Slide 1

Slide 1 text

Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - શମ૾ฤ 2019/08/10 By @ken5scal

Slide 2

Slide 2 text

ࣗݾ঺հ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ

Slide 3

Slide 3 text

͋Δ೔…

Slide 4

Slide 4 text

օ༷ͱ໨ઢ߹Θͤ

Slide 5

Slide 5 text

- Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” - Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM

Slide 6

Slide 6 text

- Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” - Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM

Slide 7

Slide 7 text

ੈͷத͕มΘΔͱ͸ʁ

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

ͱ͍͏͜ͱͰ͸ͳ͘ ʢݸਓͷҙݟͰ͢ʣ

Slide 10

Slide 10 text

৽͍͠Ձ஋Λ૑ग़͢Δ͜ͱ

Slide 11

Slide 11 text

- ੈքతྲྀΕ - ୈ4࣍࢈ۀֵ໋ٕज़ - ࠃ಺ͷྲྀΕ - Connected Industry - Society 5.0 ৽͍͠Ձ஋ͷ૑ग़ͷྲྀΕ

Slide 12

Slide 12 text

ୈ̐࣍࢈ۀֵ໋ IUUQTXXXCSJUBOOJDBDPNUPQJD5IF'PVSUI*OEVTUSJBM3FWPMVUJPO

Slide 13

Slide 13 text

- ࣮ੈքʢϑΟδΧϧۭؒʣʹ͋Δଟ༷ ͳσʔλΛηϯαʔωοτϫʔΫ౳Ͱ ऩू͠ɺαΠόʔۭؒͰେن໛σʔλ ॲཧٕज़౳Λۦ࢖ͯ͠෼ੳʗ஌ࣝԽΛ ߦ͍ɺͦ͜Ͱ૑ग़ͨ͠৘ใʗՁ஋ CPS IUUQTXXXKFJUBPSKQDQTBCPVU

Slide 14

Slide 14 text

- “զ͕ࠃ͸ɺ੡଄ۀΛ௒͑ͯɺϞϊͱϞ ϊɺਓͱػցɾγ εςϜɺਓͱٕज़ɺҟͳΔ࢈ۀʹଐ͢Δاۀͱاۀɺੈ ୅Λ௒ ͑ͨਓͱਓɺ੡଄ऀͱফඅऀͳͲɺ༷ʑͳ΋ͷΛ ͭͳ͛Δ”࢈ۀࣾձ Connected Industries

Slide 15

Slide 15 text

Connected Industries in ۚ༥ ۚ༥ிϑΟϯςοΫ͸ڞ௨Ձ஋Λ૑଄Ͱ͖Δ͔

Slide 16

Slide 16 text

νϟοτ(LINE) X ূ݊ձࣾ(FOLIO) ʲ-*/&'JOBODJBMʳ-*/&'JOBODJBMͱ'0-*0ɺʮ-*/&εϚʔτ౤ࢿʯΛຊ೔͔Βఏڙ։࢝

Slide 17

Slide 17 text

IUUQTOFXTQJDLTDPNOFXT

Slide 18

Slide 18 text

- ௒εϚʔτࣾձ - ʮඞཁͳ΋ͷɾαʔϏεΛɺඞཁͳਓʹɺඞཁͳ࣌ʹɺඞཁͳ͚ͩఏڙ͠ɺࣾձͷ༷ʑ ͳχʔζʹ͖Ίࡉ͔͘ରԠͰ͖ɺ͋ΒΏΔਓ͕࣭ͷߴ͍αʔϏεΛड͚ΒΕɺ೥ྸɺੑ ผɺ஍Ҭɺݴޠͱ͍༷ͬͨʑͳҧ͍Λ৐Γӽ͑ɺ׆͖׆͖ͱշదʹ฻Β͢͜ͱ͕Ͱ͖ Δʯࣾձ - ํ޲ੑ - ʮ৽ͨͳ֗ʯͮ͘ΓͷࡏΓํͦͷ΋ͷͷݟ௚͠ - γΣΞϦϯάΤίϊϛʔͷਪਐ - FinTechͷ׆༻ਪਐ Society 5.0 IUUQXXXTPVNVHPKQKPIPUTVTJOUPLFJXIJUFQBQFSKBIQEGOQEG IUUQTXXXNFUJHPKQQSFTTQEG

Slide 19

Slide 19 text

- ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ - ΑΓੜ׆ʹີணͨ͠࿈ܞʹͳΓɺαΠόʔۭؒͱϑΟδΧϧۭ͕ؒ݁߹͖ͯͨ͠ - ෼໺ - ϔϧεέΞ - Ҡಈʢ෺ྲྀɾҠಈʣ - αϓϥΠνΣʔϯ - ۚ༥ ʢ·ͱΊʣ৽͍͠Ձ஋͸Ͳ͜Ͱੜ·Ε͍ͯΔ͔ʁ

Slide 20

Slide 20 text

৽͍͠Ձ஋ͱϦεΫ

Slide 21

Slide 21 text

- ΞϝϦΧͰϑΟϯςοΫ౤ࢿͷओͨΔྖҬ͸༥ࢿͱܾࡁ - ༥ࢿɿ68ԯυϧ - ܾࡁ: 19ԯυϧ ৽͍͠Ձ஋ͷܦࡁن໛ IUUQTXXXDBPHPKQLFJ[BJOLO@@IUN

Slide 22

Slide 22 text

ࢢ৔ΛऔΓʹߦ͘ᗐ྽ͳ૪͍

Slide 23

Slide 23 text

Typical concern about platform markets is that people will coordinate on a “dominant” platform. IUUQTXFCTUBOGPSEFEVdKEMFWJO&DPO-FDUVSF&DPOPNJDTPG1MBUGPSNTQQUY

Slide 24

Slide 24 text

݁Ռ

Slide 25

Slide 25 text

https://piyolog.hatenadiary.jp/entry/2019/06/07/063000 IUUQTQJZPMPHIBUFOBEJBSZKQFOUSZ

Slide 26

Slide 26 text

https://headlines.yahoo.co.jp/hl?a=20190716-00000136-kyodonews-bus_all IUUQTIFBEMJOFTZBIPPDPKQIM BLZPEPOFXTCVT@BMM

Slide 27

Slide 27 text

IUUQTLPOEFJIBUFCMPKQFOUSZ

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

IUUQXXXJUSFTFBSDIBSUCJ[ Q

Slide 30

Slide 30 text

- ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFTBOHZP@DZCFSXH@TFJEPXH@CVOZBPEBOEBJOJTPQEG@@QEG

Slide 31

Slide 31 text

- 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ

Slide 32

Slide 32 text

- 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ ݦࡏԽ·Ͱͷεϐʔυ૿Ճ

Slide 33

Slide 33 text

IUUQTXXXFOJTBFVSPQBFVQVCMJDBUJPOTFOJTBUISFBUMBOETDBQFSFQPSU IUUQTXXXJQBHPKQTFDVSJUZWVMOUISFBUTIUNM ৽͍͠Ձ஋ͱมԽ͢ΔڴҖ

Slide 34

Slide 34 text

Ձ஋͕มԽ͢ΔʹͭΕ ϦεΫ͕৽͘͠ੜ·ΕΔɹor ϦεΫͷେ͖͕͞มԽ͢Δ

Slide 35

Slide 35 text

ੈͷதΛม͑ͳ͕Β ͖ͪΜͱӡ༻͍ͯ͘͠ͱ͸ʁ

Slide 36

Slide 36 text

ᶃΠϊϕʔγϣϯΛ࠷଎Խͭͭ͠ ᶄՁ஋Λ࠷େԽͭͭ͠ɺ ᶅϦεΫΛ࠷খԽ͢ΔࢪࡦΛ࣮ߦ͢Δ

Slide 37

Slide 37 text

ࠓ೔ͷΰʔϧ

Slide 38

Slide 38 text

- ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧ

Slide 39

Slide 39 text

ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ

Slide 40

Slide 40 text

- ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ ূ݊ۀքͷཱ৔͔Βɺ Ͳ͏ελʔτΞοϓͰʮͪΌΜͱӡ༻͢Δʯ͔ ͓࿩͍͖ͤͯͨͩ͞·͢ɻ

Slide 41

Slide 41 text

- ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: - NRIηΩϡΞ ূ݊ձࣾ޲͚MSS - 2014: Money Forward - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIOʢݱ৬ʣ - ূ݊ܥFintechελʔτΞοϓ ٕज़ॻయͳͲͰಉਓࢽग़ͯ͠·͢

Slide 42

Slide 42 text

ΑΖ͓͘͠ئ͍͠·͢

Slide 43

Slide 43 text

- 3ࣾʹ7೥΄Ͳ͔͍ͨ͜͠ͱ͕ͳ͍ - Fintechɾۚ༥ͷதͰ΋ɺ2छ΄Ͳ͔͠ܦݧͳ͠ - ͕ͨͬͯ͠ɺҰൠతͳ಺༰ͱ͸ݴ͍೉͍ ஫ҙ

Slide 44

Slide 44 text

- ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧʢ࠶ܝʣ

Slide 45

Slide 45 text

ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 46

Slide 46 text

๏ྩɾج४ɾࢦ਑ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 47

Slide 47 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 48

Slide 48 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 49

Slide 49 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ 43&νʔϜ͕ओʹ୲౰͕ͪ͠

Slide 50

Slide 50 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢՄ༻ੑʣ ઓུʢ׬શੑʣ ϓϩμΫτνʔϜ͕ओʹ୲౰͕ͪ͠

