Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
실 적용 사례로 보는,
AWS를 활용한 AWS 보안의 장점
Namyong Lee | AWS Korea, Partners & Alliances
AWS Partner Network (APN)
AWS 파트너 네트워크(APN)는 Amazon Web
Services를 활용하여 고객을 위한 솔루션과
서비스를 구축하는 기술 및 컨설팅 비즈니스
지원을 위한 글로벌 파트너 ...
AWS Partner Network (APN)
450+ 340+
Select# of AWS Certification
AWS Competencies
APN Programs
사업 영역 및 전문가 보유 역량
Advanced
Premier
(Consulting Only)
APN Tier
A...
Samsung SDS APN Partnership Journey
실 적용 사례로 알아보는,
AWS를 활용한 AWS 보안의 장점
Choun, Junho | Samsung SDS
강연 중 질문하는 방법 AWS Builders
Go to Webinar “Questions” 창에 자신이
질문한 내역이 표시됩니다. 기본적으로 모든
질문은 공개로 답변 됩니다만 본인만 답변을
받고 싶으면 (비공개)라고 ...
Contents
Ⅰ. Overview
Ⅱ. Use Case
#1. Network Security
#2. OS Hardening
Ⅲ. Conclusion & Future Works
Ⅰ. Overview
AWS Security Services
Amazon
Cloud
Directory
Amazon
Cognito
Amazon
GuardDuty
Amazon
Inspector
Amazon
Macie
AWS...
Ⅰ. Overview
AWS Competency
Industry Solution Workload
Ⅰ. Overview
AWS Security Competency 1.2 AWS Security Services Leveraged
AWS IAM
AWS Shield and Shield Advanced
AWS Key Man...
Contents
Ⅰ. Overview
Ⅱ. Use Case
#1. Network Security
#2. OS Hardening
Ⅲ. Conclusion & Future Works
Ⅱ Use Case
Our Categorize
AWS
Directory
Service
AWS
Config
AWS
CloudTrail
AWS
Organiza
tions
AWS IAMAmazon
Inspector
Amazo...
#1. Network Security
Key Service
#1. Network Security
Key Services
2222222222222222222222222222222222222222222222222
AWS WAF CloudFront API
Gateway
Marketp...
#1. Network Security
Abstraction
Tier 2
Users
Tier 1
24x7
Amazon
S3
AWS WAF
Filtering
Rule Amazon
S3
Amazon
CloudFront
Ama...
#1. Network Security
Ruleset Update
AWS
Lambda
SDS Analysis
& Monitoring
SDS
Amazon
Glacier Tier 2
Tier 1
24x7
AWS
Marketp...
#1. Network Security
Log Transfer
AWS WAF Amazon
Firehose
Amazon
CloudFront
Amazon
API
Gateway
Application
Load
Balancer
A...
#1. Network Security
Full Architecture
Tier 2
Users
Tier 1
24x7
AWS WAF
Filtering
Rule AWS
Lambda
Amazon
CloudFront
Amazon...
#1. Network Security
Merit vs Demerit
Hacker
UserUser
AWS WAF; Cloud-basedWAF Agent or Virtual Appliance
MeritDemerit Deme...
#2. OS Hardening
It is very interesting time.
※ Source : https://aws.amazon.com/blogs/aws/new-session-manager/
#2. OS Hardening
Key Services
AWS System Manager & Sub Functions
Main Feature
Application
Load
Balancer
Patch
Manager
Para...
#2. OS Hardening
Abstraction
AWS
System
Manager
Amazon
EC2
Amazon
EC2
Amazon
EC2
Amazon
EC2
Amazon
EC2
Amazon
S3
Customer ...
#2. OS Hardening
Using Metadata
Customer
Run
Command
AWS
System
Manager
Amazon
S3
Amazon
EC2
Amazon
EC2
Amazon
EC2
Metadat...
#2. OS Hardening
Network Configuration
Allow Uni IP
Agent
Amazon
EC2
Security Group A
Security Group B
Audit
Tool
Amazon
E...
Contents
Ⅰ. Overview
Ⅱ. Use Case
#1. Network Security
#2. OS Hardening
Ⅲ. Conclusion & Future Works
Ⅲ. Conclusion & Future Works
AWS Security Services
Ⅲ. Conclusion & Future Works
AWS Services
더 나은 세미나를 위해
여러분의 의견을 남겨주세요!
▶ 질문에 대한 답변 드립니다.
▶ 발표자료/녹화영상을 제공합니다.
http://bit.ly/awskr-webinar
감사합니다.
Upcoming SlideShare
Loading in …5
×

[AWS Builders] 실 적용 사례로 알아보는, AWS를 활용한 WAF 보안의 장점 - 삼성SDS 천준호 프로, 컨설팅그룹 (보안기획팀)

357 views

Published on

발표자료 다시보기: https://youtu.be/jtlivFXcppc

AWS 보안은 AWS 사용자가 시장과 고객의 변화에 대응하기 위해 빠르고 탄력적인 대응을 하는 것 만큼 빠르고 탄력적이어야 합니다. 본 세션에서는 AWS WAF를 이용한 보안관제, System Manager와 Athena를 이용한 OS Hardening과 같은 대표적인 사례를 통해 AWS 서비스만으로 구성된 보안이 갖는 신속함, 탄력성, 간결함은 물론 사용한 만큼 지불하는 요금의 장점을 살펴봅니다. 삼성SDS는 국내 유일 AWS Security Competency를 보유한 보안 전문 기업으로서 고객에게 AWS 보안 서비스를 컨설팅하고 보안 역량 및 조직이 요구되는 24x7 보안관제, 해킹 패턴 분석 및 탐지/차단 Ruleset 작성 등을 제공합니다.

