Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Search
fnifni
March 17, 2016
Technology
0
750
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Deep Security User Night #2 の登壇資料です。
fnifni
March 17, 2016
Tweet
Share
More Decks by fnifni
See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
fnifni21
2
780
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
fnifni21
0
2.1k
Deep Securityの運用TIPS
fnifni21
1
450
Other Decks in Technology
See All in Technology
自らを知り外と繋がる、日経のエンジニア採用とDevRel活動/devreljp92
nishiuma
2
190
M5と自作基板をくっつけてみた〜M5 Japan Tour 2024 Spring 福冈 (Fukuoka|福岡)〜
keropiyo
1
250
Gemini, Google's Large Language Model
glaforge
0
120
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
コードや知識を組み込む / Incorporate Code and knowledge
ks91
PRO
0
160
サービス開発におけるVue3とTypeScriptの親和性について
tsukuha
0
130
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
Cloudflare WorkersがPythonに対応したので試してみた
miura55
0
100
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
1
730
LLM開発・活用の舞台裏@2024.04.25
yushin_n
3
1.4k
BPStudyの200回を中心にIT業界を振り返る。そしてこれから
haru860
3
460
DevRelによる信頼構築とデータ駆動で変わるエンジニア採用 / DevRel Trust Building to Data Driven Engineering Hiring
bobtani
1
100
Featured
See All Featured
Designing Experiences People Love
moore
136
23k
The Invisible Customer
myddelton
114
12k
Documentation Writing (for coders)
carmenintech
60
4k
Stop Working from a Prison Cell
hatefulcrawdad
267
19k
It's Worth the Effort
3n
180
27k
Making Projects Easy
brettharned
109
5.5k
Automating Front-end Workflow
addyosmani
1357
200k
How to name files
jennybc
65
93k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
245
20k
A Tale of Four Properties
chriscoyier
153
22k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
21
1.6k
Agile that works and the tools we love
rasmusluckow
325
20k
Transcript
The Three Points Protect your Web from cyber attack in
Paris of terrorist attacks
Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ߹
Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )
Security Engineer at cloudpack http://qiita.com/fnifni
and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ ӡ༻ͰഓͬͨϊϋʢͭΒΈʣΛجʹ ηΩϡϦςΟͷϕʔεϥΠϯ্ͷීٴ׆ಈ R&DΒͬͯ·͢ɻ
and more ? • ͋Μͳ͜ͱ
and more ? • ͦΜͳ͜ͱɻ
Attention ! • ຊ͓͢Δ༰ɺॾൠͷࣄʹΑΓ 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ͖Λ ͝ԕྀ͍ͩ͘͞ɻ • ຊ͓͢Δ༰PoC (֓೦࣮ূ) ͷ݁ՌΛ
ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮͢Δʹɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ
Points • Dynamically • Linkage • Operation (Tuning)
Points • Dynamically • Linkage • Operation (Tuning)
2015.11.13
https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6
ຊͱύϦͷ࣌ࠩ JST -8
CASE #1
2015/11/12 23:26:29(JST)
None
͜ͷ࣌ “ύϦ͔Βͷ߈ܸͳΜͩ” ”͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠
55,247
Painful • ະͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ ਵ࣌NACLʹొʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ͔͕ͨͬͨ͠ɺ ͕ඍົͩͬͨʢ࠷ऴతʹొͨ͠ʣ
reActive͡ΌπϥΠ
Points • Dynamically • Linkage • Operation (Tuning)
CASE #2
ผͷڥʹͯ NACLͰͷःஅޙݕܧଓ
None
None
Painful • લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ x-fowerded-forʹه͞ΕͨIPΛNACLʹొ͠ ͯःஅ͕Ͱ͖ͳ͍ɻ • ࣌AWS WAF͕ग़͔ͨΓͰɺ ςετແ͠Ͱͷຊ൪ೖϋʔυϧ͕ߴ͔ͬͨɻ
IP੍ޚΛ͔ʹ CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ
ͦΜͳ͜ͱ͋ͬͨޙͷ 2015.11.27
https://github.com/deep-security/aws-waf
੩తใ (IP List)Λ AWS WAFొ͢Δͷ ͚ͩͲɺ͑ΔΜ͡ΌͶʁ
ΑΖ͍͠ ͳΒ࣮ͩ
PoC (֓೦࣮ূ)
None
How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG
How to 2 ( totalization )
How to 3 ( push to DSM )
How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe
DEMO
Future Request • Deep Security • Output XFF in SIEM
(syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!
Points • Dynamically • Linkage • Operation (Tuning)
νϡʔχϯάͷϙΠϯτ • ਪઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ֎͢ʢݕϕʔεʣ • ݕΛΔʢͲΜͳ௨৴Λݕ͢Δ͔ʣ • αʔϏεͰ༻͍ͯ͠Δ௨৴͔൱͔ •
URI, POST, XML, SQL, CSS, HTML, SSL…
γεςϜੜ͖ ߈ܸੜ͖ νϡʔχϯάӡ༻ͷҰ෦
ηΩϡϦςΟ ӡ༻໋͕ʂ
Thank you !