Slide 51

Slide 51 text

ઃܭ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 52

Slide 52 text

ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 53

Slide 53 text

๏ྩɾج४

Slide 54

Slide 54 text

๏ྩɾج४ ๏ྩɾج४ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 55

Slide 55 text

- ๏ྩ: - ٞձ੍͕ఆ͢Δ๏نൣʢ๏཯ʣ + ߦ੓ػ੍͕ؔఆ͢Δ๏نൣʢ໋ྩʣ - ๏త߆ଋྗ͸͋Δ - ج४: - ࠷௿ݶຬͨ͢΂͖ϧʔϧ - ९कΛਪ঑͞ΕΔʮΨΠυϥΠϯʯ΍ʮࢦ਑ʯ΋ؚ·ΕΔ͜ͱ͕͋Δ - ๏త߆ଋྗ͸ͳ͍ʢ͋Δʣ - ͜ΕΛຬͨͯ͠ͳ͍ͱ͖ʹɺى͜Γ͏Δ͜ͱ͸… ๏ྩɾΨΠυϥΠϯͱ͸ IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ

Slide 56

Slide 56 text

- ਉຽͷ޾෱Λ૿ਐ͢ΔͨΊ - ެڞͷ҆ೡடংΛอ࣋͢ΔͨΊ ๏ྩɾΨΠυϥΠϯͷ໨త IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ

Slide 57

Slide 57 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

Slide 58

Slide 58 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

Slide 59

Slide 59 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

Slide 60

Slide 60 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

Slide 61

Slide 61 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

Slide 62

Slide 62 text

९क͞Εͳ͍ͱ…?

Slide 63

Slide 63 text

ɹߦ੓ॲ෼

Slide 64

Slide 64 text

ߦ੓ॲ෼ྫ

Slide 65

Slide 65 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ

Slide 66

Slide 66 text

- ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ ☓ߦ੓ॲ෼Λ͏͚ͳ͍ͨΊͷରԠ ˓ϢʔβʔͷอޢͱՁ஋ͷఏڙΛܧଓ͢ΔͨΊͷରԠ

Slide 67

Slide 67 text

ۚ༥঎඼औҾۀऀ౳޲͚ͷ ૯߹తͳ؂ಜࢦ਑

Slide 68

Slide 68 text

- “ۀ຿ͷ݈શ͔ͭద੾ͳӡӦΛ֬อ” - “༗Ձূ݊ͷൃߦٴͼۚ༥঎඼౳ͷऔҾ౳Λެਖ਼” - “༗Ձূ݊ͷྲྀ௨Λԁ׈ʹ͢Δ” - “ۚ༥঎඼౳ͷެਖ਼ͳՁ֨ܗ੒౳ΛਤΓ” - “ࠃຽܦࡁͷ݈શͳൃలٴͼ౤ࢿऀͷอޢʹࢿ͢Δ͜ͱ” ؂ಜࢦ਑ͷ໨త

Slide 69

Slide 69 text

- ۚ༥௕ͷݕࠪ෦ہʹΑΔΦϯαΠτݕࠪ - ͦͷใࠂॻͷ݁ՌɺώΞϦϯάɺվળɾରԠࡦͷ࣮ࢪঢ়گɺࢦఠࣄ߲ͷվળঢ়گͳ Ͳ͔Βɺূ݊औҾ౳؂ࢹҕһձΑΓקࠂ to ۚ༥ி؂ࠪ෦ہ - ۚ༥ிઃஔใ20্ୈ߲̍ - ؂ࠪ෦ہ͸ͦͷ಺༰Λݕ౼ͯ͠ߦ੓ॲ෼ͷݕ౼ - ۚ঎๏ୈ56৚ͷ̎ୈ߲̍ - ۚ঎๏ୈ51৚~52৚ͷ̎ - ݕ౼࣌͸ʮຊ؂ಜࢦ਑ʹܝ͛ͨධՁ߲໨౳ʹরΒͯ͠ʯݕ౼͠ɺ಺༰Λܾఆ ߦ੓ॲ෼͸؂ಜࢦ਑ͷධՁ߲໨Λιʔεͱ͢Δ IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM

Slide 70

Slide 70 text

ධՁ߲໨ https://www.fsa.go.jp/common/law/guide/kinyushohin/

Slide 71

Slide 71 text

αΠόʔηΩϡϦςΟͷจ຺Ͱ཈͑Δ΂͖Օॴ https://www.fsa.go.jp/common/law/guide/kinyushohin/

Slide 72

Slide 72 text

- ސ٬৘ใʹ͍ͭͯɺҎԼͷ९कΛٻΊΒΕ͍ͯΔ - ݸਓ৘ใอޢ๏ - ݸਓ৘ใͷอޢʹؔ͢Δ๏཯ʹ͍ͭͯͷΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ·ͨɺΠϯαΠμʔऔҾ౳ͷෆެਖ਼ͳऔҾ๷ࢭ΋ٻΊΒ Ε͍ͯΔ III-2-4 ސ٬౳ʹؔ͢Δ৘ใ؅ཧ IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG

Slide 73

Slide 73 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 74

Slide 74 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 75

Slide 75 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 76

Slide 76 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 77

Slide 77 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 78

Slide 78 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 79

Slide 79 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 80

Slide 80 text

- γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ - αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

Slide 81

Slide 81 text

ઓུ

Slide 82

Slide 82 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 83

Slide 83 text

Cybersecurity Framework(CSF) - NIST: ถࠃཱඪ४ٕज़ݚڀॴ - AESͳͲ҉߸ٕज़ͷબఆͱඪ४ԽͳͲ - ॏཁΠϯϑϥΛѻ͏اۀɾ૊৫ͷαΠόʔϦ εΫͷ؅ཧΛࢧԉ͢ΔͨΊͷɺϦεΫϕʔ εɾΞϓϩʔνʹجͮ͘൚༻తͳFW - ̏ཁૉ͔Β੒Γཱͭ - CoreɺTierɺProfile IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

Slide 84

Slide 84 text

ͳͥϦεΫϕʔε͕ॏཁͳͷ͔ ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ɾղઆॻʢୈ൛ʣ - ”Ϋϥ΢υαʔϏε΍FinTechاۀ౳ͱ࿈ܞͨۚ͠༥ؔ࿈αʔ Ϗεͷར༻͕޿͕ΓΛΈͤΔͳͲɺଟ༷Խ͖͍ͯͯ͠Δ” - “ଟ༷Խ͢ΔʢதུʣγεςϜʹ͓͍ͯ(ैདྷͷج४Ͱ͸)৽ن ։ൃ΁ͷ౤ࢿ͕཈੍͞ΕΔ౳ɺܦӦࢿݯ͕ద੾ʹ഑෼͞Εͳ ͍ͱ͍ͬͨݒ೦͕ੜ͡ɺʢதུʣϦεΫθϩΛ௥ٻ͢Δ͜ͱ ͸ඞͣ͠΋߹ཧతͰ͸ͳ͍”

Slide 85

Slide 85 text

͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

Slide 86

Slide 86 text

͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͭͷػೳ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

Slide 87

Slide 87 text

͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͷΧςΰϦʔ ʢͱαϒΧςΰϦʔʣ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

Slide 88

Slide 88 text

Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

Slide 89

Slide 89 text

Tier

Slide 90

Slide 90 text

Profile

Slide 91

Slide 91 text

ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 92

Slide 92 text

- Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets - APT͔Βॏཁͳࢿ࢈ͷػີੑɾ׬શੑΛकΔͨΊਪ঑͞ΕΔηΩϡϦςΟରࡦू - ྫ: ϓϥΠόγʔɺ੫ɺۚ༥৘ใɺಛݖͳͲ - ཁ݅ྫ - ΞΫηε੍ޚɺҙࣝ෇͚ɾ܇࿅ɺ؂ࠪɺߏ੒؅ཧɺࣝผͱೝূͳͲͳͲ - Cyber Security Frameworkͱඥ෇͚ΒΕ͍ͯΔ NIST SP 800-171 IUUQTXXXOJTUHPWTJUFTEFGBVMUpMFTEPDVNFOUTDVJPDUDVJ@PWFSWJFXDBTFZQEG

Slide 93

Slide 93 text

ઃܭ

Slide 94

Slide 94 text

ઃܭ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 95

Slide 95 text

BeyondCorp/ZeroTrust

Slide 96

Slide 96 text

ઓज़

Slide 97

Slide 97 text

ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 98

Slide 98 text

- Cyber Kill Chainʢྫʣ - F35ʢεςϧεઓಆػʣΛ։ൃͨ͠ϩοΩʔυɾϚʔςΟϯʹ ΑΔϑϨʔϜϫʔΫ - ඪతܕ߈ܸʹ͓͚Δ߈ܸͷϑΣʔζΛ෼ྨͨ͠΋ͷ - ఁ࡯ɺ෢ثԽɺσϦόϦʔɺΤΫεϓϩΠτɺΠϯετʔϧɺ C&Cɺ໨తͷ࣮ߦ ڴҖ෼ੳ

