-ããã«ã¡ã¯ïŒ Cisco ASAãã¡ã€ã¢ãŠã©ãŒã«ã®ä»æ§ãåãåãããã äŒç€Ÿ<namerek>ã®ä»æ§ããã§ã«æã£ãŠããã®ã§ãããããæ¯èŒããŠé©åãªãã®ãéžæããŸãã ããã§ç§ãå©ããŠããããŸããïŒ
ãã¯ãããã¡ãããã ãªãCisco ASAãå¿ èŠãªã®ã§ããïŒ
-Torããããã¯ããå¿ èŠããããŸãã
-ããã«ã¯Cisco ASAãå¿ èŠã§ããïŒ
-ãŸããã©ããã£ãŠïŒ ããã§ãäŒç€Ÿ<namerek>ã¯ããã¡ã€ã¢ãŠã©ãŒã«ãTorããããã¯ããŠãããšèšã£ãŠããŸãã ãããã£ãŠã圌ãã®ç»é¢ã®ã³ã¹ããããªãã®ãã®ãšæ¯èŒãããã
-ããã§ã¯ãTorããããã¯ããå¿ èŠããããããã«å¿ èŠãªãœãªã¥ãŒã·ã§ã³ãæ¢ããŠããŸããïŒ
-ã¯ããã¯ãïŒã€ã©ã€ã©ïŒã ããã§ãããªãã¯ç§ãä»æ§ã«ããããšãã§ããŸããïŒ ã©ã®ãœãŒã¹ããŒã¿ãå¿ èŠã§ããïŒ
-ãã®ç¹å®ã®åé¡ã解決ããããã«ãä»ã®äººãããªãã«çŽé¢ããŠããªãå ŽåãCisco ASAã䜿çšããå¿ èŠã¯ãããŸããã Cisco Web Security ApplainceãCisco Umbrella Security Internet GatewayãCisco Cloud Web SecurityãCisco Meraki MXãCisco FirepowerãCisco AMP for Endpointsãªã©ãããŸããŸãªãœãªã¥ãŒã·ã§ã³ã䜿çšããŠTorãšã®äœæ¥ããããã¯ã§ããŸã...çµå±ãã¹ã¯ãªããã§ã¢ãã¬ã¹ãããŒãã§ããŸãTorã¯Cisco ISRã§ãã¹ãããACLã䜿çšããŠãããããããã¯ããŸãã åŸè ã®å Žåãäœã䜿ãå¿ èŠã¯ãããŸããã
-ã¯ãïŒ ãã㌠ç§ã¯ãã®åŸèããå¿ èŠããããŸã...
-äžç·ã«è§£æ±ºããå¿ èŠã®ããã¿ã¹ã¯ã®ãªã¹ããšå¯ŸåŠããå¿ èŠã®ããè åšããŸãšããŠãæé©ãªè£œåãéžæããŸããïŒ
-ããŠããã£ãŠã¿ãŸãããã ææ¥ã®æ10æã«æ¥ãããŸããïŒ
-ãã¡ããã
æ¬è³ªçã«éåžžã«ãã䌌ãåŒã³åºããåãåããåé¡ã解決ããã®ã§ã¯ãªããæãããç¥ãããŠãã補åã®å©ããåããŠçŸåšã®åé¡ã解決ãããšãã確ç«ãããå®è·µãåæ ããŠããŸãã éè·¯ã建èšãããããªãã®ã§ãã æåã«ããããæ£ããæ§ç¯ããããšãã§ããŸãïŒåæã³ã¹ããããé«ããªãå Žåã§ãïŒããŸãã¯æå·ããã¢ã¹ãã¡ã«ããæ¯å¹Žã·ãããããã圢æããããããã«ãããã眮ãããšãã§ããŸãïŒæçµçã«ã¯ããé«äŸ¡ã§ãïŒã ããæç¹ã§ããã®ãããªãç©Žããå€ãããŠåŽ©å£ãèµ·ãããŸãããã¹ãŠãããçŽãå¿ èŠãããããã®ããããã¯ãŒã¯ãã®ç©èªãå§ãã人ã¯ãã®å°äœã倱ããŸãïŒãŸãã¯ãåé¡ãäºæ³ããŠåœŒèªèº«ããã¹ããèŸãããããããŸããïŒã äŒæ¥ã®æ å ±ã»ãã¥ãªãã£ã·ã¹ãã ã®æ§ç¯ã«äŒŽãã ç§ãã¡ã補åã«ããŽãªãŒã§èããããšã«æ £ããŠããŸãã ããã§ã¯ãCisco ASAãè³Œå ¥ããŸãïŒãããããã·ã¹ã³ã®ä»ã®ãã¡ã€ã¢ãŠã©ãŒã«ãç¥ããªãããïŒãããã§ã¯ãCisco Webã»ãã¥ãªãã£ã¢ãã©ã€ã¢ã³ã¹ãã€ã³ã¹ããŒã«ããŸãïŒãã ããCisco Umbrellaã¯ãã€ãã¹ã§ããŸãïŒããŠã€ã«ã¹å¯Ÿç<namerek>ãå¿ èŠã§ãïŒãã ãããã¡ã€ã«ããªãŒæ»æãçºçããŸãããïŒ ïŒãããã«èªå®ãããæå·ã²ãŒããŠã§ã€ãé 眮ããŸãïŒãã ããã«ãŒã¿ãŒãŸãã¯ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã«çµã¿èŸŒãŸããVPNæ©èœã䜿çšããŠååŸã§ããŸãïŒ...