
ä»å¹Žãã¡ã€ã³ã®ãããã³ã°ç«¶æPHDaysã®åœ¢åŒãå€æŽãããŸãããéåžžã®CTFããé¢ããŸããã 代ããã«ãããã«ãŒãšèŠåå¡ã®æ¬åœã®æŠãããã©ãŒã©ã ã§å±éãããŸããã ä»åã¯ããããã«ãŒããããã£ãã§ã³ããŒããããã³SOCïŒã»ãã¥ãªãã£ãªãã¬ãŒã·ã§ã³ã»ã³ã¿ãŒïŒã®3ã€ã®ããŒã ãæŠããŸããã 競æäŒå Žã§ã®ã€ãã³ãã¯çŸå®ã«å¯èœãªéãè¿ãã£ãã ããŒã ã¯ãéè¡ãéä¿¡äºæ¥è ã倧èŠæš¡äºæ¥æã®ãªãã£ã¹ãé»åäŒç€Ÿãããã³ãã®ä»ã®æœèšãããéœåžã®ãšãã¥ã¬ãŒã·ã§ã³ãèªç±ã«äœ¿çšã§ããŸããã
é²è¡åŽã§CityFã«åå ããéä¿¡äºæ¥è Andrei Duginã®æ å ±ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ã圌ã®ããã°ã§ç«¶æã®çµéãšå°è±¡ã詳ãã説æããŸãã ã èè ã®èš±å¯ãåŸãŠã圌ã®åºçç©ããã¹ãŠ1ã€ã®habratopikã«åéããŸããã
説æ
2016幎5æ17ã18æ¥ãã¢ã¹ã¯ã¯ã§éå¬ãããPositive Hack Daysã«ã³ãã¡ã¬ã³ã¹ã§ãå®çšçãªæ å ±ã»ãã¥ãªãã£ã®äž»èŠãªã€ãã³ãã®ç¹åŸŽã§ããCapture The FlagïŒCTFïŒã³ã³ãã¹ããéå¬ãããŸããã ä»å¹Žãäž»å¬è ã¯ã³ã³ãã¹ãããããã«ä¿®æ£ãã äŒè°ãŠã§ããµã€ãPHDaysã§çºè¡šãããããã«ãä»®æ³éœåžã«ãããåãšæªã®å¢åéã®ã察ç«ãã®åœ¢åŒãäžããŸããã
åœç¶ã®ããšãªãããã³ã³ããã£ã·ã§ã³ã§æãè©Šããããšæã£ã人ã¯å€§å¢ããŸããã åå è ã¯2ã€ã§ã¯ãªãã3ã€ã®æ©èœé åã«åããããŸããã
- ããã«ãŒ -åœç¶ã圌ãã®ç®æšã¯ä¿è·ããããªãœãŒã¹ãžã®äžæ£ã¢ã¯ã»ã¹ãåŸãããšã§ããã
- ãã£ãã§ã³ã㌠-ååã瀺ãããã«ãäž»ãªã¿ã¹ã¯ã¯ãããã³ã°ãé²æ¢ããããšãããã³/ãŸãã¯ãã®åå ãšçµæãè¿ éã«æé€ããããšã§ãã
- SOC-çãããæ å ±ã»ãã¥ãªãã£ã€ãã³ãã®éçšç£èŠããé²åŸ¡è ãã®éç¥ãå ±ååæããã³ã€ã³ã·ãã³ããžã®å¯Ÿå¿ã
é»æ°éä¿¡äºæ¥è ã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ããã£ãã§ã³ããŒãããŒã ã®ã¡ã³ããŒãšããŠãã®ã³ã³ããã£ã·ã§ã³ã«åå ããã®ã§ãæ å ±ä¿è·ãšã³ãžãã¢ã®ç®ãéããŠã€ãã³ãã«ã€ããŠè©±ãç¶ããŸãã
æ¯æè ãšSOCã¯ãé£æºããŠãµãŒãã¹ãä¿è·ããŸãã ç§ãã¡ã®ã¿ã³ãã ã¯ããã·ã¢ã§æ £ç¿çã§ããããã«ãæ¬åœã«éåžžã«çç£çã§ãã:)
2æ¥éã®ã察ç«ãã®çµæã«åºã¥ããŠãSOCã®ããŒãããŒãšããŠJSOCã®å°é家ããŒã ãæã«å ¥ãããšç°¡åã«èšããŸããJSOCãšã¯ããäºããå®å šã«ç解ããŸããïŒåºåã®ããã§ã¯ãªããäºå®ãè¿°ã¹ãããïŒã ãã®ã³ã³ãã¹ãã®JSOCãšåæ§ã«ãç§ãã¡ã¯äŒç€Ÿã®ãå§åŠ¹ãéšéã§ãåžžã«ä»äºãããŠããããã§ã¯ãããŸããã§ããã åããªããã«èãããŸãããæ¬åœã§ããæããèšèãæ¶ãããšã¯ãããŸããã

