Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handling Method on Public Clouds -

700 views

Published on

Rakuten Technology Conference 2013
"FUSION Forensics - A Critical Information Handling Method on Public Clouds -"
Isao Okazaki, FUSION Communications Corporation

Published in: Technology
  • Be the first to comment

[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handling Method on Public Clouds -

  1. 1. 1 FUSION Forensics - A Critical Information Handling Method on Public Clouds - Isao Okazaki FUSION Communications Corporation October 26 2013
  2. 2. 2 Agenda 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion
  3. 3. 3 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I would like to talk about our company overview and our services.
  4. 4. 4 What is FUSION? – Corporate Overview Name FUSION COMMUNICATIONS Corporation Established March 13 2000 President Takahito Aiki Business in brief Telecommunications carrier Major shareholders Rakuten Inc. (54.78%) Marubeni Corporation (38.00%) Our company, FUSION Communications corporation (FUSION) was established in 2000 as an telecommunications carrier. Now FUSION is a subsidiary company of Rakuten and Marubeni, respectively.
  5. 5. 5 What is FUSION? – Service Line-ups Phone Service FUSION has provided Phone Service since 2001.
  6. 6. 6 Telephony Service We have Broadened B2B Telephony Service. What is FUSION? – Service Line-ups
  7. 7. 7 Mobile Service ISP Service We have expanded service category to ISP and Mobile. What is FUSION? – Service Line-ups Telephony Service
  8. 8. 8 Cloud Service Cloud Service is the newest category of FUSION. What is FUSION? – Service Line-ups Mobile Service ISP Service Telephony Service
  9. 9. 9 What is FUSION? – Cloud Service (IaaS) We firstly started Public Cloud Service, “FUSION Cloud” (IaaS) in 2012.  Carrier grade Service Quality of FUSION IaaS (Apr.2012)
  10. 10. 10 What is FUSION? – Broadening Cloud Service We have launched New Cloud Services, PaaS & SaaS since October, 2012.  Original and unique services IaaS (Apr.2012) PaaS for RMS (Oct.2012) SaaS for File Sharing (Feb.2013) SaaS for Log Audit (May,2013)
  11. 11. 11 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I have talked about our company overview and our services.  We are one of the Rakuten group company and we launched unique cloud services like FUSION Forensics.
  12. 12. 12 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I would like to talk about Digital Forensics and to show you how to handle critical information on “systems” using Digital Forensics.
  13. 13. 13 What are Digital Forensics? – Forensics Forensic science is generally defined as the application of science to the law (*). (*)NIST SP800-86 (http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf) For example, regarding criminal investigation, it is considered as follows: Examine Data Analyze Information Report Evidence Forensic science can find or deduce who did the crime. That’s why they contribute to deter crimes. Collect Marks Smell Finger Print
  14. 14. 14 What are Digital Forensics? – Digital Forensics The process of Digital Forensics is the same as in a criminal investigation. Generally, Digital Forensics is considered the application of science to the following process (*). (*)In reference to NIST SP800-86 (http://csrc.nist.gov/publications/nistpubs/800- 86/SP800-86.pdf), FUSION made this figure. Collect Media Examine Data Analyze Information Report Evidence Digital Forensics can find or deduce who operates the information. That’s why they contribute to suppress security incident including information leakage.
  15. 15. 15 What happens if we don’t have the system for digital forensics and if security incident occurred? In these cases, a lot of problems occur in the process of digital forensics. C R A E  There aren’t enough information to report.  Are there any Logs?  Where are the Logs?  Which Log should I look at?  Is the Log correct?  How to analyze the Logs?  It takes for a long time. Security Incident What are Digital Forensics? – Handling Critical Information(1)
  16. 16. 16 What are Digital Forensics? – Handling Critical Information(2) Therefore, we need the system for digital forensics to suppress security incident and to handle critical information on systems. System for Digital Forensics If we don’t have the system for digital forensics, security incident takes so much effort and time to solve the problem. Furthermore, the company would lose their customers’ trust. Security Incident System for Digital Forensics
