踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

251ca4edee830a5e003660245565df66?s=47 fnifni
February 24, 2018

踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

Bastion
Amazon Maice
#secjaws #secjaws08

251ca4edee830a5e003660245565df66?s=128

fnifni

February 24, 2018
Tweet

Transcript

  1. Everyone!
 Are you doing? Proposal of using Amazon Macie in

    Bastion At S-JAWS # 8 2018.02.23
  2. ΈΜͳʂ!
 ΍ͬͯΔ͔͍? ౿Έ୆ ؀ڥʹ͓͚ΔAmazon Macie׆༻ͷఏҊ S-JAWS # 8 ʹͯ 2018.02.23

  3. Who Am I !?ʢ͓લ୭Αʁʣ • Hirokazu YoshidaˏCloud Native Inc.
 Security

    Engineer • Community
 - Security-JAWS
 - Deep Security User Group • Favorite AWS Service https://qiita.com/fnifni
  4. ͱ͍͏Θ͚Ͱ ຊ୊

  5. ౿Έ୆ͱฉ͍ͯ ԿΛ࿈૝͠·͔͢ʁ

  6. ౿Έ୆αʔό࡞ͬͯ ͱݴΘΕͯ
 ςϯγϣϯ্͕Γ·͔͢ʁ

  7. Ͱ͸

  8. ཁ࠹αʔό࡞ͬͯ ͱݴΘΕͨΒʁ

  9. Motivation of Bastion server • ୭͕ϩάΠϯͰ͖Δ͔ʢೝূ/ೝՄʣ • ؀ڥ΁ͷ།Ұͷ௨Γಓʢ৴པ͢Δܦ࿏ʣ • Ϣʔβʔͷߦಈه࿥΍σʔλ͕௨ա


    ʢ؂ࠪϙΠϯτʣ
  10. ΋ͬͱݴ͏ͱ

  11. Really scary Bastion server • ੑѱઆʹཱͭͱɺ
 ΠϯλϥΫςΟϒͳϩάΠϯૢ࡞͸ΞϯηΩϡΞ • ۀ຿ޮ཰ʢϏδωεͷ଎౓ʣʹ௚݁͢ΔͨΊɺ ηΩϡϦςΟͱརศੑ͕ৗʹఱṝʹྔΒΕΔ

    • ϏδωεͱηΩϡϦςΟͷલઢج஍
  12. ଧ伴ϩάͷऔಘ/෼ੳ͸ ෆՄආ

  13. ίϯϓϥΠΞϯεͰ
 ఆΊΒΕͯΔ͠ɺऔͬͯΔΑ Կ͔͋Ε͹௥͑Δ͠ɻ

  14. ͦΜͳϞνϕʔγϣϯͰ ྑ͔ͬͨΜ͚ͩͬʁ

  15. https://www.cisecurity.org/controls/

  16. 20 CIS Controls is Կ • NIST SP800-53 (࿈๜੓෎৘ใγεςϜ ͓Αͼ

    ࿈๜૊৫ͷͨΊͷ ηΩϡϦςΟ؅ཧࡦͱϓϥ Πόγʔ؅ཧࡦ) Λ࣮૷͢Δ্ͰॏཁͱͳΔ20 ͷηΩϡϦςΟίϯτϩʔϧΛ·ͱΊͨจॻ
  17. 6. Maintenance, Monitoring, and Analysis of Audit Logs • ݕग़ɺཧղɺ·ͨ͸߈ܸ͔Βͷճ෮ʹ໾ཱͭ

    Մೳੑͷ͋ΔΠϕϯτͷ؂ࠪϩάΛऩूɺ؅ ཧɺ͓Αͼ෼ੳ • ଟ͘ͷ૊৫Ͱ͸ɺίϯϓϥΠΞϯεͷ໨తͰ ؂ࠪه࿥Λอ͍࣋ͯ͠·͕͢ɺ؂ࠪϩάΛ΄ ͱΜͲࢀর͠ͳ͍ͨΊɺγεςϜ͕৵֐͞Ε ͍ͯΔ͔Ͳ͏͔͸Θ͔Γ·ͤΜɻ
  18. 13. Data Protection • ओʹ҉߸ԽͱDLPʹ͍ͭͯͷهࡌ • DLPίϯτϩʔϧ͸ϙϦγʔʹج͍͓ͮͯ Γɺػີσʔλͷ෼ྨɺاۀશମͷσʔλͷ ݕग़ɺ੍ޚͷ࣮ࢪɺϙϦγʔͷ४ڌΛอূ͢ ΔͨΊͷϨϙʔτ࡞੒ͱ؂ࠪͳͲؚ͕·Ε·

    ͢ɻ
  19. ͭ·Γ • ଧ伴ϩάΛऩूͯ͠΋ɺ؂ࠪ͠ͳ͍ͳΒҙຯ͕ ͳ͍ • ϙϦγʔʹج͍ͮͨػີσʔλͷ෼ྨͳͯ͘͠ɺ ػີσʔλ΁ΞΫηε͢Δӡ༻ʹؾ෇͘͜ͱ͢ ΒͰ͖ͳ͍

  20. ෼ੳ is grep …?

