セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

Slide 1

Slide 1 text

Hardening for cyber security — generated by Stable Diffusion XL v1.0 2024 3-4 (WBS) 2024 3-4 — 2024-06-17 – p.1/34

Slide 2

Slide 2 text

https://speakerdeck.com/ks91/collections/cyber-security-2024-summer 2024 3-4 — 2024-06-17 – p.2/34

Slide 3

Slide 3 text

( ) 1 6 10 (1) • 2 6 10 (2) • 3 6 17 • 4 6 17 • 5 6 24 I ( ) 6 6 24 I ( ) 7 7 1 8 7 1 9 7 8 10 7 8 11 7 15 II ( ) 12 7 15 II ( ) 13 7 22 14 7 22 W-IOI / ( ) 2024 3-4 — 2024-06-17 – p.3/34

Slide 4

Slide 4 text

( 20 ) 1 • 2 • 3 • 4 (TCP/IP ) • 5 • 6 • 7 • 8 • 9 • 10 World Wide Web • 11 Web API • 12 • 13 git GitHub • 14 • (6/24 ) / (2 ) OK / 2024 3-4 — 2024-06-17 – p.4/34

Slide 5

Slide 5 text

( ) ( ) 2024 3-4 — 2024-06-17 – p.5/34

Slide 6

Slide 6 text

+ — ( (1), (2)) + ( (3)) 2024 3-4 — 2024-06-17 – p.6/34

Slide 7

Slide 7 text

2024 3-4 — 2024-06-17 – p.7/34

Slide 8

Slide 8 text

1. (1) (2) 2024 6 13 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 3-4 — 2024-06-17 – p.8/34

Slide 9

Slide 9 text

. . . . . . 13 9 (14 ( ) ) ( ) 2024 3-4 — 2024-06-17 – p.9/34

Slide 10

Slide 10 text

A ⇒ ( ) ⇒ ( ) 2024 3-4 — 2024-06-17 – p.10/34

Slide 11

Slide 11 text

I ( ) ⇒ . . . . . . ( ) ( : ) . . . ( : ) ( ) (anachronism) ^^; 2024 3-4 — 2024-06-17 – p.11/34

Slide 12

Slide 12 text

L ⇒ IPA NISC NICT 7.5 2024 3-4 — 2024-06-17 – p.12/34

Slide 13

Slide 13 text

N 5 ⇒ https://www.datacenterdynamics.com/en/analysis/how-to-break-into-a-data-center-pen-testers-reveal-their-secrets/ ( ) 2024 3-4 — 2024-06-17 – p.13/34

Slide 14

Slide 14 text

M ⇒ . . . 2024 3-4 — 2024-06-17 – p.14/34

Slide 15

Slide 15 text

Y = = ⇒ 2024 3-4 — 2024-06-17 – p.15/34

Slide 16

Slide 16 text

“ ” 3 ( ) ( ) ( ) 2024 3-4 — 2024-06-17 – p.16/34

Slide 17

Slide 17 text

( ) : Wi-Fi etc. (Conﬁdentiality) (Integrity) (Availability) 2024 3-4 — 2024-06-17 – p.17/34

Slide 18

Slide 18 text

( +α) : . . . ( ) . . . ( . . . ) ( ( ^^;)) . . . . . . ( ) × → 2024 3-4 — 2024-06-17 – p.18/34

Slide 19

Slide 19 text

(Gold Standard of Security) (Authentication) ( ) ID / , , , , , , etc. (Authorization) ( ) , , sudoers, etc. (Audit) , , , etc. 2024 3-4 — 2024-06-17 – p.19/34

Slide 20

Slide 20 text

(1) : ( ) (a) USB (b) URL X 1. 2. ( ) 3. 2024 3-4 — 2024-06-17 – p.20/34

Slide 21

Slide 21 text

(2) : PPAP PPAP Password ( ) Passowrd ( ) A ( ) Protocol ( ) PPAP PPAP 2024 3-4 — 2024-06-17 – p.21/34

Slide 22

Slide 22 text

NICT CYDER https://cyder.nict.go.jp (3) : 2024 3-4 — 2024-06-17 – p.22/34

Slide 23

Slide 23 text

Πϯγσϯτͷ༧ஹͳͲ ॳಈରԠ ෮چાஔ ࢑ఆରԠ ࠶ൃ๷ࢭࡦ ߃ٱରԠ ݕ౼ ࣄޙରԠ τϦΞʔδ ใ ࠂ ɾ ެ ද Π ϯ γ σ ϯ τ ϋ ϯ υ Ϧ ϯ ά Π ϯ γ σ ϯ τ Ϩ ε ϙ ϯ ε ސ ٬ ɾ ެ ڞ ݕ஌ɾड෇ ରԠํ਑ݕ౼ 1PJOUPG$POUBDU ূڌอશ ෧͡ࠐΊ ࠜઈ , , DoS , , etc. 2024 3-4 — 2024-06-17 – p.23/34

Slide 24

Slide 24 text

Point of Contact (PoC) 1 2024 3-4 — 2024-06-17 – p.24/34

Slide 25

Slide 25 text

2024 3-4 — 2024-06-17 – p.25/34

Slide 26

Slide 26 text

HDD ( ) 2024 3-4 — 2024-06-17 – p.26/34

Slide 27

Slide 27 text

2024 3-4 — 2024-06-17 – p.27/34

Slide 28

Slide 28 text

( ) 2024 3-4 — 2024-06-17 – p.28/34

Slide 29

Slide 29 text

( ) JPCERT/CC, NISC, ( ) ( ) 2024 3-4 — 2024-06-17 – p.29/34

Slide 30

Slide 30 text

(1 ) 2024 3-4 — 2024-06-17 – p.30/34

Slide 31

Slide 31 text

(3) : 70 1,000 X 3 1. 2. 3. 3 2024 3-4 — 2024-06-17 – p.31/34

Slide 32

Slide 32 text

2024 3-4 — 2024-06-17 – p.32/34

Slide 33

Slide 33 text

2. OK (1) (2) 2024 6 20 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 3-4 — 2024-06-17 – p.33/34

Slide 34

Slide 34 text

I 2024 3-4 — 2024-06-17 – p.34/34