AWS     Twitter: @ar1yasuarak@amazon.co.jp
!      §      §      §      §  Twitter:ar1     §  Debian
IaaS(AWS)        Customer 1        Customer 2            …	      Customer n                                   Hypervisor  ...
•  Amazon            (                        )	  •                                                        	              ...
•                                                                      /                               	  •  iptables     ...
EC2               EC2                …	          EC2                                   Hypervisor                         ...
EC2SSH   AMI
AMI
AMIAMI              EBS                 ? (    )          (          )EBS                      ssh                        ...
ssh! ssh  §  /etc/init.d/ssh       ssh  §  lsof       (lsof –i :22, lsof –p XXX)! authorized_keys  §  # sshd -T | grep ...
AWS           Public AMI sshIf you forget to remove the existing SSH host key pairsfrom your public AMI, our routine audit...
!   VPC        outbound!   t1.micro   §  32bit   64bit   64bit   32bit   VM mount!   mount      –o noexec! chroot
セキュリティを意識したAWS使用法
Upcoming SlideShare
Loading in …5
×

セキュリティを意識したAWS使用法

5,116 views

Published on

EC2のAMI自体を調べましょうというおはなしです。

Published in: Technology
0 Comments
10 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,116
On SlideShare
0
From Embeds
0
Number of Embeds
96
Actions
Shares
0
Downloads
41
Comments
0
Likes
10
Embeds 0
No embeds

No notes for slide

セキュリティを意識したAWS使用法

  1. 1. AWS Twitter: @ar1yasuarak@amazon.co.jp
  2. 2. !  §  §  §  §  Twitter:ar1 §  Debian
  3. 3. IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups FirewallAWS Physical Interfaces
  4. 4. •  Amazon ( )  •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  5. 5. •  /  •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  6. 6. EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups FirewallAWS Physical Interfaces
  7. 7. EC2SSH AMI
  8. 8. AMI
  9. 9. AMIAMI EBS ? ( ) ( )EBS ssh virus
  10. 10. ssh! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX)! authorized_keys §  # sshd -T | grep authorizedkeysfile
  11. 11. AWS Public AMI sshIf you forget to remove the existing SSH host key pairsfrom your public AMI, our routine auditing process willnotify you and all customers running instances of yourAMI of the potential security risk. After a short graceperiod, we will mark the AMI private.
  12. 12. !   VPC outbound!   t1.micro §  32bit 64bit 64bit 32bit VM mount!   mount –o noexec! chroot

×