SREがセキュアなWebシステムを構築、維持するためにやれることはなにか / What can SRE do to build and maintain a secure Web system?

46839cf590a549efe13547c17a6b2fde?s=47 Isao Shimizu
January 25, 2020

SREがセキュアなWebシステムを構築、維持するためにやれることはなにか / What can SRE do to build and maintain a secure Web system?

SRE NEXT 2020
2020.1.25

"セキュリティ専門のエンジニアが組織にいない場合、古くなったソフトウェアのメンテナンス、鍵の管理、ファイアウォールの管理を誰が行うのか。それが曖昧な状況が長く続くとサービスが脆弱となり、やがて問題を引き起こすことでしょう。
サービスとシステムの信頼性に対してSREが責任を持つ組織においては、SREが中心となってセキュリティの問題を把握し、安全で堅牢な状態を維持する必要があります。Webアプリケーションやクラウドを使ったシステムをセキュアに保つためにできることは多くあります。
新しくサービスを開発する時、サービスの規模が大きくなってきた時など、セキュリティを意識すべきフェーズで何をすべきなのか、戸惑うことは少なくありません。セキュアなWebシステムを構築、維持するために、最低限知っておきたい知識、応用的な事例について、今までの経験をもとにお話したいと思います。"

46839cf590a549efe13547c17a6b2fde?s=128

Isao Shimizu

January 25, 2020
Tweet

Transcript

  1. 2.

    ਗ਼ਫ܄ʢ͠Έ͍͓ͣ͞ʣ!JTBPTIJNJ[V ॴଐ w גࣜձࣾϛΫγΟ7BOUBHFελδΦΈͯͶࣄۀ෦։ൃάϧʔϓ43&νʔϜ ܦྺ w 4*FSͰडୗ։ൃɺϓϩμΫτ։ൃΛܦݧޙɺ೥ʹגࣜձࣾϛΫγΟ΁ೖࣾ w 4/4ӡ༻ɺϞϯελʔετϥΠΫͷ43&ΛܦͯɺݱࡏʮՈ଒ΞϧόϜΈͯͶʯͷ43& w

    ೥݄4PGUXBSF%FTJHO೥݄߸دߘ 43&ͬͯɼͳʹΛ΍Ε͹͍͍ͷʁઌۦऀʹ㘤͘ɼ୭͕ͨΊͷ৴པੑ w ೥݄"844VNNJU5PLZP ίϯςφҠߦͬͯ͜ΜͳʹେมʁʙʮՈ଒ΞϧόϜΈͯͶʯΛࢧ͑ΔΠϯϑϥͷཪଆʙ w ͦͷଞʮ43&5FDI5BMLTʯʮICTUVEZʯʮ*OUFSOFU8FFLʯ౳ 2 ࣗݾ঺հ
  2. 3.

    ΞδΣϯμ  ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ  ͸͡Ίʹ  43&ʹ͍ͭͯ  43&ͱηΩϡϦςΟ 

    ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ  Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ  ·ͱΊ 3
  3. 7.

    ʮΈͯͶϓϨϛΞϜʯΛ೥݄ϦϦʔε ֹ݄՝ۚܕͷ༗ྉϓϥϯ ֹ݄ԁ w ϒϥ΢β͔Βࣸਅ΍ಈըͷΞοϓϩʔυ͕Մೳʹ w ඵಈըͷຖ݄೥ؒ൛഑৴ w શ঎඼͕ૹྉແྉʢՈ଒શһʣ w

    ެ։ൣғΛࡉ͔͘ઃఆՄೳ w ಈըΞοϓϩʔυͷ੍࣌ؒݶΛԆ௕෼͔Β෼΁ ΈͯͶΛ͓࢖͍ͷํɺͥͻ͓ࢼ͍ͩ͘͠͞ʂ 7 ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ
  4. 8.