Slide 99

Slide 99 text

- Adversarial Tactics, Techniques, and Common Knowledge - CVEΛ؅ཧ͍ͯ͠ΔMITREࣾͷφϨοδϕʔεͱϑϨʔϜϫʔΫ - ߈ܸऀɾ߈ܸάϧʔϓɺઓज़త໨ඪɺٕज़తͳߦಈɺ߈ܸπʔϧ ΛϦετԽɾϝτϦΫεԽ - ۩ମతͳ๷ޚࡦͷ࣮૷ʹ໾ཱͭ - STIX/TAXIIͰͷΠϯςϦδΣϯεڞ༗ ATT&CK IUUQTBUUBDLNJUSFPSH

Slide 100

Slide 100 text

Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ઃܭɾ࣮຿ฤ 2019/08/10 By @ken5scal

Slide 101

Slide 101 text

Pre 2010: Perimeter Model

Slide 102

Slide 102 text

1990s: Internetେരൃ

Slide 103

Slide 103 text

1994: IANAʹΑΔPrivate NetworkϨϯδͷ֬อʢ RFC1597)

Slide 104

Slide 104 text

ΤϯλʔϓϥΠζͷΠϯλʔωοτࢀՃ 5SVTUFE[POF - ϝʔϧ౳Λ࢖ͬͨ֎෦ͱͷ ίϛϡχέʔγϣϯͷൃੜ - ࣍ͷڥքͷొ৔ - (Un)Trust Zone - Demilitarized Zone 6OUSVUFE[POF %.;

Slide 105

Slide 105 text

- σΟϨΫτϦαʔϏε - Ϣʔβʔ΍PCϦιʔεͷҰׅ؅ཧ - Ϣʔβʔ΍PCͷઃఆΛۉҰԽ - ೝূͳͲ֤ػೳͰඪ४ٕज़Λ࠾༻ 2000: Active Directory 5SVTUFE 6OUSVUFE %.

Slide 106

Slide 106 text

ઓུʢ࠶ܝʣ: Active DirectoryͷΧόʔൣғ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 107

Slide 107 text

1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ 6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171:ɹຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅

Slide 108

Slide 108 text

1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ 6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171: ຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅

Slide 109

Slide 109 text

- Ϣʔβʔೝূ - Ϣʔβʔ౷੍ - σόΠε౷੍ - ϚεσϓϩΠ - ετϨʔδ - ೝূہ - DNS - DHCP Active Directory͕༗͢Δػೳ

Slide 110

Slide 110 text

ଞͷκʔϯʢTrustκʔϯʣ %.; ։ൃऀ ਓࣄ ਓࣄ޲͚κʔϯ ։ൃऀ޲͚κʔϯ ౿Έ୆ ਓࣄ%# 5SVTUκʔϯ

Slide 111

Slide 111 text

Trusted Zone಺Ͱͷۀ຿ ॏཁͳσʔλ 0Oαʔόʔ ॏཁͳσʔλ 0Oαʔόʔ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ 5SVTUFE[POF

Slide 112

Slide 112 text

function CanWeTrust (zone string) bool { return zone == “true” } γϯϓϧͳੈք

Slide 113

Slide 113 text

·ͱΊ ڥքϞσϧͱκʔϯͷग़ݱ

Slide 114

Slide 114 text

Post 2010

Slide 115

Slide 115 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্Ͱͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

Slide 116

Slide 116 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - SalesforceͷϝΨώοτ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

Slide 117

Slide 117 text

ݟग़͠ 5IF/FFEMFTTMZ$PNQMFY)JTUPSZPG4BB4 4JNQMJpFEIUUQTXXXQSPDFTTTUIJTUPSZPGTBBT

Slide 118

Slide 118 text

- Trusted -> Untrustedͷϒϥ ΢βΞΫηεཁ݅૿Ճ - DMZʹϦόʔεϓϩΩγΛ௥ Ճ͢Δ͜ͱͰे෼ରॲՄೳ SaaSͷొ৔ʹΑΔ֎෦઀ଓͷ૿Ճ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ

Slide 119

Slide 119 text

<ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

Slide 120

Slide 120 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - Google Apps For YourDomain ʢݱGSuiteʣͷొ৔ - AWSͷొ৔: αʔϏεఏڙ؀ڥͷPaaSԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ "84೥ͷาΈdԊֵdIUUQTBXTBNB[PODPNKQBXT@IJTUPSZEFUBJMT 8JLJQFEJBIUUQTFOXJLJQFEJBPSHXJLJ(@4VJUF

Slide 121

Slide 121 text

- Trustedκʔϯ಺ͷγεςϜ ͕ଓʑͱSaaSԽ ৘ใγεςϜͷSaaSԽʹΑΔมԽ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ

Slide 122

Slide 122 text

Ͳ͜Ζ͔αʔϏε؀ڥͰ͑͞as a Serviceʹ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ ։ൃऀ޲͚κʔϯ ౿Έ୆

Slide 123

Slide 123 text

<ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

Slide 124

Slide 124 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - ۀ຿ͰͷεϚϗ׆༻ࣄྫ૿Ճ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

Slide 125

Slide 125 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - ن੍࢈ۀʹ͓͚ΔελʔτΞοϓͷ૿Ճʢྫ: Fintechʣ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

Slide 126

Slide 126 text

վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz

Slide 127

Slide 127 text

վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

Slide 128

Slide 128 text

- ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

Slide 129

Slide 129 text

IUUQTSFDSVJUIPMEJOHTDPKQOFXT@EBUBSFMFBTF@IUNM

Slide 130

Slide 130 text

<ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

Slide 131

Slide 131 text

ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ

Slide 132

Slide 132 text

ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

Slide 133

Slide 133 text

ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

Slide 134

Slide 134 text

ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

Slide 135

Slide 135 text

ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ جװ σʔλ جװ σʔλ

Slide 136

Slide 136 text

৴པʢTrustʣ͢ΔڥքͷมԽ

Slide 137

Slide 137 text

ڥքͷมԽͱ ڴҖɾΠϯγσϯτ

Slide 138

Slide 138 text

ඪతܕ߈ܸʢڴҖʣ - ಛఆͷ૊৫಺ͷ৘ใΛૂͬͯ ߦΘΕΔαΠόʔ߈ܸ(2009~) - ࠃ಺ࣄྫ - 2011: ࡾඛॏ޻ - 2015: ೔ຊ೥ۚػߏ - 2018: CoinCheckʁ 5IF$ZCFS,JMM$IBJOIUUQTXXXMPDLIFFENBSUJODPNFOVTDBQBCJMJUJFTDZCFSDZCFSLJMMDIBJOIUNM

Slide 139

Slide 139 text

αϓϥΠνΣʔϯ - ੡඼ʹର͢Δෆਖ਼ϓϩάϥϜͷຒΊࠐΈɺϋʔυ΢ΣΞͷෆਖ਼վ଄ ͳͲʹΑͬͯੜ͡Δ৘ใηΩϡϦςΟ্ͷϦεΫ - ࣄྫ - NPMͷਓؾϥΠϒϥϦ΁ͷѱੑίʔυ஫ೖ - GEMͷ” strong_password”΁ͷѱੑίʔυ஫ೖ - ϑΝΠϧγΣΞ֦ுػೳͷ৐ͬऔΓ - 7Pay͕ґଘ͢Δomni7ʹ͓͚Δ੬ऑੑ - ถࠃͷϑΝʔ΢ΣΠ੡඼ഉআ IUUQTXXXTFDVSJUZXFFLDPNNBMJDJPVTDPEFQMBOUFETUSPOHQBTTXPSESVCZHFN IUUQTXXXXJSFEDPNTUPSZHPPHMFDISPNFFYUFOTJPOTTFDVSJUZDIBOHFT

Slide 140

Slide 140 text

಺෦൜ߦ - ૊৫಺ͷϝϯόʔʹΑΔѱҙ͋Δߦಈ - ࠃ಺ࣄྫ - 2014: ϕωοηͷάϧʔϓاۀ಺ͷ೿ݣࣾһʹΑ Δݸਓ৘ใ࿙Ӯʢ͋ΔҙຯαϓϥΠνΣʔϯͰ΋ ͋Δʣ

Slide 141

Slide 141 text

ڞ௨఺

Slide 142

Slide 142 text

Trustκʔϯͷ৴པੑͷ௿Լ - ඪతܕ߈ܸ - Drive by Download΍ਫҿΈ৔߈ܸ - ExploitޙͷC2CʹΑΔ৘ใऩूɾԣஅత৵֐ - αϓϥΠνΣʔϯϦεΫ - ґଘઌͷOSSʹ͓͚Δ੬ऑੑ - ಺෦൜ߦ - ૊৫಺ͷ൜ߦ

