セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

Transcript

1. Hardening for cyber security — generated by Stable Diffusion XL

   v1.0 2024 3-4 (WBS) 2024 3-4 — 2024-06-17 – p.1/34

2. https://speakerdeck.com/ks91/collections/cyber-security-2024-summer 2024 3-4 — 2024-06-17 – p.2/34

3. ( ) 1 6 10 (1) • 2 6 10

   (2) • 3 6 17 • 4 6 17 • 5 6 24 I ( ) 6 6 24 I ( ) 7 7 1 8 7 1 9 7 8 10 7 8 11 7 15 II ( ) 12 7 15 II ( ) 13 7 22 14 7 22 W-IOI / ( ) 2024 3-4 — 2024-06-17 – p.3/34

4. ( 20 ) 1 • 2 • 3 • 4

   (TCP/IP ) • 5 • 6 • 7 • 8 • 9 • 10 World Wide Web • 11 Web API • 12 • 13 git GitHub • 14 • (6/24 ) / (2 ) OK / 2024 3-4 — 2024-06-17 – p.4/34

5. ( ) ( ) 2024 3-4 — 2024-06-17 – p.5/34

6. + — ( (1), (2)) + ( (3)) 2024 3-4

   — 2024-06-17 – p.6/34

7. 2024 3-4 — 2024-06-17 – p.7/34

8. 1. (1) (2) 2024 6 13 ( ) 23:59 JST

   Waseda Moodle (Q & A ) 2024 3-4 — 2024-06-17 – p.8/34

9. . . . . . . 13 9 (14 (

   ) ) ( ) 2024 3-4 — 2024-06-17 – p.9/34

10. A ⇒ ( ) ⇒ ( ) 2024 3-4 —

    2024-06-17 – p.10/34

11. I ( ) ⇒ . . . . . .

    ( ) ( : ) . . . ( : ) ( ) (anachronism) ^^; 2024 3-4 — 2024-06-17 – p.11/34

12. L ⇒ IPA NISC NICT 7.5 2024 3-4 — 2024-06-17

    – p.12/34

13. N 5 ⇒ https://www.datacenterdynamics.com/en/analysis/how-to-break-into-a-data-center-pen-testers-reveal-their-secrets/ ( ) 2024 3-4 — 2024-06-17

    – p.13/34

14. M ⇒ . . . 2024 3-4 — 2024-06-17 –

    p.14/34

15. Y = = ⇒ 2024 3-4 — 2024-06-17 – p.15/34

16. “ ” 3 ( ) ( ) ( ) 2024

    3-4 — 2024-06-17 – p.16/34

17. ( ) : Wi-Fi etc. (Confidentiality) (Integrity) (Availability) 2024 3-4

    — 2024-06-17 – p.17/34

18. ( +α) : . . . ( ) . .

    . ( . . . ) ( ( ^^;)) . . . . . . ( ) × → 2024 3-4 — 2024-06-17 – p.18/34

19. (Gold Standard of Security) (Authentication) ( ) ID / ,

    , , , , , etc. (Authorization) ( ) , , sudoers, etc. (Audit) , , , etc. 2024 3-4 — 2024-06-17 – p.19/34

20. (1) : ( ) (a) USB (b) URL X 1.

    2. ( ) 3. 2024 3-4 — 2024-06-17 – p.20/34

21. (2) : PPAP PPAP Password ( ) Passowrd ( )

    A ( ) Protocol ( ) PPAP PPAP 2024 3-4 — 2024-06-17 – p.21/34

22. NICT CYDER https://cyder.nict.go.jp (3) : 2024 3-4 — 2024-06-17 –

    p.22/34

23. Πϯγσϯτͷ༧ஹͳͲ ॳಈରԠ ෮چાஔ
    ࢑ఆରԠ ࠶ൃ๷ࢭࡦ
    ߃ٱରԠ ݕ౼ ࣄޙରԠ τϦΞʔδ ใ

    ࠂ ɾ ެ ද Π ϯ γ σ ϯ τ ϋ ϯ υ Ϧ ϯ ά Π ϯ γ σ ϯ τ Ϩ ε ϙ ϯ ε ސ ٬ ɾ ެ ڞ ݕ஌ɾड෇ ରԠํ਑ݕ౼ 1PJOU
    PG
    $POUBDU ূڌอશ ෧͡ࠐΊ ࠜઈ , , DoS , , etc. 2024 3-4 — 2024-06-17 – p.23/34

24. Point of Contact (PoC) 1 2024 3-4 — 2024-06-17 –

    p.24/34

25. 2024 3-4 — 2024-06-17 – p.25/34

26. HDD ( ) 2024 3-4 — 2024-06-17 – p.26/34

27. 2024 3-4 — 2024-06-17 – p.27/34

28. ( ) 2024 3-4 — 2024-06-17 – p.28/34

29. ( ) JPCERT/CC, NISC, ( ) ( ) 2024 3-4

    — 2024-06-17 – p.29/34

30. (1 ) 2024 3-4 — 2024-06-17 – p.30/34

31. (3) : 70 1,000 X 3 1. 2. 3. 3

    2024 3-4 — 2024-06-17 – p.31/34

32. 2024 3-4 — 2024-06-17 – p.32/34

33. 2. OK (1) (2) 2024 6 20 ( ) 23:59

    JST Waseda Moodle (Q & A ) 2024 3-4 — 2024-06-17 – p.33/34

34. I 2024 3-4 — 2024-06-17 – p.34/34