4 Handling sensitive data

In December of 2020, one of the largest and most sophisticated cyberattacks ever was found to be taking place on systems across the globe. Security experts discovered that the SolarWinds Orion platform was the subject of a supply chain hack. Hackers were able to inject malware directly into the binaries of some Orion updates. This attack was such a big deal because SolarWinds’ Orion is a monitoring and automation platform. Their motto, “One platform to rule your IT stack,” makes it a very enticing target for bad actors.

More than 200 companies and federal agencies were impacted by this attack, including some big names like Intel, Nvidia, Cisco, and the US departments of Energy and Homeland Security. Expert suspect that this attack is responsible for other exploits found shortly after at Microsoft and VMware.

If someone is able to gain full access to an automation platform, not only are they able to perform any action that platform has permissions to perform, they also have access to all the information and data stored inside that platform. So, if you have a script with full domain admin rights or full global administrator, the bad actors will have those rights and privileges.

4.1 Principles of automation security

4.1.1 Do not store sensitive information in scripts

4.1.2 Principle of least privilege

4.1.3 Consider the context

4.1.4 Create role-based service accounts

4.1.5 Use logging and alerting

4.1.6 Do not rely on security through obscurity

4.1.7 Secure your scripts

4.2 Credentials and secure strings in PowerShell

4.2.1 Secure strings

4.2.2 Credential objects

4.3 Storing credentials and secure strings in PowerShell

4.3.1 The SecretManagement module

4.3.2 Set up the SecretStore vault

4.3.3 Set up a KeePass vault

4.3.4 Choosing the right vault

4.3.5 Adding secrets to a vault

4.4 Using credentials and secure strings in your automations

4.4.1 SecretManagement module

4.4.2 Using Jenkins credentials

4.5 Know your risks

4.6 Summary