IAMのセキュアな利用 ココを押さえておけばOK

Transcript

1. 
   Ր "84ࣄۀຊ෦ ίϯαϧςΟϯά෦ ͳ͔͸Β *".ͷηΩϡΞͳར༻ ίίΛԡ͓͚͑ͯ͞͹0,

2. 2 ࣗݾ঺հ ͳ͔͸Β • "84ࣄۀຊ෦ ίϯαϧςΟϯά෦ • ޷͖ͳαʔϏε • "84
   $MPVE'PSNBUJPO

3. ݱࡏ"84Λར༻தͷํɺ͜Ε͔Β"84Λར༻͢Δํɺ "84Λ҆৺҆શʹར༻͢Δҝɺ *".ͷ۩ମతͳઃఆํ๏Λ࿩͠·͢ طग़ͳ৘ใ͹͔ΓͰ͕͢ɺԿ౓Ͱ΋͓఻͍͑ͨ͠ॏཁͳ಺༰ͩͱ ࢥ͍ͬͯΔͷͰͥͻ࣋ͪؼ͍ͬͯͩ͘͞ ຊ೔͓࿩͢Δ͜ͱ

4. l *".Ϣʔβʔͷ.'"͸ඞਢ l *".ϙϦγʔ ಛʹJBN ͸ɺඞཁͳΞΫγϣϯͷΈڐՄ l εΠονϩʔϧΛ࢖͍͜ͳ͢ l ΞΫηεΩʔ*%ɺγʔΫϨοτʔΩʔ͸ۃྗ࢖Θͳ͍

   ࿩͢಺༰

5. Έͳ͞Μ .'"ɺઃఆ͠·͔͢ʁ *".Ϣʔβʔͷ.'"͸ඞਢ

6. .'"͕ະઃఆͷํɺ ࠓ͙͢ಋೖΛݕ౼͠·͠ΐ͏ʂ *".Ϣʔβʔͷ.'"͸ඞਢ

7. "84ͷར༻ʹ͔ܽͤͳ͍*".Ϣʔβʔ͸ɺछྨͷΞΫηεํ๏͋Γ l ϓϩάϥϜʹΑΔΞΫηε ΞΫηεΩʔ*%ͱγʔΫϨοτΞΫηεΩʔͰ"84
   "1*ɺ$-*ɺ4%,ͳͲͷ։ൃπʔϧ͔ΒΞΫ ηε l "84Ϛωδϝϯτίϯιʔϧ΁ͷΞΫηε Ϣʔβʔ໊ɺύεϫʔυͰ"84Ϛωδϝϯτίϯιʔϧ ҎԼɺ".$ ΁ΞΫηε

   *".Ϣʔβʔͷ.'"͸ඞਢ

8. ϓϩάϥϜʹΑΔΞΫηεɺ"84Ϛωδϝϯτίϯιʔϧ΁ͷΞΫηεͲͪΒ΋ೝ ূཁૉͰ͍͏ʮLOPXMFEHF
   GBDUPSʯʹΑΔೝূͰ͢ɻ͜ͷϢʔβʔ໊ɺύεϫʔ υ͕࿙Ӯ͢ΔͳͲͰ୭Ͱ΋ΞΫηεͰ͖ͯ͠·͍·͢ɻ *".Ϣʔβʔͷ.'"͸ඞਢ

9. *".Ͱ͸ɺଟཁૉೝূ .'" Λαϙʔτ LOPXMFEHF
   GBDUPS Ϣʔβʔ໊ɺύεϫʔυ
   QPTTFTTJPO
   GBDUPS .'"σόΠε
   ʹΑΔೝূ͕ՄೳͰ͢ɻϢʔβʔ໊ɺύεϫʔυ͕࿙Ӯͯ͠΋ɺ΋͏Ұͭͷೝূཁ ૉ͕ແ͍ͱΞΫηεͰ͖·ͤΜɻ

   *".Ϣʔβʔͷ.'"͸ඞਢ

10. ͍͔ͭ͘ͷ.'"͕αϙʔτ l 6'
    ηΩϡϦςΟΩʔ 1$ʹ64#ΩʔΛࢦͯ͠ར༻ l ϋʔυ΢ΣΞ .'"
    σόΠε ϋʔυ΢ΣΞ.'"σόΠεʹੜ੒͞ΕΔϫϯλΠϜύεϫʔυΛར༻ l Ծ૝.'"σόΠε

