Tweet
Tweet

Slide 1

Slide 1 text

جௐߨԋ

Slide 2

Slide 2 text

ࣗݾ঺հ ӓాɹՂ༞ ɾΫϥεϝιουגࣜձࣾ ɾ"84ࣄۀຊ෦ ɹιϦϡʔγϣϯΞʔΩςΫτ ɹɹηΩϡϦςΟνʔϜ ɾ4FDVSJUZ+"84ӡӦ ɾ޷͖ͳαʔϏε ɹ"848"'Ϛωʔδυϧʔϧ AWS WAF

Slide 3

Slide 3 text

ΞδΣϯμ w ηΩϡϦςΟରࡦͬͯେมͰ͢ΑͶ w "84্Ͱ࠷௿ݶ΍ͬͨ΄͏͕͍͍͜ͱ w ηΩϡϦςΟରࡦͷݕ౼ॱং

Slide 4

Slide 4 text

΋͏Ұ౓Ͱ͕͢ ηΩϡϦςΟରࡦͬͯେมͰ͢ΑͶ

Slide 5

Slide 5 text

"84ͷ੹೚ڞ༗Ϟσϧ "84Ͱ͸ΦϯϓϨϛεΑΓ΋ߟ͑ΔྖҬ͸ݶఆత ͓٬༷੹೚ྖҬ΋·͍ͩͬͺ͍͋Γ·͕͢ɺ͓͜͜ख఻͍Ͱ͖·͢ ͓ ख ఻ ͍ Ͱ ͖ · ͢

Slide 6

Slide 6 text

͓ख఻͍Ͱ͖Δ͜ͱ ·ͣ͸ηΩϡϦςΟରࡦશମ͔Β

Slide 7

Slide 7 text

ηΩϡϦςΟରࡦ͕େมͳཁҼͷҰͭ ଟ਺ͷηΩϡϦςΟରࡦ αʔϏεɾιϦϡʔγϣϯ

Slide 8

Slide 8 text

ू໿ ηΩϡϦςΟରࡦ੡඼ɾαʔϏεϚοϓ ੬ऑੑରࡦ ෆਖ਼ϓϩάϥϜରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ ηΩϡϦςΟϩά؂ࢹ มߋ؂ࢹ ɾ IDS/IPS ΞϯνϚϧ΢ΣΞ ݕ஌ ίϯϓϥΠΞϯεɾ Ψόφϯε ϩΪϯάɾ෼ੳ ίϯςφ ؂ࢹ Inspector SSM Shield WAF GuardDuty Macie Security Hub CloudWatch CloudWatch Config CloudTrail Config Trusted Advisor Well-Arch SSM

Slide 9

Slide 9 text

͜Ε͸͋͘·ͰҰྫͰ͢ w ओʹ"84पΓ΍ฐࣾऔѻͷαʔϏεɾιϦϡʔγϣ ϯͷҰ෦Ͱ͢ w ΋ͪΖΜଞʹ΋୔ࢁ͋Γ·͢ w ͦΕ͸΋͏͢΂ͯʹ͍ͭͯߟ͑Δͷ͸େมͰ͢ΑͶ

Slide 10

Slide 10 text

࣮ࡍʹͲͷରࡦ͕ඞཁͰ͠ΐ͏͔ʁ Ұྫ: ߈ܸϑϩʔ͔Βߟ͑ͯΈΔ

Slide 11

Slide 11 text

߈ܸϑϩʔͷҰྫ 8FCΞϓϦέʔγϣϯ Ϛϧ΢ΣΞײછ BotԽ ίΠϯϚΠχϯά SQLΠϯδΣΫγϣϯ (CWEܥ) ৘ใࡡऔ (ύεϫʔυ / ΫϨδοτΧʔυ৘ใ) Wordpressͷ੬ऑੑ (CVEܥ) ߈ܸऀ w ྫ͑͹42-ΠϯδΣΫγϣϯ͔ΒΫϨδοτΧʔυ৘ใ͕࿙Ӯ͢Δ w ྫ͑͹8PSEQSFTTͷ੬ऑੑ͔ΒίΠϯϚΠφʔ͕࢓ࠐ·ΕΔ

