Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for fnifni fnifni
March 17, 2016
Technology
990
0

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Deep Security User Night #2 の登壇資料です。

Avatar for fnifni

fnifni

March 17, 2016

More Decks by fnifni

See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
Avatar for fnifni fnifni21
2
900
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
Avatar for fnifni fnifni21
0
2.7k
Deep Securityの運用TIPS
Avatar for fnifni fnifni21
1
590

Other Decks in Technology

See All in Technology
可視化から活用へ — Mesh化・Segmentation・アライメントの研究動向
Avatar for GPU UNITE gpuunite_official
0
230
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
Avatar for butatamasoba / Shota Kusaba / 草場翔太 shota_kusaba
0
260
R&D 祭 2024 UE5で絵コンテ・作画の制作支援ツールをつくる話
Avatar for OLM Digital R&D olmdrd
PRO
0
200
JTCでRedmine利用者2700人を実現した手法 第二部
Avatar for Silvers.Rayleigh nobuonakamura
0
150
全社統制を維持しながら現場負担をどう減らすか〜プラットフォームチームとセキュリティチームで進めたSecurity Hub活用によるAWS統制の見直し〜/secjaws-security-hub-custom-insights
Avatar for みずほリサーチ&テクノロジーズ株式会社 先端技術研究部 mhrtech
1
630
The Bag-of-Documents Model for Query Understanding and Retrieval
Avatar for Daniel Tunkelang dtunkelang
0
170
TSKaigi 2026 - enumよ、さようなら
Avatar for teamLab teamlab
PRO
1
210
エムスリーテクノロジーズ株式会社 エンジニア向け紹介資料 / M3 Technologies Company Deck
Avatar for M3 Engineering m3_engineering
0
200
The Making of AI Chips
Avatar for Preferred Networks pfn
PRO
0
480
ECSのTerraformモジュールにコントリビュートした話
Avatar for Haruka Sakihara harukasakihara
0
260
RedmineをAIで効率的に使う検証
Avatar for Takayuki Yoshioka yoshiokacb
0
160
マンション備え付けのネットワークとLTE回線を組み合わせた ネットワークの安定化の考案
Avatar for harutiro harutiro
1
140

Featured

See All Featured
The browser strikes back
Avatar for Jono Alderson jonoalderson
0
1.1k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6.1k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.6k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
350
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
110
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
55
8.1k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
240
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
590
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
Avatar for konakalab konakalab
0
430
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
330

Transcript

  1. The Three Points Protect your Web from cyber attack in

    Paris of terrorist attacks

  2. Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ৔߹

  3. Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )


    Security Engineer at cloudpack http://qiita.com/fnifni

  4. and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ
 ӡ༻Ͱഓͬͨϊ΢ϋ΢ʢͭΒΈʣΛجʹ
 ηΩϡϦςΟͷϕʔεϥΠϯ޲্ͷීٴ׆ಈ΍
 R&D΍Β΋΍ͬͯ·͢ɻ

  5. and more ? • ͋Μͳ͜ͱ΍

  6. and more ? • ͦΜͳ͜ͱɻ

  7. Attention ! • ຊ೔͓࿩͢Δ಺༰͸ɺॾൠͷࣄ৘ʹΑΓ
 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ΍͖Λ
 ͝ԕྀ͍ͩ͘͞ɻ • ຊ೔͓࿩͢Δ಺༰͸PoC (֓೦࣮ূ) ͷ݁ՌΛ

    ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮૷͢Δʹ͸ɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ

  8. Points • Dynamically • Linkage • Operation (Tuning)

  9. Points • Dynamically • Linkage • Operation (Tuning)

  10. 2015.11.13

  11. https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6

  12. ೔ຊͱύϦͷ࣌ࠩ JST -8

  13. CASE #1

  14. 2015/11/12 23:26:29(JST)

  15. None

  16. ͜ͷ࣌͸ “ύϦ͔Βͷ߈ܸͳΜͩ” ”௝͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠

  17. 55,247

  18. Painful • ະ஌ͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ
 ਵ࣌NACLʹొ࿥ʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ࿥͔͕ͨͬͨ͠ɺ
 ਺͕ඍົͩͬͨʢ࠷ऴతʹ͸ొ࿥ͨ͠ʣ

  19. reActive͡ΌπϥΠ

  20. Points • Dynamically • Linkage • Operation (Tuning)

  21. CASE #2

  22. ผͷ؀ڥʹͯ NACLͰͷःஅޙ΋ݕ஌ܧଓ

  23. None
  24. None

  25. Painful • ௚લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ
 x-fowerded-forʹه࿥͞ΕͨIPΛNACLʹొ࿥͠ ͯ΋ःஅ͕Ͱ͖ͳ͍ɻ • ౰࣌͸AWS WAF͕ग़ͨ͹͔ΓͰɺ
 ςετແ͠Ͱͷຊ൪౤ೖ͸ϋʔυϧ͕ߴ͔ͬͨɻ

  26. IP੍ޚΛ଎΍͔ʹ
 CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ

  27. ͦΜͳ͜ͱ΋͋ͬͨޙͷ 2015.11.27

  28. https://github.com/deep-security/aws-waf

  29. ੩త৘ใ (IP List)Λ AWS WAF΁ొ࿥͢Δ΋ͷ ͚ͩͲɺ࢖͑ΔΜ͡ΌͶʁ

  30. ΑΖ͍͠ ͳΒ͹࣮૷ͩ

  31. PoC (֓೦࣮ূ)

  32. None

  33. How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG

  34. How to 2 ( totalization )

  35. How to 3 ( push to DSM )

  36. How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe

  37. DEMO

  38. Future Request • Deep Security • Output XFF in SIEM

    (syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!

  39. Points • Dynamically • Linkage • Operation (Tuning)

  40. νϡʔχϯάͷϙΠϯτ • ਪ঑ઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ͸֎͢ʢݕ஌ϕʔεʣ • ݕ஌܏޲Λ஌ΔʢͲΜͳ௨৴Λݕ஌͢Δ͔ʣ • αʔϏεͰ࢖༻͍ͯ͠Δ௨৴͔൱͔ •

    URI, POST, XML, SQL, CSS, HTML, SSL…

  41. γεςϜ͸ੜ͖෺ ߈ܸ΋ੜ͖෺ νϡʔχϯά͸ӡ༻ͷҰ෦

  42. ηΩϡϦςΟ੡඼͸ ӡ༻໋͕ʂ

  43. Thank you !