Everything you ever wanted to know about security policy management, and much more.
In my previous blog posts, I described how the DevOps process is broken as soon as it comes to some network security changes, and how you can use AlgoSec to close this gap and live the DevOps dream to its fullest. I also gave a detailed example on how to make network security DevOps-able using the AlgoSec role for Ansible.
But what if you don’t use Ansible? What if you use another orchestration and configuration management framework, or perhaps even some home-grown automation scripts…?
The answer is simple – just follow the same concepts, utilizing AlgoSec’s rich API set.
Feeling a bit lazy about reading the API guides and writing all that “glue” code yourself? As a recovering software developer myself, I can obviously relate. That’s why we created the AlgoSec Python package.
AlgoSec for Python is an open-source Python SDK, wrapping AlgoSec’s official APIs, and providing exactly the functionality you need for the DevOps use case I described, easily usable in any Python integration script.
All you need to do is install the AlgoSec Python package (e.g. using pip), and script away (obviously you need AlgoSec BusinessFlow and AlgoSec FireFlow too)
You can use the same logic as per the Ansible role – it actually uses that same open-source SDK too. What you need to do:
Something like this:
{ “applications”: [
{
“app_name”: “Billing”,
“app_flows”: {
“flow1”: {
“sources”: [“HR Payroll server”, “192.168.0.0/16”],
“destinations”: [“16.47.71.62”],
“services”: [“HTTPS”]
},
“flow2”: {
“sources”: [“10.0.0.1”],
“destinations”: [“10.0.0.2”],
“services”: [“udp/501”]
},
“flow3”: {
“sources”: [“1.2.3.4”],
“destinations”: [“3.4.5.6”],
“services”: [“SSH”]
}
}
},
{
“app_name”: “Payroll”,
“app_flows”: {
“new-flow”: {
“sources”: [“1.2.3.4”],
“destinations”: [“3.4.5.6”],
“services”: [“SSH”]
}
}
}
]
}
Then, write some Python code to read that file into Python as a list (you can check out the AlgoSec Ansible role code as a reference).
Don’t forget to specify the connectivity requirements in all environments (dev/test/prod) – either in the same application or as separate applications. That way there won’t be any surprises when deploying in production.
That’s it. You’re done. You have now successfully leveraged AlgoSec to DevOpsify network connectivity, using the AlgoSec Python SDK.
Feel free to share, with me at or with the world) your implementation! We’d love to see your variants, and hopefully get some great ideas to further improve the existing capabilities and integrations.
Receive notifications of new posts by email.