Upgrade to Pro — share decks privately, control downloads, hide ads and more …

セキュリティ担当者から見た re:Invent と AWS Security Hub / Impression of re:Invent and AWS Security Hub

Hokuto Hoshi
December 20, 2018

セキュリティ担当者から見た re:Invent と AWS Security Hub / Impression of re:Invent and AWS Security Hub

Hokuto Hoshi

December 20, 2018
Tweet

More Decks by Hokuto Hoshi

Other Decks in Technology

Transcript

  1. ηΩϡϦςΟ୲౰ऀ͔Βݟͨ
    re:Invent ͱ AWS Security Hub
    Hokuto Hoshi
    Head of Infrastructure, Cookpad Inc.
    [email protected]

    View Slide

  2. ੕ ๺ే (΄͠ ΄͘ͱ) / @kani_b
    • ΫοΫύουגࣜձࣾ

    ΠϯϑϥετϥΫνϟʔ෦ ෦௕

    ݉ ίʔϙϨʔτΤϯδχΞϦϯά෦

    ݉ ؂ࠪҕһձ ؂ࠪิॿऀ
    • SRE, ηΩϡϦςΟΤϯδχΞ
    • AWS ೝఆ SA, DevOps ΤϯδχΞ (Professional)
    • AWS ར༻ྺ͸8೥͘Β͍

    View Slide

  3. https://kanny.me/

    View Slide

  4. ΠϯϑϥετϥΫνϟʔ෦
    • શαʔϏε͕ར༻͢ΔΠϯϑϥ؀ڥͮ͘Γ
    • SRE (Site Reliability Engineering) άϧʔϓ
    • σʔλج൫άϧʔϓ
    • ηΩϡϦςΟάϧʔϓ

    View Slide

  5. ηΩϡϦςΟάϧʔϓ
    • 3໊
    • αʔϏε΍ࣾ಺γεςϜͳͲձࣾʹ͓͚Δ͋ΒΏΔ৘ใηΩϡϦ
    ςΟରࡦ΍ͦͷӡ༻ʹैࣄ
    • γεςϜͷઃܭ΍ߏஙɺ࣮ࡍͷӡ༻·Ͱߦ͏

    View Slide

  6. Full-AWS since 2011
    ~1,400 EC2 instances
    200+ ECS Services
    Over 3 regions 15,000+ requests/sec

    View Slide

  7. re:Invent ͱࣗ෼
    • 2013೥͔Βຖ೥ࢀՃ
    • 2012೥͸·ֶͩੜόΠτͩͬͨ
    • 2017Ͱొஃ
    • ػցֶशϫʔΫϩʔυΛίϯςφͰ࣮ߦ͢Δ࿩
    • ࠓ೥Ͱ6ճ໨
    • ϥεϕΨε͸7ճ໨

    View Slide

  8. ΫοΫύουͱ re:Invent
    • 2012೥͔Βຖ೥ෳ਺໊ࢀՃ
    • ΠϯϑϥܥͰ͸ͳ͘αʔϏε։ൃऀͷࢀՃऀΛ૿΍͍ͯ͠Δ
    • ࠓ೥͸ࢀՃऀͷ8ׂҎ্

    View Slide

  9. ηΩϡϦςΟܥηογϣϯ, ϫʔΫγϣοϓ
    • ຖ೥͕ͩେྔ
    • ΑΓߴ౓ͳτϐοΫʹߦ͘΄Ͳ “ίʔυΛॻ͍ͯࣗ෼ͨͪͰ࡞͍ͬͯ͘” ΋ͷ͕ଟ͍
    • AWS ηΩϡϦςΟαʔϏεͷ঺հ͚ͩͰͳ͘ AWS αʔϏεΛ࢖ͬͯΑΓྑ͍ηΩϡϦςΟγ
    εςϜΛͭ͘Δ
    • ࣗ෼ͷ෼໺Ҏ֎ͷϫʔΫγϣοϓͳͲʹग़͍ͯΔΤϯδχΞ΋ଟ͍
    • ηΩϡϦςΟΤϯδχΞ͕ DynamoDB ઃܭͷϫʔΫγϣοϓʹग़͍ͯΔͳͲ
    • εϥΠυ΍ಈը͸ެ։͞Ε͍ͯ·͢

