20160825_AWS運用時に気をつけておくべきセキュリティのポイント(株式会社 ターン・アンド・フロンティア)

Transcript

1. "84ӡ༻࣌ʹ
   ؾΛ͚͓ͭͯ͘΂͖
   ηΩϡϦςΟͷϙΠϯτ 
   גࣜձࣾ
   λʔϯɾΞϯυɾϑϩϯςΟΞ
   ΠϯϑϥΤϯδχΞɾϑΣϩʔ
   ্ฏɹ༟໻

2. ࣗݾ঺հ ɾ໊લɿ্ฏ
   ༟໻
   ΢Τώϥ
   Ϣ΢Ϡ
   ɾॴଐɿגࣜձࣾ
   λʔϯɾΞϯυɾϑϩϯςΟΞ
   ɾ໾৬ɿΠϯϑϥΤϯδχΞɾϑΣϩʔ
   ɾࢿ֨ɿ
   ɾझຯɿϒϥοΫόεϑΟογϯά
   ɾ࿡੕઎ज़ɿ౔੕ਓʴ

3. ΞδΣϯμ w "84ʹ͓͚Δߏஙͷجຊ
   w ύϒϦοΫΫϥ΢υͳΒͰ͸ͷ߈ܸ
   w αʔόΛ৐ͬऔΒΕͨܦݧ
   w ੬ऑੑͷڴҖ
   w

   ൪֎ฤ
   w ·ͱΊ

4. "84ʹ͓͚Δߏஙͷجຊ

5. "84ߏஙʹ͓͚ΔωοτϫʔΫߏ੒

6. ̏֊૚ͷϧʔτςʔϒϧ w QVCMJDOFUXPSL
   
   &-#
   
   /"5αʔό /"5(8
   
   ౿Έ୆αʔό
   w QSPUFDUFEOFUXPSL
   

   
   8&#αʔό
   
   "11αʔό
   w QSJWBUFOFUXPSL
   
   %#αʔό
   
   3%4 ૹ৴ઌ λʔήοτ  MPDBM ૹ৴ઌ λʔήοτ  MPDBM  OBU9999999 ૹ৴ઌ λʔήοτ  MPDBM  JHX9999999

7. ͳͥ̏֊૚ʁ w ֊૚Ͱ͋Δඞཁ͸ͳ͍ w ֤ػೳΛಉ͡αϒωοτʹ഑ஔ͠ͳ͍ w ࿦ཧతʹ෼཭ ˠ
   ༧ظ͠ͳ͍઀ଓੑΛ્ࢭ

8. Μͳ͜ͱΘ͔ͬͯΔ͚Ͳ
   ༧ࢉऔΕ΁Μɾɾɾ

9. /"5αʔό΍౿Έ୆αʔόෆཁʂ
   όϥϯαʔෆཁʂ%#αʔόಉډʂ
   ͜ΕͰ͑͑Μ΍

10. ύϒϦοΫΫϥ΢υͳΒͰ͸ͷ߈ܸ

11. &$Λ࡞੒ w ύϒϦοΫωοτϫʔΫʹ࡞੒ w &*1෇༩ w XFCαʔόΠϯετʔϧ w -0(ΛUBJM͢Δ ͢Δͱɾɾɾ

    w 4FDVSJUZ(SPVQʹͯTTIͱIUUQΛશ։์

12. ໿෼ޙʹ߈ܸ͞ΕΔ TTIE<>
    %JE
    OPU
    SFDFJWF
    JEFOUJpDBUJPO
    TUSJOH
    GSPN
    
    TTIE<>
    "EESFTT
    
    NBQT
    UP
    XXXNBHVNBDPN
    CVU
    UIJT
    EPFT
    OPU
    NBQ
    CBDL
    UP
    UIF
    BEESFTT
    
    1044*#-&
    #3&",*/
    "55&.15
    TTIE<>
    *OWBMJE
    VTFS
    B
    GSPN
    
    TTIE<>
    JOQVU@VTFSBVUI@SFRVFTU
    JOWBMJE
    VTFS
    B
    <QSFBVUI>
    TTIE<>
    $POOFDUJPO
    DMPTFE
    CZ
    
    <QSFBVUI>
    TTIE<>
    "EESFTT
    
    NBQT
    UP
    XXXNBHVNBDPN
    CVU
    UIJT
    EPFT
    OPU
    

    NBQ
    CBDL
    UP
    UIF
    BEESFTT
    
    1044*#-&
    #3&",*/
    "55&.15
    TTIE<>
    *OWBMJE
    VTFS
    BKBZ
    GSPN
    
    TTIE<>
    JOQVU@VTFSBVUI@SFRVFTU
    JOWBMJE
    VTFS
    BKBZ
    <QSFBVUI>
    TTIE<>
    $POOFDUJPO
    DMPTFE
    CZ
    
