Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Avatar for fnifni fnifni
March 17, 2016
Technology
0
920

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Deep Security User Night #2 の登壇資料です。

Avatar for fnifni

fnifni

March 17, 2016
Tweet

More Decks by fnifni

See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
Avatar for fnifni fnifni21
2
880
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
Avatar for fnifni fnifni21
0
2.5k
Deep Securityの運用TIPS
Avatar for fnifni fnifni21
1
560

Other Decks in Technology

See All in Technology
「え?!それ今ではHTMLだけでできるの!?」驚きの進化を遂げたモダンHTML
Avatar for Riya Amemiya riyaamemiya
10
4.5k
Claude Code Getting Started Guide(en)
Avatar for Oikon oikon48
0
150
Agents IA : la nouvelle frontière des LLMs (Tech.Rocks Summit 2025)
Avatar for Guillaume Laforge glaforge
0
400
ブロックテーマとこれからの WordPress サイト制作 / Toyama WordPress Meetup Vol.81
Avatar for Toro_Unit (Hiroshi Urabe) torounit
0
320
事業部のプロジェクト進行と開発チームの改善の “時間軸" のすり合わせ
Avatar for konifar konifar
9
3.1k
pmconf2025 - 他社事例を"自社仕様化"する技術_iRAFT法
Avatar for yamachi|@yamapiya_ daichi_yamashita
0
540
Symfony AI in Action
Avatar for Christopher Hertel el_stoffel
2
370
セキュリティAIエージェントの現在と未来 / PSS #2 Takumi Session
Avatar for GMO Flatt Security flatt_security
3
1.4k
HIG学習用スライド
Avatar for 野瀬田 裕樹 yuukiw00w
0
110
研究開発部メンバーの働き⽅ / Sansan R&D Profile
Avatar for Sansan, Inc. sansan33
PRO
3
21k
オープンデータの内製化から分かったGISデータを巡る行政の課題
Avatar for 室木直樹 naokim84
2
1.4k
シンプルを極める。アンチパターンなDB設計の本質
Avatar for Facilo Inc. facilo_inc
1
1k

Featured

See All Featured
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.4k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
23k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
54k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
36
6.2k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
140
34k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
7.8k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.5k

Transcript

  1. The Three Points Protect your Web from cyber attack in

    Paris of terrorist attacks

  2. Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ৔߹

  3. Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )


    Security Engineer at cloudpack http://qiita.com/fnifni

  4. and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ
 ӡ༻Ͱഓͬͨϊ΢ϋ΢ʢͭΒΈʣΛجʹ
 ηΩϡϦςΟͷϕʔεϥΠϯ޲্ͷීٴ׆ಈ΍
 R&D΍Β΋΍ͬͯ·͢ɻ

  5. and more ? • ͋Μͳ͜ͱ΍

  6. and more ? • ͦΜͳ͜ͱɻ

  7. Attention ! • ຊ೔͓࿩͢Δ಺༰͸ɺॾൠͷࣄ৘ʹΑΓ
 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ΍͖Λ
 ͝ԕྀ͍ͩ͘͞ɻ • ຊ೔͓࿩͢Δ಺༰͸PoC (֓೦࣮ূ) ͷ݁ՌΛ

    ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮૷͢Δʹ͸ɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ

  8. Points • Dynamically • Linkage • Operation (Tuning)

  9. Points • Dynamically • Linkage • Operation (Tuning)

  10. 2015.11.13

  11. https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6

  12. ೔ຊͱύϦͷ࣌ࠩ JST -8

  13. CASE #1

  14. 2015/11/12 23:26:29(JST)

  15. None

  16. ͜ͷ࣌͸ “ύϦ͔Βͷ߈ܸͳΜͩ” ”௝͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠

  17. 55,247

  18. Painful • ະ஌ͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ
 ਵ࣌NACLʹొ࿥ʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ࿥͔͕ͨͬͨ͠ɺ
 ਺͕ඍົͩͬͨʢ࠷ऴతʹ͸ొ࿥ͨ͠ʣ

  19. reActive͡ΌπϥΠ

  20. Points • Dynamically • Linkage • Operation (Tuning)

  21. CASE #2

  22. ผͷ؀ڥʹͯ NACLͰͷःஅޙ΋ݕ஌ܧଓ

  23. None
  24. None

  25. Painful • ௚લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ
 x-fowerded-forʹه࿥͞ΕͨIPΛNACLʹొ࿥͠ ͯ΋ःஅ͕Ͱ͖ͳ͍ɻ • ౰࣌͸AWS WAF͕ग़ͨ͹͔ΓͰɺ
 ςετແ͠Ͱͷຊ൪౤ೖ͸ϋʔυϧ͕ߴ͔ͬͨɻ

  26. IP੍ޚΛ଎΍͔ʹ
 CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ

  27. ͦΜͳ͜ͱ΋͋ͬͨޙͷ 2015.11.27

  28. https://github.com/deep-security/aws-waf

  29. ੩త৘ใ (IP List)Λ AWS WAF΁ొ࿥͢Δ΋ͷ ͚ͩͲɺ࢖͑ΔΜ͡ΌͶʁ

  30. ΑΖ͍͠ ͳΒ͹࣮૷ͩ

  31. PoC (֓೦࣮ূ)

  32. None

  33. How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG

  34. How to 2 ( totalization )

  35. How to 3 ( push to DSM )

  36. How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe

  37. DEMO

  38. Future Request • Deep Security • Output XFF in SIEM

    (syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!

  39. Points • Dynamically • Linkage • Operation (Tuning)

  40. νϡʔχϯάͷϙΠϯτ • ਪ঑ઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ͸֎͢ʢݕ஌ϕʔεʣ • ݕ஌܏޲Λ஌ΔʢͲΜͳ௨৴Λݕ஌͢Δ͔ʣ • αʔϏεͰ࢖༻͍ͯ͠Δ௨৴͔൱͔ •

    URI, POST, XML, SQL, CSS, HTML, SSL…

  41. γεςϜ͸ੜ͖෺ ߈ܸ΋ੜ͖෺ νϡʔχϯά͸ӡ༻ͷҰ෦

  42. ηΩϡϦςΟ੡඼͸ ӡ༻໋͕ʂ

  43. Thank you !