
åã®ã¬ãã¹ã³ã§ã¯ãæ å ±ã»ãã¥ãªãã£ã«ããã人çèŠå ã®åé¡ã«è§ŠããŸããã ãã®çµæã䜿çšããå質ãšé«äŸ¡ãªæ©åšã®éã¯åé¡ã§ã¯ãªããšçµè«ä»ããŸããã èšå®ã§ãã¹ãŠããåæ¢ãããŸãããããã¯æ£ããå®è¡ããå¿ èŠããããŸãã ãã®ãã¥ãŒããªã¢ã«ã§ã¯ã httpsæ€æ»ã«ã€ããŠèŠãŠãããŸã ã æè¿ã®ãããã¯ãŒã¯ä¿è·ãèããããªããã®æ©èœã®éèŠæ§ãããªãéå°è©äŸ¡ããŠããŸãã ãããããŸãæåã«ã
Webãã©ãã£ãã¯ä¿è·
ã»ãŒãã¹ãŠã®ææ°ã®NGFWãŸãã¯UTMãœãªã¥ãŒã·ã§ã³ã«ã¯ãWebãã©ãã£ãã¯ããã§ãã¯ããæ©èœããããŸãã ããã«ã¯ããµã€ãã®åé¡ãããŠã³ããŒãå¯èœãªã³ã³ãã³ãã®ç¢ºèªãWebã¢ããªã±ãŒã·ã§ã³ã®å®çŸ©ãå«ãŸããŸãã ããã«ãæåŸã®ãã€ã³ãïŒWebã¢ããªã±ãŒã·ã§ã³ïŒã¯éåžžã«éèŠã§ãã åãããŒããä»ããŠèšå€§ãªæ°ã®ãµãŒãã¹ãæ©èœããŸãã ãŸããã»ãŒãã¹ãŠã®ãã³ããŒãHTTPãã©ãã£ãã¯ã®ãã§ãã¯ã«åé¡ããªãå ŽåãHTTPSã¯ææ°ã®ã»ãã¥ãªãã£ããŒã«ã«ãšã£ãŠçã®ææŠã§ãã
Https
HTTPSãšã¯äœããå®å šãªã€ã³ã¿ãŒããããæ§ç¯ããããã«HTTPSãã©ãã»ã©éèŠã§ãããã«ã€ããŠè©±ãããšã¯ã»ãšãã©æå³ããªããšæããŸãã HTTPSã®ãããã§ãã¯ã©ã€ã¢ã³ãïŒãã©ãŠã¶ïŒãšãµãŒããŒïŒWebãµãŒããŒïŒã®éã§ãéä¿¡ãããæ å ±ãååãŸãã¯å€æŽããããšã¯äžå¯èœã§ãã 2017幎ã®çµ±èšã«ãããšãHTTPSãã©ãã£ãã¯ã®å²åã¯50ïŒ ãè¶ ããŸããã

ããã«ãææ°ã®ãã©ãŠã¶ãŒïŒããšãã°ãgoogle chromeïŒã¯ãhttp-sitesã«èªèšŒãã©ãŒã ãä¿¡é Œã§ããªããã®ãšããŠããŒã¯ããgoogleã¯æ€çŽ¢çµæã§ããããäžããŸãã ããã«ãããHTTPSãã©ãã£ãã¯ã®ã·ã§ã¢ãããã«æ¥éã«å¢å ããŸãã
åè¿°ã®ããã«ãHTTPSã¯ã€ã³ã¿ãŒãããäžã®2ã€ã®ããŒãéã®å®å šãªéä¿¡ã«äœ¿çšãããŸãã åæã«ãHTTPSã¯æ°ãããããã³ã«ã§ã¯ãªããäžè¬ã«HTTPã§ãããSSLãŸãã¯TLSããã©ãã£ãã¯ãä¿è·ãããã©ã³ã¹ããŒããããã³ã«ãšããŠäœ¿çšãããŸãã ãããã®ãããã³ã«ãèªèšŒãæå·åãããã³ãã©ãã£ãã¯ã®æŽåæ§ãæ åœããŸãã ãããã®ãããã³ã«ã®åäœã詳现ã«æ€èšããããšã¯ããŸããããèå³ã®ããæ¹ã«ã¯ãã®èšäºã匷ããå§ãããŸã ã 倧ãŸããªæŠç®ã§ã¯ãHTTPSã®åäœã¯æ¬¡ã®ãšããã§ãã

