Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティ戦略・発表と総括 / Security Strategies, Presentat...
Search
Kenji Saito
PRO
July 20, 2024
Technology
1
70
セキュリティ戦略・発表と総括 / Security Strategies, Presentation and Conclusions
早稲田大学大学院経営管理研究科「サイバーセキュリティ」2024 夏の第13-14回で使用したスライドです。
Kenji Saito
PRO
July 20, 2024
Tweet
Share
More Decks by Kenji Saito
See All by Kenji Saito
グリーンマイニングが Bitcoin プロトコルに及ぼす影響 / Impact of Green Mining on the Bitcoin Protocol
ks91
PRO
0
18
FinTech 13-14 : Ideathon, Presentations and Conclusions
ks91
PRO
0
22
デザイン相談会 / Design Consultation
ks91
PRO
0
13
FinTech 11-12 : Cyber-Physical Society and Future of Finance
ks91
PRO
0
49
メタ自然選択と製品トレーサビリティー / Meta-Natural Selection and Product Traceability
ks91
PRO
0
8
伝統的金融に呑まれる分散型金融 / Decentralised Finance Engulfed by Traditional Finance
ks91
PRO
0
15
ウェブサービスデザイン 2 / Web Service Design 2
ks91
PRO
0
24
生成AI による論文執筆サポートの手引き(ワークショップ) / A guide to supporting dissertation writing with generative AI (workshop)
ks91
PRO
0
250
FinTech 9-10: Smart Contracts and Decentralized Finance
ks91
PRO
0
62
Other Decks in Technology
See All in Technology
ドメイン名の終活について - JPAAWG 7th -
mikit
33
20k
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
190
SSMRunbook作成の勘所_20241120
koichiotomo
2
130
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
620
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
380
Terraform Stacks入門 #HashiTalks
msato
0
350
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
220
Featured
See All Featured
Designing for humans not robots
tammielis
250
25k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
120
Happy Clients
brianwarren
98
6.7k
Practical Orchestrator
shlominoach
186
10k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Code Reviewing Like a Champion
maltzj
520
39k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Unsuck your backbone
ammeep
668
57k
Transcript
Hardening for cyber security — generated by Stable Diffusion XL
v1.0 2024 13-14 (WBS) 2024 13-14 — 2024-07-22 – p.1/43
https://speakerdeck.com/ks91/collections/cyber-security-2024-summer 2024 13-14 — 2024-07-22 – p.2/43
1 6 10 (1) • 2 6 10 (2) •
3 6 17 • 4 6 17 • 5 6 24 I ( ) • 6 6 24 I ( ) • 7 7 1 • 8 7 1 • 9 7 8 • 10 7 8 • 11 7 15 II ( ) • 12 7 15 II ( ) • 13 7 22 • 14 7 22 • W-IOI / ( ) 2024 13-14 — 2024-07-22 – p.3/43
( 20 ) 1 • 2 • 3 • 4
(TCP/IP ) • 5 • 6 • 7 • 8 • 9 • 10 World Wide Web • 11 Web API • 12 • 13 git GitHub • 14 • SSH • (6/24 ) / (2 ) OK / 2024 13-14 — 2024-07-22 – p.4/43
( ) II 10 2024 13-14 — 2024-07-22 – p.5/43
+ 2024 13-14 — 2024-07-22 – p.6/43
2024 13-14 — 2024-07-22 – p.7/43
6. II (1) ( ) (2) 2024 7 18 (
) 23:59 JST Waseda Moodle (Q & A ) 2024 13-14 — 2024-07-22 – p.8/43
. . . . . . 12 7 (7/20( )
) ( ) DDoS ( ∼ ) < ( ∼1,2 ) 2024 13-14 — 2024-07-22 – p.9/43
N ⇒ ^^; 2024 13-14 — 2024-07-22 – p.10/43
A CSIRT ( ) ⇒ AI 2024 13-14 — 2024-07-22
– p.11/43
L CEO CEO ⇒ MVV OvenAI MVV ( ) Mission
: Vision : AI Value : W(X) vision value . . . 2024 13-14 — 2024-07-22 – p.12/43