倧èŠæš¡ãªéä¿¡äºæ¥è ãšSolar JSOCã®éä¿¡é²åŸ¡è ãYou Shall Not Passãã®ããŒã ããFalse PositiveãããŒã
ããã«ãŒã¯ããã¡ããã競äºã§ã¯å¯ŸæŠçžæãšã¯å¥åã«åäœãïŒãããã£ãŠãæŠãã¯ãããŸããïŒãä¿è·ããããªãœãŒã¹ãžã®äžæ£ã¢ã¯ã»ã¹ãè©Šã¿ãŸãã
ããªãèå³æ·±ãçµæã«ãªããŸããããã³ã³ãã¹ãã®è©³çŽ°ã¯åŸã»ã©ã§ãã å€ãã®å Žåãè€éããžã®å€æã®æåã®åå ãç解ããããšããŸãã äŒè°ãäžçã®ååã«é ããªãããã«ããã®ã¯è«ççã§ãããããããããã§ã競äºã«åå ãããšããå°è±¡ãåããŠãããžãã£ããã¯ãããžãŒãºã¯äžæ©åé²ãããšæãããŸãïŒååã¯ã«ãŠã³ããããŸããïŒïŒ ïŒäžç«æ§ãç¶æããããã®ååè£æ£ïŒã
ãã®ãããããã€ãã®æãããªçç±ãããããã®ããã€ãã¯ä»ã®çµæã§ãã
1.å·ããã³äŒæ¥ã®æ³šæã以äžã«åãã
- ãã¢ãã®ã€ã³ã¿ãŒããããããã³ãããªãã¯ãããã¯ãŒã¯ã«æ¥ç¶ããããã®ä»ã®éèŠãªã€ã³ãã©ã¹ãã©ã¯ãã£ç®¡çã·ã¹ãã ãä¿è·ããå¿ èŠæ§ã
- éè¡ã·ã¹ãã ãæ±ãéã«æ å ±ã»ãã¥ãªãã£å¯Ÿçãéµå®ããå¿ èŠæ§ã
- éè¡ã·ã¹ãã ããããã³ã°ããããšã®çµæžçå¹æ;
- æ å ±ã»ãã¥ãªãã£ãæ®çããŒã¹ã§çºå±ããŠããçµç¹ã«èµ·ããããçµæã
2.ã¹ãã·ã£ãªã¹ãã«ãçŸå®ã«è¿ã圢ã§ã€ã³ãã©ã¹ãã©ã¯ãã£ã«äŸµå ¥ãããšãã絶ãéãªãè åšã«å¯ŸåŠããã®ãã©ã®ãããªãã®ããæããããŸãïŒãªãã-åŸã§è©³ãã説æããŸãïŒã
3.ã€ãã³ãã¹ã±ãŒã«ãæå®ããŸãã
4.åžå Žããã¢ãŒã·ã§ã³ïŒ
- æ å ±ã»ãã¥ãªãã£è£œåããã³ãµãŒãã¹ã
- SOCïŒã»ãã¥ãªãã£ãªãã¬ãŒã·ã§ã³ã»ã³ã¿ãŒïŒãªã©ã®ãµãŒãã¹ã®ISãµãŒãã¹éã§ã®ãã¹ããšæ®åã
åè¿°ã®ã©ããæ ¹æ¬åå ã§ãããã©ããçµæã§ãããã¯æããã§ãã
èŠéè§ã«ã€ããŠã¯åã«èª¬æããã®ã§ãåæã®å®å šæ§ãå¹ åºãã®ãµãã¯ããŸããã
æºåãã
ãã®ãããJSOCãšé£æºããéä¿¡æè·è ã®ããŒã ã¯ãå人ã¢ã«ãŠã³ããããŒã¿ã«ãææã¡ãã»ãŒãžã³ã°ãµãŒãã¹ããã®ä»ã®VASãªã©ãéä¿¡äºæ¥è ã«åºæã®IPããŒã¹ã®å ¬å ±ãµãŒãã¹ãæè·ããŸããã ãã¡ãããç§ãã¡ã®ã¿ã¹ã¯ã®äžå¯æ¬ ãªéšåã¯ããããã¯ãŒã¯æ©åšã®å®å šæ§ã確ä¿ããããšã§ããã
ããŒã ã«é¢ããŠïŒç§ãã¡ã¯ä»¥åã«ç¥ãåã£ãŠããªãã£ã競åããååãšä»äºãããªããã°ãªããŸããã§ããããç§ãæåã«ãããç¥ã£ããšããæåã«ç§ãã¡ã¯ã¢ãã³ãžã£ãŒãºã®ããã«ã誰ãšåäŒããã¯ãŒã«ã«ãªããããžãã¹ãéå§ããŸãã 幞ããªããšã«ãç§ã¯ééã£ãŠããŸããããã®çç±ã¯ç°¡åã§ãããã®ããã®æéã¯ãããŸããã§ããã æé»ã®ååã¯æ¬¡ã®ãšããã§ããããªããã¯ãŒã«ã§ããã³ãµã ã§ãããã§ããŠãããªããç§ãã¡ã¯ããªããä¿¡ããããªãã®æèœãèªããäºããªãã§ãã ãããåãïŒ ãããŠãç§ã¯éæ¿æŽŸãã¬ãã¥ãŒããŸããã
äžèšã®ã€ãã³ããè¡ããããä»®æ³éœåžãã«ã¯ã5ã€ã®ã€ã³ãã©ã¹ãã©ã¯ãã£æœèšãããããã®ããã®éäºã¯æ¬¡ã®ãšããã§ããã
- åžåœ¹æ;
- éè¡1;
- éè¡2;
- ãšãã«ã®ãŒäŒç€Ÿã
- éä¿¡ãããã¯ãŒã¯ã
åœç¶ãéåžžã®æè¡ãµããŒãããªããã°ãéœåžã¯æ©èœãããä¿è·æ段ããããŸããã æ å ±ã»ãã¥ãªãã£ã€ãã³ãã®éçšç£èŠãããã«ãŒæ»æã®é²æ¢ãšæéã®ããã«ãäž»å¬è ã¯ä»¥äžãæäŸããŸããã
- 競æéå§åã®äºåèšå®ã®ããã®ãªã¢ãŒãã¢ã¯ã»ã¹ã
- 競äºã®ãã«ã¿ã€ã 段éã®ä»äºã
- ãŠãŒã¶ãŒãšãã¹ãã©;
- ãããã¯ãŒã¯ããã;
- ãããã¯ãŒã¯ããã³ãµãŒããŒã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã
- æºåæžã¿ã®èŠçŽ ïŒãããã¯ãŒã¯ããµãŒããŒïŒã®ç®¡çè ãã°ã€ã³ãã¹ã¯ãŒãã
- æ å ±ã»ãã¥ãªãã£ããã³éçšç£èŠã·ã¹ãã ã®å±éã®ããã®èšç®èœåã
- ææžã®éžæã®å®å šãªèªç±;
- åçšæ å ±ã»ãã¥ãªãã£ããŒã«ã®ã¡ãŒã«ãŒãããã¹ãçšäžæã©ã€ã»ã³ã¹ãååŸããéã®æ¯æŽã
ãã¡ãããå¿ èŠãªæ å ±ã»ãã¥ãªãã£ã·ã¹ãã ã®è©Šé転ã®ããã«ãå°ãåã«ã»ã°ã¡ã³ãã«ãªã¢ãŒãã¢ã¯ã»ã¹ã§ããŸããã ããã§ãªããã°ãæ¬åœã«äœãããæéããããŸããã ãã¡ããããã®æéã®äžéšãã€ãŒã¹ã¿ãŒãš5æã«èœã¡ãããšã¯æ®å¿µã§ãã å察掟ããžã£ã¬ã€ã¢ãšã®å¯Ÿæ±ºã«ã¯ãåå£ãžã®çµ±åãå¿ èŠã§ãããçæéã§è¡ãå¿ èŠããããŸãã ãããããç¬èªã®æ¹æ³ã§åªå é äœãèšå®ããŸãã
ååã®Gennady Shastinã«æè¬ããŸããå®éãããŒã å šäœãç·šæããå¿ èŠãªåšå®ã«å¿ èŠãªåãšåŒ·ãã§å šå¡ãç¡äºã«è¹Žãè¿ããŸããã ç§ã¯åœŒãåªç§ãªã¹ãã·ã£ãªã¹ããšããŠç¥ã£ãŠããŸããããçµç¹åãçŸããŸããã ãžãŒããããªãã¯å®éãããã·ã£ãŒããåç¬ã§èžæ°æ©é¢è»ãå§ããŸãããç§ãã¡ã®ããŒã ã¯ããªãã«éçŸå®çã«æè¬ããŸãã
ç§ãã¡ã«ã¯ãã®ãããªä»äºã¯ãªããã©ããããããšé»æºãœã±ãããæ¥ç¶ããããã®ã€ãŒãµãããã®ã¿ã§ããã ããããããã¯æ£åžžã§ããPCãåãæ»ãããã«äž»å¬è ãå°æãããã ãã§ããã ããŒãããœã³ã³ã®åŸãã§äœæ¥ããã®ãããäžè¬çã§ãã å¹³åçãªãŠãŒã¶ãŒã®ã¢ã¯ãã£ããã£ãæåããå¿ èŠã®ãããšã¯ã¹ãã©ãŠãŒã¶ãŒã®ã¿ããåºå®PCã®åœ¢ã§ä»äºãããŠããŸãããã¡ãŒã«ãèªãã ããæªæã®ãããªã³ã¯ãã¯ãªãã¯ãããããœãŒã·ã£ã«ãããã¯ãŒã¯ã«åº§ã£ãŠãæ¯æããå°ãªããšäžå¹³ãèšã£ããããŸãã ãŠãŒã¶ãŒãšã®å¯Ÿè©±ã¯çŠæ¢ãããŠããŸããã
