Deep Securityの運用TIPS

Transcript

1. cloudpack flow Deep Security operation TIPS The meaning of tuning

   telling you softly

2. cloudpack ྲྀ Deep Security ͷӡ༻ TIPS νϡʔχϯάͷۃҙΛͦͬͱ͋ͳͨʹ

3. Who am I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )


   Security Engineer at cloudpack http://qiita.com/fnifni

4. 607

5. ਪ঑ઃఆͷݕࡧͰ͸ ਪ঑͞ΕΔ͜ͱ͕ͳ͍ϧʔϧୡ͕ ͋Γ·͢

6. ୅දతͳਪ঑͞ΕΔ͜ͱ͕ͳ͍ϧʔϧୡ • 1000608 - Generic SQL Injection Prevention • 1000552

   - Generic Cross Site Scripting(XSS) Prevention

7. ͜ͷϧʔϧͬͯDSͷWAFػೳͰ͠ΐʁ ͳΜͰਪ঑͞Εͳ͍ͷʁ

8. ͩͬͯνϡʔχϯάେม͡ΌΜ ʢதͷਓஊʣ

9. ͦΜͳΘ͚Ͱ νϡʔχϯάϙΠϯτΛ঺հ

10. ϧʔϧͷੑ࣭Λ஌Δ

11. ϧʔϧͷಛੑΛ஌Δ • 1000608
 Generic SQL Injection Prevention SQL ΠϯδΣΫγϣϯ߈ܸͰ Α͘࢖ΘΕΔจࣈɾه߸Λ

    ݕ஌͢Δϧʔϧ

12. ϧʔϧͷಛੑΛ஌Δ • 1000552
 Generic Cross Site Scripting(XSS)
 Prevention XSS߈ܸͰ Α͘࢖ΘΕΔจࣈɾه߸Λ

    ݕ஌͢Δϧʔϧ

13. ߈ܸ௨৴ͱਖ਼ৗ௨৴ͷݟۃΊ

14. ߈ܸ௨৴Λݕ஌ͨ͠έʔε GET /index.htm?mode=pc'+ORDEr+By+999+--+; HTTP/1.1 GET /?1=@ini_set(\"display_errors\", \"0\");@set_time_limit(0);@set_magic_quotes_runtime(0);echo '->|';file_put_contents(dirname(['SCRIPT_FILENAME']).'/cache/ cachee.php','<?php eval([1]);?>');echo

    '|<-'; HTTP/1.1"

15. ਖ਼ৗ௨৴Λݕ஌ͨ͠έʔε token=uzWoZpwAFsGfXcosY86KcfWLGnMuNIonRM1+zorRM RHrRj8S2D4LbIztTXa58mT90g8U+3YnfFnEA6PNY2xLHg= token=uzWoZpwAFsGfXcosY86KcfWLGnMuNIonRM1%2Bzor RMRHrRj8S2D4LbIztTXa58mT90g8U %2B3YnfFnEA6PNY2xLHg%3D

16. Ͱ͸͜Ε͸ʁ POST /system/page/setting_tag HTTP/1.1 _method=POST&data[CompanyMaterial] [all_pages_tag]=<script>\r\n\tconsole.log('hoge');\r\n</ script>&data[CompanyMaterial][entry_complete_tag]=

17. ਖ਼ৗΛ஌Βͳ͍ͱ ҟৗΛ஌Δ͜ͱ͸Ͱ͖·ͤΜ

18. γεςϜ͸ੜ͖෺ γεςϜͷݸੑΛ஌Γ ೔ʑͷӡ༻Ͱݕ஌܏޲Λ஌Δ͜ͱ͕ νϡʔχϯάͷۃҙ

19. Thank you !