Slide 12

Slide 12 text

ϋογϡԽ ඇอ࣋Խ ݕ஌ ϩΪϯά ෆਖ਼ϓϩάϥϜରࡦ ߈ܸϑϩʔ΁ͷରࡦҰྫ ੬ऑੑରࡦ ੬ऑੑ਍அ Ϛϧ΢ΣΞײછ BotԽ ίΠϯϚΠχϯά SQLΠϯδΣΫγϣϯ (CWEܥ) ৘ใࡡऔ (ύεϫʔυ / ΫϨδοτΧʔυ৘ใ) Wordpressͷ੬ऑੑ (CVEܥ) ߈ܸऀ ੬ऑੑ਍அ / ੬ऑੑ(ύον)؅ཧ WAF

Slide 13

Slide 13 text

ߟ͑ͳ͍ͱ͍͚ͳ͍͜ͱ w ੬ऑੑରࡦ w ෆਖ਼ϓϩάϥϜରࡦ w ϩΪϯά΍ݕ஌ w ͦΕͧΕͲΕ͘Β͍ɺͲΜͳॱংͰɺ۩ମతʹԿΛ ࢖ͬͯ΍͍͚ͬͯ͹͍͍͔ w Ұॹʹߟ͑Δ͓ख఻͍Ͱ͖·͢

Slide 14

Slide 14 text

AWS্Ͱ࠷௿ݶ΍ͬͨ΄͏͕͍͍͜ͱ

Slide 15

Slide 15 text

"84αʔϏεͰඞਢͳ߲໨ w *".ͷ؅ཧ w 4FDVSJUZ(SPVQΛద੾ʹߜΔ w $MPVE5SBJM"84$POpH༗ޮԽ w (VBSE%VUZઃఆ4/4௨஌

Slide 16

Slide 16 text

(VBSE%VUZ͸શΞΧ΢ϯτશϦʔδϣϯ༗ޮԽඞਢ w (VBSE%VUZ͸"84্Ͱར༻Ͱ͖ΔڴҖݕ஌αʔϏε w ೥ͷSF*OWFOUͰϦϦʔε w $MPVE5SBJM΍71$ϑϩʔϩάɾ%/4ϩάΛػցֶशͰ෼ੳͯ͠ڴҖΛݕ஌ w ༗ޮԽ͢Δ͚ͩͰ༷ʑͳҟৗΛݕ஌ w ίΠϯϚΠχϯά w ϒϧʔτϑΥʔε w ීஈͱҧ͏৔ॴ͔ΒͷΞΫηε w $$αʔό΁ͷ௨৴ w ΦϯϓϨϛε΍ࣗલͰ΍Ζ͏ͱࢥ͏ͱ݁ߏߴΊͷ੡඼͕ඞཁͳରࡦ͕֨҆ Ͱɺ௒͓खܰʹ࣮ࢪՄೳ

Slide 17

Slide 17 text

(VBSE%VUZͷίεύ w ྉۚ w $MPVE5SBJM64% Πϕϯτ w 71$ϑϩʔϩάͱ%/4ϩά෼ੳ64%(# w ͜Ε͚ͩͩͱϩά͕ͲΕ͘Β͍ग़Δ͔Θ͔Βͳ͍ͷͰ Θ͔Γ΍͘͢͠·ͨ͠

Slide 18

Slide 18 text

(VBSE%VUZར༻අ࣮੷ ฐࣾॴ͓࣋٬༷ΞΧ΢ϯτͷ 85%Ҏ্͸ར༻අશମͷ1%ҎԼʹऩ·Δ 95%Ҏ্͕2%ҎԼʹऩ·Δ ※ۃ୺ʹར༻අ͕௿͍΋ͷΛআ͘ɾҰ࣌ظͷ࣮੷

Slide 19

Slide 19 text

(VBSE%VUZͷτϥΠΞϧ w (VBSE%VUZ͸೔ؒແྉͰར༻Ͱ͖࣮ͯࡍͷඅ༻ ΋֬ೝͰ͖ΔͷͰ·ͣ͸༗ޮԽʂ

Slide 20

Slide 20 text

͋ΘͤͯಡΈ͍ͨ ҰൃͰ(VBSE%VUZΛશϦʔδϣϯ༗ޮԽͯ͠௨஌ઃ ఆ͢ΔςϯϓϨʔτ࡞ͬͨ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTFUHVBSEEVUZBMMSFHJPO ·ͣ͸Ұൃ༗ޮԽʂ