    8 ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ AWS Cloud AWS OpsWorks Availability Zone VPC Availability

    Zone Availability Zone AWS Cloud Availability Zone VPC Availability Zone Availability Zone Amazon Elastic Kubernetes Service Amazon Elastic Container Registry Auto Scaling group EC2 Instances EC2 Instances EC2 Instances Kubernetes Nodes Kubernetes Nodes Kubernetes Nodes Classic Load Balancer Application Load Balancer Before After ΈͯͶͷΠϯϑϥ͸,VCFSOFUFTʢ"NB[PO&,4ʣ΁ͷҠߦத
  5. 14.

    class SRE implements DevOps 14 43&ʹ͍ͭͯ 43&WT%FW0QTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET  IUUQTDMPVEHPPHMFDPNCMPHQSPEVDUTHDQTSFWTEFWPQTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET w

    l%FW0QTΛϓϩάϥϛϯάݴޠʹ͓͚ΔΠϯλʔϑΣʔεͱଊ͑ΔͱɺΫϥε 43&͸%FW0QTͷ࣮૷Ͱ͋Δɻz w l43&ʹ͸ɺ%FW0QTͷΠϯλʔϑΣʔεͷ෦෼ʹݶΒͳ͍௥ՃͷϓϥΫςΟεͱ ਪ঑ࣄؚ߲͕·ΕΔɻ
  6. 15.

    DevOps and SRE are not two competing methods for software

    development and operations, but rather close friends designed to break down organizational barriers to deliver better software faster. l%FW0QTͱ43&͸ɺιϑτ΢ΣΞ։ൃͱӡ༻͕ڝ߹͢ΔΑ͏ͳख๏Ͱ͸ͳ͘ɺ ΑΓྑ͍ιϑτ΢ΣΞΛΑΓ଎͘ఏڙ͢ΔͨΊʹ૊৫ͷোนΛଧഁ͢ΔΑ͏ʹ ઃܭ͞Εͨ਌ີͳ΋ͷͰ͋Δɻz 15 43&WT%FW0QTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET  IUUQTDMPVEHPPHMFDPNCMPHQSPEVDUTHDQTSFWTEFWPQTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET 43&ʹ͍ͭͯ
  7. 17.

    Site reliability engineering (SRE) is a relatively new discipline, having

    only been in existence for about 15 years. It originated at Google and has gained popularity recently with more companies advertising SRE positions or trying to implement SRE practices. In the technology field, 15 years may seem like an eternity, but the SRE role is very much still in its infancy. There are still challenges defining the role and understanding exactly what it is. Just look through one of the 1,000-plus job listings on LinkedIn for an SRE in the United States—you will see many different job expectations and requirements. l43&͸ൺֱత৽͍͠෼໺Ͱɺ໿೥͔͠ଘࡏ͍ͯ͠·ͤΜɻ(PPHMFͰ࢝·Γɺ࠷ۙͰ͸ 43&ͷ৬छΛએ఻ͨ͠Γɺ43&ͷϓϥΫςΟεΛ࣮૷͠Α͏ͱ͢Δاۀ͕૿͍͑ͯ·͢ɻ ςΫϊϩδʔ෼໺Ͱ͸ɺ೥͸௕͍࣌ؒͷΑ͏ʹࢥ͑Δ͔΋͠Ε·ͤΜ͕ɺ43&ͷ໾ׂ ͸·ͩॳظஈ֊ʹ͋Γ·͢ɻ໾ׂΛఆٛ͠ɺͦΕ͕ԿͰ͋Δ͔Λਖ਼֬ʹཧղ͢Δͱ͍͏՝ ୊͕·ͩ͋Γ·͢ɻ-JOLFE*Oͷ Λ௒͑ΔٻਓϦετͷͭͰ๺ถͷ43&Λௐ΂Δͩ ͚Ͱɺ͞·͟·ͳٻਓͱཁ͕݅දࣔ͞Ε·͢ɻz 17 43&ʹ͍ͭͯ %FpOJOHUIF3PMFPGB43& IUUQTEFWPQTDPNEFpOJOHUIFSPMFPGBTJUFSFMJBCJMJUZFOHJOFFSTSF
  8. 18.

    An SRE must possess a blend of technical as well

    as soft skills and, perhaps most of all, must be adept at communicating effectively and inspiring a teamwide approach to excellence. l43&͸ٕज़తεΩϧͱιϑτεΩϧͷ྆ํΛඋ͍͑ͯΔඞཁ͕͋Γɺ͓ͦ Β͘ԿΑΓ΋ɺޮՌతͳίϛϡχέʔγϣϯʹख़ୡ͍ͯ͠Δ͜ͱ΍ɺνʔϜ શମͷ୎ӽੑ΁ͷΞϓϩʔνΛଅ͢͜ͱ͕Ͱ͖ͳ͚Ε͹ͳΓ·ͤΜɻz 18 43&ʹ͍ͭͯ %FpOJOHUIF3PMFPGB43& IUUQTEFWPQTDPNEFpOJOHUIFSPMFPGBTJUFSFMJBCJMJUZFOHJOFFSTSF
  9. 19.

