Back to Details

implementing-security-chaos-engineering

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Implementing Security Chaos Engineering

实施安全混沌工程

When to Use

适用场景

  • When deploying or configuring implementing security chaos engineering capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation
  • 在您的环境中部署或配置安全混沌工程能力时
  • 建立符合合规要求的安全控制措施时
  • 构建或改进该领域的安全架构时
  • 开展需要此实施的安全评估时

Prerequisites

前提条件

  • Familiarity with security operations concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities
  • 熟悉安全运营概念与工具
  • 可访问测试或实验室环境以安全执行实验
  • 安装Python 3.8+及所需依赖
  • 具备任何测试活动的适当授权

Instructions

操作说明

Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly.
python
undefined
设计并执行安全混沌实验,故意破坏安全控制措施,以验证检测、告警与响应系统是否正常工作。
python
undefined

Example: Verify detection when a security group is opened

Example: Verify detection when a security group is opened

import boto3 ec2 = boto3.client("ec2")
import boto3 ec2 = boto3.client("ec2")

Chaos experiment: temporarily add 0.0.0.0/0 rule

Chaos experiment: temporarily add 0.0.0.0/0 rule

ec2.authorize_security_group_ingress( GroupId="sg-12345", IpProtocol="tcp", FromPort=22, ToPort=22, CidrIp="0.0.0.0/0", )
ec2.authorize_security_group_ingress( GroupId="sg-12345", IpProtocol="tcp", FromPort=22, ToPort=22, CidrIp="0.0.0.0/0", )

Verify: does GuardDuty/Config alert fire within SLA?

Verify: does GuardDuty/Config alert fire within SLA?

Rollback: remove the rule after verification

Rollback: remove the rule after verification


Key experiments:
1. Open a security group and verify Config Rule alerts
2. Disable CloudTrail and verify detection time
3. Create IAM admin user and verify alert triggers
4. Simulate log pipeline failure and check monitoring gaps
5. Deploy test malware hash and verify EDR response

关键实验场景:
1. 开放安全组并验证Config Rule告警
2. 禁用CloudTrail并验证检测时间
3. 创建IAM管理员用户并验证告警触发
4. 模拟日志管道故障并检查监控缺口
5. 部署测试恶意软件哈希并验证EDR响应

Examples

示例

python
undefined
python
undefined

Rollback function for safe experiment execution

Rollback function for safe experiment execution

def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300): try: setup_fn() result = verify_fn(timeout) finally: rollback_fn() return result
undefined
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300): try: setup_fn() result = verify_fn(timeout) finally: rollback_fn() return result
undefined