DevOps Configuration Management Tier Discussion (infosec.pub)

submitted 2 years ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc)

Do you consider your CM tool tier 0?

If so, do you only allow access to it via privileged access workstations?

Would you use GIT for the code repository?

What about if the GIT repo was local and also controlled as a tier 0?

What does your CM setup look like?

top 1 comments

sorted by: hot top new old

[-] [email protected] 3 points 2 years ago

Not my personal setup, but I've worked at orgs in the past where the tier0 infra was set up using terraform and all funneled through github PRs. To add users/gain access to resources...etc, users would submit a PR and someone on the IT team would review/reject accordingly. It allowed for scalability and version/config control, but still required human input for the actual security question decision making.

this post was submitted on 09 Jan 2024

3 points (100.0% liked)

cybersecurity

4413 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]