ãããã¯ãŒã¯ãããã«ã¯ããµãããããšãã®ããããžã®å Žæã«é¢ããL3æ å ±ã®ã¿ãå«ãŸããŠããŸããã ã©ã®ãããã¯ãŒã¯ã«ããã®ã-ããªãã¯èªåèªèº«ãèŠã€ããªããã°ãªããŸããã§ããã äžæ¹ã§-ã¿ã¹ã¯ã®è€éããä»æ¹ã§-ãã©ã€ãã®äœåãªæ³šå ¥ã ã€ãŸãããµãŒããŒãèŠã€ããŠç¡ååããããã«ãL3çµç«¯ããã€ã¹ãšã¹ãã£ããŒã®ARPããŒãã«ãvsesãªã©ã®å±éãããã€ã³ãã©ã¹ãã©ã¯ãã£èŠçŽ ã䜿çšããæŽæ°ãåæ§æãçµ±åãããŸãã...ä»®æ³ãã·ã³ã ã€ã³ã¹ããŒã«ããŒãã£ã³ã°ã§ãPositive Technologiesã®Sergey Pavlovã¯ãèªå® ã®ã³ã³ãã¥ãŒã¿ãŒãããå°ãªããšãå€ãã®ã³ã³ãã¥ãŒãã£ã³ã°ãã¯ãŒããããšçŽæããã ãŸãããããã«ã¯èŠããŸããã§ããã ãããããã®æ©åšã¯ç¹ã«è² è·ããæ±ããããŠãããå¿ èŠãªä»®æ³ãã·ã³ã®èŠæ±ã«æžæãããšããªããããã«ãŒã¯åæã«ã¹ãã£ã³ã®è»ãèµ·åããŸããã
æ å ±ã»ãã¥ãªãã£ã«ã€ããŠïŒç§ã¯æåã«ãGenaãç§ãã¡ã蹎ãå§ãããšãã«ãäž»å¬è ãšããŠã®ãããžãã£ããã¯åœŒãã®PRã«è£œåãšãœãªã¥ãŒã·ã§ã³ã課ãããšããã ãããšèããŸããããããããæ段ãéžæããå®å šãªèªç±ãããã ãã§ãªããåæ¥çãªãµãã©ã€ã€ãŒããäžæçãªã©ã€ã»ã³ã¹ãååŸããéã®ç©æ¥µçãªæ¯æŽã ãããç°¡åã«èª¬æã§ããŸãã補åã®äœ¿çšç¯å²ãæ¡å€§ããããšã§ãäž»å¬è ã¯é²åŸ¡è ãå¶éãã察ç«ãæ¥æ¿ã«å ¬éãã¹ãã«å€ããŠãåé¿ããããã¯ã®å Žåã«åºåãšèšãèš³ã®åçºã®äœå°ãäžããŸãã ã¯ããç§èªèº«ã¯ããã®å Žåã®é²è¡ã«ãããããçš®ã®å°é£ãªæ 床ããé ãããšã¯çœªã§ãããšããäºéã®æ±ºå®ã«åž°ããããšãè©Šã¿ãã§ãããã ããã«ãçã®å¯Ÿæ±ºã課ãå Žåã¯ãããªãæ·±ããç¡æã§ãã¬ãŒãã³ã°ãè¡ããã³ã³ãã¹ãã®æéäžã«ãŽãŒã«ããµããŒããæäŸããŠãã ãããããã¯æããã«ãªãŒã¬ãã€ã¶ãŒã®èšç»ã®äžéšã§ã¯ãããŸããã§ããã
ã ããã芪æãªããã£ãã§ã³ããŒãšããžã¥ãŒã¹ããããã«èªç±ã®ã²ãšå£ããããŸããèŠãŠãçªæ¯ããªãã§ãã ããã ãã¹ãŠãããŸããããŸã-ãŸãã倧äžå€«ããã¹ãŠãããŸãè¯ããªããªããããªãã¯ãã€ãèšãããšãã§ããŸãïŒãããããããããªããç§ãã¡ã®MaxPatrolã¹ãã£ããŒãŸãã¯MaxPatrol SIEMãæã£ãŠãããªã...ããããªãã¯ç¶æ³ã«ãã£ãŠã¯èšããªããããããŸããã 確ãã«ãç§ã¯ãã®ãããªããšãèšãããããŸãã¯ã»ã®ãããããããšãããŸã èããŠããŸããã
äžè¬çã«ã競äºã®æºåã¯éåžžã«è¯ãã£ãã§ãã ãã¡ããããã€ããŒãã€ã¶ãŒã®è² è·ã®ããã«ãããã¯ãŒã¯ã竹ãåžããšãã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã®äžæãªã©ã®åŸ®åŠãªéãããªãããã§ã¯ãããŸãããããããã¯ãã®èŠæš¡ã®æåã®ã€ãã³ãã§ã¯éåžžã«æ£åžžãªäœæ¥ã®ç¬éã§ãã ä»å¹Žã¯è¡çªããããŸããããæ¥å¹Žã¯æºåãæŽããäºæž¬ã容æã«ãªããæ³ååãçãŸããŸãã
æ°Žåçºé»æã®å ±æ¯ç Žå£ã«é¢ããæèŠ
ã«ãŒã«ãªãã§æŠããŸãã æŠéæ©ãªãŒã¯ãšãŽããªã³ã®éã®æ±ºéãçµç¹ãããŸãã ãã¡ã€ã¿ãŒã¯åå¿è ã§ããã芳客ã¯ãã©ã³ãã§ãéãæã£ãŠããŸãã ãã®ãããªæŠãã®åœ±é¿åã®ããæ人ãäž»å¬è ãä¿è·ãã圹人ã¯ããŽããªã³ãåã€ãšããéåžžã«å€§ããªè³ããããŸãã ãããŠããªãŒã¯ã¯è»å£ã«è¯ãææãäžãããã®åŸãŽããªã³ã¯ãæµ®ããã è£å€å®ã¯ãã«ãŒã«ã«åããŠããããåŸéšã®ææãšããŠæ°ããããã«ãã£ãã€ã³ãã§ãªãŒã¯ã®åŽã«é£ãå»ãããŽããªã³ã®å埩ã®ããã®æéãäžããŸãã ãã®éçšã§ããªãŒã¯ã¯ããã«ãããããŸããã暪ã«ãªãå¿ èŠããããŸãã ãç¶ããã¯èšã£ãã ãããŠããªãŒã¯ã¯ãããšã圌ãåã£ãŠè³ãåã£ããšããŠããå°æ¥ãã®çµç¹ã§ã®æŠéæ©ã®ãã£ãªã¢ã圌ã®ããã«éããããããšãèªèããåŸã ã«å埩ãã€ã€ãããŽããªã³ãèŠãŠãä¿¡ããããªãã»ã©ãããã¯ã¢ãŠããã®äžæã眮ãæããæ¹æ³ãèãå§ããŸãèŠèŽè ã説åŸããŸãã
PHDays VIã®ç¿æ¥ãã€ã³ã¿ãŒãããå šäœããç·åçåŸãã©ã®ããã«çºé»æããããã³ã°ãããããããã³ã°ãæåããåŸã®ããã«ãŒãæ°Žåçºé»æãæ¢ããŠéœåžã«æµžæ°Žããããšã«ã€ããŠã®ãã¥ãŒã¹ã§ãã£ã±ãã§ããã
ç§ã¯ãã¬ã³ã ã®ããã£ãã§ã³ããŒãã«åå ããã®ã§ãæèŠã¯ç¶æ³ã®åæãšç§ã®é楌ãšã®é¡æšã«åºã¥ããŠããŸãããSCADAããã¯ã®è©³çŽ°ã¯ç¥ããŸããã
PHDaysã«é¢ããäžé£ã®ã¬ãã¥ãŒã®æåã®éšåã§æžããããã«ãäž»å¬è ã«ãšã£ãŠéèŠãªç®æšã®1ã€ã¯ããã¢ãã®ã€ã³ã¿ãŒããããããããªãã¯ãããã¯ãŒã¯ã«æ¥ç¶ããããã®ä»ã®éèŠãªã€ã³ãã©ã¹ãã©ã¯ãã£ç®¡çã·ã¹ãã ãä¿è·ããå¿ èŠæ§ã«å·ãšäŒæ¥ã®æ³šæãåããããšã§ããã ç§èªèº«ã¯SCADAä¿è·ã䜿çšããŠããŸããã§ããããå ¬å ±ã®æ å ±æºãããIPã«ãã£ãŠãããã«ã¯ã€ã³ã¿ãŒããããä»ããŠããã€ã¹ãå¶åŸ¡ãããããã«ãªããšãã»ãã¥ãªãã£ã«æ³šæãæã人ã¯ã»ãšãã©ããªãããšãããããŸãã ãã€ãã®ããã«ãæè¡ã¯æåã«éçºããã次ã«å®å šæ§ãéçºãããŸãã ãã®çµæããæŒæŽ©ç©ã®ã€ã³ã¿ãŒããããã圢æãããŸãã è åšãšãªãå¯èœæ§ãããã®ã¯ãã¢ã¯ã»ã¹ããããã€ã¹ã«ãã£ãŠç°ãªããŸãã ããã¯ãã¥ãŒã¹ãéããŠäžè¬ã«äŒããããšãã§ããŸãããéèªãåŒãä»ããããã«ã¯ãæèŠãšããŠç¥èŠãããäœããå¿ èŠã§ãã ããããçºé»æãæ¢ããŠãããã«ãŒã§è¡ãfloodæ¿«ããããããã¯ããã«ã»ã³ã»ãŒã·ã§ãã«ã§ããããã«ãŒã¯ããã¹ã¯ãŒããçãããšãã§ããã©ãããããã®åŸãã®ç¿ã®å§¿å¢ãæã€ç·ã®åã«ãã£ãŠæ倧éã«èªèãããŸããïŒ

