踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

Transcript

1. Everyone!
 Are you doing? Proposal of using Amazon Macie in

   Bastion At S-JAWS # 8 2018.02.23

2. ΈΜͳʂ!
 ΍ͬͯΔ͔͍? ౿Έ୆ ؀ڥʹ͓͚ΔAmazon Macie׆༻ͷఏҊ S-JAWS # 8 ʹͯ 2018.02.23

3. Who Am I !?ʢ͓લ୭Αʁʣ • Hirokazu YoshidaˏCloud Native Inc.
 Security

   Engineer • Community
 - Security-JAWS
 - Deep Security User Group • Favorite AWS Service https://qiita.com/fnifni

4. ͱ͍͏Θ͚Ͱ ຊ୊

5. ౿Έ୆ͱฉ͍ͯ ԿΛ࿈૝͠·͔͢ʁ

6. ౿Έ୆αʔό࡞ͬͯ ͱݴΘΕͯ
 ςϯγϣϯ্͕Γ·͔͢ʁ

7. Ͱ͸

8. ཁ࠹αʔό࡞ͬͯ ͱݴΘΕͨΒʁ

9. Motivation of Bastion server • ୭͕ϩάΠϯͰ͖Δ͔ʢೝূ/ೝՄʣ • ؀ڥ΁ͷ།Ұͷ௨Γಓʢ৴པ͢Δܦ࿏ʣ • Ϣʔβʔͷߦಈه࿥΍σʔλ͕௨ա


   ʢ؂ࠪϙΠϯτʣ

10. ΋ͬͱݴ͏ͱ

11. Really scary Bastion server • ੑѱઆʹཱͭͱɺ
 ΠϯλϥΫςΟϒͳϩάΠϯૢ࡞͸ΞϯηΩϡΞ • ۀ຿ޮ཰ʢϏδωεͷ଎౓ʣʹ௚݁͢ΔͨΊɺ ηΩϡϦςΟͱརศੑ͕ৗʹఱṝʹྔΒΕΔ

    • ϏδωεͱηΩϡϦςΟͷલઢج஍

12. ଧ伴ϩάͷऔಘ/෼ੳ͸ ෆՄආ

13. ίϯϓϥΠΞϯεͰ
 ఆΊΒΕͯΔ͠ɺऔͬͯΔΑ Կ͔͋Ε͹௥͑Δ͠ɻ

14. ͦΜͳϞνϕʔγϣϯͰ ྑ͔ͬͨΜ͚ͩͬʁ

15. https://www.cisecurity.org/controls/

16. 20 CIS Controls is Կ • NIST SP800-53 (࿈๜੓෎৘ใγεςϜ ͓Αͼ

    ࿈๜૊৫ͷͨΊͷ ηΩϡϦςΟ؅ཧࡦͱϓϥ Πόγʔ؅ཧࡦ) Λ࣮૷͢Δ্ͰॏཁͱͳΔ20 ͷηΩϡϦςΟίϯτϩʔϧΛ·ͱΊͨจॻ

17. 6. Maintenance, Monitoring, and Analysis of Audit Logs • ݕग़ɺཧղɺ·ͨ͸߈ܸ͔Βͷճ෮ʹ໾ཱͭ

    Մೳੑͷ͋ΔΠϕϯτͷ؂ࠪϩάΛऩूɺ؅ ཧɺ͓Αͼ෼ੳ • ଟ͘ͷ૊৫Ͱ͸ɺίϯϓϥΠΞϯεͷ໨తͰ ؂ࠪه࿥Λอ͍࣋ͯ͠·͕͢ɺ؂ࠪϩάΛ΄ ͱΜͲࢀর͠ͳ͍ͨΊɺγεςϜ͕৵֐͞Ε ͍ͯΔ͔Ͳ͏͔͸Θ͔Γ·ͤΜɻ

18. 13. Data Protection • ओʹ҉߸ԽͱDLPʹ͍ͭͯͷهࡌ • DLPίϯτϩʔϧ͸ϙϦγʔʹج͍͓ͮͯ Γɺػີσʔλͷ෼ྨɺاۀશମͷσʔλͷ ݕग़ɺ੍ޚͷ࣮ࢪɺϙϦγʔͷ४ڌΛอূ͢ ΔͨΊͷϨϙʔτ࡞੒ͱ؂ࠪͳͲؚ͕·Ε·

    ͢ɻ

19. ͭ·Γ • ଧ伴ϩάΛऩूͯ͠΋ɺ؂ࠪ͠ͳ͍ͳΒҙຯ͕ ͳ͍ • ϙϦγʔʹج͍ͮͨػີσʔλͷ෼ྨͳͯ͘͠ɺ ػີσʔλ΁ΞΫηε͢Δӡ༻ʹؾ෇͘͜ͱ͢ ΒͰ͖ͳ͍

20. ෼ੳ is grep …?

