zero trust server management - lightning
DESCRIPTION
How to manage access to back-end machines in a zero-trust environment, using ssh and bastion hosts.TRANSCRIPT
Zero-Trust Server ManagementBoston DevOps August 2014
Traditional server access management
has been based on Active Directory and
VPN / perimeter
Perimeter - “Crunchy exterior”
Data center - “Chewy interior”
What do you do when your
perimeter is taken away?
Service A Service B
Service C Service D
Zero-Trust:No “root” privilege
Division of systems into sub-systems
Least privilege among all users, machines and code
Zero-Trust is the future of infrastructure
management
http://www.slideshare.net/mdkail/it-ops-2014-technology-roadmap
What’s the practical challenge to implement zero-trust auth for systems management?
Don’t try and use Active Directory
in the cloud. It won’t work, for more reasons
than I can list here.
Front-End Back-End
◁ Corporate, password authentication
◁ Second factor
◁ Location-independent
◁ Public key authentication
◁ No shared keys
◁ Integrated with security “zones” such as cloud accounts and security groups
Identity hand-off
ssh
ssh
Corporate Password Authority
Bastion
Service A
Service B
ssh
Public key and systems authz
authority
Apply intelligent use of openssh and PAM
◁ Public keys available as a network service
◁ Granular authorization via PAM
◁ Automatic audit of login/logout events
Use Bastions to create security zones
◁ Dedicated admin bastion(s) for access to management services such as Chef/Puppet server, log server, Conjur
◁ General-purpose bastions for access to everything else
◁ Let the back-end authz system provide most of the access control
Zero-Trust Server ManagementBoston DevOps August 2014