ããã¯ãç¹å®ã®åé¡ã解決ãã1ã€ã®è£œåãåžå Žã«åºãããã¬ã€ã€ãŒãããæããå§ãŸããŸããã ãã®ãããæŠå¿µã®ä»£æ¿ããããŸãã-ãåé¡è§£æ±ºãã¯ã補åãã«çœ®ãæããããŸããã ããããæéãçµã€ãšãã¡ãŒã«ãŒã®ããŒããã©ãªãªãæ¡å€§ãã補åã®æ©èœæ§ãæ¡å€§ããŸããããã補åã欲ããããšããã¢ãããŒãã¯æ®ããŸããã
ããããªãµã€ããŒã»ãã¥ãªãã£ãã³ããŒãããããŸããã 圌ããšã®è¯ãä»äºã¯äœã§ããïŒ éåžžã«ç¹å®ã®åé¡ã解決ãã補åã®å°ããªã»ããã ããšãã°ã顧客ã«ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãå¿ èŠã§ããããããã¡ã€ã¢ãŠã©ãŒã«ã§ãã ççŸãäžäžèŽã¯ãããŸãã-ãã¹ãŠãéåžžã«æ確ã§ãã è«äºãèµ·ããæ倧ã®çç±ã¯ãæ¯ç§250ã¡ã¬ããããŸãã¯600ã¡ã¬ãããã§å¿ èŠãªã¢ãã«ã§ãã ããšãã°ã顧客ã¯èªåã®ãããã¯ãŒã¯ã§Skypeããããã¯ããå¿ èŠããããŸã-åã³ã察å¿ããæ©èœãåãããã¡ã€ã¢ãŠã©ãŒã«ããããŸãïŒãã¡ãããITUã«ååšããå ŽåïŒã 誰ãã幞ãã§ãã äžæ¬ã§ã³ããŒã·ã£ã«ãªãã¡ãŒã«ã¹ã¿ã³ããæŒããã³ããŒïŒè£œåã¯1ã€ã ãã§ã-éããããŸããïŒã 顧客ã¯ãèŠæ±ã«å¿ããŠãç¹å®ã®äŸ¡æ Œã§æ¢è£œã®ãªãã¡ãŒãåãåããŸãã ããŸããŸãªæ±ºå®ã®èœåãå¿ èŠãšããªãããŒãããŒã
ã·ã¹ã³ã§ã¯ãç¶æ³ã¯å°ãç°ãªããŸãã ãŸããåã7ã€ã®ãã¡ã€ã¢ãŠã©ãŒã«ããããŸãã
- Cisco ASA 5500-X
- ã·ã¹ã³ã®ç«å
- Cisco ASAv
- Cisco Virtual Security Gateway
- Cisco IOSãã¡ã€ã¢ãŠã©ãŒã«
- Cisco Meraki MX
- Catalystçšã®Cisco ASA SMã
ããã¯ã10幎åã«å»æ¢ããããã®ã®ãäžéšã®ã客æ§ã§ããCisco Pixãããã³ããŸããŸãªãé©çšããããITUïŒããšãã°ã Cisco Umbrella DNSãã£ã«ã¿ãŒã Cisco Webã»ãã¥ãªãã£ã¢ãã©ã€ã¢ã³ã¹ HTTPãã£ã«ã¿ãŒãªã©ïŒ ããããçšåºŠã®åºããã¯ãããŸãããç¹å®ã®ã¿ã¹ã¯çšã®ãã¡ã€ã¢ãŠã©ãŒã«ã®èªãã®ã¿ã€ãã«ãéã¶ããšãã§ããŸãã
ãããã£ãŠããéåžžã®ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããããšããéåžžã®ãªã¯ãšã¹ãã«å¯ŸããŠããåã«çããããšã¯ã§ããŸããã ãããŠãããã¯æ£ãããããŸããã ä¿è·æ段ããã®ååãçš®é¡ã§ã¯ãªãéžæããããšã¯éåžžã«éèŠã§ãïŒããšãã°ãå€ãã®ã¡ãŒã«ãŒã¯NGFWãæã£ãŠããŸãããNGFWãšã¯äœãã誰ããç°ãªãã¢ã€ãã¢ãæã£ãŠããããšãç解ããŠããŸãïŒãŸãã¯è£œåã®ã¢ã€ãã¢ãã解決ãããŠããåé¡ãšå©çšå¯èœãªç¹æ§ãšæ©èœã®è©³çŽ°ãªç 究ããããŒããã©ãªãªã®ã¡ãŒã«ãŒã§ã ã·ã¹ã³ã®å Žåãåœç€Ÿã®è£œåã¯å€ãã®åé暪æçãŸãã¯æ¬è³ªçã«åæ§ã®æè¡ã䜿çšããŠãããããã¡ãŒã«ãŒã®ä»£è¡šè ãŸãã¯èªå®ããŒãããŒãšã®æ£ããéžæã«ã€ããŠè©±ãåãããšããå§ãããŸãã ããã«ãç§ãã¡ã¯åžžã«çžè«ã«å¿ããŠãããã客æ§ãšããŒãããŒãæ¯æŽããæºåãã§ããŠããŸãã