Published in: Technology
  • Be the first to comment

[AWS Builders] 실 적용 사례로 알아보는, AWS를 활용한 WAF 보안의 장점 - 삼성SDS 천준호 프로, 컨설팅그룹 (보안기획팀)

  1. 1. 실 적용 사례로 보는, AWS를 활용한 AWS 보안의 장점 Namyong Lee | AWS Korea, Partners & Alliances
  2. 2. AWS Partner Network (APN) AWS 파트너 네트워크(APN)는 Amazon Web Services를 활용하여 고객을 위한 솔루션과 서비스를 구축하는 기술 및 컨설팅 비즈니스 지원을 위한 글로벌 파트너 프로그램입니다. APN은 다양한 사업기회, 기술, 마케팅과 Go- To-Market 지원을 제공하여 파트너사가 AWS 제품을 구축, 마케팅, 그리고 판매하도록 지원하는 데 중점을 두었습니다.
  3. 3. AWS Partner Network (APN) 450+ 340+
  4. 4. Select# of AWS Certification AWS Competencies APN Programs 사업 영역 및 전문가 보유 역량 Advanced Premier (Consulting Only) APN Tier AWS Partner Selection Criteria 2019 MSP | Service Delivery Program | Public Sector Industry | Solution | Workloads Architect | Dev/Sys Ops | Developer | Specialty Domain Expertise | Experiences
  5. 5. Samsung SDS APN Partnership Journey
  6. 6. 실 적용 사례로 알아보는, AWS를 활용한 AWS 보안의 장점 Choun, Junho | Samsung SDS
  7. 7. 강연 중 질문하는 방법 AWS Builders Go to Webinar “Questions” 창에 자신이 질문한 내역이 표시됩니다. 기본적으로 모든 질문은 공개로 답변 됩니다만 본인만 답변을 받고 싶으면 (비공개)라고 하고 질문해 주시면 됩니다. 본 컨텐츠는 고객의 편의를 위해 AWS 서비스 설명을 위해 온라인 세미나용으로 별도로 제작, 제공된 것입니다. 만약 AWS 사이트와 컨텐츠 상에서 차이나 불일치가 있을 경우, AWS 사이트(aws.amazon.com)가 우선합니다. 또한 AWS 사이트 상에서 한글 번역문과 영어 원문에 차이나 불일치가 있을 경우(번역의 지체로 인한 경우 등 포함), 영어 원문이 우선합니다. AWS는 본 컨텐츠에 포함되거나 컨텐츠를 통하여 고객에게 제공된 일체의 정보, 콘텐츠, 자료, 제품(소프트웨어 포함) 또는 서비스를 이용함으로 인하여 발생하는 여하한 종류의 손해에 대하여 어떠한 책임도 지지 아니하며, 이는 직접 손해, 간접 손해, 부수적 손해, 징벌적 손해 및 결과적 손해를 포함하되 이에 한정되지 아니합니다. 고지 사항(Disclaimer)
  8. 8. Contents Ⅰ. Overview Ⅱ. Use Case #1. Network Security #2. OS Hardening Ⅲ. Conclusion & Future Works
  9. 9. Ⅰ. Overview AWS Security Services Amazon Cloud Directory Amazon Cognito Amazon GuardDuty Amazon Inspector Amazon Macie AWS Artifact AWS Certificate Manager AWS CloudHSM AWS Directory Service AWS Firewall Manager AWS IAM AWS Key Management Service AWS Organizations AWS Secrets Manager AWS Security Hub AWS Shield AWS Single Sign-On AWS WAF +
  10. 10. Ⅰ. Overview AWS Competency Industry Solution Workload
  11. 11. Ⅰ. Overview AWS Security Competency 1.2 AWS Security Services Leveraged AWS IAM AWS Shield and Shield Advanced AWS Key Management Service (KMS) Amazon Inspector AWS Config AWS Config Rules AWS CloudTrail Amazon CloudWatch AWS CloudWatch Events AWS Lambda Amazon Macie AWS CloudHSM AWS WAF AWS Direct Connect Amazon GuardDuty AWS Secrets Manager AWS Certificate Manager Amazon Cognito AWS Single Sign-On AWS Firewall Manager 3.2 Security Tooling AWS Account Security Assessment Identity, Access Control, and Federation Web Application Firewall (WAF) DDoS protection Firewall and Networking Infrastructure Remote Connectivity Infrastructure Endpoint, Host Security (EDR/EPP) and Container Security File Integrity Monitoring (FIM) IDS/IPS Centralized Logging, Monitoring, and/or SIEM Proxies and Egress Access Encryption and Key/Secrets Management of S3, EBS, DynamoDB Data Loss Prevention (DLP)
  12. 12. Contents Ⅰ. Overview Ⅱ. Use Case #1. Network Security #2. OS Hardening Ⅲ. Conclusion & Future Works
  13. 13. Ⅱ Use Case Our Categorize AWS Directory Service AWS Config AWS CloudTrail AWS Organiza tions AWS IAMAmazon Inspector Amazon Macie AWS Systems Manager AWS Artifact AWS CloudHSM AWS Secrets Manager AWS Security Hub AWS Trusted Advisor AWS KMS AWS Shield Amazon GuardDuty AWS WAF Operational Security Account Managing, Logging & Configuration Workload Security OS Hardening & Sensitive Data Protect Security Consulting Data Encryption, Compliance & Audit Network Security IDS/IPS, WAF, Anti-DDoS & 24×7 Security Monitoring Use Case #1 Use Case #2