A W WebAPP ks91 ⇒ 2024 13-14 — 2024-07-22 –
p.13/43
2024 6 10 ∼7 22 Google 7 2024 13-14 —
2024-07-22 – p.14/43
6 10 Google https://lomgrp.co.jp/wp-content/uploads/2024/06/Informationleak_240610.pdf 2024 13-14 — 2024-07-22 – p.15/43
6 11 WEB 136 5 6 https://news.yahoo.co.jp/articles/71d073180db7d261c1dab9fe554d154f6193c46d 2024 13-14 —
2024-07-22 – p.16/43
6 17 https://www.shochiku.co.jp/wp-content/uploads/2024/06/20240617_02.pdf 2024 13-14 — 2024-07-22 – p.17/43
6 17 https://csw-kawasaki.or.jp/wp-content/uploads/2024/06/20240617 -1.pdf Google ⇒ Google 2024 13-14 —
2024-07-22 – p.18/43
6 18 AI https://www.ocha.ac.jp/news/d014901.html Google Forms Google Google 2024 13-14
— 2024-07-22 – p.19/43
6 25 https://bravegroup.co.jp/news/6359/ URL 2024 13-14 — 2024-07-22 – p.20/43
6 26 Google https://www.gifu-pu.ac.jp/news/2024/06/post-268.html 2024 13-14 — 2024-07-22 – p.21/43
6 28 ( 3.0 ) https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00215.html 2024 13-14 — 2024-07-22
– p.22/43
7 1 OpenSSH “regreSSHion” CVE-2024-6387 2024 13-14 — 2024-07-22 –
p.23/43
7 9 “regreSSHion” OpenSSH CVE-2024-6409 2024 13-14 — 2024-07-22 –
p.24/43
7 9 Zoom High ∼ ( ) https://news.yahoo.co.jp/articles/00fb89f571bf72672e5165cb19049bfc1ade7242 2024 13-14
— 2024-07-22 – p.25/43
7 19 Windows CrowdStrike Falcon Sensor https://news.yahoo.co.jp/articles/dee7ebe1e0f5ac28fd833033c454ee3792727046 2024 13-14 —
2024-07-22 – p.26/43
https://kurashi.com/journal/11074 + CSIRT 2024 13-14 — 2024-07-22 – p.27/43
(1) IPA Ver 3.0 (2023) https://www.meti.go.jp/policy/netsecurity/mng_guide.html IPA Ver 3.0 4
(2023) https://www.ipa.go.jp/security/economics/csm-practice.html 2024 13-14 — 2024-07-22 – p.28/43
(2) +1 / IPA ( ) Ver2.0 F 2 (2022)
https://www.meti.go.jp/policy/netsecurity/mng_guide.html ( Ver 2.0) CSIRT Ver.2.1 https://www.nca.gr.jp/activity/imgs/recruit-hr20201211.pdf 2024 13-14 — 2024-07-22 – p.29/43
(3) (2019) https://www.keidanren.or.jp/policy/cybersecurity/CyberRiskHandbook .html 10 NIST 2024 13-14 — 2024-07-22
– p.30/43
3 2024 13-14 — 2024-07-22 – p.31/43
10 1. 2. 3. ( ) 4. 5. 6. PDCA
7. 8. 9. 10. F 2024 13-14 — 2024-07-22 – p.32/43
1 IT 2 3 4 5 2024 13-14 — 2024-07-22
– p.33/43
NIST 5 (Identify) (Protect) (Detect) (Respond) (Recover) 2024 13-14 —
2024-07-22 – p.34/43
: 5 5 2024 13-14 — 2024-07-22 – p.35/43
(OvenAI) 2024 6 10 OvenAI (BCP) OK 2024 13-14 —
2024-07-22 – p.36/43
2024 13-14 — 2024-07-22 – p.37/43
2024 2024 13-14 — 2024-07-22 – p.38/43
( ) (1) (2) ( ) ⇒ 2024 13-14 —
2024-07-22 – p.39/43
( ) NISC 7 ( ) 2024 13-14 — 2024-07-22
– p.40/43
2024 13-14 — 2024-07-22 – p.41/43
7. 2024 7 29 ( ) 23:59 JST Waseda Moodle
(Q & A ) 2024 13-14 — 2024-07-22 – p.42/43
2024 13-14 — 2024-07-22 – p.43/43
ks91
mikit
salaboy
koichiotomo
sinsoku
hirosatogamo
trishagee
10xinc
tacck
msato
iotengineer22
chanyou0311
kakehashi
tammielis
csswizardry
eileencodes
morganepeng
bluesmoon
brianwarren
shlominoach
maltzj
rocio
keavy
ammeep
