+ All Categories
Home > Documents > Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security...

Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security...

Date post: 30-Jun-2020
Category:

Documents
Upload: others
View: 9 times
Download: 0 times
Download Report this document
Share this document with a friend
46
Compliance, Security Automation, and Remediation with Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat Lucy Huh Kerner Senior Cloud Solutions Architect Red Hat U.S. Public Sector Matt Micene Solutions Architect DLT Solutions
Transcript
Page 1: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Compliance, Security Automation, andRemediation with Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat

Lucy Huh KernerSenior Cloud Solutions ArchitectRed Hat U.S. Public Sector

Matt MiceneSolutions ArchitectDLT Solutions

Page 2: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

GOAL● Create a Security Compliant host at Provisioning time by 2 methods:

–Red Hat Satellite 6 + OpenSCAP–Red Hat CloudForms + Red Hat Satellite + Ansible Tower by Red Hat

● Automate ongoing Security Remediation and Compliance with:–Red Hat CloudForms + Red Hat Satellite + OpenSCAP–Red Hat CloudForms + Ansible Tower by Red Hat–Red Hat CloudForms Control/Policy Engine + Red Hat Insights

Page 3: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

WHY AUTOMATE COMPLIANCE ?

Page 4: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Compliance, what's it good for?

CA DOJ recommends CIS Critical Security Controls as “minimum level of information security” to meet standard of reasonableness– California Breach Report https://oag.ca.gov/breachreport2016#findings

“Patch management and associated vulnerability management processes represent the biggest problem areas, because they’re rarely well documented and automated.” – Anton Chuvakin [http://blogs.gartner.com/anton-chuvakin/2014/02/13/highlights-from-verizon-pci-report-2014/]

Page 5: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Poster created by Ken Westin, 2015, used with permission of author. Hi Ken!

Page 6: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

WHAT IS SCAP?

SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126 Rev. 2

● CCE™: Common Configuration Enumeration● CPE™: Common Platform Enumeration● CVE®: Common Vulnerabilities and Exposures● CVSS: Common Vulnerability Scoring System● CCSS: Common Configuration Scoring System● XCCDF: The Extensible Configuration Checklist Description Format● OVAL®: Open Vulnerability and Assessment Language● OCIL: Open Checklist Interactive Language● AI: Asset Identification● ARF: Asset Reporting Format

Page 7: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

WHAT IS OpenSCAP?

NIST validated SCAP scanner by Red Hat

https://nvd.nist.gov/scapproducts.cfm

Page 8: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

METHOD #1: Create a Security Compliant host at Provisioning time with:Red Hat Satellite 6 + OpenSCAP

Page 9: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Kickstarting SCAP

Page 10: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 11: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 12: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 13: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 14: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Create new Scan policy

Page 15: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 16: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 17: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 18: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 19: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Update scan host group

Page 20: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 21: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 22: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Create Kickstart templates

Page 23: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

https://github.com/nzwulfin/rhsummit16-scap

Page 24: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 25: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 26: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Put it together in a new host

Page 27: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 28: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 29: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 30: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126
Page 31: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

METHOD #2:Create a Security Compliant host at Provisioning time with:Red Hat CloudForms + Red Hat Satellite + Ansible Tower

Page 32: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

WHAT IS CLOUDFORMS?

Page 33: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Creating a Security Compliant host at Provisioning time with: Red Hat CloudForms + Red Hat Satellite + Ansible Tower

Defense Information Systems Agency Secure Technical Implementation Guide (DISA STIG)

CIS Security Benchmarks

ANSIBLE PLAYBOOK

ANSIBLE PLAYBOOK

Lauch the CloudForms Provisioning State Machine

Post Provisioning Steps

Page 34: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

DEMO

Page 35: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Automating ongoing Security Remediation and Compliance with:Red Hat CloudForms + Red Hat Satellite + OpenSCAPRed Hat CloudForms + Ansible Tower by Red HatRed Hat CloudForms Control/Policy Engine + Red Hat Insights

Page 36: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Automated security scanning and remediation with Red Hat Satellite 5.7 + OpenSCAP + Red Hat CloudForms

OpenSCAP

XML-RPC

REST API

SCAN RESULTS: PASS/FAIL

REMEDIATE

IF SCAN FAILSTag VM(example: scap_compliant: core_base_osscap_noncompliant: top_secret)

XCCDF XML FILE with list of security checks by Profile id

Create a Report based on scap_compliant and scap_non compliant tags

Page 37: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Security remediations with Ansible Tower using Red Hat CloudForms

Page 38: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

DEMO

Page 39: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

The Power and Flexibility of the Red Hat CloudForms Control/Policy Engine

Page 40: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Managing Shell Shock compliance with Red Hat CloudForms Control

http://cloudformsblog.redhat.com/2014/09/28/shell-shock-bash-code-injection-vulnerability-via-specially-crafted-environment-variables-cve-2014-6271-cve-2014-7169/#more-325

Page 41: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

OpenSCAP compliance for Containers with Red Hat CloudForms Control

Page 42: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Proactive Systems Management with Red Hat Insights

Page 43: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

SUMMARY●Create a security compliant host at Provisioning time by 2 methods:

●Satellite 6 + OpenSCAP●CloudForms + Ansible Tower

●Automate ongoing security remediation and compliance with:●CloudForms + Satellite + OpenSCAP●CloudForms + Ansible Tower●CloudForms Control/Policy Engine and Red Hat Insights

Page 44: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

QUESTIONS ?

