Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ユーザー企業における情報システムとセキュリティ #seccamp2019

Kengo Suzuki
August 16, 2019
Technology
28
24k

ユーザー企業における情報システムとセキュリティ #seccamp2019

ユーザー企業ではユーザーとビジネスを守る(Protect)ため、様々なリスク管理を実施しています。それ自体の変化はありませんが、業務システムやサービスをホスティングする環境が多様化するかたわら、新しいリスクが生まれてきているのも事実です。 本講義では、ビジネスを継続成長させていく中で、経営的なお話、新しいセキュリティの概念「ゼロトラスト」、サイバーセキュリティフレームワークなどをまじえて、どのようにユーザー企業内でのセキュリティ体制を構築・運用していくか学んでいきます。最終的なゴールはユーザー企業にセキュリティ担当で入った場合の動き方をイメージできるようになっていることを目標にします。

Kengo Suzuki

August 16, 2019
Tweet

More Decks by Kengo Suzuki

See All by Kengo Suzuki
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
1
410
Eventual Detection Engineering
ken5scal
0
1.7k
脆弱性対応をこの先生きのこるには
ken5scal
0
920
LayerXとMDMのリスク評価と年次対応の実例(公開版)
ken5scal
2
1.1k
AWSだ! Google Cloudだ! Azureだ! 認証連携だ!
ken5scal
9
2k
適応し続けるプロダクトとセキュリティ
ken5scal
5
2k
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
3.2k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
300
暇だしDevSecOpsやってみた - CodePipeline Now and Then
ken5scal
3
5.6k

Other Decks in Technology

See All in Technology
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
230
SREの前に
nwiizo
11
2.7k
マルチモーダルデータ基盤の課題と観点
neonankiti
1
110
Microsoft Intune アプリのトラブルシューティング
sophiakunii
1
410
マイベストのデータ基盤の現在と未来 / mybest-data-infra-asis-tobe
mybestinc
2
1.9k
OCI Data Integration技術情報 / ocidi_technical_jp
oracle4engineer
PRO
1
2.6k
音声×Copilot オンコパの世界
kasada
1
110
RustとWebAssemblyを使って高速な画像処理をWebアプリで実行しよう
rebonire626
0
110
Spring Frameworkの新標準!? ~ RestClientとHTTPインターフェース入門 ~
ogiwarat
2
260
Redmine 6.0 新機能評価ガイド
vividtone
0
270
What to do after `laravel new`
mattstauffer
0
140
徹底比較!HA Kubernetes ClusterにおけるControl Plane LoadBalancerの選択肢
logica0419
2
140

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Documentation Writing (for coders)
carmenintech
65
4.4k
Rails Girls Zürich Keynote
gr2m
93
13k
The Invisible Side of Design
smashingmag
297
50k
GraphQLとの向き合い方2022年版
quramy
43
13k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
The Language of Interfaces
destraynor
154
24k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
15
2k

Transcript

  1. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - શମ૾ฤ 2019/08/10 By @ken5scal

  2. ࣗݾ঺հ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰

    - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ

  3. ͋Δ೔…

  4. օ༷ͱ໨ઢ߹Θͤ

  5. - Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” -

    Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM

  6. - Who: “ੈͷதΛࣗ෼ͨͪͷྗͰม͍͖͍͑ͯͨͱࢥ͍ͬͯΔํ” - What: “ࠓճ͸ʮ͖ͪΜͱӡ༻͢Δʯͱ͍͏ࣄΛςʔϚ” - Howᶃ: “ߴ౓ͳ৘ใηΩϡϦςΟٕज़ͷशಘ” -

    Howᶄ: “Ϟϥϧ΍๏཯९कͷҙࣝɺηΩϡϦςΟҙࣝɺ৬ۀҙ ࣝɺཱࣗతͳֶशҙࣝʢٕज़Ҏ֎ʹඞཁͳٕೳʣʹ͍ͭͯ΋޲্ ͷͨΊͷػձΛఏڙ” ӡ༻ͱ։ൃτϥοΫ IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@DIBSBDUFSJTUJDIUNM IUUQTXXXJQBHPKQKJO[BJDBNQ[FOLPLV@BCPVUIUNM

  7. ੈͷத͕มΘΔͱ͸ʁ

  8. None

  9. ͱ͍͏͜ͱͰ͸ͳ͘ ʢݸਓͷҙݟͰ͢ʣ

  10. ৽͍͠Ձ஋Λ૑ग़͢Δ͜ͱ

  11. - ੈքతྲྀΕ - ୈ4࣍࢈ۀֵ໋ٕज़ - ࠃ಺ͷྲྀΕ - Connected Industry -

    Society 5.0 ৽͍͠Ձ஋ͷ૑ग़ͷྲྀΕ

  12. ୈ̐࣍࢈ۀֵ໋ IUUQTXXXCSJUBOOJDBDPNUPQJD5IF'PVSUI*OEVTUSJBM3FWPMVUJPO

  13. - ࣮ੈքʢϑΟδΧϧۭؒʣʹ͋Δଟ༷ ͳσʔλΛηϯαʔωοτϫʔΫ౳Ͱ ऩू͠ɺαΠόʔۭؒͰେن໛σʔλ ॲཧٕज़౳Λۦ࢖ͯ͠෼ੳʗ஌ࣝԽΛ ߦ͍ɺͦ͜Ͱ૑ग़ͨ͠৘ใʗՁ஋ CPS IUUQTXXXKFJUBPSKQDQTBCPVU

  14. - “զ͕ࠃ͸ɺ੡଄ۀΛ௒͑ͯɺϞϊͱϞ ϊɺਓͱػցɾγ εςϜɺਓͱٕज़ɺҟͳΔ࢈ۀʹଐ͢Δاۀͱاۀɺੈ ୅Λ௒ ͑ͨਓͱਓɺ੡଄ऀͱফඅऀͳͲɺ༷ʑͳ΋ͷΛ ͭͳ͛Δ”࢈ۀࣾձ Connected Industries

  15. Connected Industries in ۚ༥ ۚ༥ிϑΟϯςοΫ͸ڞ௨Ձ஋Λ૑଄Ͱ͖Δ͔

  16. νϟοτ(LINE) X ূ݊ձࣾ(FOLIO) ʲ-*/&'JOBODJBMʳ-*/&'JOBODJBMͱ'0-*0ɺʮ-*/&εϚʔτ౤ࢿʯΛຊ೔͔Βఏڙ։࢝

  17. IUUQTOFXTQJDLTDPNOFXT

  18. - ௒εϚʔτࣾձ - ʮඞཁͳ΋ͷɾαʔϏεΛɺඞཁͳਓʹɺඞཁͳ࣌ʹɺඞཁͳ͚ͩఏڙ͠ɺࣾձͷ༷ʑ ͳχʔζʹ͖Ίࡉ͔͘ରԠͰ͖ɺ͋ΒΏΔਓ͕࣭ͷߴ͍αʔϏεΛड͚ΒΕɺ೥ྸɺੑ ผɺ஍Ҭɺݴޠͱ͍༷ͬͨʑͳҧ͍Λ৐Γӽ͑ɺ׆͖׆͖ͱշదʹ฻Β͢͜ͱ͕Ͱ͖ Δʯࣾձ - ํ޲ੑ -

    ʮ৽ͨͳ֗ʯͮ͘ΓͷࡏΓํͦͷ΋ͷͷݟ௚͠ - γΣΞϦϯάΤίϊϛʔͷਪਐ - FinTechͷ׆༻ਪਐ Society 5.0 IUUQXXXTPVNVHPKQKPIPUTVTJOUPLFJXIJUFQBQFSKBIQEGOQEG IUUQTXXXNFUJHPKQQSFTTQEG

  19. - ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ - ΑΓੜ׆ʹີணͨ͠࿈ܞʹͳΓɺαΠόʔۭؒͱϑΟδΧϧۭ͕ؒ݁߹͖ͯͨ͠ - ෼໺ - ϔϧεέΞ - Ҡಈʢ෺ྲྀɾҠಈʣ

    - αϓϥΠνΣʔϯ - ۚ༥ ʢ·ͱΊʣ৽͍͠Ձ஋͸Ͳ͜Ͱੜ·Ε͍ͯΔ͔ʁ

  20. ৽͍͠Ձ஋ͱϦεΫ

  21. - ΞϝϦΧͰϑΟϯςοΫ౤ࢿͷओͨΔྖҬ͸༥ࢿͱܾࡁ - ༥ࢿɿ68ԯυϧ - ܾࡁ: 19ԯυϧ ৽͍͠Ձ஋ͷܦࡁن໛ IUUQTXXXDBPHPKQLFJ[BJOLO@@IUN

  22. ࢢ৔ΛऔΓʹߦ͘ᗐ྽ͳ૪͍

  23. Typical concern about platform markets is that people will coordinate

    on a “dominant” platform. IUUQTXFCTUBOGPSEFEVdKEMFWJO&DPO-FDUVSF&DPOPNJDTPG1MBUGPSNTQQUY

  24. ݁Ռ

  25. https://piyolog.hatenadiary.jp/entry/2019/06/07/063000 IUUQTQJZPMPHIBUFOBEJBSZKQFOUSZ

  26. https://headlines.yahoo.co.jp/hl?a=20190716-00000136-kyodonews-bus_all IUUQTIFBEMJOFTZBIPPDPKQIM BLZPEPOFXTCVT@BMM

  27. IUUQTLPOEFJIBUFCMPKQFOUSZ

  28. None

  29. IUUQXXXJUSFTFBSDIBSUCJ[ Q

  30. - ࢈ۀͳͲطଘͷ࿮૊ΈΛ௒͑Δ࿈ܞ IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFTBOHZP@DZCFSXH@TFJEPXH@CVOZBPEBOEBJOJTPQEG@@QEG

  31. - 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ

    - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ

  32. - 2011: - Playstation Networkʹର͢ΔSQL InjectionʹΑΔݸਓ৘ใྲྀग़ - 2012: - ΦϯϥΠϯόϯΫʹର͢ΔϚϯΠϯβϒϥ΢βʹΑΔෆਖ਼ૹۚ

