Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ユーザー企業における情報システムとセキュリティ #seccamp2019

ユーザー企業における情報システムとセキュリティ #seccamp2019

ユーザー企業ではユーザーとビジネスを守る(Protect)ため、様々なリスク管理を実施しています。それ自体の変化はありませんが、業務システムやサービスをホスティングする環境が多様化するかたわら、新しいリスクが生まれてきているのも事実です。 本講義では、ビジネスを継続成長させていく中で、経営的なお話、新しいセキュリティの概念「ゼロトラスト」、サイバーセキュリティフレームワークなどをまじえて、どのようにユーザー企業内でのセキュリティ体制を構築・運用していくか学んでいきます。最終的なゴールはユーザー企業にセキュリティ担当で入った場合の動き方をイメージできるようになっていることを目標にします。

406ea2cac59924cedae4629c3c6c84fb?s=128

Kengo Suzuki

August 16, 2019
Tweet

Transcript

  1. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - શମ૾ฤ 2019/08/10 By @ken5scal

  2. ࣗݾ঺հ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰

    - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ
  3. ͋Δ೔…

  4. օ༷ͱ໨ઢ߹Θͤ

  5. - Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” -

    Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM
  6. - Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” -

    Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM
  7. ੈͷத͕มΘΔͱ͸ʁ

  8. None
  9. ͱ͍͏͜ͱͰ͸ͳ͘ ʢݸਓͷҙݟͰ͢ʣ

  10. ৽͍͠Ձ஋Λ૑ग़͢Δ͜ͱ

  11. - ੈքతྲྀΕ - ୈ4࣍࢈ۀֵ໋ٕज़ - ࠃ಺ͷྲྀΕ - Connected Industry -

    Society 5.0 ৽͍͠Ձ஋ͷ૑ग़ͷྲྀΕ
  12. ୈ̐࣍࢈ۀֵ໋ IUUQTXXXCSJUBOOJDBDPNUPQJD5IF'PVSUI*OEVTUSJBM3FWPMVUJPO

  13. - ࣮ੈքʢϑΟδΧϧۭؒʣʹ͋Δଟ༷ ͳσʔλΛηϯαʔωοτϫʔΫ౳Ͱ ऩू͠ɺαΠόʔۭؒͰେن໛σʔλ ॲཧٕज़౳Λۦ࢖ͯ͠෼ੳʗ஌ࣝԽΛ ߦ͍ɺͦ͜Ͱ૑ग़ͨ͠৘ใʗՁ஋ CPS IUUQTXXXKFJUBPSKQDQTBCPVU

  14. - “զ͕ࠃ͸ɺ੡଄ۀΛ௒͑ͯɺϞϊͱϞ ϊɺਓͱػցɾγ εςϜɺਓͱٕज़ɺҟͳΔ࢈ۀʹଐ͢Δاۀͱاۀɺੈ ୅Λ௒ ͑ͨਓͱਓɺ੡଄ऀͱফඅऀͳͲɺ༷ʑͳ΋ͷΛ ͭͳ͛Δ”࢈ۀࣾձ Connected Industries

  15. Connected Industries in ۚ༥ ۚ༥ிϑΟϯςοΫ͸ڞ௨Ձ஋Λ૑଄Ͱ͖Δ͔

  16. νϟοτ(LINE) X ূ݊ձࣾ(FOLIO) ʲ-*/&'JOBODJBMʳ-*/&'JOBODJBMͱ'0-*0ɺʮ-*/&εϚʔτ౤ࢿʯΛຊ೔͔Βఏڙ։࢝

  17. IUUQTOFXTQJDLTDPNOFXT

  18. - ௒εϚʔτࣾձ - ʮඞཁͳ΋ͷɾαʔϏεΛɺඞཁͳਓʹɺඞཁͳ࣌ʹɺඞཁͳ͚ͩఏڙ͠ɺࣾձͷ༷ʑ ͳχʔζʹ͖Ίࡉ͔͘ରԠͰ͖ɺ͋ΒΏΔਓ͕࣭ͷߴ͍αʔϏεΛड͚ΒΕɺ೥ྸɺੑ ผɺ஍Ҭɺݴޠͱ͍༷ͬͨʑͳҧ͍Λ৐Γӽ͑ɺ׆͖׆͖ͱշదʹ฻Β͢͜ͱ͕Ͱ͖ Δʯࣾձ - ํ޲ੑ -

    ʮ৽ͨͳ֗ʯͮ͘ΓͷࡏΓํͦͷ΋ͷͷݟ௚͠ - γΣΞϦϯάΤίϊϛʔͷਪਐ - FinTechͷ׆༻ਪਐ Society 5.0 IUUQXXXTPVNVHPKQKPIPUTVTJOUPLFJXIJUFQBQFSKBIQEGOQEG IUUQTXXXNFUJHPKQQSFTTQEG
  19. - ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ - ΑΓੜ׆ʹີணͨ͠࿈ܞʹͳΓɺαΠόʔۭؒͱϑΟδΧϧۭ͕ؒ݁߹͖ͯͨ͠ - ෼໺ - ϔϧεέΞ - Ҡಈʢ෺ྲྀɾҠಈʣ

    - αϓϥΠνΣʔϯ - ۚ༥ ʢ·ͱΊʣ৽͍͠Ձ஋͸Ͳ͜Ͱੜ·Ε͍ͯΔ͔ʁ
  20. ৽͍͠Ձ஋ͱϦεΫ

  21. - ΞϝϦΧͰϑΟϯςοΫ౤ࢿͷओͨΔྖҬ͸༥ࢿͱܾࡁ - ༥ࢿɿ68ԯυϧ - ܾࡁ: 19ԯυϧ ৽͍͠Ձ஋ͷܦࡁن໛ IUUQTXXXDBPHPKQLFJ[BJOLO@@IUN

  22. ࢢ৔ΛऔΓʹߦ͘ᗐ྽ͳ૪͍

  23. Typical concern about platform markets is that people will coordinate

    on a “dominant” platform. IUUQTXFCTUBOGPSEFEVdKEMFWJO&DPO-FDUVSF&DPOPNJDTPG1MBUGPSNTQQUY
  24. ݁Ռ

  25. https://piyolog.hatenadiary.jp/entry/2019/06/07/063000 IUUQTQJZPMPHIBUFOBEJBSZKQFOUSZ

  26. https://headlines.yahoo.co.jp/hl?a=20190716-00000136-kyodonews-bus_all IUUQTIFBEMJOFTZBIPPDPKQIM BLZPEPOFXTCVT@BMM

  27. IUUQTLPOEFJIBUFCMPKQFOUSZ

  28. None
  29. IUUQXXXJUSFTFBSDIBSUCJ[ Q

  30. - ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFTBOHZP@DZCFSXH@TFJEPXH@CVOZBPEBOEBJOJTPQEG@@QEG

  31. - 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ

    - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ
  32. - 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ

    - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ ݦࡏԽ·Ͱͷεϐʔυ૿Ճ
  33. IUUQTXXXFOJTBFVSPQBFVQVCMJDBUJPOTFOJTBUISFBUMBOETDBQFSFQPSU IUUQTXXXJQBHPKQTFDVSJUZWVMOUISFBUTIUNM ৽͍͠Ձ஋ͱมԽ͢ΔڴҖ

  34. Ձ஋͕มԽ͢ΔʹͭΕ ϦεΫ͕৽͘͠ੜ·ΕΔɹor ϦεΫͷେ͖͕͞มԽ͢Δ

  35. ੈͷதΛม͑ͳ͕Β ͖ͪΜͱӡ༻͍ͯ͘͠ͱ͸ʁ

  36. ᶃΠϊϕʔγϣϯΛ࠷଎Խͭͭ͠ ᶄՁ஋Λ࠷େԽͭͭ͠ɺ ᶅϦεΫΛ࠷খԽ͢ΔࢪࡦΛ࣮ߦ͢Δ

  37. ࠓ೔ͷΰʔϧ

  38. - ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧ

  39. ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰

    - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ
  40. - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ -

    2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ ূ݊ۀքͷཱ৔͔Βɺ Ͳ͏ελʔτΞοϓͰʮͪΌΜͱӡ༻͢Δʯ͔ ͓࿩͍͖ͤͯͨͩ͞·͢ɻ
  41. - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: - NRIηΩϡΞ

    ূ݊ձࣾ޲͚MSS - 2014: Money Forward - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIOʢݱ৬ʣ - ূ݊ܥFintechελʔτΞοϓ ٕज़ॻయͳͲͰಉਓࢽग़ͯ͠·͢
  42. ΑΖ͓͘͠ئ͍͠·͢