ãããã£ãŠãäžèšã®ãããªåŒã³åºããè¡ãå Žåããéå±ããå§ãã顧客ã解決ããããã«ãã¡ã€ã¢ãŠã©ãŒã«ãå¿ èŠãªã¿ã¹ã¯ãæå®ããŸãã ãããã¯ãŒã¯ã¬ãã«ã§ã¢ã¯ã»ã¹ãåºå¥ããããã«ãã¡ã€ã¢ãŠã©ãŒã«ãå¿ èŠã§ããïŒ ä»®æ³åç°å¢ãä¿è·ããã«ã¯ïŒ ã¢ããªã±ãŒã·ã§ã³ãå¶åŸ¡ããã«ã¯ïŒ ãŠãŒã¶ãŒã¢ã«ãŠã³ããžã®ãã€ã³ãã«ãŒã«ã®æç¡ ãã©ã³ã¯ãã£ãã«ãŸãã¯ãªã¢ãŒããµã€ãã«ã€ã³ã¹ããŒã«ããå Žå ãããŠãã¹ãŠã¯ããµã€ããŒã»ãã¥ãªãã£ã«é¢ããããŒããã©ãªãªãååã«åºããããã¡ã€ã¢ãŠã©ãŒã«ãè³Œå ¥ããã°å¹žãã«ãªãããšããåçŽãªçããåºãããšãã§ããªãããã§ãã ç§ãã¡ã¯ã解決ãããã¿ã¹ã¯ã䜿çšããã補åã決å®ãããšããååã«ãã£ãŠå°ããããã®éã¯æãç«ã¡ãŸããã ä»ã®ã¡ãŒã«ãŒããã¡ã€ã¢ãŠã©ãŒã«ãŸãã¯æ»ææ€åºã·ã¹ãã ã1ã€ããæã£ãŠããªãããã顧客ããå éšãå«ããŠãã¹ãŠã®ãã©ãã£ãã¯ãå¢çITUçµç±ã§é転ããã®ã¯æ£åžžããŸãã¯ãåãã©ã³ã¯ãŸãã¯SPANããŒãã«å¢çIDãèšå®ããŠãããªãã®åé¡ã解決ããŸããããããŠãç§ãã¡ã¯ãã®ããã«åããŸããã æåã«ã解決ããåé¡ããã³ïŒãŸãã¯ïŒè åšã¢ãã«ã決å®ãã次ã«ãããã«å¯ŸããŠé©åãªãœãªã¥ãŒã·ã§ã³ãéžæããŸããããã¯ã顧客ãåœåæå³ãããã®ãšã¯ç°ãªãå ŽåããããŸãã
ãããããã¡ã€ã¢ãŠã©ãŒã«ã ããè¶ ããŠè¡ããã§ã¯ãããŸãããïŒ çµå±ãç§ãã¡ã¯ããåºãç¯å²ã®ãµã€ããŒã»ãã¥ãªãã£ãœãªã¥ãŒã·ã§ã³ãæã«å ¥ããŠããããã¡ã€ã¢ãŠã©ãŒã«ã®å©ããåããªããã°è§£æ±ºã§ããªãããŸã解決ãã¹ããã®ã¯ãŸã£ãããããŸããã ããšãã°ãWebãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããã¿ã¹ã¯ãèããŠã¿ãŸãããã ã·ã¹ã³ã®å ŽåãããŸããŸãªæ¹æ³ã§è§£æ±ºã§ããŸãã å°ãªããšã4ã€ã®è£œåã䜿çšããŠãã€ã³ã¿ãŒããããªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ã§ããŸãã
- ããŒããŠã§ã¢ãŸãã¯ä»®æ³Cisco Webã»ãã¥ãªãã£ã¢ãã©ã€ã¢ã³ã¹ïŒWSAïŒ
- æã£ãCiscoã¯ã©ãŠãWebã»ãã¥ãªã㣠ïŒCWSïŒ
- ã¯ã©ãŠãããŒã¹ã®Cisco UmbrellaïŒä»¥åã®OpenDNS UmbrellaïŒãŸãã¯Secure Internet GatewayïŒSIGïŒ
- URLãã£ã«ã¿ãªã³ã°ãåããCisco FirepowerããŒããŠã§ã¢ãŸãã¯ä»®æ³ãã¡ã€ã¢ãŠã©ãŒã«ïŒãŸãã¯Cisco ASAãšCisco Meraki MXïŒã
