20230914_FinJAWS

Transcript

1. "84
   4FDVSJUZ
   )VCΛ࢖͍͜ͳͤͳͯ͘ ࣦഊͯ͠͠·͏ΞϯνϨγϐ ถᖒ ୓໵

2. ถᖒ ୓໵ 5BLVZB
   :POF[BXB ೥ʹ4*FSʹ৽ଔೖࣾɻ ݱࡏ͸࢈ۀۀքͷ͓٬༷޲͚ʹ"84؀ڥશൠͷઃܭߏஙΛ୲౰ɻ 8&#։ൃ͔Β"84౷੍ɺΫϥ΢υΨΠυϥΠϯࡦఆͳͲ ԿͰ΋԰z ࢲͷ࢓ࣄ͸4FDVSJUZ)VCʹΑͬͯ੒Γཱ͍ͬͯ·͢ ޷͖ͳ"84αʔϏε͸ 4".

   
   "QQMJDBUJPO
   $PNQPTFS
   $PEF1JQFMJOF ޷͖ͳٕज़͸ /FYUKT
   /FTU+4
   5BJMXJOE$44
   %PDLFS
   LT झຯ͸ ֨ಆٕʢରઓΑΖ͓͘͠ئ͍͠·͢ʣɺ͓ՈL  IUUQTUXJUUFSDPN UBLVZB@ZOF

3. ͸͡Ίʹ § /*45ͷ$ZCFS
   4FDVSJUZ
   'SBNFXPSL $4'
   ͱ "84αʔϏε  識別 - Identity

   - 防御 - Protect - 検知 - Detect - 対応 - Respond - 復旧 - Recover - AWS Config AWS Security Hub AWS Shield Amazon GuardDuty Amazon Inspector Amazon Macie AWS WAF Amazon Detective IAM AWS KMS AWS Network Firewall Amazon Verified Permissions AWS Systems Manager AWS Lambda AWS Systems Manager AWS CloudFormation AWS Backup AWS Elastic Disaster Recovery (AWS DRS)

4. ͸͡Ίʹ § /*45ͷ$ZCFS
   4FDVSJUZ
   'SBNFXPSL $4'
   ͱ "84αʔϏε  識別 - Identity

   - 防御 - Protect - 検知 - Detect - 対応 - Respond - 復旧 - Recover - AWS Config AWS Security Hub AWS Shield Amazon GuardDuty Amazon Inspector Amazon Macie AWS WAF Amazon Detective IAM AWS KMS AWS Network Firewall Amazon Verified Permissions AWS Systems Manager AWS Lambda AWS Systems Manager AWS CloudFormation AWS Backup AWS Elastic Disaster Recovery (AWS DRS) lݕ஌zքͷେޚॴ 4FDVSJUZ)VC༷ͷ͓࿩Ͱ͢

5.  ͬͦ͘͞ຊ୊΁ɻɻ 4FDVSJUZ)VC͸҄ϲۼ͞Μ ηογϣϯͰղઆࡁΈͳͷͰ

6. BBTEGBGB § BBBBB ▸BBBBBB − CCCCC § BBBBB ▸BETBGBEG 

   είΞʁ ग़དྷΒ͋ͬʂ ͡Όͳ͍ʂʁ ةݥ͔ͩΒૣ͘ੋਖ਼͠Ζʂ ౖΒΕΔ͔Β͜ͷϧʔϧΛ 0''ʹͯͬ͠ͱɻɻ ͦͷ

7. ग़དྷ·ͤΜͰͨ͠ʜ  § ࡶʹ4FDVSJUZ)VCΛσϑΥϧτઃఆͰ༗ޮԽ͢Δͱʜ ▸$*4
   Wʢݸʣͱ "84جૅηΩϡϦςΟͷϕετϓϥΫςΟεWʢݸʣ ͕༗ޮԽɺʢେମͷ৔߹͸ʣͱΜͰ΋ͳ͍είΞ͕ग़Δ :"7":ʂ

