Skip to content
/ societe-generale-OCTANE Public
forked from yannickneff/OCTANE

Securize the exposure of web applications through cloud service provider (currently AWS)

License

GPL-2.0 license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PCDevSecOps/societe-generale-OCTANE

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
ansible
ansible
 
 
cloudformation
cloudformation
 
 
documentation
documentation
 
 
resources/img
resources/img
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AWS cIAP OCTANE

What is OCTANE ?

OCTANE is:

  • A cIAP (cloud Internet Access Point). Mainly, it is a security product between Internet and your public application hosted in your private zone
  • The acronym (with imagination and goodwill) of Opensource cIAP Nextgen
  • A Societe Generale Open Source project developped by Eric BOUTEVILLE within Public Cloud Feature Team (Cloud Center Of Excellence) of Societe Generale
  • Compatible on AWS but can be modified to use another Cloud Service Provider (Azure, OpenStack, Vmware...) or bare-metal, most of components are Linux-based softwares

Why OCTANE ?

OCTANE can:

  • Securly expose a WebSite to Internet
  • Protect you against intrusions (SQL injection, cross-site scripting (XSS), file inclusion...) & virus
  • Limit you against deny of service
  • Detect malicious activities or policy violations
  • Securly connect your external users to your internal zone
  • Collect all the logs and provide metrics, search and analytics
  • Be easly derivated on other x86 (Azure, OpenStack, Bare-Metal) platform in order to have the same Internet Access Point in a multi-cloud context

How (Architecture) ?

HLD

There are several layers (from the most exposed -Internet- to the less exposed -Internal-):

  • redundant load-balancers
  • redundant filtering layer
  • redundant reverse-proxies
  • redundant proxies with SSL terminaison
  • redundant WAF or TCP relay (it depends on the protocol used)
  • redundant Antivirus & IDS
  • (not yet redundant) VPN
  • redundant firewalls
  • AWS private link or VPC peering (what suits you)

Those functionnalities are deployed by:

  • The cloudformation template aims to build the AWS infrastructure (EC2, ELB...)
  • The ansible playbook will configure all software components (inside EC2)

For further details, a more complete READme is available in each directory.

Detailed documentation

Architecture

Run & Installation

Roadmap

  • Azure version
  • Autoscaling group implementation
  • Common referential (LDAP/other), this will permit to link users to domains/VPN.
  • API to manage web exposition
  • WEB server choice: apache/nginx
  • IDS choice: suricata/snort
  • VPN choice: ipsec(strongswam)/wireguard/openvpn
  • OpenStack version (idea)

License

GPLv2

Authors

This project has been created in 2018 by Eric BOUTEVILLE and Product Owner by Yannick NEFF

Contributors

Softwares / Used components

Haproxy

Nginx

ModSecurity

Suricata

HAVP

CLAMAV

Beats

Telegraf

Logstash

Influxdb

Grafana

OpenVPN

AWS

Sponsorship

Societe Generale Logo

About

Securize the exposure of web applications through cloud service provider (currently AWS)

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 59.2%
  • Python 33.1%
  • Makefile 7.7%