Embed Size (px)
Citation preview
Why is Security Management So Hard?
inaz2
2016/12/09
第1回セキュリティ共有勉強会
About me
• inaz2• https://twitter.com/inaz2
• Security engineer & Python programmer
• Blog: ももいろテクノロジー• http://inaz2.hatenablog.com/
2
Question
• You are an incident responder in the company
• There’s nobody who doesn’t make a mistake• Assume each employee makes a mistake with a 1% possibility
• One day, the attacker sent malicious mails to 100 employees
• What is the probability of one or more incidents occurring?
3
Answer
63%
4
Make it zero?
• There’s nobody who doesn’t make a mistake• Even if the mistake rate goes 1% -> 0.1%, it occurs with a 9.5%
probability
• But if the number of mails was one, it occurs only with a 1% probability• It is important to reduce attack surfaces
• Network separation also reduces the risk of severe incidents
5
Who responds to the incident?
• Employee will open a malicious mail in the near future
• The most important is how we handle it• How to find it? What to do with the suspicious PCs? What kind of
logs are there? What is the root cause of infection? How to mitigate it? Who writes a report?
• Do you throw all things away to someone?
• IPA サイバーセキュリティ経営ガイドライン解説書• http://www.ipa.go.jp/security/economics/csmgl-kaisetsusho.html
6
More issues
7
Maintenance
• OK, the system is completed. Then, who supports it?• New vulnerability will be found
• Network environment will be changed
• The responsible person will be moved
• We need to manage all of our systems continuously• Even if there are legacy systems
• Security management is like a fixed cost
8
Incident invisibility
• The detail of incidents is often not shared with other groups
• It is difficult to let them take care of it
• But it is real that someone handles incidents day by day
9
Cloud services are secure?
• Yes, if all of us never make a mistake
10
Cloud services are secure?
• Yes, if all of us never make a mistake
11
Secrets
• We must keep other’s privacy
• We shouldn’t publish found issues until it is fixed• Information disclosure is a sensitive matter
• Furthermore, you may receive no acknowledgement
• Requires a high sense of ethics and high stress tolerance• Like a soldier
12
Recap
• It is important to think about how we handle incidents
• It is not so easy to manage all of our systems continuously
• Have an imagination about incidents just you don’t know
13
Reference
• AWS で不正アクセスされて凄い額の請求が来ていた件 -yoyaのメモ• http://d.hatena.ne.jp/yoya/20150404/aws
• 初心者がAWSでミスって不正利用されて$6,000請求、泣きそうになったお話。 - Qiita• http://qiita.com/mochizukikotaro/items/a0e98ff0063a77e7b694
• AWSアカウントに関する不正使用を整理してみた• http://www.slideshare.net/naotokatsumi/20150221-aws-
accountsabuse-44977667
14
Thank you!inaz2
15
