Upgrade to Pro — share decks privately, control downloads, hide ads and more …

踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

fnifni
February 24, 2018

踏み台環境におけるAmazon Maice活用の提案 #secjaws #secjaws08

Bastion
Amazon Maice
#secjaws #secjaws08

fnifni

February 24, 2018
Tweet

More Decks by fnifni

Other Decks in Technology

Transcript

  1. Everyone!

    Are you doing?
    Proposal of using Amazon Macie in Bastion
    At S-JAWS # 8
    2018.02.23

    View Slide

  2. ΈΜͳʂ!

    ΍ͬͯΔ͔͍?
    ౿Έ୆ ؀ڥʹ͓͚ΔAmazon Macie׆༻ͷఏҊ
    S-JAWS # 8 ʹͯ
    2018.02.23

    View Slide

  3. Who Am I !?ʢ͓લ୭Αʁʣ
    • Hirokazu YoshidaˏCloud Native Inc.

    Security Engineer
    • Community

    - Security-JAWS

    - Deep Security User Group
    • Favorite AWS Service
    https://qiita.com/fnifni

    View Slide

  4. ͱ͍͏Θ͚Ͱ
    ຊ୊

    View Slide

  5. ౿Έ୆ͱฉ͍ͯ
    ԿΛ࿈૝͠·͔͢ʁ

    View Slide

  6. ౿Έ୆αʔό࡞ͬͯ
    ͱݴΘΕͯ

    ςϯγϣϯ্͕Γ·͔͢ʁ

    View Slide

  7. Ͱ͸

    View Slide

  8. ཁ࠹αʔό࡞ͬͯ
    ͱݴΘΕͨΒʁ

    View Slide

  9. Motivation of Bastion server
    • ୭͕ϩάΠϯͰ͖Δ͔ʢೝূ/ೝՄʣ
    • ؀ڥ΁ͷ།Ұͷ௨Γಓʢ৴པ͢Δܦ࿏ʣ
    • Ϣʔβʔͷߦಈه࿥΍σʔλ͕௨ա

    ʢ؂ࠪϙΠϯτʣ

    View Slide

  10. ΋ͬͱݴ͏ͱ

    View Slide

  11. Really scary Bastion server
    • ੑѱઆʹཱͭͱɺ

    ΠϯλϥΫςΟϒͳϩάΠϯૢ࡞͸ΞϯηΩϡΞ
    • ۀ຿ޮ཰ʢϏδωεͷ଎౓ʣʹ௚݁͢ΔͨΊɺ
    ηΩϡϦςΟͱརศੑ͕ৗʹఱṝʹྔΒΕΔ
    • ϏδωεͱηΩϡϦςΟͷલઢج஍

    View Slide

  12. ଧ伴ϩάͷऔಘ/෼ੳ͸
    ෆՄආ

    View Slide

  13. ίϯϓϥΠΞϯεͰ

    ఆΊΒΕͯΔ͠ɺऔͬͯΔΑ
    Կ͔͋Ε͹௥͑Δ͠ɻ

    View Slide

  14. ͦΜͳϞνϕʔγϣϯͰ
    ྑ͔ͬͨΜ͚ͩͬʁ

    View Slide

  15. https://www.cisecurity.org/controls/

    View Slide

  16. 20 CIS Controls is Կ
    • NIST SP800-53 (࿈๜੓෎৘ใγεςϜ ͓Αͼ
    ࿈๜૊৫ͷͨΊͷ ηΩϡϦςΟ؅ཧࡦͱϓϥ
    Πόγʔ؅ཧࡦ) Λ࣮૷͢Δ্ͰॏཁͱͳΔ20
    ͷηΩϡϦςΟίϯτϩʔϧΛ·ͱΊͨจॻ

    View Slide

  17. 6. Maintenance, Monitoring,
    and Analysis of Audit Logs
    • ݕग़ɺཧղɺ·ͨ͸߈ܸ͔Βͷճ෮ʹ໾ཱͭ
    Մೳੑͷ͋ΔΠϕϯτͷ؂ࠪϩάΛऩूɺ؅
    ཧɺ͓Αͼ෼ੳ
    • ଟ͘ͷ૊৫Ͱ͸ɺίϯϓϥΠΞϯεͷ໨తͰ
    ؂ࠪه࿥Λอ͍࣋ͯ͠·͕͢ɺ؂ࠪϩάΛ΄
    ͱΜͲࢀর͠ͳ͍ͨΊɺγεςϜ͕৵֐͞Ε
    ͍ͯΔ͔Ͳ͏͔͸Θ͔Γ·ͤΜɻ

    View Slide

  18. 13. Data Protection
    • ओʹ҉߸ԽͱDLPʹ͍ͭͯͷهࡌ
    • DLPίϯτϩʔϧ͸ϙϦγʔʹج͍͓ͮͯ
    Γɺػີσʔλͷ෼ྨɺاۀશମͷσʔλͷ
    ݕग़ɺ੍ޚͷ࣮ࢪɺϙϦγʔͷ४ڌΛอূ͢
    ΔͨΊͷϨϙʔτ࡞੒ͱ؂ࠪͳͲؚ͕·Ε·
    ͢ɻ

    View Slide

  19. ͭ·Γ
    • ଧ伴ϩάΛऩूͯ͠΋ɺ؂ࠪ͠ͳ͍ͳΒҙຯ͕
    ͳ͍
    • ϙϦγʔʹج͍ͮͨػີσʔλͷ෼ྨͳͯ͘͠ɺ
    ػີσʔλ΁ΞΫηε͢Δӡ༻ʹؾ෇͘͜ͱ͢
    ΒͰ͖ͳ͍

    View Slide

  20. ෼ੳ is grep …?

