Virtualized web infrastructures often means having a bunch of web applications talking HTTP to each other all over your network. REST APIs everywhere, VMs appearing and disappearing every day, without any sort of ACL or passwords between them. From a firewall standpoint, manually managing the rules between those VMs is unrealistic, and often results in opening tcp/80 (and more) everywhere by default. This is obviously not ideal. Some have tried to deploy web application firewall, but few have survived to testify. AFW (http://github.com/jvehent/AFW) is a Chef cookbook that solves these problems by controlling host-based Netfilter/iptables firewalls on each system of a Chef provisioned environment. I will demonstrate how host-to-host rules can be created and kept up to date by using a set of generic rules expanded dynamically.
About the speaker
Julien is a Security Engineer at AWeber.com. He specializes in Web Architecture’s Systems and Security, Networking and Cryptography. He build infrastructures from the ground up, in datacenters or in the cloud, and from the front firewall to the backend database.