    (PPHMF
    "VUIFOUJDBUPS΍.JDSPTPGU
    "VUIFOUJDBUPSɺ1BTTXPSEͳͲʹઃఆͯ͠ੜ੒͞ΕΔ ϫϯλΠϜύεϫʔυΛར༻ 1$ɺεϚʔτϑΥϯɺJ1IPOFͳͲͰઃఆ͕ՄೳɻηΩϡϦςΟϙϦγʔʹԠͯ͡બ୒ *".Ϣʔβʔͷ.'"͸ඞਢ

11. ϙΠϯτ l ύεϫʔυ͓Αͼ.'"ͷઃఆ͸ɺϢʔβʔ͕࣮ࢪ͢Δ *".Ϣʔβʔͷ.'"͸ඞਢ ଟཁૉೝূ΋׬ᘳͰ͸ͳ͍ .'"σόΠεΛઃఆ͢Δ23ίʔυ·ͨ͸ɺγʔΫϨο τίʔυ͕࿙Ӯ͢Ε͹ɺ୭Ͱ΋.'"ͷઃఆ͕Մೳ ˠ ύεϫʔυ͓Αͼ.'"ͷઃఆ͸ɺϢʔβʔ͕࣮ࢪ͢Δ͜ ͱͰΑΓηΩϡΞ

12. ϙΠϯτ l Ϣʔβʔࣗ਎Ͱύεϫʔυɺ.'"͕ઃఆͰ͖Δ*".ϙϦγʔΛׂΓ౰ͯΔ - *".ࢀর - *".3FBE0OMZ"DDFTT "84؅ཧϙϦγʔ - ύεϫʔυઃఆ

    - *".6TFS$IBOHF1BTTXPSE "84؅ཧϙϦγʔ - ύεϫʔυϙϦγʔͰ lϢʔβʔʹύεϫʔυͷมߋΛڐՄ͢Δz
    ͕༗ޮͷ৔߹͸ෆཁ - .'"ઃఆ ҎԼͷ"DUJPOΛ"MMPX - lJBN$SFBUF7JSUVBM.'"%FWJDFz - JBN&OBCMF.'"%FWJDFz - JBN3FTZOD.'"%FWJDFz - 3FTPVSDF͸ɺzBSOBXTJBN"84ΞΧ΢ϯτ*%NGB\BXTVTFSOBNF^z
    ࣗ਎ͷΈՄ *".Ϣʔβʔͷ.'"͸ඞਢ

13. ϙΠϯτ l ϓϩάϥϜΞΫηε͸ɺ.'"͕༗ޮͰ΋ΞΫηεͰ͖ͯ͠·͏ *".Ϣʔβʔͷ.'"͸ඞਢ

14. ϙΠϯτ l ϓϩάϥϜΞΫηεͷ੍ޚํ๏ - *".ϙϦγʔʹ l$POEJUJPOz
    \l#PPMz
    \lBXT.VMUJ'BDUPS"VUI1SFTFOUz
    lUSVFz^
    Λઃఆɻ .'"Ͱೝূ͞Ε͍ͯΕ͹ΞΫηεΛڐՄɻBXT TUT HFUTFTTJPOUPLFOίϚϯυͰҰ࣌Ϋ ϨσϯγϟϧΛൃߦɻ"DDFTT,FZ*Eɺ4FDSFU"DDFTT,FZɺ4FTTJPO5PLFOΛ؀ڥม਺ʹΤ

    Ϋεϙʔτͯ͠ར༻ *".Ϣʔβʔͷ.'"͸ඞਢ

15. .'"͕ઃఆͰ͖·ͨ͠ ͕ɺ*".ϙϦγʔʹΑͬͯ͸ࣗ਎ͷ .'"Λແޮʹ͢Δ͜ͱ͕Ͱ͖ͯ͠·͍·͢ ϫϯλΠϜύεϫʔυͷೖྗ͕ΊΜͲ͍͘͞ͳͲɻɻ *".Ϣʔβʔͷ.'"͸ඞਢ

16. *".ͷૢ࡞ΛՄೳͱ͢Δ*".ϙϦγʔΛઃఆ͠ͳ͍ l "ENJOJTUSBUPST"DDFTT "84؅ཧϙϦγʔ - ϧʔτΞΧ΢ϯτͷ࣍ʹڧ͍ݖݶΛ࣋ͭϙϦγʔɻ*".ؚΉ΄ͱΜͲͷૢ࡞͕Մೳ - ҆қͳΞλον͸ઈରμϝʂ"84ΞΧ΢ϯτΛ؅ཧ͢ΔϢʔβʔͷΈΞλον l *".'VMM"DDFTT

