簡単に始めるAWS基盤のセキュリティ分析~Sumo Logic~

Transcript

1. ؆୯ʹ࢝ΊΔ"84ج൫ͷηΩϡϦςΟ෼ੳ
   d4VNP
   -PHJDd 
   ӓాɹՂ༞

2. ࣗݾ঺հ
    ӓాɹՂ༞
   ɾΫϥεϝιουגࣜձࣾ
   ɾ"84ࣄۀຊ෦
   ɹιϦϡʔγϣϯΞʔΩςΫτ
   ɹɹηΩϡϦςΟνʔϜ
   ɾ4FDVSJUZ+"84ӡӦ
   ɾ޷͖ͳαʔϏε
   

   ɹ"84
   8"'Ϛωʔδυϧʔϧ

3. ಥવͰ͕͢
    AWS؀ڥ্ͰͷηΩϡϦςΟରࡦ͸ ສશͰ͔͢ʁ

4. Α͘࢖͏"84ͷηΩϡϦςΟܥαʔϏε
    w "84
   4IJFME
   w ηΩϡϦςΟάϧʔϓ
   w "84
   8"'
   w

   (VBSE%VUZ
   w *OTQFDUPS
   w $MPVE5SBJM
   w "84
   $POpH
   w *".
   w όέοτϙϦγʔ
   w 4FDVSJUZ
   )VC
   w ֤छϩά

5. ͍ΖΜͳαʔϏε׆༻͍ͯ͠·͔͢ʁ
    ࠓճ͸ϩάʹϑΥʔΧεΛ౰ͯ·͢

6. "84ͷϩάͬͯͲΜͳ΋ͷ͕͋Δʁ
    w $MPVE5SBJMϩά
   w *".
   w &$ૢ࡞
   w

   4σʔλૢ࡞
   w ωοτϫʔΫϦιʔεૢ࡞
   w ͳͲͳͲ"1*શൠ
   w 71$
   'MPX
   -PHT
   w &-#ϩά
   w 8"'ϩά
   w $MPVE'SPOUϩά
   w (VBSE%VUZ
   w 4ΞΫηεϩά
   w 4
   "VEJUϩά

7. "84ͷϩά෼ੳ͸
    ಛʹCloudTrailͷ΢ΣΠτ͕ߴ͍

8. $MPVE5SBJMϩά෼ੳͷඞཁੑ
    w $MPVE5SBJM͸"84ʹର͢Δ"1*ίʔϧͷϩάΛҰݩ తʹऔಘ͍ͯ͠Δ
   w *".ͷϩάΠϯ΍ωοτϫʔΫϦιʔεͷૢ࡞ɺ&$ͷى ಈ΍ఀࢭͳͲ
   w

   "84ଆͷ؅ཧΛߦ͏৔߹ʹඞཁͳ৘ใ͕େྔʹ٧·ͬ ͍ͯΔ
   w ٯʹݴ͏ͱɺଞͷϩά͸ͲͪΒ͔ͱ͍͏ͱߏஙͨ͠γ εςϜͷϩάͱ͍͏Ґஔ͚ͮ

9. $MPVE5SBJM׆༻ྫ
    ͓٬༷ʮͳΜ͔஌Βͳ͍EC2͕ಈ͍ͯ·͚͢Ͳʁʯ ࢲʮ͓٬༷؅ཧͷxxx_userͱ͍͏IAMϢʔβ͕8࣌ʹ ɹɹ࡞੒͍ͯ͠·͢ʯ

10. ੲ͸͜ͷαʔϏε΋ͳ͔ͬͨΜͰ͢
     w ૝૾ͯ͠Έ͍ͯͩ͘͞ɺ୭͕ૢ࡞͔ͨ͠Θ͔Βͳ͍ੈք Λʜ
    w ୭ཱ͕ͯͨ&$͔Θ͔Βͳ͍
    w ηΩϡϦςΟάϧʔϓ͕͍ͭͷ·ʹ͔มߋ͞Ε͍ͯΔ
    

    w ΋͔ͨ͠͠Β*".ϢʔβͷΞΫηεΩʔ͕࿙Ӯ͍ͯ͠Δ͔΋
    w *".Ϣʔβ͕Ͳͷ*1͔ΒΞΫηε͍ͯ͠Δ͔Θ͔Βͳ͍

11. 
     CloudTrailͷ༗ޮԽͱ ϩά෼ੳͷඞཁੑ͸఻Θͬͨͱࢥ͍·͢

12. Ͱ΋$MPVE5SBJMͷϩά෼ੳ͸ਏ͍
     \l3FDPSET
    <\
    
    
    