8. ఘΊͳ͍Ͱʂ  § ஌͓͖͍ͬͯͨ4FDVSJUZ)VCείΞࢉग़ϧʔϧ https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/standards-security-score.html

9. ఘΊͳ͍Ͱʂ  § ஌͓͖͍ͬͯͨ4FDVSJUZ)VCείΞࢉग़ϧʔϧ https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/standards-security-score.html είΞʹίϯτϩʔϧͷ߹֨਺༗ޮίϯτϩʔϧ਺ ॏཁ౓ $SJUJDBM)JHI.FEJVN-PX ͸ߟྀ֎ͳͷͰ είΞʹ:"7":౓

   Ͱ͸ͳ͍

10. ఘΊͳ͍Ͱʂ  § ͔ͱ͍ͬͯɺԿ΋ݟͳ͍͍ͯ͘zͰ͸ͳ͍zͰ͢ʂ ▸ॏཁ౓ɿ$SJUJDBM͸ΘΓ͔͠Ξ΢τؾຯͳͷͰɺඞͣνΣοΫΛ ▸্هʹ߹Θͤͯ(VBSE%VUZͷݕग़݁ՌΛ֬ೝ͓ͯ͘͠ͱ٢

11. BBTEGBGB § BBBBB ▸BBBBBB − CCCCC § BBBBB ▸BETBGBEG 

    ͱΓ͋͑ͣ શϧʔϧνΣοΫ ͳΜ͔͍ͬͺ͍ج४͕ ͋Δ͔Β༗ޮԽͪ͠Ό͑ʂ ͨ͘͞ΜνΣοΫͯ͠ ࠔΔ͜ͱ͸ͳ͍ͩΖ͏ʜ ͦͷ

12. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon EventBridge AWS Security Hub Event

    Rule Amazon SNS Incident Manager AWS Systems Manager AWS Chatbot Amazon SNS ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏

13. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Incident Manager AWS Systems Manager AWS

    Chatbot Amazon SNS ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Amazon SNS Amazon EventBridge AWS Security Hub Event Rule

14. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Incident Manager AWS Systems Manager AWS

    Chatbot Amazon SNS ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Amazon SNS Amazon EventBridge AWS Security Hub Event Rule

15. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Incident Manager AWS Systems Manager AWS

    Chatbot Amazon SNS ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Amazon SNS Amazon EventBridge AWS Security Hub Event Rule 🤢 ੜ+40/
    "4'' Λ໨ύʔεͰ͖Δ ஁࿉͞Εͨ4FDVSJUZ)VCϢʔβͷΈͷબ͹Ε͠௨஌ํ๏

16. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS Incident Manager AWS Systems

    Manager ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 AWS Chatbot Amazon SNS Amazon EventBridge AWS Security Hub Event Rule

17. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS Incident Manager AWS Systems

    Manager ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 AWS Chatbot Amazon SNS Amazon EventBridge AWS Security Hub Event Rule

18. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS Incident Manager AWS Systems

    Manager ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 AWS Chatbot Amazon SNS Amazon EventBridge AWS Security Hub Event Rule 👍
    4MBDL΍5FBNTʹ௨஌͕ྲྀΕΔͷͰ͙͢ؾ෇͚Δ 👍
    Πϕϯτ಺༰͕αϚΒΕ͍ͯΔͷͰݟ΍͍͢ 👍
    $IBU#PU͔ΒίϚϯυ΍3VOCPPL͕࣮ߦ Ͱ͖ΔͷͰ࢖͍͜ͳͤΕ͹շదͳ$IBU0QT

19. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS AWS Chatbot Amazon SNS

    ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Incident Manager AWS Systems Manager Amazon EventBridge AWS Security Hub Event Rule

20. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS AWS Chatbot Amazon SNS

    ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Incident Manager AWS Systems Manager Amazon EventBridge AWS Security Hub Event Rule

21. 4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯ § ͓खܰ௨஌ύλʔϯू  Amazon SNS AWS Chatbot Amazon SNS

    ͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏 Incident Manager AWS Systems Manager Amazon EventBridge AWS Security Hub Event Rule 👍
    l୭͕z z͍ͭz ରԠΛ࢝Ίͨ׬͔ྃͨ͠ͷτϥοΫ 👍
    աڈͷྨࣅࣄ৅ͱͷؔ࿈෇͚ 👍
    ϝʔϧ΍4.4 5&-ͳͲ๛෋ͳνϟωϧ

22. 44.
    *ODJEFOU
    .BOBHFS  44.
    *ODJEFOU .BOBHFS͸ͱͯ΋Ԟ͕ਂ͍ͷͰ 0QT+"84
    ͷԼهࢿྉΛνΣοΫʂ https://speakerdeck.com/yoshiiryo1/aws-systems-manager-incident-manager-deshi-xian-suruinsidentoguan-li

23. ࢲͷۤखͳݴ༿Ͱ͢  ͱΓ͋͑ͣϧʔϧ0/ ͔Βͷ ͱΓ͋͑ͣ௨஌

24. Կ͕ݴ͍͍͔ͨʁ  https://www.oreilly.co.jp/books/9784873119847/ lϊΠζͷଟ͍Ξϥʔτ͸ΞϥʔτർΕΛى͜͠ɺ ΞϥʔτΛ໾ʹཱͨͳ͍΋ͷʹͯ͠͠·͍·͢ɻ lΞϥʔτγεςϜʹଟ͘ͷϊΠζΛൃੜͤͯ͞͠·͍ɺ ͦΕΒ͸͙͢ʹແࢹ͞ΕΔΑ͏ʹͳΓɺ Ξϥʔτ͕ൃੜ͍ͯ͠Δͷ͕ ਖ਼ৗͩͱݟΒΕͯ͠·͏͜ͱͰ͢ɻ ষ

    ΞϥʔτർΕ ΑΓ

25. Կ͕ݴ͍͍͔ͨʁ  https://www.oreilly.co.jp/books/9784873119847/ lϊΠζͷଟ͍Ξϥʔτ͸ΞϥʔτർΕΛى͜͠ɺ ΞϥʔτΛ໾ʹཱͨͳ͍΋ͷʹͯ͠͠·͍·͢ɻ lΞϥʔτγεςϜʹଟ͘ͷϊΠζΛൃੜͤͯ͞͠·͍ɺ ͦΕΒ͸͙͢ʹແࢹ͞ΕΔΑ͏ʹͳΓɺ Ξϥʔτ͕ൃੜ͍ͯ͠Δͷ͕ ਖ਼ৗͩͱݟΒΕͯ͠·͏͜ͱͰ͢ɻ ʘ͜͏ͳΓ·͢ʂʗ

    ϝʔϧ ະಡ݅਺ ষ ΞϥʔτർΕ ΑΓ

26. ๨Εͯ͸͍͚ͳ͍ίετ § 4FDVSJUZ)VCͱ$POGJH͸χίΠν  4FDVSJUZ)VCϧʔϧΛ0O  $POGJHϧʔϧ͕࡞੒͞ΕΔʢTFDVSJUZIVCIPHFʣ  $POGJHͷධՁ݁ՌΛ4FDVSJUZ)VC΁࿈ܞ AWS

    Config AWS Security Hub EC2 Lambda RDS VPC ৭ʑͳ"84Ϧιʔε Ϧιʔεͷ มߋཤྺ Config Rule $POGJHϧʔϧ ͷධՁ݁Ռ  💰ϙΠϯτᶃ 💰ϙΠϯτᶄ 💰ϙΠϯτᶅ

27. ๨Εͯ͸͍͚ͳ͍ίετ § ֤՝ۚϙΠϯτͷৄࡉʢ
    WFSʣ ▸ᶃ $POGJHϨίʔμʔͷϦιʔεه࿥ − Ϧιʔε͝ͱʹ ▸ᶄ $POGJHϧʔϧͷධՁ ▸ᶅ
    4FDVSJUZ)VCνΣοΫ݁ՌऔΓࠐΈ

     https://aws.amazon.com/jp/security-hub/pricing/ https://aws.amazon.com/jp/config/pricing/

