Red Hat Ansible As a Basic Security Tool

It seems not a day goes by without another security incident making headlines. SolarWinds, Microsoft, various government entities; the list is growing and becoming more inclusive of the very companies we look to for guidance.

Security is a topic that should be of concern for everyone, but it is typically left to those who are responsible for the administration of IT resources. Some organizations have security teams that create standards of operation meant to yield the most secure environment possible. There are many enterprises, however, where this responsibility falls on administrators. Regardless of how your organization operates, basic steps can and should be taken in every environment to ensure the business has adopted the most secure stance possible at all times with regard to their compute resources. What should a device or service configuration look like? What does the environment look like right now? These are questions that must be answered accurately and with the speed required to remedy a security “situation” as quickly as possible.

When reacting to a security incident, there are a variety of factors that come into play, and more questions to ask: What are our management mechanisms for the different pieces of our environments? Networking? Systems? Services? Containers? Cloud Components? How do we gather that information? After we have amassed data from the disparate pieces of our environments, how do we assemble the information to make it consumable by all potential entities that may need involvement?

Once determinations have been made about the appropriate response to an incident, organizations must have the tools in place to propagate those changes across all environments, as well as methods to coordinate, track, and document any changes in security posture.

For those of us responsible for the compute environments of our organizations, Red Hat Ansible Automation Platform can be a tremendous tool in helping us improve our security stance. Ansible offers a common tool that can be leveraged across entire organizations to provide a method for interrogation of resources and management of configurations.

Ansible can be a desired state configuration tool, meaning that with Ansible, instead of describing a series of steps that will (hopefully) get us to a desired configuration, we are defining what a system, device, or service configuration should be, allowing Ansible to determine the best method to achieve it. Ansible leverages purpose-built modules to interact with the devices and services it manages to enact the state that we are defining.

Because of the popularity and broad acceptance of Ansible, modules have been created for interaction with the majority of systems, networking devices, and associated services that are available to us today, and the list keeps growing. Additionally, Ansible has modules like the script module that allows businesses to leverage existing procedures. In fact, Ansible is not a tool that requires massive migrations or changes in approaches to management on Day One of implementation. Rather, Ansible Automation Platform is a tool that can be used to bring all currently disparate methods of management and interrogation together, while filling in the gaps.

Would You Know if Your Environment Changed?

Rapidly gathering relevant data from the entirety of an environment and preparing it in a format that is consumable either programmatically or for human readability is a huge challenge. Many organizations will have portions of the environment thoroughly documented to a point in time, but most have significant gaps in current relevant data about their environments. Indeed, most environments lack a method of complete, immediate interrogation of their own environments. This lack of data about what an environment currently looks like versus what it should look like leaves organizations potentially vulnerable should unauthorized changes start taking place.

Ansible Automation Platform provides us with methods of creating automation routines that can inspect our environments’ various components (system, networking, cloud, services, etc.) current state and prepare the information to meet our documentation or programmatic requirements. This ability to gather relevant information about the environment, either on demand or on a scheduled basis, allows us to have and use the information required to make the necessary determinations about the state of the environment whenever required.

Would You Know What to Do?

Security incidents require an immediate response. The timeliness of the response can have an effect on the potential impact of the incident. Ansible Automation Platform has integrations with security software and devices including SIEM, IDS, and Firewalls, for example. These security resource integrations can vastly improve response times and facilitate traceable interaction and coordination between these resources from a single entity.

For those environments that may not leverage all of these security components, Ansible Automation Platform can still have a considerable positive impact on response times. Ansible provides a common mechanism for interacting with most or all of the components in your environments, be they physical, virtual, networking, or cloud resources and services. As described earlier, Ansible can be a desired state configuration tool, which gives users the capability to reach deep into their environment to make whatever changes are appropriate to react to a security situation.

Perhaps the separation of an employee requires immediate action to remove access from internal systems and services. Maybe an organization requires the ability to create scheduled automations that would remove a contractor’s access from multiple systems and devices on a specific date. Or, a newly published security vulnerability may require an enterprise to turn off a specific service on all of its Windows systems, or just on select flavors of its Linux systems. There are times IT may need to disable a port on all networked devices, propagate a VLAN change, spin up additional cloud resources or turn them off. Ansible Automation Platform is a common, flexible, and auditable tool that performs all these functions and more.

For more information on Red Hat Ansible Automation Platform and its potential positive impact on your security posture, please reach out to the Red Hat Practice at International Integrated Solutions (IIS). The Red Hat Practice at IIS is here to help provide the information and resources you require to make intelligent, informed decisions about your environment. Through our strong collaborations with industry leaders like Dell/EMC, HPE, Citrix, Nvidia, Red Hat and many others, we bring subject matter experts to address the integration points that make your environment unique.

Jesse Barker

Written by Jesse Barker