    
    FWFOU7FSTJPO
    
    
    
    
    
    VTFS*EFOUJUZ
    \
    
    
    
    
    
    
    
    
    UZQF
    *".6TFS
    
    
    
    
    
    
    
    
    QSJODJQBM*E
    &9@13*/$*1"-@*%

    
    
    
    
    
    
    
    
    
    BSO
    BSOBXTJBN VTFS"MJDF
    
    
    
    
    
    
    
    
    BDDFTT,FZ*E
    &9".1-&@,&:@*%
    
    
    
    
    
    
    
    
    BDDPVOU*E
    
    
    
    
    
    
    
    
    
    VTFS/BNF
    "MJDF
    
    
    
    
    ^
    
    
    
    
    FWFOU5JNF
    5;
    
    
    
    
    FWFOU4PVSDF
    FDBNB[POBXTDPN
    
    
    
    
    FWFOU/BNF
    4UBSU*OTUBODFT
    
    
    
    
    BXT3FHJPO
    VTFBTU
    
    
    
    
    TPVSDF*1"EESFTT
    
    
    
    
    
    VTFS"HFOU
    FDBQJUPPMT
    
    
    
    
    
    SFRVFTU1BSBNFUFST
    \JOTUBODFT4FU
    \JUFNT
    <\JOTUBODF*E
    JFCFBGF^>^^
    
    
    
    
    SFTQPOTF&MFNFOUT
    \JOTUBODFT4FU
    \JUFNT
    <\
    
    
    
    
    
    
    
    
    JOTUBODF*E
    JFCFBGF
    
    
    
    
    
    
    
    
    DVSSFOU4UBUF
    \
    
    
    
    
    
    
    
    
    
    
    
    
    DPEF
    
    
    
    
    
    
    
    
    
    
    
    
    
    OBNF
    QFOEJOH
    
    
    
    
    
    
    
    
    ^
    
    
    
    
    
    
    
    
    QSFWJPVT4UBUF
    \
    
    
    
    
    
    
    
    
    
    
    
    
    DPEF
    
    
    
    
    
    
    
    
    
    
    
    
    
    OBNF
    TUPQQFE
    
    
    
    
    
    
    
    
    ^
    
    
    
    
    ^>^^
    ^>^ ͱʹ͔͘৘ใ͕͍ͬͺ͍

13. σϑΥϧτͷ7JFX
     ৘ใগͳ͍ɺϩάྔ͸ଟ͍ɺจࣈͷΈ

14. "84ͱͯ͠ͷΞϓϩʔν
     ෼ੳʹར༻͢ΔαʔϏε
    w "NB[PO
    "UIFOB
    w ΫΤϦΛ࢖༻ͯ͠܏޲Λࣝผͨ͠ΓɺΞΫςΟϏςΟΛଐੑ
    ιʔ ε
    *1
    ΞυϨε΍ϢʔβʔͳͲ

    
    Ͱ͞Βʹ෼཭ͨ͠ΓͰ͖·͢ɻ
    w $MPVE8BUDI
    -PHT
    w $MPVE8BUDI
    -PHT
    ϝτϦοΫεϑΟϧλΛఆٛ͠ɺ͜ΕΒ ͷΞϥʔϜ͕τϦΨʔ͞Εͨͱ͖ʹ௨஌Λૹ৴Ͱ͖·͢ɻ
    IUUQTEPDTBXTBNB[PODPNKB@KQBXTDMPVEUSBJMMBUFTUVTFSHVJEFDMPVEUSBJMBXTTFSWJDFTQFDJpDUPQJDTIUNM

