baking safety into infrastructure testing

JessicaDeVitaTechnicalEvangelistChefSoftware@ubergeekgirl

Baking Safety Into Infrastructure Testing

What the heck is an evangelist?

• Software

• Safety

• Common ground

• Compliance as code

Software is everywhere!

Motorcycles

Medical Devices

Pre-DevOps

DevOps to the rescue!

Why does safety matter?

What about Security?

Dev

QA

SecurityReview

Staging

Prod

Patching

I loveworkingwithoursecurityteam,Saidno oneever

Regulations!OFAC USAPATRIOTAct Gramm-Leach-BlileyAct RedFlagsRule

BankSecrecyAct Sarbanes-Oxley RegulationE Dodd-Frank

FalseClaimsAct HIPAA EuropeanCentralBankregulations

PrudentialRegulationAuthority

FinancialConductAuthority HITECH PCIDSS

"Society's ability to regulate industries effectively is limited by it's ability to access and understand code, as we saw with the VW emissions scandal." @richardjpope

Fear-based culture

@TobiasMayer

Safety can be predicted by organizational culture

Ron Westrum

Psychological Safety is the most powerful predictor of successful teams

John AllspawPDF Club

Common Groundand Coordinationin Joint Activity

Intention

• Phases• Signaling• Coordination

devices & costs

• Interpredictability• Common Ground• Directability

CommonGroundinJointActivity

• Intention• Signalsandcues• Conversation,effectiveCoordination• Inter-predictability• CommonGround• Whoknowswhat• Taskwork vs.teamwork• Jointactionladder

Intention

Interdependence

Common ground isNot a "thing"Not a state

Instead, it is a process

an ongoing action: grounding

http://www.stefanomastrogiacomo.info/wp-content/uploads/2012/11/Common-Ground.png

Choreography

Choreography

Communication proceeds on two tracks:

Task Work

Team Work

Signaling

Signaling carries a responsibility to judge the interrupt-ability of

the other person

http://corgibytes.com/blog/2016/04/15/inception-layers/

ChatOps?

All communication is done through the board

Coordination: managing dependencies between activities

Coordination cannot be manufactured through procedures

and explicit guidelines.

Common Ground is Not: everyone having the same knowledge

Interpredictability

Common Ground

Pertinent Mutual Knowledge, Beliefs, and Assumptions

roles and functionsroutinesskills and competenciesgoals and commitmentstance:

perceptions of time pressurefatiguecompeting priorities

Most important types: Pertinent Mutual Knowledge,

Beliefs, and Assumptions

common ground is created or lost during handoffs.

https://www.flickr.com/photos/53370644@N06/4976497160

Whydoteamslosecommonground?• No experience working together

• Access to different data• No clear rationale for the directives• Ignorance of different stances• Unexpected loss of communications and unskilled

at repairing the disruption• Failure to monitor confirmation of messages• Confusion over who knows what – fundamental

common ground breakdown

3.UnderstandUnderstanding

Acting

The Joint Action Ladder

4.Act

2.Perceive

1.Attend

Fundamental Common Ground Breakdown:

Common ground is not binary!

Teams engage in activities to support common ground• structuring preparations(establish routines)• sustaining (clarifications, reminders)• updating others about changes

• monitoring other team members• detecting (anomalies, signals of loss of ground)

repairing the loss

"No matter how much care is taken, breakdowns in common ground are inevitable. No amount of procedure

or documentation can totally prevent them."

High reliability organizations are marked by a continual mindfulness, a continual searching for

indications of a loss of common ground

Safetyisconveyedthroughactions

• actionscanbecode• actionscanbeconversations

Making automation a team player

https://tctechcrunch2011.files.wordpress.com/2015/06/robotdap-e1433960740130.jpg

InSpec is compliance as code – a human-readable language for

automating the continuous testing and compliance auditing of your entire

infrastructure.

SSHControlSSHsupportstwodifferentprotocolversions.Theoriginalversion,SSHv1,wassubjecttoanumberofsecurityissues.PleaseuseSSHv2insteadto

avoidthese.

MappingCompliancetoInSpeccontrol 'ssh-6.2.1' do

title 'Set SSH Protocol to 2'

end

MappingCompliancetoInSpeccontrol 'ssh-6.2.1' do

title 'Set SSH Protocol to 2'

desc "

SSH supports two different ...

"

end

MappingCompliancetoInSpeccontrol 'ssh-6.2.1' do

title 'Set SSH Protocol to 2'

desc "

SSH supports two different ...

"

describe sshd_config do

its('Protocol') { should cmp('2') }

end

end

MappingCompliancetoInSpeccontrol 'ssh-6.2.1' do

impact 1.0

title 'Set SSH Protocol to 2'

desc "

SSH supports two different ...

"

describe sshd_config do

its('Protocol') { should cmp('2') }

end

end

Test Any Target

inspec exec test.rb

inspec exec test.rb -i ~/.aws/mandi_eu.pem -t ssh://ec2-user@54.152.7.203

inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super

inspec exec test.rb -t docker://3dda08e75838

its.... should...

•it { should exist } •it { should be_installed }•it { should be_enabled }•its('max_log_file') { should cmp 6 }•its('exit_status') { should eq 0 }•its('gid') { should eq 0 }

InSpec Profilesinclude_controls 'os-hardening' doskip_control 'os-06'

control 'os-02' do impact 0.7 end end

include_controls 'ssh-hardening'

describe security_policy doits('PasswordComplexity') { should eq 1 }enddescribe sshd_config doits('Port') { should eq('22') }Enddescribe iis_site('Default Web Site') doit { shouldhave_app_pool('DefaultAppPool') }it { should have_binding('http *:80:') }end

67

Truth can only be found in one place:

the code.

Only the code can truly tell you what it does. It is the only

source of truly accurate

information.

jessica@chef.io

@UberGeekGirl