ç»åïŒ Xakep.ru
å¶åŸ¡ã·ã¹ãã ã匷åããããã£ãã§ã³ããŒãã®ããŒã ããããŸãã ãã¹ãŠãã€ãââã³ãç£èŠã«æ¥ç¶ããŠããSOCããããŸãã æºåã®è©³çŽ°ã¯ãåãååã®2çªç®ã®éšåã§èª¬æãããŠããŸãã ç§ã®ç¥ãéãããããã¯æ å ±ã»ãã¥ãªãã£ã®åéã®å¶å©äŒæ¥ã§ããããã®ã³ã³ãã¹ãã§ã¯ããããä¿é²ããããšèããŠãããããç£æ¥æœèšã®ä¿è·ãçå£ã«èããŠããŸãã ãããŠãããã§ãèšèŒãããŠããä¿è·ã®ãã¹ãŠã®æ·±å»ãã«ããââãããããæ°Žåçºé»æã¯2åå£ããŠããŸã...ãã·ã¢ã®ISSUã§ã¯æ¬åœã«æªãã§ããïŒ
äœãèµ·ãã£ãã®ãã®çç±ã®ããã®ç§ã®ãªãã·ã§ã³ïŒ
- é²åŸ¡åŽã®é²åŸ¡ãäžååã§ãããSCADAã¯éåžžã®ä¿è·å ·ã®æ§è³ªäžååšããªãããä¿è·ãæ ã£ãŠããŸãã
- SOCãèŠèœãšãããïŒç£èŠãšã®çµ±åãäžååã§ããããã¯ãªãã¯ãããã
- ä¿è·æ段ã«é¢ããäž»å¬è ã«ããå¶éã
- ãç¶ããã¯èšã£ãã
æåã®2ã€ã§ã¯ããã¹ãŠãæ確ã§ãã SOCãšãã£ãã§ã³ããŒãæ¬åœã«ã¯ãªãã¯ããå Žåããããã®æ¹æ³ããããŸãã ããããäž»å¬è ã«ãã£ãŠèª²ããããå¶éã¯ãæ°Žåçºé»æãããã«ãŒããããã³ã°ããå¯èœæ§ãæ瀺ããŠããã®ã§ã¯ãªãããšçã£ãŠããŸãã è³ãã¯ãããç¶ããããæ°Žåçºé»æãééããéœåžã浞氎ãããšãããã®ã§ããã
äž»å¬è åŽã®å¶é声æã«æ ¹æ ããªãããã«ãç§ã¯ãã¬ã³ã ããã£ãã§ã³ããŒãããŒã ã®ã¡ã³ããŒãšããŠèšããŸããä¿è·ã®äœ¿çšã«ã¯å¶éããããéåžžã«åŒ·åã§ããã è¿œå ã®ä¿è·æ段ã䜿çšããŸãããåºæ¬çãªæ段ãããSSH / RDPã®äžçããä¿è·ããããªãœãŒã¹ãžã®ãã¡ã€ã¢ãŠã©ãŒã«ãéããããšããçŠæ¢ãããŸãããä»ã®æªäœ¿çšã®ãµãŒãã¹ã¯èšããŸã§ããªãããããã¯ãŒã¯æ©åšèªäœã®ã¿ã§ãã ãã¹ã¯ãŒããå€æŽããæŽæ°ããããããé©çšãã奜ããªã ãåæ§æããŸããããµãŒãã¹ãå©çšã§ããããã«ããå¿ èŠããããŸã...ããããç§ã¯äžè¬ã«ããã©ã«ãã®æåŠãèšå®ããããšæããŸããã ããããäž»å¬è ã¯ç§ãèš±å¯ããŸããã§ããã
ãããŠæŠç¥çã«ããã¯æ£ããã§ãããããªããšãããã«ãŒã¯ã·ã§ãŒãè¡ãããäž»å¬è ããã£ãã§ã³ããŒãšãžã¥ãŒã¹ã«å€å€§ãªã¢ããã³ããŒãžãäžããããšã¯ãã¹ãŠäžæ£ã§ãããšèšããŸãã ã¡ãã£ã¢ã«å¿ èŠãªæ å ±ãæ³šå ¥ãããããšã¯ãããŸãããç£æ¥äŒæ¥ã®ãªãŒããŒã·ããã¯ä¿è·ãåŽäžããŸãã 圌ã¯ãã®ã²ãŒã ã§ããŒã³ïŒSOCããã³SCADAãã£ãã§ã³ããŒïŒãç ç²ã«ããŸããããæ°å¹ŽåããæŠç¥çãªåªäœæ§ãç²åŸããŸããïŒããžãã¹ããã³åœå®¶ããã®ã»ãã¥ãªãã£ã®ããã®å°æ¥ã®æ³šæïŒã ãããŠãæãéèŠãªããš-äžçã¯ãæªäººãéœåžã®å ãšéå°ãªæ°Žã§äººã ãæŸçœ®ããã®ãé²ãæ¹æ³ãèããŠããŸããã

