networkctf

ੈքͷΤϯδχΞͱ ౉Γ߹͑ͨCTF উஉ(@katu7414) DMVTNBUPNF

ࣗݾ঺հ Network Automation https://github.com/Katsuya414 SR,Batfish,Ansible,PyATS,Genie JANOG43 LTͰॳొஃ NETCONओ࠵ऀ !LBUV !2
DMVTNBUPNF

ΞϝϦΧͰҰ൪ඒຯ͔ͬͨ͠൧ DMVTNBUPNF

CTFͬͯʁ $BQUVSF5IF'MBH ضऔΓήʔϜ ͷུ ຊདྷ͸৘ใηΩϡϦςΟͷٕज़Λڝ͏ڝٕͷ͜ͱ Ӆ͞Εͨ'MBHΛηΩϡϦςΟٕज़Λ༻͍ͯ ୳ͯ͠౴͑Λ୳͢ܗ͕ࣜଟ͍ ճ౴ऀ 'MBHͷૹ৴ ໰୊ͷμ΢ϯϩʔυ
ಘ఺ͷऔಘ DMVTNBUPNF

ࠓճ͸ηΩϡϦςΟͰ͸ͳ͘ ωοτϫʔΫ൛Ͱ͋ͬͨ Enterprise Networkingฤ DMVTNBUPNF

جຊతͳϧʔϧ(cisco live൛) ੍ݶ࣌ؒ಺ʹΑΓଟ͘ͷϙΠϯτΛऔͬͨํ͕উͪ νʔϜϝϯόʔҰਓ(ݸਓઓ) ݕࡧ͸Մ(Ͱ΋΄ͱΜͲ͢Δඞཁ͕ͳ͍΋ͷͩͬͨ) ڝٕதͷղ๏ͷڞ༗͸ېࢭ DMVTNBUPNF

ࠓճͷδϟϯϧ Secure Campus Access Secure Branches WAN Network assurance investigation
DMVTNBUPNF

ԿނΞϝϦΧͰϥʔϝϯΛ ৯΂ͨͷ͔ʁ DMVTNBUPNF

Ͱ͸͔͜͜Β4೔ؒͷܹಆͱ ϥʔϝϯʹ͍ͭͯ ࣌ܥྻॱͰ௥͍͖ͬͯ·͢ɻ DMVTNBUPNF

6/11 DMVTNBUPNF

Secure Campus Access ڌ఺ؒ௨৴ΛCisco DNA CenterΛ༻͍ͯߦͳͬ ͍ͯΔײ͡ͰͦͷτϥϒϧγϡʔςΟϯάͩͬ ͨɻ ϙʔτ13ͱ14͚ͩΛಠཱͤ͞ΔL2ͷΞʔΩςΫ νϟ͸ʁΈ͍ͨͳ໰୊͕Ұ൪༏͍͠
ACL͸೉͍͠ɻ͔ͳΓ͕͔͔࣌ؒͬͨ DMVTNBUPNF

ॳ೔Ґ ϙΠϯτ DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ӳޠແཧ ೔ຊޠͳΒഒͷ఺਺͸Ք͛ͯͨ ΞϝϦΧͷ෺Ձߴ͍ ϝΩγίྉཧ͏·͍ ΞϝϦΧͷϥʔϝϯ͸ϩʔΧϧϑʔυͱฉ͍ͨ DMVTNBUPNF

6/12 DMVTNBUPNF

ಘ఺Λ໿ഒʹ͚ͨ͠ͲॱҐ͸ͭԼ͛ͯҐ 4FDVSF$BNQVT"DDFTTΛ ղ͖ଓ͚͍ͯͨ ன͔Β͸4FHNFOU3PVUJOHͷ࿩Λฉ͖ʹߦͬͯͨ

SP VIP Customer Reception DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ઈରʹ30ҐҎ಺ʹϥϯΫΠϯ͍ͨ͠ ϝΩγίྉཧඒຯ͍͠ ϥʔϝϯ৯΂͍ͨ ΠϯυਓͱӳޠͰίϛϡχέʔγϣϯऔΔͷ ೉͍͠ DMVTNBUPNF

