Upgrade to Pro — share decks privately, control downloads, hide ads and more …

踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

fnifni
February 24, 2018
Technology
0
1.8k

踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

Bastion
Amazon Maice
#secjaws #secjaws08

fnifni

February 24, 2018
Tweet

More Decks by fnifni

See All by fnifni
Azure Sentinel ~ 導入から2ヶ月間の運用の肌感 ~
fnifni21
2
710
Deep Securityの運用TIPS
fnifni21
1
400
Deep Securityのホットデータを活用する ~AWS WAFの場合~
fnifni21
0
640

Other Decks in Technology

See All in Technology
IBM Cloud PLUS - #3 IBM PowerVS 入門と最新情報
6onoda
0
110
ローコードで改革!End to Endテストの再定義!
odasho
0
130
BUILD UP for Web3 engineer
aramaki
0
320
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
320
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
750
権威DNSサービスへのDDoSと
ハイパフォーマンスなベンチマーカ / DNS Pseudo random subdomain attack and High performance Benchmarker
kazeburo
3
910
Concevoir son API pour le futur
tgalopin
1
300
試して分かった!AWS を使った PLCのデータ収集と分析基盤の実践ノウハウ #FA設備技術勉強会#13
ganota
1
240
「はたらく」前に知るべきIT企業5つのヒミツ 〜プロが教えるプロダクト開発最前線〜 / geeksai_2023spring
visional_engineering_and_design
0
260
ChatGPTをプロダクトに入れる開発が"毎日がAfter GPT"だった件/ChatGPT LT Link and Motivation
lmi
1
2.9k
関数型で表現するイベントソーシングの実装とその教育
tomohisa
0
180
私と Nature Remo E / Nature Remo E
orgachem
0
230

Featured

See All Featured
Side Projects
sachag
451
38k
Building Flexible Design Systems
yeseniaperezcruz
314
35k
BBQ
matthewcrist
75
8.2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
55k
Adopting Sorbet at Scale
ufuk
65
7.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
11
1.4k
WebSockets: Embracing the real-time Web
robhawkes
58
6.1k
Thoughts on Productivity
jonyablonski
50
2.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
920
A designer walks into a library…
pauljervisheath
199
16k
How GitHub (no longer) Works
holman
299
140k

Transcript

  1. Everyone!

    Are you doing?
    Proposal of using Amazon Macie in Bastion
    At S-JAWS # 8
    2018.02.23

    View Slide

  2. ΈΜͳʂ!

    ΍ͬͯΔ͔͍?
    ౿Έ୆ ؀ڥʹ͓͚ΔAmazon Macie׆༻ͷఏҊ
    S-JAWS # 8 ʹͯ
    2018.02.23

    View Slide

  3. Who Am I !?ʢ͓લ୭Αʁʣ
    • Hirokazu YoshidaˏCloud Native Inc.

    Security Engineer
    • Community

    - Security-JAWS

    - Deep Security User Group
    • Favorite AWS Service
    https://qiita.com/fnifni

    View Slide

  4. ͱ͍͏Θ͚Ͱ
    ຊ୊

    View Slide

  5. ౿Έ୆ͱฉ͍ͯ
    ԿΛ࿈૝͠·͔͢ʁ

    View Slide

  6. ౿Έ୆αʔό࡞ͬͯ
    ͱݴΘΕͯ

    ςϯγϣϯ্͕Γ·͔͢ʁ

    View Slide

  7. Ͱ͸

    View Slide

  8. ཁ࠹αʔό࡞ͬͯ
    ͱݴΘΕͨΒʁ

    View Slide

  9. Motivation of Bastion server
    • ୭͕ϩάΠϯͰ͖Δ͔ʢೝূ/ೝՄʣ
    • ؀ڥ΁ͷ།Ұͷ௨Γಓʢ৴པ͢Δܦ࿏ʣ
    • Ϣʔβʔͷߦಈه࿥΍σʔλ͕௨ա

    ʢ؂ࠪϙΠϯτʣ

    View Slide

  10. ΋ͬͱݴ͏ͱ

    View Slide

  11. Really scary Bastion server
    • ੑѱઆʹཱͭͱɺ

    ΠϯλϥΫςΟϒͳϩάΠϯૢ࡞͸ΞϯηΩϡΞ
    • ۀ຿ޮ཰ʢϏδωεͷ଎౓ʣʹ௚݁͢ΔͨΊɺ
    ηΩϡϦςΟͱརศੑ͕ৗʹఱṝʹྔΒΕΔ
    • ϏδωεͱηΩϡϦςΟͷલઢج஍