ç»åïŒ Xakep.ru
ããããã¹ãŠé²å±ããå ŽåãSCADAãå®ããæè·è ããšSOCãæ°Žåçºé»æã®ç Žå£ãšéœåžã®æŽªæ°Žã®ããã«ãããããšãæãŸãªãã§ãããã
æ°é ãã®ããååãäž»å¬è ã®ä»£è¡šãç§ãä¿®æ£ããæ°Žåçºé»æã®æè·è ãå®éã«å£ããŠããªãããšãæ確ã«ããã ãããã³ã°åŸãé²åŸ¡è ãšSOCã¯ãããã³ã°ããã»ã¹ãéåžžã«æ£ç¢ºã«èª¬æããŸããïŒã€ãŸãã圌ãã¯ãã¹ãŠãèŠãŸããããçµå±ã¯ã·ã§ãŒãå¿ èŠãªãããèŠãŠããŸããã§ããïŒãããã«ãŒã¯ããã確èªããŸããã ãã£ãã§ã³ããŒã匱äœåãããã£ãã§ã³ã¹ãå®å šã«åãé€ããåŸã«ã®ã¿ãã¹ã«ãããæããããšãã§ããŸããã äºæ¥ç®ã®æãçµå±ã®ãšããã圌ãã¯ã¹ããŒãžãããããå ¬ã«çºè¡šããŸããã ç§ã¯ãç ãã¬å€ãéãããåŸãããã§æŸéãããŠãããã®ãç¹ã«ç¥èŠã§ããªãã£ãããã§ãã
ããããããã«ãããããããæ°æ¥åŸãç§ã¯ã€ã³ã¿ãŒãããæ å ±ã§ãæ°Žåçºé»æã¯ä¿è·ãããŠããªãã£ããããããã³ã°ãããããšãããããŸããã ãããŠãæéã®çµéãšãšãã«ããã®æ··ä¹±ãããã¬ãŒãºãããæ°Žåçºé»æããããã³ã°ãããå¯èœæ§ãããããšãæããã«ãªãã ãã§ãã ããžãã¯ã®ç¶ç¶-ä¿è·ããå¿ èŠãããããšãæå³ããŸãã ã€ãŸããããã£ãã§ã³ããŒããšSOCã®è¯ãååã®åœ±ã¯ãããèœã¡ãŠããã°ãããã«æ¶ããŠããŸããŸãã ãããããPRã¹ãã·ã£ãªã¹ãã¯ãæ å ±ä¿è·ãšã³ãžãã¢ãããèªåã®ä»äºãããç¥ã£ãŠããŸãïŒéã«ããã«ã¯ååã§ã¯ãããŸããã§ããïŒã
ããã«ãäž»å¬è ããã®å ¬åŒæ å ±ããããŸãïŒ
ãã©ãŒã©ã ã¯ãä¿è·ãããŠããªãéèŠãªã€ã³ãã©ã¹ãã©ã¯ãã£ã«äœãèµ·ããããæ確ã«ç€ºããŠããŸãã æ å ±ã»ãã¥ãªãã£ã®å°é家ã¯ãããã»ã¹ãäžæããããšãªãéåžžã«é«ãã¬ãã«ã®ä¿è·ãæäŸã§ããŸãããPHDaysã®ããã«å±éããæ©äŒãäžããããããšã¯ã»ãšãã©ãããŸããã ä¿è·è£ 眮ãåæããåŸãæ»æè ã¯äŒæ¥ãããã¯ãŒã¯ãä»ããŠèªåå¶åŸ¡ã·ã¹ãã ã®æè¡ãããã¯ãŒã¯ã«å ¥ããã·ã¹ãã ã®ç©ççè£ çœ®ãæ»æããæ°Žåçºé»æã«äŸµå ¥ããæŸæ°Žãè¡ããé»åç·ãåæããŸããã
å¶éäºé
äŒè°ã®å ¬åŒãŠã§ããµã€ãã«ã¯ãããªãåããªåŒçšããããŸãïŒ
ä»åã¯ãéåžžã®CTFã³ã³ããã£ã·ã§ã³ã®ä»£ããã«ãå®éã®æµå¯Ÿè¡çºãæé ããŸãã ãµã€ãã§ã®ã€ãã³ãã¯å¯èœãªéãçŸå®ã«è¿ããã®ã«ãªããŸããéœåžã€ã³ãã©ã®å€§èŠæš¡ãªãšãã¥ã¬ãŒã·ã§ã³ã¯ãPHDays VI CityFãã¬ãŒãã³ã°ã°ã©ãŠã³ãã§å±éãããŸãã
ããã¯å€ªåã§åŒ·èª¿è¡šç€ºãããŠãããã®ã§ãããç§ã¯è©±ãããããšæããŸãã
äºå®äžãæ å ±ã»ãã¥ãªãã£ã®æ段ã«å¶éã¯ãããŸããã§ãããå¿ èŠãªãã®ã¯äœã§ããä»®æ³ãã·ã³ã®èŠä»¶ãèšãã ãã§ãã äžæçãªã©ã€ã»ã³ã¹ã®ããã«ãã³ããŒã蹎ãå¿ èŠããããŸã-ããšãã°ããã£ãŠã¿ãŸãããã ãŸããç§ãã¡ã¯æ¥ãããããå±ã§ã¯ãããŸããã§ããã
VMware å±é段éã§ãå¶éãè¡šæãããŸãããæ å ±ã»ãã¥ãªãã£ã®ç¢ºä¿ãšç£èŠã®ããã®å ¥æã®ããã«åœç€Ÿãéžæãããœãªã¥ãŒã·ã§ã³ãä»®æ³åããå¿ èŠããããŸãã ããŒããŠã§ã¢ã¯æã¡éã³ã§ããã ãã§ãäž»å¬è ã¯è²¬ä»»ãè² ããŸããã§ããã äžè¬ã«ãããã¯ããã»ã©å€§ããªåé¡ã§ã¯ãããŸããããã³ããŒããä»®æ³ãã·ã³ãååŸããã®ãæ¡éãã«ç°¡åã§ãããäžççãªåŸåã¯ãŠãããŒãµã«ä»®æ³åãç®æããŠããããããã¯ãŒã¯ãããŒã¿ã»ã³ã¿ãŒå šäœãä»®æ³åãããããããçš®é¡ã®NFVãSDNãSDDCãå®è¡ããŠããŸãã äžéšã®ã¡ãŒã«ãŒã¯ä»®æ³ãã·ã³ã«æ©ãŸãããŠããŸããããæäŸããããšããæåŠããŠããŸããã ç§ã¯ãããã«ãŒæ»æãšã®ãã®ãããªæ·±å»ãªé¢ä¿ã®æºåãã§ããŠããŸããã§ããã
ããã©ã«ãã®èš±å¯ ã äžæ¹ãå¢çãã¡ã€ã¢ãŠã©ãŒã«ã§ããã©ã«ãã®æåŠãå®è¡ããããšã¯çŠæ¢ãããŠããŸããã ãããŠãçŸå®ã®äžçã§ã¯ããããæåã«è¡ãããŸãã ã³ã¢ã«è¡æãäžããç§ã¯æ³£ããåªãããŸãããã競äºã«åå ãç¶ããŸããã åã«æžããããã«ãã察ç«ãã®äž»ãªç®æšã®1ã€ã¯ãããŸããããªãã·ã§ãŒã§ãããäžèŠãªãã®ã¯ãã¹ãŠçŠæ¢ããŸãã ããã«ãŒã¯ç§å¯ã®ã€ã³ã¿ãŒãã§ãŒã¹ã«åºããããäœãããããªãŒã¬ãã€ã¶ãŒãé äºããŠåã®æããåŽé¢ã«ãµããã§ãããã ãããã£ãŠãããã§ã®çŸå®ãžã®è¿äŒŒã¯å®è³ªçã«ãŒãã§ãã 圌ãã¯ãããã«ãŒã«ãŸããããããã®æå©ãªã¹ã¿ãŒããåã£ãã ãã®ãããªç¢ºçãšæ°Žåçºé»æãå£ããã®ã§ãéœåžã¯æµžæ°ŽããŸãã ã
IPã¢ãã¬ã¹ã®çŠæ¢ã¯ãããŸãã ã ãŸããsrc IPã«ããçŠæ¢ãçŠæ¢ãããŠããŸããã åœç¶ãèšèã§åã«çŠæ¢ãããŠããå Žåã¯ãç¹ã«å€ã¯ãå¿ãããããšãã§ããŸããããããã°ãããéãã«ç ãããšãã§ããå®éã«ç ãããšãã§ããŸãã ããããunningãªãªãŒã¬ãã€ã¶ãŒã¯å šå¡ã1ã€ã®IPã«ãŸãšããŸãããããã«ãŒãšãã®ãµãŒãã¹ãã§ãã«ãŒã®äž¡æ¹ã§ãã æ¶ç«ããããå Žåã¯ãç§ãã¡ã«é§ãå¯ããããããããã§ã¯ãªãããšèšããŸããã ããã«ããµãŒãã¹ã¯ãäžè¬ã«ãå³ã§ã¯å¿ èŠã§ã¯ãªããããµãŒããŒäžã§å ã å©çšå¯èœã§ãã£ããã®ããã¹ãŠãã§ãã¯ããŸããã ã·ã§ãŒããã§ã
ãŸãã察ç«ã®æåã®æ®µéã§ã¯å¥œå¥å¿ã§ããããšãå€æããŸãããSOCã¯ãæäŸãããå³ã«ç€ºãããŠããªãIPã¢ãã¬ã¹ãã誰ããç§ãã¡ãã¹ãã£ã³ããŠããããšãçºèŠããŸããã ãžã£ã³ã¯ã·ã§ã³ãèŠã€ããã®ã§ãçŠæ¢ã«ãããããããã«ãŒãã£ã³ã°ããäžæãªãµãããããåé€ããŠããžã£ã³ã¯ã·ã§ã³ããããã¯ããŸããã ãžã£ã³ã¯ã·ã§ã³ãã€ã³ãã¯ä¿¡é Œãããã»ã°ã¡ã³ãå ã«ãã£ããããããžãã¯ã¯åçŽã§ããå³ã«ã¯ãããŸããããããã¯ãŒã¯ããçµãåºãããã¹ãããã«ãŒã®ããã¯ããŒã¯ãšé°è¬ã«ã€ããŠèããŸãã åœç¶ã®ããšãªãããæåã¯äž»å¬è ãå«ã³å£°ãäžããŠããŸãããããã¹ãŠããªããªã£ãïŒ ç§ãã¡ã®ãã¹ãŠã¯æ©èœããŸããïŒã ãã®åŸã圌ãã¯ç§ãã¡ã®ã»ã°ã¡ã³ããšã®ãžã§ã€ã³ããåæ§ç¯ããªãã£ãããšã«æ°ã¥ããç§ã®è¡åã«åæããŸããã
æ©åšãžã®ã¢ã¯ã»ã¹ ã ãã¡ããããããã¯ãŒã¯ããã€ã¹ãšãµãŒããŒã®äž¡æ¹ãžã®ç®¡çè ã¢ã¯ã»ã¹ãèš±å¯ãããŸããã èšå®ã§ããªããã®ãä¿è·ããããšã¯å°é£ã§ãã ããããããããé£ããã L2ã¢ã¯ã»ã¹ã¬ãã«ã®ã¢ã¯ãã£ããªãããã¯ãŒã¯æ©åšã«ã¯ã¢ã¯ã»ã¹ãèš±å¯ãããŸããã§ããã çç±ã¯ç°¡åã§ãïŒã·ã§ãŒã äž»å¬è ãããã«ãŒã®é¡ã«èœèãšç§ãã¡ã®éå±ã«æ°ä»ãããšãã圌ãã¯èŠåãªãã«å¥ã®è匱ãªãµãŒãã¹ãã©ããã«äžããŸããã ããŠãé²åŸ¡åŽãšã®SOCã¯ãããããã圌ãæãŸãã圌ãç²ç ããïŒããšå§ããŸãã äœåãªã»ãã¥ãªãã£èšå®ã«å¹²æžããããäœåãªèšå®ã確èªãããããªãããã«ãã¹ã€ãããžã®ã¢ã¯ã»ã¹ã¯èš±å¯ããããä¿è·ã®å¯Ÿè±¡ãšããŠãèš±å¯ãããŸããã
äœãå¿ããŠããªãããã§ãã èŠããŠãããè¿œå ããŸãã äžè¬ã«ãå¶éã¯ãããŸããããããã»ã©å³ããã¯ãããŸããã§ããã ãã¡ãããããã©ã«ãã®èš±å¯ã¯ãŸã ç§ã®å¿é ããŠããäžç芳ãè奮ãããŸããããã¯æã äž»å¬è ãšã®äŒè©±ã§äžå¹³ãèšãç¶ããŸãããã·ã§ãŒã¯ã·ã§ãŒã§ãã MMAã§ã¯ãªããã¬ã¹ãªã³ã°ã§ããã
æŠã
察ç«èªäœã®ããã»ã¹-ããã°ã29æéç¶ããæŠé-2016幎5æ17æ¥ã®11:00ãã2016幎5æ18æ¥ã®16:00ãŸã§ã説æãã䟡å€ããããŸãã
以åãé²è¡ããã³éçšå¯Ÿå¿ããŒã ã¯ä»¥äžãå®æœããŸããã
- ãããã¯ãŒã¯ç 究;
- ã€ã³ãã©ã¹ãã©ã¯ãã£ã€ã³ãã³ããªã
- å¿ èŠãªä¿è·å ·ã®èšçœ®ãšäºåèšå®;
- æŒãããããµãŒããŒã®åæ§æãšãããã
- å°ãªããšãèŠãããããã¹ã¯ãŒããå€æŽããŠãã ããã
åœç¶ãéå§çŽåã«æåã«è¡ãããã®ã¯ãããã©ãŒãã³ã¹ãã§ãã¯ãšãªãœãŒã¹ã®ã€ã³ãã³ããªã§ããã ãããŸã§ç¥ãããŠããªãã£ãäžéšã®ãµãŒããŒã¯ããã«çºèŠããããããã®å€ãã¯ã¹ãã£ã³ã®äºå®ã«é¢ããããªãã®ç©Žã§ããããšãå€æããŸããã ç§ãäœåºŠãæžããããã«ãäž»å¬è ã¯ã·ã§ãŒãæãã§ããããã®ãããªããªãã¯ããªããã°ãããã¯ããŸã楜ãããããŸããã
ãããã¯ãŒã¯å³ïŒãã©ã³ããªãã£ã¹ãªãã®ç°¡ç¥åïŒã¯ãããã次ã®ãšããã§ããã

