Automatic Server Hardening

Hardening Framework

Created by Christoph Hartmann / Dominik Richter / Patrick Meier

Problem

Physical Security

Digital Security

Fort Knox (Source: Wikipedia)

Out-of-the-box server configurations are insecure and increase the probability of server attacks and data breaches.

Solution for Digital Security:

Hardening Framework

In computing, hardening is usually the process of securing a system:

Securing default configuration Reducing attack surface Automatic deployment Works on bare-metal and cloud infrastructures

Honeypot attacks

Measurement of real-world computer attackes

6 Million attacks per month 200.000 attacks per day 8333 attacks per hour 138 attacks per minute

Source: Deutsche Telekom Honeypot Infrastructure, August 2014

Information Breached

Real Names Birth Dates Government ID Numbers Home Address Medical Reports Phone Numbers Financial Information Email Adresses Username & Password Insurance

Source: Symantec

Source: Bloomberg

Why not do manually?

Manual work is not 100% accurate Every project needs to reinvent the wheel Expensive and time-consuming Divergent test & production environments No measurement of compliance level Requires a lot of resources

Server Scaling

Manual hardening does not fit to autoscaling environments

Server Scaling

Manual hardening does not fit to autoscaling environments

Server Scaling

Manual hardening does not fit to autoscaling environments

Server Scaling

Manual hardening does not fit to autoscaling environments

Approach

The Hardening Framework applies secure default configuration while allowing customization for each deployment.

Component Overview

Demo

Ingredients

Automation Frameworks

Infrastructure

Continous Integration

Operating Systems

Chef Puppet OpenStack Security Tests Source code Robocop Foodcritic puppet-lint RedHat 6.4 RedHat 6.5 Ubuntu 12.04 Ubuntu 14.04 CentOS 6.4 CentOS 6.5 Oracle 6.4 Oracle 6.5 Debian 6 Debian 7

Core Team

Contributors

Bernhard Weißhuhn Artem Sidorenko Reik Keutterling Daniel Dreier Frank Kloeker Kurt Huwig Tristan Helmich Matthew Haughton

References

Data Breaches in the U.S. Norse Symantec Internet Security Threat Report 2014 Deutsche Telekom Sicherheitstacho The Honeypot Project

THE END

Further information is available at telekomlabs.github.io

Automatic Server Hardening Hardening Framework Created by Christoph Hartmann / Dominik Richter / Patrick Meier

Automatic Server Hardening – Hardening Framework – Problem

TelekomLabs

Automatic Server Hardening – Hardening Framework – Problem

0 2

hardening-intro-slides

Automatic Server Hardening

Hardening Framework

Problem

Physical Security

Digital Security

Hardening Framework

Honeypot attacks

Information Breached

Why not do manually?

Why not do manually?

Server Scaling

Server Scaling

Server Scaling

Server Scaling

Approach

Component Overview

Demo

Ingredients

Automation Frameworks

Infrastructure

Continous Integration

Operating Systems

Core Team

Contributors

References

THE END

Automatic Server Hardening – Hardening Framework – Problem

TelekomLabs

Automatic Server Hardening – Hardening Framework – Problem

0 2 (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/platform.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

hardening-intro-slides

Automatic Server Hardening

Hardening Framework

Problem

Physical Security

Digital Security

Hardening Framework

Honeypot attacks

Information Breached

Why not do manually?

Why not do manually?

Server Scaling

Server Scaling

Server Scaling

Server Scaling

Approach

Component Overview

Demo

Ingredients

Automation Frameworks

Infrastructure

Continous Integration

Operating Systems

Core Team

Contributors

References

THE END

0 2