[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handling Method on Public...
-
Upload
rakuten-inc -
Category
Technology
-
view
326 -
download
1
description
Transcript of [RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handling Method on Public...
1
FUSION Forensics- A Critical Information Handling Method on Public Clouds -
Isao OkazakiFUSION Communications CorporationOctober 26 2013
2
Agenda
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
3
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I would like to talk about our company overview and our services.
4
What is FUSION? – Corporate Overview
Name FUSION COMMUNICATIONSCorporation
Established March 13 2000President Takahito AikiBusiness in brief Telecommunications carrier
Major shareholders Rakuten Inc. (54.78%)Marubeni Corporation (38.00%)
Our company, FUSION Communications corporation (FUSION) was established in 2000 as an telecommunications carrier.Now FUSION is a subsidiary company of Rakuten and Marubeni, respectively.
5
What is FUSION? – Service Line-ups
Phone Service
FUSION has provided Phone Service since 2001.
6
Telephony Service
We have Broadened B2B Telephony Service.
What is FUSION? – Service Line-ups
7
Mobile Service
ISP Service
We have expanded service category to ISP and Mobile.
What is FUSION? – Service Line-ups
Telephony Service
8
Cloud Service
Cloud Service is the newest category of FUSION.
What is FUSION? – Service Line-ups
Mobile Service
ISP Service
Telephony Service
9
What is FUSION? – Cloud Service (IaaS)
We firstly started Public Cloud Service, “FUSION Cloud” (IaaS) in 2012. Carrier grade Service Quality of FUSION
IaaS (Apr.2012)
10
What is FUSION? – Broadening Cloud Service
We have launched New Cloud Services, PaaS & SaaS since October, 2012. Original and unique services
IaaS (Apr.2012)
PaaS for RMS (Oct.2012)
SaaS for File Sharing (Feb.2013)
SaaS for Log Audit (May,2013)
11
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I have talked about our company overview and our services. We are one of the Rakuten group company and we launched unique
cloud services like FUSION Forensics.
12
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I would like to talk about Digital Forensics and to show you how to
handle critical information on “systems” using Digital Forensics.
13
What are Digital Forensics? – ForensicsForensic science is generally defined as the application of science to the law (*).(*)NIST SP800-86 (http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf)For example, regarding criminal investigation, it is considered as follows:
ExamineData
AnalyzeInformation
ReportEvidence
Forensic science can find or deduce who did the crime.That’s why they contribute to deter crimes.
CollectMarks
Smell
FingerPrint
14
What are Digital Forensics? – Digital Forensics
The process of Digital Forensics is the same as in a criminal investigation.Generally, Digital Forensics is considered the application of science to the following process (*).(*)In reference to NIST SP800-86 (http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf), FUSION made this figure.
CollectMedia
ExamineData
AnalyzeInformation
ReportEvidence
Digital Forensics can find or deduce who operates the information.That’s why they contribute to suppress security incident including information leakage.
15
What happens if we don’t have the system for digital forensics and if security incident occurred?
In these cases, a lot of problems occur in the process of digital forensics.
C
RAE
There aren’t enough information to report.
Are there any Logs? Where are the Logs?
Which Log should I look at? Is the Log correct?
How to analyze the Logs? It takes for a long time.
SecurityIncident
What are Digital Forensics? – Handling Critical Information(1)
16
What are Digital Forensics? – Handling Critical Information(2)
Therefore, we need the system for digital forensics to suppress security incident and to handle critical information on systems.
System for DigitalForensics
If we don’t have the system for digital forensics, security incident takes so much effort and time to solve the problem.Furthermore, the company would lose their customers’ trust.
SecurityIncident
System for DigitalForensics
17
Actually, IPA (Information-technology Promotion Agency, Japan) announced that regarding technical side introducing digital forensics is effective for attacking measures from inside the company (*).
(*)http://www.ipa.go.jp/security/fy23/reports/insider/documents/insider_report.pdf
Security Incidents
Secu
rity Incid
ents
fromOutsideCompany
fromInsideCompany
Conventional Information Security Confidentiality Availability integrity
Technical Side:Introducing Digital Forensics
Operation Side:Setting Appropriate Access Authority
Information Security Measures
IPA announced they are effective for attacking measures from inside the company.
