Upload
amazon-web-services-japan
View
10.094
Download
1
Embed Size (px)
Citation preview
AWS Black Belt Online Seminar Amazon Inspector 2016.06.22
:
/@
@ @AWS
AWS Amazon Inspector @hkiriyam1
2
2016622AWS(http://aws.amazon.com)
AWSAWS
AWS does not offer binding price quotes. AWS pricing is publicly available and is subject to change in accordance with the AWS Customer Agreement available at http://aws.amazon.com/agreement/. Any pricing information included in this document is provided only as an estimate of usage charges for AWS services based on certain information that you have provided. Monthly charges will be based on your actual use of AWS services, and may vary from the estimates provided.
3
Amazon Inspector
Amazon Inspector
Amazon Inspector
4
Agenda
Amazon Inspector
Amazon Inspector
5
Agenda
Amazon Inspector
Amazon Inspector
6
7(20151228): http://www.meti.go.jp/press/2015/12/20151228002/20151228002-2.pdf
8(20151228): http://www.meti.go.jp/press/2015/12/20151228002/20151228002-2.pdf
PDCA CSIRTIR
9
Threats Vulnerabilities Assets
10
11
12
Threats Vulnerabilities Assets
13
Threats Vulnerabilities Assets
()
14
OS/
Web
GET foo/bar.do?redirect:$......
WAF
IPS
Firewall
GET /default.ida?XXXX
0101111 1110111 ......
SQLOS
DoS
()
15
OS/
Web
GET foo/bar.do?redirect:$......
WAF
IPS
Firewall
0101111 11101111
0101111 1110111 ......
SQLOS
DoSSYN
Web
()
16
()
17
()
18
()
19
()
20
Agenda
Amazon Inspector
Amazon Inspector
21
Amazon Inspector
22
Amazon EC2
Amazon Inspector
23
AWS
Amazon Inspector
24
* /
AWS
*Amazon Web Services https://aws.amazon.com/jp/security/penetration-testing/
API
Amazon Inspector
25
CVE (Common Vulnerabilities & Exposures)
CIS (Center for Internet Security)OS
26
CVE MITRE(https://cve.mitre.org/) CVECVE--
EC2CVE https://s3-us-west-2.amazonaws.com/rules-engine/CVEList.txt
CVE
CVE (Common Vulnerabilities & Exposures)
27
CIS OS() CISAMIAWS Marketplace
CIS (Center for Internet Security)*
28
https://benchmarks.cisecurity.org/ CIS Amazon Linux Benchmark
*Amazon Linux 2015.03EC2(2016622)
*
29
SSHroot MediumSSH2 MediumSSH Medium Medium Medium Medium(ASLR) Medium(DEP) Medium High
*LinuxOSEC2(2016622)
30
() Medium() LowTCP Informational Informational(DEP)* MediumCookie* Mediumroot* High
*LinuxOSEC2(2016622)
31
1. 2.
3.
4.
Amazon Inspector
32
1. 2.
3.
4.
Amazon Inspector
33
1. 2.
3.
4.
Amazon Inspector
34
1. 2.
3.
4.
Amazon Inspector
35
1. 2.
3.
4.
Amazon Inspector
36
1. 2.
3.
4.
Amazon Inspector
37
user@hostname:~$ wget https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install user@hostname:~$ sudo bash install
1. 2.
3.
4.
Amazon Inspector
38
1. 2.
3.
4.
Amazon Inspector
39
1. 2.
3.
4.
Amazon Inspector
40
1. 2.
3.
4.
Amazon Inspector
41
1.
Amazon Inspector
42
1.
2.
Amazon Inspector
43
1.
2.
Amazon Inspector
44
Amazon Inspector
45
Inspector
S3 Bucket
EC2
IGW
AWS CLI, SDK, HTTPS API
CloudTrail
SNS
API
AWS
Amazon Inspector Amazon S3
TLS AWS
OS
AWS
46
Red Hat Enterprise Linux (7.2 or later)
CentOS (7.2 or later)
Ubuntu (14.04 LTS or later)
Amazon Linux (2015.03 or later)
Microsoft Windows (2012, 2008 R2) - Preview
AWSOS
47https://docs.aws.amazon.com/ja_jp/inspector/latest/userguide/inspector_working-with-agents.html#inspector-agent-os
() [us-east-1]
() [us-west-2]
EU () [eu-west-1]
() [ap-northeast-1]
48https://docs.aws.amazon.com/ja_jp/inspector/latest/userguide/inspector_working-with-agents.html#inspector-agent-os
http://aws.amazon.com/inspector/pricing49
*
250 0.30 USD
750 0.25 USD
4,000 0.15 USD
45,000 0.10 USD
0.05 USD
90250
* = 1 1
Agenda
Amazon Inspector
Amazon Inspector
50
Amazon Inspector
51
Version Control
CI Server
Package Builder
Deploy Server
AMIs
CloudFormation
+
52
API
Inspector
- Security at Scale -
53
Inspector
S3 Bucket
IGW
CloudTrail
SNS
EC2 1b
1a
Auto Scalin
g
ELB
2.
3.Auto Scaling
1.Auto Scaling
54
) :, : :, :
) :, :
Amazon Inspector
55
Amazon Inspector : http://aws.amazon.com/inspector
: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_quickstart.html
FAQ: http://aws.amazon.com/inspector/faqs
: http://aws.amazon.com/inspector/pricing
: http://aws.amazon.com/inspector/customers
: http://aws.amazon.com/inspector/partners
56
AWS
http://aws.amazon.com/jp/aws-jp-introduction/
AWS Solutions Architect Q&A http://aws.typepad.com/sajp/
57
Twitter/FacebookAWS
@awscloud_jp
http://on.fb.me/1vR8yWm
58
AWS AWShttps://aws.amazon.com/jp/contact-us/aws-sales/
AWS59