21. What is Amazon Macie? • ػցֶशʹͯS3಺ͷػີσʔλΛࣗಈతʹݕ ग़ɺ෼ྨɺอޢ͢ΔηΩϡϦςΟαʔϏε • ݸਓ৘ใ (PII)

    ΍஌తࡒ࢈ͳͲͷػີσʔλ͕ೝ ࣝ͞ΕΔɻ • όʔδχΞͱΦϨΰϯͰར༻Մೳ https://docs.aws.amazon.com/ja_jp/macie/latest/userguide/what-is-macie.html

22. ඦฉ͸Ұݟʹ͔ͣ͠

23. ATTENTION ! • ઃఆखॱ͸؆୯͗͢ΔͷͰ঺հ͠·ͤΜɻ
 AWSϒϩάͰྲྀΕΛ֬ೝ͍ͯͩ͘͠͞ɻ
 https://aws.amazon.com/jp/blogs/news/launch-amazon-macie-securing-your-s3-buckets/ • CloudTrail΋ྑ͍ײ͡ʹධՁͯ͘͠Ε·͕͢ɺ
 ࠓճ͸঺հ͠·ͤΜɻ
 ઃఆ͢Δͱ͙͢ʹݟΕΔͷͰɺମײ͍ͯͩ͘͠͞

24. None

25. case1: logs/linux_syslog

26. None

27. case2: PII Priority / moderate

28. None
29. None

30. ΞϥʔτʂϨϙʔτʂͷલʹ ؀ڥͷบ΍ੑ࣭Λ஌Ζ͏ʂ

31. མͱ݀͠ͷڞ༗

32. Pitfall • MacieͷධՁλΠϛϯά͸ɺόέοτઃఆ࣌ͱ s3ΦϒδΣΫτ͕Put͞Εͨ࣌ • Macie͕࢖͏αʔϏεϩʔϧ͸ɺ CloudFormationͰఏڙ͞Ε͍ͯΔ ελοΫΛޡͬͯফ͢ͱ ෮ؼ·ͰͷؒʹPut͞ΕͨObject͸ධՁ͞Εͳ͍

33. Α͋͘Δޡղ

34. MacieͬͯS3όέοτΛ ධՁ͢ΔΜͰ͠ΐʁ S3͸৘ใ࿙͍͕͑৺഑

35. Cause is a misconfiguration of S3 • WWE Leaks 3

    Million Emails
 https://mackeepersecurity.com/post/world-wrestling-entertainment-leaks-3- million-emails • Dow Jones customer data exposed in cloud error
 http://thehill.com/policy/cybersecurity/342333-dow-jones-customer-data-exposed- in-cloud-error • VerizonՃೖऀ1400ສਓͷݸਓ৘ใɺۀ຿ҕୗઌ͕ ʮແ๷උঢ়ଶʯͰΫϥ΢υʹอଘ
 http://www.itmedia.co.jp/enterprise/articles/1707/13/news055.html

36. Α͋͘Δ৺഑

37. AWS MacieͰ ػີ৘ใಡΈऔΒͤͯ େৎ෉ͳͷʁ

38. Third Party Authentication ~See AWS Artifact~ • ISO 27001:2013 Certification

    • ISO 27017:2015 Certification • ISO 27018:2014 Certification • ISO 9001:2015 Certification • PCIDSSv3.2 • SoC1/2͸ݸผʹௐ΂ͯͶΜ(ཁผ్৘ใೖྗ)

39. ·ͱΊ • ׬ᘳͳ΋ͷ͸ͳ͍ɻ
 ͔֬Β͠͞ΛੵΈॏͶΔ͜ͱɻ • ਓྗͰͷఆٛʹ͸ϛε΍ݶք͕͋Δɻ
 ੵۃతʹػցͷྗʹཔΓͭͭڍಈΛ؍࡯ͯ͠ɺ
 ΧόʔͰ͖ͳ͍ͱ͜Ζ͸ผͷ΋ͷͰϑΥϩʔ • νϟϨϯδ͢Δ͜ͱɻ


    ΍ͬͯΈͯॳΊͯؾ෇͘͜ͱ͕͋Δ(ص্ݕ౼͸୹͘)

40. ΋͏Ұ౓໰͍·͢

41. ΈΜͳʂ ΍ͬͯΔ͔͍ʁ