  43. - 3ࣾʹ7೥΄Ͳ͔͍ͨ͜͠ͱ͕ͳ͍ - Fintechɾۚ༥ͷதͰ΋ɺ2छ΄Ͳ͔͠ܦݧͳ͠ - ͕ͨͬͯ͠ɺҰൠతͳ಺༰ͱ͸ݴ͍೉͍ ஫ҙ

  44. - ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧʢ࠶ܝʣ

  45. ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  46. ๏ྩɾج४ɾࢦ਑ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  47. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  48. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  49. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ 43&νʔϜ͕ओʹ୲౰͕ͪ͠

  50. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢՄ༻ੑʣ ઓུʢ׬શੑʣ ϓϩμΫτνʔϜ͕ओʹ୲౰͕ͪ͠

  51. ઃܭ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  52. ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  53. ๏ྩɾج४

  54. ๏ྩɾج४ ๏ྩɾج४ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  55. - ๏ྩ: - ٞձ੍͕ఆ͢Δ๏نൣʢ๏཯ʣ + ߦ੓ػ੍͕ؔఆ͢Δ๏نൣʢ໋ྩʣ - ๏త߆ଋྗ͸͋Δ - ج४:

    - ࠷௿ݶຬͨ͢΂͖ϧʔϧ - ९कΛਪ঑͞ΕΔʮΨΠυϥΠϯʯ΍ʮࢦ਑ʯ΋ؚ·ΕΔ͜ͱ͕͋Δ - ๏త߆ଋྗ͸ͳ͍ʢ͋Δʣ - ͜ΕΛຬͨͯ͠ͳ͍ͱ͖ʹɺى͜Γ͏Δ͜ͱ͸… ๏ྩɾΨΠυϥΠϯͱ͸ IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ
  56. - ਉຽͷ޾෱Λ૿ਐ͢ΔͨΊ - ެڞͷ҆ೡடংΛอ࣋͢ΔͨΊ ๏ྩɾΨΠυϥΠϯͷ໨త IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ

  57. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ
  58. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ
  59. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ
  60. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ
  61. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ
  62. ९क͞Εͳ͍ͱ…?

  63. ɹߦ੓ॲ෼

  64. ߦ੓ॲ෼ྫ

  65. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc

    - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ
  66. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc

    - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ ☓ߦ੓ॲ෼Λ͏͚ͳ͍ͨΊͷରԠ ˓ϢʔβʔͷอޢͱՁ஋ͷఏڙΛܧଓ͢ΔͨΊͷରԠ
  67. ۚ༥঎඼औҾۀऀ౳޲͚ͷ ૯߹తͳ؂ಜࢦ਑

  68. - “ۀ຿ͷ݈શ͔ͭద੾ͳӡӦΛ֬อ” - “༗Ձূ݊ͷൃߦٴͼۚ༥঎඼౳ͷऔҾ౳Λެਖ਼” - “༗Ձূ݊ͷྲྀ௨Λԁ׈ʹ͢Δ” - “ۚ༥঎඼౳ͷެਖ਼ͳՁ֨ܗ੒౳ΛਤΓ” - “ࠃຽܦࡁͷ݈શͳൃలٴͼ౤ࢿऀͷอޢʹࢿ͢Δ͜ͱ”

    ؂ಜࢦ਑ͷ໨త
  69. - ۚ༥௕ͷݕࠪ෦ہʹΑΔΦϯαΠτݕࠪ - ͦͷใࠂॻͷ݁ՌɺώΞϦϯάɺվળɾରԠࡦͷ࣮ࢪঢ়گɺࢦఠࣄ߲ͷվળঢ়گͳ Ͳ͔Βɺূ݊औҾ౳؂ࢹҕһձΑΓקࠂ to ۚ༥ி؂ࠪ෦ہ - ۚ༥ிઃஔใ20্ୈ߲̍ -

    ؂ࠪ෦ہ͸ͦͷ಺༰Λݕ౼ͯ͠ߦ੓ॲ෼ͷݕ౼ - ۚ঎๏ୈ56৚ͷ̎ୈ߲̍ - ۚ঎๏ୈ51৚~52৚ͷ̎ - ݕ౼࣌͸ʮຊ؂ಜࢦ਑ʹܝ͛ͨධՁ߲໨౳ʹরΒͯ͠ʯݕ౼͠ɺ಺༰Λܾఆ ߦ੓ॲ෼͸؂ಜࢦ਑ͷධՁ߲໨Λιʔεͱ͢Δ IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM
  70. ධՁ߲໨ https://www.fsa.go.jp/common/law/guide/kinyushohin/

  71. αΠόʔηΩϡϦςΟͷจ຺Ͱ཈͑Δ΂͖Օॴ https://www.fsa.go.jp/common/law/guide/kinyushohin/

  72. - ސ٬৘ใʹ͍ͭͯɺҎԼͷ९कΛٻΊΒΕ͍ͯΔ - ݸਓ৘ใอޢ๏ - ݸਓ৘ใͷอޢʹؔ͢Δ๏཯ʹ͍ͭͯͷΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ·ͨɺΠϯαΠμʔऔҾ౳ͷෆެਖ਼ͳऔҾ๷ࢭ΋ٻΊΒ

    Ε͍ͯΔ III-2-4 ސ٬౳ʹؔ͢Δ৘ใ؅ཧ IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG
  73. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  74. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  75. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  76. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  77. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  78. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  79. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  80. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html
  81. ઓུ

  82. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  83. Cybersecurity Framework(CSF) - NIST: ถࠃཱඪ४ٕज़ݚڀॴ - AESͳͲ҉߸ٕज़ͷબఆͱඪ४ԽͳͲ - ॏཁΠϯϑϥΛѻ͏اۀɾ૊৫ͷαΠόʔϦ εΫͷ؅ཧΛࢧԉ͢ΔͨΊͷɺϦεΫϕʔ

    εɾΞϓϩʔνʹجͮ͘൚༻తͳFW - ̏ཁૉ͔Β੒Γཱͭ - CoreɺTierɺProfile IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG
  84. ͳͥϦεΫϕʔε͕ॏཁͳͷ͔ ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ɾղઆॻʢୈ൛ʣ - ”Ϋϥ΢υαʔϏε΍FinTechاۀ౳ͱ࿈ܞͨۚ͠༥ؔ࿈αʔ Ϗεͷར༻͕޿͕ΓΛΈͤΔͳͲɺଟ༷Խ͖͍ͯͯ͠Δ” - “ଟ༷Խ͢ΔʢதུʣγεςϜʹ͓͍ͯ(ैདྷͷج४Ͱ͸)৽ن ։ൃ΁ͷ౤ࢿ͕཈੍͞ΕΔ౳ɺܦӦࢿݯ͕ద੾ʹ഑෼͞Εͳ ͍ͱ͍ͬͨݒ೦͕ੜ͡ɺʢதུʣϦεΫθϩΛ௥ٻ͢Δ͜ͱ ͸ඞͣ͠΋߹ཧతͰ͸ͳ͍”

  85. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  86. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͭͷػೳ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  87. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͷΧςΰϦʔ ʢͱαϒΧςΰϦʔʣ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  88. Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  89. Tier

  90. Profile

  91. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  92. - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations:

    Enhanced Security Requirements for Critical Programs and High Value Assets - APT͔Βॏཁͳࢿ࢈ͷػີੑɾ׬શੑΛकΔͨΊਪ঑͞ΕΔηΩϡϦςΟରࡦू - ྫ: ϓϥΠόγʔɺ੫ɺۚ༥৘ใɺಛݖͳͲ - ཁ݅ྫ - ΞΫηε੍ޚɺҙࣝ෇͚ɾ܇࿅ɺ؂ࠪɺߏ੒؅ཧɺࣝผͱೝূͳͲͳͲ - Cyber Security Frameworkͱඥ෇͚ΒΕ͍ͯΔ NIST SP 800-171 IUUQTXXXOJTUHPWTJUFTEFGBVMUpMFTEPDVNFOUTDVJPDUDVJ@PWFSWJFXDBTFZQEG
  93. ઃܭ

  94. ઃܭ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  95. BeyondCorp/ZeroTrust

  96. ઓज़

  97. ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  98. - Cyber Kill Chainʢྫʣ - F35ʢεςϧεઓಆػʣΛ։ൃͨ͠ϩοΩʔυɾϚʔςΟϯʹ ΑΔϑϨʔϜϫʔΫ - ඪతܕ߈ܸʹ͓͚Δ߈ܸͷϑΣʔζΛ෼ྨͨ͠΋ͷ -