Slide 21

Slide 21 text

͋ΘͤͯಡΈ͍ͨ "84͝ར༻։࢝࣌ʹ࠷௿ݶ͓͓͖͍͑ͯͨ͞ͷ͜ͱ IUUQTXXXTMJEFTIBSFOFU"NB[PO8FC4FSWJDFT+BQBO EBZXJUIBNB[POXFCTFSWJDFTBXT

Slide 22

Slide 22 text

ηΩϡϦςΟରࡦͷݕ౼ॱং

Slide 23

Slide 23 text

ηΩϡϦςΟରࡦͷݕ౼ॱং 8FCαΠτͷྫ w ඞਢݕ౼ࣄ߲ w ෆਖ਼ϓϩάϥϜରࡦ w ੬ऑੑରࡦ w ؂ࢹɾϩΪϯά w Φϓγϣϯ w ϩά෼ੳ w ίϯϓϥΠΞϯεɾΨόφϯε w ˞͋͘·ͰҰྫͰ͢

Slide 24

Slide 24 text

ෆਖ਼ϓϩάϥϜରࡦ w 04ϨΠϠʔҎ্͸͓٬༷੹೚ൣғ Ͱɺಛʹαʔό಺෦ͷରࡦ͸αʔυ ύʔςΟ੡඼͕ඞਢ w 8FCαΠτͰ͸Πϯλʔωοτʹ৮ ΕΔαʔό͸߈ܸΛ࠷ॳʹड͚Δ෦ ෼ͷͨΊରࡦඞਢ w ฐࣾͷఏҊͱͯ͠͸04಺Ͱෳ਺ϨΠ ϠʔͷػೳΛ࣋ͭ%FFQ4FDVSJUZ͕ ਪ঑ "84ͱͷ਌࿨ੑ͕ߴ͍ ෆਖ਼ϓϩάϥϜରࡦ ηΩϡϦςΟϩά؂ࢹ มߋ؂ࢹ ɾ IDS/IPS ΞϯνϚϧ΢ΣΞ

Slide 25

Slide 25 text

੬ऑੑରࡦ w ੬ऑੑ؅ཧ͸͢΂ͯͷαʔόͰඞਢ w 44.୯ମͰ΋Ͱ͖ͳ͘ͳ͍͕ɺύο νద༻ͷΈͷར༻͕޲͍͍ͯΔ w ੬ऑੑͷνΣοΫ͸'VUVSF7VMT͔' 4FDVSF3"%"3͕͍͍ w εΩϟϯͱ੬ऑੑ؅ཧɺνέοτػೳ ͕͋Γ"1*࿈ܞͰ$*$%αΠΫϧʹ' 4FDVSF3"%"3Λ૊ΈࠐΊΔͷͰ ͦΕ΋ݕ౼ͯ͠ΈΔ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

Slide 26

Slide 26 text

੬ऑੑରࡦ w ੬ऑੑ਍அ͸ϓϥοτϑΥʔϜ਍அͱ8FC ΞϓϦέʔγϣϯ਍அΛ྆ํ࣮ࢪ͢Δ w "NB[PO*OTQFDUPS͸ϓϥοτϑΥʔϜ਍ அͷΈͷͨΊɺఆৗతͳνΣοΫʹ͸޲͕͘ ϦϦʔεલͷશମνΣοΫʹ͸ྗෆ଍ w ؆қతͳ8FCαΠτ ݸਓ৘ใΛ࣋ͨͳ͍ɾ ෳࡶͳϩδοΫ͕ͳ͍ ͳΒ'4FDVSF 3"%"3 πʔϧͰͷ਍அ Ͱ͍͍ w ্هʹ౰ͯ͸·Βͳ͍৔߹ʹ͸ΠΤϥΤη ΩϡϦςΟͷΑ͏ʹਓͰ਍அ͢ΔαʔϏεਪ ঑ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

Slide 27

Slide 27 text

੬ऑੑରࡦ w ๷ޚ͸࢑ఆରॲͷͨΊ਍அ΍؅ཧΛ͠ ্ͨͰ׆༻ w %FFQ4FDVSJUZͰ04্Ͱͷରࡦ΋Մೳ ͕ͩɺՄೳͳΒલஈͰ8"'౳ͰࢭΊ͍ͨ w "848"'͸ΞϓϥΠΞϯε8"'ΑΓ ΋ػೳ͸ݶఆత͕ͩεέʔϧ౳૬ੑ͸͍ ͍ͷͰΤϯτϦʔϨϕϧ͔Βݕ౼͢Δ w "848"'ӡ༻ͷφϨοδ͕ͳ͍৔߹ʹ ͸8BG$IBSNʹΑΔࣗಈӡ༻΋ݕ౼ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