Slide 143

Slide 143 text

ωοτϫʔΫڥքΛࠜڌʹͨ͠Trustͷݶք - σʔλɾਓɾఏܞઌ͕ඞͣ͠΋Trustڥքʹ͍ͳ ͍ - TrustڥքʹUntrustfulͳཁૉ͕૿͑ͨ

Slide 144

Slide 144 text

BeyondCorp Zero Trust Network

Slide 145

Slide 145 text

- ωοτϫʔΫͷڥքʹԠͨ͡৴པྖҬͷ֓೦Λഉআ - ϢʔβʔɾσόΠεΛ΋ͱʹೝূ͢Δ - ͦΕΒ΁ͷೝՄʢΞΫηε੍ޚʣ͸ϙϦγʔʹ΋ͱ ͖ͮಈతʹܾఆ͢Δ - ͲͪΒ͔ͱ͍͏ͱɺαʔϏε؀ڥ޲͚ Zero Trust Networkͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ

Slide 146

Slide 146 text

- ैۀһ͕ʮ৴པͰ͖ͳ͍ωοτϫʔΫʯΛ௨ͯ͡ ಇ͚ΔΑ͏ʹ͢ΔGoogleࣾ಺ͷΞϓϩʔν BeyondCorpͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ

Slide 147

Slide 147 text

https://www.youtube.com/watch?v=SSUUg38lFg0 IUUQTXXXZPVUVCFDPNXBUDI W4466HM'HUT IUUQTUDP&X+W$3(,[9 BNQ Zero Trust/Beyond CorpͷϦιʔε ࿦จͱͯ͋͠Δͷ͕ #FZPOE$PSQ ;FSP5SVTUͷ࿦จ͋ͬͨΒ͢Έ·ͤΜ

Slide 148

Slide 148 text

Ҏ߱ɺBeyondCorpΛϕʔεʹ͠·͢

Slide 149

Slide 149 text

- ͢΂ͯΛUntrusted Zone͔ΒͷΞΫηεͱԾఆ͢Δ - ΞΫηεݩͷϢʔβʔɾσόΠεΛೝূ͢Δ - ΞΫηεݩΛσʔλʹԠͯ͡ΞΫηεՄ൱൑அ͢ Δ - “Never Trust, Always Verify” Basic Principals

Slide 150

Slide 150 text

function CanWeTrust ( device, user interface, zone string) int { // return value from 0~1 return someAlgorithm(device, user, zone) } function AuthorizationDecision( device, user interface, score int) bool{ return AllowOrDisAllow(device, user, zone) } ෳ਺ͷม਺͔Β৴པ͕ܭࢉ͞ΕΔੈք

Slide 151

Slide 151 text

IUUQTBJHPPHMFSFTFBSDIQVCTQVCQEG

Slide 152

Slide 152 text

- Ϣʔβʔͷಛఆ - σόΠεͷಛఆ - ΞΫηεϓϩΩγ - ΞΫηε੍ޚΤϯδϯʢϙϦγʔΤϯδϯʣ - Trust Inferenceʢ৴པείΞࢉग़Τϯδϯʣ ඞཁͳίϯϙʔωϯτ

Slide 153

Slide 153 text

Ϣʔβʔͷಛఆ ʢIdentification)

Slide 154

Slide 154 text

No content

Slide 155

Slide 155 text

- ͦͷϢʔβʔ͸ຊ౰ʹਖ਼͍͠Ϣʔβʔͳͷ͔ - ඞཁͳίϯϙʔωϯτ - ϢʔβʔɾάϧʔϓDB - Ϣʔβʔೝূ Ϣʔβʔͷಛఆ

Slide 156

Slide 156 text

- ຊਓ֬ೝ - ΦϯϥΠϯ্ʹ͋ΔϦιʔε΁ͷΞΫηεΛཁ ٻ͢Δਃ੥ऀͷొ࿥ͱ਎ݩ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

Slide 157

Slide 157 text

- ຊਓ֬ೝ - ೝূ - ొ࿥ޙͷϦιʔε΁ͷΞΫηεΛཁٻ͢Δਃ੥ ऀͷΞΠσϯςΟςΟͷ͔֬͞Λূ໌͢Δ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

Slide 158

Slide 158 text

- ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ - ೝূ࣌ͷ৘ใΛଞΞϓϦ΍γεςϜͱ࿈ܞ͢Δ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

Slide 159

Slide 159 text

- ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

Slide 160

Slide 160 text

ϢʔβʔɾάϧʔϓDB

Slide 161

Slide 161 text

No content

Slide 162

Slide 162 text

ਓࣄ%#

Slide 163

Slide 163 text

ϢʔβʔɾάϧʔϓDBͷ֓ཁ - σΟϨΫτϦ - ΦϒδΣΫτͷҰݩ؅ཧ͢ΔϢʔβʔɾάϧʔϓDB - ωοτϫʔΫʹ઀ଓͨ͠αʔόʔͳͲͷࢿݯʢϦιʔεʣͷॴࡏɾ ଐੑɾઃఆͳͲͷ৘ใΛޮ཰తʹऩू͠ɺه࿥ɾ؅ཧ͢ΔαʔϏε - ར఺ - ಡΈऔΓ͕ߴ଎ - ෼ࢄܕͷ৘ใ֨ೲϞσϧ - ߴ౓ͳݕࡧػೳΛ࣋ͭ

Slide 164

Slide 164 text

ϢʔβʔɾάϧʔϓDBؔ܎ͷϓϩτίϧ - LDAP - SCIM

Slide 165

Slide 165 text

LDAP - Lightweight Directory Access Protocol - σΟϨΫτϦαʔϏεʹΞΫηε͢Δϓϩτίϧ - ػೳ - ݕࡧ: ldapsearch, ߋ৽: ldapmodify, ௥Ճ: ldapadd - Active Directory͕༗໊͕ͩɺ࠷ۙ͸GSuite΋࣮૷ͨ͠ - ঎༻Ͱ΋OSSͰ΋࢖ΘΕ๛෋ͳ࣮੷͕͋Δ - Ϋϥ΢υɾWebΞϓϦͰ͸ϝδϟʔΑΓͷϚΠφʔ

Slide 166

Slide 166 text

LDAP $ - * & / 5 4 & 3 7 & 3 IUUQTISPVIBOJPSHMEBQTFSWFSPQFOMEBQDFOUPT

Slide 167

Slide 167 text

LDAPྫ: ݕࡧ $ - * & / 5 4 & 3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

Slide 168

Slide 168 text

LDAPྫ: ݕࡧ $ - * & / 5 4 & 3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

Slide 169

Slide 169 text

LDAPྫ: ݕࡧ $ - * & / 5 4 & 3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

Slide 170

Slide 170 text

SCIMɹʢ͖͢Ήʣ - System for Cross-domain Identity Management - “Ϋϥ΢υϕʔεͷΞϓϦέʔγϣϯ͓ΑͼαʔϏεʹ͓͚Δ ϢʔβʔIDͷ؅ཧΛ༰қʹ͢ΔΑ͏ʹઃܭ” - Ұݩ؅ཧ͞ΕͨσΟϨΫτϦ͔Βɺར༻͢ΔαʔϏε΁ͷϓϩ Ϗδϣχϯά - JSON/XMLܗࣜ - REST APIʹΑΔϞσϧૢ࡞ - LDAPΑΓϚΠφʔ IUUQXXXTJNQMFDMPVEJOGP

Slide 171

Slide 171 text

IUUQXXXTJNQMFDMPVEJOGP SCIMϞσϧ

Slide 172

Slide 172 text

{ "schemas": ["urn:ietf:params:scim:schemas:core: 2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"bjensen", "meta":{ "resourceType": "User", "created":"2011-08-01T18:29:49.793Z", "lastModified":"2011-08-01T18:29:49.793Z", "location":"https://example.com/v2/Users/ 2819c223...", "version":"W\/\"f250dd84f0671c3\"" }, "name":{ "formatted": "Ms. Barbara J Jensen, III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "userName":"bjensen", "phoneNumbers":[ { "value":"555-555-8377", "type":"work" } ], "emails":[ { "value":"[email protected]", "type":"work", "primary": true } ] } IUUQXXXTJNQMFDMPVEJOGP

Slide 173

Slide 173 text

SCIM Protocols - ࡞੒ɿ POST /{version}/{resource} - ಡऔɿ GET /{v}/{resource}/{id} - ஔ׵ɿ PUT /{v}/{resource}/{id} - ࡟আɿ DELETE /{v}/{resource}/{id} - ෦෼ஔ׵ɿ PATCH /{v}/{resource}/{id} - ݕࡧ: GET /{v}/{resource}?ϑΟϧλʔ= {ଐੑ} {ΦϖϨʔλ} {஋}ˍ SORTBY = {attributeName}ˍsortOrder={ঢॱ|߱ॱ} - Ұׅ࡞੒ɿ POST /{v}/Bulk IUUQXXXTJNQMFDMPVEJOGP

Slide 174

Slide 174 text

Ϣʔβʔೝূ

Slide 175

Slide 175 text

No content

Slide 176

Slide 176 text

Ϣʔβʔೝূ - 2ஈ֊ೝূͱSingle Sign On͕େલఏ - ೝূ͕௨ͬͨ৔߹ɺ୹࣌ؒͷτʔΫϯΛൃߦ͢Δ - τʔΫϯͷதʹ͸ೝՄϓϩηεʹඞཁͳ৘ใؚ͕ ·Ε͍ͯΔ͜ͱ͕ଟ͍