ãããã®åãœãªã¥ãŒã·ã§ã³ã«ãããç¹å®ã®ãµã€ããžã®ã¢ã¯ã»ã¹è©Šè¡ãèšé²ããå¿ èŠã«å¿ããŠãããããããã¯ã§ããŸãã ãããã圌ãã¯ãããç°ãªã£ãŠè¡ããŸãã ããšãã°ãCisco Umbrellaã¯ãäŒæ¥ãããã¯ãŒã¯ãŸãã¯ã¢ãã€ã«ããã€ã¹ããã®ãã¹ãŠã®DNSã¯ãšãªãç£èŠããŸãã ãŸããCWSïŒãŸãã¯Cisco Securu Internet Gatewayã®æ°ããçãŸãå€ããïŒã¯ããã¹ãŠã®HTTP / HTTPSèŠæ±ãæãè¿ãã¯ã©ãŠãã«æž¡ããŸããããã¯ç¹ã«ã¢ãã€ã«åŸæ¥å¡ã«åœ¹ç«ã¡ãŸãã WSAãšFirepowerã¯ãCWSïŒåé¡ãããURLã®ããŒã¹ïŒãšåæ§ã®ãã¯ãããžãŒã§åäœããŸãããä¿è·ããããããã¯ãŒã¯ã®å¢çã«ã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã ãã ãã4ã€ã®ååä»ã補åã®éãã¯ããã«éå®ãããŸããã åãFirepowerã¯ãURLãã£ã«ã¿ãªã³ã°ã«å ããŠã蚪åããããŒãžããããŠã³ããŒããããæªæã®ãããã¡ã€ã«ãæ€åºã§ããŸããWSAã¯ãWebããŒãžããã®å Žã§åæããã³è§£æããæ©èœïŒURLããŒã¿ããŒã¹ã«ãªãå ŽåïŒãããã³éä¿¡ããåã«ããŒãžãã¹ãã£ã³ããæ©èœãè¿œå ããŸããŠãŒã¶ãŒãžã®ã¢ã¯ã»ã¹ãšæªæã®ããã³ã³ãã³ããåºåã®æé€ã ãŸããWebãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããã¿ã¹ã¯ããäŒæ¥ãããã¯ãŒã¯å€ã«ããåŸæ¥å¡ã®å人çšããã€ã¹ããã¯ã©ãŠããµãŒãã¹ïŒAmazonãGoogle.DocãAzureãªã©ïŒãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããã¿ã¹ã¯ã«å€æããããšãå¥ã®ãœãªã¥ãŒã·ã§ã³ãç»å ŽããŸãCisco- CloudLock ãCloud Access Security BrokerïŒCASBïŒã¯ã©ã¹ã®ã¡ã³ã㌠ã ã€ãŸããCisco Webã¢ã¯ã»ã¹å¶åŸ¡ãœãªã¥ãŒã·ã§ã³ã¯ããã®äž»ãªæ©èœã«å ããŠãããããäºãã«åºå¥ããé«åºŠãªæ©èœãåããŠããŸãã ãããŠãéžæã«åœ±é¿ãäžããã®ã¯ããŸãã«ãœãªã¥ãŒã·ã§ã³æ©èœã®å šç¯å²ãšé¡§å®¢ãçŽé¢ããã¿ã¹ã¯ã§ãã
å¥ã®äŸãèŠãŠã¿ãŸããã-C2ã³ãã³ããµãŒããŒã«æ¥ç¶ããŠãæ°ããæ©èœã®ããŒããã³ãã³ãã®åä¿¡ãããŒã¿ãªãŒã¯ã®æŽçãè©Šã¿ãã©ã³ãµã ãŠã§ã¢ããã°ã©ã ãšã®æŠãã ã·ã¹ã³ã§ã¯ãããŸããŸãªãœãªã¥ãŒã·ã§ã³ã«ãã®ãããªä¿è·æ©èœããããŸãã
- Cisco Stealthwatchãããã¯ãŒã¯ç°åžžç£èŠã·ã¹ãã ãNetFlowãã¬ã¡ããªãåæããïŒå®å šã§ãªãWi-FiãŸãã¯3G / 4Gã¢ãã ãä»ããŠïŒå¢çãå·¡åããã³ãã³ããµãŒããŒãšã®éä¿¡è©Šè¡ãæ€åºã§ããŸãã
- ããç¥ãããŠããC2ãµãŒããŒãžã®æ¥ç¶è©Šè¡ãèå¥ããããã«ã65,000以äžã®ãã¹ãŠã®TCPããŒãã§ãããã¯ãŒã¯ããã®çºä¿¡ãšWSAéä¿¡ã®ééãç£èŠãããåè¿°ã®Cisco WSAãœãªã¥ãŒã·ã§ã³ã
- ãŸããæ¢ã«è¿°ã¹ãFirepowerïŒãŸãã¯ASAããŸãã¯Meraki MXïŒã¯ãã¹ãŠã®ãããã¯ãŒã¯æ¥ç¶ãå¶åŸ¡ããçµã¿èŸŒã¿ã®NGIPSäŸµå ¥é²æ¢ãã¯ãããžãŒãšå®æçã«æŽæ°ãããC2ãµãŒããŒã®ãªã¹ãã®ãããã§ãããããžã®æ¥ç¶ããããã¯ã§ããŸãã
