Your SlideShare is downloading. ×
セキュリティを意識したAWS使用法
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

セキュリティを意識したAWS使用法

4,544
views

Published on

EC2のAMI自体を調べましょうというおはなしです。

EC2のAMI自体を調べましょうというおはなしです。

Published in: Technology

0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,544
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
40
Comments
0
Likes
8
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. AWS Twitter: @ar1yasuarak@amazon.co.jp
  • 2. !  §  §  §  §  Twitter:ar1 §  Debian
  • 3. IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups FirewallAWS Physical Interfaces
  • 4. •  Amazon ( )  •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 5. •  /  •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 6. EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups FirewallAWS Physical Interfaces
  • 7. EC2SSH AMI
  • 8. AMI
  • 9. AMIAMI EBS ? ( ) ( )EBS ssh virus
  • 10. ssh! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX)! authorized_keys §  # sshd -T | grep authorizedkeysfile
  • 11. AWS Public AMI sshIf you forget to remove the existing SSH host key pairsfrom your public AMI, our routine auditing process willnotify you and all customers running instances of yourAMI of the potential security risk. After a short graceperiod, we will mark the AMI private.
  • 12. !   VPC outbound!   t1.micro §  32bit 64bit 64bit 32bit VM mount!   mount –o noexec! chroot