    ఁ࡯ɺ෢ثԽɺσϦόϦʔɺΤΫεϓϩΠτɺΠϯετʔϧɺ C&Cɺ໨తͷ࣮ߦ ڴҖ෼ੳ
  99. - Adversarial Tactics, Techniques, and Common Knowledge - CVEΛ؅ཧ͍ͯ͠ΔMITREࣾͷφϨοδϕʔεͱϑϨʔϜϫʔΫ -

    ߈ܸऀɾ߈ܸάϧʔϓɺઓज़త໨ඪɺٕज़తͳߦಈɺ߈ܸπʔϧ ΛϦετԽɾϝτϦΫεԽ - ۩ମతͳ๷ޚࡦͷ࣮૷ʹ໾ཱͭ - STIX/TAXIIͰͷΠϯςϦδΣϯεڞ༗ ATT&CK IUUQTBUUBDLNJUSFPSH
  100. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ઃܭɾ࣮຿ฤ 2019/08/10 By @ken5scal

  101. Pre 2010: Perimeter Model

  102. 1990s: Internetେരൃ

  103. 1994: IANAʹΑΔPrivate NetworkϨϯδͷ֬อʢ RFC1597)

  104. ΤϯλʔϓϥΠζͷΠϯλʔωοτࢀՃ 5SVTUFE[POF - ϝʔϧ౳Λ࢖ͬͨ֎෦ͱͷ ίϛϡχέʔγϣϯͷൃੜ - ࣍ͷڥքͷొ৔ - (Un)Trust Zone

    - Demilitarized Zone 6OUSVUFE[POF %.;
  105. - σΟϨΫτϦαʔϏε - Ϣʔβʔ΍PCϦιʔεͷҰׅ؅ཧ - Ϣʔβʔ΍PCͷઃఆΛۉҰԽ - ೝূͳͲ֤ػೳͰඪ४ٕज़Λ࠾༻ 2000: Active

    Directory 5SVTUFE 6OUSVUFE %.
  106. ઓུʢ࠶ܝʣ: Active DirectoryͷΧόʔൣғ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  107. 1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ

    6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171:ɹຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅
  108. 1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ

    6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171: ຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅
  109. - Ϣʔβʔೝূ - Ϣʔβʔ౷੍ - σόΠε౷੍ - ϚεσϓϩΠ - ετϨʔδ

    - ೝূہ - DNS - DHCP Active Directory͕༗͢Δػೳ
  110. ଞͷκʔϯʢTrustκʔϯʣ %.; ։ൃऀ ਓࣄ ਓࣄ޲͚κʔϯ ։ൃऀ޲͚κʔϯ ౿Έ୆ ਓࣄ%# 5SVTUκʔϯ

  111. Trusted Zone಺Ͱͷۀ຿ ॏཁͳσʔλ 0Oαʔόʔ ॏཁͳσʔλ 0Oαʔόʔ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ

    5SVTUFE[POF
  112. function CanWeTrust (zone string) bool { return zone == “true”

    } γϯϓϧͳੈք
  113. ·ͱΊ ڥքϞσϧͱκʔϯͷग़ݱ

  114. Post 2010

  115. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্Ͱͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ
  116. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - SalesforceͷϝΨώοτ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?:

    iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ
  117. ݟग़͠ 5IF/FFEMFTTMZ$PNQMFY)JTUPSZPG4BB4 4JNQMJpFEIUUQTXXXQSPDFTTTUIJTUPSZPGTBBT

  118. - Trusted -> Untrustedͷϒϥ ΢βΞΫηεཁ݅૿Ճ - DMZʹϦόʔεϓϩΩγΛ௥ Ճ͢Δ͜ͱͰे෼ରॲՄೳ SaaSͷొ৔ʹΑΔ֎෦઀ଓͷ૿Ճ 5SVTUFE

    6OUSVUFE %. Ϧόϓϩ
  119. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  120. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - Google Apps For

    YourDomain ʢݱGSuiteʣͷొ৔ - AWSͷొ৔: αʔϏεఏڙ؀ڥͷPaaSԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ "84೥ͷาΈdԊֵdIUUQTBXTBNB[PODPNKQBXT@IJTUPSZEFUBJMT 8JLJQFEJBIUUQTFOXJLJQFEJBPSHXJLJ(@4VJUF
  121. - Trustedκʔϯ಺ͷγεςϜ ͕ଓʑͱSaaSԽ ৘ใγεςϜͷSaaSԽʹΑΔมԽ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ

  122. Ͳ͜Ζ͔αʔϏε؀ڥͰ͑͞as a Serviceʹ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ ։ൃऀ޲͚κʔϯ ౿Έ୆

  123. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  124. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    ۀ຿ͰͷεϚϗ׆༻ࣄྫ૿Ճ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ
  125. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - ن੍࢈ۀʹ͓͚ΔελʔτΞοϓͷ૿Ճʢྫ: Fintechʣ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG
  126. վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz

  127. վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

  128. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG
  129. IUUQTSFDSVJUIPMEJOHTDPKQOFXT@EBUBSFMFBTF@IUNM

  130. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  131. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ
  132. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ
  133. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ
  134. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ
  135. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ جװ σʔλ جװ σʔλ
  136. ৴པʢTrustʣ͢ΔڥքͷมԽ

  137. ڥքͷมԽͱ ڴҖɾΠϯγσϯτ

  138. ඪతܕ߈ܸʢڴҖʣ - ಛఆͷ૊৫಺ͷ৘ใΛૂͬͯ ߦΘΕΔαΠόʔ߈ܸ(2009~) - ࠃ಺ࣄྫ - 2011: ࡾඛॏ޻ -

    2015: ೔ຊ೥ۚػߏ - 2018: CoinCheckʁ 5IF$ZCFS,JMM$IBJOIUUQTXXXMPDLIFFENBSUJODPNFOVTDBQBCJMJUJFTDZCFSDZCFSLJMMDIBJOIUNM
  139. αϓϥΠνΣʔϯ - ੡඼ʹର͢Δෆਖ਼ϓϩάϥϜͷຒΊࠐΈɺϋʔυ΢ΣΞͷෆਖ਼վ଄ ͳͲʹΑͬͯੜ͡Δ৘ใηΩϡϦςΟ্ͷϦεΫ - ࣄྫ - NPMͷਓؾϥΠϒϥϦ΁ͷѱੑίʔυ஫ೖ - GEMͷ”

    strong_password”΁ͷѱੑίʔυ஫ೖ - ϑΝΠϧγΣΞ֦ுػೳͷ৐ͬऔΓ - 7Pay͕ґଘ͢Δomni7ʹ͓͚Δ੬ऑੑ - ถࠃͷϑΝʔ΢ΣΠ੡඼ഉআ IUUQTXXXTFDVSJUZXFFLDPNNBMJDJPVTDPEFQMBOUFETUSPOHQBTTXPSESVCZHFN IUUQTXXXXJSFEDPNTUPSZHPPHMFDISPNFFYUFOTJPOTTFDVSJUZDIBOHFT
  140. ಺෦൜ߦ - ૊৫಺ͷϝϯόʔʹΑΔѱҙ͋Δߦಈ - ࠃ಺ࣄྫ - 2014: ϕωοηͷάϧʔϓاۀ಺ͷ೿ݣࣾһʹΑ Δݸਓ৘ใ࿙Ӯʢ͋ΔҙຯαϓϥΠνΣʔϯͰ΋ ͋Δʣ

  141. ڞ௨఺

  142. Trustκʔϯͷ৴པੑͷ௿Լ - ඪతܕ߈ܸ - Drive by Download΍ਫҿΈ৔߈ܸ - ExploitޙͷC2CʹΑΔ৘ใऩूɾԣஅత৵֐ -

    αϓϥΠνΣʔϯϦεΫ - ґଘઌͷOSSʹ͓͚Δ੬ऑੑ - ಺෦൜ߦ - ૊৫಺ͷ൜ߦ
  143. ωοτϫʔΫڥքΛࠜڌʹͨ͠Trustͷݶք - σʔλɾਓɾఏܞઌ͕ඞͣ͠΋Trustڥքʹ͍ͳ ͍ - TrustڥքʹUntrustfulͳཁૉ͕૿͑ͨ

  144. BeyondCorp Zero Trust Network

  145. - ωοτϫʔΫͷڥքʹԠͨ͡৴པྖҬͷ֓೦Λഉআ - ϢʔβʔɾσόΠεΛ΋ͱʹೝূ͢Δ - ͦΕΒ΁ͷೝՄʢΞΫηε੍ޚʣ͸ϙϦγʔʹ΋ͱ ͖ͮಈతʹܾఆ͢Δ - ͲͪΒ͔ͱ͍͏ͱɺαʔϏε؀ڥ޲͚ Zero

