mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,103 @@
|
||||
# Workflows: HashiCorp Boundary Zero Trust Implementation
|
||||
|
||||
## Workflow 1: Initial Boundary Deployment
|
||||
|
||||
```
|
||||
Step 1: Infrastructure Preparation
|
||||
- Provision PostgreSQL database for Boundary backend
|
||||
- Generate TLS certificates for controller and workers
|
||||
- Configure KMS (Vault Transit or AEAD for dev)
|
||||
- Set up network connectivity between components
|
||||
|
||||
Step 2: Controller Deployment
|
||||
- Install Boundary binary on controller hosts
|
||||
- Configure controller with database, KMS, and listeners
|
||||
- Initialize database schema
|
||||
- Verify controller health and API accessibility
|
||||
|
||||
Step 3: Worker Deployment
|
||||
- Install Boundary on worker hosts in each network zone
|
||||
- Configure worker with controller address and KMS
|
||||
- Register workers with tags for routing decisions
|
||||
- Verify worker registration and health
|
||||
|
||||
Step 4: Identity Provider Integration
|
||||
- Configure OIDC auth method with organizational IdP
|
||||
- Map IdP groups to Boundary managed groups
|
||||
- Test authentication flow end-to-end
|
||||
- Configure token and session expiry policies
|
||||
```
|
||||
|
||||
## Workflow 2: Target Onboarding
|
||||
|
||||
```
|
||||
Step 1: Create Scope Hierarchy
|
||||
- Define organization scope for each business unit
|
||||
- Create project scopes for environment isolation
|
||||
- Assign admin roles to scope owners
|
||||
|
||||
Step 2: Configure Host Catalogs
|
||||
- Static catalogs for fixed infrastructure
|
||||
- Dynamic catalogs for cloud resources (AWS, Azure, GCP)
|
||||
- Plugin-based catalogs for auto-discovery
|
||||
|
||||
Step 3: Define Targets
|
||||
- Map each target to host sets
|
||||
- Configure default ports and session limits
|
||||
- Enable session recording for privileged targets
|
||||
- Link credential sources (Vault libraries)
|
||||
|
||||
Step 4: Create Access Policies
|
||||
- Define roles with minimum necessary grants
|
||||
- Assign roles to managed groups from IdP
|
||||
- Test access with each role
|
||||
- Document access patterns and justifications
|
||||
```
|
||||
|
||||
## Workflow 3: Vault Credential Integration
|
||||
|
||||
```
|
||||
Step 1: Configure Vault Secrets Engines
|
||||
- Enable database secrets engine for dynamic credentials
|
||||
- Configure SSH secrets engine for certificate signing
|
||||
- Set up PKI engine for TLS certificates
|
||||
- Define roles with appropriate TTL and permissions
|
||||
|
||||
Step 2: Create Boundary Credential Stores
|
||||
- Create Vault credential store in Boundary
|
||||
- Provide Vault token with appropriate policies
|
||||
- Configure namespace if using Vault Enterprise
|
||||
|
||||
Step 3: Create Credential Libraries
|
||||
- Map Vault paths to Boundary credential libraries
|
||||
- Configure credential type (username_password, ssh_certificate)
|
||||
- Link libraries to targets as brokered or injected sources
|
||||
|
||||
Step 4: Test and Validate
|
||||
- Connect to target with dynamic credentials
|
||||
- Verify credentials are revoked after session end
|
||||
- Confirm session recording captures access
|
||||
- Validate audit logs contain credential events
|
||||
```
|
||||
|
||||
## Workflow 4: Access Review and Audit
|
||||
|
||||
```
|
||||
Step 1: Regular Access Review
|
||||
- Export role assignments and grant strings
|
||||
- Review with resource owners quarterly
|
||||
- Remove stale or unnecessary access
|
||||
- Update managed group filters if IdP groups change
|
||||
|
||||
Step 2: Session Recording Review
|
||||
- Review session recordings for privileged targets
|
||||
- Investigate anomalous session patterns
|
||||
- Export recordings for compliance evidence
|
||||
- Archive recordings per retention policy
|
||||
|
||||
Step 3: Compliance Reporting
|
||||
- Generate access control matrix from Boundary
|
||||
- Map controls to compliance framework requirements
|
||||
- Document exceptions and compensating controls
|
||||
- Present findings to audit and compliance teams
|
||||
```
|
||||
Reference in New Issue
Block a user