28. ๨Εͯ͸͍͚ͳ͍ίετ § $POGJHͷϧʔϧධՁλΠϛϯά https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/evaluate-config-rules.html 

29. ๨Εͯ͸͍͚ͳ͍ίετ § $POGJHͷϧʔϧධՁλΠϛϯά https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/evaluate-config-rules.html  &$΍&$4ͷ"VUP4DBMJOH౳Ͱ ᶃ $POGJHϧʔϧͷ࠶ධՁ՝ۚ ᶄ
    $POGJH΁ͷΠϕϯτऔΓࠐΈ՝ۚ
    
    ͷμϒϧύϯνʂ

30.  ͡Ό͋ϧʔϧબఆͲ͏͢Ε͹ʁʁ

31. ύλʔϯᶃɿશϧʔϧཁ൱֬ೝ  § ར༻͍ͯ͠ΔαʔϏε΍4$1΋౿·͑ͯϧʔϧબఆ ▸4&͸γεςϜΛࣗ਎ͷखͰ੍ޚ͍ͨ͠ੜ͖෺Ͱ͢ 4".1-&

32. 4FDVSJUZ)VCͷϧʔϧ͸Ξοϓσʔτͱڞʹ૿͑Δ 

33. 4FDVSJUZ)VCΞοϓσʔτͷ΢Υον  https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/securityhub-announcements.html

34. ύλʔϯᶃɿશϧʔϧཁ൱֬ೝ  § શϧʔϧཁ൱֬ೝ ▸4&͸γεςϜΛࣗ਎ͷखͰ੍ޚ͍ͨ͠ੜ͖෺Ͱ͢ 4".1-& 4FDVSJUZ
    )VCϧʔϧͷΞοϓσʔτ௥ै ˠ ϧʔϧ௥Ճഇࢭ΍ڴҖ౓ͷมߋΛ΢Υον͢Δମ੍ ˠ

    ֤"84αʔϏε͕νϣοτϫΧͬͯϦεΫධՁͰ͖Δਓࡐ ఆظతͳϧʔϧ୨Է͠ͷϓϩηεཱ֬ ˠ ॳظߏஙͯ͠೩͑ਚ͖͕ͪ ͜ͷӡ༻Λճ͢ʹ͸ڧ͍ҙࢤɾମ੍͕ඞཁͰ͢ʢڭ܇ʣ

35.  ڧ͍ҙࢤɾମ੍͕ͳ͍ͷͰ͋Ε͹ʜ

36. ύλʔϯᶄɿॏཁ౓ϕʔεͰ௨஌0/0'' § Ϛωʔδυͳ4FDVSJUZ)VCϧʔϧʹ਎ΛҕͶΔ ▸4FDVSJUZ)VCϧʔϧ͸ఆظతʹ 6QEBUF͞ΕΔ 6QEBUFͯ͠΋Β͑Δɻ − αʔϏεΞοϓσʔτʹΑΓϧʔϧͷඞཁੑ͕ͳ͘ͳͬͨ νΣοΫ಺༰ͷมߋɺॏཁ౓ʢ4FWFSJUZʣͷมߋ ɺͳͲ

    https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/controls-change-log.html 

37. ύλʔϯᶄɿॏཁ౓ϕʔεͰ௨஌0/0'' § Ϛωʔδυͳ4FDVSJUZ)VCϧʔϧʹ਎ΛҕͶΔ ▸4FDVSJUZ)VCϧʔϧ͸ఆظతʹ6QEBUF͞ΕΔɻ − αʔϏεΞοϓσʔτʹΑΓϧʔϧͷඞཁੑ͕ͳ͘ͳͬͨ − νΣοΫ಺༰ͷมߋɺॏཁ౓ͷมߋ ͳͲ https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/controls-change-log.html