    View Slide

  10. Security Jam
    • AWS ্ͰηΩϡϦςΟରࡦ΍ΠϯγσϯτϨεϙϯεΛମݧͯ͠
    ͍͘Πϕϯτ
    • ָͦ͠͏ͳͷʹຖճ GameDay ͱඃͬͯ͠·͍

    ࢀՃͰ͖͍ͯͳ͍… (ಉ྅ᐌָ͔ͬͨ͘͠ͱͷ͜ͱ)
    • ೔ຊͰ΍Δ͔ GameDay ͱ࣌ؒΛͣΒ͍ͯͩ͘͠͞!!!

    View Slide

  11. Expo
    • ηΩϡϦςΟ੡඼ͷϓϩόΠμ͸೥ʑ૿Ճ͍ͯ͠Δ
    • ࠓ೥͸ίϯςφηΩϡϦςΟ͕ଟ͔ͬͨҹ৅
    • SIEM, ΠϕϯτϚωδϝϯτͳͲ΋

    View Slide

  12. ࠓ೥ͷൃද
    • ͍Ζ͍Ζ͋Γ·ͨ͠Ͷ
    • ML, IoT, Robot ͳͲ΋͋Γͭͭݎ࣮ͳྖҬʹ΋େྔϦϦʔε

    View Slide

  13. ൃද (ηΩϡϦςΟ)
    https://aws.amazon.com/jp/new/reinvent/

    View Slide

  14. ηΩϡϦςΟͷൃදগͳ͘ͳ͍ʁʁʁ
    • ௚઀ηΩϡϦςΟΛλʔήοτʹͨ͠΋ͷ͸͔֬ʹগͳ͍
    • ͕ɺηΩϡϦςΟγεςϜͷߏஙͳͲʹ࢖͑Δ΋ͷ͸ͨ͘͞Μ
    • “ηΩϡϦςΟ” λά͕͍ͭͨαʔϏε͚͕ͩ

    AWS ηΩϡϦςΟͰ͸ͳ͍

    View Slide

  15. https://speakerdeck.com/mizutani/security-log-search

    View Slide

  16. ηΩϡϦςΟγεςϜʹ࢖͑Δ or ࢖͑ͦ͏ͳ
    ϦϦʔεͱײ૝Λ঺հ (ݸਓͷݟղͰ͢)

    View Slide

  17. CloudWatch Logs Insights
    • CW Logs ͷϩάʹର͠ߜΓࠐΈ΍ूܭɺ෼ੳ͕Մೳʹ
    • JSON ͳͲʹ΋ରԠͰ͖Δ
    • ৽όοΫΤϯυʹΑΔര଎ݕࡧ
    • େྔͷϩάσʔλʹରͯ͠΋਺ഒҎ্଎͍ (࣮ࡍʹ࢖ͬͯ·͢)
    • γεςϜϩά΍ΞΫηεϩάͳͲͷετϨʔδͱͯ͠༗ྗީิʹ
    • ͨͩ͠Ձ֨͸ཁ֬ೝ

    View Slide

  18. S3 Object Lock
    • S3 Object ΛҰఆ or ແظݶͰ্ॻ͖/࡟আͰ͖ͳ͘ͳΔػೳ
    • ࠷ڧͷϞʔυͰ͸ root account Ͱ͢Β࡟আෆೳʹ
    • MFA Delete ʹ୅ΘΔબ୒ࢶʹͳΔ
    • ֤छॏཁϩάͷอ࣋ʹར༻Մೳ
    • ޡരʹ͸஫ҙ

