Thursday, October 13, 2022

SaltStack firewall rules

Recently I've been working with a customer to showcase de security capabilities of Aria Automation for Secure Hosts (formerly SaltStack SecOps) which I could define into two distinct modules:


Vulnerability:  

Allows the Security and IT team to scan and detect security advisories that reference the Common Vulnerabilities and Exposures (CVE), upon those finds you can easily remediate those systems with a click of a button.





Compliance:

Leveraging best practices and hardening Guides, such as CIS and NIST, allows you to define policies based on those benchmarks or even create your own custom policy. After policy definition you can asses your environment to find non-compliant systems and remediate them instantly, enhancing the secure posture of your environment.




















I'm almost getting to the point of this post;

Where Aria Automation for Secure Hosts gets all this information from?


To make sure the solution has the most up-to-date security information, the RaaS service checks daily for the latest benchmarks, and security advisories along with the software packages or versions to fix them.


Luckily VMware consolidates the CVEs from multiples vendors into a central location, that way you don't need to open access to several locations: So you only want to allow access to:


https://enterprise.saltstack.com/secops_downloads - for Compliance content.

https://enterprise.saltstack.com/vman_downloads - for Vulnerability Management content


you can double-check that on the RaaS configuration file: /etc/raas/raas


One caveat, RaaS service itself does not know about system-wide proxy settings, so if you have to use proxies, don't forget to configure the RaaS service to do so. it's pretty good documented in the section Ingesting content via http(s) proxy


That's all, keep your environment safe folks !!!

 

No comments:

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive