Posts Tagged ‘Virtualized’
(Physical, Virtualized and Cloud) Security Automation – An API Example
Last Updated on Monday, 12 March 2012 12:45 Written by Celframe Security Team Saturday, 14 April 2012 04:00
The premise of my Commode Computing presentation was to reinforce that we desperately require automation in all aspects of “security” and should work toward leveraging APIs in stacks and products to enable not only control but also audit and compliance across physical and virtualized solutions.
There are numerous efforts underway that underscore both this need and the industry’s response to such. Platform providers (virtualization and cloud) are leading this charge given that much of their stacks rely upon automation to function and the ecosystem of third party solutions which provide value are following suit, also.
Most of the work exists around ensuring that the latest virtualized versions of products/solutions are API-enabled while the CLI/GUI-focused configuration of older products rely in many cases still on legacy management consoles or intermediary automation and orchestration “middlemen” to automate.
Here’s a great example of how one might utilize (Perl) scripting and RESTful APIs against VMware’s vShield Edge solution to provision, orchestrate and even audit firewall policies using their API. It’s a fantastic write-up from Richard Park of SourceFire (h/t to Davi Ottenheimer for the pointer):
Working with VMware vShield REST API in perl:
Here is an overview of how to use perl code to work with VMware’s vShield API.
vShield App and Edge are two security products offered by VMware. vShield Edge has a broad range of functionality such as firewall, VPN, load balancing, NAT, and DHCP. vShield App is a NIC-level firewall for virtual machines.
We’ll focus today on how to use the API to programatically make firewall rule changes. Here are some of the things you can do with the API:List the current firewall rulesetAdd new rulesGet a list of past firewall revisionsRevert back to a previous ruleset revision
Awesome post, Richard. Very useful. Thanks!