SolidStep v2 - goodmit.co.kr · 내부대응: 운영 ... 내부정책(가이드) 진단항목...
Transcript of SolidStep v2 - goodmit.co.kr · 내부대응: 운영 ... 내부정책(가이드) 진단항목...
-
SolidStep v2.5( )
-
... ..
-
1. ?
(, Vulnerability) H/W, S/W ()
(DoS)
(Interruption)
//
: ,
3
-
Compliance
Infrastructure
Application
Web
IT Infra Configuration
(OS, Network, DBMS, WEB/WAS )
(Microsoft, Adobe, Open SSL, Java )
(HTML, ASP, JSP, PHP )
: :
: ( )
:
: :
Compliance
2.
CCE CVE
4
-
3.
+
/ [ 9]
Unix, Windows, Network , DBMS, WEB/WAS, , , PC
313
,
CEO
,
IT
, CISO CEO
5
-
4.
11.2.8
11.2.10
7.3.12
9.2.2
A.12.6.1
,
(ISMS) (ISO/IEC27001)
(PIMS/PIPL)
6
-
- , , , ,
- , , ,
- , - , ,
2
1 1
.
2 1
1 .
- - (, )- (, , )- ()- ( )- - (, )
47,
.
- ISP, IDC, VIDC- 100
- 3 100
5.
16
337 (2015. 11 )
500
408 (2016. 1 )
7
-
How Often? 1~2 / 1
How Much? Man/Months (50EA:Max.)
What Method? Script
What Target? Sampling
IT
1M/M : 10,000,000 : 100,000,000
.. 500EA
6.
8
-
How Often? 1~2 / 1 or
How Much? Man/Months (50EA:Max.) ->
What Method? Script
What Target? Sampling
, !!!
7.
9
-
NIST, ITIL, Cobit
( GAP )
( )
( )
ROI
FFIEC, HIPPA
PCI-DSS
Zero-Day, CVE
ISO17799,27001
,I.S.M.S.
ISO/IEC 27001:2013
,P.I.M.S.
1.
Q. ?
: Non-Compliance Item : Compliance Item : Non-Compliance Item : Compliance Item
11
-
1. -
Q. ?
()
:
, 8 ?
, , 9 .
5 , 60 .
.
.
, 8 .
, .
, .ex) abc1234!@# -> ex) abc12345 ->
12
-
2.
Q. ?
1 2 3 4 5
!! .
: ()
:
25D
92A+
87A
83A
96A+
25
13
-
OK OK
OK OK
OK
OK
OKOK
OK
OK
OK
OK
OK
OKOK OK
OK OK
OK
OK
OK
OK
OK
OK
OKOK OK
OK
OK OK
OK
OK OK
OK
OK
OKOK OK
OK
OK OK
2. -
1
2
14
-
3.
Q. () ?
365,
?
?
or
.
.
.
15
-
4.
Q. ?
()
SID
.
.
.
3
DB100
16
-
All or Nothing.
100 1 = 0
17
!
.
-
()
.
19
-
100%
, , ()
1,000
()
1 Click
1/3 ~ 1/10
28,800
,
30
1,000 , 100 /1MM
20
1. SolidStep
-
100%
()
5, .
90.
21
2.
-
22
3. (2016.02)
SolidStep Template
Web/WasDBMS NetworkServer Total
S.S.RStandard Tpl
Critical ISSUE
ISMS
518
*
8
134
265
866
379
123 167 155 73
8 N/A N/A N/A
62 36 22 14
131 72 24 38
87 119 135 38
434 167 55 210
Server Windows / UNIX / LINUX
DBMS Oracle / MSSQL / MYSQL / Sysbase / Tebiro / DB2 / PostgreSQL / Altibase / MariaDB
Web/WAS Apache / IIS / WebtoB / OHS / Tomcat / WebLogic / Jeus / WebSphere / Jboss / IPlanet
NetWork Cisco / Alcatel / Alteon / Juniper / Extreme / 3COM
* - , , , PC, SolidPC,
-
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
To - Be
: ,
:
23
4.
-
Offline
with Agent
Agentless
Online
Install-Free
Portable ( )
OS Free
Windows, Linux, AIX, HP-UXSolaris 5
Resource Free
CPU 1%
ACL Free
Agent Port Listening HTTPS Protocol
SSH, Winexec
Agent Zero, Agent , ACL( ) ,
4-free
Internet
PC
Network
24
Windows Unix DBMS WEB WAS
SolidStep
PasswordCrack
(3-Ways)
FireWall
N/W
5.
-
SolidStep .
3 * / *-) , , -) //-)
//
//
25
6. UI like Gmail
-
192.10.10.1_Unix
3 DB ERP ? DB ??
IT
ERP
+
192.10.10.1_Unix
192.10.10.1_ERP 192.10.10.1_ 192.10.10.1_
192.10.10.1_Unix
192.10.10.1_DBMS
192.10.10.1_DBMS 192.10.10.1_DBMS
192.10.10.1_DBMS
ERP DB
IT
192.10.10.1_Unix
192.10.10.1_ERP
192.10.10.1_ 192.10.10.1_
or IP , Solid
Step WEB/WAS/DBMS () / .
