Learn How to Secure Your Cloud-native Applications and Infrastructure

Welcome, to Part 2 of our Cisco Application-First Security blog series! The aim of the series is to prepare you to tackle the new DevNet learning track, where you’ll learn how to secure your cloud-native applications and infrastructure using:

Application segmentation
Application monitoring
Public cloud threat detection
Multi-factor authentication

In Part 1 of the blog series we introduced you to the new DevNet learning track and accompanying DevNet Sandbox, and to the docs and other resources you can find on the new Cisco Application-First Security website. We also introduced you to the “Sock Shop” e-commerce scenario you’ll be working with in the learning track.

This Part 2 blog focuses on Cisco Duo – adaptive multi-factor authentication (MFA), which is a corner stone of Cisco’s App-First Security solution. Duo can protect both your build-environment and Sock Shop app from unintended access. In the learning lab you’ll stage the infrastructure, modify and deploy the application, and protect access to them using MFA. In the process, you’ll get your hands dirty with products and technologies including git, Kubernetes, GitHub, Docker, AWS and others.

Introduction to Sock Shop

As mentioned, you will be starting your own cloud-native, unicorn e-commerce company: “Sock Shop.” The Sock Shop application is built cloud-native, so that you never have to worry about scaling your infrastructure during Cyber-Monday and other peak moments. You will be both simulating attacks on your application, as well as protecting it with a zero-trust policy. Furthermore, you will install monitoring solutions to make sure that everything is working as your policy mandates.

Protecting your Sock Shop’s user with Cisco Duo

Let’s take a quick look at Cisco Duo. Duo provides secure access to your applications and data, no matter where your users are – on any device – from anywhere. For organizations of all sizes, Duo’s trusted access solution creates trust in users, devices, and the applications they access.

Duo Web makes it easy to add strong two-factor authentication to your web application, complete with inline self-service enrollment and Duo Prompt. Implementing Duo two-factor authentication into your site involves simply adding a second login page and splitting your login handler into two parts.

You should be familiar with your web application’s programming language and authentication process. Client libraries are available for Python, Ruby, Classic ASP, ASP.NET, Java, PHP, Node.js, ColdFusion, and Perl.

For example, a typical single factor login process looks something like this:

After adding Duo authentication, it will look more like this:

There are three things you need to do to set this up:

call sign_request()
add the JavaScript and IFRAME
call verify_response()

This makes it fairly easy to add Duo MFA to your web application!

By adding Duo MFA to the login process, you will reduce the risk of a data breach and ensure trusted access to sensitive data in your Sock Shop. On top of that, Duo can do granular application-, device- and user-based policies, like restricting access to specific applications for non-managed devices, blocking access to all applications for jailbroken devices or blocking access from Tor exit nodes. This will make sure that you are compliant with data privacy regulations around the world. You’ll instrument Duo MFA into the Sock Shop so that users of the application must have a second form of authentication to login. This ensures that the users are who they say they are, because we all know that your password is “qwerty123!”?