ããªãã¡ ã¯ã©ã€ã¢ã³ãã¯WebãµãŒããŒãžã®TLSèŠæ±ãéå§ããTLSå¿çãåä¿¡ããŸãããŸããåœç¶ã®ããšãªããä¿¡é Œããå¿ èŠãããããžã¿ã«èšŒææžã確èªããŸãã vk.comã«ã¢ã¯ã»ã¹ãããšãã®èšŒææžã®äŸã¯äžã«ç€ºãããŠããŸãã å®å šãªæ¥ç¶èšå®ãšå ¬ééµãå«ãŸããŠããŸãã ããã«ããã©ãŠã¶ã¯äœ¿çšãããŠããTLSã®ããŒãžã§ã³ããäŒãããããšãã§ããŸãã ç¹°ãè¿ããŸãããããã¯éåžžã«åçŽåãããTLSã®èª¬æã§ãã
TLSãã³ãã·ã§ã€ã¯ãæåãããšãæå·åãããããŒã¿è»¢éãéå§ãããŸãã ããã¯éåžžã«åªããŠãããšæãããŸãïŒãã®ãšããã§ãïŒã ããããäŒç€Ÿã®ãèŠåå¡ãã«ãšã£ãŠããã¯æ¬åœã®é çã®çš®ã§ãã 圌ã¯ãã®ãã©ãã£ãã¯ããèŠãªããããããŠã€ã«ã¹å¯ŸçãäŸµå ¥é²æ¢ã·ã¹ãã ïŒIPSïŒããŸãã¯DLPã·ã¹ãã ã§ãã®å 容ã確èªã§ããªããããäœããããŸãã...ãããŠãããã¯éåžžã«æ·±å»ãªè匱æ§ã§ãã ãªããªã ã»ãšãã©ã®ãµã€ãã¯HTTPSæ€æ»ãªãã§HTTPSã«åãæ¿ãããããã€ã³ã¿ãŒãããã²ãŒããŠã§ã€ã¯Webãã©ãã£ãã¯ã®ã»ãšãã©ããã§ãã¯ã§ããŸããïŒæå·åãããŠããããïŒã ããã«ããµã€ããŒç¯çœªè ã¯ã¯ã©ãŠãããŒã¹ã®ãã¡ã€ã«ã¹ãã¬ãŒãžã䜿çšããŠãHTTPSã§ãåäœãããŠã€ã«ã¹ãæ¡æ£ãããããšãå¢ããŠããŸãã ãããã£ãŠããã¡ã€ã¢ãŠã©ãŒã«ãã©ãã»ã©é«å質ã§é«äŸ¡ã§ãã£ãŠãïŒUTMãŸãã¯NGFWãœãªã¥ãŒã·ã§ã³ã§ãã£ãŠãïŒãHTTPSæ€æ»ãæå¹ã«ããã«ããã¹ãŠã®ãŠã€ã«ã¹ãšãã«ãŠã§ã¢ãå®å šã«ééãããŸãã ã¢ã³ããŠã€ã«ã¹ã«ãã£ãŠæ€åºãããæªåé«ããã¹ããŠã€ã«ã¹EICARã§ãããHTTPSãä»ããŠä¿è·ãæ£åžžã«ééãããŸãã ããã¯ç¢ºãã«äŸãšããŠèããŸãã
HTTPSæ€æ»
HTTPSæ€æ»æè¡ã¯ãã»ãã¥ãªãã£ã®åé¡ã解決ããããã«èšèšãããŠããŸãã ãã®æ¬è³ªã¯ãã·ã³ãã«ã§ãã å®éãHTTPSæ€æ»ãçµç¹ããããã€ã¹ã¯ã äžéè æ»æãè¡ããŸãã 次ã®ããã«ãªããŸãã

ããªãã¡ Check Pointã¯ãŠãŒã¶ãŒã®ãªã¯ãšã¹ããã€ã³ã¿ãŒã»ãããããªã¯ãšã¹ããšã®HTTPSæ¥ç¶ãçºçãããããèªäœãããŠãŒã¶ãŒãã¢ã¯ã»ã¹ãããªãœãŒã¹ãšã®HTTPSã»ãã·ã§ã³ãçºçãããŸãã ãã®å Žåãã¯ã©ã€ã¢ã³ãã«ã¯Check Pointèªäœã«ãã£ãŠçºè¡ããã蚌ææžãæ瀺ãããŸãã èšããŸã§ããªãããã®èšŒææžã¯ä¿¡é ŒãããŠããå¿ èŠããããŸãã ãã®ãããCheck Pointã«ã¯ãä¿¡é Œã§ããCAïŒäžäœèšŒææžïŒãã蚌ææžãã€ã³ããŒãããæ©èœããããŸãã ã€ã³ããŒããããšãã蚌ææžã«å°ãªããšãsha256ã®çœ²åã¢ã«ãŽãªãºã ãããããšã確èªããŠãã ãã ã ããšãã°sha1ã®å Žåãææ°ã®ãã©ãŠã¶ã¯ãã®ãããªèšŒææžããèªããããšã«ãªããŸãã ãŸãã¯ãèªå·±çœ²å蚌ææžãçæã§ããŸãããã®èšŒææžã¯ããã¹ãŠã®ã³ã³ãã¥ãŒã¿ãŒã§ä¿¡é Œãããå¿ èŠããããŸãã ãã®æ¹æ³ãäŸãšããŠæ€èšããŸãã