15. 4FDVSJUZ+"84Ͱͷϩά෼ੳ
     w ୈճ
    w ߹ಉձࣾύϩϯΰ
    ۙ౻ֶ͞Μʮ8IBU
    ZPV
    TFF
    JT
    XIBU
    ZPV
    HFU
    ʙ
    Πϯγσϯτର Ԡ͢Δͷʹɺ·ͩϩά෼ੳͰফ໣ͯ͠Δͷ ʯ
    w

    ୈճ
    w 4QMVOL
    4FSWJDFT
    +BQBO
    ԣా
    ૱͞ΜʮࣄྫʹֶͿɺ4QMVOLº"84ηΩϡϦςΟϞ χλϦϯάͷ۩ମࡦʯ
    w ୈճ
    w ϑϡʔνϟʔΞʔΩςΫτגࣜձࣾ
    ೔ൺ໺
    ߃͞ΜɺதҪ
    ༞ق͞Μʮ,JCBOB
    $BOWBTͰ ັͤΔʂ"84؀ڥʹ͓͚ΔڴҖ෼ੳϢʔεέʔεʯ
    w גࣜձࣾ/55υίϞ
    क԰
    ༟थ͞Μ
    ʮ+"84
    %":4Ͱ࿩ͤͳ͔ͬͨʮ4FDVSJUZ
    Y
    4FSWFSMFTTʯͷ࿩ʯ
    w ΫοΫύουגࣜձࣾ
    ਫ୩
    ਖ਼ܚ͞ΜʮηΩϡϦςΟϩάϩά෼ੳج൫ͷߏங
    PO
    "84ʯ
    ͍ΖΜͳαʔϏε΍ख๏Λར༻ͯ͠औΓ૊ΜͰ͍Δ

16. ͱ͍͏Θ͚Ͱࠓճ͸
     ϩά෼ੳSaaSαʔϏεͷ Sumo LogicΛ঺հ͠·͢ ଞͷαʔϏεͱ͔ؾʹͳΔਓ͸աڈϒϩάݟͯͶˑϛ

17. 4VNP
    -PHJDͱ͸
     w 4BB4ϕʔεͷϩά෼ੳج൫
    w σϑΥϧτͰ༻ҙ͞Ε͍ͯΔଟ਺ͷμογϡϘʔυͰ͙͢ ʹϩάͷՄࢹԽ͕Մೳ
    w "84
    

    w $MPVE5SBJM
    w 71$
    'MPX
    -PHT
    w &-#
    w "QBDIF
    
    ͦͷଞΫϥ΢υ
    
    ηΩϡϦςΟ੡඼
    w ैྔϕʔεͷ ༏͍͠ ྉۚମܥ

18. μογϡϘʔυͷྫ
    $MPVE5SBJM
     σʔλೖΕͯμογϡϘʔυબͿ͚ͩͰ͜͏ͳΔʂ

19. ରԠ͍ͯ͠Δ"QQ͸͍ͬͺ͍
     "84͚ͩͰ ͜Μͳʹ

20. ηΩϡϦςΟܥ΋͍Ζ͍Ζ
     8"'ܥ
    ೝূܥ
    '8ܥ
    ίϯϓϥΠΞ ϯεܥ౳

21. ͳΜͱͳ͍͍͘ͷ͸Θ͔Δ
     ۩ମతʹ͸Ͳ͏͍͍ͷʁ

22. 
     σϞ͠·͢

23. σϞ
    $MPVE5SBJM
    μογϡϘʔυͷछྨ
     w "84
    $MPVE5SBJM
    
    0WFSWJFX
    w $MPVE5SBJMͷதͰಛʹॏཁͳϩάΠϯपΓ΍Ϧιʔεͷ࡟আ౳Λදࣔ͠·͢ɻ
    w "84
    $MPVE5SBJM
    
    $POTPMF
    -PHJOT
    w

    ϩάΠϯ͍ͯ͠ΔϢʔβͷϩέʔγϣϯ΍.'"ͷར༻ঢ়گɺϩάΠϯࣦഊ౳Λදࣔ͠·͢ɻ
    w "84
    $MPVE5SBJM
    
    6TFS
    .POJUPSJOH
    w ϢʔβͷΞΫςΟϏςΟ΍"ENJOϢʔβͷΞΫςΟϏςΟ͕֬ೝͰ͖·͢ɻ
    w "84
    $MPVE5SBJM
    