    View Slide

  21. What is Amazon Macie?
    • ػցֶशʹͯS3಺ͷػີσʔλΛࣗಈతʹݕ
    ग़ɺ෼ྨɺอޢ͢ΔηΩϡϦςΟαʔϏε
    • ݸਓ৘ใ (PII) ΍஌తࡒ࢈ͳͲͷػີσʔλ͕ೝ
    ࣝ͞ΕΔɻ
    • όʔδχΞͱΦϨΰϯͰར༻Մೳ
    https://docs.aws.amazon.com/ja_jp/macie/latest/userguide/what-is-macie.html

    View Slide

  22. ඦฉ͸Ұݟʹ͔ͣ͠

    View Slide

  23. ATTENTION !
    • ઃఆखॱ͸؆୯͗͢ΔͷͰ঺հ͠·ͤΜɻ

    AWSϒϩάͰྲྀΕΛ֬ೝ͍ͯͩ͘͠͞ɻ

    https://aws.amazon.com/jp/blogs/news/launch-amazon-macie-securing-your-s3-buckets/
    • CloudTrail΋ྑ͍ײ͡ʹධՁͯ͘͠Ε·͕͢ɺ

    ࠓճ͸঺հ͠·ͤΜɻ

    ઃఆ͢Δͱ͙͢ʹݟΕΔͷͰɺମײ͍ͯͩ͘͠͞

    View Slide

  24. View Slide

  25. case1: logs/linux_syslog

    View Slide

  26. View Slide

  27. case2: PII Priority / moderate

    View Slide

  28. View Slide

  29. View Slide

  30. ΞϥʔτʂϨϙʔτʂͷલʹ
    ؀ڥͷบ΍ੑ࣭Λ஌Ζ͏ʂ

    View Slide

  31. མͱ݀͠ͷڞ༗

    View Slide

  32. Pitfall
    • MacieͷධՁλΠϛϯά͸ɺόέοτઃఆ࣌ͱ
    s3ΦϒδΣΫτ͕Put͞Εͨ࣌
    • Macie͕࢖͏αʔϏεϩʔϧ͸ɺ
    CloudFormationͰఏڙ͞Ε͍ͯΔ
    ελοΫΛޡͬͯফ͢ͱ
    ෮ؼ·ͰͷؒʹPut͞ΕͨObject͸ධՁ͞Εͳ͍

    View Slide

  33. Α͋͘Δޡղ

    View Slide

  34. MacieͬͯS3όέοτΛ
    ධՁ͢ΔΜͰ͠ΐʁ
    S3͸৘ใ࿙͍͕͑৺഑

    View Slide

  35. Cause is
    a misconfiguration of S3
    • WWE Leaks 3 Million Emails

    https://mackeepersecurity.com/post/world-wrestling-entertainment-leaks-3-
    million-emails
    • Dow Jones customer data exposed in cloud error

    http://thehill.com/policy/cybersecurity/342333-dow-jones-customer-data-exposed-
    in-cloud-error
    • VerizonՃೖऀ1400ສਓͷݸਓ৘ใɺۀ຿ҕୗઌ͕
    ʮແ๷උঢ়ଶʯͰΫϥ΢υʹอଘ

    http://www.itmedia.co.jp/enterprise/articles/1707/13/news055.html

    View Slide

  36. Α͋͘Δ৺഑

    View Slide

  37. AWS MacieͰ
    ػີ৘ใಡΈऔΒͤͯ
    େৎ෉ͳͷʁ

    View Slide

  38. Third Party Authentication
    ~See AWS Artifact~
    • ISO 27001:2013 Certification
    • ISO 27017:2015 Certification
    • ISO 27018:2014 Certification
    • ISO 9001:2015 Certification
    • PCIDSSv3.2
    • SoC1/2͸ݸผʹௐ΂ͯͶΜ(ཁผ్৘ใೖྗ)

    View Slide

  39. ·ͱΊ
    • ׬ᘳͳ΋ͷ͸ͳ͍ɻ

    ͔֬Β͠͞ΛੵΈॏͶΔ͜ͱɻ
    • ਓྗͰͷఆٛʹ͸ϛε΍ݶք͕͋Δɻ

    ੵۃతʹػցͷྗʹཔΓͭͭڍಈΛ؍࡯ͯ͠ɺ

    ΧόʔͰ͖ͳ͍ͱ͜Ζ͸ผͷ΋ͷͰϑΥϩʔ
    • νϟϨϯδ͢Δ͜ͱɻ

    ΍ͬͯΈͯॳΊͯؾ෇͘͜ͱ͕͋Δ(ص্ݕ౼͸୹͘)

    View Slide

  40. ΋͏Ұ౓໰͍·͢

    View Slide

  41. ΈΜͳʂ
    ΍ͬͯΔ͔͍ʁ

    View Slide