    19 43&ʹ͍ͭͯ /(*/9$POG4JUF3FMJBCJMJUZ&OHJOFFSJOH1BOFM-JOLFE*O %FMM BOE(SFNMJO IUUQTXXXZPVUVCFDPNXBUDI W00%);%H. Ashi Sareen Director

    of Engineering, Site Reliability LinkedIn “A lot is people are just renaming their ops teams to call SRE. I don’t think that’s the right approach. SRE discipline requires investment it has a very clear set of practices set of team dynamics that makes a successful SRE team.” lଟ͘ͷਓ͸ɺӡ༻νʔϜͷ໊લΛมߋͯ͠43&ͱݺΜͰ͍Δ͚ͩͰ͢ɻࢲ͸ͦΕ͕ ਖ਼͍͠Ξϓϩʔνͩͱ͸ࢥ͍·ͤΜɻ43&ͷ౷੍ʹ͸ɺ43&νʔϜΛ੒ޭͤ͞Δ໌ ֬ͳνʔϜμΠφϛΫεͷϓϥΫςΟεηοτ͕ඞཁͰ͢ɻz
  10. 24.

    24 43&ͱηΩϡϦςΟ 43&DPO"NFSJDB.BSDIr 1JWPUBM &YUFOEJOHUIF&SSPS#VEHFU.PEFMUP4FDVSJUZBOE 'FBUVSF'SFTIOFTT IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOBNFSJDBTQSFTFOUBUJPOUIPNTPO “Vulnerability budget: How

    long can we afford to be vulnerable to CVEs in our dependencies? Legacy budget: New enough that it gets support; and not so old that no- one wants to use it.”
  11. 27.

    27 43&ͱηΩϡϦςΟ 43&DPO"NFSJDBT8FTU 4"/5"$-"3" $" 64".BSDIr  43&DPO"TJB1BDJpD 4:%/&: "6453"-*"+VOFr

     43&DPO&VSPQF.JEEMF&BTU"GSJDB ".45&3%". /&5)&3-"/%4 43&DPO"NFSJDBT&BTU #0450/ ." 64"
  12. 32.

    32 43&ͱηΩϡϦςΟ w ৴པੑͱηΩϡϦςΟ͸ɺιϑτ΢ΣΞͱγεςϜͷϥΠϑαΠΫϧʹෆ ՄܽͰ͋Δɻ w ৴པੑͱηΩϡϦςΟΛཱ྆ͨ͠γεςϜΛߏங͢Δͷ͸؆୯Ͱ͸ͳ͍ɻ w ͲͪΒ΋͋ͱͰ࣮૷͠Α͏ͱ͢Δͷ͸೉͍͠ɻ w

    ॳظ͔ΒߟྀͰ͖͍ͯΔ͜ͱ͕๬·͍͠ɻ w ໰୊͕ى͖ͳ͍ͱίετΛ͔͚ͳ͍ྖҬɻ w ໰୊͕ى͖͔ͯΒͩͱਂࠁʹͳΓ͕ͪɻ w γϯϓϧͳઃܭɺ࠷খԽ͞Εͨݖݶ؅ཧ͕ॏཁͰ͋Δɻ
  13. 33.

    33 43&ͱηΩϡϦςΟ w Α͘Ͱ͖ͨϩΪϯά͸ڴҖͷݕग़ͱো֐΁ͷඋ͑ͱͳΔɻ w ༗ࣄͷࡍͷࢦشܥ౷ɺνΣοΫϦετɺϓϨΠϒοΫɺϓϩτίϧ͸ॏཁɻ w ੬ऑੑύον͸ૉૣ͍ద༻͕ॏཁɻ w ύονͷ಺༰ʹ࣍ୈͰ͸໰୊ʢόάɺੑೳྼԽͳͲʣΛى͜͢Մೳੑ΋͋Δɻ

    w ϦεΫΛߟྀͯ͠ɺద༻λΠϛϯάʹ͍ͭͯϏδωεαΠυͱ΋ௐ੔͢Δɻ ଞʹ΋༷ʑͳϓϥΫςΟε͕ࡌ͍ͬͯΔͷͰڵຯͷ͋Δํ͸͓ಡΈ͍ͩ͘͞ɻ w ୈষॳΊͷʮ0OQBTTXPSETBOEQPXFSESJMMTʯɻ w &BSMZ3FMFBTF൛ͳͷͰग़൛࣌ʹ͸಺༰ʹมߋ͕͋ΔՄೳੑ͕͋Γ·͢ɻ
  14. 42.