    "84؅ཧϙϦγʔ - *".͢΂ͯͷૢ࡞͕Մೳ - ҆қͳΞλον͸ઈରμϝʂ"84ΞΧ΢ϯτ಺ϢʔβʔΛ؅ཧ͢ΔϢʔβʔͷΈΞλον l "DUJPOͰ JBN
    JBN$SFBUF JBN"EE
    JBN%FMFUF
    JBN3FNPWFͳͲ͕"MMPXͱͳΔϙϦγʔ ΧελϚʔ؅ཧϙϦγʔɺΠϯϥΠϯϙϦγʔ - *".Ϧιʔεͷ࡞੒ɺ࡟আͷૢ࡞͕ՄೳɻˢͷݖݶΛ࣋ͭϙϦγʔΛۃྗ࡞Βͳ͍ɺΞλο ν͠ͳ͍ *".ϙϦγʔ ಛʹJBN ͸ɺඞཁͳΞΫγϣϯͷΈڐՄ

17. ͱ͸͍͑ɺ*".ΛڐՄ͠ͳ͍ͱ ։ൃͰ͖ͳ͍ ӡ༻Ͱ͖ͳ͍ *".ϙϦγʔ ಛʹJBN ͸ɺඞཁͳΞΫγϣϯͷΈڐՄ

18. ಛఆͷ*".ͷૢ࡞ΛՄೳͱ͢Δ*".ϙϦγʔ ։ൃ l 1PXFS6TFST"DDFTT ৬຿ػೳͷ"84؅ཧϙϦγʔ - ։ൃऀ޲͚ͷݖݶΛ࣋ͭϙϦγʔɻ*".ɺ0SHBOJ[BUJPOTɺ੥ٻΛআ͘΄ͱΜͲͷૢ࡞͕Մೳ - αʔϏεʹϦϯΫ͞Εͨϩʔϧͷ࡞੒ΛڐՄ l

    *".ϩʔϧͷ࡞੒ΛڐՄ͢ΔϙϦγʔ ΧελϚʔ؅ཧϙϦγʔɺΠϯϥΠϯϙϦγʔ - *".ϩʔϧΛݸผʹ࡞੒Ͱ͖ΔϙϦγʔɻҎԼͷ"DUJPOΛ"MMPX - JBN$SFBUF*OTUBODF1SPGJMFz - JBN$SFBUF3PMFz - JBN"EE3PMF5P*OTUBODF1SPGJMFz - JBN"UUBDI3PMF1PMJDZ - "ENJOJTUSBUPST"DDFTTɺ*".'VMM"DDFTTϙϦγʔͷΞλονΛڐՄ͠ͳ͍ϙϦγʔɻҎԼͷ"DUJPO Λ%FOZɺ$POEJUJPOͰˢͷϙϦγʔΛࢦఆ - JBN"UUBDI3PMF1PMJDZz - l$POEJUJPOz
    \l'PS"OZ7BMVF"SO&RVBMT*G&YJTUTz
    \lJBN1PMJDZ"3/zlBSOBXTJBN
    BXTQPMJDZ"ENJOJTUSBUPS"DDFTTz BSOBXTJBNBXTQPMJDZ *".'VMM"DDFTT^^ - "84Λར༻͢Δ؀ڥʹԠͯ͡Ξλονͤ͞ͳ͍ϙϦγʔΛ௥Ճ *".ϙϦγʔ ಛʹJBN ͸ɺඞཁͳΞΫγϣϯͷΈڐՄ

19. ಛఆͷ*".ͷૢ࡞ΛՄೳͱ͢Δ*".ϙϦγʔ ӡ༻ - *".ࢀর - *".3FBE0OMZ"DDFTT "84؅ཧϙϦγʔ - *".
    "DDFTT
    "OBMZ[FSࢀর -

    *"."DDFTT"OBMZ[FS3FBE0OMZ"DDFTT "84؅ཧϙϦγʔ - *".
    "DDFTT
    "EWJTPSࢀর - *"."DDFTT"EWJTPS3FBE0OMZ "84؅ཧϙϦγʔ *".ϙϦγʔ ಛʹJBN ͸ɺඞཁͳΞΫγϣϯͷΈڐՄ

