Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Search
fnifni
March 17, 2016
Technology
0
880
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Deep Security User Night #2 の登壇資料です。
fnifni
March 17, 2016
Tweet
Share
More Decks by fnifni
See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
fnifni21
2
870
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
fnifni21
0
2.4k
Deep Securityの運用TIPS
fnifni21
1
550
Other Decks in Technology
See All in Technology
フィンテック養成勉強会#54
finengine
0
180
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
minorun365
PRO
15
5.4k
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
140
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
第9回情シス転職ミートアップ_テックタッチ株式会社
forester3003
0
260
CursorによるPMO業務の代替 / Automating PMO Tasks with Cursor
motoyoshi_kakaku
0
400
"サービスチーム" での技術選定 / Making Technology Decisions for the Service Team
kaminashi
1
180
TechLION vol.41~MySQLユーザ会のほうから来ました / techlion41_mysql
sakaik
0
190
Tech-Verse 2025 Global CTO Session
lycorptech_jp
PRO
0
610
MySQL5.6から8.4へ 戦いの記録
kyoshidaxx
1
260
急成長を支える基盤作り〜地道な改善からコツコツと〜 #cre_meetup
stefafafan
0
130
A2Aのクライアントを自作する
rynsuke
1
210
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Designing for Performance
lara
609
69k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.7k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Why Our Code Smells
bkeepers
PRO
337
57k
Balancing Empowerment & Direction
lara
1
380
4 Signs Your Business is Dying
shpigford
184
22k
What's in a price? How to price your products and services
michaelherold
246
12k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
800
Transcript
The Three Points Protect your Web from cyber attack in
Paris of terrorist attacks
Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ߹
Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )
Security Engineer at cloudpack http://qiita.com/fnifni
and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ ӡ༻ͰഓͬͨϊϋʢͭΒΈʣΛجʹ ηΩϡϦςΟͷϕʔεϥΠϯ্ͷීٴ׆ಈ R&DΒͬͯ·͢ɻ
and more ? • ͋Μͳ͜ͱ
and more ? • ͦΜͳ͜ͱɻ
Attention ! • ຊ͓͢Δ༰ɺॾൠͷࣄʹΑΓ 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ͖Λ ͝ԕྀ͍ͩ͘͞ɻ • ຊ͓͢Δ༰PoC (֓೦࣮ূ) ͷ݁ՌΛ
ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮͢Δʹɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ
Points • Dynamically • Linkage • Operation (Tuning)
Points • Dynamically • Linkage • Operation (Tuning)
2015.11.13
https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6
ຊͱύϦͷ࣌ࠩ JST -8
CASE #1
2015/11/12 23:26:29(JST)
None
͜ͷ࣌ “ύϦ͔Βͷ߈ܸͳΜͩ” ”͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠
55,247
Painful • ະͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ ਵ࣌NACLʹొʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ͔͕ͨͬͨ͠ɺ ͕ඍົͩͬͨʢ࠷ऴతʹొͨ͠ʣ
reActive͡ΌπϥΠ
Points • Dynamically • Linkage • Operation (Tuning)
CASE #2
ผͷڥʹͯ NACLͰͷःஅޙݕܧଓ
None
None
Painful • લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ x-fowerded-forʹه͞ΕͨIPΛNACLʹొ͠ ͯःஅ͕Ͱ͖ͳ͍ɻ • ࣌AWS WAF͕ग़͔ͨΓͰɺ ςετແ͠Ͱͷຊ൪ೖϋʔυϧ͕ߴ͔ͬͨɻ
IP੍ޚΛ͔ʹ CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ
ͦΜͳ͜ͱ͋ͬͨޙͷ 2015.11.27
https://github.com/deep-security/aws-waf
੩తใ (IP List)Λ AWS WAFొ͢Δͷ ͚ͩͲɺ͑ΔΜ͡ΌͶʁ
ΑΖ͍͠ ͳΒ࣮ͩ
PoC (֓೦࣮ূ)
None
How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG
How to 2 ( totalization )
How to 3 ( push to DSM )
How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe
DEMO
Future Request • Deep Security • Output XFF in SIEM
(syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!
Points • Dynamically • Linkage • Operation (Tuning)
νϡʔχϯάͷϙΠϯτ • ਪઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ֎͢ʢݕϕʔεʣ • ݕΛΔʢͲΜͳ௨৴Λݕ͢Δ͔ʣ • αʔϏεͰ༻͍ͯ͠Δ௨৴͔൱͔ •
URI, POST, XML, SQL, CSS, HTML, SSL…
γεςϜੜ͖ ߈ܸੜ͖ νϡʔχϯάӡ༻ͷҰ෦
ηΩϡϦςΟ ӡ༻໋͕ʂ
Thank you !