- ãã¹ãŠã®DNSãã©ãã£ãã¯ãééãããCisco Umbrellaã¯ã©ãŠããµãŒãã¹ã¯ãã»ãã¥ãªãã£æ©èœãåããŠããªãã¢ãã€ã«ããã€ã¹ãŸãã¯ãªã¢ãŒããµã€ãããã®äŒæ¥ãããã¯ãŒã¯å å€ã®æªæã®ããããŒããšã®æ¥ç¶ãèå¥ããŸãã
- ãããã¯ãŒã¯ããã³ãšã³ããã€ã³ãã®ãã«ãŠã§ã¢å¯Ÿçã·ã¹ãã åãã®Cisco Advanced Malware Protection ïŒAMPïŒã¯ããã¡ã€ã«ã®ç°åžžãªåäœãšãèŠç¥ãã¬äººãžã®æ¥ç¶è©Šè¡ãå¶åŸ¡ããŸãã ããã³æªæã®ããããŒãã
- Cisco Cognitive Threat Analyticsãœãªã¥ãŒã·ã§ã³ã䜿çšãããšããããã·ãŸãã¯ãã¡ã€ã¢ãŠã©ãŒã«ããã®Webãã°ã§ãã«ãŠã§ã¢ã远跡ã§ããŸãã
- æåŸã«ã Cisco Email Security Applianceã¯ãã©ã³ãµã ãŠã§ã¢ãã¡ãŒã«ããã¯ã¹ãä»ããŠãŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ãŒã«äŸµå ¥ããããšãèš±å¯ããŸããïŒããã¯ã WannaCryã®æŽå²ã«ãããããããäŸç¶ãšããŠãŠãŒã¶ãŒã®äž»èŠãªææçµè·¯ã®1ã€ã§ãïŒã
ã©ã³ãµã ãŠã§ã¢ã«ããææããããã¯ãããã«ãŠã§ã¢ç®¡çãµãŒããŒãšå¯Ÿè©±ããããã«ãäžèšã®7ã€ã®ãœãªã¥ãŒã·ã§ã³ã®ã©ããéžæããå¿ èŠããããŸããïŒ ç¹°ãè¿ããŸãããããã¯ãã¹ãŠãæ å ±ã»ãã¥ãªãã£ã®èŠ³ç¹ããä»ã®ã©ã®ã¿ã¹ã¯ã解決ããããã«ãã£ãŠç°ãªããŸãã ã©ã³ãµã ãŠã§ã¢ãšã®éãã ããå¿ èŠãªã®ã§ããããããããšãå¢çãããªãŒã«ã€ã³ã¯ã³ãã§ä¿è·ãããœãªã¥ãŒã·ã§ã³ãå¿ èŠãªã®ã§ããããïŒããã§ã¯Firepowerã®æ¹ãåªããŠããŸãïŒã ãããšããã¢ãã€ã«ããã€ã¹ã®ä¿è·ãå¿ èŠãªã®ã§ããããïŒ ãã®å ŽåãCisco Umbrellaãæé©ã§ãã æåŸã«ããã¹ãŠã®ãã©ãã£ãã¯ãå¢çã®ã¿ãééããããšã確信ã§ããªãå ŽåãCisco Stealthwatchãªãã§ã¯å®è¡ã§ããŸããã ãããŠãããããããã§ã®1ã€ã®ãœãªã¥ãŒã·ã§ã³ã§ã¯äžååã§ãããããã€ãã®ãã¯ãããžãŒã®è€åäœãå¿ èŠã«ãªããŸãã
å°ãåã®äŸãåãäžããŸãããã 顧客ã¯ãã€ã³ã¿ãŒããããžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããããã«Cisco Webã»ãã¥ãªãã£ã¢ãã©ã€ã¢ã³ã¹ãè³Œå ¥ããäžèšãéåžžã«ããå®èšŒããããã€ãã®ã³ã¡ã³ããè¡ããŸããã 顧客ã¯åé¡ã®è§£æ±ºçã§ã¯ãªã補åãéžæããŸããã ããããªãŒãã£ã³ã°ãã®éçšã§ã顧客ã¯Skypeã®ãããã¯æ©èœãå¿ èŠãšããŠãããCisco WSAã¯ãããããŸãå©çšããŠããªãããšãå€æããŸããã 顧客ãæºè¶³ããŠããªãçç±ãç解ããŠã¿ãŸããããïŒ
ãããããç¶æ³ã®åæã®æç¹ã§ãSkypeã¯ãã¢ããŒãã¢ã®ååã«åºã¥ããŠæ§ç¯ãããŠããããã®äœæ¥ã«äžå€®ãµãŒããŒã䜿çšããŠããŸããã§ããïŒãã ããMicrosoftã¯ãã®æ¹åã«é²ãã§ããŸãïŒã ãããã£ãŠãéåžžã®Webãµã€ãïŒWSAã¯å®å šã«ã¢ã¯ã»ã¹ããŸãïŒã«ã¢ã¯ã»ã¹ãããšãã«ãSkypeããããã¯ããããšã¯ãSkypeã®ããŸããŸãªéä¿¡æ¹æ³ãç解ããå·§ã¿ã«å¿ èŠã§ãã
