both AWSのセキュリティ and 自社のセキュリティ  ~JAWS-UG京王線 第4回 攻めと守りのセキュリティ&監視~ 2015/12/06

  • View
    1.363

  • Download
    1

Embed Size (px)

Text of both AWSのセキュリティ and 自社のセキュリティ  ~JAWS-UG京王線 第4回...

AWS

both AWSand JAWS-UG 4 2015/12/06@typhon666_death_Label_Keyword__Keyword__Label_Keyword__Keyword__Label_Keyword__Keyword_

2Typhon)

(AI)

AWS

AWShttp://aws.amazon.com/jp/security/WebAWS

AWS

CustomerOS

AWS

Internet

Office

Servers(Proxy/Mail/etc)

Web App Servers

Web5AWS

IDSIPSWAFetc

TOP10ZAPDependency-Check

Web6()WebOWASP ZAPWAFModSecurityIDS/IPSSnortTripwire

http://sectools.org/

Web7

Internet

Office

Servers(Proxy/Mail/etc)

Web App Servers

8

Internet

Office

Servers(Proxy/Mail/etc)

Web App Servers

9AWSMalvertisement Web

AWS/OA

102015/11/23

URLhttp://myonlinesecurity.co.uk/employee-documents-internal-use-pretending-to-come-from-hr-at-your-own-email-domain-excel-xls-spreadsheet-malware/

11hogehogexlsfugafuga.exe

xlsdocWindowsWindowsWindows

Windows(2015-12-02)http://www.jpcert.or.jp/magazine/acreport-wincommand.html

12OSFlashJava

MyJVNPChttp://jvndb.jvn.jp/apis/myjvn/vccheck.html

13

http://www.atmarkit.co.jp/ait/articles/1509/16/news007.html

14

.vvvhttp://bylines.news.yahoo.co.jp/mikamiyoh/20151206-00052167/

(not DevOps but Dev(ice)Ops)15URLDigital Artsi-Filter

FFRIYarai/Mr.F()

/PaloAltoNetworksWildfireFireEyeNXEXHX