    - 2014: - ϕωοη ͷ಺෦൜ߦʹΑΔݸਓ৘ใྲྀग़ - 2015: - ೥ۚ؅ཧγεςϜαΠόʔ߈ܸ ʹΑΔݸਓ৘ใྲྀग़ - 2018: - Ծ૝௨՟औҾॴ͔Βͷ҉߸ࢿ࢈ྲྀग़ - 2019: - ΩϟογϡϨεαʔϏεʹ͓͚Δෆਖ਼ߪೖ ৽͍͠Ձ஋ͱϦεΫݦࡏԽͷྫ ݦࡏԽ·Ͱͷεϐʔυ૿Ճ

  33. IUUQTXXXFOJTBFVSPQBFVQVCMJDBUJPOTFOJTBUISFBUMBOETDBQFSFQPSU IUUQTXXXJQBHPKQTFDVSJUZWVMOUISFBUTIUNM ৽͍͠Ձ஋ͱมԽ͢ΔڴҖ

  34. Ձ஋͕มԽ͢ΔʹͭΕ ϦεΫ͕৽͘͠ੜ·ΕΔɹor ϦεΫͷେ͖͕͞มԽ͢Δ

  35. ੈͷதΛม͑ͳ͕Β ͖ͪΜͱӡ༻͍ͯ͘͠ͱ͸ʁ

  36. ᶃΠϊϕʔγϣϯΛ࠷଎Խͭͭ͠ ᶄՁ஋Λ࠷େԽͭͭ͠ɺ ᶅϦεΫΛ࠷খԽ͢ΔࢪࡦΛ࣮ߦ͢Δ

  37. ࠓ೔ͷΰʔϧ

  38. - ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧ

  39. ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰

    - 2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ

  40. - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ޷͖ͳٕज़ελοΫ: ೝূɾೝՄ - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ -

    2011: NRIηΩϡΞ - SIer - ূ݊ձࣾ޲͚MSS αʔϏεͷఏڙ - 2014: Money Forward - Ϣʔβʔاۀ - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIO - Ϣʔβʔاۀ - ূ݊ܥFintechελʔτΞοϓ ͱݴ͓ͬͨ࿩Λ͍͖ͤͯͨͩ͞·͢ ূ݊ۀքͷཱ৔͔Βɺ Ͳ͏ελʔτΞοϓͰʮͪΌΜͱӡ༻͢Δʯ͔ ͓࿩͍͖ͤͯͨͩ͞·͢ɻ

  41. - ࣗݾ঺հ: @ken5scal (ླ໦ݚޗ) - ۚ༥ܥɾFintechܥͰେاۀɾελʔτΞοϓ྆ํͰηΩϡϦςΟΛ୲౰ - 2011: - NRIηΩϡΞ

    ূ݊ձࣾ޲͚MSS - 2014: Money Forward - ࢿ࢈؅ཧɾΫϥ΢υձܭܥFintechελʔτΞοϓ - 2018: FOLIOʢݱ৬ʣ - ূ݊ܥFintechελʔτΞοϓ ٕज़ॻయͳͲͰಉਓࢽग़ͯ͠·͢

  42. ΑΖ͓͘͠ئ͍͠·͢

  43. - 3ࣾʹ7೥΄Ͳ͔͍ͨ͜͠ͱ͕ͳ͍ - Fintechɾۚ༥ͷதͰ΋ɺ2छ΄Ͳ͔͠ܦݧͳ͠ - ͕ͨͬͯ͠ɺҰൠతͳ಺༰ͱ͸ݴ͍೉͍ ஫ҙ

  44. - ʮੈͷதΛม͑Δʯͱʮ͖ͪΜͱӡ༻͢ΔʯΛཱ྆͢Δͨ Ίͷશମ૾Λ೺Ѳ͢Δ - ূ݊ձࣾΛέʔεελσΟͱ͢Δ - ࣌୅എܠͱͱ΋ʹมΘΓͭͭ͋Δઃܭํ਑Λ೺Ѳ͢Δ - BeyondCorpͷ঺հ ࠓ೔ͷΰʔϧʢ࠶ܝʣ

  45. ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  46. ๏ྩɾج४ɾࢦ਑ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  47. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  48. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  49. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ 43&νʔϜ͕ओʹ୲౰͕ͪ͠

  50. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢՄ༻ੑʣ ઓུʢ׬શੑʣ ϓϩμΫτνʔϜ͕ओʹ୲౰͕ͪ͠

  51. ઃܭ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  52. ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  53. ๏ྩɾج४

  54. ๏ྩɾج४ ๏ྩɾج४ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  55. - ๏ྩ: - ٞձ੍͕ఆ͢Δ๏نൣʢ๏཯ʣ + ߦ੓ػ੍͕ؔఆ͢Δ๏نൣʢ໋ྩʣ - ๏త߆ଋྗ͸͋Δ - ج४:

    - ࠷௿ݶຬͨ͢΂͖ϧʔϧ - ९कΛਪ঑͞ΕΔʮΨΠυϥΠϯʯ΍ʮࢦ਑ʯ΋ؚ·ΕΔ͜ͱ͕͋Δ - ๏త߆ଋྗ͸ͳ͍ʢ͋Δʣ - ͜ΕΛຬͨͯ͠ͳ͍ͱ͖ʹɺى͜Γ͏Δ͜ͱ͸… ๏ྩɾΨΠυϥΠϯͱ͸ IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ

  56. - ਉຽͷ޾෱Λ૿ਐ͢ΔͨΊ - ެڞͷ҆ೡடংΛอ࣋͢ΔͨΊ ๏ྩɾΨΠυϥΠϯͷ໨త IUUQTKBXJLJQFEJBPSHXJLJ๏ྩ

  57. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

  58. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

  59. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

  60. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

  61. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - ΨΠυϥΠϯ

    - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ۀ຿ʹ͓͚Δಛఆݸਓ৘ใͷదਖ਼ͳऔѻ͍ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻ - தখاۀBCPࡦఆӡ༻ํ਑ ূ݊ձࣾʹ͓͚Δ๏ྩɾ๏཯ʢҰ෦ʣ

  62. ९क͞Εͳ͍ͱ…?

  63. ɹߦ੓ॲ෼

  64. ߦ੓ॲ෼ྫ

  65. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc

    - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ

  66. - ๏ྩɾ๏཯ - ۚ༥঎඼औҾ๏ʢ಺෦౷੍ʣ - ൜ࡑऩӹҠస๷ࢭ๏ - ݸਓ৘ใอޢ๏ - etc

    - ΨΠυϥΠϯ - ۚ༥঎඼औҾۀऀ౳޲͚ͷ૯߹తͳ؂ಜࢦ਑ - ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ - ϚωʔϩʔϯμϦϯάٴͼςϩࢿۚڙ༩ରࡦʹؔ͢ΔΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ۚ༥ػؔ౳ʹ͓͚ΔίϯςΟϯδΣϯγʔϓϥϯࡦఆͷͨΊͷखҾॻʢࣄۀܧଓʣ - தখاۀBCPࡦఆӡ༻ํ਑ʢࣄۀܧଓʣ - etc ؂ಜࢦ਑Λओ࣠ʹਾ͑ͨ๏ྩରԠ ☓ߦ੓ॲ෼Λ͏͚ͳ͍ͨΊͷରԠ ˓ϢʔβʔͷอޢͱՁ஋ͷఏڙΛܧଓ͢ΔͨΊͷରԠ

  67. ۚ༥঎඼औҾۀऀ౳޲͚ͷ ૯߹తͳ؂ಜࢦ਑

  68. - “ۀ຿ͷ݈શ͔ͭద੾ͳӡӦΛ֬อ” - “༗Ձূ݊ͷൃߦٴͼۚ༥঎඼౳ͷऔҾ౳Λެਖ਼” - “༗Ձূ݊ͷྲྀ௨Λԁ׈ʹ͢Δ” - “ۚ༥঎඼౳ͷެਖ਼ͳՁ֨ܗ੒౳ΛਤΓ” - “ࠃຽܦࡁͷ݈શͳൃలٴͼ౤ࢿऀͷอޢʹࢿ͢Δ͜ͱ”

    ؂ಜࢦ਑ͷ໨త

  69. - ۚ༥௕ͷݕࠪ෦ہʹΑΔΦϯαΠτݕࠪ - ͦͷใࠂॻͷ݁ՌɺώΞϦϯάɺվળɾରԠࡦͷ࣮ࢪঢ়گɺࢦఠࣄ߲ͷվળঢ়گͳ Ͳ͔Βɺূ݊औҾ౳؂ࢹҕһձΑΓקࠂ to ۚ༥ி؂ࠪ෦ہ - ۚ༥ிઃஔใ20্ୈ߲̍ -

    ؂ࠪ෦ہ͸ͦͷ಺༰Λݕ౼ͯ͠ߦ੓ॲ෼ͷݕ౼ - ۚ঎๏ୈ56৚ͷ̎ୈ߲̍ - ۚ঎๏ୈ51৚~52৚ͷ̎ - ݕ౼࣌͸ʮຊ؂ಜࢦ਑ʹܝ͛ͨධՁ߲໨౳ʹরΒͯ͠ʯݕ౼͠ɺ಺༰Λܾఆ ߦ੓ॲ෼͸؂ಜࢦ਑ͷධՁ߲໨Λιʔεͱ͢Δ IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM IUUQTXXXGTBHPKQDPNNPOMBXHVJEFLJOZVTIPIJOIUNM

  70. ධՁ߲໨ https://www.fsa.go.jp/common/law/guide/kinyushohin/

  71. αΠόʔηΩϡϦςΟͷจ຺Ͱ཈͑Δ΂͖Օॴ https://www.fsa.go.jp/common/law/guide/kinyushohin/

  72. - ސ٬৘ใʹ͍ͭͯɺҎԼͷ९कΛٻΊΒΕ͍ͯΔ - ݸਓ৘ใอޢ๏ - ݸਓ৘ใͷอޢʹؔ͢Δ๏཯ʹ͍ͭͯͷΨΠυϥΠϯ - ۚ༥෼໺ʹ͓͚Δݸਓ৘ใอޢʹؔ͢ΔΨΠυϥΠϯ - ·ͨɺΠϯαΠμʔऔҾ౳ͷෆެਖ਼ͳऔҾ๷ࢭ΋ٻΊΒ