ãããã£ãŠã2ã€ã®æå·åãããæ¥ç¶ã®äžéã«ããCheck Pointã¯ããŠã€ã«ã¹å¯Ÿçãšä»ã®ãã¬ãŒãïŒIPSãThreat Emulationãªã©ïŒã®äž¡æ¹ã䜿çšããŠããã©ãã£ãã¯ãšãã¹ãŠã®ãã¡ã€ã«ãã¹ãã£ã³ã§ããŸãã Check Point HTTPSæ€æ»ã®è©³çŽ°ã«ã€ããŠã¯ã ãã¡ããã芧ãã ãã ã
HTTPSæ€æ»ã®å¶é
ãã ãããã¹ãŠãããã»ã©åçŽã§ã¯ãããŸããã äžéè ã¡ãœããã¯åžžã«æ©èœãããšã¯éããŸããã httpsãã©ãã£ãã¯ã解èªããããšãåã«äžå¯èœãªå ŽåããããŸãã 以äžã«äŸã瀺ããŸãã
1ïŒåœå ã®æå·åã¢ã«ãŽãªãºã ïŒGOSTïŒã¯ãæšæºã®SSL / TLSã®ä»£ããã«äœ¿çšãããŸãã
çŸæç¹ã§ã¯ããã®ãããªHTTPSãã©ãã£ãã¯ãæ£ãã解èªã§ããå€éšãœãªã¥ãŒã·ã§ã³ã¯1ã€ã ãã§ã¯ãããŸããïŒãã ãããã®ãããªHTTPSæ€æ»ãå®è¡ã§ããåœå ã®ãœãªã¥ãŒã·ã§ã³ã¯å人çã«ã¯ç¥ããŸãããïŒã 解決çãšããŠããã®ã«ããŽãªã®ãµã€ãã®HTTPSæ€æ»ã§äŸå€ãæ§æã§ããŸãã
2ïŒèšŒææžã®Pinnigã䜿çšããŸããã
ããªãã¡ ã¯ã©ã€ã¢ã³ãã¢ããªã±ãŒã·ã§ã³ã¯ãã¢ã¯ã»ã¹ããŠãããµãŒããŒèšŒææžãäºåã«ç¥ã£ãŠããŸãã éåžžã蚌ææžã®ã·ãªã¢ã«çªå·ããã§ãã¯ãããŸãã ãã®å Žåãã¢ããªã±ãŒã·ã§ã³ã¯åçŽã«ä¿¡é Œã§ãã蚌ææžã®ããŒã«ã«ã¹ãã¢ã調ã¹ãªãããã眮æããããšãããšèªç¶ã«ãšã©ãŒãçºçããŸãã ã»ãšãã©ã®å Žåããã®åé¡ã¯ããã©ã³ã¹ããŒããšããŠSSL / TLSã䜿çšãããã¡ããã¯ã©ã€ã¢ã³ãïŒSkypeãTelegramãªã©ïŒã«é©çšãããŸãã ããã«ãå æ¥ãGoogle chromeã®æŽæ°ããŒãžã§ã³ã§ããã®ãµãŒãã¹ïŒyoutubeãgoogleãã©ã€ããgmailãªã©ïŒã«èšŒææžåºå®æè¡ã䜿çšãããããã«ãªã£ãããšãçºèŠããŸããã ããã«ãããhttpsæ€æ»ã䜿çšã§ããªããªããŸãã Googleã¯ãŠãŒã¶ãŒã®å®å šãç©æ¥µçã«éèŠããŠããŸãããèŠåå¡ã®ç掻ãèããè€éã«ããŸãã ãã®å Žåã2ã€ã®åºåããããŸãã
- GoogleãµãŒãã¹ã®httpsæ€æ»ã§é€å€ãèšå®ããŸãã ããã¯äŒæ¥ã«ãšã£ãŠéåžžã«æãŸãããªãããšã ãšæããŸãã
- å¥ã®ãã©ãŠã¶ã䜿çšããŸã...ããšãã°ãFirefoxã