    Trust Networkͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ
  146. - ैۀһ͕ʮ৴པͰ͖ͳ͍ωοτϫʔΫʯΛ௨ͯ͡ ಇ͚ΔΑ͏ʹ͢ΔGoogleࣾ಺ͷΞϓϩʔν BeyondCorpͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ

  147. https://www.youtube.com/watch?v=SSUUg38lFg0 IUUQTXXXZPVUVCFDPNXBUDI W4466HM'HUT IUUQTUDP&X+W$3(,[9 BNQ Zero Trust/Beyond CorpͷϦιʔε ࿦จͱͯ͋͠Δͷ͕ #FZPOE$PSQ

    ;FSP5SVTUͷ࿦จ͋ͬͨΒ͢Έ·ͤΜ
  148. Ҏ߱ɺBeyondCorpΛϕʔεʹ͠·͢

  149. - ͢΂ͯΛUntrusted Zone͔ΒͷΞΫηεͱԾఆ͢Δ - ΞΫηεݩͷϢʔβʔɾσόΠεΛೝূ͢Δ - ΞΫηεݩΛσʔλʹԠͯ͡ΞΫηεՄ൱൑அ͢ Δ - “Never

    Trust, Always Verify” Basic Principals
  150. function CanWeTrust ( device, user interface, zone string) int {

    // return value from 0~1 return someAlgorithm(device, user, zone) } function AuthorizationDecision( device, user interface, score int) bool{ return AllowOrDisAllow(device, user, zone) } ෳ਺ͷม਺͔Β৴པ͕ܭࢉ͞ΕΔੈք
  151. IUUQTBJHPPHMFSFTFBSDIQVCTQVCQEG

  152. - Ϣʔβʔͷಛఆ - σόΠεͷಛఆ - ΞΫηεϓϩΩγ - ΞΫηε੍ޚΤϯδϯʢϙϦγʔΤϯδϯʣ - Trust

    Inferenceʢ৴པείΞࢉग़Τϯδϯʣ ඞཁͳίϯϙʔωϯτ
  153. Ϣʔβʔͷಛఆ ʢIdentification)

  154. None
  155. - ͦͷϢʔβʔ͸ຊ౰ʹਖ਼͍͠Ϣʔβʔͳͷ͔ - ඞཁͳίϯϙʔωϯτ - ϢʔβʔɾάϧʔϓDB - Ϣʔβʔೝূ Ϣʔβʔͷಛఆ

  156. - ຊਓ֬ೝ - ΦϯϥΠϯ্ʹ͋ΔϦιʔε΁ͷΞΫηεΛཁ ٻ͢Δਃ੥ऀͷొ࿥ͱ਎ݩ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

    IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM
  157. - ຊਓ֬ೝ - ೝূ - ొ࿥ޙͷϦιʔε΁ͷΞΫηεΛཁٻ͢Δਃ੥ ऀͷΞΠσϯςΟςΟͷ͔֬͞Λূ໌͢Δ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

    IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM
  158. - ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ - ೝূ࣌ͷ৘ใΛଞΞϓϦ΍γεςϜͱ࿈ܞ͢Δ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

  159. - ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

  160. ϢʔβʔɾάϧʔϓDB

  161. None
  162. ਓࣄ%#

  163. ϢʔβʔɾάϧʔϓDBͷ֓ཁ - σΟϨΫτϦ - ΦϒδΣΫτͷҰݩ؅ཧ͢ΔϢʔβʔɾάϧʔϓDB - ωοτϫʔΫʹ઀ଓͨ͠αʔόʔͳͲͷࢿݯʢϦιʔεʣͷॴࡏɾ ଐੑɾઃఆͳͲͷ৘ใΛޮ཰తʹऩू͠ɺه࿥ɾ؅ཧ͢ΔαʔϏε - ར఺

    - ಡΈऔΓ͕ߴ଎ - ෼ࢄܕͷ৘ใ֨ೲϞσϧ - ߴ౓ͳݕࡧػೳΛ࣋ͭ
  164. ϢʔβʔɾάϧʔϓDBؔ܎ͷϓϩτίϧ - LDAP - SCIM

  165. LDAP - Lightweight Directory Access Protocol - σΟϨΫτϦαʔϏεʹΞΫηε͢Δϓϩτίϧ - ػೳ

    - ݕࡧ: ldapsearch, ߋ৽: ldapmodify, ௥Ճ: ldapadd - Active Directory͕༗໊͕ͩɺ࠷ۙ͸GSuite΋࣮૷ͨ͠ - ঎༻Ͱ΋OSSͰ΋࢖ΘΕ๛෋ͳ࣮੷͕͋Δ - Ϋϥ΢υɾWebΞϓϦͰ͸ϝδϟʔΑΓͷϚΠφʔ
  166. LDAP $ - * & / 5 4 & 3

    7 & 3 IUUQTISPVIBOJPSHMEBQTFSWFSPQFOMEBQDFOUPT
  167. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"
  168. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"
  169. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"
  170. SCIMɹʢ͖͢Ήʣ - System for Cross-domain Identity Management - “Ϋϥ΢υϕʔεͷΞϓϦέʔγϣϯ͓ΑͼαʔϏεʹ͓͚Δ ϢʔβʔIDͷ؅ཧΛ༰қʹ͢ΔΑ͏ʹઃܭ”

    - Ұݩ؅ཧ͞ΕͨσΟϨΫτϦ͔Βɺར༻͢ΔαʔϏε΁ͷϓϩ Ϗδϣχϯά - JSON/XMLܗࣜ - REST APIʹΑΔϞσϧૢ࡞ - LDAPΑΓϚΠφʔ IUUQXXXTJNQMFDMPVEJOGP
  171. IUUQXXXTJNQMFDMPVEJOGP SCIMϞσϧ

  172. { "schemas": ["urn:ietf:params:scim:schemas:core: 2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"bjensen", "meta":{ "resourceType": "User", "created":"2011-08-01T18:29:49.793Z",

    "lastModified":"2011-08-01T18:29:49.793Z", "location":"https://example.com/v2/Users/ 2819c223...", "version":"W\/\"f250dd84f0671c3\"" }, "name":{ "formatted": "Ms. Barbara J Jensen, III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "userName":"bjensen", "phoneNumbers":[ { "value":"555-555-8377", "type":"work" } ], "emails":[ { "value":"bjensen@example.com", "type":"work", "primary": true } ] } IUUQXXXTJNQMFDMPVEJOGP
  173. SCIM Protocols - ࡞੒ɿ POST /{version}/{resource} - ಡऔɿ GET /{v}/{resource}/{id}

    - ஔ׵ɿ PUT /{v}/{resource}/{id} - ࡟আɿ DELETE /{v}/{resource}/{id} - ෦෼ஔ׵ɿ PATCH /{v}/{resource}/{id} - ݕࡧ: GET /{v}/{resource}?ϑΟϧλʔ= {ଐੑ} {ΦϖϨʔλ} {஋}ˍ SORTBY = {attributeName}ˍsortOrder={ঢॱ|߱ॱ} - Ұׅ࡞੒ɿ POST /{v}/Bulk IUUQXXXTJNQMFDMPVEJOGP
  174. Ϣʔβʔೝূ

  175. None
  176. Ϣʔβʔೝূ - 2ஈ֊ೝূͱSingle Sign On͕େલఏ - ೝূ͕௨ͬͨ৔߹ɺ୹࣌ؒͷτʔΫϯΛൃߦ͢Δ - τʔΫϯͷதʹ͸ೝՄϓϩηεʹඞཁͳ৘ใؚ͕ ·Ε͍ͯΔ͜ͱ͕ଟ͍

  177. ೝূͱγϯάϧɾαΠϯΦϯͷҧ͍ - ೝূ - ϢʔβͷΞΠσϯςΟςΟ͕͔֬ͳ΋ͷͰ͋Δ͜ͱΛΫϨ σϯγϟϧΛఏࣔͯ͠ূ໌͢Δϓϩηε - ୅දతͳϓϩτίϧ: FIDO (WebAuthn

    + CTAP) - Single Sign On - γεςϜΛލ͍ͰΞΠσϯςΟςΟ΍ೝূ৘ใΛ఻ൖ͢Δ ͨΊͷϓϩηε - ୅දతͳϓϩτίϧ: Kerberos, SAML, OIDC IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPTQCKBIUNMTFD
  178. ೝূ

  179. - γεςϜϦιʔε΁ͷΞΫηεΛਃ੥͢ΔϢʔ βʔɾϓϩηεɾσόΠεͱ͍ͬͨΤϯςΟςΟ ͷΞΠσϯςΟςΟΛཱূʢVerifyʣ - ௨ৗɺΫϨσϯγϟϧͷఏࣔΛ൐͏ ೝূͱ͸ IUUQTQBHFTOJTUHPWTQIUNM