    <QSFBVUI>
    TTIE<>
    "EESFTT
    
    NBQT
    UP
    XXXNBHVNBDPN
    CVU
    UIJT
    EPFT
    OPU
    NBQ
    CBDL
    UP
    UIF
    BEESFTT
    
    1044*#-&
    #3&",*/
    "55&.15
    TTIE<>
    *OWBMJE
    VTFS
    BTL
    GSPN
    
    TTIE<>
    JOQVU@VTFSBVUI@SFRVFTU
    JOWBMJE
    VTFS
    BTL
    <QSFBVUI>
    TTIE<>
    $POOFDUJPO
    DMPTFE
    CZ
    
    <QSFBVUI>

13. JOFUOVN
    
    
    
    
    
    
    
    
    
    
    OFUOBNF
    
    
    
    
    
    
    
    5*45&$)/0*//07"5*0/4065)5:30-,"(/&5
    EFTDS
    
    
    
    
    
    
    
    
    
    5*4
    
    5&$)/0
    *//07"5*0/
    4065)
    5:30-
    ,"(
    DPVOUSZ
    
    
    
    
    
    
    
    *5
    *5ΠλϦΞ
    BENJOD
    
    
    
    
    
    
    
    ))3*1&
    UFDID
    
    
    
    
    
    
    
    
    ))3*1&
    TUBUVT
    
    
    
    
    
    
    
    
    "44*(/&%
    1"
    NOUCZ
    
    
    
    
    
    
    
    
    #$0./&5./5
    

    DSFBUFE
    
    
    
    
    
    
    
    5;
    MBTUNPEJpFE
    
    5;
    TPVSDF
    
    
    
    
    
    
    
    
    3*1&
    
    'JMUFSFE ߈ܸ͖ͯͨ͠*1ΞυϨεΛௐࠪᶃ

14. "EESFTT
    
    NBQT
    UP
    XXXNBHVNBDPN
    CVU
    UIJT
    EPFT
    OPU
    NBQ
    CBDL
    UP
    UIF
    BEESFTT
    
    1044*#-&
    #3&",*/
    "55&.15 ߈ܸ͖ͯͨ͠*1ΞυϨεΛௐࠪᶄ w *1ΞυϨεͷ%/4Λ֬ೝ w ͷٯҾ͖ w XXXNBHVNBDPNͷਖ਼Ҿ͖

    JOBEESBSQB
    
    */
    
    
    153
    
    
    XXXNBHVNBDPN XXXNBHVNBDPN
    
    
    
    
    
    
    
    
    
    
    
    
    */
    
    
    
    
    
    $/".&
    
    
    NBHVNBDPN
    NBHVNBDPN
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    */
    
    
    
    
    
    "
    
    
    
    
    
    
    
    
    
    
    
    

15. "EESFTT
    
    NBQT
    UP
    XXXNBHVNBDPN
    CVU
    UIJT
    EPFT
    OPU
    NBQ
    CBDL
    UP
    UIF
    BEESFTT
    
    1044*#-&
    #3&",*/
    "55&.15 ߈ܸ͖ͯͨ͠*1ΞυϨεΛௐࠪᶄ w *1ΞυϨεͷ%/4Λ֬ೝ w ͷٯҾ͖ w XXXNBHVNBDPNͷਖ਼Ҿ͖

    JOBEESBSQB
    
    */
    
    
    153
    
    
    XXXNBHVNBDPN XXXNBHVNBDPN
    
    
    
    
    
    
    
    
    
    
    
    
    */
    
    
    
    
    
    $/".&
    
    
    NBHVNBDPN
    NBHVNBDPN
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    */
    
    
    
    
    
    "
    
    
    
    
    
    
    
    
    
    
    
    

16. ߈ܸճ਺ ϢχʔΫ*1 TTI   OHJOY   TTIͷ߈ܸ͕ଟ͍ &$࡞੒͔Β̓࣌ؒܦաޙͷ߈ܸճ਺

17. Ͳ͏͢Δͷ͔ʁ αʔόΛ৐ͬऔΒΕͨख๏Λ͝঺հ ࠷௿ݶɺ*1ϑΟϧλʔͷ࣮ࢪʂ TTI͸伴ೝূʹ͢Δ /FYUɾɾɾ

18. αʔόΛ৐ͬऔΒΕͨܦݧ

19. w QFSMͰॻ͔ΕͨεΫϦϓτΛઃஔ w εΫϦϓτ಺ͰεΫϦϓτࣗ਎Λ࡟আ w εΫϦϓτ಺Ͱࣗ਎ͷϓϩηε໊Λมߋ w *3$ΫϥΠΞϯτͱͯ͠߈ܸऀͷ*3$αʔόʹ઀ଓ w *3$αʔό͔ΒίϚϯυΛૹ৴