    Ε͍ͯΔ III-2-4 ސ٬౳ʹؔ͢Δ৘ใ؅ཧ IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG IUUQTXXXGTBHPKQDPNNPOMBXLKIPHPQEG

  73. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  74. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  75. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  76. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  77. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  78. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  79. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  80. - γεςϜϦεΫʹର͢Δೝࣝ - ద੾ͳϦεΫ؅ཧମ੍ͷ֬ ཱ - γεςϜϦεΫධՁ - ৘ใηΩϡϦςΟ؅ཧ -

    αΠόʔηΩϡϦςΟ؅ཧ - γεςϜ؂ࠪ - ֎෦ҕୗ؅ཧ - ίϯςΟϯδΣϯγʔϓϥϯ - γεςϜ౷߹ϦεΫ - ো֐ൃੜ࣌ͷରԠ III-2-8 γεςϜϦεΫ؅ཧଶ੎ https://www.fsa.go.jp/common/law/guide/kinyushohin/03.html

  81. ઓུ

  82. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  83. Cybersecurity Framework(CSF) - NIST: ถࠃཱඪ४ٕज़ݚڀॴ - AESͳͲ҉߸ٕज़ͷબఆͱඪ४ԽͳͲ - ॏཁΠϯϑϥΛѻ͏اۀɾ૊৫ͷαΠόʔϦ εΫͷ؅ཧΛࢧԉ͢ΔͨΊͷɺϦεΫϕʔ

    εɾΞϓϩʔνʹجͮ͘൚༻తͳFW - ̏ཁૉ͔Β੒Γཱͭ - CoreɺTierɺProfile IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  84. ͳͥϦεΫϕʔε͕ॏཁͳͷ͔ ۚ༥ػؔ౳ίϯϐϡʔλγεςϜͷ҆શରࡦج४ɾղઆॻʢୈ൛ʣ - ”Ϋϥ΢υαʔϏε΍FinTechاۀ౳ͱ࿈ܞͨۚ͠༥ؔ࿈αʔ Ϗεͷར༻͕޿͕ΓΛΈͤΔͳͲɺଟ༷Խ͖͍ͯͯ͠Δ” - “ଟ༷Խ͢ΔʢதུʣγεςϜʹ͓͍ͯ(ैདྷͷج४Ͱ͸)৽ن ։ൃ΁ͷ౤ࢿ͕཈੍͞ΕΔ౳ɺܦӦࢿݯ͕ద੾ʹ഑෼͞Εͳ ͍ͱ͍ͬͨݒ೦͕ੜ͡ɺʢதུʣϦεΫθϩΛ௥ٻ͢Δ͜ͱ ͸ඞͣ͠΋߹ཧతͰ͸ͳ͍”

  85. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  86. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͭͷػೳ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  87. ͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ಺༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ Core ͷΧςΰϦʔ ʢͱαϒΧςΰϦʔʣ IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  88. Core IUUQTOWMQVCTOJTUHPWOJTUQVCT$481/*45$481QEG

  89. Tier

  90. Profile

  91. ઓུ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  92. - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations:

    Enhanced Security Requirements for Critical Programs and High Value Assets - APT͔Βॏཁͳࢿ࢈ͷػີੑɾ׬શੑΛकΔͨΊਪ঑͞ΕΔηΩϡϦςΟରࡦू - ྫ: ϓϥΠόγʔɺ੫ɺۚ༥৘ใɺಛݖͳͲ - ཁ݅ྫ - ΞΫηε੍ޚɺҙࣝ෇͚ɾ܇࿅ɺ؂ࠪɺߏ੒؅ཧɺࣝผͱೝূͳͲͳͲ - Cyber Security Frameworkͱඥ෇͚ΒΕ͍ͯΔ NIST SP 800-171 IUUQTXXXOJTUHPWTJUFTEFGBVMUpMFTEPDVNFOUTDVJPDUDVJ@PWFSWJFXDBTFZQEG

  93. ઃܭ

  94. ઃܭ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  95. BeyondCorp/ZeroTrust

  96. ઓज़

  97. ઓज़ɾ࣮૷ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  98. - Cyber Kill Chainʢྫʣ - F35ʢεςϧεઓಆػʣΛ։ൃͨ͠ϩοΩʔυɾϚʔςΟϯʹ ΑΔϑϨʔϜϫʔΫ - ඪతܕ߈ܸʹ͓͚Δ߈ܸͷϑΣʔζΛ෼ྨͨ͠΋ͷ -

    ఁ࡯ɺ෢ثԽɺσϦόϦʔɺΤΫεϓϩΠτɺΠϯετʔϧɺ C&Cɺ໨తͷ࣮ߦ ڴҖ෼ੳ

  99. - Adversarial Tactics, Techniques, and Common Knowledge - CVEΛ؅ཧ͍ͯ͠ΔMITREࣾͷφϨοδϕʔεͱϑϨʔϜϫʔΫ -

    ߈ܸऀɾ߈ܸάϧʔϓɺઓज़త໨ඪɺٕज़తͳߦಈɺ߈ܸπʔϧ ΛϦετԽɾϝτϦΫεԽ - ۩ମతͳ๷ޚࡦͷ࣮૷ʹ໾ཱͭ - STIX/TAXIIͰͷΠϯςϦδΣϯεڞ༗ ATT&CK IUUQTBUUBDLNJUSFPSH

  100. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ઃܭɾ࣮຿ฤ 2019/08/10 By @ken5scal

  101. Pre 2010: Perimeter Model

  102. 1990s: Internetେരൃ

  103. 1994: IANAʹΑΔPrivate NetworkϨϯδͷ֬อʢ RFC1597)

  104. ΤϯλʔϓϥΠζͷΠϯλʔωοτࢀՃ 5SVTUFE[POF - ϝʔϧ౳Λ࢖ͬͨ֎෦ͱͷ ίϛϡχέʔγϣϯͷൃੜ - ࣍ͷڥքͷొ৔ - (Un)Trust Zone

    - Demilitarized Zone 6OUSVUFE[POF %.;

  105. - σΟϨΫτϦαʔϏε - Ϣʔβʔ΍PCϦιʔεͷҰׅ؅ཧ - Ϣʔβʔ΍PCͷઃఆΛۉҰԽ - ೝূͳͲ֤ػೳͰඪ४ٕज़Λ࠾༻ 2000: Active

    Directory 5SVTUFE 6OUSVUFE %.

  106. ઓུʢ࠶ܝʣ: Active DirectoryͷΧόʔൣғ ۚ༥ܥɹ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ઓུʢػີੑʣ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  107. 1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ

    6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171:ɹຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅

  108. 1. ΞΫηε੍ޚ 2. ҙࣝ޲্ͱ܇࿅ 3. ؂ࠪͱ੹೚௥ೝੑ 4. ߏ੒؅ཧ 5. ࣝผͱೝূ

    6. ΠϯγσϯτରԠ 7. ϝϯςφϯε 8. ϝσΟΞอޢ 9. ਓతηΩϡϦςΟ 10. ෺ཧతอޢ 11. ϦεΫΞηεϝϯτ 12. ηΩϡϦςΟΞηεϝϯτ 13. γεςϜͱ௨৴ͷอޢ 14. γεςϜͱ৘ใͷ׬શੑ SP800-171: ຽؒاۀ͕ߨ͡Δ΂͖ηΩϡϦςΟରࡦͷཁ݅

  109. - Ϣʔβʔೝূ - Ϣʔβʔ౷੍ - σόΠε౷੍ - ϚεσϓϩΠ - ετϨʔδ

    - ೝূہ - DNS - DHCP Active Directory͕༗͢Δػೳ

  110. ଞͷκʔϯʢTrustκʔϯʣ %.; ։ൃऀ ਓࣄ ਓࣄ޲͚κʔϯ ։ൃऀ޲͚κʔϯ ౿Έ୆ ਓࣄ%# 5SVTUκʔϯ

  111. Trusted Zone಺Ͱͷۀ຿ ॏཁͳσʔλ 0Oαʔόʔ ॏཁͳσʔλ 0Oαʔόʔ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ ۀ຿ΞϓϦ

    5SVTUFE[POF

  112. function CanWeTrust (zone string) bool { return zone == “true”

    } γϯϓϧͳੈք

  113. ·ͱΊ ڥքϞσϧͱκʔϯͷग़ݱ

  114. Post 2010

  115. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্Ͱͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

  116. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - SalesforceͷϝΨώοτ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?:

    iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

  117. ݟग़͠ 5IF/FFEMFTTMZ$PNQMFY)JTUPSZPG4BB4 4JNQMJpFEIUUQTXXXQSPDFTTTUIJTUPSZPGTBBT

  118. - Trusted -> Untrustedͷϒϥ ΢βΞΫηεཁ݅૿Ճ - DMZʹϦόʔεϓϩΩγΛ௥ Ճ͢Δ͜ͱͰे෼ରॲՄೳ SaaSͷొ৔ʹΑΔ֎෦઀ଓͷ૿Ճ 5SVTUFE

    6OUSVUFE %. Ϧόϓϩ

  119. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  120. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - Google Apps For

    YourDomain ʢݱGSuiteʣͷొ৔ - AWSͷొ৔: αʔϏεఏڙ؀ڥͷPaaSԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ "84೥ͷาΈdԊֵdIUUQTBXTBNB[PODPNKQBXT@IJTUPSZEFUBJMT 8JLJQFEJBIUUQTFOXJLJQFEJBPSHXJLJ(@4VJUF

  121. - Trustedκʔϯ಺ͷγεςϜ ͕ଓʑͱSaaSԽ ৘ใγεςϜͷSaaSԽʹΑΔมԽ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ

  122. Ͳ͜Ζ͔αʔϏε؀ڥͰ͑͞as a Serviceʹ 5SVTUFE 6OUSVUFE %. Ϧόϓϩ ։ൃऀ޲͚κʔϯ ౿Έ୆

  123. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  124. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    ۀ຿ͰͷεϚϗ׆༻ࣄྫ૿Ճ - 2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ

  125. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - ن੍࢈ۀʹ͓͚ΔελʔτΞοϓͷ૿Ճʢྫ: Fintechʣ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