  180. - 1961: ύεϫʔυͷొ৔ at MIT - 1983: ICΧʔυϚΠίϯ - ????:

    ΫϨδοτΧʔυ with ICνοϓ - 2000~: - SMS΍ϝʔϧʹΑΔ௥Ճೝূίʔυͷૹ৴ - TOTPΛ࢖ͬͨ௥Ճೝূ - εϚʔτΧʔυΛ࢖ͬͨActive Directoryೝূ - ੜମೝূΛ࢖ͬͨ௥Ճೝূ - Yubicoࣾઃཱ - 2018: - FIDO2 ೝূํࣜͷભҠ IUUQTFOXJLJQFEJBPSHXJLJ1BTTXPSE
  181. 8FC"VUIO CFDPNFT XDQSPQPTFE SFDDFPNFOEBUJPO HNTpEPpEP 'FC 'FC +BO 8FC"VUIO CFDPNFT

    XDQSPQPTFE SFDDFPNFOEBUJPO .BSDI .BZ 8FC"VUIO XDDBOEJEBUF SFDDFPNFOEBUJPO 8FC"VUIO XDQSPQPTFE SFDDFPNFOEBUJPO +VOF .BS 8FC"VUI XD TUBOEBSJ[FE
  182. "VUIFOUJDBUPS $MJFOU 3FMZJOH 1BSUZ 3FMZJOH 1BSUZ $SFEFOUJBM,FZ ,FZ1BJS  ,FZ1BJS

    $SFEFOUJBM ,FZ1BJS  FIDO
  183. Platform 5&& 51.

  184. SSOʢϑΣσϨʔγϣϯʣ ೝূ৘ใͷ࿈ܞ

  185. - SSO - 1౓ͷೝূͰෳ਺ͷγεςϜ͕ར༻ՄೳʹͳΔ͜ͱ - Kerberosೝূɺσδλϧॺ໊ೝূ - ϑΣσϨʔγϣϯ - ωοτϫʔΫυϝΠϯΛ·͍ͨͰೝূ৘ใΛ࿈ܞ͢Δ͜ͱ

    - SAML, OIDC SSOɾϑΣσϨʔγϣϯͱ͸
  186. <AttributeStatement> <Attribute Name="http://schemas.microsoft.com/identity/claims/ tenantid"> <AttributeValue>xxxx-xxxx</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ objectidentifier"> <AttributeValue>xxxx-xxxx/AttributeValue>

    </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ displayname"> <AttributeValue>Kengo Suzuki</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ identityprovider"> <AttributeValue>https://sts.windows.net/xxxx-xxxx/</ AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/claims/ authnmethodsreferences"> <AttributeValue>http://schemas.microsoft.com/ws/2008/06/ identity/authenticationmethod/password</AttributeValue> <AttributeValue>http://schemas.microsoft.com/claims/ multipleauthn</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/ claims/role"> <AttributeValue>arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure</AttributeValue> <AttributeValue>arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ agegroup"> <AttributeValue>3</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/givenname"> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/surname"> <AttributeValue>Suzuki</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/emailaddress"> <AttributeValue>xxxx@xxxx-xxx.com</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/name"> <AttributeValue>xxxx@xxxx-xxx.com</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/SAML/Attributes/ RoleSessionName"> <AttributeValue>xxxx@xxxx.com</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/ SAML/Attributes/Role"> <AttributeValue>arn:aws:iam::xxxxxxxx:role/xxx- role,arn:aws:iam::1111:saml-provider/Azure</ AttributeValue> <AttributeValue>arn:aws:iam::xxxx:role/ yyy-role,arn:aws:iam::1111:saml-provider/ Azure</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/SAML/Attributes/ SessionDuration"> <AttributeValue>14400</AttributeValue> </Attribute> </AttributeStatement>  ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 4".- "TTFSUJPO
  187. { "ver": "2.0", "iss": “https://login.microsoftonline.com/ xxxxxx-xxxxx-xxxxx-xxxx/v2.0", "sub": "Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "aud": "xxxxxx-xxxxx-xxxxx-xxxx",

    "exp": 1536361411, "iat": 1536274711, "nbf": 1536274711, "name": “Kengo Suzuki", "preferred_username": “ksuzuki@folio-sec.com“, "oid": "xxxxxx-xxxxx-xxxxx-xxxx", "tid": "xxxxxx-xxxxx-xxxxx-xxxx", "nonce": "111111", "aio": “!eGbIDakyp5mnOrcdqHeYSnltepQmRp6AIZ8jY” “roles": "frontend", }  ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 0*%$ *%5PLFO
  188. BeyondCorpʹ͓͚ΔʮϢʔ βʔͷೝূʯͷཁ݅Λຬͨ͢ ੡඼ = IDaaS IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  189. AzureAD: σΟϨΫτϦ (LDAPϢʔβʔ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  190. AzureAD: σΟϨΫτϦ (LDAPάϧʔϓ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  191. AzureAD: ϓϩϏδϣχϯά(SCIM) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  192. AzureAD: Ϣʔβʔೝূ(MFA)ͱೝূ৘ใ࿈ܞ

  193. - ೝূΛ௨ͯ͠ϢʔβʔΛಛఆ͠ͳ͚Ε͹ͳΒͳ͍ - Ϣʔβʔʹඥͮ͘࿦ཧతͳΦϒδΣΫτ͕ඞཁ - ΦϒδΣΫτΛҰݩ؅ཧ͢ΔDB = σΟϨΫτϦ - ΦϒδΣΫτΛଞαʔϏεʹ఻ൖ͢Δ͜ͱ

    = ϓϩϏδϣχϯά - Ϣʔβʔͷೝূ৘ใΛ࿈ܞ͢Δ͜ͱ = SSOɾϑΣσϨʔγϣϯ Ϣʔβʔͷಛఆɹ·ͱΊ
  194. σόΠεͷಛఆ (Identification)

  195. None
  196. - ਓ͕ਖ਼౰Ͱ΋ɺײછͨ͠୺຤ʹΑΓ߈ܸऀͷҙਤ͕ୡ੒ ͞Εͯ͠·͏ࣄྫ͸زͭ΋͋Δ - ΑͬͯɺσόΠεͷਖ਼౰ੑΛ֬อ͠ͳ͚Ε͹ͳΒͳ͍ - ඞཁͳίϯϙʔωϯτ - σόΠεDBʢΠϯϕϯτϦʣ -

    σόΠεೝূ σόΠεͷಛఆ
  197. σόΠεDB ʢΠϯϕϯτϦʣ

  198. σόΠεDBʢΠϯϕϯτϦʣͷ֓ཁ - σόΠεͷଐੑΛอ࣋͢ΔΦϒδΣΫτΛ؅ཧ͢ΔDB - ҎԼͷ؅ཧػೳΛ࣋ͭ΂͖ - ௐୡͨ͠σόΠεͷొ࿥ - σόΠεͷߏ੒؅ཧʢؚΉมߋͱσϓϩΠʣ -

    ߏ੒৘ใͷϦΞϧλΠϜදࣔ - ۀ຿ར༻͍ͯ͠ΔσόΠεछผͷαϙʔτ - Windows, MacOS, iOS, Android, Linux…
  199. - ௐୡ͔ΒΠϯϕϯτϦొ࿥·Ͱͷஈ֊͸୹͍΄͏ ͕ϕλʔ - ࠷ۙ͸ࣗಈొ࿥Մೳ ΠϯϕϯτϦొ࿥

  200. ݟग़͠ IUUQTXXXKBNGDPNCMPHBQQMFEFWJDFFOSPMMNFOUQSPHSBNBQQMFJUJOOPWBUJPO ΠϯϕϯτϦొ࿥(Mac/iOS)

  201. ΠϯϕϯτϦొ࿥(Windows) IUUQTNZJHOJUFUFDIDPNNVOJUZNJDSPTPGUDPNTFTTJPOT

  202. σόΠεͷߏ੒؅ཧ - ج४ɾϙϦγʔʹैͬͯߏ੒ - ۀ຿ར༻ΞϓϦ/CAͷΠϯετʔϧ - ݹ͍ΞϓϦͷར༻ - OSɾΞϓϦͷ࠷৽Խ -

    σΟεΫ҉߸Խ - ϩʔΧϧAdminͷύεϫʔυมߋ - ऑ͍ύεϫʔυͷېࢭ - ฆࣦ୺຤ͷϩοΫɾॳظԽ - ߏ੒ঢ়گ΍୺຤ͷϝτϦΫεΛχΞɾϦΞϧλΠϜͰ ऩू - ࣾ಺NWʹݶఆ͞Εͣܧଓతʹద༻ ॏ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ
  203. - ͜ΕΒͷཁ݅Λຬͨ͢঎༻੡඼͸·ͩͳ͍ʢڪΒ͘ʣ - ϢʔβʔϞσϧΛఆٛ͢ΔSCIMεΩʔϚͷΑ͏ͳඪ४΋ະ ొ৔ - Google͸ࣗࣾͰϝλσόΠεΠϯϕϯτϦΛߏங - 15ͷҟͳΔσʔλιʔε -

