åãåãããã¢ã³ã±ãŒããªã©ãå€ãã®ç®çã§äœ¿çšãããã¡ãŒã«ãã©ãŒã ã
ã¡ãŒã«ãã©ãŒã ãäœæããããWebãµã€ãã«èšçœ®ããéã«ã¯ãã»ãã¥ãªãã£ããæèããå¿ èŠããããŸããã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçãäžååã§ããã°ãæ å ±æŒæŽ©ãæ¹ãããªã©ã®æ§ã ãªãªã¹ã¯ãçºçããŸãã
æ¬èšäºã§ã¯ãã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçã«ã€ããŠã®æ
å ±ãã玹ä»ããŸãã
äž»ãªãªã¹ã¯ã察çã®ãã€ã³ãã«ã€ããŠãŸãšããŠããã®ã§ããã²åèã«ããŠã¿ãŠãã ããã
ç®æ¬¡
- ã¡ãŒã«ãã©ãŒã ãšã¯
- ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£ãªã¹ã¯
- ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçã®5ãã€ã³ã
- ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçã®ãã€ã³ããŸãšã
- äž»ãªãã©ãŒã äœæããŒã«ã®ã»ãã¥ãªãã£å¯Ÿç
- ã»ãã¥ãªãã£ãèæ ®ãããã©ãŒã ã䜿ããªãformrunããããã
- ãŸãšã
ã¡ãŒã«ãã©ãŒã ãšã¯
ã¡ãŒã«ãã©ãŒã ãšã¯ãåçè ãWebãµã€ãã«çŽæ¥ããã¹ããå ¥åããŠã¡ãŒã«ãéä¿¡ã§ããæ©èœïŒä»çµã¿ãããŒãïŒã®ããšã§ãã
Webãµã€ãã«ã¡ãŒã«ãã©ãŒã ãèšçœ®ããããšã§ãã¡ãŒã«ãœãããèµ·åããããã¡ãŒã«ãµãŒãã¹ã«ãã°ã€ã³ããªããŠãã¡ãŒã«ãéä¿¡ã§ããããã«ãªããŸããã¡ãŒã«ãã©ãŒã ã¯ã¢ã³ã±ãŒã調æ»ãåãåãããè³æè«æ±ãªã©æ§ã ãªç®çã§å©çšããããšãã§ããããŒã«ã«ãã£ãŠæã£ãŠããæ©èœããã¶ã€ã³ã倧ããç°ãªããŸãã
ã¡ãŒã«ãã©ãŒã ã®æ©èœãã¡ãªããã»ãã¡ãªãããç¡æã§äœ¿ããããããã®ããŒã«ã«ã€ããŠã¯äžèšã®èšäºã§è©³ãã解説ããŠãŸãã
ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£ãªã¹ã¯
ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçãé©åã«è¡ããªãå Žåãã©ã®ãããªãªã¹ã¯ãããã®ã§ããããããã¡ãã§ã¯ã3ã€ã®ãªã¹ã¯ã解説ããŸãã
1. ããŒã¿ããŒã¹ãžã®äžæ£ã¢ã¯ã»ã¹
ãŸã1ã€ç®ã«æããããã®ããããŒã¿ããŒã¹ã«äžæ£ã¢ã¯ã»ã¹ãããæãããããšããç¹ã§ãã