ç§ã¯ãå€ãã®äººãé»å ±ãªã©ã®ã¢ããªã±ãŒã·ã§ã³ã®åé¡ã«èå³ãæã£ãŠãããšç¢ºä¿¡ããŠããŸãã æ®å¿µãªããïŒãŸãã¯å¹žããªããšã«ïŒçŸæç¹ã§ã¯ããã®ãã©ãã£ãã¯ã解èªããããšã¯ã§ããŸããã ãŸãã¯ããããã®ã¢ããªã±ãŒã·ã§ã³ããããã¯ããŸãããªããªã ãã®ãã©ãã£ãã¯ããããã¯ãŒã¯ã¬ãã«ã§ãèŠããããšã¯äžå¯èœã§ãããŸãã¯ããŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ãŒäžã®ãšãŒãžã§ã³ãã®åœ¢ã§è¿œå ã®ä¿è·ã¬ãã«ã䜿çšããŸããããšãã°ã CheckPoint SandBlast Agent㯠ãæ¢ã«åŸ©å·åããããã©ãã£ãã¯ïŒã¡ãã»ã³ãžã£ãŒãä»ããŠåä¿¡ãããã¡ã€ã«ãªã©ïŒããã§ãã¯ã§ããŸãã
3ïŒèªèšŒã¯ãµãŒããŒã ãã§ãªãã¯ã©ã€ã¢ã³ãã§ã䜿çšãããŸãã
ããã¯ãã¯ã©ã€ã¢ã³ããéè¡ã®ããŒã¿ã«ã«ã¢ã¯ã»ã¹ããããã«ç¹å¥ãªããŒãŸãã¯ããŒã¯ã³ã䜿çšããå Žåã®éèãµãŒãã¹ã«ããŽãªã®ãµã€ãã§äžè¬çã§ãã åœç¶ããã®å ŽåãHTTPSæ€æ»ãå®è¡ããããã€ã¹ã¯ããµãŒããŒãžã®httpsæ¥ç¶ãæŽçã§ããŸããã æ£ããããŒããããŸããã ãã®åé¡ã¯ãHTTPSæ€æ»ã§äŸå€ãèšå®ããããšã«ãã£ãŠã®ã¿è§£æ±ºãããŸãã
4ïŒSSL / TLS以å€ã®ãããã³ã«ã䜿çšãããŸãã
ãã®å ŽåãGOSTæå·åã«ã€ããŠã§ã¯ãªããgoogle- quicããã®æ¯èŒçæ°ãããããã³ã«ã«ã€ããŠè©±ããŸãã Googleã¯ããã®ãããã³ã«ãžã®ãµãŒãã¹ã®ç©æ¥µçãªç§»è¡ãéå§ããŸãã åæã«ãçŸåšãããã解èªããããšã¯äžå¯èœã§ãã ãã®å Žåã®å¯äžã®è§£æ±ºçã¯ãquicãããã³ã«ããããã¯ããããšã§ãããã®åŸãGoogleãµãŒãã¹ã¯æšæºã®SSL / TLSã®äœ¿çšãéå§ããŸãã
ã«ã¹ã¿ãã€ãº
ããã¹ã圢åŒã§èšå®ãèšè¿°ããããšã¯éåžžã«é£ãããããçããããªãäœæããŸããã æåã®éšåã§ã¯ãäžèšã®çè«ã«ã€ããŠèª¬æãã2çªç®ã®éšåã§ã¯ãHTTPSãä»ããŠãŠã€ã«ã¹ãããŠã³ããŒãããHTTPSæ€æ»ãèšå®ããŠçµæãæ¯èŒããããšããŸãã
ãããã«
ãã®ã¬ãã¹ã³ããåŠã¶ã¹ãæãéèŠãªããšã¯ãHTTPSæ€æ»ãææ°ã®ä¿è·ã®å¿ é ã³ã³ããŒãã³ãã§ããããšã§ãã ãã®æ©èœããªããšããããã¯ãŒã¯ã«ã¯ã»ãã¥ãªãã£ã®é¢ã§å€§ããªãã©ãã¯ããŒã«ããããŸãã ãããŠãããã¯ãã§ãã¯ãã€ã³ãã ãã§ãªããä»ã®ãã¹ãŠã®ãœãªã¥ãŒã·ã§ã³ã«ãåœãŠã¯ãŸããŸãã ãã®æ¹æ³ã§ãããã¯ãŒã¯ããã¹ãããŠãã ããã å¿ èŠãªã®ã¯ãäœããã®çš®é¡ã®ãã¹ããŠã€ã«ã¹ãšã¯ã©ã€ã¢ã³ããã·ã³ãã§ããã°ãŠã€ã«ã¹å¯Ÿçãªãã§ããã¡ã€ã«ã®ããŠã³ããŒãããããã¯ã§ããªãããã«ããããšã§ãïŒå®éšã®çŽåºŠã®ããïŒã
ããã§2çªç®ã®ã¬ãã¹ã³ã¯çµäºã§ãããæž èŽããããšãããããŸããïŒ
ãã¡ãããç¡æã§ãã§ãã¯ãã€ã³ãã®ã»ãã¥ãªãã£èšå®ãç£æ»ã§ããŸãã
PSã¬ãã¹ã³ã®æºåã«ååããŠãããAlexei Beloglazovã«æè¬ããŸãã