Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS WAF Security Automation

1,284 views

Published on

My session's slide deck for Network & Security JAWS on Sep 1, 2017

Published in: Technology
  • I think you need a perfect and 100% unique academic essays papers have a look once this site i hope you will get valuable papers, ⇒ www.WritePaper.info ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

AWS WAF Security Automation

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hayato Kiriyama September 1, 2017 AWS WAF Security Automation
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. @hkiriyam1 氏名: 桐山隼人 役割: セキュリティソリューションアーキテクト 業務: 顧客提案、ソリューション開発、市場開拓 プロフィール: 外資系総合IT会社の開発研究所にて開発エンジニア、 セキュリティベンダーにて技術営業を経た後、現職。 MBA, PMP, CISSP, CISA, セキュリティ関連特許多数。 クラウドセキュリティに関するセミナー登壇・記事寄稿など。 自己紹介 RSA Conference 2017 APJ 「Cloud Security Strategy」 Session Speaker AWS Startup Security Talks 「セキュリティ意識が低い CEOはあり得ない」(ITpro) AWS Summit Tokyo 2017 「AWSで実現するセキュリティ・オート メーション」(マイナビニュース) 「IoTビジネスとセキュ リティを3段階と4要素 で理解する」記事寄稿
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/jp/waf/
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF の 良いところ 脅威からの保護 API連携 簡単にデプロイ トラフィック可視化 従量課金制
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF の最近のアップデート HIPAA準拠 レートベースルール OWASP Top10対応 AWS WAF Security Automation
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF レートベースルール アプリ層の DDoS 攻撃、総当たりのログインの試行などの脅威から お客様のウェブサイトと API を保護 https://aws.amazon.com/jp/about-aws/whats-new/2017/06/aws-announces-rate-based-rules-for-aws-waf/ https://aws.amazon.com/waf/faq/ 大量のリクエストを送信するクライアントからの リクエストをブロック CloudWatch や AWS Lambda と組み合わせ カスタムアクションを実行可能 「レートベースのルール」という新しいルールタイプ を作成し、レートの制限値を入力して、このルールを WebACL に追加
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF OWASP Top10 脆弱性対策ホワイトペーパー OWASP Top10脆弱性に対するAWS WAFでの緩和策を記述 [ホワイトペーパー] https://d0.awsstatic.com/whitepapers/Security/aws-waf-owasp.pdf [CFnテンプレート] https://s3.us-east-2.amazonaws.com/awswaf-owasp/owasp_10_base.yml A2 – Broken Authentication and Session Management マッチコンディション例: レートベースルール例: Rule - action: BLOCK; rate limit: 2000; rate key: IP 推奨するWeb ACLとルールを含む CloudFormationテンプレートあり
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Security Automation https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Security Automation https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/ Deploy Analyze Protect
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated Deployment http://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/deployment.html 一般的なWebベースの攻撃から保護するWAFルールセットを自動デプロイ CloudFront向けスタックとALB向けスタックを提供
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 適用スタックの選択 WebACLの事前設定
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated Analysis トラフィックの振る舞いから不正なアクセスの自動解析 コンテンツスクレイパー やBotの誘き寄せ ハニーポット アクセスログ解析 IPリスト解析 DDoSなど疑わしい攻撃 の送信元を特定 IPブラックリストから SpammerやBotnets検知
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ハニーポット アクセスログ解析 IPリスト解析
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated Protection 解析結果に基づいたWAFルールの自動作成と適用 SQL Injection Cross-site Scripting HTTP Floods Scanners and Probes Known Attacker Origins Bots and Scrapers 一般的な攻撃から の自動保護
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAFルールの自動反映
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Security Automation https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/ Deploy Analyze Protect
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 今までのインシデントレスポンス サーバー AWS WAF ログ 脅威分析 攻撃者 ユーザー 通知 セキュリティ エンジニア
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 自動化されたインシデントレスポンス サーバー AWS WAF ログ 脅威分析 ルール更新 攻撃者 ユーザー 通知 セキュリティ エンジニア
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. More Automation to Spend Less Time
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Domain Generation Algorithms 課題 Domain Generation Algorithms(DGA)によるドメイン名からの通信をブロック したい 正しいドメイン名の例:images-amazon DGAによるドメイン名の例:30acd347397c34fc273e996b22951002 解決策 HTTP Header の referrer にあるドメイン名がDGAによるものかを自動判定する
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Domain Generation Algorithms #Version: 1.0 #Fields: date time x-edge-location sc-bytes c-ip cs-method cs(Host) cs-uri-stem sc-status cs(Referer) cs(User-Agent) cs-uri-query cs(Cookie) x- edge-result-type x-edge-request-id x-host-header cs-protocol cs-bytes time-taken x-forwarded-for ssl-protocol ssl-cipher x-edge-response-result- type cs-protocol-version 2014-05-23 01:13:11 FRA2 182 192.0.2.10 GET d111111abcdef8.cloudfront.net /view/my/file.html 200 www.displaymyfiles.com Mozilla/4.0%20(compatible;%20MSIE%205.0b1;%20Mac_PowerPC) - zip=98101 RefreshHit MRVMF7KydIvxMWfJIglgwHQwZsbG2IhRJ07sn9AkKUFSHS9EXAMPLE== d111111abcdef8.cloudfront.net http - 0.001 - - - RefreshHit HTTP/1.1 2014-05-23 01:13:12 LAX1 2390282 192.0.2.202 GET d111111abcdef8.cloudfront.net /soundtrack/happy.mp3 304 www.unknownsingers.com Mozilla/4.0%20(compatible;%20MSIE%207.0;%20Windows%20NT%205.1) a=b&c=d zip=50158 Hit xGN7KWpVEmB9Dp7ctcVFQC4E-nrcOcEKS3QyAez--06dV7TEXAMPLE== d111111abcdef8.cloudfront.net http - 0.002 - - - Hit HTTP/1.1 ■評価データ:CloudFront のログ ■教師データ: 正しいドメイン名:Alexa Top 10,000 不正なドメイン名:既知のフィッシングサイト
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DGA Protection AWS WAF + Amazon Machine Learning AWS WAF Amazon CloudFront 攻撃者 ユーザー Webアプリ Amazon Kinesis アクセスログ バケット ログパーサー AML呼び出し AMLバッチ ペイロードバケット AML DGA Protection AML結果WAFルール 更新 https://www.slideshare.net/AmazonWebServices/web-security-automation-spend-less-time-securing-your-applications
  24. 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PoC結果 Category Result Accuracy 98% Recall true positive rate 78% False positive rate 1% True negative rate 99%
  25. 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 今日のまとめ Feature Updates for Automation Security Automation Solution Machine Learning to Automate More
  26. 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Hayato Kiriyama

×