ã€ã³ã¿ãŒãããã¯æ¬äŒŒçã§ãããçŸå®çã§ã¯ãããŸããã§ãã;ããã«ãŒã¯éãããã»ã°ã¡ã³ãããã€ã³ã¿ãŒãããã«äŸµå ¥ããŸããã ã€ã³ã¿ãŒããããçŸå®ã®ãã®ã§ããå Žåã競åä»ç€Ÿã®æ»æã®å Žæãããã«ãŒã®å± å Žæãç解ããããšã¯äžå¯èœã§ããã誰ããDDoSãé©ãããŠéå§ããªããšããä¿èšŒã¯ãããŸããã
ãŸããå¢çãç§å¯ã«ããŠããããšãã€ãŸããå¶åŸ¡ããŒãïŒSSH / TELNET / RDP / SNMPïŒãšããŒã¿ããŒã¹ïŒMySQLãOracleïŒãé€ããã¹ãã£ã³ã§æ€åºãããDMZãµãŒããŒã®ããŒããèš±å¯ããACLãã€ã³ã¿ãŒãããåŽã«æããæ®ããéããããšã«ããŸããããã©ã«ãã§ã¯ãååãæåŠããŸãã 圌ã¯äž»å¬è ã«èŠåããããã«æåŠãããŸãããããã¯äžå¯èœã§ããç䌌ã€ã³ã¿ãŒãããããã®ãã¹ãŠã®ããŒãã«ã¢ã¯ã»ã¹ã§ããã¯ãã§ãã ç§ã®åå¿ãããé©ããããšãåšignããããšãã2ã€ã®åèªã§èª¬æã§ããŸãããããã¯1ã€ã®åèªã§äžç·ã«è¡šçŸãããŸãã