20. ΑΓηΩϡΞͳ*".ར༻ͷख๏ͱͯ͠ εΠονϩʔϧΛར༻͢Δ εΠονϩʔϧΛ࢖͍͜ͳ͢

21. εΠονϩʔϧͱ͸ɺ৴པ͞ΕͨΤϯςΟςΟ "84αʔϏε΍"84Ξ Χ΢ϯτ ͔Β*".ϩʔϧʹεΠονͯ͠Ξλον͞ΕͨΞΫγϣϯΛ ࣮ߦ͢Δ͜ͱ͕Ͱ͖Δ εΠονϩʔϧΛ࢖͍͜ͳ͢

22. εΠονϩʔϧ͸ෳ਺ͷ"84ΞΧ΢ϯτΛεΠον͢Δ৔߹Ͱձ࿩͞ ΕΔ͜ͱ͕͋Δ͕ɺͭͷ"84ΞΧ΢ϯτͰ΋ར༻Մೳ εΠονϩʔϧΛ࢖͍͜ͳ͢

23. εΠονϩʔϧͷ͍͍ͱ͜Ζ l "84
    $-*΍5FSSBGPSNͳͲʹΑΔϓϩάϥϜΞΫηεͰҰ࣌ΫϨσϯγϟϧͷൃߦɺ؀ڥม਺ͷΤΫε ϙʔτ͕ෆཁ - BXTDPOGJHϑΝΠϧ͸ɺҎԼͷ௨ΓɻεΠονϩʔϧ͕ෳ਺͋Δ৔߹ɺ͜ͷηοτͰ௥ه εΠονϩʔϧΛ࢖͍͜ͳ͢ - ίϚϯυྫ
    
    BXT

    T
    MT
    rQSPGJMF
    OBLBIBSB ˡBXTDPOGJHϑΝΠϧͷQSPGJMF໊Λࢦఆ <QSPGJMF
    OBLBIBSB> SFHJPO
    
    BQOPSUIFBTU NGB@TFSJBM 
    BSOBXTJBN.'"Λઃఆͨ͠"84ΞΧ΢ϯτ*%NGB*".Ϣʔβʔ໊ SPMF@BSO 
    BSOBXTJBNεΠονϩʔϧઌͷ"84ΞΧ΢ϯτ*%SPMF*".ϩʔϧ໊ TPVSDF@QSPGJMF 
    EFGBVMU NGB@TFSJBM ͸ɺ*".Ϣʔβʔͷ ೝূ৘ใͰ֬ೝͰ͖Δ

24. εΠονϩʔϧͷ͍͍ͱ͜Ζ l "84ΞΧ΢ϯτ਺͕૿͑ͯ΋εΠονϩʔϧઌͷ"84ΞΧ΢ϯτ͕มΘΔ͚ͩͳͷͰΞʔΩς Ϋνϟ͸Ұॹ l ೝূ͕ෆཁͱͳΔ εΠονϩʔϧ͸ೝՄ εΠονϩʔϧΛ࢖͍͜ͳ͢

25. ϙΠϯτ l εΠονϩʔϧ͢Δ*".ϩʔϧΛ࡞੒ - ৴པ͢ΔΤϯςΟςΟͰ"84ΞΧ΢ϯτΛࢦఆ - .'"ඞਢ εΠονϩʔϧͷಋೖ

26. ϙΠϯτ l ͢΂ͯͷ*".Ϣʔβʔ͕ॴଐ͢Δ*".Ϣʔβʔάϧʔϓ - ύεϫʔυɺ.'"ɺΞΫηεΩʔ*%ΛൃߦͰ͖Δ*".ϙϦγʔΛΞλον l ໾ׂຖͷ*".ϢʔβʔάϧʔϓΛ༻ҙ - εΠον͢Δ*".ϙϦγʔΛΞλον εΠονϩʔϧͷಋೖ

27. εΠονϩʔϧͷಋೖ ϙΠϯτ l εΠον͢Δ*".ϙϦγʔ - εΠονϩʔϧઌͷ*".ϩʔϧΛࢦఆ - $POEJUJPOͰ.'"Λඞਢͱ͢Δ \ 7FSTJPO
    

    4UBUFNFOU
    < \ 4JE
    7JTVBM&EJUPS &GGFDU
    "MMPX "DUJPO
    TUT"TTVNF3PMF 3FTPVSDF
    < BSOBXTJBNεΠονϩʔϧઌͷ"84ΞΧ΢ϯτ*%SPMF*".ϩʔϧ໊ > $POEJUJPO
    \ #PPM*G&YJTUT
    \ BXT.VMUJ'BDUPS"VUI1SFTFOU
    USVF ^ ^ ^ > ^