  14. 14. #1. Network Security Key Service
  15. 15. #1. Network Security Key Services 2222222222222222222222222222222222222222222222222 AWS WAF CloudFront API Gateway MarketplaceApplication Load Balancer CloudFront  Application Load Balancer, API Gateway OWASP Top10, Bots, General & Exploit AWS WAF, Firewall Manager & Filtering Rule Service Enabler 3rd Party RulesetMain Feature
  16. 16. #1. Network Security Abstraction Tier 2 Users Tier 1 24x7 Amazon S3 AWS WAF Filtering Rule Amazon S3 Amazon CloudFront Amazon API Gateway Application Load Balancer Amazon EC2 SDS Analysis & Monitoring Amazon EC2 Amazon EC2 Customer SDS HIDS Manager HIDS Agent HIDS Agent ※ HIDS : Host-based IDS/IPS
  17. 17. #1. Network Security Ruleset Update AWS Lambda SDS Analysis & Monitoring SDS Amazon Glacier Tier 2 Tier 1 24x7 AWS Marketplace Customer AWS WAF Filtering Rule AWS Firewall Manager AWS Management Console
  18. 18. #1. Network Security Log Transfer AWS WAF Amazon Firehose Amazon CloudFront Amazon API Gateway Application Load Balancer AWS Lambda Amazon S3 SDS Analysis & Monitoring Customer SDS Amazon Glacier
  19. 19. #1. Network Security Full Architecture Tier 2 Users Tier 1 24x7 AWS WAF Filtering Rule AWS Lambda Amazon CloudFront Amazon API Gateway Application Load Balancer Amazon EC2 SDS Analysis & Monitoring Amazon EC2 Amazon EC2 Customer SDS HIDS Manager HIDS Agent HIDS Agent ※ HIDS : Host-based IDS/IPS AWS Marketplace AWS Firewall Manager Amazon Glacier Amazon Firehose Amazon S3
  20. 20. #1. Network Security Merit vs Demerit Hacker UserUser AWS WAF; Cloud-basedWAF Agent or Virtual Appliance MeritDemerit DemeritMerit Low Cost, ElasticHigh Cost, Non-elastic DifficultyRuleset Compatibility
  21. 21. #2. OS Hardening It is very interesting time. ※ Source : https://aws.amazon.com/blogs/aws/new-session-manager/
  22. 22. #2. OS Hardening Key Services AWS System Manager & Sub Functions Main Feature Application Load Balancer Patch Manager Parameter Store Maintenance Windows State Manager Automation Run Command InventoryAWS System Manager Amazon Athena Result Analysis Interactive Query Service Using Standard SQL
  23. 23. #2. OS Hardening Abstraction AWS System Manager Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Amazon S3 Customer SDS Amazon Athena Amazon S3 AWS Lambda
  24. 24. #2. OS Hardening Using Metadata Customer Run Command AWS System Manager Amazon S3 Amazon EC2 Amazon EC2 Amazon EC2 Metadata Service Checklist & Scripts SSM Agent SSM Agent SSM Agent
  25. 25. #2. OS Hardening Network Configuration Allow Uni IP Agent Amazon EC2 Security Group A Security Group B Audit Tool Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Security Group A Security Group B Audit Tool Audit Agent Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Security Group B Allow Any IPs Agentless - System Manager SSM AgentAmazon EC2 Amazon EC2 Amazon EC2 Batch Job AWS Management Console
  26. 26. Contents Ⅰ. Overview Ⅱ. Use Case #1. Network Security #2. OS Hardening Ⅲ. Conclusion & Future Works
  27. 27. Ⅲ. Conclusion & Future Works AWS Security Services
  28. 28. Ⅲ. Conclusion & Future Works AWS Services
  29. 29. 더 나은 세미나를 위해 여러분의 의견을 남겨주세요! ▶ 질문에 대한 답변 드립니다. ▶ 발표자료/녹화영상을 제공합니다. http://bit.ly/awskr-webinar
  30. 30. 감사합니다.

×