    View Slide

  19. S3 Glacier ͷػೳڧԽ
    • ໊শมߋͱಉ࣌ʹ৭ʑग़ͨ
    • S3 Glacier ετϨʔδΫϥε΁ͷ௚ૹ
    • ΫϩεϦʔδϣϯϨϓϦέʔγϣϯͷ Glacier ରԠ
    • ෮ݩ௨஌ɺ෮ݩ଎౓Ξοϓ
    • S3 Glacier Deep Archive
    • ͔͞Έ͕ͪͳηΩϡϦςΟؔ࿈ϩάͷ௕ظόοΫΞοϓʹ࢖͑Δ
    • ΫοΫύουͰ΋ Lifecycle Ͱ Glacier ૹΓʹ͍ͯ͠·͢

    View Slide

  20. S3 Intelligent Tiering
    • S3 Standard ͱ Standard-IA (௿ස౓) ΛࣗಈͰߦ͖དྷͰ͖Δ
    • Athena ͳͲΛϩάݕࡧʹ࢖͍ͬͯΔέʔεͰ͸ศར
    • ϑϧεΩϟϯ͢Δͱҙຯ͕ͳ͘ͳΔͷͰϢʔεέʔε΍ઃܭ͕େࣄ

    View Slide

  21. KMS Custom Key Store
    • KMS ͷΩʔετΞͱͯ͠ CloudHSM ͕࢖͑ΔΑ͏ʹ
    • ߟ͑ΒΕΔ༻్
    • Ͳ͏ͯ͠΋ΩʔετΞΛ෼཭͢Δඞཁ͕͋Δ
    • KMS Λ௨ͯ͠Ͱͳ͘ CloudHSM ଆ͔Β௚઀伴ͷ؂ࠪΛ͍ͨ͠
    • զʑʹ͸ར༻༻్͕ͳ͍Ͱ͢…

    View Slide

  22. AWS Control Tower
    • લͷൃදͰઆ໌͕͋ͬͨͷͰجຊઆ໌͸লུ
    • େྔΞΧ΢ϯτΛ؅ཧ͢Δ؀ڥԼͰ͸͔ͳΓศརͦ͏
    • ΧδϡΞϧʹ AWS ΞΧ΢ϯτΛ࡞Γ΍͘͢ͳΔ

    View Slide

  23. AWS Security Hub
    • લͷൃදͰઆ໌͕͋ͬͨͷͰجຊઆ໌͸লུ
    • ΋͏গ͠۷ΓԼ͛ͯɺͲͷΑ͏ʹ׆༻͍͔ͨ͠Λ࿩͠·͢

    View Slide

  24. ηΩϡϦςΟγεςϜͷجຊํ਑
    • ༷ʑͳιϑτ΢ΣΞ΍αʔϏεΛηϯαʔͱͯ͠࢖͏
    • ηϯαʔ͔Βͷϩά΍ΞϥʔτΛू໿ͯ͠؅ཧ͢Δ
    • ͦΕͧΕͷ؅ཧίϯιʔϧʹϩάΠϯͯ͠…ͱ͍͏ͷ͸

    ࢖ΘΕͳ͍γεςϜΛੜΉ͚ͩͳͷͰ΍ΊΔ
    • ຊ౰ʹඞཁͳ൑அʹूதͰ͖Δ࢓૊ΈΛͭ͘Δ (ࣗಈԽ)