  17. 17. 17 Actually, IPA (Information-technology Promotion Agency, Japan) announced that regarding technical side introducing digital forensics is effective for attacking measures from inside the company (*). (*)http://www.ipa.go.jp/security/fy23/reports/insider/documents/insider_report.pdf Security Incidents SecurityIncidents from Outside Company from Inside Company Conventional Information Security Confidentiality Availability integrity Technical Side: Introducing Digital Forensics Operation Side: Setting Appropriate Access Authority Information Security Measures IPA announced they are effective for attacking measures from inside the company. What are Digital Forensics? – Handling Critical Information(3)
  18. 18. 18 Generally, there are 3 collecting methods on Digital Forensics. ①Jump Server ②Log Server ③Network Traffic Capturing Operators ②Log Server Network ①Jump Server ③ Network Traffic Capturing We adopted ①Jump Server because it can directory record all the commands and their responses of operations. LogLog Log Log What are Digital Forensics? – Handling Critical Information(4) Servers Log
  19. 19. 19 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I have talked about Digital Forensics and show you how to handle critical information on “systems” using Digital Forensics.
  20. 20. 20 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I would like to talk about FUSION Forensics and show you how to handle critical information on “public clouds” using FUSION Forensics.
  21. 21. 21 What are FUSION Forensics? – Backgrounds(1) On-premises Enterprise Systems Advantages in - Cost Effectiveness - System Elasticity - BCP measures more… Public Cloud The trend from on-premises enterprise systems to public cloud has been growing sharply over the past few years.
  22. 22. 22 What are FUSION Forensics? – Backgrounds(2) Public Cloud The demand of handling critical information on public cloud has been increasing as well as on-premises enterprise systems. Demand of Handling Critical Information On-premises Enterprise Systems Advantages - Cost Effectiveness - System Elasticity - BCP measures more… Demand of Handling Critical Information
  23. 23. 23 What are FUSION Forensics? – Backgrounds(3) Public Cloud I will explain FUSION Forensics and show you how to handle critical information on “public clouds” using FUSION Forensics. On-premises Enterprise Systems Advantages - Cost Effectiveness - System Elasticity - BCP measures more… Demand of Handling Critical Information Demand of Handling Critical Information
  24. 24. 24 What are FUSION Forensics? – Introduction(1) FUSION Forensics provide the environment to handle critical information.  Operation Log Capturing  Archiving original logs  Searching Logs on Management Console  Reporting Audit Evidence Automatically FUSION developed and commercialized one of the solution for digital forensics. C R A E
  25. 25. 25 What are FUSION Forensics? – Introduction(2) Operators Servers Log FUSION Forensics adopted ①Jump Server for collecting method because it can directory record all the commands and their responses of operations. ①Jump Server All the operation logs of the operators are captured in the jump server.
  26. 26. 26 What are FUSION Forensics? – System Image(1) VMs VMs Physical Servers On-premises Ent. Systems Clouds Public Cloud FUSION Operation SSH, etc. Admin Audit Operators Auditors Administrators Jump Servers Log Capturing Log Archive Servers Operation SSH, etc. Original PrivateLinesInternetVPC,etc. Collecting Servers Key for User Key for User Key for Server Key for Server Log User Original Log Reference Registration Client Software TeraTerm/PuTTY Supporting various systems. Management Console Web Servers
  27. 27. 27 What are FUSION Forensics? – System Image(2) VMs VMs Physical Servers On-premises Systems Clouds Public Cloud FUSION Operation SSH, etc. Admin Audit Auditors Administrators Jump Servers Log Capturing Log Archive Servers Operation SSH, etc. Original PrivateLinesInternetVPC,etc. Collecting Servers Key for User Key for Server Key for Server Log User Original Log Reference Registration Supporting SSL and key pairs on both sides of users and servers for secure access to public clouds. . Management Console Web Servers Key for User Client Software TeraTerm/PuTTY Operators
  28. 28. 28 What are FUSION Forensics? – System Image(3) VMs VMs Physical Servers On-premises Systems Clouds Public Cloud FUSION Operation SSH, etc. Admin Audit Auditors Administrators Jump Servers Log Capturing Log Archive Servers Operation SSH, etc. Original PrivateLinesInternetVPC,etc. Collecting Servers Key for User Key for Server Key for Server Log User Original Log Reference Registration Supporting various client software such as TeraTerm, PuTTY and more. So, operators don’t need to install specific software. Management Console Web Servers Key for User Operators Client Software TeraTerm/PuTTY