Slide 177

Slide 177 text

ೝূͱγϯάϧɾαΠϯΦϯͷҧ͍ - ೝূ - ϢʔβͷΞΠσϯςΟςΟ͕͔֬ͳ΋ͷͰ͋Δ͜ͱΛΫϨ σϯγϟϧΛఏࣔͯ͠ূ໌͢Δϓϩηε - ୅දతͳϓϩτίϧ: FIDO (WebAuthn + CTAP) - Single Sign On - γεςϜΛލ͍ͰΞΠσϯςΟςΟ΍ೝূ৘ใΛ఻ൖ͢Δ ͨΊͷϓϩηε - ୅දతͳϓϩτίϧ: Kerberos, SAML, OIDC IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPTQCKBIUNMTFD

Slide 178

Slide 178 text

ೝূ

Slide 179

Slide 179 text

- γεςϜϦιʔε΁ͷΞΫηεΛਃ੥͢ΔϢʔ βʔɾϓϩηεɾσόΠεͱ͍ͬͨΤϯςΟςΟ ͷΞΠσϯςΟςΟΛཱূʢVerifyʣ - ௨ৗɺΫϨσϯγϟϧͷఏࣔΛ൐͏ ೝূͱ͸ IUUQTQBHFTOJTUHPWTQIUNM

Slide 180

Slide 180 text

- 1961: ύεϫʔυͷొ৔ at MIT - 1983: ICΧʔυϚΠίϯ - ????: ΫϨδοτΧʔυ with ICνοϓ - 2000~: - SMS΍ϝʔϧʹΑΔ௥Ճೝূίʔυͷૹ৴ - TOTPΛ࢖ͬͨ௥Ճೝূ - εϚʔτΧʔυΛ࢖ͬͨActive Directoryೝূ - ੜମೝূΛ࢖ͬͨ௥Ճೝূ - Yubicoࣾઃཱ - 2018: - FIDO2 ೝূํࣜͷભҠ IUUQTFOXJLJQFEJBPSHXJLJ1BTTXPSE

Slide 181

Slide 181 text

8FC"VUIO CFDPNFT XDQSPQPTFE SFDDFPNFOEBUJPO HNTpEPpEP 'FC 'FC +BO 8FC"VUIO CFDPNFT XDQSPQPTFE SFDDFPNFOEBUJPO .BSDI .BZ 8FC"VUIO XDDBOEJEBUF SFDDFPNFOEBUJPO 8FC"VUIO XDQSPQPTFE SFDDFPNFOEBUJPO +VOF .BS 8FC"VUI XD TUBOEBSJ[FE

Slide 182

Slide 182 text

"VUIFOUJDBUPS $MJFOU 3FMZJOH 1BSUZ 3FMZJOH 1BSUZ $SFEFOUJBM,FZ ,FZ1BJS ,FZ1BJS $SFEFOUJBM ,FZ1BJS FIDO

Slide 183

Slide 183 text

Platform 5&& 51.

Slide 184

Slide 184 text

SSOʢϑΣσϨʔγϣϯʣ ೝূ৘ใͷ࿈ܞ

Slide 185

Slide 185 text

- SSO - 1౓ͷೝূͰෳ਺ͷγεςϜ͕ར༻ՄೳʹͳΔ͜ͱ - Kerberosೝূɺσδλϧॺ໊ೝূ - ϑΣσϨʔγϣϯ - ωοτϫʔΫυϝΠϯΛ·͍ͨͰೝূ৘ใΛ࿈ܞ͢Δ͜ͱ - SAML, OIDC SSOɾϑΣσϨʔγϣϯͱ͸

Slide 186

Slide 186 text

xxxx-xxxx xxxx-xxxx/AttributeValue> Kengo Suzuki https://sts.windows.net/xxxx-xxxx/ AttributeValue> http://schemas.microsoft.com/ws/2008/06/ identity/authenticationmethod/password http://schemas.microsoft.com/claims/ multipleauthn arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure 3 Suzuki [email protected] [email protected] [email protected] arn:aws:iam::xxxxxxxx:role/xxx- role,arn:aws:iam::1111:saml-provider/Azure AttributeValue> arn:aws:iam::xxxx:role/ yyy-role,arn:aws:iam::1111:saml-provider/ Azure 14400 ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 4".- "TTFSUJPO

Slide 187

Slide 187 text

{ "ver": "2.0", "iss": “https://login.microsoftonline.com/ xxxxxx-xxxxx-xxxxx-xxxx/v2.0", "sub": "Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "aud": "xxxxxx-xxxxx-xxxxx-xxxx", "exp": 1536361411, "iat": 1536274711, "nbf": 1536274711, "name": “Kengo Suzuki", "preferred_username": “[email protected]“, "oid": "xxxxxx-xxxxx-xxxxx-xxxx", "tid": "xxxxxx-xxxxx-xxxxx-xxxx", "nonce": "111111", "aio": “!eGbIDakyp5mnOrcdqHeYSnltepQmRp6AIZ8jY” “roles": "frontend", } ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 0*%$ *%5PLFO

Slide 188

Slide 188 text

BeyondCorpʹ͓͚ΔʮϢʔ βʔͷೝূʯͷཁ݅Λຬͨ͢ ੡඼ = IDaaS IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

Slide 189

Slide 189 text

AzureAD: σΟϨΫτϦ (LDAPϢʔβʔ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

Slide 190

Slide 190 text

AzureAD: σΟϨΫτϦ (LDAPάϧʔϓ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

Slide 191

Slide 191 text

AzureAD: ϓϩϏδϣχϯά(SCIM) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

Slide 192

Slide 192 text

AzureAD: Ϣʔβʔೝূ(MFA)ͱೝূ৘ใ࿈ܞ

Slide 193

Slide 193 text

- ೝূΛ௨ͯ͠ϢʔβʔΛಛఆ͠ͳ͚Ε͹ͳΒͳ͍ - Ϣʔβʔʹඥͮ͘࿦ཧతͳΦϒδΣΫτ͕ඞཁ - ΦϒδΣΫτΛҰݩ؅ཧ͢ΔDB = σΟϨΫτϦ - ΦϒδΣΫτΛଞαʔϏεʹ఻ൖ͢Δ͜ͱ = ϓϩϏδϣχϯά - Ϣʔβʔͷೝূ৘ใΛ࿈ܞ͢Δ͜ͱ = SSOɾϑΣσϨʔγϣϯ Ϣʔβʔͷಛఆɹ·ͱΊ

Slide 194

Slide 194 text

σόΠεͷಛఆ (Identification)

Slide 195

Slide 195 text

No content

Slide 196

Slide 196 text

- ਓ͕ਖ਼౰Ͱ΋ɺײછͨ͠୺຤ʹΑΓ߈ܸऀͷҙਤ͕ୡ੒ ͞Εͯ͠·͏ࣄྫ͸زͭ΋͋Δ - ΑͬͯɺσόΠεͷਖ਼౰ੑΛ֬อ͠ͳ͚Ε͹ͳΒͳ͍ - ඞཁͳίϯϙʔωϯτ - σόΠεDBʢΠϯϕϯτϦʣ - σόΠεೝূ σόΠεͷಛఆ

Slide 197

Slide 197 text

σόΠεDB ʢΠϯϕϯτϦʣ

Slide 198

Slide 198 text

σόΠεDBʢΠϯϕϯτϦʣͷ֓ཁ - σόΠεͷଐੑΛอ࣋͢ΔΦϒδΣΫτΛ؅ཧ͢ΔDB - ҎԼͷ؅ཧػೳΛ࣋ͭ΂͖ - ௐୡͨ͠σόΠεͷొ࿥ - σόΠεͷߏ੒؅ཧʢؚΉมߋͱσϓϩΠʣ - ߏ੒৘ใͷϦΞϧλΠϜදࣔ - ۀ຿ར༻͍ͯ͠ΔσόΠεछผͷαϙʔτ - Windows, MacOS, iOS, Android, Linux…

Slide 199

Slide 199 text

- ௐୡ͔ΒΠϯϕϯτϦొ࿥·Ͱͷஈ֊͸୹͍΄͏ ͕ϕλʔ - ࠷ۙ͸ࣗಈొ࿥Մೳ ΠϯϕϯτϦొ࿥

Slide 200

Slide 200 text

ݟग़͠ IUUQTXXXKBNGDPNCMPHBQQMFEFWJDFFOSPMMNFOUQSPHSBNBQQMFJUJOOPWBUJPO ΠϯϕϯτϦొ࿥(Mac/iOS)

Slide 201

Slide 201 text

ΠϯϕϯτϦొ࿥(Windows) IUUQTNZJHOJUFUFDIDPNNVOJUZNJDSPTPGUDPNTFTTJPOT

Slide 202

Slide 202 text

σόΠεͷߏ੒؅ཧ - ج४ɾϙϦγʔʹैͬͯߏ੒ - ۀ຿ར༻ΞϓϦ/CAͷΠϯετʔϧ - ݹ͍ΞϓϦͷར༻ - OSɾΞϓϦͷ࠷৽Խ - σΟεΫ҉߸Խ - ϩʔΧϧAdminͷύεϫʔυมߋ - ऑ͍ύεϫʔυͷېࢭ - ฆࣦ୺຤ͷϩοΫɾॳظԽ - ߏ੒ঢ়گ΍୺຤ͷϝτϦΫεΛχΞɾϦΞϧλΠϜͰ ऩू - ࣾ಺NWʹݶఆ͞Εͣܧଓతʹద༻ ॏ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ

Slide 203

Slide 203 text

- ͜ΕΒͷཁ݅Λຬͨ͢঎༻੡඼͸·ͩͳ͍ʢڪΒ͘ʣ - ϢʔβʔϞσϧΛఆٛ͢ΔSCIMεΩʔϚͷΑ͏ͳඪ४΋ະ ొ৔ - Google͸ࣗࣾͰϝλσόΠεΠϯϕϯτϦΛߏங - 15ͷҟͳΔσʔλιʔε - 300ສ/೔݅ɺྦྷܭ80ςϥόΠτͷσʔλΛऩू - ֤OS͝ͱͷઐ໳νʔϜ σόΠεΠϯϕϯτϦͷݱ࣮

Slide 204

Slide 204 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

Slide 205

Slide 205 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ࢿ࢈؅ཧ w ʮࢿ࢈ʯͱͯ͠ͷσόΠε%# w ϋʔυ΢ΣΞ΍ͦͷதͰಈ͘ιϑτ΢ΣΞ΍ϥΠηϯε΋؅ཧ w ͦΕΒʹՃ͑ͯϥΠϑαΠΫϧ΋؅ཧ w ૯຿ɾܦཧ͕؅ཧͯ͠Δ͜ͱ΋͋Δ

Slide 206

Slide 206 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w σΟϨΫτϦɾαʔϏε w Ϣʔβʔɾάϧʔϓ%#ͱಉ͡ w 8JOEPXTΛར༻͍ͯ͠ΔاۀͰ͸ɺ"DUJWF%JSFDUPSZ͕ط ʹ͋ΔͷͰɺ͔ͦ͜ΒσʔλΛΠϯϙʔτ͢Δ

Slide 207

Slide 207 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ωοτϫʔΫػث w %)$1΍"31ςʔϒϧͷ࿈ܞ w ωοτϫʔΫػث͸ελϯυΞϩϯͳঢ়ଶͰଘࡏ͢Δ͜ͱ͕ ଟ͍

Slide 208

Slide 208 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ੬ऑੑεΩϟφ w /FTVT΍/NBQͳͲΛఆظతʹ࣮ࢪͯ͠ɺ੬ऑੑ͕ͳ͍͔ νΣοΫ w ͦͷ݁Ռͷ࿈ܞ

Slide 209

Slide 209 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w $" w ୺຤ʹຒΊࠐ·Εͨূ໌ॻͷτϥετΞ ϯΧʔ w ূ໌ॻ͕ਖ਼౰͔ͳͲΛ࿈ܞ

Slide 210

Slide 210 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ߏ੒؅ཧαʔϏε w σόΠεͷߏ੒ঢ়گΛ࿈ܞ

Slide 211

Slide 211 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ύον؅ཧαʔϏε w 04΍Πϯετʔϧ͞ΕͨΫϥΠΞϯτΞ ϓϦͷύον؅ཧ w ద༻ঢ়گͳͲͷ࿈ܞ

Slide 212

Slide 212 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ʢϝλʣΠϯϕϯτϦαʔϏε w ͜ΕΒͷσʔλΛऔΓࠐΈɺؔ࿈෇͚ͨ ୯ҰͷΠϯϕϯτϦ

Slide 213

Slide 213 text

σόΠεೝূ

Slide 214

Slide 214 text

- RFC5280 - ެ։伴ূ໌ॻͷϑΥʔϚοτΛఆٛ - CRLͷఆٛ - ূ໌ॻνΣʔϯͷݕূํ๏Λఆٛ - ൿີ伴ͷ৴པੑΛূ໌Ͱ͖ΔͨΊɺσόΠεೝূͱͯ͠ར༻ X.509

Slide 215

Slide 215 text

ͦͷൿີ伴͸ϢχʔΫ͔

Slide 216

Slide 216 text

ෆਖ਼ʹૠೖ͞Εͨ伴ϖΞ Ͱͳ͍͔ 伴ϖΞΛॻ͖׵͑ΒΕͯ ͍ͳ͍͔

Slide 217

Slide 217 text

Attestation "UUFTUBUJPO,FZTͷ ϖΞ࡞੒ ᶅ4IJQ ޻৔ग़ՙ࣌ʹ 伴ϖΞΛ51.ʹຒΊ ࠐΉ ൿີ伴ͷੜ੒ɾ؅ ཧ͸51.5&& ಺ͷΈ 51.5&& ੜ੒͞Εͨൿີ伴 ʹඥͮ͘ূ໌ॻ͸ ֎ग़Մೳ

Slide 218

Slide 218 text

51.ͷެ։伴 Ͱݕূ 51.5&&

Slide 219

Slide 219 text

Windows TPM IUUQTEPDTNJDSPTPGUDPNFOVTXJOEPXTTFDVSJUZJOGPSNBUJPOQSPUFDUJPOUQNIPXXJOEPXTVTFTUIFUQN

Slide 220

Slide 220 text

ݟग़͠ PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256" IsPresent : True PublicKey : System.Security.Cryptography.AsnEncodedData PublicKeyHash : 70769c52b6e24ef683693c2a0208da68d77e94192e1f4080ae 7c9b97c6caa681 ManufacturerCertificates : {[Subject] OID.2.23.133.2.3=1.2, OID.2.23.133.2.2=C4T8SOX3.5, OID.2.23.133.2.1=id:782F345A [Issuer] CN=Contoso TPM CA1, OU=Contoso Certification Authority, O=Contoso, C=KR [Serial Number] 77A120A [Not Before] 6/4/2012 6:35:58 PM [Not After] 6/4/2022 6:35:57 PM [Thumbprint] 77378D1480AB48FEA2D4E610B2C7EEF648FEA2 } AdditionalCertificates : {} IUUQTHJUIVCDPN.JDSPTPGU%PDTXJOEPXTQPXFSTIFMMEPDTCMPCNBTUFSEPDTFUXJOEPXTUSVTUFEQMBUGPSNN

Slide 221

Slide 221 text

BeyondCorpʹ͓͚ΔσόΠ εɾΞΠσϯςΟςΟΛຬͨ ͢੡඼ɾαʔϏε

Slide 222

Slide 222 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ σόΠεͷΤʔδΣϯτʢUEMʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

Slide 223

Slide 223 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ macOS, iOSฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

Slide 224

Slide 224 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ূ໌ॻΠϯετʔϧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

Slide 225

Slide 225 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ߏ੒؅ཧʢྫ: ϩʔΧϧAdminͷύεϫʔυ೔࣍มߋʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

Slide 226

Slide 226 text

##################################################################################### ############### # Decode API user Password apiPass="$( decryptString "$apiEncryptedPass" "$saltAPI" "$passAPI" )" if [ -z "$apiPass" ]; then scriptLogging "Failed to decrypt API user's password" 2 exit 1 fi ##################################################################################### ############### # Retrieve LAPS user password from Extent Attribute previousEncryptedPassword="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ -n "$previousEncryptedPassword" ]; then scriptLogging "Retrieved previous password is $previousEncryptedPassword (encrypted)." retrievedPassword="$( decryptString "$previousEncryptedPassword" "$laSalt" "$laPass" )" else scriptLogging "Could not get previous password. Try initial password for $ {laUserName}." scriptLogging "Try to use initial password for ${laUserName}: $initialEncryptedPassForLadminUser (encrypted)." retrievedPassword="$( decryptString "$initialEncryptedPassForLadminUser" "$initLaSalt" "$initLaPass" )" fi if [ -z "$retrievedPassword" ]; then scriptLogging "Failed to decrypt previous password of $laUserName" 2 exit 1 fi ##################################################################################### ############### # Check current password with Retrieved password /usr/bin/dscl /Local/Default -authonly "$laUserName" "$retrievedPassword" 2> /dev/ null returnCode=$? if [ "$returnCode" -eq 0 ]; then scriptLogging "Current password has match with Retrieved password." else scriptLogging "Retrieved password for $laUserName is not match current password. dserr: $returnCode" 2 exit $returnCode fi ##################################################################################### ############### # Change password with new one. newpassword="$( /usr/bin/openssl rand -base64 48 | /usr/bin/tr -d OoIi1lLS | /usr/ bin/head -c 12 )" changePassword "$laUserName" "$retrievedPassword" "$newpassword" ##################################################################################### ############### # Encrypt New Password encryptedPassword="$( echo "$newpassword" | /usr/bin/openssl enc -aes256 -a -A -S "$laSalt" -k "$laPass" )" if [ -n "$encryptedPassword" ]; then # If you want to log new password, remove ':' at start of next line. : scriptLogging "New password: $encryptedPassword (Encrypted)" else scriptLogging "Failed to encrypt new password. Why?" 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi ##################################################################################### ############### # Update Extent Attribute with New Password uploadPassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" "$encryptedPassword" returnCode=$? if [ "$returnCode" -ne 0 ]; then scriptLogging "Failed to upload." 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi try="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ "$try" = "$encryptedPassword" ]; then scriptLogging "Retrieve test passed." scriptLogging "Done." exit 0 else scriptLogging "Retrieve test failed. Get unexpected string." 2 scriptLogging "Retrieved String: $try" 2 scriptLogging "Expected String: $encryptedPassword" 2 scriptLogging "Done in error." 2 exit 1 fi $FOTPSFE