    View Slide

  25. ΞʔΩςΫνϟ֓ཁ ύʔτ෼͚

    ϩάϑΝΠϧઃஔͷ
    ΠϕϯτΛݕग़
    Lambda
    Lambda
    Lambda
    Kinesis
    Stream
    S3
    S3 Athena
    ϧʔϧΛ༻͍ͨ
    Ξϥʔτͷݕ஌
    Ξϥʔτͷൃใ
    ϩάͷม׵
    EC2
    Elasticsearch
    Service
    ߴ଎ͰΠϯλϥΫςΟϒͳ
    ୹ظతϩάͷݕࡧ
    ௕ظؒʹΘͨΔ
    ϩάͷݕࡧ
    GHE PagerDuty Slack
    Ξϥʔτͷൃใɾ؅ཧ
    Ξϥʔτͷௐࠪ
    EC2 instances
    ͦͷଞϓϩμΫτ
    Kinesis
    Stream
    Kinesis
    Stream
    ϩάऩूύʔτ ϩάॲཧύʔτ Ξϥʔτॲཧύʔτ
    CloudWatch Logs/
    Event, GuardDuty,
    CloudTrail

    View Slide

  26. ֓ཁ
    • ༷ʑͳϑΥʔϚοτͷϩά΍ΞϥʔτΛ S3 ʹऩू
    • AWS αʔϏεͱͯ͠͸ GuardDuty ͳͲΛར༻
    • ऩूͨ͠ϩάɾΞϥʔτΛਖ਼نԽͯ͠ Graylog / S3 ʹ౤ೖ
    • Ωϟονͨ͠Ξϥʔτ͸ਖ਼نԽͯ͠ GitHub (Enterprise) ʹىථ
    • ՄೳͳݶΓͷॳظௐࠪΛࣗಈͰߦ͏
    • PagerDuty, Slack ΁ͷൃใ΋ߦ͏

    View Slide

  27. ͞Βʹվળ͍ͨ͠ϙΠϯτ
    • Ξϥʔτͷਖ਼نԽ͕ͪΐͬͱେม (ࣗ෼ͨͪͰ࡞Δ)
    • ΞϥʔτࣗମͷूܭɺՄࢹԽ
    • ࣗಈԽΛߋʹਐΊΔ
    • ௐࠪɺରԠ
    • ௕ظతͳ෼ੳ

    View Slide

  28. Ξϥʔτਖ਼نԽ
    • ରԠ͍ͯ͠ΔαʔϏεͰ͋Ε͹ਖ਼نԽෆཁ
    • ଞγεςϜʹΞϥʔτΛॻ͖ࠐΈ͍ͨ৔߹΋ Security Hub ΛڬΉ͜ͱͰ
    ॲཧΛڞ௨ԽͰ͖Δ
    • Ξϥʔτʹ͍ͭͯ͸ “ͱΓ͋͑ͣ Security Hub ʹಥͬࠐΉ” ͜ͱ͕

    Ͱ͖ΔΑ͏ʹͳΔ
    • ࠓޙ৽نʹηΩϡϦςΟαʔϏε͕ग़͖ͯͯ΋ૉૣ͘౷߹Ͱ͖Δ

    View Slide

  29. Amazon Security Finding Format
    • ηΩϡϦςΟΞϥʔτʹٻΊΒΕͦ͏ͳ߲໨͸Ұ௨ΓΧόʔ
    • EC2 Πϯελϯε ͳͲ AWS ݻ༗ͷϑΟʔϧυ΋༻ҙ
    • ࠓͷஈ֊Ͱ͸ AWS ಺ϦιʔεΛओʹ૝ఆ͍ͯ͠ΔΑ͏ʹݟ͑Δ
    • ΋͏ͪΐͬͱ৭ʑͳϦιʔεʹରͯ͠࢖͑Δͱ͏Ε͍͠…
    • ৄࡉ͸ Security Hub ͷυΩϡϝϯτΛࢀর

    View Slide

  30. ूܭɺՄࢹԽ
    • Insights Ͱ͋Δఔ౓Մೳ
    • Findings ΛϑΟϧλͨ݁͠Ռ (Group by ͳͲ΋Մೳ)
    • άϥϑ΋ΧελϜͰ͖ͨΒخ͍͚͠Ͳɻɻ
    • ௕ظతʹոͦ͠͏ͳϦιʔεΛݟ͚ͭΔͷʹ΋༗ޮ