    ώΞϦϯά಺༰ͷྫʢʣ w ͲΜͳϥΠϒϥϦΛ࢖༻͍ͯ͠Δ͔ w ϢʔβʔͷτʔΫϯͷऔΓѻ͍ w ༗ޮظݶ w อଘ৔ॴ͸Ͳ͔͜ w

    Ұൠతͳ944ɺ$43'ͷରࡦ͸Ͱ͖͍ͯΔ͔ w "1*ͷύϥϝʔλΛ௚઀มߋͯ͠ɺଞਓͷσʔλΛݟΔ͜ͱ ͸Ͱ͖ͳ͍͔ 42 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  15. 43.

    ώΞϦϯά಺༰ͷྫʢʣ w ΞϓϦέʔγϣϯ಺෦ʹൿಗ৘ใΛ͍࣋ͬͯͳ͍͔Ͳ͏͔ w Ϣʔβʔ؅ཧͷύεϫʔυ w ฏจͰอଘ͍ͯ͠ͳ͍͔ w ฏจͰૹ৴ʢϝʔϧͳͲʣ͍ͯ͠ͳ͍͔ w

    ύεϫʔυͷڧ౓ʢจࣈ਺ɺจࣈछͳͲʣ͸ద੾͔ w ϦϚΠϯμͷख๏͸ͲΜͳ΋ͷ͔ 43 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  16. 47.

    *OGSBTUSVDUVSFBT$PEF *B$  w ΠϯϑϥͷߏஙΛख࡞ۀͰ΍Βͳ͍ w ଐਓతɺมߋ؅ཧɺઃఆ΍υΩϡϝϯτͷൈ͚࿙ΕͳͲͷ໰୊͕ى͖΍͍͢ w *B$ͷπʔϧΛ࢖͏ʢ5FSSBGPSNɺ$MPVE'PSNBUJPOͳͲʣ w

    1VMM3FRVFTUΛ࡞ΓɺίʔυϨϏϡʔΛड͚Δ w ྫ*".΍ηΩϡϦςΟάϧʔϓ͕࠷খݶͱͳ͍ͬͯΔ͔ w $*πʔϧͱ࿈ܞͯ͠ESZSVOΛ࣮ߦ͢Δ w 1VMM3FRVFTUͷϚʔδʹΑͬͯΠϯϑϥʹద༻͢Δ 47 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  17. 49.

    ϩάऩूͱݕࡧ w ҟৗͳΞΫηεɺτϥϑΟοΫͷݕग़ w ΞΫηεݩͷڴҖݕग़ w ϩάʹ͸ೝূ৘ใ΍ݸਓ৘ใͳͲͷػີ৘ใ͸ࡌͤͳ͍ w ϩάͷྔ͸ίετʹӨڹ͠΍͍͢ʢҰ࣌อଘઌɺ௕ظอଘઌʣ w

    ෆཁͳϩά͕ͳ͍͔Ͳ͏͔ఆظతʹνΣοΫ͢Δ w Ϋϥ΢υଆͷϩάʢྫ4ɺ$MPVE'SPOUɺ&-#ͳͲʣ΋Ͱ͖Δ͚ͩ༗ޮԽ w ϩάΛऩूɺݕࡧͰ͖Δ4BB4ར༻΋ݕ౼͢Δ 49 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  18. 51.

    Ξοϓσʔτର৅ͷྫ w ΞϓϦέʔγϣϯʹґଘ͢ΔϥΠϒϥϦ w 04ɺ.Z42-ɺ3FEJTɺ/HJOYɺ'MVFOUEͳͲͷϛυϧ΢ΣΞɺ֤छύοέʔδ w ϞχλϦϯάͳͲৗ࣌ىಈ͍ͯ͠ΔΤʔδΣϯτιϑτ΢ΣΞ w ,VCFSOFUFTΫϥελɺ)FMNνϟʔτ w

    5FSSBGPSNɺϞδϡʔϧ ੬ऑੑ͸ఆظతʹൃݟ͞Εमਖ਼͞ΕΔɻ͍ͣΕ΋ࣗಈԽ͠ͳ͍ͱ์ஔ͞Ε͕ͪɻ ࣗಈԽ͕ࠔ೉ͳ৔߹ɺఆظతͳΞοϓσʔτͷ࢓૊Έ࡞Γ͕େࣄɻ 51 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  19. 55.