    w *3$ΫϥΠΞϯτ QFSM ͕ίϚϯυΛ࣮ߦ w αʔό৘ใ͕౪·Εͨ αʔό৐ͬऔΓͷखޱ

20. ߈ܸऀͷεΫϦϓτྫ

21. ߈ܸऀͷεΫϦϓτྫ

22. IUUQ߈ܸ͸Ͳ͏ͳͷʁ

23. IUUQ "11 ΁ͷ߈ܸ w ϓϩάϥϜ QIQͳͲ ͷ੬ऑੑ w IUUQ௨৴ʹΑΔ௨৴಺༰ͷ౪ௌ w

    QPTU΍HFUσʔλͷਫ਼ࠪ

24. ༗໊ͳ੬ऑੑΛ࣮ԋ w CBTIͷ੬ऑੑΛར༻ͨ͠೚ҙίʔυͷ࣮ߦ 4IFMM4IPDL ʢ$7&
    ౳ʣ
    w 42-ΠϯδΣΫγϣϯ
    w ΫϩεαΠτεΫϦϓςΟϯά

25. ༗໊ͳ੬ऑੑΛ࣮ԋ w CBTIͷ੬ऑੑΛར༻ͨ͠೚ҙίʔυͷ࣮ߦ 4IFMM4IPDL ʢ$7&
    ౳ʣ
    w 42-ΠϯδΣΫγϣϯ
    w ΫϩεαΠτεΫϦϓςΟϯά

26. Կ͢Δͷʁ ϒϥ΢β͔ΒFUDQBTTXEͳͲΛൈ͖औΓ·͢

27. CBTIͷ੬ऑੑΛར༻ͨ͠೚ҙίʔυͷ࣮ߦ w ֬ೝ
    FOW
    Y
    \
    ^
    FDIP
    WVMOFSBCMF
    CBTI
    D
    FDIP
    UIJT
    JT
    B
    UFTUz
    w ղઆ
    ʮ
    \ʯͰ࢝·Δ৔߹ɺCBTI͸GVODUJPOͱͯ͠ཧղɻ
    ͔͠͠ɺؔ਺ͷத਎͕ʮʯͰ͋ΔͨΊɺCBTI͸յΕͯ͠·͏ɻ
    

    Τϥʔ͕ൃੜ͍ͯ͠Δʹ΋͔͔ΘΒͣɺͦͷ··ʮFDIP
    WVMOFSBCMFʯ Λ࣮ߦͯ͠͠·͏ɻ
    DHJͰ͸
    TZTUFN lFDIP
    &/7\b)551@64&3@"(&/5`^
    ͷΈ

28. TIFMMTIPDL

29. ༗໊ͳ੬ऑੑΛ࣮ԋ w CBTIͷ੬ऑੑΛར༻ͨ͠೚ҙίʔυͷ࣮ߦ 4IFMM4IPDL ʢ$7&
    ౳ʣ
    w 42-ΠϯδΣΫγϣϯ
    w ΫϩεαΠτεΫϦϓςΟϯά

30. Կ͢Δͷʁ σʔλϕʔε಺ͷશϢʔβʔ৘ใΛൈ͖औΓ·͢

31. 42-ΠϯδΣΫγϣϯ

32. 42-ΠϯδΣΫγϣϯ w ςετ಺༰
    ϩάΠϯೝূͳͲΛ໛ٖɻϢʔβʔͱύεϫʔυΛೖྗ͠ɺ֘౰͢Δ͔֬ೝɻ
    σʔλϕʔεʹ֘౰ߦ͕ଘࡏͨ͠৔߹ग़ྗ
    w ղઆ
    1045Ͱड͚औͬͨத਎Λਫ਼͍ࠪͯ͠ͳ͍ͨΊɺͦͷ··42-จʹ୅ೖɻࠓ ճͷ৔߹ɺʮ`
    PS
    bB`bBʯΛQPTUʹೖྗɻ
    ͦͷ݁ՌɺҎԼͷΑ͏ͳ42-ͱͳΔɻ
    

    ʮTFMFDU
    ʙ
    XIFSF
    OBNFVTFSOBNF
    BOE
    QBTTbQBTTXPSEʯ
    ɹɹˣ
    ʮTFMFDU
    ʙ
    XIFSF
    OBNF
    PS
    BB
    BOE
    QBTT
    PS
    bBBʯ
    ʮ`B`Bʯ͕ৗʹUSVFͰ͋ΔͨΊɺXIFSF͕ҙຯΛͳ͞ͳ͍

33. ༗໊ͳ੬ऑੑΛ࣮ԋ w CBTIͷ੬ऑੑΛར༻ͨ͠೚ҙίʔυͷ࣮ߦ 4IFMM4IPDL ʢ$7&
    ౳ʣ
    w 42-ΠϯδΣΫγϣϯ
    w ΫϩεαΠτεΫϦϓςΟϯά