- ã©ã³ãã ã«éžæãããããŒãçªå·ã§ä»ã®ãµãã¹ã¯ã©ã€ããŒãšUDPæ¥ç¶ã䜿çšãã
- ã©ã³ãã ã«éžæãããããŒãçªå·ã§ã®ä»ã®ãµãã¹ã¯ã©ã€ããŒãšã®TCPæ¥ç¶ã®äœ¿çš
- ããŒã80/443ã§ã®ä»ã®ãµãã¹ã¯ã©ã€ããšã®TCPæ¥ç¶ã®äœ¿çš
- ããŒã443ã§HTTP CONNECTã¡ãœããã䜿çšããŠãWebãããã·ãä»ããŠãã±ããããã³ããªã³ã°ããŸãã
ãããã£ãŠã1ã3ã®å Žåãéåžžããã©ãã£ãã¯ã¯Cisco WSAãééããããã®çµæããã©ãã£ãã¯ããããã¯ã§ããŸããã ããã¯WSAã®æ¬ é¥ã§ã¯ãªããäŒæ¥ãããã¯ãŒã¯äžã®ã€ã³ã¹ããŒã«å Žæã®ç¹æ®æ§ã§ãã 4çªç®ã®ã·ããªãªã§ã¯ãSkypeãHTTP CONNECTå ã§ã¯ã©ã€ã¢ã³ãã«é¢ãã詳现ãéä¿¡ããªããšããäºå®ã«é¢é£ããåé¡ããããŸãïŒHTTP User-Agentè¡ã¯ãããŸããïŒã ãããã£ãŠãHTTP CONNECTã¡ãœããã䜿çšããŠSkypeãå¥ã®ãããã³ã«ãšåºå¥ããããšã¯å°é£ã§ãã ãã®ãããªæ¥ç¶ããããã¯ããããšããããšãã§ããŸããããã¹ãŠã®SkypeãŠãŒã¶ãŒãããã³å Žåã«ãã£ãŠã¯åæ§ã®éä¿¡æ¹æ³ã䜿çšããä»ã®ãããã³ã«ãé åžå¯Ÿè±¡ã«ãªããŸãã
ããã§ã¯ã©ãããŸããïŒ é¡§å®¢ãçŽé¢ããŠããåé¡ãã©ã®ããã«è§£æ±ºããŸããïŒ äžã§æžããããã«ãã説æã®äžã«ããããã«èŠããã補åãããã解決ããã®ã§ã¯ãªããã¿ã¹ã¯ã®äžã«æ§ç¯ããå¿ èŠããããŸãã Skypeã§äœ¿çšãããäžèšã®éä¿¡æ¹æ³ã«åºã¥ããŠãã¿ã¹ã¯ã解決ããããã®3ã€ã®åè£ããããŸãã
- ã·ã¹ã³ã¹ãã«ã¹ãŠã©ãã
- ã·ã¹ã³ã®ç«å
- NBAR2æ©èœãåããCisco ISRã
NBAR2ïŒãããã¯ãŒã¯ããŒã¹ã®ã¢ããªã±ãŒã·ã§ã³èªèïŒã¯ãIOSãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ãæèŒããCiscoã«ãŒã¿ãŒã®æ©èœã§ãããã«ãŒã¿ãŒãééããã¢ããªã±ãŒã·ã§ã³ãèªèã§ããŸãã ãã®å©ããåããŠãæ¥ç¶çšã®åçããŒããåãããã¢ããŒãã¢ãã¯ãããžãŒã䜿çšãããã©ãã£ãã¯ãå«ããããŸããŸãªã¿ã€ãã®ãã©ãã£ãã¯ãç°¡åã«èå¥ã§ããŸãïŒSkypeãé©çšãããŸãïŒã éåžžã®ã«ãŒã¿ãŒã§Skypeããããã¯ããã«ã¯ã次ã®ã³ãã³ããå ¥åããã ãã§ååã§ãïŒãGigabitEthernet 0/2ãã®ä»£ããã«ãã©ãã£ãã¯å¶åŸ¡çšã®æ£ããã€ã³ã¿ãŒãã§ã€ã¹ãæå®ããŸãïŒã
(config)#class-map match-any blockskype
(config-cmap)#match protocol skype
(config)#policy-map blockskype
(config-pmap)#class blockskype
(config-pmap-c)#drop
(config)#interface GigabitEthernet 0/2
(config-if)#service-policy input blockskype
(config-if)#service-policy output blockskype