What are Digital Forensics? – Handling Critical Information(3)
18
Generally, there are 3 collecting methods on Digital Forensics. ① Jump Server ② Log Server ③ Network Traffic Capturing
Operators
②Log Server
Network ①Jump Server
③ Network TrafficCapturing
We adopted Jump Server ① because it can directory record all the commands and their responses of operations.
LogLog
LogLog
What are Digital Forensics? – Handling Critical Information(4)
Servers
Log
19
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I have talked about Digital Forensics and show you how to handle critical
information on “systems” using Digital Forensics.
20
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I would like to talk about FUSION Forensics and show you how to handle
critical information on “public clouds” using FUSION Forensics.
21
What are FUSION Forensics? – Backgrounds(1)
On-premisesEnterpriseSystems
Advantages in- Cost Effectiveness- System Elasticity- BCP measuresmore…
Public Cloud
The trend from on-premises enterprise systems to public cloud has been growing sharply over the past few years.
22
What are FUSION Forensics? – Backgrounds(2)
Public Cloud
The demand of handling critical information on public cloud has been increasing as well as on-premises enterprise systems.
Demand of Handling Critical Information
On-premisesEnterpriseSystems
Advantages- Cost Effectiveness- System Elasticity- BCP measuresmore…
Demand of Handling Critical Information
23
What are FUSION Forensics? – Backgrounds(3)
Public Cloud
I will explain FUSION Forensics and show you how to handle critical information on “public clouds” using FUSION Forensics.
On-premisesEnterpriseSystems
Advantages- Cost Effectiveness- System Elasticity- BCP measuresmore…
Demand of Handling Critical Information
Demand of Handling Critical Information
24
What are FUSION Forensics? – Introduction(1)
FUSION Forensics provide the environment to handle critical information.
Operation Log Capturing
Archiving original logs
Searching Logs on Management Console
Reporting Audit Evidence Automatically
FUSION developed and commercialized one of the solution for digital forensics.
C
RAE
25
What are FUSION Forensics? – Introduction(2)
Operators Servers
Log
FUSION Forensics adopted Jump Server for collecting method because it ①can directory record all the commands and their responses of operations.
①Jump Server
All the operation logs of the operators are captured in the jump server.
26
What are FUSION Forensics? – System Image(1)
VMs
VMs
PhysicalServers
On-premisesEnt. Systems
CloudsPublic
CloudFUSION
OperationSSH, etc.
AdminAudit
Operators
AuditorsAdministrators
Jump ServersLog Capturing
Log
Archive Servers
OperationSSH, etc.
Original
Priv
ate
Lin
es
Inte
rnet
VP
C, e
tc.
Collecting Servers
Key for UserKey for User Key for Server
Key for Server
LogUser Original
LogReferenc
e
Registration
Client SoftwareTeraTerm/
PuTTY
Supporting various systems.
Management ConsoleWeb Servers
27
What are FUSION Forensics? – System Image(2)
VMs
VMs
PhysicalServers
On-premisesSystems
CloudsPublic
CloudFUSION
OperationSSH, etc.
AdminAudit
AuditorsAdministrators
Jump ServersLog Capturing
Log
Archive Servers
OperationSSH, etc.
Original
Priv
ate
Lin
es
Inte
rnet
VP
C, e
tc.
Collecting Servers
Key for User Key for Server
Key for Server
LogUser Original
LogReferenc
e
Registration
Supporting SSL and key pairs on both sides of users and serversfor secure access to public clouds..
Management ConsoleWeb Servers
Key for User
Client SoftwareTeraTerm/
PuTTY
Operators
28
What are FUSION Forensics? – System Image(3)
VMs
VMs
PhysicalServers
On-premisesSystems
CloudsPublic
CloudFUSION
OperationSSH, etc.
AdminAudit
AuditorsAdministrators
Jump ServersLog Capturing
Log
Archive Servers
OperationSSH, etc.
Original
Priv
ate
Lin
es
Inte
rnet
VP
C, e
tc.
Collecting Servers
Key for User Key for Server
Key for Server
LogUser Original
LogReferenc
e
Registration
Supporting various client software such as TeraTerm, PuTTY and more.So, operators don’t need to install specific software.
Management ConsoleWeb Servers
Key for User
Operators
Client SoftwareTeraTerm/
PuTTY
29
What are FUSION Forensics? – System Image(4)
VMs
VMs
PhysicalServers
On-premisesSystems
CloudsPublic
CloudFUSION
OperationSSH, etc.