ãã©ãŒã ããã®åçãéããããŒã¿ããŒã¹ã«ç¬¬äžè ã«ã¢ã¯ã»ã¹ãããããšã§ãæ å ±ãçã¿èŠãããŠããŸããªã¹ã¯ããããŸãããã©ãŒã ã®åçã«ã¯åçè ã®ååãé»è©±çªå·ãã¡ãŒã«ã¢ãã¬ã¹ãªã©é¡§å®¢æ å ±ãèšå ¥ããããšãå€ããããããŒã¿ããŒã¹ãžã®äžæ£ã¢ã¯ã»ã¹ã¯é¡§å®¢æ å ±ã®æŒæŽ©ã«ã€ãªãããŸãã
2. æ å ±ã®æŒæŽ©ã»æ¹ãã
ããŒã¿ããŒã¹ãžã®äžæ£ã¢ã¯ã»ã¹ãšãéãªããŸããããµã€ããŒæ»æãåããããšã§ãæ å ±ã®æŒæŽ©ãããŒã¿ãæ¹ããããããªã¹ã¯ããããŸãã
äžåºŠæ å ±ã®æŒæŽ©ã»ããŒã¿ã®æ¹ãããèµ·ããã°ã埩æ§ã«æéããããæ¥åãã¹ãããããŠããŸãã ãã§ãªããäŒæ¥ã®ä¿¡çšåºŠã®äœäžã«ã€ãªããããšãããã§ãããã
ãŸããããŒã¿ã®åŸ©æ§ã«ãããè²»çšãæå®³è³ åã«ãããè²»çšã顧客察å¿ã«ãããè²»çšãªã©ãå€é¡ã®æ害ãçºçããå¯èœæ§ãå¿ããŠã¯ãããŸããã
3. ããŒã¿ã®æ¶å€±
æåŸã«æããã®ããããŒã¿æ¶å€±ã®ãªã¹ã¯ã§ãã人çãã¹ããµãŒããŒåŽã®ãã©ãã«ãªã©ãæ§ã ãªåå ã§ããŒã¿ã®æ¶å€±ã¯çºçããŸãã
æãæå¹ãªå¯Ÿçã¯å®æçãªããã¯ã¢ãããããŠããããšã§ãããããŸããã¯ã©ãŠãåã®ãã©ãŒã äœæããŒã«ã䜿çšããŠããå ŽåãããŒã¿ã¯èªç€Ÿã·ã¹ãã å ã§ã¯ãªãããµãŒãã¹æäŸè ã®ããŒã¿ã»ã³ã¿ãŒã«ä¿ç®¡ãããããšã«ãªããŸãããã®ããã䜿çšããŠããããŒã¿ã»ã³ã¿ãŒã®ææ¡ããããŒã¿ã»ã³ã¿ãŒã§å®æçãªããã¯ã¢ãããè¡ãããŠããã確èªããããšãéèŠã§ãã
ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçã®5ãã€ã³ã
ããã§ã¯ãäžèšã®ãããªã»ãã¥ãªãã£ãªã¹ã¯ãé²ãããã«ãã©ã®ãããªå¯Ÿçãè¡ãã¹ããªã®ã§ããããããã®ãã€ã³ãã5ã€ã«åããŠè§£èª¬ããŸãã
1. éä¿¡ããŒã¿ã®æå·åïŒSSLåïŒ
ãã©ãŒã ããéä¿¡ãããåçããŒã¿ã¯ããµãŒããŒã«ä¿åããããŸã§ã®éä¿¡çµè·¯äžã§ããŒã¿ãçèŽãããããæ¹ãããããããããªã¹ã¯ããããããéä¿¡ããŒã¿ãæå·åããå¿ èŠããããŸããéä¿¡ããŒã¿ã®æå·åã«ãããããŒã¿ã第äžè ã«çã¿èŠãããå±éºæ§ãæžããå®å šã«ããŒã¿ããŒã¹ãµãŒããŒã«æ ŒçŽã§ããããã«ãªããŸãã
éä¿¡ã®æå·åã«ã¯ãSSLïŒSecure Sockets LayerïŒãšåŒã°ããæè¡ãå©çšãããŸãããŠãŒã¶ãŒãå®å¿ããŠãã©ãŒã ãå©çšããããã«ããã©ãŒã ã®SSLåã¯äžå¯æ¬ ãšèšããã§ãããã
ãŸãããã©ãŒã ã ãã§ãªããWebãµã€ãå šäœãSSLåããããšããåžžæSSLåããšåŒã³ãŸãããã©ãŒã ãWebãµã€ãã«åã蟌ãã§éçšããå Žåã«ã¯ãåžžæSSLåã«å¯Ÿå¿ããããšãããããããŸãã
