On your security assumption - first of all, all security depends on the value of what you have to protect. If all you have on your server farm is your own G-rated vacation photos, your security needs are going to be different from if you are managing, say, health care or banking information or top-secret military info.
That said, even if you are behind a firewall, security should still be a concern. The key is defense in depth. Firewalls protect against one particular type of threat - and even then, the firewall can be misconfigured.
A firewall will not protect you against things such as:
-
Rogue software (viruses) running behind your firewall.
-
Rogue employees (insider threats are usually a bigger problem than outside hackers!)
-
Information accidentally leaked - say, somebody accidentally posting sensitive information to Facebook or a mailing list.
-
A well-meaning employee who knows just enough to be dangerous trying to help by “fixing” a chef cookbook for you.
Firewalls are great - and important - security devices. Think of it as a tool, one of many you should have in your kit. If you were to build a house, you wouldn’t just use a hammer and think you’d end up with a quality building? Security is the same.
Kevin Keane
The NetTech
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html
-----Original message-----
From: Jim Fluke james.fluke@colostate.edu
Sent: Monday 16th February 2015 17:22
To: chef@lists.opscode.com
Subject: [chef] How can I improve this cookbook?
Ohai Chefs!
I have been working with Chef off and on for a while now, but mostly just doing experiments and training. Recently I have gotten more serious, and have written two cookbooks that install a web API and a web application that uses the API. They both work, but I would like to get some feedback on how they could be improved. To that end I have made the application cookbook public athttps://bitbucket.org/cira-dpc/searchciradata_cookbook
Let me know if you have trouble getting to it.
Note that this is all running inside our firewall, including the open source Chef server, so I don’t think we need to worry to much about security, but if you disagree let me know about that too.
Thanks,
Jim