Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for fnifni fnifni
March 17, 2016
Technology
990
0

Deep Securityのホットデータを活用する ~AWS WAFの場合~

Deep Security User Night #2 の登壇資料です。

Avatar for fnifni

fnifni

March 17, 2016

More Decks by fnifni

See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
Avatar for fnifni fnifni21
2
910
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
Avatar for fnifni fnifni21
0
2.7k
Deep Securityの運用TIPS
Avatar for fnifni fnifni21
1
600

Other Decks in Technology

See All in Technology
Databricks における 生成AIガバナンスの実践
Avatar for Takaaki Yayoi taka_aki
1
100
ルールやカスタム機能、どう使う?理想の出力を引き出すために今知りたいIBM Bob 5つの機能
Avatar for mu (Mizuho Uehara) muehara
0
170
Oracle Cloud Infrastructure:2026年5月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
1
310
先取りMaven4 ~16年ぶりのメジャーアップデート、その進化とは?~
Avatar for 荻原利雄 ogiwarat
0
120
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.8k
Claude code Orchestra
Avatar for Taisei Ozaki ozakiomumkj
3
840
Spring AI × MCP 入門〜AIエージェントへのツール公開、境界設計から始める最小構成 〜
Avatar for 宮本裕也 yuyamiyamoto
0
190
チームで実践する AI-DLC 思考の軌跡を残すチェックポイント設計
Avatar for Belong inc. belongadmin
0
490
Cloud Run のアップデート 触ってみる&紹介
Avatar for Gre212 gre212
0
290
React、まだ楽しくて草
Avatar for uhyo uhyo
7
3.6k
インフラが苦手でも大丈夫! 紙芝居 Kubernetes -WWGT 10周年編-
Avatar for Aoi Takahashi aoi1
1
320
AI時代の私の技術インプットとアウトプット術
Avatar for tonkotsuboy_com tonkotsuboy_com
15
8.1k

Featured

See All Featured
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
140
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.2k
Side Projects
Avatar for Sacha Greif sachag
455
43k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
My Coaching Mixtape
Avatar for mlcsv mlcsv
0
140
The agentic SEO stack - context over prompts
Avatar for schlessera schlessera
0
790
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
Avatar for Aleyda Solis aleyda
1
1.3k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
528
40k
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
220
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
2
1.1k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.5k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1.6k

Transcript

  1. The Three Points Protect your Web from cyber attack in

    Paris of terrorist attacks

  2. Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ৔߹

  3. Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )


    Security Engineer at cloudpack http://qiita.com/fnifni

  4. and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ
 ӡ༻Ͱഓͬͨϊ΢ϋ΢ʢͭΒΈʣΛجʹ
 ηΩϡϦςΟͷϕʔεϥΠϯ޲্ͷීٴ׆ಈ΍
 R&D΍Β΋΍ͬͯ·͢ɻ

  5. and more ? • ͋Μͳ͜ͱ΍

  6. and more ? • ͦΜͳ͜ͱɻ

  7. Attention ! • ຊ೔͓࿩͢Δ಺༰͸ɺॾൠͷࣄ৘ʹΑΓ
 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ΍͖Λ
 ͝ԕྀ͍ͩ͘͞ɻ • ຊ೔͓࿩͢Δ಺༰͸PoC (֓೦࣮ূ) ͷ݁ՌΛ

    ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮૷͢Δʹ͸ɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ

  8. Points • Dynamically • Linkage • Operation (Tuning)

  9. Points • Dynamically • Linkage • Operation (Tuning)

  10. 2015.11.13

  11. https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6

  12. ೔ຊͱύϦͷ࣌ࠩ JST -8

  13. CASE #1

  14. 2015/11/12 23:26:29(JST)

  15. None

  16. ͜ͷ࣌͸ “ύϦ͔Βͷ߈ܸͳΜͩ” ”௝͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠

  17. 55,247

  18. Painful • ະ஌ͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ
 ਵ࣌NACLʹొ࿥ʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ࿥͔͕ͨͬͨ͠ɺ
 ਺͕ඍົͩͬͨʢ࠷ऴతʹ͸ొ࿥ͨ͠ʣ

  19. reActive͡ΌπϥΠ

  20. Points • Dynamically • Linkage • Operation (Tuning)

  21. CASE #2

  22. ผͷ؀ڥʹͯ NACLͰͷःஅޙ΋ݕ஌ܧଓ

  23. None
  24. None

  25. Painful • ௚લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ
 x-fowerded-forʹه࿥͞ΕͨIPΛNACLʹొ࿥͠ ͯ΋ःஅ͕Ͱ͖ͳ͍ɻ • ౰࣌͸AWS WAF͕ग़ͨ͹͔ΓͰɺ
 ςετແ͠Ͱͷຊ൪౤ೖ͸ϋʔυϧ͕ߴ͔ͬͨɻ

  26. IP੍ޚΛ଎΍͔ʹ
 CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ

  27. ͦΜͳ͜ͱ΋͋ͬͨޙͷ 2015.11.27

  28. https://github.com/deep-security/aws-waf

  29. ੩త৘ใ (IP List)Λ AWS WAF΁ొ࿥͢Δ΋ͷ ͚ͩͲɺ࢖͑ΔΜ͡ΌͶʁ

  30. ΑΖ͍͠ ͳΒ͹࣮૷ͩ

  31. PoC (֓೦࣮ূ)

  32. None

  33. How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG

  34. How to 2 ( totalization )

  35. How to 3 ( push to DSM )

  36. How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe

  37. DEMO

  38. Future Request • Deep Security • Output XFF in SIEM

    (syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!

  39. Points • Dynamically • Linkage • Operation (Tuning)

  40. νϡʔχϯάͷϙΠϯτ • ਪ঑ઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ͸֎͢ʢݕ஌ϕʔεʣ • ݕ஌܏޲Λ஌ΔʢͲΜͳ௨৴Λݕ஌͢Δ͔ʣ • αʔϏεͰ࢖༻͍ͯ͠Δ௨৴͔൱͔ •

    URI, POST, XML, SQL, CSS, HTML, SSL…

  41. γεςϜ͸ੜ͖෺ ߈ܸ΋ੜ͖෺ νϡʔχϯά͸ӡ༻ͷҰ෦

  42. ηΩϡϦςΟ੡඼͸ ӡ༻໋͕ʂ

  43. Thank you !