2. ã¢ããªã±ãŒã·ã§ã³/OSã®ã»ãã¥ãªãã£åŒ·å
ã¢ããªã±ãŒã·ã§ã³ãOSã®ã»ãã¥ãªãã£äžã®äžåãçã£ãæ»æã«ãããæ å ±ã®æŒæŽ©ãæ¹ãããèµ·ãããªã¹ã¯ããããŸãã
代衚çãªæ»æææ³ã«ã¯ã以äžã®ãããªãã®ããããŸãã
SQLã€ã³ãžã§ã¯ã·ã§ã³ïŒ
ãSQLããšã¯ãããŒã¿ããŒã¹ãæäœããããã®èšèªã®ããšã§ãSQLã䜿ãããšã§ããŒã¿ã®ç·šéã»æäœãè¡ãããšãã§ããŸãã
SQLã€ã³ãžã§ã¯ã·ã§ã³ãšã¯ããã©ãŒã ã«äžæ£ãªSQLã泚å
¥ããïŒã€ã³ãžã§ã¯ã·ã§ã³ããïŒããšãæããŸããããã«ãããããŒã¿ãäžæ£ã«æäœã§ããSQLãå®è¡ããããŒã¿ãçã¿èŠãããæ¹ããã§ããŠããŸããŸãã
ã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ïŒXSSïŒïŒ
ã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ãšã¯ãä»è
ã管çããWebãµã€ãã«æªæã®ããã¹ã¯ãªãããåã蟌ã¿ãäžæ£ãªã¹ã¯ãªãããå®è¡ããæ»æã®ããšã§ãã
äŸãã°ããã©ãŒã ã«äžæ£ãªã¹ã¯ãªãããå
¥åããã蚪åè
ã®cookieæ
å ±ãå人æ
å ±ãçãŸãããšãã£ã被害äŸããããŸãã
ã¯ãã¹ãµã€ããªã¯ãšã¹ããã©ãŒãžã§ãªïŒCSRFïŒïŒ
ãªã³ã©ã€ã³ãµãŒãã¹ã®å©çšè
ããã°ã€ã³ãããŸãŸäžæ£ãªURLãã¯ãªãã¯ããå Žåã«ãæ¬äººãæå³ããŠããªããªã¯ãšã¹ããéä¿¡ãããŠããŸãããšã§ãã
äžæ£ãªãµã€ããããã©ãŒã ã«ããŒã¿ãéä¿¡ãããæªæã®ããWebãµã€ãã蚪ãããŠãŒã¶ãŒãæå³ããªãå人æ
å ±ãçºä¿¡ãããããŠããŸããŸãã
äžèšã®ãããªæ»æãåããŠããŸãã®ã¯ãããã°ã©ã ã®ã³ãŒãã£ã³ã°ã®äžåããã·ã¹ãã èšèšæã®äžåã«åå ããããŸãã
ãã®ããã察çãšããŠã¯ã
- è匱æ§èšºæ
- å€éšããã®ã³ãŒãã¬ãã¥ãŒ
- æ¹ããæ€ç¥
- WAFïŒWebã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ïŒ
- IDS/IPSïŒäŸµå ¥æ€ç¥/äŸµå ¥é²æ¢ïŒ
ãªã©ãå¹æçã§ãã
3. ã¹ãã ã¡ãŒã«å¯Ÿç
ãã©ãŒã ããã¹ãã ã¡ãŒã«ã倧éã«éä¿¡ããããªã¹ã¯ããããããã¹ãã 察çãå¿ èŠã§ãã
ã¹ãã ã¡ãŒã«ã®éä¿¡è ã¯ããã©ãŒã ã«ããååãã¡ãŒã«ã¢ãã¬ã¹ãšãã£ãé ç®ã«ãé©åœãªè±æ°åã®çŸ åãèšå®ãããã©ãŒã ã«èªåå ¥åããŠéä¿¡ãè¡ããbotïŒãããïŒããçšããŠå€§éã«ã¡ãŒã«ãéããŸãã