  126. վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz

  127. վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

  128. - ~2005: ސ٬؅ཧͱ͍ͬͨಛఆͷػೳʹಛԽͨ͠SaaSͷ૿Ճ - 2006: ΑΓίΞͳγεςϜͷΫϥ΢υԽ - 2010?: iPhoneͷϏδωε্ͷ׆༻ -

    2014: ୈ̐ελʔτΞοϓϒʔϜ - 2016: ϦϞʔτϫʔΫͷ޿͕Γ ΤϯλʔϓϥΠζʹ͓͚Δ؀ڥมԽ վળ͢ΔΘ͕ࠃͷελʔτΞοϓࣄۀ؀ڥIUUQTXXXKSJDPKQ.FEJB-JCSBSZpMFSFQPSUKSJSFWJFXQEGQEG

  129. IUUQTSFDSVJUIPMEJOHTDPKQOFXT@EBUBSFMFBTF@IUNM

  130. <ਤղ>Ϗδωεͱ*5ͷؔ܎IUUQTCMPHFWBOHFMJTNKQFOUSZCVTJOFTTJU

  131. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ

  132. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

  133. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

  134. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ جװ σʔλ جװ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ

  135. ॏཁͳσʔλ 0Oαʔόʔ ࣾձ৘੎΍αʔϏεͷมԽʹ൐͏ۀ຿σʔλͷ෼ࢄͱܦ࿏ͷଟ༷Խ ॏཁͳσʔλ 0Oαʔόʔ ϙϦγʔɾϧʔϧͷఠཁ ॏ ۀ຿Ξ ϓϦ ۀ຿Ξ

    ϓϦ ۀ຿Ξ ϓϦ ۀ຿Ξ ϓϦ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ۀ຿ ΞϓϦ ۀ຿ ΞϓϦ جװ σʔλ جװ σʔλ

  136. ৴པʢTrustʣ͢ΔڥքͷมԽ

  137. ڥքͷมԽͱ ڴҖɾΠϯγσϯτ

  138. ඪతܕ߈ܸʢڴҖʣ - ಛఆͷ૊৫಺ͷ৘ใΛૂͬͯ ߦΘΕΔαΠόʔ߈ܸ(2009~) - ࠃ಺ࣄྫ - 2011: ࡾඛॏ޻ -

    2015: ೔ຊ೥ۚػߏ - 2018: CoinCheckʁ 5IF$ZCFS,JMM$IBJOIUUQTXXXMPDLIFFENBSUJODPNFOVTDBQBCJMJUJFTDZCFSDZCFSLJMMDIBJOIUNM

  139. αϓϥΠνΣʔϯ - ੡඼ʹର͢Δෆਖ਼ϓϩάϥϜͷຒΊࠐΈɺϋʔυ΢ΣΞͷෆਖ਼վ��� ͳͲʹΑͬͯੜ͡Δ৘ใηΩϡϦςΟ্ͷϦεΫ - ࣄྫ - NPMͷਓؾϥΠϒϥϦ΁ͷѱੑίʔυ஫ೖ - GEMͷ”

    strong_password”΁ͷѱੑίʔυ஫ೖ - ϑΝΠϧγΣΞ֦ுػೳͷ৐ͬऔΓ - 7Pay͕ґଘ͢Δomni7ʹ͓͚Δ੬ऑੑ - ถࠃͷϑΝʔ΢ΣΠ੡඼ഉআ IUUQTXXXTFDVSJUZXFFLDPNNBMJDJPVTDPEFQMBOUFETUSPOHQBTTXPSESVCZHFN IUUQTXXXXJSFEDPNTUPSZHPPHMFDISPNFFYUFOTJPOTTFDVSJUZDIBOHFT

  140. ಺෦൜ߦ - ૊৫಺ͷϝϯόʔʹΑΔѱҙ͋Δߦಈ - ࠃ಺ࣄྫ - 2014: ϕωοηͷάϧʔϓاۀ಺ͷ೿ݣࣾһʹΑ Δݸਓ৘ใ࿙Ӯʢ͋ΔҙຯαϓϥΠνΣʔϯͰ΋ ͋Δʣ

  141. ڞ௨఺

  142. Trustκʔϯͷ৴པੑͷ௿Լ - ඪతܕ߈ܸ - Drive by Download΍ਫҿΈ৔߈ܸ - ExploitޙͷC2CʹΑΔ৘ใऩूɾԣஅత৵֐ -

    αϓϥΠνΣʔϯϦεΫ - ґଘઌͷOSSʹ͓͚Δ੬ऑੑ - ಺෦൜ߦ - ૊৫಺ͷ൜ߦ

  143. ωοτϫʔΫڥքΛࠜڌʹͨ͠Trustͷݶք - σʔλɾਓɾఏܞઌ͕ඞͣ͠΋Trustڥքʹ͍ͳ ͍ - TrustڥքʹUntrustfulͳཁૉ͕૿͑ͨ

  144. BeyondCorp Zero Trust Network

  145. - ωοτϫʔΫͷڥքʹԠͨ͡৴པྖҬͷ֓೦Λഉআ - ϢʔβʔɾσόΠεΛ΋ͱʹೝূ͢Δ - ͦΕΒ΁ͷೝՄʢΞΫηε੍ޚʣ͸ϙϦγʔʹ΋ͱ ͖ͮಈతʹܾఆ͢Δ - ͲͪΒ͔ͱ͍͏ͱɺαʔϏε؀ڥ޲͚ Zero

    Trust Networkͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ

  146. - ैۀһ͕ʮ৴པͰ͖ͳ͍ωοτϫʔΫʯΛ௨ͯ͡ ಇ͚ΔΑ͏ʹ͢ΔGoogleࣾ಺ͷΞϓϩʔν BeyondCorpͱ͸ IUUQTDMPVEHPPHMFDPNCFZPOEDPSQ

  147. https://www.youtube.com/watch?v=SSUUg38lFg0 IUUQTXXXZPVUVCFDPNXBUDI W4466HM'HUT IUUQTUDP&X+W$3(,[9 BNQ Zero Trust/Beyond CorpͷϦιʔε ࿦จͱͯ͋͠Δͷ͕ #FZPOE$PSQ

    ;FSP5SVTUͷ࿦จ͋ͬͨΒ͢Έ·ͤΜ

  148. Ҏ߱ɺBeyondCorpΛϕʔεʹ͠·͢

  149. - ͢΂ͯΛUntrusted Zone͔ΒͷΞΫηεͱԾఆ͢Δ - ΞΫηεݩͷϢʔβʔɾσόΠεΛೝূ͢Δ - ΞΫηεݩΛσʔλʹԠͯ͡ΞΫηεՄ൱൑அ͢ Δ - “Never

    Trust, Always Verify” Basic Principals

  150. function CanWeTrust ( device, user interface, zone string) int {

    // return value from 0~1 return someAlgorithm(device, user, zone) } function AuthorizationDecision( device, user interface, score int) bool{ return AllowOrDisAllow(device, user, zone) } ෳ਺ͷม਺͔Β৴པ͕ܭࢉ͞ΕΔੈք

  151. IUUQTBJHPPHMFSFTFBSDIQVCTQVCQEG

  152. - Ϣʔβʔͷಛఆ - σόΠεͷಛఆ - ΞΫηεϓϩΩγ - ΞΫηε੍ޚΤϯδϯʢϙϦγʔΤϯδϯʣ - Trust

    Inferenceʢ৴པείΞ��ग़Τϯδϯʣ ඞཁͳίϯϙʔωϯτ

  153. Ϣʔβʔͷಛఆ ʢIdentification)

  154. None

  155. - ͦͷϢʔβʔ͸ຊ౰ʹਖ਼͍͠Ϣʔβʔͳͷ͔ - ඞཁͳίϯϙʔωϯτ - ϢʔβʔɾάϧʔϓDB - Ϣʔβʔೝূ Ϣʔβʔͷಛఆ

  156. - ຊਓ֬ೝ - ΦϯϥΠϯ্ʹ͋ΔϦιʔε΁ͷΞΫηεΛཁ ٻ͢Δਃ੥ऀͷొ࿥ͱ਎ݩ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

    IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

  157. - ຊਓ֬ೝ - ೝূ - ొ࿥ޙͷϦιʔε΁ͷΞΫηεΛཁٻ͢Δਃ੥ ऀͷΞΠσϯςΟςΟͷ͔֬͞Λূ໌͢Δ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

    IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

  158. - ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ - ೝূ࣌ͷ৘ใΛଞΞϓϦ΍γεςϜͱ࿈ܞ͢Δ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPJOEFYKBIUNM

  159. - ຊਓ֬ೝ - ೝূ - ೝূ৘ใͷ࿈ܞ ϢʔβʔΛηΩϡΞʹೝূ͢Δϓϩηε

  160. ϢʔβʔɾάϧʔϓDB

  161. None

  162. ਓࣄ%#

  163. ϢʔβʔɾάϧʔϓDBͷ֓ཁ - σΟϨΫτϦ - ΦϒδΣΫτͷҰݩ؅ཧ͢ΔϢʔβʔɾάϧʔϓDB - ωοτϫʔΫʹ઀ଓͨ͠αʔόʔͳͲͷࢿݯʢϦιʔεʣͷॴࡏɾ ଐੑɾઃఆͳͲͷ৘ใΛޮ཰తʹऩू͠ɺه࿥ɾ؅ཧ͢ΔαʔϏε - ར఺

    - ಡΈऔΓ͕ߴ଎ - ෼ࢄܕͷ৘ใ֨ೲϞσϧ - ߴ౓ͳݕࡧػೳΛ࣋ͭ

  164. ϢʔβʔɾάϧʔϓDBؔ܎ͷϓϩτίϧ - LDAP - SCIM

  165. LDAP - Lightweight Directory Access Protocol - σΟϨΫτϦαʔϏεʹΞΫηε͢Δϓϩτίϧ - ػೳ

    - ݕࡧ: ldapsearch, ߋ৽: ldapmodify, ௥Ճ: ldapadd - Active Directory͕༗໊͕ͩɺ࠷ۙ͸GSuite΋࣮૷ͨ͠ - ঎༻Ͱ΋OSSͰ΋࢖ΘΕ๛෋ͳ࣮੷͕͋Δ - Ϋϥ΢υɾWebΞϓϦͰ͸ϝδϟʔΑΓͷϚΠφʔ