æå¹ã«ããããªã·ãŒã®æ£ããåäœã確èªããã«ã¯ãshow policy-mapïŒãŸãã¯show class-mapïŒã³ãã³ãã䜿çšããŸãã
1#show policy-map interface g0/2 input
GigabitEthernet0/2
Service-policy input: blockskype
Class-map: blockskype (match-any)
994 packets, 327502 bytes
30 second offered rate 43000 bps, drop rate 43000 bps
Match: protocol skype
994 packets, 327502 bytes
30 second rate 43000 bps
drop
Class-map: class-default (match-any)
195253 packets, 51828774 bytes
30 second offered rate 7282000 bps, drop rate 0 bps
Match: any
ãã ãããã®æ¹æ³ã«ã¯1ã€ãããããŸããããé倧ãªæ¬ ç¹ããããŸãããã¹ãŠã®Skypeãã©ãã£ãã¯ãç¡å·®å¥ã«ãããã¯ããŸãã å®éã«ã¯ãããæè»ã«ããå¿ èŠããããããããŸããã ããšãã°ããããã¯ãŒã¯äžã®ç¹å®ã®ãŠãŒã¶ãŒã®ã¿ã«Skypeã®äœ¿çšãèš±å¯ããä»ã®ãã¹ãŠã®ãŠãŒã¶ãŒãçŠæ¢ãããšããŸãã ãŸãã¯ãSkypeèªäœå ã®ç¹å®ã®æ©èœïŒãã£ãããé³å£°ããããªããã¡ã€ã«è»¢éïŒãçŠæ¢ãããããã®ããªã·ãŒãç¹å®ã®ãŠãŒã¶ãŒã¢ã«ãŠã³ãã«ãªã³ã¯ããå¿ èŠããããŸãã Cisco WSAãCisco NBAR2ããã®å®åŒåã®åé¡ã解決ã§ããŸãã-Cisco Firepowerãã¯ãããžãŒã®ã¿ïŒCisco ASA ITUã®ã¢ããªã³ãšããŠãç¬ç«ããããŒããŠã§ã¢ãŸãã¯ä»®æ³ããã€ã¹ãšããŠããŸãã¯Cisco ISRã«ãŒã¿ãŒã®ã¢ããªã³ãšããŠïŒã ãã®ãœãªã¥ãŒã·ã§ã³ã«ãããæéããŠãŒã¶ãŒãSkypeã§ã®æäœãæ¹åãªã©ãããŸããŸãªå±æ§ã§Skypeããã£ã«ã¿ãªã³ã°ããã¿ã¹ã¯ã«å¯ŸããŠæãæè»ãªãœãªã¥ãŒã·ã§ã³ãå¯èœã«ãªããŸãã ãã ããããã«é²ãã å ŽåãSkypeã¢ããªã±ãŒã·ã§ã³ããŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ãŒã§å®è¡ãããã®ãé²ãããšãã§ããã°ã«ãŒãããªã·ãŒãšç¬ç«ããæ å ±ä¿è·ããŒã«ïŒããšãã°ãCisco AMP for EndpointsïŒã®äž¡æ¹ã§ãããè¡ãããšãã§ããŸãã
æåŸã®äŸãåãäžããŸããããã¯ãå€ãã®å Žåã顧客ãšã®äŒè©±ã§ãããã¢ãããããã®ã¡ã¢ã®å§ãŸãã§ãã ã客æ§ã¯ããTorããããã¯ãããã ITUã¯ãããè¡ãæ¹æ³ãç¥ã£ãŠããŸããïŒã ããã§ã¯ãITUã®å©ãã ãã§ãªãTorããããã¯ã§ããŸãããããã¯æãæçœãªãªãã·ã§ã³ã§ãã ITUã«Torãããã¯ãŒã¯ã®åºåããŒããŸãã¯ãã£ã¬ã¯ããªãµãŒããŒã®ã¢ãã¬ã¹ã®å®æçã«æŽæ°ããããªã¹ããæäŸããã°ãåé¡ã¯è§£æ±ºãããšæšæž¬ã§ããŸãã ããã... ...