Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Search
fnifni
March 17, 2016
Technology
0
880
Deep Securityのホットデータを活用する ~AWS WAFの場合~
Deep Security User Night #2 の登壇資料です。
fnifni
March 17, 2016
Tweet
Share
More Decks by fnifni
See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
fnifni21
2
870
踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08
fnifni21
0
2.4k
Deep Securityの運用TIPS
fnifni21
1
550
Other Decks in Technology
See All in Technology
「良さそう」と「とても良い」の間には 「良さそうだがホンマか」がたくさんある / 2025.07.01 LLM品質Night
smiyawaki0820
1
430
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
mmmatsuda
0
230
Beyond Kaniko: Navigating Unprivileged Container Image Creation
f30
0
100
KubeCon + CloudNativeCon Japan 2025 に行ってきた! & containerd の新機能紹介
honahuku
0
120
ネットワーク保護はどう変わるのか?re:Inforce 2025最新アップデート解説
tokushun
0
150
OpenHands🤲にContributeしてみた
kotauchisunsun
1
500
Delegating the chores of authenticating users to Keycloak
ahus1
0
130
低レイヤを知りたいPHPerのためのCコンパイラ作成入門 完全版 / Building a C Compiler for PHPers Who Want to Dive into Low-Level Programming - Expanded
tomzoh
4
3.4k
Lazy application authentication with Tailscale
bluehatbrit
0
100
AIとともに進化するエンジニアリング / Engineering-Evolving-with-AI_final.pdf
lycorptech_jp
PRO
0
140
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
370
Amazon S3標準/ S3 Tables/S3 Express One Zoneを使ったログ分析
shigeruoda
5
590
Featured
See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
The Cult of Friendly URLs
andyhume
79
6.5k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Building an army of robots
kneath
306
45k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
A Tale of Four Properties
chriscoyier
160
23k
It's Worth the Effort
3n
185
28k
How to train your dragon (web standard)
notwaldorf
94
6.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Site-Speed That Sticks
csswizardry
10
670
Transcript
The Three Points Protect your Web from cyber attack in
Paris of terrorist attacks
Deep Securityͷϗοτσʔλ Λ׆༻͢Δ AWS WAFͷ߹
Who ami I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )
Security Engineer at cloudpack http://qiita.com/fnifni
and more ? • ࠷ۙɺ͝ԑ͕͋ͬͯɺ ӡ༻ͰഓͬͨϊϋʢͭΒΈʣΛجʹ ηΩϡϦςΟͷϕʔεϥΠϯ্ͷීٴ׆ಈ R&DΒͬͯ·͢ɻ
and more ? • ͋Μͳ͜ͱ
and more ? • ͦΜͳ͜ͱɻ
Attention ! • ຊ͓͢Δ༰ɺॾൠͷࣄʹΑΓ 2016/3/12(ۚ)·ͰSNSެ։ɺͭͿ͖Λ ͝ԕྀ͍ͩ͘͞ɻ • ຊ͓͢Δ༰PoC (֓೦࣮ূ) ͷ݁ՌΛ
ؚΈ·͢ɻαʔϏεϨϕϧͰ࣮͢Δʹɺ τϨϯυϚΠΫϩ༷ʹΑΔػೳվमΛཁ͠·͢ɻ
Points • Dynamically • Linkage • Operation (Tuning)
Points • Dynamically • Linkage • Operation (Tuning)
2015.11.13
https://ja.wikipedia.org/wiki/%E3%83%91%E3%83%AA%E5%90%8C%E6%99%82%E5%A4%9A %E7%99%BA%E3%83%86%E3%83%AD%E4%BA%8B%E4%BB%B6
ຊͱύϦͷ࣌ࠩ JST -8
CASE #1
2015/11/12 23:26:29(JST)
None
͜ͷ࣌ “ύϦ͔Βͷ߈ܸͳΜͩ” ”͍͠ͳ” ͘Β͍ʹࢥ͍ͬͯ·ͨ͠
55,247
Painful • ະͷ߈ܸͷΛؚΉՄೳੑΛߟྀͯ͠ɺ ਵ࣌NACLʹొʢӡ༻ෛՙߴ͍ʣ • IPίϩίϩସΘͬͯΠλνͬ͜͝ʢ40ۙ͘ʣ • ”195.154.0.0/16”ͱొ͔͕ͨͬͨ͠ɺ ͕ඍົͩͬͨʢ࠷ऴతʹొͨ͠ʣ
reActive͡ΌπϥΠ
Points • Dynamically • Linkage • Operation (Tuning)
CASE #2
ผͷڥʹͯ NACLͰͷःஅޙݕܧଓ
None
None
Painful • લͷૹ৴ݩIPΞυϨε͕CloudFrontͳͷͰɺ x-fowerded-forʹه͞ΕͨIPΛNACLʹొ͠ ͯःஅ͕Ͱ͖ͳ͍ɻ • ࣌AWS WAF͕ग़͔ͨΓͰɺ ςετແ͠Ͱͷຊ൪ೖϋʔυϧ͕ߴ͔ͬͨɻ
IP੍ޚΛ͔ʹ CloudFront·Ͱ͍࣋ͬͯ͘ ඞཁ͕͋ͬͨ
ͦΜͳ͜ͱ͋ͬͨޙͷ 2015.11.27
https://github.com/deep-security/aws-waf
੩తใ (IP List)Λ AWS WAFొ͢Δͷ ͚ͩͲɺ͑ΔΜ͡ΌͶʁ
ΑΖ͍͠ ͳΒ࣮ͩ
PoC (֓೦࣮ূ)
None
How to 1 (SIEM) IUUQpMFTUSFOENJDSPDPNKQVDNPEVMFUNET TQ%FFQ@4FDVSJUZ@@41@"ENJO@(VJEF@+1QEG
How to 2 ( totalization )
How to 3 ( push to DSM )
How to 4 ( DSM to AWS WAF ) http://qiita.com/fnifni/items/8ae2b49d5fe6af3d08fe
DEMO
Future Request • Deep Security • Output XFF in SIEM
(syslog) • ip_list_to_set.py • Comment character (#) ← 3.4 fixed !! • Line of only a line feed code ← 3.10 fixed !!
Points • Dynamically • Linkage • Operation (Tuning)
νϡʔχϯάͷϙΠϯτ • ਪઃఆͷݕࡧ • ରԠࡁΈͷ੬ऑੑͷϧʔϧ֎͢ʢݕϕʔεʣ • ݕΛΔʢͲΜͳ௨৴Λݕ͢Δ͔ʣ • αʔϏεͰ༻͍ͯ͠Δ௨৴͔൱͔ •
URI, POST, XML, SQL, CSS, HTML, SSL…
γεςϜੜ͖ ߈ܸੜ͖ νϡʔχϯάӡ༻ͷҰ෦
ηΩϡϦςΟ ӡ༻໋͕ʂ
Thank you !