    300ສ/೔݅ɺྦྷܭ80ςϥόΠτͷσʔλΛऩू - ֤OS͝ͱͷઐ໳νʔϜ σόΠεΠϯϕϯτϦͷݱ࣮
  204. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF
  205. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ࢿ࢈؅ཧ w ʮࢿ࢈ʯͱͯ͠ͷσόΠε%# w ϋʔυ΢ΣΞ΍ͦͷதͰಈ͘ιϑτ΢ΣΞ΍ϥΠηϯε΋؅ཧ w ͦΕΒʹՃ͑ͯϥΠϑαΠΫϧ΋؅ཧ w ૯຿ɾܦཧ͕؅ཧͯ͠Δ͜ͱ΋͋Δ
  206. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w σΟϨΫτϦɾαʔϏε w Ϣʔβʔɾάϧʔϓ%#ͱಉ͡ w 8JOEPXTΛར༻͍ͯ͠ΔاۀͰ͸ɺ"DUJWF%JSFDUPSZ͕ط ʹ͋ΔͷͰɺ͔ͦ͜ΒσʔλΛΠϯϙʔτ͢Δ
  207. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ωοτϫʔΫػث w %)$1΍"31ςʔϒϧͷ࿈ܞ w ωοτϫʔΫػث͸ελϯυΞϩϯͳঢ়ଶͰଘࡏ͢Δ͜ͱ͕ ଟ͍
  208. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ੬ऑੑεΩϟφ w /FTVT΍/NBQͳͲΛఆظతʹ࣮ࢪͯ͠ɺ੬ऑੑ͕ͳ͍͔ νΣοΫ w ͦͷ݁Ռͷ࿈ܞ
  209. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w $" w ୺຤ʹຒΊࠐ·Εͨূ໌ॻͷτϥετΞ ϯΧʔ w ূ໌ॻ͕ਖ਼౰͔ͳͲΛ࿈ܞ
  210. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ߏ੒؅ཧαʔϏε w σόΠεͷߏ੒ঢ়گΛ࿈ܞ
  211. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ύον؅ཧαʔϏε w 04΍Πϯετʔϧ͞ΕͨΫϥΠΞϯτΞ ϓϦͷύον؅ཧ w ద༻ঢ়گͳͲͷ࿈ܞ
  212. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ʢϝλʣΠϯϕϯτϦαʔϏε w ͜ΕΒͷσʔλΛऔΓࠐΈɺؔ࿈෇͚ͨ ୯ҰͷΠϯϕϯτϦ
  213. σόΠεೝূ

  214. - RFC5280 - ެ։伴ূ໌ॻͷϑΥʔϚοτΛఆٛ - CRLͷఆٛ - ূ໌ॻνΣʔϯͷݕূํ๏Λఆٛ - ൿີ伴ͷ৴པੑΛূ໌Ͱ͖ΔͨΊɺσόΠεೝূͱͯ͠ར༻

    X.509
  215. ͦͷൿີ伴͸ϢχʔΫ͔

  216. ෆਖ਼ʹૠೖ͞Εͨ伴ϖΞ Ͱͳ͍͔ 伴ϖΞΛॻ͖׵͑ΒΕͯ ͍ͳ͍͔

  217. Attestation "UUFTUBUJPO,FZTͷ ϖΞ࡞੒ ᶅ4IJQ ޻৔ग़ՙ࣌ʹ 伴ϖΞΛ51.ʹຒΊ ࠐΉ ൿີ伴ͷੜ੒ɾ؅ ཧ͸51.5&& ಺ͷΈ

    51.5&& ੜ੒͞Εͨൿີ伴 ʹඥͮ͘ূ໌ॻ͸ ֎ग़Մೳ
  218. 51.ͷެ։伴 Ͱݕূ 51.5&&

  219. Windows TPM IUUQTEPDTNJDSPTPGUDPNFOVTXJOEPXTTFDVSJUZJOGPSNBUJPOQSPUFDUJPOUQNIPXXJOEPXTVTFTUIFUQN

  220. ݟग़͠ PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256" IsPresent : True PublicKey

    : System.Security.Cryptography.AsnEncodedData PublicKeyHash : 70769c52b6e24ef683693c2a0208da68d77e94192e1f4080ae 7c9b97c6caa681 ManufacturerCertificates : {[Subject] OID.2.23.133.2.3=1.2, OID.2.23.133.2.2=C4T8SOX3.5, OID.2.23.133.2.1=id:782F345A [Issuer] CN=Contoso TPM CA1, OU=Contoso Certification Authority, O=Contoso, C=KR [Serial Number] 77A120A [Not Before] 6/4/2012 6:35:58 PM [Not After] 6/4/2022 6:35:57 PM [Thumbprint] 77378D1480AB48FEA2D4E610B2C7EEF648FEA2 } AdditionalCertificates : {} IUUQTHJUIVCDPN.JDSPTPGU%PDTXJOEPXTQPXFSTIFMMEPDTCMPCNBTUFSEPDTFUXJOEPXTUSVTUFEQMBUGPSNN
  221. BeyondCorpʹ͓͚ΔσόΠ εɾΞΠσϯςΟςΟΛຬͨ ͢੡඼ɾαʔϏε

  222. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεͷΤʔδΣϯτʢUEMʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF
  223. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    macOS, iOSฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF
  224. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ূ໌ॻΠϯετʔϧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE
  225. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ߏ੒؅ཧʢྫ: ϩʔΧϧAdminͷύεϫʔυ೔࣍มߋʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE
  226. ##################################################################################### ############### # Decode API user Password apiPass="$( decryptString "$apiEncryptedPass"

    "$saltAPI" "$passAPI" )" if [ -z "$apiPass" ]; then scriptLogging "Failed to decrypt API user's password" 2 exit 1 fi ##################################################################################### ############### # Retrieve LAPS user password from Extent Attribute previousEncryptedPassword="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ -n "$previousEncryptedPassword" ]; then scriptLogging "Retrieved previous password is $previousEncryptedPassword (encrypted)." retrievedPassword="$( decryptString "$previousEncryptedPassword" "$laSalt" "$laPass" )" else scriptLogging "Could not get previous password. Try initial password for $ {laUserName}." scriptLogging "Try to use initial password for ${laUserName}: $initialEncryptedPassForLadminUser (encrypted)." retrievedPassword="$( decryptString "$initialEncryptedPassForLadminUser" "$initLaSalt" "$initLaPass" )" fi if [ -z "$retrievedPassword" ]; then scriptLogging "Failed to decrypt previous password of $laUserName" 2 exit 1 fi ##################################################################################### ############### # Check current password with Retrieved password /usr/bin/dscl /Local/Default -authonly "$laUserName" "$retrievedPassword" 2> /dev/ null returnCode=$? if [ "$returnCode" -eq 0 ]; then scriptLogging "Current password has match with Retrieved password." else scriptLogging "Retrieved password for $laUserName is not match current password. dserr: $returnCode" 2 exit $returnCode fi ##################################################################################### ############### # Change password with new one. newpassword="$( /usr/bin/openssl rand -base64 48 | /usr/bin/tr -d OoIi1lLS | /usr/ bin/head -c 12 )" changePassword "$laUserName" "$retrievedPassword" "$newpassword" ##################################################################################### ############### # Encrypt New Password encryptedPassword="$( echo "$newpassword" | /usr/bin/openssl enc -aes256 -a -A -S "$laSalt" -k "$laPass" )" if [ -n "$encryptedPassword" ]; then # If you want to log new password, remove ':' at start of next line. : scriptLogging "New password: $encryptedPassword (Encrypted)" else scriptLogging "Failed to encrypt new password. Why?" 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi ##################################################################################### ############### # Update Extent Attribute with New Password uploadPassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" "$encryptedPassword" returnCode=$? if [ "$returnCode" -ne 0 ]; then scriptLogging "Failed to upload." 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi try="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ "$try" = "$encryptedPassword" ]; then scriptLogging "Retrieve test passed." scriptLogging "Done." exit 0 else scriptLogging "Retrieve test failed. Get unexpected string." 2 scriptLogging "Retrieved String: $try" 2 scriptLogging "Expected String: $encryptedPassword" 2 scriptLogging "Done in error." 2 exit 1 fi  $FOTPSFE
  227. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ύον؅ཧʢྫ: Chromeͷ࠷৽Խʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE
  228. shlogger "Mount dmg file: $dmgfile" devfile="$( /usr/bin/hdiutil attach -nobrowse "$

