Zero-Trust Server ManagementBoston DevOps August 2014

Traditional server access management

has been based on Active Directory and

VPN / perimeter

Perimeter - “Crunchy exterior”

Data center - “Chewy interior”

What do you do when your

perimeter is taken away?

Service A Service B

Service C Service D

Zero-Trust:No “root” privilege

Division of systems into sub-systems

Least privilege among all users, machines and code

Zero-Trust is the future of infrastructure

management

http://www.slideshare.net/mdkail/it-ops-2014-technology-roadmap

What’s the practical challenge to implement zero-trust auth for systems management?

Don’t try and use Active Directory

in the cloud. It won’t work, for more reasons

than I can list here.

Front-End Back-End

◁ Corporate, password authentication

◁ Second factor

◁ Location-independent

◁ Public key authentication

◁ No shared keys

◁ Integrated with security “zones” such as cloud accounts and security groups

Identity hand-off

ssh

ssh

Corporate Password Authority

Bastion

Service A

Service B

ssh

Public key and systems authz

authority

Apply intelligent use of openssh and PAM

◁ Public keys available as a network service

◁ Granular authorization via PAM

◁ Automatic audit of login/logout events

Use Bastions to create security zones

◁ Dedicated admin bastion(s) for access to management services such as Chef/Puppet server, log server, Conjur

◁ General-purpose bastions for access to everything else

◁ Let the back-end authz system provide most of the access control

Zero-Trust Server ManagementBoston DevOps August 2014