26
6.
-
.
6.
27
-
UI , /
.
3 Steps, OK !1. 2. 3.
ID
1
3
2
4 , UI ,
28
6.
-
( )
,
WISWIG
AS-IS TO-BE
() , .
29
6.
-
.
, ,
30
6.
-
(1) 100% , (2) .
1 /
31
6.
-
SolidStep 2.5 / , .
Cycle SolidStep
P
A D
C
, ,
+
32
6.
-
OS
WEB/WAS
Network
DBMS
Agentless
SolidStep Agentless Agent Zero
Agent
Manager
SolidStep
Network
Agentless
Installing...
2hr...
, ACL, ( )
- Cisco, JUNIPER, HP 3com, Alteon L4
- OS
-MYSQL, DB2, Sysbase, PostgreSQL
- IIS, Apache, WebtoB, Http Server, Tomcat
SSH
Winexec
33
6. Agentless
-
,
,
,
(), ZERO
34
7.
-
1.
SolidStep IT , ,
.
, , , , ,
, , , ,,
, , , SEC,
/ KT, KTDS, LG U+, , , LG, CJ, ,
, , LG, , W,
KB, KB, , KG, , ,
, , NH, DGB, ING, , , ,
, , , ,
,
50,000 , 200,000 . ( : )
/
36
-
9,000 1
SolidStep .
PC AD - MAP
9,000 ,
200
300 ( 2)
Windows Server
Unix Server
PC
100% 100% 100%
100%
37
-
LG U+ 10
SolidStep .
3
12 10,000 ,
300
300 ( 1)
Windows Server
Unix Server
Legacy System
100% 100% 100%
100%
38
-
SolidStep .
1,600 ,
150
300 ( 1)
Windows Server
Unix Server
Legacy System
100% 100% 100%
100%
39
-
: ,
A.P.T
Cloud
Big DataC.V.E.
Mobile
Zero-Day
. , .
40
-
Appendix
-
1. ()
42
-
1. ()
43
-
1. ()
44
-
2. : 1/5 (OS : UNIX)
root UID/GID
UID
(C2 Level)
root
root umask
PATH
STICKY BIT
UMASK
SU
syslog
sulog, last
Update
inetd.conf DoS, rpc
inetd.conf tftp, talk
inetd.conf finger, rusersd, rstatd
inetd.conf r
r
r
NFS
NFS
NFS
SMTP
SMTP
SNMP
SNMP
SNMP Community Name
FTP Anonymous
X-service
(SSH)
sendmail WIZARD
debug sendmail
(scheduling)
cron
root cron
root cron
45
-
2. : 2/5 (OS : Windows)
Administrator
Guest
ID
,
SAM
FTP Anonymous
SNMP Community Name
RDS(Remote Data Services)
SNMP
SNMP Access Control
HTTP/FTP/SMTP
Autologon
Null Session
HOT FIX
Telnet
DNS
DNS Zone Transfer
Everyone
( )
Autologon
Null Session
SID/
NetBIOS
46
-
2. : 3/5 (DBMS)
Oracle
OS
DBA
Default
Public
SYS.LINK$
SYSDBA
With grant option
OS
PL/SQL Package
External Call
UTL_FILE_DIR
Listener
Initialization
Oracle Password
Alert Log
Trace Log
,
$TNS_ADMIN
IP
DBLINK
MS-SQL
DBA Fixed server role SA null Guest Public update With grant option xp_cmdshell procedure Startup stored procedure Registry extended stored procedure
DB SQL Mail HOT FIX
My-SQL
root null root mysql.user grant_priv Initialization (my.cnf) mysql.server $datadir Update
47
-
2. : 4/5 (WEB/WAS)
IIS
FTP SMTP NNTP ISAPI DLL Sample WebDAV DB (.asa ) Update
Jeus
JEUS
JEUS
/
DB
Apache
Apache root / FollowSymLinks MultiViews Manual HTTP Method CGI Apache Apache Apache Apache
Tomcat
Tomcat
Tomcat /
Examples
48
-
2. : 5/5 (Network)
49
Alteon
-
VTY (ACL)
Session Timeout
SNMP
SNMP community string
Spoofing
shutdown
Cisco
VTY (ACL)
SESSION TIMEOUT
SNMP
SNMP COMMUNITY STRING
SNMP ACL
SNMP
TFTP
SPOOFING
DDOS
SHUTDOWN
Juniper
-
VTY (ACL)
Session Timeout
SNMP
SNMP community string
SNMP ACL
SNMP
Spoofing
shutdown
HP(3Com)
VTY (ACL)
SESSION TIMEOUT
SNMP
SNMP COMMUNITY STRING
SNMP ACL
SNMP
SPOOFING
SHUTDOWN
-
CONTACT US
[ ]
/
| 010-8915-2368
| 010-5075-9534
| 010-6230-2303
E-mail : [email protected]