Threat Modelling and Beyond for Cisco ACI
Frank Block & Jan Harrie
Cisco Application Centric Infrastructure (ACI) is one of the major solutions in the era of software-defined networking (SDN). Overall, it consists of a) leaf & spine switches (running NX-OS) to connect different endpoints and enforce filtering rules and b) a cluster of Application Policy Infrastructure Controllers to manage the SDN. Such a modern networking approach comes, of course, with its own threats and risks.
To better understand the threat landscape in the case of the Cisco ACI solution, we performed a first deeper analysis of the system. In this lightning talk we will present the current research results on a theoretical and technical level, existing challenges, and a forecast of the next steps.
Docker, Kubernetes & Security in Enterprise Environments
Simon Janz & Jan Harrie
Container, Microservices, Kubernetes - all of those terms heavily dominate modern application development teams and processes. This training will explain the key technologies behind those terms and focus on the following main questions:
- How strong and reliable are the isolation capabilities of Docker/Linux/OS containers?
- How do containers affect typical application and network architectures?
- How does Kubernetes affect application deployments and workflows?
- How is “security” integrated into those paradigms?
- What additional attack surface and security challenges are introduced by the changed development landscape and additional tools?
All agenda topics will be supported by practical exercises and/or demos. At the end of the training, each attendee will have knowledge about the described buzzwords and tools and understand how they impact application architectures, development, and security posture. Additionally, a fully functional Kubernetes cluster is built, as well as relevant security measures implemented and discussed.
Who should attend this training and why?
IT Security Professionals who want to:
- understand the technology behind the recent and common buzzwords listed above,
- be able to evaluate the isolation capabilities of container solutions,
- get ideas on how to integrate security into typical DevOps environments and continuous workflows.
Software Architects and Developers who want to:
- learn about potential security vulnerabilities in common practices and tools,
- understand the concerns of the security people,
- improve their development chain by adding automated security checks.
Due to the large amount of tools and technologies, this training will not be able to cover security aspects of every single technology in detail. However, we are happy to receive specific questions before the training to potentially prepare additional material and you will get an overview how to approach unknown/new technologies from a security perspective.
The attendees should have:
- intermediate knowledge of the Linux bash and a command line-based text editor (e.g. nano or vim)
- a system with WLAN and an SSH client (i.e. PuTTY) which is able to connect via SSH to systems in the Internet.
For the exercises, we provide the needed infrastructure in a cloud environment which the attendees can connect to via SSH.