Slide 28

Slide 28 text

ίϯςφͷෆਖ਼ϓϩάϥϜ΍੬ऑੑରࡦ w 'BSHBUFͳͲϗετΛૢ࡞Ͱ͖ͳ͍ ίϯςφܥͰ͸ಛʹηΩϡϦςΟ੡඼ ͸·ͩࢢ৔ʹग़ἧ͍ͬͯͳ͍ w "RVBͳΒϦϦʔεલͷίϯςφͷ੩ తεΩϟϯ΍ՔಇதͷಈతͳεΩϟϯ ʹ΋ରԠ͍ͯ͠Δ ίϯςφ

Slide 29

Slide 29 text

؂ࢹɾϩΪϯάɾ෼ੳ w ֤छϦιʔεͷϝτϦΫεͱϩάͷऔಘ͸ඞਢ w ϩά෼ੳ͸୯७ͳ8FCαΠτͳΒ༏ઌ౓͸௿Ίɻύ ϑΥʔϚϯε΍ηΩϡϦςΟཁ͕݅ߴ͍৔߹ʹ͸ݕ౼ ͢Δ w ϩάʹ͍ͭͯอଘ͸جຊ4อଘɺ෼ੳΛݕ౼͢Δͳ Β$MPVE8BUDI-PHT&MBTUJDTFBSDI4VNP -PHJD͕બ୒ࢶʹͳΔ w ෼ੳΛॳΊͯߦ͏৔߹΍෼ੳʹूத͍ͨ͠৔߹ɺε έʔϧ͕ಡΊͳ͍৔߹ʹ͸4VNP-PHJD͕ॳظμο γϡϘʔυͱΠϯςάϨʔγϣϯʹ༏Ε͍ͯΔͷͰ͍ ͍ ϩΪϯάɾ෼ੳ CloudWatch Config CloudTrail ؂ࢹ CloudWatch

Slide 30

Slide 30 text

ίϯϓϥΠΞϯεɾΨόφϯε w ࠷௿ݶͷηΩϡϦςΟνΣοΫ͕Մೳͳ JOTJHIUXBUDI͸ແྉͷͨΊ͢΂ͯͷΞΧ΢ϯτͰ༗ ޮ׆༻ͯ͠΄͍͠ w "845SVTUFE"EWJTPS΋ඞͣνΣοΫ w ΞϓϦن໛͕େ͖͍ɾεςʔΫϗϧμʔ͕ଟ͍ɾίϯ ϓϥΠΞϯε༻͕݅ߴ͍৔߹ʹ͸௥Ճͷ׆༻Λݕ౼ w %PNF͸1$*%44ͳͲͷίϯϓϥΠΞϯενΣοΫ ͕Ͱ͖Δଞɺ4FDVSJUZ(SPVQ͔ΒωοτϫʔΫΛՄ ࢹԽͨ͠Γ*".ͷ؅ཧΛߦ͑ΔͷͰେن໛ΞΧ΢ϯ τɾϚϧνΞΧ΢ϯτͷ؅ཧίετΛେ͖͘࡟ݮͰ͖ Δ ίϯϓϥΠΞϯεɾ Ψόφϯε Config Trusted Advisor Well-Arch SSM

Slide 31

Slide 31 text

·ͱΊ

Slide 32

Slide 32 text

·ͱΊ w (VBSE%VUZ͸࣮֬ʹ༗ޮԽ w ෆਖ਼ϓϩάϥϜରࡦ੬ऑੑରࡦ؂ࢹɾϩΪϯά͸ ࠷௿ݶ࣮֬ʹ࣮ࢪͭͭ͠कΔ΋ͷͷن໛ʹԠͯ͡௥ ՃΛݕ౼ w ΫϥεϝιουͰ͸ߏங͔Βӡ༻·Ͱ·Δͬͱ͓ख఻ ͍Ͱ͖·͢ w ࠔͬͨΒͳΜͰ΋૬ஊ͍ͯͩ͘͠͞