     4FDVSJUZ)VC͕ఆٛ͢Δॏཁ౓ʢ4FWFSJUZʣΛ ϕʔεʹ௨஌಺༰Λઃఆ͢Δύλʔϯ

38. ύλʔϯᶄɿॏཁ౓ϕʔεͰ௨஌0/0'' § ͨͩ͠ɺ4FWFSJUZʹԠͨ͡௨஌νϟωϧͷ੾Γସ͑͸.645 ▸௨஌खஈɺνϟοτπʔϧͷνϟωϧͳͲ Amazon EventBridge AWS Security Hub Rule

    Amazon SNS Incident Manager AWS Systems Manager AWS Chatbot Amazon SNS GuardDuty Detective IAM AA Firewall Manager Rule Rule AWS Chatbot Event  Severity : HIGH Status : NEW Severity : CRITICAL Status : NEW Severity : MEDIUM Status : NEW Severity : LOW は一括OFF 4".1-&

39. ύλʔϯᶄɿॏཁ౓ϕʔεͰ௨஌0/0'' § ͨͩ͠ɺॏཁ౓ʹԠͨ͡௨஌νϟωϧͷ੾Γସ͑͸.645 ▸௨஌खஈɺνϟοτπʔϧͷνϟωϧͳͲ Amazon EventBridge AWS Security Hub Rule

    Amazon SNS Incident Manager AWS Systems Manager AWS Chatbot Amazon SNS GuardDuty Detective IAM AA Firewall Manager Rule Rule AWS Chatbot Event  Severity : HIGH Status : NEW Severity : CRITICAL Status : NEW Severity : MEDIUM Status : NEW Severity : LOW は一括OFF 4".1-& ૊৫ମ੍΍ϙϦγʔʹΑͬͯ ϧʔϧઃܭ΍ରԠϑϩʔ͸େ͖͘มΘΔ 4FDVSJUZ)VCͱ͏·͘෇͖߹͏͜ͱͰ αεςφϒϧͳӡ༻Λ

40. ·ͱΊ § 4FDVSJUZ)VCͷείΞ͸ਅʹड͚ͳ͍ ▸͋͘·Ͱͭͷࢦඪͱ͍͏ελϯεͰ ▸lείΞΛʹ͢Δ͜ͱzΛ໨తͱ͠ͳ͍ § ࡶͳશϧʔϧ௨஌μϝઈର ▸ΦΦΧϛগ೥໰୊΍ΞϥʔτͷແҙຯԽʹ ▸ԿΑΓਫ਼ਆతʹΑΖ͘͠ͳ͍ ▸4FDVSJUZ)VCʹৼΓճ͞ΕΔཁҼʹ

    § ͖ͪΜͱΞϥʔτʹؾ෇͍ͯϓϩΞΫςΟϒʹ ΧΠθϯͰ͖Δମ੍ɾϑϩʔͷ੔උΛ ▸ηΩϡϦςΟ͸zશһࢀՃzͰ͢ § ϚϧνΞΧ΢ϯτ؀ڥԼͩͱߋʹෳࡶ౓͕૿͠·͢ ▸಺༰͕ؾʹͳΔํ͸࠙਌ձͳͲͰ͓੠ֻ͚͍ͩ͘͞ 

41. ͓·͚  ͨͱ͑ۓٸੑͷ௿͍಺༰Ͱ͋ͬͯ΋ɺ ి࿩ɾςΩετΞϥʔτɾ໷தͷϓογϡ௨஌ ͱ͍ͬͨݺͼग़͠͸͢΂ͯɺ ΦϯίʔϧΤϯδχΞͷετϨεཁҼͱͳΓ·͢ɻ ͜ΕΒͷετϨεཁҼ͸ ΑΓଟ͘ͷϑϥετϨʔγϣϯͱͳΓɺ ࢓ࣄͷຬ଍౓͸௿Լ͠ɺ -JOLFE*OͰϦΫϧʔλ͔Βͷ

    ϝοηʔδʹฦ౴͢ΔΑ͏ʹͳͬͯ͠·͍·͢ɻ https://www.oreilly.co.jp/books/9784873119847/ 
    Ξϥʔτ͸ͲͷΑ͏ʹ௨஌͞Ε͍ͯΔ͔ʁ
    ΑΓ

42. 5IBOL
    :PV