  166. LDAP $ - * & / 5 4 & 3

    7 & 3 IUUQTISPVIBOJPSHMEBQTFSWFSPQFOMEBQDFOUPT

  167. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

  168. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

  169. LDAPྫ: ݕࡧ $ - * & / 5 4 &

    3 7 & 3 CJOE DODMJFOU PVTFSWFST EDFYBNQMF EDDPNF 1BTTXPSE\QBTTXPSE^ SFTVMUTVDDFTT TFBSDIPCKFDUDMBTT BMM-%"10CKFDU ˈldapsearch -D “cn=admin” -w {password} -b “dc=example,dc=com” "(objectclass=*)"

  170. SCIMɹʢ͖͢Ήʣ - System for Cross-domain Identity Management - “Ϋϥ΢υϕʔεͷΞϓϦέʔγϣϯ͓ΑͼαʔϏεʹ͓͚Δ ϢʔβʔIDͷ؅ཧΛ༰қʹ͢ΔΑ͏ʹઃܭ”

    - Ұݩ؅ཧ͞ΕͨσΟϨΫτϦ͔Βɺར༻͢ΔαʔϏε΁ͷϓϩ Ϗδϣχϯά - JSON/XMLܗࣜ - REST APIʹΑΔϞσϧૢ࡞ - LDAPΑΓϚΠφʔ IUUQXXXTJNQMFDMPVEJOGP

  171. IUUQXXXTJNQMFDMPVEJOGP SCIMϞσϧ

  172. { "schemas": ["urn:ietf:params:scim:schemas:core: 2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"bjensen", "meta":{ "resourceType": "User", "created":"2011-08-01T18:29:49.793Z",

    "lastModified":"2011-08-01T18:29:49.793Z", "location":"https://example.com/v2/Users/ 2819c223...", "version":"W\/\"f250dd84f0671c3\"" }, "name":{ "formatted": "Ms. Barbara J Jensen, III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "userName":"bjensen", "phoneNumbers":[ { "value":"555-555-8377", "type":"work" } ], "emails":[ { "value":"[email protected]", "type":"work", "primary": true } ] } IUUQXXXTJNQMFDMPVEJOGP

  173. SCIM Protocols - ࡞੒ɿ POST /{version}/{resource} - ಡऔɿ GET /{v}/{resource}/{id}

    - ஔ׵ɿ PUT /{v}/{resource}/{id} - ࡟আɿ DELETE /{v}/{resource}/{id} - ෦෼ஔ׵ɿ PATCH /{v}/{resource}/{id} - ݕࡧ: GET /{v}/{resource}?ϑΟϧλʔ= {ଐੑ} {ΦϖϨʔλ} {஋}ˍ SORTBY = {attributeName}ˍsortOrder={ঢॱ|߱ॱ} - Ұׅ࡞੒ɿ POST /{v}/Bulk IUUQXXXTJNQMFDMPVEJOGP

  174. Ϣʔβʔೝূ

  175. None

  176. Ϣʔβʔೝূ - 2ஈ֊ೝূͱSingle Sign On͕େલఏ - ೝূ͕௨ͬͨ৔߹ɺ୹࣌ؒͷτʔΫϯΛൃߦ͢Δ - τʔΫϯͷதʹ͸ೝՄϓϩηεʹඞཁͳ৘ใؚ͕ ·Ε͍ͯΔ͜ͱ͕ଟ͍

  177. ೝূͱγϯάϧɾαΠϯΦϯͷҧ͍ - ೝূ - ϢʔβͷΞΠσϯςΟςΟ͕͔֬ͳ΋ͷͰ͋Δ͜ͱΛΫϨ σϯγϟϧΛఏࣔͯ͠ূ໌͢Δϓϩηε - ୅දతͳϓϩτίϧ: FIDO (WebAuthn

    + CTAP) - Single Sign On - γεςϜΛލ͍ͰΞΠσϯςΟςΟ΍ೝূ৘ใΛ఻ൖ͢Δ ͨΊͷϓϩηε - ୅දతͳϓϩτίϧ: Kerberos, SAML, OIDC IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPTQCKBIUNMTFD

  178. ೝূ

  179. - γεςϜϦιʔε΁ͷΞΫηεΛਃ੥͢ΔϢʔ βʔɾϓϩηεɾσόΠεͱ͍ͬͨΤϯςΟςΟ ͷΞΠσϯςΟςΟΛཱূʢVerifyʣ - ௨ৗɺΫϨσϯγϟϧͷఏࣔΛ൐͏ ೝূͱ͸ IUUQTQBHFTOJTUHPWTQIUNM

  180. - 1961: ύεϫʔυͷొ৔ at MIT - 1983: ICΧʔυϚΠίϯ - ????:

    ΫϨδοτΧʔυ with ICνοϓ - 2000~: - SMS΍ϝʔϧʹΑΔ௥Ճೝূίʔυͷૹ৴ - TOTPΛ࢖ͬͨ௥Ճೝূ - εϚʔτΧʔυΛ࢖ͬͨActive Directoryೝূ - ੜମೝূΛ࢖ͬͨ௥Ճೝূ - Yubicoࣾઃཱ - 2018: - FIDO2 ೝূํࣜͷભҠ IUUQTFOXJLJQFEJBPSHXJLJ1BTTXPSE

  181. 8FC"VUIO CFDPNFT XDQSPQPTFE SFDDFPNFOEBUJPO HNTpEPpEP 'FC 'FC +BO 8FC"VUIO CFDPNFT

    XDQSPQPTFE SFDDFPNFOEBUJPO .BSDI .BZ 8FC"VUIO XDDBOEJEBUF SFDDFPNFOEBUJPO 8FC"VUIO XDQSPQPTFE SFDDFPNFOEBUJPO +VOF .BS 8FC"VUI XD TUBOEBSJ[FE

  182. "VUIFOUJDBUPS $MJFOU 3FMZJOH 1BSUZ 3FMZJOH 1BSUZ $SFEFOUJBM,FZ ,FZ1BJS  ,FZ1BJS

    $SFEFOUJBM ,FZ1BJS  FIDO

  183. Platform 5&& 51.

  184. SSOʢϑΣσϨʔγϣϯʣ ೝূ৘ใͷ࿈ܞ

  185. - SSO - 1౓ͷೝূͰෳ਺ͷγεςϜ͕ར༻ՄೳʹͳΔ͜ͱ - Kerberosೝূɺσδλϧॺ໊ೝূ - ϑΣσϨʔγϣϯ - ωοτϫʔΫυϝΠϯΛ·͍ͨͰೝূ৘ใΛ࿈ܞ͢Δ͜ͱ

    - SAML, OIDC SSOɾϑΣσϨʔγϣϯͱ͸

  186. <AttributeStatement> <Attribute Name="http://schemas.microsoft.com/identity/claims/ tenantid"> <AttributeValue>xxxx-xxxx</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ objectidentifier"> <AttributeValue>xxxx-xxxx/AttributeValue>

    </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ displayname"> <AttributeValue>Kengo Suzuki</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ identityprovider"> <AttributeValue>https://sts.windows.net/xxxx-xxxx/</ AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/claims/ authnmethodsreferences"> <AttributeValue>http://schemas.microsoft.com/ws/2008/06/ identity/authenticationmethod/password</AttributeValue> <AttributeValue>http://schemas.microsoft.com/claims/ multipleauthn</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/ claims/role"> <AttributeValue>arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure</AttributeValue> <AttributeValue>arn:aws:iam::1111:role/xxx-role,arn:aws:iam:: 1111:saml-provider/Azure</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/identity/claims/ agegroup"> <AttributeValue>3</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/givenname"> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/surname"> <AttributeValue>Suzuki</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/emailaddress"> <AttributeValue>[email protected]</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/ claims/name"> <AttributeValue>[email protected]</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/SAML/Attributes/ RoleSessionName"> <AttributeValue>[email protected]</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/ SAML/Attributes/Role"> <AttributeValue>arn:aws:iam::xxxxxxxx:role/xxx- role,arn:aws:iam::1111:saml-provider/Azure</ AttributeValue> <AttributeValue>arn:aws:iam::xxxx:role/ yyy-role,arn:aws:iam::1111:saml-provider/ Azure</AttributeValue> </Attribute> <Attribute Name="https://aws.amazon.com/SAML/Attributes/ SessionDuration"> <AttributeValue>14400</AttributeValue> </Attribute> </AttributeStatement>  ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 4".- "TTFSUJPO

  187. { "ver": "2.0", "iss": “https://login.microsoftonline.com/ xxxxxx-xxxxx-xxxxx-xxxx/v2.0", "sub": "Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "aud": "xxxxxx-xxxxx-xxxxx-xxxx",

    "exp": 1536361411, "iat": 1536274711, "nbf": 1536274711, "name": “Kengo Suzuki", "preferred_username": “[email protected]“, "oid": "xxxxxx-xxxxx-xxxxx-xxxx", "tid": "xxxxxx-xxxxx-xxxxx-xxxx", "nonce": "111111", "aio": “!eGbIDakyp5mnOrcdqHeYSnltepQmRp6AIZ8jY” “roles": "frontend", }  ৬ೳ৘ใͷ࿈ܞ ྫϑϩϯτΤϯυ 0*%$ *%5PLFO

  188. BeyondCorpʹ͓͚ΔʮϢʔ βʔͷೝূʯͷཁ݅Λຬͨ͢ ੡඼ = IDaaS IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  189. AzureAD: σΟϨΫτϦ (LDAPϢʔβʔ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  190. AzureAD: σΟϨΫτϦ (LDAPάϧʔϓ૬౰) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  191. AzureAD: ϓϩϏδϣχϯά(SCIM) IUUQTXXXQJOHJEFOUJUZDPNFOSFTPVSDFTDMJFOUMJCSBSZBSUJDMFTJEFOUJUZBTBTFSWJDFJEBBTIUNM

