIDE for a threat model.
STRIDE stands for
The STRIDE model
i) Spoofing identity. An example of identity spoofing is illegally
accessingand then using another user’s authentication information,
such as usernameand password.
ii) Tampering with data. Data tampering involves the malicious
modificationof data.
iii) Repudiation. Repudiation threats are associated with users who
denyperforming an action without other parties having a way to
proveotherwise.
iv) Information disclosure. Information disclosure threats involve
theexposure of information to individuals who are not supposed to
haveaccess to it.
v) Denial of service. Denial of service (DoS) attacks target the
serviceavailability to valid usersfor example, by making a web
servertemporarily unavailable or unusable.
pf3
pf4
pf5

Partial preview of the text

Download Devops Notes........................................................ and more Study notes Software Development in PDF only on Docsity!

SECURITY AND SECUIRTY AUDITS

1) What Is Security?

  • Security is easily remembered by the acronym CIA, which stands for confidentiality, integrity, and availability. i) Confidentiality means that no unauthorized people are able to access information; ii) Integrity means that no unauthorized people are able to modify information; and iii) Availability means that authorized people are able to access information Authorization has two elements that answer the following questions: ➔ Who is trying to access or modifyinformation and
    • Do they have the right to perform the operation they requested? Both of these elements are supported by a variety of techniques. 2) Threats
  • The point of view of an attacker provides one perspective for you to take when designing your system or subsystem.
  • Microsoft has introduced the acronym STRIDE for a threat model.
  • STRIDE stands for The STRIDE model i) Spoofing identity. An example of identity spoofing is illegally accessingand then using another user’s authentication information, such as usernameand password. ii) Tampering with data. Data tampering involves the malicious modificationof data. iii) Repudiation. Repudiation threats are associated with users who denyperforming an action without other parties having a way to proveotherwise. iv) Information disclosure. Information disclosure threats involve theexposure of information to individuals who are not supposed to haveaccess to it. v) Denial of service. Denial of service (DoS) attacks target the serviceavailability to valid users—for example, by making a web servertemporarily unavailable or unusable.

vi) Elevation of privilege. In this type of threat, an unprivileged user gainsprivileged access and thereby has sufficient access to compromise ordestroy the entire system. 3) Resources to Be Protected

  • Elements of security, C and I refer to “information.”
  • Information is one of the key resources to be protected.
  • Information can be at rest, in use, or in transit.
  • This includes information related to DevOps activ ities such as Source code, test data, logs, updates, and who placed a version into production. i) Information at rest ✓ It is stored on persistent storage. ✓ It can be accessed either through the software systems under the control of one of the actors or through physical possession of the persistent storage. ✓ As an example of the former, a legitimate user logs in and receives credentials allowing him or her to access certain data. The software that can be accessed understands the credentials and knows how to retrieve, display, and modify the data. ii) Information in use ✓ It is being used by an information system. ✓ It may be displayed to the user, it may be stored in a cache for performance or reliability reasons, or it may be stored in a virtual machine (VM), also for performance or reliability reasons. iii) Information in transit ✓ It is being moved from one location to another. ✓ If the movement is over a network, then the data is available through access to the network. ✓ Network access can be through one of the endpoints of the

transit or through an intermediate point.

4) Security Roles and Activities ✓ Four different roles related to security. ✓ The people performing these roles may belong to the same organization or to different organizations. i) Security architect. ✓ A security architect is responsible for the design of an organization’s network to achieve security for the network. ✓ The security architect is also responsible for overseeing the implementation of the network.

  • For example, you need to know both a password and the answer to a secret question.
  • The system can authenticate itself to you prior to asking for something you know. ii) Role-Based Authentication ✓ Role-based authentication (RBA) is a technique for assigning identifications based on roles rather than on identity. ✓ For example, you may log in as super user using the root password. Super user is a role you are assuming; it is not your identity.

iii) Controls to Prevent Compromising Passwords

Passwords can be compromised in several different ways: a) An attacker breaks an individual’s password through various forms of brute force attacks. Controls specify minimum password length, password lifetime, and limits on password reuse. b) A user allows her or his password to be determined through social engineering means. There are controls about security education for users, but perhaps the most notorious use of social engineering to determine a password. One of the controls to prevent this type of attack is to require that default passwords be changed before a system goes into production. c) An authorized user changes roles or leaves the organization. When an employee leaves the organization, a control specifies that their account privileges are deleted within a short time frame. d) Your system is compromised, allowing determination of passwords. Controls specify that passwords must be stored in an encrypted form using an approved piece of cryptographic software. iv) Authorization Once a user is identified then it becomes possible to control access to resources based on the privileges granted to that user. Control: The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

v) Techniques to Control Access to Resources There are two fundamental techniques used to control access to resources: access control lists (ACLs) and capabilities. a) ACLs. ✓ An ACL is a list of users or roles and allowed operations attached to a resource such as a file system or database field. ✓ When a user asks for access to the resource to perform a particular operation, the list is examined to determine whether that user or role has the right to perform that operation on the resource. b) Capability****. ✓ A capability is a token that grants particular rights on a resource. ✓ A good analogy is a key and a lock. ✓ The capability is the key; the resource maintains the lock. When access is requested, the resource will verify that the token provided with the access request contains sufficient privileges for the provider of that token to be granted access. vi) Role-Based Access Control ✓ RBAC is based on a mapping between individuals and roles. ✓ A role is allowed certain access privileges, and the identity management system maintains a mapping between users and roles. ✓ It also maintains a mapping between roles and privileges. ✓ Then, when a user changes roles, the mapping between users and roles is changed as well and the authorization system is provided with the information appropriate to the

new role.

  1. Access Control ✓ Identity management controls are intended to prevent spoofing, tampering, information disclosure, and elevation of privilege for those users who have gone through authentication and authorization channels. ✓ Tampering and information disclosure are still threats from those who do not go through authentication and authorization. i) Preventing Access ✓ Working from outside in, the boundary of the system or the organization’s software system must be defined. ✓ That is, the resources to be protected must be clearly identified. ✓ Resources may have different levels of protection, for example, available for reading by unauthenticated users (a
  1. Utilize fail-safe defaults. Application Design Considerations The use of the cloud and microservice architecture leads to some special design considerations for security. i) Any cloud-wide AWS administration account (just like the root account) should not be used after initial registration and setup. Different identities (users or roles) with least privileges (to resources) should be set up using AWS Identity and Access Management (IAM) for different purposes. ii) Components should be able to be isolated and deployed independently without affecting other components. This is for security and other reasons. iii) Components should be coded to be defensive and not to trust their invoker. iv) Components are provided with configurations (sometimes through dynamically querying an external service) appropriate to the environment in which they are executing. v) Communication to the external world should be encrypted, and communications among internal services should consider encryption. Deployment Pipeline Design Considerations Security considerations may include the following: i) Lock down your pipeline environment most of the time and track all changes to the pipeline. ii) Integrate continuous security testing throughout the pipeline, which includes IDE/pre-commit analysis, build and integration servers, and end to-end testing environment. iii) Integrate security monitoring in the production environment. iv) Tear down testing environments every time the respective tests are finished, or at least regularly. v) Test your infrastructure code (not just application code) for security vulnerabilities. vi) Be able to generate regular conformance and auditing output though automation.