Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

클라우드 보안의 슈퍼 히어로가 되기 위한 3가지 비밀 :: TrendMicro 양희선 :: AWS Summit Seoul 2016

2,131 views

Published on

5월 17일 서울COEX에서 열린 AWS Summit Seoul 2016에서 TrendMicro 양희선님이 발표하신 "클라우드 보안의 슈퍼 히어로가 되기 위한 3가지 비밀" 발표자료입니다.

Published in: Technology
  • ACCESS that WEBSITE Over for All Ebooks (Unlimited) ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... DOWNLOAD FULL EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M }
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ACCESS that WEBSITE Over for All Ebooks (Unlimited) ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... DOWNLOAD FULL EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M }
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ..............ACCESS that WEBSITE Over for All Ebooks ................ ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you want to download or read this book, copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ..............ACCESS that WEBSITE Over for All Ebooks ................ ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

클라우드 보안의 슈퍼 히어로가 되기 위한 3가지 비밀 :: TrendMicro 양희선 :: AWS Summit Seoul 2016

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Luke_Yang, Cloud Security Team / Trendmicro Kor 2016.05.17 클라우드 보안 슈퍼 히어로가 되기 위한 3가지 비밀
  2. 2. 지금 현재의 당신입니다…
  3. 3. 변신(Shapeshift) 각 서비스(서버) 중심으로 디자인된 보안 아키텍처(security architecture) Superpower #1
  4. 4. Cloud
  5. 5. 변화 전(Before) Firewall IPS Load Balancer Web Tier App Tier DB Tier On-premises
  6. 6. S3 DynamoDB RDS … 변화 후(After) Firewall IPS AWS Web Tier on EC2 App Tier on EC2 Elastic Load Balancer VPC & Security Groups Load Balancer DB Tier Web Tier App Tier IAM CloudTrail
  7. 7. You Physical Infrastructure Network Virtualization Operating System Applications Data Service Configuration 책임 공유 모델(Shared Responsibility Model)
  8. 8. AWS Physical Infrastructure Network Virtualization You Operating System Applications Data Service Configuration 추가 내용은 aws.amazon.com/security 참고 책임 공유 모델(Shared Responsibility Model)
  9. 9. 하이브리드 IT 환경
  10. 10. Crypt-o
  11. 11. Crypt-o
  12. 12. EC2
  13. 13. 24h 48h 72h Attack Source IP – CVE-2014-6271, 7169, 6277, 6278 Disclosure
  14. 14. 24h 48h 72h Attack Source IP – CVE-2014-6271, 7169, 6277, 6278 Disclosure
  15. 15. 24h 48h 72h Disclosure Attack Source IP – CVE-2014-6271, 7169, 6277, 6278
  16. 16. 단일 G/W 보안의 문제점… 경고(Warning): 단일 장애 포인트 (Single Point of Failure) 제한된 처리량 (Limited Throughput)
  17. 17. 변신(Shapeshift) 임무 완수: 단일 장애 포인트 해결 (No Single Point of Failure) 제한 없는 처리량 (UN-Limited Throughput)
  18. 18. VPC & Security Groups S3 DynamoDB RDS … AWS Web Tier on EC2 App Tier on EC2 Elastic Load Balancer IAM CloudTrail
  19. 19. AWS를 위한 변신(Shapeshift) IPS• 각각의 서비스(서버)에 대한 맞춤형 보안 서비스 • 내부 Instance간 트레픽 보호 • 각각의 서비스에 최적화된 정책 (빠르고 오탐이 적다) • 속도에 최적화(처리속도, 낮은 점유) • 단일 장애 포인트 해결 = CLOUD에 최적화
  20. 20. 자동화(Invisibility) 운영자의 개입이 필요 없는 자동 설치 Superpower #2
  21. 21. 보안, 감사 로그 구성, 변화 전(before) Servers Storage Area Network On-premises Firewall IPS Central logging Change Records Report
  22. 22. Payment Client Data On-premises AWS Amazon CloudTrail EC2 instances Central management Amazon S3 Amazon CloudFrontAmazon RDS 보안, 감사 로그 구성, 변화 후(after) Report
  23. 23. Audit-o CloudTrail & AWS Config Security Tools
  24. 24. AWS를 위한 자동 구성(보안) • 보안 Agent 자동 적용 및 자동 구성 • 완벽한 자동화 보안 정책 적용 • 운영자를 위한 자동화된 로깅 제공 = AWS에 최적화된 보안 적용 구현
  25. 25. X-Ray 투시(Vision) AWS 및 하이브리드 보안에 최적화된 가시성 Superpower #3
  26. 26. Integrity Monitoring
  27. 27. AWS에 X-ray 투시 사용 • 무결성 모니터링(Integrity Monitoring)과 로그감사(Log monitoring)를 통한 인스턴스들 (instances) 내부 감시 • 의심스러고, 의도하지 않은 변화를 탐지 = 가시성(visibility) 증가
  28. 28. AWS 자체 영역의 독립적 감사(인증 기관) GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS 클라우드의 자체 보안에 대한 책임 영역
  29. 29. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content 고객이 클라우드에서 자신을 위한 보안 구성을 선택 AWS 클라우드의 자체 보안에 대한 책임 영역 보안은 AWS와 고객 사이에서 공유 Customers Partner solutions – including Trend Micro
  30. 30. SANS/CIS TOP 20 CRITICAL SECURITY CONTROLS 1. Inventory of Authorized & Unauthorized Devices 11. Secure Configurations for Network Devices 2. Inventory of Authorized & Unauthorized Software 12. Boundary Defense 3. Secure Configurations for Hardware & Software on Mobile Devices, Laptops, Workstations, & Servers 13. Data Protection 4. Continuous Vulnerability Assessment & Remediation 14. Controlled Access Base on the Need to Know 5. Controlled Use of Administrative Privileges 15. Wireless Access Control 6. Maintenance, Monitoring, & Analysis of Audit Logs 16. Account Monitoring & Control 7. Email and Web Browser Protections 17. Security Skills Assessment & Appropriate Training to Fill Gaps 8. Malware Defenses 18. Application Software Security 9. Limitation and Control of Network Ports, Protocols, and Services 19. Incident Response Management 10. Data Recovery Capability 20. Penetration Tests & Red Team Exercises
  31. 31. 좀더 나은 AWS 보안을 위해서…
  32. 32. 당신은 새로운 슈퍼 파워를 가질 수 있습니다. 변신(Shapeshifting) X-ray 투시자동화(Invisibility)
  33. 33. 슈퍼 히어로의 도움을 받는 고객들
  34. 34. 참고 (Gartner Best Practices) Best Practices for Securing Workloads in Amazon Web Services http://bit.ly/1pxaFTL
  35. 35. trendmicro.com/aws

×