Slide 227

Slide 227 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ύον؅ཧʢྫ: Chromeͷ࠷৽Խʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

Slide 228

Slide 228 text

shlogger "Mount dmg file: $dmgfile" devfile="$( /usr/bin/hdiutil attach -nobrowse "$ {workdir}/${dmgfile}" | /usr/bin/grep Chrome | / usr/bin/awk '{print $1}' )" check_result="$( checkapp "$dl_chromapp" "$developerid" )" if [ "$check_result" = ok ]; then shlogger "Codesign check passed." runstate="$( /usr/bin/pgrep Chrome | /usr/bin/ wc -l )" shlogger "Chrome run state: $runstate" if [ "$runstate" -ne 0 ]; then notification=yes ; fi tmpdir="/tmp/$( /usr/bin/uuidgen )" /bin/mkdir -m 755 "$tmpdir" /bin/mv "$CHROME" "$tmpdir" /bin/cp -af "$dl_chromapp" /Applications shlogger "Install Chrome into /Applications" /usr/bin/xattr -r -d com.apple.quarantine "$CHROME" shlogger "Remove com.apple.quarantine from $CHROME" else shlgger "$check_result" 2 shlogger "Codesign check failed." 2 fi /usr/bin/hdiutil detach -quiet "$devfile" rm -rf "$workdir" shlogger "Show notification: $notification" if [ "$notification" = yes ]; then show_notification "Googole Chrome has updated!" "Restart Google Chrome now." fi shlogger "Done." exit 0 w $ISPNFͷࣗಈΞοϓσʔτεΫϦϓτ

Slide 229

Slide 229 text

#!/bin/bash RESULT="Not Installed" CHROME="/Applications/Google Chrome.app" if [ -e "$CHROME" ]; then installed_version="$( /usr/libexec/PlistBuddy -c "print CFBundleShortVersionString" "$CHROME/ Contents/Info.plist" )" current_stable_version="$( /usr/bin/curl -s https://omahaproxy.appspot.com/all | /usr/bin/awk -F, '/mac,stable/ {print $3}' )" if [ "$installed_version" = "$current_stable_version" ]; then RESULT="UptoDate" else RESULT="Old" fi fi echo "$RESULT" w Πϯετʔϧ͞Ε͍ͯΔ$ISPNFͷόʔδϣϯνΣοΫͱଐੑઃఆ

Slide 230

Slide 230 text

֦ுଐੑͷ෇༩ $FOTPSFE $FOTPSFE

Slide 231

Slide 231 text

χΞϦΞϧλΠϜͷߏ੒؅ཧ $FOTPSFE

Slide 232

Slide 232 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ Windows, Androidฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

Slide 233

Slide 233 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ূ໌ॻΠϯετʔϧ $FOTPSFE

Slide 234

Slide 234 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ߏ੒؅ཧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

Slide 235

Slide 235 text

{ "@odata.context": "https://graph.microsoft.com/ v1.0/$metadata#deviceManagement/managedDevices/$entity", "id": "xxxxx", "userId": "xxxxx", "deviceName": "xxxx", "managedDeviceOwnerType": "company", "enrolledDateTime": "2019-07-18T12:17:53.0413033Z", "lastSyncDateTime": "2019-08-15T02:34:53.7572148Z", "operatingSystem": "Windows", "complianceState": "compliant", "jailBroken": "Unknown", "managementAgent": "mdm", "osVersion": "10.0.18362.295", "easActivated": true, "easDeviceId": "xxxxx", "easActivationDateTime": "2019-07-18T12:25:05.2874123Z", "azureADRegistered": true, "deviceEnrollmentType": "windowsCoManagement", "activationLockBypassCode": null, "emailAddress": “[email protected]”, "azureADDeviceId": "xxxxx", "deviceRegistrationState": "registered", "deviceCategoryDisplayName": "Windows", "isSupervised": false, "exchangeLastSuccessfulSyncDateTime": "0001-01-01T00:00:00Z", "exchangeAccessState": "none", "exchangeAccessStateReason": "none", "remoteAssistanceSessionUrl": "", "remoteAssistanceSessionErrorDetails": "", "isEncrypted": true, "userPrincipalName": “[email protected]", "model": "xxxxx", "manufacturer": "xxxxx", "imei": null, "complianceGracePeriodExpirationDateTime": "9999-12-31T23:59:59.9999999Z", "serialNumber": "xxxxx", "phoneNumber": null, "androidSecurityPatchLevel": null, "userDisplayName": "Kengo Suzuki", "wiFiMacAddress": "xxxxx", "deviceHealthAttestationState": null, "subscriberCarrier": "", "meid": "", "totalStorageSpaceInBytes": -1638924288, "freeStorageSpaceInBytes": -822083584, "managedDeviceName": "xxxx/18/2019_12:17 PM", "partnerReportedThreatState": "secured", "deviceActionResults": [], "configurationManagerClientEnabledFeatures": { "inventory": false, "modernApps": false, "resourceAccess": false, "deviceConfiguration": false, "compliancePolicy": false, "windowsUpdateForBusiness": false } } w "1*Λ͔ͭͬͯߏ੒৘ใΛऔಘ w IUUQTHSBQINJDSPTPGUDPN WEFWJDF.BOBHFNFOU NBOBHFE%FWJDFTEFWJDF*%

Slide 236

Slide 236 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ύον؅ཧʢWindows Defenderʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

Slide 237

Slide 237 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ੬ऑੑεΩϟϯʢWindows Defenderʣ $FOTPSFE

Slide 238

Slide 238 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF σΟϨΫτϦʢActive Directoryʣ

Slide 239

Slide 239 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF Network

Slide 240

Slide 240 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ࢿ࢈؅ཧπʔϧ

Slide 241

Slide 241 text

- શσόΠεͰ࣮ࢪ͢Δඞཁ͋Γ - ʢϝλʣΠϯϕϯτϦαʔϏε͸·ͩ঎༻ԽɾOSSԽ͞Ε ͍ͯͳ͍ - ࣗ෼Ͱ࡞Δ͔͠ͳ͍… - σόΠεೝূ͸ TPM + x.509 σόΠεΞΠσϯςΟςΟɹ·ͱΊ

Slide 242

Slide 242 text

ΞΫηε੍ޚ

Slide 243

Slide 243 text

No content

Slide 244

Slide 244 text

- Access Proxy: - શHTTP/SSHϦΫΤετͷड෇ - Access Control Engine(ACE): - ΞΫηε੍ޚΛෳ਺ͷσʔλιʔε͔Βܾఆ͢ΔϙϦγʔΤϯδϯɻ - Trust Inference: - Ϣʔβʔ΍σόΠεͷ৴པείΞΛࢉग़͢ΔΤϯδϯ - Pipleline: - ACEʹσʔλΛfeed͢ΔύΠϓϥΠϯ - Resource: - ΞΫηε੍ޚͷର৅ʹͳΔΞϓϦɺαʔϏεɺΠϯϑϥ ΞΫηε੍ޚͷ֓ཁʢొ৔ਓ෺ʣ

Slide 245

Slide 245 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ

Slide 246

Slide 246 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w "DDFTT1SPYZ͔Β4JOHMF4JHO0OʹϦμΠϨΫτ

Slide 247

Slide 247 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w 4JOHMF4JHO0OͰɺೝূ৘ใΛ࿈ܞ͢Δʢ'FEFSBUJPOʣ

Slide 248

Slide 248 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ΞΫηε੍ޚΛܾఆ͢ΔΑ͏ϦΫΤετ

Slide 249

Slide 249 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w σόΠε΍Ϣʔβʔͷ৴པ౓Λܭࢉ w σόΠεɾϢʔβʔͷଐੑͱͯ͠อଘ w ύΠϓϥΠϯΛ௨ͯ͠৴པείΞɺΠϯϕ ϯτϦ৘ใΛ"$&ʹ࿈ܞ

Slide 250

Slide 250 text

function userTrustInference (user, app interface) int { // isUserVulnerable(user) // isUserAccessingFromNewLocation(user) // hasTakenSecurityTraining(user) // isAppCritical(app) return userTrustTier(userInfo, appInfo) } function deviceTrustInference (device, app interface) int { // isDeviceVulnerable(device) // isDevieLatest(device) // isBrowserLatest(device) // isDeviceManaged(device) // isDeviceEncrypted(device) // isDeviceActive(device) return deviceTrustTier(deviceInfo, app) }

Slide 251

Slide 251 text

ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w "1ͱύΠϓϥΠϯ͔ΒऔಘͰ͖ΔσʔλΛ΋ͱʹΞΫηεՄ൱ Λܾఆɾద༻

Slide 252

Slide 252 text

BeyondCorpʹ͓͚ΔΞΫη ε੍ޚΛຬͨ͢੡඼ɾαʔ Ϗε

Slide 253

Slide 253 text

Access Proxy w "[VSF"% w ੍ݶ w )551ʢ4ʣҎ֎ͷϓϩ τίϧରԠ w ύεϫʔυೝূํࣜ

Slide 254

Slide 254 text

Trust Inference w "[VSF"%*EFOUJUZ1SPUFDUJPO Ϣʔβʔ w .JDSPTPGU%FGFOEFS"51ʢσόΠεʣ w "[VSF"51ʢσόΠεɾϢʔβʔʣ