6/13 DMVTNBUPNF

Secure Branches WAN DMVTNBUPNF

WANͷ໰୊ • ෳ਺ͷωοτϫʔΫػث͕͋ͬͯͦΕΒΛCisco DNA CenterͰߏங͍ͯ͘͠ɻ • GUI͔Βղܾ͢Δ໰୊͕΄ͱΜͲ • ෳ਺ͷػث͔Β·ͱΊͯshowͰ৘ใͱͬͯղ͘໰ ୊΍GUIͷάϥϑ͔ΒಡΈऔΔ໰୊
• গ͠؆୯ͩͬͨؾ͕͢Δ DMVTNBUPNF

ϥζϖϦʔύΠ3ͷηοτ΋Βͬͨ ݱࡏ31Ґ DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ໌೔ͷனϥʔϝϯ৯΂ʹߦ͜͏ 31Ґ͸չ͍͠չ͗͢͠Δ ϥΠϒ͛͢ʙ ͦ͏͍͑͹͜ͷग़ுCTF͔ͯ͠͠ͳ͍͕͍͍ ͷ͔ʁ(࢒ΓҰ೔) DMVTNBUPNF

6/14 DMVTNBUPNF

Network assurance investigation DMVTNBUPNF

ແઢܥͷτϥϒϧ τϥϑΟοΫ෼ੳΛͯ͠ѱ͍͜ͱͯͦ͠͏ͳϢʔ βʔΛݟ͚ͭͨΓɺ࣭ͷ޲্Λ͢Δɻ GUIଟΊ WLCͳͲͷίϯτϩʔϥʔܥ΍DNA Centerͷ໰୊ DMVTNBUPNF

DMVTNBUPNF

ӳޠͰΠϯλϏϡʔΛ ड͚Δ DMVTNBUPNF

15Ґ DMVTNBUPNF

উརͷϥʔϝϯ(13υϧ) DMVTNBUPNF

τʔλϧͷײ૝ ೖࣾҎ߱࠷ߴͷ࢓ࣄͰ͋ͬͨͱ͍͏͜ͱ Cisco͸ͲΜͲΜιϑτ΢ΣΞʹྗΛೖΕ͍ͯ͜͏ͱ͍͏ งғؾΛ͘͢͝ײͨ͡ ωοτϫʔΫͷCTF͋ΓͳͷͰࠃ಺Ͱ΍Δͧ ·ͨϥʔϝϯ৯΂ʹ͍͜͏ ӳޠͷΠϯλϏϡʔΛड͚Δ४උΛ͔ͯ͠Βߦ͜͏ DMVTNBUPNF

networkctf

networkctf

KATSUYA

More Decks by KATSUYA

Other Decks in Technology

Featured

Transcript

ੈքͷΤϯδχΞͱ ౉Γ߹͑ͨCTF উஉ(@katu7414) DMVTNBUPNF

ࣗݾ঺հ Network Automation https://github.com/Katsuya414 SR,Batfish,Ansible,PyATS,Genie JANOG43 LTͰॳొஃ NETCONओ࠵ऀ !LBUV !2

ΞϝϦΧͰҰ൪ඒຯ͔ͬͨ͠൧ DMVTNBUPNF

CTFͬͯʁ $BQUVSF5IF'MBH ضऔΓήʔϜ ͷུ ຊདྷ͸৘ใηΩϡϦςΟͷٕज़Λڝ͏ڝٕͷ͜ͱ Ӆ͞Εͨ'MBHΛηΩϡϦςΟٕज़Λ༻͍ͯ ୳ͯ͠౴͑Λ୳͢ܗ͕ࣜଟ͍ ճ౴ऀ 'MBHͷૹ৴ ໰୊ͷμ΢ϯϩʔυ

ࠓճ͸ηΩϡϦςΟͰ͸ͳ͘ ωοτϫʔΫ൛Ͱ͋ͬͨ Enterprise Networkingฤ DMVTNBUPNF

جຊతͳϧʔϧ(cisco live൛) ੍ݶ࣌ؒ಺ʹΑΓଟ͘ͷϙΠϯτΛऔͬͨํ͕উͪ νʔϜϝϯόʔҰਓ(ݸਓઓ) ݕࡧ͸Մ(Ͱ΋΄ͱΜͲ͢Δඞཁ͕ͳ͍΋ͷͩͬͨ) ڝٕதͷղ๏ͷڞ༗͸ېࢭ DMVTNBUPNF