  21. What is Amazon Macie? • ػցֶशʹͯS3಺ͷػີσʔλΛࣗಈతʹݕ ग़ɺ෼ྨɺอޢ͢ΔηΩϡϦςΟαʔϏε • ݸਓ৘ใ (PII)

    ΍஌తࡒ࢈ͳͲͷػີσʔλ͕ೝ ࣝ͞ΕΔɻ • όʔδχΞͱΦϨΰϯͰར༻Մೳ https://docs.aws.amazon.com/ja_jp/macie/latest/userguide/what-is-macie.html
  22. ඦฉ͸Ұݟʹ͔ͣ͠

  23. ATTENTION ! • ઃఆखॱ͸؆୯͗͢ΔͷͰ঺հ͠·ͤΜɻ
 AWSϒϩάͰྲྀΕΛ֬ೝ͍ͯͩ͘͠͞ɻ
 https://aws.amazon.com/jp/blogs/news/launch-amazon-macie-securing-your-s3-buckets/ • CloudTrail΋ྑ͍ײ͡ʹධՁͯ͘͠Ε·͕͢ɺ
 ࠓճ͸঺հ͠·ͤΜɻ
 ઃఆ͢Δͱ͙͢ʹݟΕΔͷͰɺମײ͍ͯͩ͘͠͞

  24. None
  25. case1: logs/linux_syslog

  26. None
  27. case2: PII Priority / moderate

  28. None
  29. None
  30. ΞϥʔτʂϨϙʔτʂͷલʹ ؀ڥͷบ΍ੑ࣭Λ஌Ζ͏ʂ

  31. མͱ݀͠ͷڞ༗

  32. Pitfall • MacieͷධՁλΠϛϯά͸ɺόέοτઃఆ࣌ͱ s3ΦϒδΣΫτ͕Put͞Εͨ࣌ • Macie͕࢖͏αʔϏεϩʔϧ͸ɺ CloudFormationͰఏڙ͞Ε͍ͯΔ ελοΫΛޡͬͯফ͢ͱ ෮ؼ·ͰͷؒʹPut͞ΕͨObject͸ධՁ͞Εͳ͍

  33. Α͋͘Δޡղ

  34. MacieͬͯS3όέοτΛ ධՁ͢ΔΜͰ͠ΐʁ S3͸৘ใ࿙͍͕͑৺഑

  35. Cause is a misconfiguration of S3 • WWE Leaks 3

    Million Emails
 https://mackeepersecurity.com/post/world-wrestling-entertainment-leaks-3- million-emails • Dow Jones customer data exposed in cloud error
 http://thehill.com/policy/cybersecurity/342333-dow-jones-customer-data-exposed- in-cloud-error • VerizonՃೖऀ1400ສਓͷݸਓ৘ใɺۀ຿ҕୗઌ͕ ʮແ๷උঢ়ଶʯͰΫϥ΢υʹอଘ
 http://www.itmedia.co.jp/enterprise/articles/1707/13/news055.html
  36. Α͋͘Δ৺഑

  37. AWS MacieͰ ػີ৘ใಡΈऔΒͤͯ େৎ෉ͳͷʁ

  38. Third Party Authentication ~See AWS Artifact~ • ISO 27001:2013 Certification

    • ISO 27017:2015 Certification • ISO 27018:2014 Certification • ISO 9001:2015 Certification • PCIDSSv3.2 • SoC1/2͸ݸผʹௐ΂ͯͶΜ(ཁผ్৘ใೖྗ)
  39. ·ͱΊ • ׬ᘳͳ΋ͷ͸ͳ͍ɻ
 ͔֬Β͠͞ΛੵΈॏͶΔ͜ͱɻ • ਓྗͰͷఆٛʹ͸ϛε΍ݶք͕͋Δɻ
 ੵۃతʹػցͷྗʹཔΓͭͭڍಈΛ؍࡯ͯ͠ɺ
 ΧόʔͰ͖ͳ͍ͱ͜Ζ͸ผͷ΋ͷͰϑΥϩʔ • νϟϨϯδ͢Δ͜ͱɻ


    ΍ͬͯΈͯॳΊͯؾ෇͘͜ͱ͕͋Δ(ص্ݕ౼͸୹͘)
  40. ΋͏Ұ౓໰͍·͢

  41. ΈΜͳʂ ΍ͬͯΔ͔͍ʁ