AdminAudit
AuditorsAdministrators
Jump ServersLog Capturing
Management ConsoleWeb Servers
Log
Archive Servers
OperationSSH, etc.
Original
Priv
ate
Lin
es
Inte
rnet
VP
C, e
tc.
Collecting Servers
Key for User Key for Server
Key for Server
LogUser Original
LogReferenc
e
Registration
Supporting management console. So, administrators or auditorscan manage and audit operators.
Key for User
Client SoftwareTeraTerm/
PuTTY
Operators
30
What are FUSION Forensics? – Features (1)
Capturing Protocol: SSH, Telnet, FTP, SCP, SFTP, RDP(Coming in Nov.)
Client Software: Tera Term, PuTTy, OpenSSH, WinSCP, FileZilla, SFTP
Connecting to: public clouds, on-premises systems, network equipment
SSH Authentication Method: 2 step, menu
C
Collection
(Media)
Examination
(Data)
Analysis
(Information)
Reporting
(Evidence)
31
What are FUSION Forensics? – Features(2)
User/Server Maintenance:User Maintenance, Server Maintenance,User/Server Access Control, Log Volume
Dashboard: Access Summary, Announcement Log Type: Command Line, Command Response
Log Search: Time Interval, User Name, Server Name,User/Server IP Address, Protocol,Commands, Searching Option
Log reporting for Audit:Periodical Reporting of the specific format
Log Download: Generating CSV formatted Log,Log Compression with Password
R
A
E
Collection
(Media)
Examination
(Data)
Analysis
(Information)
Reporting
(Evidence)
32
Internal operators access to their internal on-premises systems through FUSION Forensics.
What are FUSION Forensics? – Use Cases(1)
Operators
Log
From Internal to Internal connection
Internal Internal
CriticalInformation
①Access
②Manage andaudit operators
AuditorsAdministrators
On-premisesSystems①Access
33
What are FUSION Forensics? – Use Cases(2)
Internal operators access to their external servers on Public Clouds through FUSION Forensics.
From Internal to External connection
Operators
Log
Internal External
ServersPublic Clouds
CriticalInformation
AuditorsAdministrators
②Manage andaudit operators
①Access①Access
34
What are FUSION Forensics? – Use Cases(3)
External Vendor Engineers access to customers’ internal on-premises servers through FUSION Forensics.
EngineersVendor
Log
From External to Internal connection
External Internal
CriticalInformation
AuditorsAdministrators
On-premisesSystems
②Manage andaudit operators
①Access①Access
35
What are FUSION Forensics? – Use Cases(4) From External to External connection
Log
External
ServersPublic CloudsEngineers
Vendor
External
External Vendor Engineers access to customers’ external servers on Public Clouds through FUSION Forensics.
CriticalInformation
AuditorsAdministrators
②Manage andaudit operators
①Access①Access
36
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I have talked about FUSION Forensics and show you how to handle
critical information on “public clouds” using FUSION Forensics.
37
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
38
FUSION Forensics Demo – SSH /w Key Pair
Operators
Log
Servers
CriticalInformation
①Access( SSH and Key Pair )
②Manage andaudit operators
AuditorsAdministrators
First, operators access to their external servers on FUSION Cloud through FUSION Forensics using SSH client and key pair.After that, administrators search and check the log through management console.
Internal External
Start Demo
Start Demo
①Access( SSH and Key Pair )
39
FUSION Forensics Demo – RDP
Operators
Log
Servers
CriticalInformation
AuditorsAdministrators
Second, operators access to their external servers on FUSION Cloud through FUSION Forensics using RDP.After that, administrators search and check the log through management console.
Internal External
Start Demo
①Access( RDP )
②Manage andaudit operators
①Access( RDP )
40
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
Summary of this part: I talked about FUSION Forensics Demo using SSH and RDP.
41
1) What is FUSION?2) What are Digital Forensics?3) What are FUSION Forensics?4) FUSION Forensics Demo5) Conclusion
Agenda
42
In this presentation, we will introduce FUSION Forensics and show you how to handle the critical information on public cloud using FUSION Forensics.
Conclusion
Collection
(Media)
Examination
(Data)
Analysis
(Information)
Reporting
(Evidence)
43
Thank you for listening!
44
For more information,
Booth: RT1 13F Cafeteria Web Site: www.fusioncom.co.jp/forensics/E-mail: [email protected]
Please visit and contact us!