ãªãŒã¬ãã€ã¶ãŒã«æåã®èšèšã«ç©Žããã£ã±ããããšæãããšãã€ã³ãã©ã¹ãã©ã¯ãã£ãé©åã«ä¿è·ããããšãèš±å¯ãããŠããªãããšãå«ããããã€ã³ã¿ãŒãããã«åŒ·å¶ããããšãããããã¹ãŠãããã«ãŒãžã®ãã¬ãŒã³ãã§ããããšãªã©ããã¹ãŠãªãŒã¬ãã€ã¶ãŒã«äŒããã®ã§ãã²ãŒã ã®æ°ããã«ãŒã«ãæ¡çšããäœæ¥ãéå§ããŸããïŒ
- DMZã®æŒæŽ©ãµãŒããŒã«ããããé©çšããŸãã
- ãµããããServers1ããã³Servers2å ã®ãµãŒããŒã«ACLããã³ã°ãããDMZããã³ç®¡çè ïŒãªãŒã¬ãã€ã¶ãŒïŒããã¢ã¯ã»ã¹ã§ããããã«ããŸããã
- æåã«DMZã«å±éãããã»ãã¥ãªãã£ã¹ãã£ããŒãDefense_serversãµããããã«è»¢éããŸãã-ã¹ãã£ããŒãããŠã³ããŒãããã«ã¯äžååã§ããã
- Defense_serversãµããããäžã®ãµãŒããŒãžã®ã¢ã¯ã»ã¹ã¯ã©ãããã§ãæåŠãããŸããã
ååã§è¿°ã¹ãããã«ã JSOCã¯ç§ãã¡ãšååããŠã€ã³ãã©ã¹ãã©ã¯ãã£ãSIEMãšçµ±åããçããã掻åãç£èŠããŸããã 圌ãã«åœŒãã®æ£åœæ§ãäžããããšã¯äŸ¡å€ããããŸãã圌ãã¯åœŒãã®ããŒãã®äžã§ãããã¿ïŒããã»ã¹ãå ¥åããããã¯ãŒã¯æŽ»åïŒã€ã³ãã©ã¹ãã©ã¯ãã£ã奪ã£ãã ãã§ãªãã圌ãã¯è¶ æèŠçãªåå¿ã§ãããç£èŠããŸãã æåã«ããäºãã®IPã¢ãã¬ã¹ãåŠç¿ããåã«ãã¢ã¯ã·ã§ã³ãã1åãçµããªããã¡ã«ãã誰ãuyyã¢ãã¬ã¹ããxxxãµãŒããŒã«ã¢ã¯ã»ã¹ããŸãããïŒããããµãŒããŒã§SSHãå€æŽãããŸãã-ããã¯äœã§ããïŒããªã©ã®è³ªåãèããŸããããŸãã圌ãã¯æ¬¡ã®ããã«çããŸããïŒãããããŸãããç§ã®ãããã¯ç§ã§ããæŒãããããµãŒããŒãæŽæ°ããŸãããã 圌ããåçšã¯ã©ã€ã¢ã³ããç£èŠããŠããå Žåãææããå§ãã§ãã
æã ãäž»å¬è ãæ²ãã¿ãã¹ããŒãžäžã®ã¹ããŒãªãŒã®ãããã¯ãçµäºãããšããããã«ãŒã¯æ²ãããç§ãã¡ã¯éå±ããŠããŸããããã·ã£ã»ã¬ãã³ã¯æã鳎ãããDMZã«ç©Žã®éãããµãŒããŒãçŸããŸããã , , , , , , . -, - , .