ãããå¯äžã®ãªãã·ã§ã³ã§ããïŒ ãã¡ããéããŸãã Cisco ISRã䜿çšããŠTorããããã¯ããäžèŽããã¢ãã¬ã¹ã®ãªã¹ããæäŸããŠãããACLã«å€æã§ããŸãã éåžžã®ã¹ã¯ãªããhttps://github.com/RealEnder/cisco-tor-blockã䜿çšããŠããã®ã¿ã¹ã¯ãèªååã§ããŸã ã ãŸããããšãã°ãCisco Stealthwatchã¯ãåºåã ãã§ãªããTorãããã¯ãŒã¯ã®å ¥åããŒããšã®çžäºäœçšãç£èŠã§ããŸãã ãŸããCisco AMP for Endpointsã§ã¯ããã®ã¿ã¹ã¯ããã³ã°ãããããšãã§ããŸãã å€ãã®ãªãã·ã§ã³ããããŸã-åææ¡ä»¶ãæºè¶³ãããã«ã¯ãã©ããè¯ãããç解ããå¿ èŠããããŸãã
ãã®ãããåžžã«ããŒãããŒãšé¡§å®¢ã®äž¡æ¹ã«ã¿ã¹ã¯ãæ確ã«å®åŒåããå¿ èŠãªã·ã¹ã³è£œåã«ã€ããŠè©±ããªãããä¿ããŸãïŒãã ãã顧客ã¯ããŒããã©ãªãªã«ç²ŸéããŠãããå¿ èŠãªãã®ãå®å šã«ããç¥ã£ãŠããããšããããŸãïŒåœŒããã©ããªåé¡ãšæŠããããã«ã€ããŠã ããã§ãªãå Žåã顧客/ããŒãããŒã¯ã·ã¹ã³ã®ãœãªã¥ãŒã·ã§ã³ã«äžæºãæããå¯èœæ§ããããããã¯ããããã¿ã¹ã¯ãéå¹ççã«è§£æ±ºããŸãã ãããã誰ãã¿ã¹ã¯ãèšå®ããŸããã§ãã:-(äŒç€Ÿã¯ããã®ããžã§ã³ã«åºã¥ããŠãœãªã¥ãŒã·ã§ã³ãç²åŸããããšããããããŸããããã®åŸãã¿ã¹ã¯ã«å¯ŸåŠã§ããªãããšãããããŸãããã®å Žåã誰ã責任ãè² ããŸããïŒ
èšãæããã°ãå€åœäººããã¡ãã·ã§ããã«ãªçšèªããŠãŒã¹ã±ãŒã¹ãïŒãŠãŒã¹ã±ãŒã¹ïŒãšåŒãã§ãããã®ã®äžã«æ§ç¯ããå¿ èŠããããŸãã ãµã€ããŒã»ãã¥ãªãã£ã§çºçãããã®ãããªã·ããªãªã®4ã€ã®ã¿ã€ããéžã³ãŸãã
- ç¹å®ã®è åšïŒæ å ±æŒæŽ©ãã©ã³ãµã ãŠã§ã¢ãDDoSæ»æããã£ãã·ã³ã°ãªã©ïŒã®äžå
- ç¹å®ã®ãã¯ãããžïŒããšãã°ãä»®æ³åãããããŒã¿ã»ã³ã¿ãŒãSkypeãã¯ã©ãŠããå¢çãªã©ïŒã®ä¿è·/ãããã¯
- ãµã€ããŒã»ãã¥ãªãã£ã®èŠä»¶ãå«ãèŠç¯çãªè¡çºãŸãã¯åºæºã®èŠä»¶ã®å®è£ ïŒããšãã°ãFSTECã®31次ãŸãã¯ãã·ã¢éè¡ã®æ°ããGOSTïŒ
- æ å ±ã»ãã¥ãªãã£ïŒããšãã°ãã€ã³ã·ãã³ã察å¿ãã»ãã¥ãªãã£èªèãæ å ±ã»ãã¥ãªãã£ç£èŠãªã©ïŒã®ããã»ã¹ã®å®è£ ã
ãããã®4ã€ã®åã«ããŽãªã«ã¯ããŠãããŒãµã«ãªã¹ããååšããªãã·ããªãªãå€æ°ãããŸãïŒæãäžè¬çãªã·ããªãªããããŸãïŒã
èšäºã®çµããã«è¿ã¥ããŠãç§ã¯åã³å§ãããšããã«æ»ããããšæããŸãã äŒæ¥ã§æ å ±ã»ãã¥ãªãã£ã·ã¹ãã ãé©åã«æ§ç¯ããããã«ã補åAãBããŸãã¯Cãæ¢ãããã«å®è¡ããå¿ èŠã¯ãããŸããããæåã«åæããŒã¿ã®ãªã¹ããäœæããŸã-解決ãã¹ãã¿ã¹ã¯ïŒä¿è·ãããããã»ã¹ããµããŒãããããããã³ã«ãšã·ã¹ãã ãããã©ãŒãã³ã¹ãªã©ïŒãè åšãåæ ãããèŠå¶èŠä»¶ãã€ãŸã䜿çšã·ããªãªã«åºã¥ããŠæ§ç¯ããŸãã ãããŠããããç解ããŠåããŠãé©åãªãœãªã¥ãŒã·ã§ã³ãéžæããããã»ã¹ã«é²ãããšãã§ããŸãïŒãããŠåã³-補åã§ã¯ãªããœãªã¥ãŒã·ã§ã³ïŒã ããªãã®éžæã§é 匵ã£ãŠãã ããïŒ ãŠãŒã¹ã±ãŒã¹ã®ãããã¯ãããå°ãåºãããããã«ã次ã®èšäºã§ã¯ããã€ãã®å žåçãªã·ããªãªãæ€èšããŸãã