  192. AzureAD: Ϣʔβʔೝূ(MFA)ͱೝূ৘ใ࿈ܞ

  193. - ೝূΛ௨ͯ͠ϢʔβʔΛಛఆ͠ͳ͚Ε͹ͳΒͳ͍ - Ϣʔβʔʹඥͮ͘࿦ཧతͳΦϒδΣΫτ͕ඞཁ - ΦϒδΣΫτΛҰݩ؅ཧ͢ΔDB = σΟϨΫτϦ - ΦϒδΣΫτΛଞαʔϏεʹ఻ൖ͢Δ͜ͱ

    = ϓϩϏδϣχϯά - Ϣʔβʔͷೝূ৘ใΛ࿈ܞ͢Δ͜ͱ = SSOɾϑΣσϨʔγϣϯ Ϣʔβʔͷಛఆɹ·ͱΊ

  194. σόΠεͷಛఆ (Identification)

  195. None

  196. - ਓ͕ਖ਼౰Ͱ΋ɺײછͨ͠୺຤ʹΑΓ߈ܸऀͷҙਤ͕ୡ੒ ͞Εͯ͠·͏ࣄྫ͸زͭ΋͋Δ - ΑͬͯɺσόΠεͷਖ਼౰ੑΛ֬อ͠ͳ͚Ε͹ͳΒͳ͍ - ඞཁͳίϯϙʔωϯτ - σόΠεDBʢΠϯϕϯτϦʣ -

    σόΠεೝূ σόΠεͷಛఆ

  197. σόΠεDB ʢΠϯϕϯτϦʣ

  198. σόΠεDBʢΠϯϕϯτϦʣͷ֓ཁ - σόΠεͷଐੑΛอ࣋͢ΔΦϒδΣΫτΛ؅ཧ͢ΔDB - ҎԼͷ؅ཧػೳΛ࣋ͭ΂͖ - ௐୡͨ͠σόΠεͷొ࿥ - σόΠεͷߏ੒؅ཧʢؚΉมߋͱσϓϩΠʣ -

    ߏ੒৘ใͷϦΞϧλΠϜදࣔ - ۀ຿ར༻͍ͯ͠ΔσόΠεछผͷαϙʔτ - Windows, MacOS, iOS, Android, Linux…

  199. - ௐୡ͔ΒΠϯϕϯτϦొ࿥·Ͱͷஈ֊͸୹͍΄͏ ͕ϕλʔ - ࠷ۙ͸ࣗಈొ࿥Մೳ ΠϯϕϯτϦొ࿥

  200. ݟग़͠ IUUQTXXXKBNGDPNCMPHBQQMFEFWJDFFOSPMMNFOUQSPHSBNBQQMFJUJOOPWBUJPO ΠϯϕϯτϦొ࿥(Mac/iOS)

  201. ΠϯϕϯτϦొ࿥(Windows) IUUQTNZJHOJUFUFDIDPNNVOJUZNJDSPTPGUDPNTFTTJPOT

  202. σόΠεͷߏ੒؅ཧ - ج४ɾϙϦγʔʹैͬͯߏ੒ - ۀ຿ར༻ΞϓϦ/CAͷΠϯετʔϧ - ݹ͍ΞϓϦͷར༻ - OSɾΞϓϦͷ࠷৽Խ -

    σΟεΫ҉߸Խ - ϩʔΧϧAdminͷύεϫʔυมߋ - ऑ͍ύεϫʔυͷېࢭ - ฆࣦ୺຤ͷϩοΫɾॳظԽ - ߏ੒ঢ়گ΍୺຤ͷϝτϦΫεΛχΞɾϦΞϧλΠϜͰ ऩू - ࣾ಺NWʹݶఆ͞Εͣܧଓతʹద༻ ॏ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ ॏཁͳ σʔλ

  203. - ͜ΕΒͷཁ݅Λຬͨ͢঎༻੡඼͸·ͩͳ͍ʢڪΒ͘ʣ - ϢʔβʔϞσϧΛఆٛ͢ΔSCIMεΩʔϚͷΑ͏ͳඪ४΋ະ ొ৔ - Google͸ࣗࣾͰϝλσόΠεΠϯϕϯτϦΛߏங - 15ͷҟͳΔσʔλιʔε -

    300ສ/೔݅ɺྦྷܭ80ςϥόΠτͷσʔλΛऩू - ֤OS͝ͱͷઐ໳νʔϜ σόΠεΠϯϕϯτϦͷݱ࣮

  204. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

  205. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ࢿ࢈؅ཧ w ʮࢿ࢈ʯͱͯ͠ͷσόΠε%# w ϋʔυ΢ΣΞ΍ͦͷதͰಈ͘ιϑτ΢ΣΞ΍ϥΠηϯε΋؅ཧ w ͦΕΒʹՃ͑ͯϥΠϑαΠΫϧ΋؅ཧ w ૯຿ɾܦཧ͕؅ཧͯ͠Δ͜ͱ΋͋Δ

  206. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w σΟϨΫτϦɾαʔϏε w Ϣʔβʔɾάϧʔϓ%#ͱಉ͡ w 8JOEPXTΛར༻͍ͯ͠ΔاۀͰ͸ɺ"DUJWF%JSFDUPSZ͕ط ʹ͋ΔͷͰɺ͔ͦ͜ΒσʔλΛΠϯϙʔτ͢Δ

  207. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ωοτϫʔΫػث w %)$1΍"31ςʔϒϧͷ࿈ܞ w ωοτϫʔΫػث͸ελϯυΞϩϯͳঢ়ଶͰଘࡏ͢Δ͜ͱ͕ ଟ͍

  208. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ੬ऑੑεΩϟφ w /FTVT΍/NBQͳͲΛఆظతʹ࣮ࢪͯ͠ɺ੬ऑੑ͕ͳ͍͔ νΣοΫ w ͦͷ݁Ռͷ࿈ܞ

  209. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w $" w ୺຤ʹຒΊࠐ·Εͨূ໌ॻͷτϥετΞ ϯΧʔ w ূ໌ॻ͕ਖ਼౰͔ͳͲΛ���ܞ

  210. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ߏ੒؅ཧαʔϏε w σόΠεͷߏ੒ঢ়گΛ࿈ܞ

  211. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ύον؅ཧαʔϏε w 04΍Πϯετʔϧ͞ΕͨΫϥΠΞϯτΞ ϓϦͷύον؅ཧ w ద༻ঢ়گͳͲͷ࿈ܞ

  212. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ୺຤ΠϯϕϯτϦͷσʔλιʔε #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF w ʢϝλʣΠϯϕϯτϦαʔϏε w ͜ΕΒͷσʔλΛऔΓࠐΈɺؔ࿈෇͚ͨ ୯ҰͷΠϯϕϯτϦ

  213. σόΠεೝূ

  214. - RFC5280 - ެ։伴ূ໌ॻͷϑΥʔϚοτΛఆٛ - CRLͷఆٛ - ূ໌ॻνΣʔϯͷݕূํ๏Λఆٛ - ൿີ伴ͷ৴པੑΛূ໌Ͱ͖ΔͨΊɺσόΠεೝূͱͯ͠ར༻

    X.509

  215. ͦͷൿີ伴͸ϢχʔΫ͔

  216. ෆਖ਼ʹૠೖ͞Εͨ伴ϖΞ Ͱͳ͍͔ 伴ϖΞΛॻ͖׵͑ΒΕͯ ͍ͳ͍͔

  217. Attestation "UUFTUBUJPO,FZTͷ ϖΞ࡞੒ ᶅ4IJQ ޻৔ग़ՙ࣌ʹ 伴ϖΞΛ51.ʹຒΊ ࠐΉ ൿີ伴ͷੜ੒ɾ؅ ཧ͸51.5&& ಺ͷΈ

    51.5&& ੜ੒͞Εͨൿີ伴 ʹඥͮ͘ূ໌ॻ͸ ֎ग़Մೳ

  218. 51.ͷެ։伴 Ͱݕূ 51.5&&

  219. Windows TPM IUUQTEPDTNJDSPTPGUDPNFOVTXJOEPXTTFDVSJUZJOGPSNBUJPOQSPUFDUJPOUQNIPXXJOEPXTVTFTUIFUQN

  220. ݟग़͠ PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256" IsPresent : True PublicKey

    : System.Security.Cryptography.AsnEncodedData PublicKeyHash : 70769c52b6e24ef683693c2a0208da68d77e94192e1f4080ae 7c9b97c6caa681 ManufacturerCertificates : {[Subject] OID.2.23.133.2.3=1.2, OID.2.23.133.2.2=C4T8SOX3.5, OID.2.23.133.2.1=id:782F345A [Issuer] CN=Contoso TPM CA1, OU=Contoso Certification Authority, O=Contoso, C=KR [Serial Number] 77A120A [Not Before] 6/4/2012 6:35:58 PM [Not After] 6/4/2022 6:35:57 PM [Thumbprint] 77378D1480AB48FEA2D4E610B2C7EEF648FEA2 } AdditionalCertificates : {} IUUQTHJUIVCDPN.JDSPTPGU%PDTXJOEPXTQPXFSTIFMMEPDTCMPCNBTUFSEPDTFUXJOEPXTUSVTUFEQMBUGPSNN

  221. BeyondCorpʹ͓͚ΔσόΠ εɾΞΠσϯςΟςΟΛຬͨ ͢੡඼ɾαʔϏε

  222. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    σόΠεͷΤʔδΣϯτʢUEMʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

  223. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    macOS, iOSฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

  224. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ূ໌ॻΠϯετʔϧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

  225. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ߏ੒؅ཧʢྫ: ϩʔΧϧAdminͷύεϫʔυ೔࣍มߋʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

  226. ##################################################################################### ############### # Decode API user Password apiPass="$( decryptString "$apiEncryptedPass"