    {workdir}/${dmgfile}" | /usr/bin/grep Chrome | / usr/bin/awk '{print $1}' )" check_result="$( checkapp "$dl_chromapp" "$developerid" )" if [ "$check_result" = ok ]; then shlogger "Codesign check passed." runstate="$( /usr/bin/pgrep Chrome | /usr/bin/ wc -l )" shlogger "Chrome run state: $runstate" if [ "$runstate" -ne 0 ]; then notification=yes ; fi tmpdir="/tmp/$( /usr/bin/uuidgen )" /bin/mkdir -m 755 "$tmpdir" /bin/mv "$CHROME" "$tmpdir" /bin/cp -af "$dl_chromapp" /Applications shlogger "Install Chrome into /Applications" /usr/bin/xattr -r -d com.apple.quarantine "$CHROME" shlogger "Remove com.apple.quarantine from $CHROME" else shlgger "$check_result" 2 shlogger "Codesign check failed." 2 fi /usr/bin/hdiutil detach -quiet "$devfile" rm -rf "$workdir" shlogger "Show notification: $notification" if [ "$notification" = yes ]; then show_notification "Googole Chrome has updated!" "Restart Google Chrome now." fi shlogger "Done." exit 0  w $ISPNFͷࣗಈΞοϓσʔτεΫϦϓτ
  229. #!/bin/bash RESULT="Not Installed" CHROME="/Applications/Google Chrome.app" if [ -e "$CHROME" ];

    then installed_version="$( /usr/libexec/PlistBuddy -c "print CFBundleShortVersionString" "$CHROME/ Contents/Info.plist" )" current_stable_version="$( /usr/bin/curl -s https://omahaproxy.appspot.com/all | /usr/bin/awk -F, '/mac,stable/ {print $3}' )" if [ "$installed_version" = "$current_stable_version" ]; then RESULT="UptoDate" else RESULT="Old" fi fi echo "<result>$RESULT</result>"  w Πϯετʔϧ͞Ε͍ͯΔ$ISPNFͷόʔδϣϯνΣοΫͱଐੑઃఆ
  230. ֦ுଐੑͷ෇༩ $FOTPSFE $FOTPSFE

  231. χΞϦΞϧλΠϜͷߏ੒؅ཧ $FOTPSFE

  232. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    Windows, Androidฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF
  233. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ূ໌ॻΠϯετʔϧ  $FOTPSFE
  234. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ߏ੒؅ཧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE
  235. { "@odata.context": "https://graph.microsoft.com/ v1.0/$metadata#deviceManagement/managedDevices/$entity", "id": "xxxxx", "userId": "xxxxx", "deviceName": "xxxx",

    "managedDeviceOwnerType": "company", "enrolledDateTime": "2019-07-18T12:17:53.0413033Z", "lastSyncDateTime": "2019-08-15T02:34:53.7572148Z", "operatingSystem": "Windows", "complianceState": "compliant", "jailBroken": "Unknown", "managementAgent": "mdm", "osVersion": "10.0.18362.295", "easActivated": true, "easDeviceId": "xxxxx", "easActivationDateTime": "2019-07-18T12:25:05.2874123Z", "azureADRegistered": true, "deviceEnrollmentType": "windowsCoManagement", "activationLockBypassCode": null, "emailAddress": “xxxxx@xxxx.com”, "azureADDeviceId": "xxxxx", "deviceRegistrationState": "registered", "deviceCategoryDisplayName": "Windows", "isSupervised": false, "exchangeLastSuccessfulSyncDateTime": "0001-01-01T00:00:00Z", "exchangeAccessState": "none", "exchangeAccessStateReason": "none", "remoteAssistanceSessionUrl": "", "remoteAssistanceSessionErrorDetails": "", "isEncrypted": true, "userPrincipalName": “xxx@xxxx.com", "model": "xxxxx", "manufacturer": "xxxxx", "imei": null, "complianceGracePeriodExpirationDateTime": "9999-12-31T23:59:59.9999999Z", "serialNumber": "xxxxx", "phoneNumber": null, "androidSecurityPatchLevel": null, "userDisplayName": "Kengo Suzuki", "wiFiMacAddress": "xxxxx", "deviceHealthAttestationState": null, "subscriberCarrier": "", "meid": "", "totalStorageSpaceInBytes": -1638924288, "freeStorageSpaceInBytes": -822083584, "managedDeviceName": "xxxx/18/2019_12:17 PM", "partnerReportedThreatState": "secured", "deviceActionResults": [], "configurationManagerClientEnabledFeatures": { "inventory": false, "modernApps": false, "resourceAccess": false, "deviceConfiguration": false, "compliancePolicy": false, "windowsUpdateForBusiness": false } }  w "1*Λ͔ͭͬͯߏ੒৘ใΛऔಘ w IUUQTHSBQINJDSPTPGUDPN WEFWJDF.BOBHFNFOU NBOBHFE%FWJDFTEFWJDF*%
  236. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ύον؅ཧʢWindows Defenderʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE
  237. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ੬ऑੑεΩϟϯʢWindows Defenderʣ $FOTPSFE
  238. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF σΟϨΫτϦʢActive Directoryʣ
  239. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF Network
  240. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ࢿ࢈؅ཧπʔϧ
  241. - શσόΠεͰ࣮ࢪ͢Δඞཁ͋Γ - ʢϝλʣΠϯϕϯτϦαʔϏε͸·ͩ঎༻ԽɾOSSԽ͞Ε ͍ͯͳ͍ - ࣗ෼Ͱ࡞Δ͔͠ͳ͍… - σόΠεೝূ͸ TPM

    + x.509 σόΠεΞΠσϯςΟςΟɹ·ͱΊ
  242. ΞΫηε੍ޚ

  243. None
  244. - Access Proxy: - શHTTP/SSHϦΫΤετͷड෇ - Access Control Engine(ACE): -

    ΞΫηε੍ޚΛෳ਺ͷσʔλιʔε͔Βܾఆ͢ΔϙϦγʔΤϯδϯɻ - Trust Inference: - Ϣʔβʔ΍σόΠεͷ৴པείΞΛࢉग़͢ΔΤϯδϯ - Pipleline: - ACEʹσʔλΛfeed͢ΔύΠϓϥΠϯ - Resource: - ΞΫηε੍ޚͷର৅ʹͳΔΞϓϦɺαʔϏεɺΠϯϑϥ ΞΫηε੍ޚͷ֓ཁʢొ৔ਓ෺ʣ
  245. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ

  246. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w "DDFTT1SPYZ͔Β4JOHMF4JHO0OʹϦμΠϨΫτ

  247. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w 4JOHMF4JHO0OͰɺೝূ৘ใΛ࿈ܞ͢Δʢ'FEFSBUJPOʣ

  248. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ΞΫηε੍ޚΛܾఆ͢ΔΑ͏ϦΫΤετ

  249. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w σόΠε΍Ϣʔβʔͷ৴པ౓Λܭࢉ w σόΠεɾϢʔβʔͷଐੑͱͯ͠อଘ w ύΠϓϥΠϯΛ௨ͯ͠৴པείΞɺΠϯϕ ϯτϦ৘ใΛ"$&ʹ࿈ܞ

  250. function userTrustInference (user, app interface) int { // isUserVulnerable(user) //

    isUserAccessingFromNewLocation(user) // hasTakenSecurityTraining(user) // isAppCritical(app) return userTrustTier(userInfo, appInfo) } function deviceTrustInference (device, app interface) int { // isDeviceVulnerable(device) // isDevieLatest(device) // isBrowserLatest(device) // isDeviceManaged(device) // isDeviceEncrypted(device) // isDeviceActive(device) return deviceTrustTier(deviceInfo, app) }
  251. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w "1ͱύΠϓϥΠϯ͔ΒऔಘͰ͖ΔσʔλΛ΋ͱʹΞΫηεՄ൱ Λܾఆɾద༻

  252. BeyondCorpʹ͓͚ΔΞΫη ε੍ޚΛຬͨ͢੡඼ɾαʔ Ϗε

  253. Access Proxy w "[VSF"% w ੍ݶ w )551ʢ4ʣҎ֎ͷϓϩ τίϧରԠ w

    ύεϫʔυೝূํࣜ
  254. Trust Inference w "[VSF"%*EFOUJUZ1SPUFDUJPO Ϣʔβʔ  w .JDSPTPGU%FGFOEFS"51ʢσόΠεʣ w "[VSF"51ʢσόΠεɾϢʔβʔʣ