Matt MiceneSolutions ArchitectDLT [email protected]: @cleverbeard

Lucy Huh KernerSenior Cloud Solutions ArchitectRed Hat U.S. Public [email protected]: @LucyCloudBling

mailto:[email protected]
Page 45: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

APPENDIX●Example Satellite 6 provisioning templtae snippet and partition table

●https://github.com/nzwulfin/rhsummit16-scap

●Ansible playbooks for RHEL 6 CIS Benchmarks●https://github.com/major/cis-rhel-ansible

●Ansible role for RHEL 6 DISA STIG from Ansible by Red Hat and MindPointGroup ●https://github.com/ansible/ansible-lockdown●https://github.com/MindPointGroup/RHEL6-STIG

https://github.com/nzwulfin/rhsummit16-scap
https://github.com/major/cis-rhel-ansible
https://github.com/ansible/ansible-lockdown
https://github.com/MindPointGroup/RHEL6-STIG
Page 46: Compliance, Security Automation, and Remediation with Red ... · WHAT IS SCAP? SCAP = Security Content Automation Protocol (latest is version 1.2), Specification: NIST SP 800-126

Recommended
SCAP Presentation

SCAP Presentation

Documents

SCADA, SECURITY & AUTOMATION NEWSLETTER security & automation newsletter

SCADA, SECURITY & AUTOMATION NEWSLETTER security & automation newsletter

Documents

Security Automation

Security Automation

Documents

The Critical Security Controls - Community College of ... 1-10 7 2014.pdf · CSC 7: Wireless Access Control ... Automation Program (SCAP) and Special Publication 800-53 (Recommended

The Critical Security Controls - Community College of ... 1-10 7 2014.pdf · CSC 7: Wireless Access Control ... Automation Program (SCAP) and Special Publication 800-53 (Recommended

Documents

Security Content Automation Protocol (SCAP) Version 1.2 Validation

Security Content Automation Protocol (SCAP) Version 1.2 Validation

Documents

The Security Content Automation Protocol (SCAP) is a ...people.redhat.com/mlessard/mtl/presentations/fev2017/Openscap.pdf · The Security Content Automation Protocol (SCAP) is a collection

The Security Content Automation Protocol (SCAP) is a ...people.redhat.com/mlessard/mtl/presentations/fev2017/Openscap.pdf · The Security Content Automation Protocol (SCAP) is a collection

Documents

Unit #9 · SCAP (Security Content Automation Protocol) pronounced “ess-cap” Purpose: Used for continuously monitoring deployed computer systems and applications for detectable

Unit #9 · SCAP (Security Content Automation Protocol) pronounced “ess-cap” Purpose: Used for continuously monitoring deployed computer systems and applications for detectable

Documents

ARCHITECT’S GUIDE - Trusted Computing Group · Security Content Automation Protocol (SCAP) — to build products ideally suited for implementing security automation. This Architect’s

ARCHITECT’S GUIDE - Trusted Computing Group · Security Content Automation Protocol (SCAP) — to build products ideally suited for implementing security automation. This Architect’s

Documents

Archived NIST Technical Series Publication...NIST Special Publication 800-126 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 Recommendations

Archived NIST Technical Series Publication...NIST Special Publication 800-126 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 Recommendations

Documents

SCAP Security Guide Questions / Answers - WordPress.com · SCAP Security Guide ... Developer Workflow Pull Request Reviewer Workflow ... (e.g. “Red Hat Enterprise Linux 6” for

SCAP Security Guide Questions / Answers - WordPress.com · SCAP Security Guide ... Developer Workflow Pull Request Reviewer Workflow ... (e.g. “Red Hat Enterprise Linux 6” for

Documents

Security Content Automation Protocol (SCAP) … · 116 Security Content Automation Protocol (SCAP); ... Updated URL to CVE Id ; 23 . ... 202 and do not alter FDCC settings.

Security Content Automation Protocol (SCAP) … · 116 Security Content Automation Protocol (SCAP); ... Updated URL to CVE Id ; 23 . ... 202 and do not alter FDCC settings.

Documents

SCAP Primer

SCAP Primer

Documents

Correlating Security Data Using SCAP Standards presentations/streufert_scap.pdfCorrelating Security Data Using SCAP Standards Panel Discussion: ... Martha Rogers, Ph.D Currency-Doubleday

Correlating Security Data Using SCAP Standards presentations/streufert_scap.pdfCorrelating Security Data Using SCAP Standards Panel Discussion: ... Martha Rogers, Ph.D Currency-Doubleday

Documents

The attached DRAFT document (provided here for historical ... · Automation Protocol (SCAP): SCAP Version 1.3 ... The Technical Specification for the . 25 . ... v 152 . Errata

The attached DRAFT document (provided here for historical ... · Automation Protocol (SCAP): SCAP Version 1.3 ... The Technical Specification for the . 25 . ... v 152 . Errata

Documents

SCAP Survey Student Council Alliance of the Philippines (SCAP)

SCAP Survey Student Council Alliance of the Philippines (SCAP)

Documents

The Technical Specification for the Security Content ... · NIST Special Publication 800-126 Revision 3 The Technical Specification for the Security Content Automation Protocol (SCAP)

The Technical Specification for the Security Content ... · NIST Special Publication 800-126 Revision 3 The Technical Specification for the Security Content Automation Protocol (SCAP)

Documents

The technical specification for the Security Content ... · The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 1 Executive Summary The

The technical specification for the Security Content ... · The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 1 Executive Summary The

Documents

NetIQ Secure Configuration Manager SCAP Module ...The SCAP module 7.0 includes the following enhancements: SCAP 1.2 Inside Embeds National Institute of Standards and Technology SCAP

NetIQ Secure Configuration Manager SCAP Module ...The SCAP module 7.0 includes the following enhancements: SCAP 1.2 Inside Embeds National Institute of Standards and Technology SCAP

Documents