, - , , , , : ? : - ? , . .
, , , . : â , . , , , . , , ACL . â , . , . â . , .
, , . , . , , , DMZ . , . , PHP, OpenSSL SSH. , , . , , . , . SOC , , . , , , , - : , .
PHP, , 5.3.<> 5.4.<> 2013-2014 . , . , .
SSH CVE-2015-5600, CPU. . , , . OpenSSL. , , , SSH DMZ. SSH RDP, DMZ , Balabit SCB, , , . , , . , , SSH.
, Balabit , // , 17 18 zorp-ssh CVE-2015-5600.
, , . « ».
, , , , , . â DMZ .
, 18 . , , . , -, , , «» . . JSOC 5 , , IPS ( ) .
, , , SOC. SOC, , . , . . .

16:00 , , , . , .
, , , .
SSH
â , ? .
â , -. , . : « ?». â , . .
â . -, , ?
â â , , .
â Positive Hack Days Balabit ? ?
â . .
â , .
PHDays. , . , , , . «». , . .
5 , PHDays, Unix, SSH.
, :

, 4 5 , ACL firewall default deny . DMZ . SSH.
, DMZ, CVE-2015-5600, CPU. 2 â : « â ». , , , . SSH . , , . , , â . , . â . , , Open Source Unix, , 3 .
Balabit SCB, , , . Balabit , , SSH .
Balabit, . SSH zorp-ssh CVE-2015-5600, , MaxPatrol, . , , SSH DMZ , .
SSH, RDP, Telnet, VNC, ICA (, ).
, , DMZ , firewall.

firewall ACL , CheckPoint, firewall NAT . firewall, «» â Cisco ASAv.
NAT , , , .
SSH Balabit :
1. .
- Balabit.
- NAT many-to-one CheckPoint , , DMZ SSH, , src ip IP CheckPoint, dst ip â IP Balabit, dst port â Balabit.

- TCP- Firewall :

- Balabit , 22 (SSH):

- Balabit DMZ firewall:

ã§ãã SSH- , , .
2. .
- , DMZ.
- Balabit, .
- .
- Balabit IP- .
- NAT one-to-one firewall:

, , SRC IP CheckPoint, , DMZ . «» DMZ «»âŠ
- Firewall :

- Balabit:

- firewall:

Balabit_ip0 â Balabit, , IP alias (Balabit_ip1...4). , , , src ip Balabit_ip1...4, PHDays .
ã§ãã SSH- , , .
***
, DMZ Balabit, firewall :

, , :

, . « » . :
- 1 â DMZ Balabit, firewall.
- 2 â (), Balabit DMZ.
, â Balabit . , , , 5-10 , , âŠ
, L3 , . , , - . MPLS L3VPN vrf lite ( ) Balabit firewall.
âŠ
: PHDays?
: â1 â .
çµè«
, , . , , , . : default permit firewall DMZ. , checklist, .
, SANS Top 20 Critical Security Controls, . , . (DEF) SOC, , .
-, , SOC , , . - â , «»
ãã | Control name | DEF | SOC |
---|---|---|---|
1 | Inventory
of Authorized and Unauthorized Devices | + | + |
2 | Inventory,of Authorized and Unauthorized Software | + | + |
3 | Secure
Configurations for Hardware and Software on Mobile Device Laptops, Workstations, and Servers | + | + |
4 | Continuous
Vulnerability Assessment and Remediation | + | + |
5 | Controlled
Use of Administrative Privileges | + | + |
6 | Maintenance,
Monitoring, and Analysis of Audit Logs | + | |
7 | ã¡ãŒã«
and Web Browser Protections | + | |
8 | Malware
Defenses | + | + |
9 | Limitation
and Control of Network Ports, Protocols, and Services | + | |
10 | Data
Recovery Capability | ||
11 | Secure
Configurations for Network Devices such as Firewall Routers, and Switches | + | |
12 | Boundary
Defense | + | |
13 | Data
Protection | + | + |
14 | Controlled
Access Based on the Need to Know | + | + |
15 | Wireless
Access Control | ||
16 | Account
Monitoring and Control | + | |
17 | ã»ãã¥ãªãã£
Skills Assessment and Appropriate Training to Fill Gaps | + | + |
18 | Application
Software Security | + | |
19 | Incident
Response and Management | + | |
20 | Penetration
Tests and Red Team Exercises | + | + |
ãã¡ãããçµè«ã«å ããŠãç§ãã¡ãç¯ããééããšãå°æ¥ã®ã察ç«ãã«ããããããªãé²è¡æŠç¥ãç¹å®ãã䟡å€ããããŸãã ãã®åœ¢åŒã®ã³ã³ããã£ã·ã§ã³ã¯ä»ãããªã人æ°ããããšæããŸãã
ããã«ãŒãšã®å¯Ÿç«ã§ç§ãã¡ãç¯ããééãïŒ
1ã
2ã
3ã
ãã®ãããªãšã©ãŒãåé¿ããããã«ãå°æ¥ã®ã¢ã¯ã·ã§ã³ã®ãªã¹ãã衚瀺ãããŸãã
1ã
2ã
3ã
äžèšã®æ®µèœãèªãã§ããŠãããã¹ãã®è¡šç€ºã«åé¡ãããããäœãããã¯ãã ãšæãå Žåã¯ãPCã®ãã©ãŠã¶ãŒã®æè¡çãªãã©ã¡ãŒã¿ãŒããæ å ±ã®çŽ æŽãªèªèã®ä¿æ°ã»ã©ã§ã¯ãªããã§ãã¯ããŠãã ããã
åæããŸãã察æŠçžæãå«ãã€ã³ã¿ãŒãããå šäœã«ãå°æ¥ã®æŠéã§ã®ãã¹ãŠã®è¡åèšç»ãé瀺ããã®ã¯æããªããšã§ã:)ã
PS PHDaysã察ç«ãã³ã³ããã£ã·ã§ã³ã«åå ããçµæã«åºã¥ããŠæœåšæèã®æµãå šäœãéçŽããå€ããå°ãªããå ¬çšèªã«ç¿»èš³ããSystem Administratorèªã®1ã€ã®èšäºã§ã»ãã³ãã£ãã¯ã³ã³ãã³ãã«ã€ããŠèª¬æããŸããã èšäºã®æ¬æã¯ã6æå·ã®ããã«ãããŸã ã
æçš¿è ïŒ ã¢ã³ãã¬ã€ã»ãã®ã³