28. ҟͳΔ"84ΞΧ΢ϯτͷεΠονϩʔϧΛ௥Ճ͢Δ৔߹͸ɺεΠον ϩʔϧઌͷ*".ϩʔϧΛ໾ׂຖͷ*".ϙϦγʔʹ௥ه εΠονϩʔϧͷಋೖ

29. ͜͜·Ͱ࣮૷Ͱ͖Ε͹ϢʔβʔͷηΩϡϦςΟ͸˕ εΠονϩʔϧΛ࢖͍͜ͳ͢

30. ࠷ޙʹ΋͏ͻͱͭ ӬଓతͳΞΫηεΩʔ*%Λۃྗ࢖Θͳ͍ ӬଓతͳΞΫηεΩʔ*%͸ۃྗ࢖Θͳ͍

31. ӬଓతͳΞΫηεΩʔ*%͸ۃྗ࢖Θͳ͍

32. ͳͥۃྗ࢖Θͳ͍΄͏͕͍͍ͷ͔ l *".Ϣʔβʔ͔Β෷͍ग़ͨ͠ӬଓతͳΞΫηεΩʔ*%ɺγʔΫϨοτΞΫηεΩʔ͕ɺϋʔυ ίʔσΟϯά͞ΕͨϓϩάϥϜͷιʔείʔυͷྲྀग़ͳͲͰଟେͳඃ֐͕ग़ΔՄೳੑ - ʲ࣮࿥ʳΞΫηεΩʔྲྀग़ɺ߈ܸऀͷͱͬͨߦಈͱͦͷରࡦ - IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBDDFTTLFZMFBL l ʮ͏ͪ͸େৎ෉ʯͱ͍͏ઈର͸ແ͍ͷͰۃྗ࢖Θͳ͍͜ͱ͕ਪ঑

    ӬଓతͳΞΫηεΩʔ*%͸ۃྗ࢖Θͳ͍

33. Ͳ͏͢Ε͹Α͍͔ l ࡞ۀ୺຤͔Β"84
    $-*΍5FSSBGPSNʹΑΔΞΫηεΩʔ*%ͷ࢖༻ - *".ϙϦγʔʹ l$POEJUJPOz
    \l#PPMz
    \lBXT.VMUJ'BDUPS"VUI1SFTFOUz
    lUSVFz^
    Λઃఆ - εΠονϩʔϧͰ.'"Λඞਢͱ͢Δ l "84Ϧιʔε

    &$ɺ&$4ɺ-BNCEBͳͲ ͸ɺ*".ϩʔϧΛ࢖༻ - *".ϩʔϧΛ"84ϦιʔεʹΞλονɻΠϯελϯεϝλσʔλ͔ΒҰ࣌ΫϨσϯγϟϧ Λൃߦͯ͠ར༻ "DDFTT,FZ*Eɺ4FDSFU"DDFTT,FZɺ5PLFO - "84
    4%,͸ɺΠϯελϯεϓϩϑΝΠϧ͔ΒࣗಈͰऔಘɺΞϓϦέʔγϣϯͱͯ͠ೝূ ৘ใͷ؅ཧɺอ࣋͸ෆཁ ӬଓతͳΞΫηεΩʔ*%͸ۃྗ࢖Θͳ͍

34. Ͳ͏ͯ͠΋ར༻͢Δඞཁ͕͋Δ l ΦϯϓϨϛε͔Β"84ʹΞΫηε͕ඞཁͳ৔߹ - *".ϙϦγʔΛඞཁͳ"DSJPOͷΈڐՄ - *".ϙϦγʔʹ l$POEJUJPOz
    \l#PPMz
    \lBXT4PVSDF*Qz
    lYYYYYz^
    Λઃఆɻૹ৴ݩ*1Ξ υϨεΛ੍ݶ ӬଓతͳΞΫηεΩʔ*%͸ۃྗ࢖Θͳ͍

35. l *".Ϣʔβʔͷ.'"͸ࠓ͙͢ಋೖ͠·͠ΐ͏ʂ l *".ϙϦγʔͰద੾ͳݖݶΛઃఆʂ l εΠονϩʔϧ͸ͭͷΞΧ΢ϯτͰ΋ಋೖ͠·͠ΐ͏ʂ l ӬଓతͳΞΫηεΩʔ*%ɺγʔΫϨοτʔΩʔΛ࢖Θͳ͍ϫʔΫ ϩʔυΛ໨ࢦ͠·͠ΐ͏ʂ ·ͱΊ

36. 36