Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Avatar for fnifni fnifni
March 17, 2016
Technology
0
910

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Deep Security User Night #2 の登壇資料です。

Avatar for fnifni

fnifni

March 17, 2016
Tweet

More Decks by fnifni

See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
Avatar for fnifni fnifni21
2
870
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
Avatar for fnifni fnifni21
0
2.5k
Deep Securityの運用TIPS
Avatar for fnifni fnifni21
1
550

Other Decks in Technology

See All in Technology
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
Avatar for moriyuya moriyuya
4
680
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
Avatar for GMO Flatt Security flatt_security
0
360
Azure Well-Architected Framework入門
Avatar for tomokusaba tomokusaba
1
350
PLaMoの事後学習を支える技術 / PFN LLMセミナー
Avatar for Preferred Networks pfn
PRO
9
4k
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
Avatar for Databricks Japan databricksjapan
0
160
やる気のない自分との向き合い方/How to Deal with Your Unmotivated Self
Avatar for Genki Sano sanogemaru
0
430
[Keynote] What do you need to know about DevEx in 2025
Avatar for Salaboy salaboy
0
110
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
Avatar for TAKAKING22 takaking22
7
3.9k
【Kaigi on Rails 事後勉強会LT】MeはどうしてGirlsに? 私とRubyを繋いだRail(s)
Avatar for joy joyfrommasara
0
170
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
Avatar for oracle4engineer oracle4engineer
PRO
3
5.5k
AWS 잘하는 개발자 되기 - AWS 시작하기: 클라우드 개념부터 IAM까지
Avatar for KimJaewook kimjaewook
0
120
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
Avatar for marokiki marokiki
0
170

Featured

See All Featured
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.8k
Navigating Team Friction
Avatar for Lara Hogan lara
189
15k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
5
210
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
27
2k
Side Projects
Avatar for Sacha Greif sachag
455
43k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.6k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.5k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
37
2.6k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k

Transcript

  1. The Three Points Protect your Web from cyber attack in

    Paris of terrorist attacks

  2. Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ৔߹

  3. Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )


    Security Engineer at cloudpack http://qiita.com/fnifni

  4. and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ
 ӡ༻Ͱഓͬͨϊ΢ϋ΢ʢͭΒΈʣΛجʹ
 ηΩϡϦςΟͷϕʔεϥΠϯ޲্ͷීٴ׆ಈ΍
 R&D΍Β΋΍ͬͯ·͢ɻ

  5. and more ? • ͋Μͳ͜ͱ΍

  6. and more ? • ͦΜͳ͜ͱɻ

  7. Attention ! • ຊ೔͓࿩͢Δ಺༰͸ɺॾൠͷࣄ৘ʹΑΓ
 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ΍͖Λ
 ͝ԕྀ͍ͩ͘͞ɻ • ຊ೔͓࿩͢Δ಺༰͸PoC (֓೦࣮ূ) ͷ݁ՌΛ

    ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮૷͢Δʹ͸ɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ

  8. Points • Dynamically • Linkage • Operation (Tuning)

  9. Points • Dynamically • Linkage • Operation (Tuning)

  10. 2015.11.13

  11. https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6

  12. ೔ຊͱύϦͷ࣌ࠩ JST -8

  13. CASE #1

  14. 2015/11/12 23:26:29(JST)

  15. None

  16. ͜ͷ࣌͸ “ύϦ͔Βͷ߈ܸͳΜͩ” ”௝͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠

  17. 55,247

  18. Painful • ະ஌ͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ
 ਵ࣌NACLʹొ࿥ʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ࿥͔͕ͨͬͨ͠ɺ
 ਺͕ඍົͩͬͨʢ࠷ऴతʹ͸ొ࿥ͨ͠ʣ

  19. reActive͡ΌπϥΠ

  20. Points • Dynamically • Linkage • Operation (Tuning)

  21. CASE #2

  22. ผͷ؀ڥʹͯ NACLͰͷःஅޙ΋ݕ஌ܧଓ

  23. None
  24. None

  25. Painful • ௚લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ
 x-fowerded-forʹه࿥͞ΕͨIPΛNACLʹొ࿥͠ ͯ΋ःஅ͕Ͱ͖ͳ͍ɻ • ౰࣌͸AWS WAF͕ग़ͨ͹͔ΓͰɺ
 ςετແ͠Ͱͷຊ൪౤ೖ͸ϋʔυϧ͕ߴ͔ͬͨɻ

  26. IP੍ޚΛ଎΍͔ʹ
 CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ

  27. ͦΜͳ͜ͱ΋͋ͬͨޙͷ 2015.11.27

  28. https://github.com/deep-security/aws-waf

  29. ੩త৘ใ (IP List)Λ AWS WAF΁ొ࿥͢Δ΋ͷ ͚ͩͲɺ࢖͑ΔΜ͡ΌͶʁ

  30. ΑΖ͍͠ ͳΒ͹࣮૷ͩ

  31. PoC (֓೦࣮ূ)

  32. None

  33. How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG

  34. How to 2 ( totalization )

  35. How to 3 ( push to DSM )

  36. How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe

  37. DEMO

  38. Future Request • Deep Security • Output XFF in SIEM

    (syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!

  39. Points • Dynamically • Linkage • Operation (Tuning)

  40. νϡʔχϯάͷϙΠϯτ • ਪ঑ઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ͸֎͢ʢݕ஌ϕʔεʣ • ݕ஌܏޲Λ஌ΔʢͲΜͳ௨৴Λݕ஌͢Δ͔ʣ • αʔϏεͰ࢖༻͍ͯ͠Δ௨৴͔൱͔ •

    URI, POST, XML, SQL, CSS, HTML, SSL…

  41. γεςϜ͸ੜ͖෺ ߈ܸ΋ੜ͖෺ νϡʔχϯά͸ӡ༻ͷҰ෦

  42. ηΩϡϦςΟ੡඼͸ ӡ༻໋͕ʂ

  43. Thank you !