    View Slide

  12. ଧ伴ϩάͷऔಘ/෼ੳ͸
    ෆՄආ

    View Slide

  13. ίϯϓϥΠΞϯεͰ

    ఆΊΒΕͯΔ͠ɺऔͬͯΔΑ
    Կ͔͋Ε͹௥͑Δ͠ɻ

    View Slide

  14. ͦΜͳϞνϕʔγϣϯͰ
    ྑ͔ͬͨΜ͚ͩͬʁ

    View Slide

  15. https://www.cisecurity.org/controls/

    View Slide

  16. 20 CIS Controls is Կ
    • NIST SP800-53 (࿈๜੓෎৘ใγεςϜ ͓Αͼ
    ࿈๜૊৫ͷͨΊͷ ηΩϡϦςΟ؅ཧࡦͱϓϥ
    Πόγʔ؅ཧࡦ) Λ࣮૷͢Δ্ͰॏཁͱͳΔ20
    ͷηΩϡϦςΟίϯτϩʔϧΛ·ͱΊͨจॻ

    View Slide

  17. 6. Maintenance, Monitoring,
    and Analysis of Audit Logs
    • ݕग़ɺཧղɺ·ͨ͸߈ܸ͔Βͷճ෮ʹ໾ཱͭ
    Մೳੑͷ͋ΔΠϕϯτͷ؂ࠪϩάΛऩूɺ؅
    ཧɺ͓Αͼ෼ੳ
    • ଟ͘ͷ૊৫Ͱ͸ɺίϯϓϥΠΞϯεͷ໨తͰ
    ؂ࠪه࿥Λอ͍࣋ͯ͠·͕͢ɺ؂ࠪϩάΛ΄
    ͱΜͲࢀর͠ͳ͍ͨΊɺγεςϜ͕৵֐͞Ε
    ͍ͯΔ͔Ͳ͏͔͸Θ͔Γ·ͤΜɻ

    View Slide

  18. 13. Data Protection
    • ओʹ҉߸ԽͱDLPʹ͍ͭͯͷهࡌ
    • DLPίϯτϩʔϧ͸ϙϦγʔʹج͍͓ͮͯ
    Γɺػີσʔλͷ෼ྨɺاۀશମͷσʔλͷ
    ݕग़ɺ੍ޚͷ࣮ࢪɺϙϦγʔͷ४ڌΛอূ͢
    ΔͨΊͷϨϙʔτ࡞੒ͱ؂ࠪͳͲؚ͕·Ε·
    ͢ɻ

    View Slide

  19. ͭ·Γ
    • ଧ伴ϩάΛऩूͯ͠΋ɺ؂ࠪ͠ͳ͍ͳΒҙຯ͕
    ͳ͍
    • ϙϦγʔʹج͍ͮͨػີσʔλͷ෼ྨͳͯ͘͠ɺ
    ػີσʔλ΁ΞΫηε͢Δӡ༻ʹؾ෇͘͜ͱ͢
    ΒͰ͖ͳ͍

    View Slide

  20. ෼ੳ is grep …?

    View Slide

  21. What is Amazon Macie?
    • ػցֶशʹͯS3಺ͷػີσʔλΛࣗಈతʹݕ
    ग़ɺ෼ྨɺอޢ͢ΔηΩϡϦςΟαʔϏε
    • ݸਓ৘ใ (PII) ΍஌తࡒ࢈ͳͲͷػີσʔλ͕ೝ
    ࣝ͞ΕΔɻ
    • όʔδχΞͱΦϨΰϯͰར༻Մೳ
    https://docs.aws.amazon.com/ja_jp/macie/latest/userguide/what-is-macie.html