    /FUXPSL
    BOE
    4FDVSJUZ
    w Ϧιʔε΁ͷΞΫηεࣦഊ΍/FUXPSL"-$ɾ4FDVSJUZ(SPVQͷมߋͳͲͷมߋ͕֬ೝͰ͖·͢ɻ
    w "84
    $MPVE5SBJM
    
    0QFSBUJPOT
    w Ͳͷ"84αʔϏε΍Ϧʔδϣϯ͔Β"1*͕ݺ͹Ε͍ͯΔ͔΍ɺϦιʔεͷ௥Ճ࡟আ͕֬ೝͰ͖·͢ɻ
    w "84
    $MPVE5SBJM
    
    4
    1VCMJD
    0CKFDUT
    BOE
    #VDLFUT
    w ެ։͞Εͨόέοτ΍ΦϒδΣΫτ͕֬ೝͰ͖·͢ɻ

24. σϞ
    $MPVE5SBJM
    μογϡϘʔυͷछྨ
     ৄ͘͠͸ԼهϒϩάΛࢀর
    IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDMPVEUSBJMTFDVSJUZBOBMZUJDTXJUITVNPMPHJD

25. ଞʹ΋4VNP
    -PHJDͷ͍͍ͱ͜Ζ
     w ಛڐΛ͍࣋ͬͯΔػցֶशػೳ
    w -PH3FEVDF
    
    -PH$PNQBSF
    w ϩάΛ͏·͘·ͱΊͯΫϦςΟΧϧͳϩάΛൃݟ͢Δ
    w

    0VUMJFS
    %FUFDUJPO
    w ಈతͳ͖͍͠஋ௐ੔Λߦ͍ҟৗΛݕ஌͢Δ
    w 1SFEJDUJWF
    "OBMZUJDT
    w ܏޲͔Βকདྷͷ༧ଌΛߦ͏

26. ଞʹ΋4VNP
    -PHJDͷ͍͍ͱ͜Ζ
     -PH3FEVDF
    
    -PH$PNQBSFͷྑ͞͸ݟͳ͍ͱΘ ͔Βͳ͍ͷͰͱΓ͋͑ͣ͜ͷಈըΛݟ͍ͯͩ͘͞
    IUUQTIFMQTVNPMPHJDDPN4FBSDI-PH3FEVDF

27. 
     ͡Ό͋ͱΓ͋͑ͣ৮ͬͯΈΑ͏͔ͳʁ ͬͯࢥ͍·͔ͨ͠ʁ

28. ແྉͰτϥΠΞϧ࢝ΊΒΕ·͢
     ͔͠΋౦ژϦʔδϣϯͰʂ
    ࢝ΊΔํ๏͸ԼهϒϩάͰ
    IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTVNPMPHJDJOUPLZP
    ˞ಉҰϦʔδϣϯͩͱ4ͷσʔλసૹྔ͕͔͔Γ·ͤΜ

29. 
     ͱΓ͋͑ͣҰճ͖ͪΜͱڭΘΓ͍ͨͱ͍͏ํ

30. ϋϯζΦϯηϛφʔ΍ͬͯ·͢ʂ
     ఆظతʹ։࠵͍ͯ͠·͢
    
    
    
    
    
    
    
    
    ࣍ճ͸ ਫ
    IUUQTEFWDMBTTNFUIPEKQOFXTTVNPMPHJD

31. ·ͱΊ
     w "84ͷηΩϡϦςΟϩά෼ੳ͸$MPVE5SBJMͷՄ ࢹԽ͔Β
    w 4VNP
    -PHJD͸ͪΐͬͺ΍ͰϩάΛऔΓࠐΜͰՄ ࢹԽͰ͖Δ
    w

    ݁ߏ͍҆͠ɺ·ͣ͸ແྉτϥΠΞϧ͔Β΍ͬͯΈͯ
32. None