34. Կ͢Δͷʁ ϒϥ΢βͷηογϣϯ*%Λදࣔ͠·͢

35. ΫϩεαΠτεΫϦϓςΟϯά

36. ΫϩεαΠτεΫϦϓςΟϯά w ςετ಺༰
    ͱ͋ΔϒϩάʹίϝϯτͳͲΛ౤ߘ͢ΔαΠτΛ໛ٖ
    ίϝϯτ౤ߘ಺༰ͰTDSJQUΛຒΊࠐ·ΕͨΒͲ͏ͳΔͷ͔Λςετ
    w ղઆ
    1045Ͱड͚औͬͨத਎Λਫ਼͍ࠪͯ͠ͳ͍ͨΊɺͦͷ··%#ʹίϝϯτͱ ͯ͠JOTFSUΛߦ͏ɻ
    ͦͷ݁ՌɺҎԼͷΑ͏ͳίϝϯτΛೖΕΒΕͨ৔߹ɺӾཡ࣌ʹKT͕࣮ߦ͞

    ΕΔɻ
    ʮTDSJQUBMFSU EPDVNFOUDPPLJF TDSJQUʯ
    ࣮ߦKTͷ෦෼ʹϩάΠϯηογϣϯΛଞαʔόʹQPTU͢ΔΑ͏ͳهࡌ͕͋ͬ ͨ৔߹ɺηογϣϯ͕߈ܸऀʹ࿙Εͯ͠·͍ɺηογϣϯΛྲྀ༻ͯ͠αΠ τΛ๚໰Ͱ͖ͯ͠·͏ɻ

37. ΊͬͪΌා͍ɾɾɾ

38. Ͳ͏͢Ε͹͍͍ͷʁ w ͍͟΍ΒΕͨ࣌ͷͨΊʹ֤छ-0(Λ֎෦΁ w ZVN
    TFDVSJUZ
    VQEBUF
    ʹΑΔύονͷద༻ w IUUQTʹΑΔ҉߸Խ௨৴ w 1045σʔλ΍(&5ύϥϝʔλͷਫ਼ࠪ w

    ϖʔδભҠ࣌ʹVVJEʹΑΔ੔߹ੑ֬ೝ

39. ൪֎ฤ w ੬ऑੑ਍அͬͯߴՁͳΠϝʔδ ˠ
    "84
    *OTQFDUPS
    Ͱ਍அͯ͠ΈΔ ճ

40. None
41. None

42. ൪֎ฤ w ηΩϡϦςΟ੡඼ͬͯͲ͏ͳͷʁ w ֎෦΁-0(సૹͬͯ࢓૊Έେมʁ ˠ
    ܦݧ্ɺ%FFQ4FDVSJUZ͕͓͢͢Ί ˠ
    ܰྔͰ"84ͱͷ૬ੑൈ܈ˍ࣮੷ߴ ˠ
    BXTMPHTͬͯͷ͕͋Γ·͢ ˠ
    ZVNͰೖΕΕͯ$MPVE8BUDIʹ஝ੵɻ(#·Ͱແྉ ˠ
    "MBSNʹ΋ରԠɻจࣈྻݕ஌Մೳ

    w ੬ऑੑ਍அͬͯߴՁͳΠϝʔδ ˠ
    "84
    *OTQFDUPS
    Ͱ਍அͯ͠ΈΔ ճ w "84ϗϫΠτϖʔύʔ

43. IUUQTEBXTTUBUJDDPN*OUFSOBUJPOBMKB@+18IJUFQBQFST"844FDVSJUZ8IJUFQBQFSQEG

44. ·ͱΊ w ੬ऑੑͷରࡦ w ΍ΒΕͨ࣌ͷͨΊʹ-0(Λ֎෦΁సૹ ˠ
    ZVN
    TFDVSJUZ
    VQEBUF
    ͳͲύονͷద༻ ˠ
    σϑΥϧτ44-҉߸Խ௨৴ ˠ
    BXTMPHTͰखܰʹ҆ՁͰϩάΛ֎෦ʹసૹ ˠ
    "84Ͱ͸%FFQ4FDVSJUZ͕͓͢͢Ί w

    ωοτϫʔΫߏ੒Λ֊૚Ͱઃܭ ˠ
    "84͔ͩΒͦ͜खܰʹͰ͖ΔOFUXPSLߏஙɻ*1੍ݶˍTTI伴ೝূ ˠ
    1045σʔλ΍(&5ύϥϝʔλͷਫ਼ࠪ ˠ
    JOTQFDUPSͳͲΛ࢖༻ͯ͠αʔόͷݱঢ়Λ೺Ѳ w ͓͢͢Ίରࡦ੡඼

45. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