    
  255. - Ϣʔβʔͷ৴པ౓ΛαΠϯΠϯঢ়ଶ͔Βܭଌ - αΠϯΠϯΠϕϯτͦͷ΋ͷͱɺαΠϯΠϯޙͷߦಈ͔Βܭଌ - Πϕϯτྫ: TorΛ࢖ͬͨϩάΠϯࢪߦ - ߦಈྫ: ෆՄೳͳཱྀߦ

    - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷࢉग़ࠜڌ͕Θ͔Γʹ͍͘ Trust Inference - AzureAD Identity Protection
  256. { "@odata.type": "#microsoft.graph.unfamiliarLocationRiskEvent", "id": “xxxx-xxxx", "riskEventStatus": "dismissedAsFixed", "riskLevel": "medium", "riskEventType":

    "UnfamiliarLocationRiskEvent", "riskEventDateTime": "2019-xx-xxT06:30:45", "closedDateTime": “2019-xx-xxT09:18:43", "createdDateTime": "2019-xx-xxT09:18:43", "userId": “xxxx-xxxx", "userDisplayName": “Kengo Suzuki", "userPrincipalName": “xxxxx@xxxx.com", "ipAddress": "18.205.93.232", "location": { "city": "Ashburn", "state": "VA", "countryOrRegion": "United States", "geoCoordinates": { "latitude": 39.0437, "longitude": -77.4742 }  w 4JHO*O3JTL&WFOU
  257. { "id": "xxxx-Xxxx-xxxx", "isDeleted": null, "isGuest": null, "isProcessing": false, “riskLevel":

    "none", "riskState": "remediated", "riskDetail": "userPerformedSecuredPasswordReset", "riskLastUpdatedDateTime": "2018-xx-xxT01:33:06", "userDisplayName": xxx@xxx.com, "userPrincipalName": null }  w 6TFS3JTL
  258. - σόΠεͰൃੜͨ͠ΞϥʔτͱͦͷޙͷରԠঢ়گ ͔ΒϦεΫ஋Λࢉग़ - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷ൑அࠜڌ΍ಛ௃બ୒͕Θ͔Γʹ

    ͍͘ Trust Inference - Microsoft Defender ATP
  259. ɹɹɹɹɹ{ "id": "xxxxx", "computerDnsName": “xxxxxxxxxxx”, "firstSeen": "2019-xx-xxT09:18:43", ɹɹɹɹɹ"lastSeen": "2019-xx-xxT09:18:43", "osPlatform":

    "Windows10", "osVersion": "10.0.0.0", "lastIpAddress": “xxx.xxx.xxx.xxx”, "lastExternalIpAddress": "xxx.xxx.xxx.xxx", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", "rbacGroupId": 140, ɹɹɹ "rbacGroupName": "The-A-Team", "riskScore": "Low", ɹɹɹɹ"isAadJoined": true, "aadDeviceId": “xxxx-xxxx", ɹɹɹɹ "machineTags": [ "test tag 1", "test tag 2" ] },  w %FWJDF3JTL
  260. - υϝΠϯࢀՃͰͷATPܥ߈ܸΛݕ஌ - WDATPͱ࿈ܞ Trust Inference - Azure ATP

  261. Trust Inference w "[VSF"%৚݅෇͖ΞΫηε

  262. - Ϋϥ΢υαʔϏεʹର͢ΔΞΫηε੍ޚΛෳ਺ͷ৚݅ʹج͍ͮ ܾͯఆɾద༻͢ΔαʔϏε - ৚݅ͷྫ - ୺຤ͷϙϦγʔ४ڌঢ়گ - ϢʔβʔͷϦεΫ஋ -

    ΫϥΠΞϯτΞϓϦछผ - ΞΫηεઌͷΫϥ΢υαʔϏε - Ґஔ৘ใ ৚݅෇͖ΞΫηε IUUQTEPDTNJDSPTPGUDPNFOVTB[VSFBDUJWFEJSFDUPSZDPOEJUJPOBMBDDFTTPWFSWJFX
  263. - MFAͷશ༗ޮԽ ৚݅෇͖ΞΫηεྫ: શΞϓϦ޲͚

  264. - ॏཁͳαʔϏεʹରͯ͠ɺαΠϯΠϯϦεΫ͕গ ͠Ͱ΋͋Ε͹ϩάΠϯΛڐՄ͠ͳ͍ - ॏཁαʔϏε - AWS, ౿Έ୆, ύεϫʔυϚωʔδϟʔ, -

    ސ٬৘ใ؅ཧ༻αʔϏε ৚݅෇͖ΞΫηεྫ: ॏཁΞϓϦ޲͚
  265. - ؅ཧ͞ΕͨσόΠεͰϙϦγʔ४ڌͨ͠΋ͷͷΈΞΫηεՄೳ - ؅ཧ͞ΕͨσόΠε: ProfileΛΠϯετʔϧ͞ΕͨBYOD୺຤΋ؚΉ - ४ڌ͞Εͨঢ়ଶ - σΟεΫ͕Full Encryption͞Ε͍ͯΔ

    - σόΠεͷϦεΫ஋͕LowҎԼͰ͋Δ - OS͕ಛఆͷόʔδϣϯҎ্Ͱ͋Δ - TPMΛඋ͍͑ͯΔ - BIOSϨϕϧͷ ৚݅෇͖ΞΫηεྫ: ؅ཧσόΠεͷΈڐՄ
  266. - ͕͜͜BeyondCorp/ZeroTrustͷ؊ - શͯͷΞΫηε͸Access ProxyΛܦ༝͢Δ - ωοτϫʔΫ͚ͩͰ͸ͳ͘ɺෳ਺ͷσʔλιʔε͔Β൑அ͢Δ - ͦͷதʹ͸৴པ౓Λܾఆ͢ΔTrust Inferene΋ؚ·ΕΔ

    - ACEʹσʔλ͕ू໿͞ΕɺΞΫηε੍ޚ͕ܾఆɾద༻͞ΕΔ ΞΫηε੍ޚɹ·ͱΊ
  267. - BeyondCorpΛҰ൪ݱ࣮ͯ͠Δ঎༻αʔϏε͸ Microsoft - θϩ͔Β૊Έ࢝ΊΔͷͰ͋Ε͹ɺMicrosoft365 ύοέʔδΛ࢖ͬͯɺ଍Γͳ͍෦෼Λݸผͷι ϦϡʔγϣϯʹٻΊΔͷ͕ίεύ͕ྑ͍ ࢲݟ

  268. ࠓ·Ͱͷ͓͞Β͍

  269. ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  270. None
  271. ηΩϡϦςΟ୲౰ͱͯ͠ ΍Δ͜ͱ͸໌֬ʹͳΓ·͔ͨ͠ʁ

  272. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ߦಈࢦ਑ฤ 2019/08/10 By @ken5scal

  273. - ϛογϣϯܾఆͱܦӦਞͱͷ߹ҙ - ༏ઌॱҐʹର͢ΔܦӦਞͱͷ߹ҙ - ಥવ;ͬͯ͘ΔʢଞࣾΛؚΊͨʣΠϯγσϯτରԠ - ιϦϡʔγϣϯͷͨΊͷ༧ࢉ֬อ - ϨΨγʔͳपลγεςϜͱͷ౷߹

    - ৽͍͠ϓϩμΫτ΁ͷίϛοτ - ʢ΍ͬͱ…ʣ࣮૷ɾӡ༻ - ࠾༻ɾνʔϜϏϧσΟϯά - Etc, etc Զͨͪͷઓ͍͸·ͩ࢝·ͬͨ͹͔Γͩ
  274. - ׬શ/ඪ४తͳΧϦΩϡϥϜͳͲͳ͍ - खΛಈ͔ͦ͏ɻ࣮ફ͋ΔͷΈɻ - ίϛϡχέʔγϣϯΛଵΒͳ͍ - ਏ͍͜ͱ΋ࣦഊ΋͋Δ - ָ؍ऀͰ͍Α͏

    - ॿ͚ΛٻΊΑ͏ - ஌ࣝΛڞ༗͠Α͏ So, you want to work in security? ݪจ4P ZPVXBOUUPXPSLJOTFDVSJUZ ೔ຊޠ໿ηΩϡϦςΟͰ൧৯͍͍ͨਓ޲͚ͷ৺ͷ࣋
  275. Good Luck and Happy Hacking!

  276. Thank You!