ࠓճͷδϟϯϧ Secure Campus Access Secure Branches WAN Network assurance investigation

ԿނΞϝϦΧͰϥʔϝϯΛ ৯΂ͨͷ͔ʁ DMVTNBUPNF

Ͱ͸͔͜͜Β4೔ؒͷܹಆͱ ϥʔϝϯʹ͍ͭͯ ࣌ܥྻॱͰ௥͍͖ͬͯ·͢ɻ DMVTNBUPNF

6/11 DMVTNBUPNF

Secure Campus Access ڌ఺ؒ௨৴ΛCisco DNA CenterΛ༻͍ͯߦͳͬ ͍ͯΔײ͡ͰͦͷτϥϒϧγϡʔςΟϯάͩͬ ͨɻ ϙʔτ13ͱ14͚ͩΛಠཱͤ͞ΔL2ͷΞʔΩςΫ νϟ͸ʁΈ͍ͨͳ໰୊͕Ұ൪༏͍͠

ॳ೔Ґ ϙΠϯτ DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ӳޠແཧ ೔ຊޠͳΒഒͷ఺਺͸Ք͛ͯͨ ΞϝϦΧͷ෺Ձߴ͍ ϝΩγίྉཧ͏·͍ ΞϝϦΧͷϥʔϝϯ͸ϩʔΧϧϑʔυͱฉ͍ͨ DMVTNBUPNF

6/12 DMVTNBUPNF

ಘ఺Λ໿ഒʹ͚ͨ͠ͲॱҐ͸ͭԼ͛ͯҐ 4FDVSF$BNQVT"DDFTTΛ ղ͖ଓ͚͍ͯͨ ன͔Β͸4FHNFOU3PVUJOHͷ࿩Λฉ͖ʹߦͬͯͨ

SP VIP Customer Reception DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ઈରʹ30ҐҎ಺ʹϥϯΫΠϯ͍ͨ͠ ϝΩγίྉཧඒຯ͍͠ ϥʔϝϯ৯΂͍ͨ ΠϯυਓͱӳޠͰίϛϡχέʔγϣϯऔΔͷ ೉͍͠ DMVTNBUPNF

6/13 DMVTNBUPNF

Secure Branches WAN DMVTNBUPNF

WANͷ໰୊ • ෳ਺ͷωοτϫʔΫػث͕͋ͬͯͦΕΒΛCisco DNA CenterͰߏங͍ͯ͘͠ɻ • GUI͔Βղܾ͢Δ໰୊͕΄ͱΜͲ • ෳ਺ͷػث͔Β·ͱΊͯshowͰ৘ใͱͬͯղ͘໰ ୊΍GUIͷάϥϑ͔ΒಡΈऔΔ໰୊

ϥζϖϦʔύΠ3ͷηοτ΋Βͬͨ ݱࡏ31Ґ DMVTNBUPNF

͜ͷ࣌఺Ͱͷײ૝ ໌೔ͷனϥʔϝϯ৯΂ʹߦ͜͏ 31Ґ͸չ͍͠չ͗͢͠Δ ϥΠϒ͛͢ʙ ͦ͏͍͑͹͜ͷग़ுCTF͔ͯ͠͠ͳ͍͕͍͍ ͷ͔ʁ(࢒ΓҰ೔) DMVTNBUPNF

6/14 DMVTNBUPNF

Network assurance investigation DMVTNBUPNF

ແઢܥͷτϥϒϧ τϥϑΟοΫ෼ੳΛͯ͠ѱ͍͜ͱͯͦ͠͏ͳϢʔ βʔΛݟ͚ͭͨΓɺ࣭ͷ޲্Λ͢Δɻ GUIଟΊ WLCͳͲͷίϯτϩʔϥʔܥ΍DNA Centerͷ໰୊ DMVTNBUPNF

DMVTNBUPNF

DMVTNBUPNF

ӳޠͰΠϯλϏϡʔΛ ड͚Δ DMVTNBUPNF

15Ґ DMVTNBUPNF

উརͷϥʔϝϯ(13υϧ) DMVTNBUPNF

τʔλϧͷײ૝ ೖࣾҎ߱࠷ߴͷ࢓ࣄͰ͋ͬͨͱ͍͏͜ͱ Cisco͸ͲΜͲΜιϑτ΢ΣΞʹྗΛೖΕ͍ͯ͜͏ͱ͍͏ งғؾΛ͘͢͝ײͨ͡ ωοτϫʔΫͷCTF͋ΓͳͷͰࠃ಺Ͱ΍Δͧ ·ͨϥʔϝϯ৯΂ʹ͍͜͏ ӳޠͷΠϯλϏϡʔΛड͚Δ४උΛ͔ͯ͠Βߦ͜͏ DMVTNBUPNF