    View Slide

  22. ඦฉ͸Ұݟʹ͔ͣ͠

    View Slide

  23. ATTENTION !
    • ઃఆखॱ͸؆୯͗͢ΔͷͰ঺հ͠·ͤΜɻ

    AWSϒϩάͰྲྀΕΛ֬ೝ͍ͯͩ͘͠͞ɻ

    https://aws.amazon.com/jp/blogs/news/launch-amazon-macie-securing-your-s3-buckets/
    • CloudTrail΋ྑ͍ײ͡ʹධՁͯ͘͠Ε·͕͢ɺ

    ࠓճ͸঺հ͠·ͤΜɻ

    ઃఆ͢Δͱ͙͢ʹݟΕΔͷͰɺମײ͍ͯͩ͘͠͞

    View Slide

  24. View Slide

  25. case1: logs/linux_syslog

    View Slide

  26. View Slide

  27. case2: PII Priority / moderate

    View Slide

  28. View Slide

  29. View Slide

  30. ΞϥʔτʂϨϙʔτʂͷલʹ
    ؀ڥͷบ΍ੑ࣭Λ஌Ζ͏ʂ

    View Slide

  31. མͱ݀͠ͷڞ༗

    View Slide

  32. Pitfall
    • MacieͷධՁλΠϛϯά͸ɺόέοτઃఆ࣌ͱ
    s3ΦϒδΣΫτ͕Put͞Εͨ࣌
    • Macie͕࢖͏αʔϏεϩʔϧ͸ɺ
    CloudFormationͰఏڙ͞Ε͍ͯΔ
    ελοΫΛޡͬͯফ͢ͱ
    ෮ؼ·ͰͷؒʹPut͞ΕͨObject͸ධՁ͞Εͳ͍

    View Slide

  33. Α͋͘Δޡղ

    View Slide

  34. MacieͬͯS3όέοτΛ
    ධՁ͢ΔΜͰ͠ΐʁ
    S3͸৘ใ࿙͍͕͑৺഑

    View Slide

  35. Cause is
    a misconfiguration of S3
    • WWE Leaks 3 Million Emails

    https://mackeepersecurity.com/post/world-wrestling-entertainment-leaks-3-
    million-emails
    • Dow Jones customer data exposed in cloud error

    http://thehill.com/policy/cybersecurity/342333-dow-jones-customer-data-exposed-
    in-cloud-error
    • VerizonՃೖऀ1400ສਓͷݸਓ৘ใɺۀ຿ҕୗઌ͕
    ʮແ๷උঢ়ଶʯͰΫϥ΢υʹอଘ

    http://www.itmedia.co.jp/enterprise/articles/1707/13/news055.html

    View Slide

  36. Α͋͘Δ৺഑

    View Slide

  37. AWS MacieͰ
    ػີ৘ใಡΈऔΒͤͯ
    େৎ෉ͳͷʁ

    View Slide

  38. Third Party Authentication
    ~See AWS Artifact~
    • ISO 27001:2013 Certification
    • ISO 27017:2015 Certification
    • ISO 27018:2014 Certification
    • ISO 9001:2015 Certification
    • PCIDSSv3.2
    • SoC1/2͸ݸผʹௐ΂ͯͶΜ(ཁผ్৘ใೖྗ)

    View Slide

  39. ·ͱΊ
    • ׬ᘳͳ΋ͷ͸ͳ͍ɻ

    ͔֬Β͠͞ΛੵΈॏͶΔ͜ͱɻ
    • ਓྗͰͷఆٛʹ͸ϛε΍ݶք͕͋Δɻ

    ੵۃతʹػցͷྗʹཔΓͭͭڍಈΛ؍࡯ͯ͠ɺ

    ΧόʔͰ͖ͳ͍ͱ͜Ζ͸ผͷ΋ͷͰϑΥϩʔ
    • νϟϨϯδ͢Δ͜ͱɻ

    ΍ͬͯΈͯॳΊͯؾ෇͘͜ͱ͕͋Δ(ص্ݕ౼͸୹͘)

    View Slide

  40. ΋͏Ұ౓໰͍·͢

    View Slide

  41. ΈΜͳʂ
    ΍ͬͯΔ͔͍ʁ

    View Slide