    "$saltAPI" "$passAPI" )" if [ -z "$apiPass" ]; then scriptLogging "Failed to decrypt API user's password" 2 exit 1 fi ##################################################################################### ############### # Retrieve LAPS user password from Extent Attribute previousEncryptedPassword="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ -n "$previousEncryptedPassword" ]; then scriptLogging "Retrieved previous password is $previousEncryptedPassword (encrypted)." retrievedPassword="$( decryptString "$previousEncryptedPassword" "$laSalt" "$laPass" )" else scriptLogging "Could not get previous password. Try initial password for $ {laUserName}." scriptLogging "Try to use initial password for ${laUserName}: $initialEncryptedPassForLadminUser (encrypted)." retrievedPassword="$( decryptString "$initialEncryptedPassForLadminUser" "$initLaSalt" "$initLaPass" )" fi if [ -z "$retrievedPassword" ]; then scriptLogging "Failed to decrypt previous password of $laUserName" 2 exit 1 fi ##################################################################################### ############### # Check current password with Retrieved password /usr/bin/dscl /Local/Default -authonly "$laUserName" "$retrievedPassword" 2> /dev/ null returnCode=$? if [ "$returnCode" -eq 0 ]; then scriptLogging "Current password has match with Retrieved password." else scriptLogging "Retrieved password for $laUserName is not match current password. dserr: $returnCode" 2 exit $returnCode fi ##################################################################################### ############### # Change password with new one. newpassword="$( /usr/bin/openssl rand -base64 48 | /usr/bin/tr -d OoIi1lLS | /usr/ bin/head -c 12 )" changePassword "$laUserName" "$retrievedPassword" "$newpassword" ##################################################################################### ############### # Encrypt New Password encryptedPassword="$( echo "$newpassword" | /usr/bin/openssl enc -aes256 -a -A -S "$laSalt" -k "$laPass" )" if [ -n "$encryptedPassword" ]; then # If you want to log new password, remove ':' at start of next line. : scriptLogging "New password: $encryptedPassword (Encrypted)" else scriptLogging "Failed to encrypt new password. Why?" 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi ##################################################################################### ############### # Update Extent Attribute with New Password uploadPassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" "$encryptedPassword" returnCode=$? if [ "$returnCode" -ne 0 ]; then scriptLogging "Failed to upload." 2 scriptLogging "Roll back with previous one." changePassword "$laUserName" "$newpassword" "$retrievedPassword" exit 1 fi try="$( retrievePassword "$apiUser" "$apiPass" "$HWUUID" "$extAttName" )" if [ "$try" = "$encryptedPassword" ]; then scriptLogging "Retrieve test passed." scriptLogging "Done." exit 0 else scriptLogging "Retrieve test failed. Get unexpected string." 2 scriptLogging "Retrieved String: $try" 2 scriptLogging "Expected String: $encryptedPassword" 2 scriptLogging "Done in error." 2 exit 1 fi  $FOTPSFE

  227. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ύον؅ཧʢྫ: Chromeͷ࠷৽Խʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

  228. shlogger "Mount dmg file: $dmgfile" devfile="$( /usr/bin/hdiutil attach -nobrowse "$

    {workdir}/${dmgfile}" | /usr/bin/grep Chrome | / usr/bin/awk '{print $1}' )" check_result="$( checkapp "$dl_chromapp" "$developerid" )" if [ "$check_result" = ok ]; then shlogger "Codesign check passed." runstate="$( /usr/bin/pgrep Chrome | /usr/bin/ wc -l )" shlogger "Chrome run state: $runstate" if [ "$runstate" -ne 0 ]; then notification=yes ; fi tmpdir="/tmp/$( /usr/bin/uuidgen )" /bin/mkdir -m 755 "$tmpdir" /bin/mv "$CHROME" "$tmpdir" /bin/cp -af "$dl_chromapp" /Applications shlogger "Install Chrome into /Applications" /usr/bin/xattr -r -d com.apple.quarantine "$CHROME" shlogger "Remove com.apple.quarantine from $CHROME" else shlgger "$check_result" 2 shlogger "Codesign check failed." 2 fi /usr/bin/hdiutil detach -quiet "$devfile" rm -rf "$workdir" shlogger "Show notification: $notification" if [ "$notification" = yes ]; then show_notification "Googole Chrome has updated!" "Restart Google Chrome now." fi shlogger "Done." exit 0  w $ISPNFͷࣗಈΞοϓσʔτεΫϦϓτ

  229. #!/bin/bash RESULT="Not Installed" CHROME="/Applications/Google Chrome.app" if [ -e "$CHROME" ];

    then installed_version="$( /usr/libexec/PlistBuddy -c "print CFBundleShortVersionString" "$CHROME/ Contents/Info.plist" )" current_stable_version="$( /usr/bin/curl -s https://omahaproxy.appspot.com/all | /usr/bin/awk -F, '/mac,stable/ {print $3}' )" if [ "$installed_version" = "$current_stable_version" ]; then RESULT="UptoDate" else RESULT="Old" fi fi echo "<result>$RESULT</result>"  w Πϯετʔϧ͞Ε͍ͯΔ$ISPNFͷόʔδϣϯνΣοΫͱଐੑઃఆ

  230. ֦ுଐੑͷ෇༩ $FOTPSFE $FOTPSFE

  231. χΞϦΞϧλΠϜͷߏ੒؅ཧ $FOTPSFE

  232. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    Windows, Androidฤ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF

  233. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ূ໌ॻΠϯετʔϧ  $FOTPSFE

  234. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ߏ੒؅ཧ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

  235. { "@odata.context": "https://graph.microsoft.com/ v1.0/$metadata#deviceManagement/managedDevices/$entity", "id": "xxxxx", "userId": "xxxxx", "deviceName": "xxxx",

    "managedDeviceOwnerType": "company", "enrolledDateTime": "2019-07-18T12:17:53.0413033Z", "lastSyncDateTime": "2019-08-15T02:34:53.7572148Z", "operatingSystem": "Windows", "complianceState": "compliant", "jailBroken": "Unknown", "managementAgent": "mdm", "osVersion": "10.0.18362.295", "easActivated": true, "easDeviceId": "xxxxx", "easActivationDateTime": "2019-07-18T12:25:05.2874123Z", "azureADRegistered": true, "deviceEnrollmentType": "windowsCoManagement", "activationLockBypassCode": null, "emailAddress": “[email protected]”, "azureADDeviceId": "xxxxx", "deviceRegistrationState": "registered", "deviceCategoryDisplayName": "Windows", "isSupervised": false, "exchangeLastSuccessfulSyncDateTime": "0001-01-01T00:00:00Z", "exchangeAccessState": "none", "exchangeAccessStateReason": "none", "remoteAssistanceSessionUrl": "", "remoteAssistanceSessionErrorDetails": "", "isEncrypted": true, "userPrincipalName": “[email protected]", "model": "xxxxx", "manufacturer": "xxxxx", "imei": null, "complianceGracePeriodExpirationDateTime": "9999-12-31T23:59:59.9999999Z", "serialNumber": "xxxxx", "phoneNumber": null, "androidSecurityPatchLevel": null, "userDisplayName": "Kengo Suzuki", "wiFiMacAddress": "xxxxx", "deviceHealthAttestationState": null, "subscriberCarrier": "", "meid": "", "totalStorageSpaceInBytes": -1638924288, "freeStorageSpaceInBytes": -822083584, "managedDeviceName": "xxxx/18/2019_12:17 PM", "partnerReportedThreatState": "secured", "deviceActionResults": [], "configurationManagerClientEnabledFeatures": { "inventory": false, "modernApps": false, "resourceAccess": false, "deviceConfiguration": false, "compliancePolicy": false, "windowsUpdateForBusiness": false } }  w "1*Λ͔ͭͬͯߏ੒৘ใΛऔಘ w IUUQTHSBQINJDSPTPGUDPN WEFWJDF.BOBHFNFOU NBOBHFE%FWJDFTEFWJDF*%

  236. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    ύον؅ཧʢWindows Defenderʣ #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF $FOTPSFE

  237. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ੬ऑੑεΩϟϯʢWindows Defenderʣ $FOTPSFE

  238. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF σΟϨΫτϦʢActive Directoryʣ

  239. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF Network

  240. - Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ

    #FZPOE$PSQ%FTJHOUP%FQMPZNFOUBU(PPHMF ࢿ࢈؅ཧπʔϧ

  241. - શσόΠεͰ࣮ࢪ͢Δඞཁ͋Γ - ʢϝλʣΠϯϕϯτϦαʔϏε͸·ͩ঎༻ԽɾOSSԽ͞Ε ͍ͯͳ͍ - ࣗ෼Ͱ࡞Δ͔͠ͳ͍… - σόΠεೝূ͸ TPM

    + x.509 σόΠεΞΠσϯςΟςΟɹ·ͱΊ

  242. ΞΫηε੍ޚ

  243. None

  244. - Access Proxy: - શHTTP/SSHϦΫΤετͷड෇ - Access Control Engine(ACE): -

    ΞΫηε੍ޚΛෳ਺ͷσʔλιʔε͔Βܾఆ͢ΔϙϦγʔΤϯδϯɻ - Trust Inference: - Ϣʔβʔ΍σόΠεͷ৴པείΞΛࢉग़͢ΔΤϯδϯ - Pipleline: - ACEʹσʔλΛfeed͢ΔύΠϓϥΠϯ - Resource: - ΞΫηε੍ޚͷର৅ʹͳΔΞϓϦɺαʔϏεɺΠϯϑϥ ΞΫηε੍ޚͷ֓ཁʢొ৔ਓ෺ʣ

  245. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ w શ)55144)ϦΫΤετ͸"DDFTT1SPYZʹ޲͚ΒΕΔ

  246. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ن੍࢈ۀʹ଍Λ౿ΈೖΕΔϕϯνϟʔͷ૿Ճ w lେखاۀͷΦʔϓϯΠϊϕʔγϣϯ௥ٻͱελʔτΞοϓ࿈ܞz w "DDFTT1SPYZ͔Β4JOHMF4JHO0OʹϦμΠϨΫτ

  247. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w 4JOHMF4JHO0OͰɺೝূ৘ใΛ࿈ܞ͢Δʢ'FEFSBUJPOʣ

  248. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w ΞΫηε੍ޚΛܾఆ͢ΔΑ͏ϦΫΤετ

  249. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w σόΠε΍Ϣʔβʔͷ৴པ౓Λܭࢉ w σόΠεɾϢʔβʔͷଐੑͱͯ͠อଘ w ύΠϓϥΠϯΛ௨ͯ͠৴པείΞɺΠϯϕ ϯτϦ৘ใΛ"$&ʹ࿈ܞ

