cybersecurity

5897 readers

14 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

DevOps Configuration Management Tier Discussion (self.cybersecurity)

submitted 2 years ago by MSgtRedFox to c/cybersecurity

1 comments fedilink hide all child comments

Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc)

Do you consider your CM tool tier 0?

If so, do you only allow access to it via privileged access workstations?

Would you use GIT for the code repository?

What about if the GIT repo was local and also controlled as a tier 0?

What does your CM setup look like?

top 1 comments

sorted by: hot top controversial new old

[–] NovaPrime@lemmy.ml 3 points 2 years ago

Not my personal setup, but I've worked at orgs in the past where the tier0 infra was set up using terraform and all funneled through github PRs. To add users/gain access to resources...etc, users would submit a PR and someone on the IT team would review/reject accordingly. It allowed for scalability and version/config control, but still required human input for the actual security question decision making.