  29. 29. 29 What are FUSION Forensics? – System Image(4) VMs VMs Physical Servers On-premises Systems Clouds Public Cloud FUSION Operation SSH, etc. Admin Audit Auditors Administrators Jump Servers Log Capturing Management Console Web Servers Log Archive Servers Operation SSH, etc. Original PrivateLinesInternetVPC,etc. Collecting Servers Key for User Key for Server Key for Server Log User Original Log Reference Registration Supporting management console. So, administrators or auditors can manage and audit operators. Key for User Client Software TeraTerm/PuTTY Operators
  30. 30. 30 What are FUSION Forensics? – Features (1)  Capturing Protocol: SSH, Telnet, FTP, SCP, SFTP, RDP(Coming in Nov.)  Client Software: Tera Term, PuTTy, OpenSSH, WinSCP, FileZilla, SFTP  Connecting to: public clouds, on-premises systems, network equipment  SSH Authentication Method: 2 step, menu C Collection (Media) Examination (Data) Analysis (Information) Reporting (Evidence)
  31. 31. 31 What are FUSION Forensics? – Features(2)  User/Server Maintenance: User Maintenance, Server Maintenance, User/Server Access Control, Log Volume  Dashboard: Access Summary, Announcement  Log Type: Command Line, Command Response  Log Search: Time Interval, User Name, Server Name, User/Server IP Address, Protocol, Commands, Searching Option  Log reporting for Audit: Periodical Reporting of the specific format  Log Download: Generating CSV formatted Log, Log Compression with Password R A E Collection (Media) Examination (Data) Analysis (Information) Reporting (Evidence)
  32. 32. 32 Internal operators access to their internal on-premises systems through FUSION Forensics. What are FUSION Forensics? – Use Cases(1) Operators Log  From Internal to Internal connection Internal Internal Critical Information ①Access ②Manage and audit operators Auditors Administrators On-premises Systems ①Access
  33. 33. 33 What are FUSION Forensics? – Use Cases(2) Internal operators access to their external servers on Public Clouds through FUSION Forensics.  From Internal to External connection Operators Log Internal External Servers Public Clouds Critical Information Auditors Administrators ②Manage and audit operators ①Access①Access
  34. 34. 34 What are FUSION Forensics? – Use Cases(3) External Vendor Engineers access to customers’ internal on-premises servers through FUSION Forensics. Engineers Vendor Log  From External to Internal connection External Internal Critical Information Auditors Administrators On-premises Systems ②Manage and audit operators ①Access①Access
  35. 35. 35 What are FUSION Forensics? – Use Cases(4)  From External to External connection Log External Servers Public CloudsEngineers Vendor External External Vendor Engineers access to customers’ external servers on Public Clouds through FUSION Forensics. Critical Information Auditors Administrators ②Manage and audit operators ①Access①Access
  36. 36. 36 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I have talked about FUSION Forensics and show you how to handle critical information on “public clouds” using FUSION Forensics.
  37. 37. 37 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda
  38. 38. 38 FUSION Forensics Demo – SSH /w Key Pair Operators Log Servers Critical Information ①Access (SSH and Key Pair) ②Manage and audit operators Auditors Administrators First, operators access to their external servers on FUSION Cloud through FUSION Forensics using SSH client and key pair. After that, administrators search and check the log through management console. Internal External Start Demo Start Demo ①Access (SSH and Key Pair)
  39. 39. 39 FUSION Forensics Demo – RDP Operators Log Servers Critical Information Auditors Administrators Second, operators access to their external servers on FUSION Cloud through FUSION Forensics using RDP. After that, administrators search and check the log through management console. Internal External Start Demo ①Access (RDP) ②Manage and audit operators ①Access (RDP)
  40. 40. 40 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda Summary of this part:  I talked about FUSION Forensics Demo using SSH and RDP.
  41. 41. 41 1) What is FUSION? 2) What are Digital Forensics? 3) What are FUSION Forensics? 4) FUSION Forensics Demo 5) Conclusion Agenda
  42. 42. 42 In this presentation, we will introduce FUSION Forensics and show you how to handle the critical information on public cloud using FUSION Forensics. Conclusion Collection (Media) Examination (Data) Analysis (Information) Reporting (Evidence)
  43. 43. 43 Thank you for listening!
  44. 44. 44 For more information, Booth: RT1 13F Cafeteria Web Site: www.fusioncom.co.jp/forensics/ E-mail: cloud_plan@fusioncom.co.jp Please visit and contact us!

×