  250. function userTrustInference (user, app interface) int { // isUserVulnerable(user) //

    isUserAccessingFromNewLocation(user) // hasTakenSecurityTraining(user) // isAppCritical(app) return userTrustTier(userInfo, appInfo) } function deviceTrustInference (device, app interface) int { // isDeviceVulnerable(device) // isDevieLatest(device) // isBrowserLatest(device) // isDeviceManaged(device) // isDeviceEncrypted(device) // isDeviceActive(device) return deviceTrustTier(deviceInfo, app) }

  251. ΞΫηε੍ޚͷ֓ཁʢྲྀΕʣ w "1ͱύΠϓϥΠϯ͔ΒऔಘͰ͖ΔσʔλΛ΋ͱʹΞΫηεՄ൱ Λܾఆɾద༻

  252. BeyondCorpʹ͓͚ΔΞΫη ε੍ޚΛຬͨ͢੡඼ɾαʔ Ϗε

  253. Access Proxy w "[VSF"% w ੍ݶ w )551ʢ4ʣҎ֎ͷϓϩ τίϧରԠ w

    ύεϫʔυೝূํࣜ

  254. Trust Inference w "[VSF"%*EFOUJUZ1SPUFDUJPO Ϣʔβʔ  w .JDSPTPGU%FGFOEFS"51ʢσόΠεʣ w "[VSF"51ʢσόΠεɾϢʔβʔʣ

    

  255. - Ϣʔβʔͷ৴པ౓ΛαΠϯΠϯঢ়ଶ͔Βܭଌ - αΠϯΠϯΠϕϯτͦͷ΋ͷͱɺαΠϯΠϯޙͷߦಈ͔Βܭଌ - Πϕϯτྫ: TorΛ࢖ͬͨϩάΠϯࢪߦ - ߦಈྫ: ෆՄೳͳཱྀߦ

    - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷࢉग़ࠜڌ͕Θ͔Γʹ͍͘ Trust Inference - AzureAD Identity Protection

  256. { "@odata.type": "#microsoft.graph.unfamiliarLocationRiskEvent", "id": “xxxx-xxxx", "riskEventStatus": "dismissedAsFixed", "riskLevel": "medium", "riskEventType":

    "UnfamiliarLocationRiskEvent", "riskEventDateTime": "2019-xx-xxT06:30:45", "closedDateTime": “2019-xx-xxT09:18:43", "createdDateTime": "2019-xx-xxT09:18:43", "userId": “xxxx-xxxx", "userDisplayName": “Kengo Suzuki", "userPrincipalName": “[email protected]", "ipAddress": "18.205.93.232", "location": { "city": "Ashburn", "state": "VA", "countryOrRegion": "United States", "geoCoordinates": { "latitude": 39.0437, "longitude": -77.4742 }  w 4JHO*O3JTL&WFOU

  257. { "id": "xxxx-Xxxx-xxxx", "isDeleted": null, "isGuest": null, "isProcessing": false, “riskLevel":

    "none", "riskState": "remediated", "riskDetail": "userPerformedSecuredPasswordReset", "riskLastUpdatedDateTime": "2018-xx-xxT01:33:06", "userDisplayName": [email protected], "userPrincipalName": null }  w 6TFS3JTL

  258. - σόΠεͰൃੜͨ͠ΞϥʔτͱͦͷޙͷରԠঢ়گ ͔ΒϦεΫ஋Λࢉग़ - ৴པ౓ʢϦεΫ஋ʣ͸Low, Medium, HighͰ෼ྨ - ୹ॴ: ϦεΫ஋ͷ൑அࠜڌ΍ಛ௃બ୒͕Θ͔Γʹ

    ͍͘ Trust Inference - Microsoft Defender ATP

  259. ɹɹɹɹɹ{ "id": "xxxxx", "computerDnsName": “xxxxxxxxxxx”, "firstSeen": "2019-xx-xxT09:18:43", ɹɹɹɹɹ"lastSeen": "2019-xx-xxT09:18:43", "osPlatform":

    "Windows10", "osVersion": "10.0.0.0", "lastIpAddress": “xxx.xxx.xxx.xxx”, "lastExternalIpAddress": "xxx.xxx.xxx.xxx", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", "rbacGroupId": 140, ɹɹɹ "rbacGroupName": "The-A-Team", "riskScore": "Low", ɹɹɹɹ"isAadJoined": true, "aadDeviceId": “xxxx-xxxx", ɹɹɹɹ "machineTags": [ "test tag 1", "test tag 2" ] },  w %FWJDF3JTL

  260. - υϝΠϯࢀՃͰͷATPܥ߈ܸΛݕ஌ - WDATPͱ࿈ܞ Trust Inference - Azure ATP

  261. Trust Inference w "[VSF"%৚݅෇͖ΞΫηε

  262. - Ϋϥ΢υαʔϏεʹର͢ΔΞΫηε੍ޚΛෳ਺ͷ৚݅ʹج͍ͮ ܾͯఆɾద༻͢ΔαʔϏε - ৚݅ͷྫ - ୺຤ͷϙϦγʔ४ڌঢ়گ - ϢʔβʔͷϦεΫ஋ -

    ΫϥΠΞϯτΞϓϦछผ - ΞΫηεઌͷΫϥ΢υαʔϏε - Ґஔ৘ใ ৚݅෇͖ΞΫηε IUUQTEPDTNJDSPTPGUDPNFOVTB[VSFBDUJWFEJSFDUPSZDPOEJUJPOBMBDDFTTPWFSWJFX

  263. - MFAͷશ༗ޮԽ ৚݅෇͖ΞΫηεྫ: શΞϓϦ޲͚

  264. - ॏཁͳαʔϏεʹରͯ͠ɺαΠϯΠϯϦεΫ͕গ ͠Ͱ΋͋Ε͹ϩάΠϯΛڐՄ͠ͳ͍ - ॏཁαʔϏε - AWS, ౿Έ୆, ύεϫʔυϚωʔδϟʔ, -

    ސ٬৘ใ؅ཧ༻αʔϏε ৚݅෇͖ΞΫηεྫ: ॏཁΞϓϦ޲͚

  265. - ؅ཧ͞ΕͨσόΠεͰϙϦγʔ४ڌͨ͠΋ͷͷΈΞΫηεՄೳ - ؅ཧ͞ΕͨσόΠε: ProfileΛΠϯετʔϧ͞ΕͨBYOD୺຤΋ؚΉ - ४ڌ͞Εͨঢ়ଶ - σΟεΫ͕Full Encryption͞Ε͍ͯΔ

    - σόΠεͷϦεΫ஋͕LowҎԼͰ͋Δ - OS͕ಛఆͷόʔδϣϯҎ্Ͱ͋Δ - TPMΛඋ͍͑ͯΔ - BIOSϨϕϧͷ ৚݅෇͖ΞΫηεྫ: ؅ཧσόΠεͷΈڐՄ

  266. - ͕͜͜BeyondCorp/ZeroTrustͷ؊ - શͯͷΞΫηε͸Access ProxyΛܦ༝͢Δ - ωοτϫʔΫ͚ͩͰ͸ͳ͘ɺෳ਺ͷσʔλιʔε͔Β൑அ͢Δ - ͦͷதʹ͸৴པ౓Λܾఆ͢ΔTrust Inferene΋ؚ·ΕΔ

    - ACEʹσʔλ͕ू໿͞ΕɺΞΫηε੍ޚ͕ܾఆɾద༻͞ΕΔ ΞΫηε੍ޚɹ·ͱΊ

  267. - BeyondCorpΛҰ൪ݱ࣮ͯ͠Δ঎༻αʔϏε͸ Microsoft - θϩ͔Β૊Έ࢝ΊΔͷͰ͋Ε͹ɺMicrosoft365 ύοέʔδΛ࢖ͬͯɺ଍Γͳ͍෦෼Λݸผͷι ϦϡʔγϣϯʹٻΊΔͷ͕ίεύ͕ྑ͍ ࢲݟ

  268. ࠓ·Ͱͷ͓͞Β͍

  269. ηΩϡϦςΟཁ݅શମ૾ ๏ྩɾج४ɾࢦ਑ αΠόʔηΩϡϦςΟઓུ ηΩϡϦςΟઃܭ αΠόʔηΩϡϦςΟઓज़ɾ࣮૷ ઓུʢػີੑʣ ઓུʢ׬શੑʣ ઓུʢՄ༻ੑʣ

  270. None

  271. ηΩϡϦςΟ୲౰ͱͯ͠ ΍Δ͜ͱ͸໌֬ʹͳΓ·͔ͨ͠ʁ

  272. Ϣʔβʔاۀʹ͓͚Δ৘ใγες ϜͱηΩϡϦςΟ - ߦಈࢦ਑ฤ 2019/08/10 By @ken5scal

  273. - ϛογϣϯܾఆͱܦӦਞͱͷ߹ҙ - ༏ઌॱҐʹର͢ΔܦӦਞͱͷ߹ҙ - ಥવ;ͬͯ͘ΔʢଞࣾΛؚΊͨʣΠϯγσϯτରԠ - ιϦϡʔγϣϯͷͨΊͷ༧ࢉ֬อ - ϨΨγʔͳपลγεςϜͱͷ౷߹

    - ৽͍͠ϓϩμΫτ΁ͷίϛοτ - ʢ΍ͬͱ…ʣ࣮૷ɾӡ༻ - ࠾༻ɾνʔϜϏϧσΟϯά - Etc, etc Զͨͪͷઓ͍͸·ͩ࢝·ͬͨ͹͔Γͩ

  274. - ׬શ/ඪ४తͳΧϦΩϡϥϜͳͲͳ͍ - खΛಈ͔ͦ͏ɻ࣮ફ͋ΔͷΈɻ - ίϛϡχέʔγϣϯΛଵΒͳ͍ - ਏ͍͜ͱ΋ࣦഊ΋͋Δ - ָ؍ऀͰ͍Α͏

    - ॿ͚ΛٻΊΑ͏ - ஌ࣝΛڞ༗͠Α͏ So, you want to work in security? ݪจ4P ZPVXBOUUPXPSLJOTFDVSJUZ ೔ຊޠ໿ηΩϡϦςΟͰ൧৯͍͍ͨਓ޲͚ͷ৺ͷ࣋

  275. Good Luck and Happy Hacking!

  276. Thank You!