Slide 255

Slide 255 text

- Ϣʔβʔͷ৴པ౓ΛαΠϯΠϯঢ়ଶ͔Βܭଌ - αΠϯΠϯΠϕϯτͦͷ΋ͷͱɺαΠϯΠϯޙͷߦಈ͔Βܭଌ - Πϕϯτྫ: TorΛ࢖ͬͨϩάΠϯࢪߦ - ߦಈྫ: ෆՄೳͳཱྀߦ - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷࢉग़ࠜڌ͕Θ͔Γʹ͍͘ Trust Inference - AzureAD Identity Protection

Slide 256

Slide 256 text

{ "@odata.type": "#microsoft.graph.unfamiliarLocationRiskEvent", "id": “xxxx-xxxx", "riskEventStatus": "dismissedAsFixed", "riskLevel": "medium", "riskEventType": "UnfamiliarLocationRiskEvent", "riskEventDateTime": "2019-xx-xxT06:30:45", "closedDateTime": “2019-xx-xxT09:18:43", "createdDateTime": "2019-xx-xxT09:18:43", "userId": “xxxx-xxxx", "userDisplayName": “Kengo Suzuki", "userPrincipalName": “[email protected]", "ipAddress": "18.205.93.232", "location": { "city": "Ashburn", "state": "VA", "countryOrRegion": "United States", "geoCoordinates": { "latitude": 39.0437, "longitude": -77.4742 } w 4JHO*O3JTL&WFOU

Slide 257

Slide 257 text

{ "id": "xxxx-Xxxx-xxxx", "isDeleted": null, "isGuest": null, "isProcessing": false, “riskLevel": "none", "riskState": "remediated", "riskDetail": "userPerformedSecuredPasswordReset", "riskLastUpdatedDateTime": "2018-xx-xxT01:33:06", "userDisplayName": [email protected], "userPrincipalName": null } w 6TFS3JTL

Slide 258

Slide 258 text

- σόΠεͰൃੜͨ͠ΞϥʔτͱͦͷޙͷରԠঢ়گ ͔ΒϦεΫ஋Λࢉग़ - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷ൑அࠜڌ΍ಛ௃બ୒͕Θ͔Γʹ ͍͘ Trust Inference - Microsoft Defender ATP

Slide 259

Slide 259 text

ɹɹɹɹɹ{ "id": "xxxxx", "computerDnsName": “xxxxxxxxxxx”, "firstSeen": "2019-xx-xxT09:18:43", ɹɹɹɹɹ"lastSeen": "2019-xx-xxT09:18:43", "osPlatform": "Windows10", "osVersion": "10.0.0.0", "lastIpAddress": “xxx.xxx.xxx.xxx”, "lastExternalIpAddress": "xxx.xxx.xxx.xxx", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", "rbacGroupId": 140, ɹɹɹ "rbacGroupName": "The-A-Team", "riskScore": "Low", ɹɹɹɹ"isAadJoined": true, "aadDeviceId": “xxxx-xxxx", ɹɹɹɹ "machineTags": [ "test tag 1", "test tag 2" ] }, w %FWJDF3JTL

Slide 260

Slide 260 text

- υϝΠϯࢀՃͰͷATPܥ߈ܸΛݕ஌ - WDATPͱ࿈ܞ Trust Inference - Azure ATP

Slide 261

Slide 261 text

Trust Inference w "[VSF"%৚݅෇͖ΞΫηε

Slide 262

Slide 262 text

- Ϋϥ΢υαʔϏεʹର͢ΔΞΫηε੍ޚΛෳ਺ͷ৚݅ʹج͍ͮ ܾͯఆɾద༻͢ΔαʔϏε - ৚݅ͷྫ - ୺຤ͷϙϦγʔ४ڌঢ়گ - ϢʔβʔͷϦεΫ஋ - ΫϥΠΞϯτΞϓϦछผ - ΞΫηεઌͷΫϥ΢υαʔϏε - Ґஔ৘ใ ৚݅෇͖ΞΫηε IUUQTEPDTNJDSPTPGUDPNFOVTB[VSFBDUJWFEJSFDUPSZDPOEJUJPOBMBDDFTTPWFSWJFX

Slide 263

Slide 263 text

- MFAͷશ༗ޮԽ ৚݅෇͖ΞΫηεྫ: શΞϓϦ޲͚

Slide 264

Slide 264 text

- ॏཁͳαʔϏεʹରͯ͠ɺαΠϯΠϯϦεΫ͕গ ͠Ͱ΋͋Ε͹ϩάΠϯΛڐՄ͠ͳ͍ - ॏཁαʔϏε - AWS, ౿Έ୆, ύεϫʔυϚωʔδϟʔ, - ސ٬৘ใ؅ཧ༻αʔϏε ৚݅෇͖ΞΫηεྫ: ॏཁΞϓϦ޲͚

Slide 265

Slide 265 text

- ؅ཧ͞ΕͨσόΠεͰϙϦγʔ४ڌͨ͠΋ͷͷΈΞΫηεՄೳ - ؅ཧ͞ΕͨσόΠε: ProfileΛΠϯετʔϧ͞ΕͨBYOD୺຤΋ؚΉ - ४ڌ͞Εͨঢ়ଶ - σΟεΫ͕Full Encryption͞Ε͍ͯΔ - σόΠεͷϦεΫ஋͕LowҎԼͰ͋Δ - OS͕ಛఆͷόʔδϣϯҎ্Ͱ͋Δ - TPMΛඋ͍͑ͯΔ - BIOSϨϕϧͷ ৚݅෇͖ΞΫηεྫ: ؅ཧσόΠεͷΈڐՄ

Slide 266

Slide 266 text

- ͕͜͜BeyondCorp/ZeroTrustͷ؊ - શͯͷΞΫηε͸Access ProxyΛܦ༝͢Δ - ωοτϫʔΫ͚ͩͰ͸ͳ͘ɺෳ਺ͷσʔλιʔε͔Β൑அ͢Δ - ͦͷதʹ͸৴པ౓Λܾఆ͢ΔTrust Inferene΋ؚ·ΕΔ - ACEʹσʔλ͕ू໿͞ΕɺΞΫηε੍ޚ͕ܾఆɾద༻͞ΕΔ ΞΫηε੍ޚɹ·ͱΊ

Slide 267

Slide 267 text

- BeyondCorpΛҰ൪ݱ࣮ͯ͠Δ঎༻αʔϏε͸ Microsoft - θϩ͔Β૊Έ࢝ΊΔͷͰ͋Ε͹ɺMicrosoft365 ύοέʔδΛ࢖ͬͯɺ଍Γͳ͍෦෼Λݸผͷι ϦϡʔγϣϯʹٻΊΔͷ͕ίεύ͕ྑ͍ ࢲݟ

Slide 268

Slide 268 text

ࠓ·Ͱͷ͓͞Β͍

Slide 269

Slide 269 text

ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

Slide 270

Slide 270 text

No content

Slide 271

Slide 271 text

ηΩϡϦςΟ୲౰ͱͯ͠ ΍Δ͜ͱ͸໌֬ʹͳΓ·͔ͨ͠ʁ

Slide 272

Slide 272 text

Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ߦಈࢦ਑ฤ 2019/08/10 By @ken5scal

Slide 273

Slide 273 text

- ϛογϣϯܾఆͱܦӦਞͱͷ߹ҙ - ༏ઌॱҐʹର͢ΔܦӦਞͱͷ߹ҙ - ಥવ;ͬͯ͘ΔʢଞࣾΛؚΊͨʣΠϯγσϯτରԠ - ιϦϡʔγϣϯͷͨΊͷ༧ࢉ֬อ - ϨΨγʔͳपลγεςϜͱͷ౷߹ - ৽͍͠ϓϩμΫτ΁ͷίϛοτ - ʢ΍ͬͱ…ʣ࣮૷ɾӡ༻ - ࠾༻ɾνʔϜϏϧσΟϯά - Etc, etc Զͨͪͷઓ͍͸·ͩ࢝·ͬͨ͹͔Γͩ

Slide 274

Slide 274 text

- ׬શ/ඪ४తͳΧϦΩϡϥϜͳͲͳ͍ - खΛಈ͔ͦ͏ɻ࣮ફ͋ΔͷΈɻ - ίϛϡχέʔγϣϯΛଵΒͳ͍ - ਏ͍͜ͱ΋ࣦഊ΋͋Δ - ָ؍ऀͰ͍Α͏ - ॿ͚ΛٻΊΑ͏ - ஌ࣝΛڞ༗͠Α͏ So, you want to work in security? ݪจ4P ZPVXBOUUPXPSLJOTFDVSJUZ ೔ຊޠ໿ηΩϡϦςΟͰ൧৯͍͍ͨਓ޲͚ͷ৺ͷ࣋

Slide 275

Slide 275 text

Good Luck and Happy Hacking!

Slide 276

Slide 276 text

Thank You!