    ϙετϞʔςϜ w ো֐΍໰୊͕ൃੜͨ͠ࡍʹࣄ৅΍ରԠΛه࿥͢Δɻ w ηΩϡϦςΟʹݶఆͨ͠΋ͷͰ͸ͳ͍ɻ w αʔϏε΁ͷӨڹͷ༗ແʹؔΘΒͣɺੵۃతʹ࡞੒͢Δɻ w ϙετϞʔςϜͷ࡞੒ऀΛশࢍ͢ΔจԽΛ࡞Δɻ w

    ઈରʹ੹ΊͨΓɺ൷൑͠ͳ͍ɻ 43&Ҏ֎ʢͰ͖Δ্͚ͩͷ໾৬ͷਓ͕Α͍ʣ΋ר͖ࠐΜͰɺఆظతʹ ϙετϞʔςϜΛৼΓฦΓɺվળΛଓ͚Δ͜ͱ͕ཧ૝ɻ 55 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  20. 59.

    59 "848FMM"SDIJUFDUFE'SBNFXPSL ͭͷப w ӡ༻্ͷ༏लੑ w ηΩϡϦςΟ w ৴པੑ w

    ύϑΥʔϚϯεޮ཰ w ίετ࠷దԽ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  21. 61.

    61 ΞΠσϯςΟςΟ؅ཧͱΞΫηε؅ཧ w 4&$ೝূ৘ใͱೝূΛͲͷΑ͏ʹ؅ཧ͍ͯ͠·͔͢  w 4&$ਓҝతͳΞΫηεΛͲͷΑ͏ʹ੍ޚ͍ͯ͠·͔͢  w 4&$ϓϩάϥϜʹΑΔΞΫηεΛͲͷΑ͏ʹ੍ޚ͍ͯ͠·͔͢

     ൃݟత౷੍ w 4&$ηΩϡϦςΟΠϕϯτΛͲͷΑ͏ʹݕग़͠ɺௐ͍ࠪͯ͠·͔͢ʁ w 4&$৽͍͠ηΩϡϦςΟڴҖʹରͯ͠ͲͷΑ͏ʹ๷ޚ͍ͯ͠·͔͢  w Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  22. 62.

    62 ΠϯϑϥετϥΫνϟอޢ w 4&$ωοτϫʔΫΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  w 4&$ίϯϐϡʔςΟϯάϦιʔεΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  σʔλอޢ w

    4&$σʔλΛͲͷΑ͏ʹ෼ྨ͍ͯ͠·͔͢  w 4&$อ؅தͷσʔλΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  w 4&$఻ૹதͷσʔλΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  ΠϯγσϯτରԠ w 4&$ηΩϡϦςΟΠϯγσϯτʹͲͷΑ͏ʹରԠ͍ͯ͠·͔͢ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  23. 68.

    *". w ιʔεϨϙδτϦ಺ʹΞΫηεΩʔɺγʔΫϨοτΩʔΛอ࣋͠ͳ͍ɻ w Ϛωʔδϝϯτίϯιʔϧ΁ϩάΠϯͰ͖Δ*".Ϣʔβʔ͸.'"Λઃఆ͢Δɻ w ୀ৬ऀҟಈऀͳͲར༻͠ͳ͘ͳͬͨ*".ϢʔβʔΞΫηεΩʔ͸࡟আ͢Δɻ w ϧʔτϢʔβʔʹ.'"Λઃఆ͢Δɻ w

    ΞΫηεΩʔɺγʔΫϨοτΩʔΛڞ༗͠ͳ͍ɻ w ֎෦αʔϏεʹΞΫηεΩʔɺγʔΫϨοτΩʔΛઃఆ͠ͳ͍ɻ w "84ΞΧ΢ϯτΛ؀ڥ͝ͱʹ෼͚Δɻ w εΠονϩʔϧ͢Δ৔߹͸.'"Λඞਢͱ͢Δɻ 68 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  24. 73.
  25. 74.