    View Slide

  31. ࣗಈԽ
    • CW Events ʹΠϕϯτΛૹ৴Ͱ͖Δ
    • Finding, Insights, Standards
    • Lambda function ΍ Step Function ΛݺͿ͜ͱ͕Ͱ͖Δ
    • ϩάऩूͱඥ෇͚, Ϩϐϡςʔγϣϯௐࠪ, ݕମௐࠪ, 

    Πϯελϯε΁ͷίϚϯυൃߦͳͲͳΜͰ΋͋Γ

    View Slide

  32. ͦͷଞͷྑ͍ػೳ
    • ϚϧνΞΧ΢ϯτରԠ
    • Control Tower Ͱ৽ن࡞੒࣌ʹશηΩϡϦςΟαʔϏε༗ޮԽ + Security Hub
    ΁ͷૹ৴͕Ͱ͖ΔΑ͏ʹͳΔͱ͏Ε͍͠
    • ηΩϡϦςΟඪ४ͷνΣοΫ
    • ࣮ମ͸ Config Rules ͷू߹ମ (ݱࡏ͸ CIS AWS foundation benchmark ͷΈ)
    • ͜Ε΋ΧελϜ͕࡞ΕΔͱྑ͍

    View Slide

  33. ͦͷଞ͜͏ͳͬͯ͘ΕΔͱخ͍͠
    • Findings ͦͷ΋ͷͷΞοϓσʔτ (ଐੑͷ௥ՃͳͲ)
    • ࣗಈԽʹΑΔௐࠪ݁ՌͳͲΛ෇Ճ͓͖͍ͯͨ͠ (ݱঢ়ςΩετͷΈ)
    • Πϕϯτ؅ཧπʔϧͱͷ࿈ܞ
    • ͋Δ͍͸ Security Hub ࣗ਎͕؅ཧπʔϧʹͳΔ
    • ୲౰ऀɺௐࠪঢ়گɺݟղɺetc
    • AWS WAF ࿈ܞ
    • Ξϥʔτ͕͔ͳΓଟ͘ͳΔ͸ͣͳͷͰɺͦͷ··දࣔ͸ͯ͠΄͘͠ͳ͍͕…

    View Slide

  34. ·ͱΊ

    View Slide

  35. ࠓճͷൃදʹ͍ͭͯ
    • ͙͢ʹ࢖͑Δ΋ͷ΋ଟ͘ྑ͔ͬͨͱࢥ͏
    • ηΩϡϦςΟʹ௚઀ϑΥʔΧεͨ͠΋ͷ͸ଟ͘͸ͳ͍͕ɺ

    ηΩϡϦςΟʹ׆͔͢͜ͱ͕Ͱ͖ΔαʔϏε΍ػೳ͕ग़͍ͯΔ
    • Control Tower, Security Hub ΋ੵۃతʹར༻͍ͨ͠

    View Slide

  36. ͜Ε͔Βͷ AWS ηΩϡϦςΟ
    • (طʹͦ͏ͳ͍ͬͯΔ͕) ಛఆͷαʔϏε΍ιϑτ΢ΣΞΛ

    ࢖͏͚ͩͰͳ͘ɺ޿͍ࢹ఺ͰηΩϡϦςΟγεςϜΛઃܭ࣮ͯ͠૷͢Δ
    • AWS ͕ఏڙ͍ͯ͠ΔύʔπʹΑͬͯ࡞Γ΍͍͢؀ڥ͸͋Δ
    • ͦ͏͍ͬͨ΋ͷ͕ఏڙ͞Ε͍ͯΔͱࢥ͏͠ɺ͍ͯͬͯ͠΄͍͠

    View Slide

  37. PR

    View Slide

  38. ࣍ੈ୅ͷηΩϡϦςΟ؀ڥΛҰॹʹͭ͘Δ

    ΤϯδχΞΛืू͍ͯ͠·͢
    https://cookpad.jobs/

    View Slide

  39. Fin.

    View Slide