ã¹ãã ã¡ãŒã«ã«ã¯ãã¡ãŒã«ãã©ã«ãã®å§è¿«ããµãŒããŒãžã®æªåœ±é¿ãã¡ãŒã«åé€ã®ç ©ããããšãã£ãåé¡ãããäžããŠã€ã«ã¹ææã«ããæ å ±æŒæŽ©ãèµ·ããå¯èœæ§ããããŸãã
ã¹ãã ã¡ãŒã«ã®å¯Ÿçã«ã¯ã以äžã®ããšãè¡ããšå¹æçã§ãããã
- ã¢ã¯ã»ã¹å ã®ãã¡ã€ã³ã»IPãžã®å¶é
- ããã¹ããç»åã«ãããã£ããã£èªèšŒ
- ãã©ãŒã ã«ç¢ºèªç»é¢ãå¿ é é ç®ãèšçœ®
ãŸãããããã®æ¹æ³ãçµã¿åãããããšã§ããå¹æãé«ãŸããŸãã
4. ä¿ç®¡ããŒã¿ã®æå·åã»ããã¯ã¢ãã
ãã©ãŒã ã®åçããŒã¿ãä¿ç®¡ãããå Žæã®ã»ãã¥ãªãã£ã¬ãã«ãéèŠã§ãã
ã¯ã©ãŠãåã®ãã©ãŒã ãµãŒãã¹ãå©çšããå Žåã¯ãåçããŒã¿ãä¿ç®¡ãããããŒã¿ã»ã³ã¿ãŒã®èšçœ®å Žæã確èªããããããŒã¿ã®æ¶å€±ãé²ãããå®æçãªããã¯ã¢ãããè¡ãããŠãããã確èªããŸãããã
5. ã¢ã¯ã»ã¹å¶åŸ¡
ã¯ã©ãŠãåã®ãã©ãŒã äœæãµãŒãã¹ãå©çšããŠããå Žåã¯ã管çç»é¢ãžã®äžæ£ã¢ã¯ã»ã¹ã«ãããããŒã¿ã®çèŽãæ¹ããã®ãªã¹ã¯ãçããŸãã
ãã®ãããªãªã¹ã¯ãé²ãããã管çç»é¢ã«ã¢ã¯ã»ã¹å¯èœãªãŠãŒã¶ãŒã®æš©éãé©åã«èšå®ããŠããããšã倧åã§ããããŒã¿ã®ç·šéãã§ãããŠãŒã¶ãŒãšé²èŠ§ã®ã¿ã§ãããŠãŒã¶ãŒãã¢ã¯ã»ã¹ã§ããªããŠãŒã¶ãŒããã¡ããšåããŠç®¡çããŠããå¿ èŠãããã§ãããã
ããã«ããã°ã€ã³ãŠãŒã¶ãŒã®IPã¢ãã¬ã¹å¶éãè¡ã£ãŠã¢ã¯ã»ã¹ã§ãããŠãŒã¶ãŒãéå®ããããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããªã©ã®äºèŠçŽ èªèšŒãèšå®ããŠäžæ£ã¢ã¯ã»ã¹ãé²ãããšãæå¹ã§ãã
ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçã®ãã€ã³ããŸãšã
ãããŸã§ã«ã玹ä»ããã»ãã¥ãªãã£å¯Ÿçã®ãã€ã³ãããŸãšããŸããã
ãã€ã³ã | å ·äœçãªå¯ŸçäŸ |
éä¿¡ããŒã¿ã®æå·å | ã»SSL/TSL |
ã¢ããªã±ãŒã·ã§ã³/OSã®ã»ãã¥ãªãã£åŒ·å | ã»è匱æ§èšºæ ã»å€éšããã®ã³ãŒãã¬ãã¥ãŒ ã»æ¹ããæ€ç¥ ã»WAFïŒWebã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ïŒ ã»IDS/IPSïŒäŸµå ¥æ€ç¥/äŸµå ¥é²æ¢ïŒ |
ã¹ãã ã¡ãŒã«å¯Ÿç | ã»ã¢ã¯ã»ã¹å
ã®ãã¡ã€ã³ãIPãžã®å¶é ã»ããã¹ããç»åã«ãããã£ããã£èªèšŒ ã»ãã©ãŒã ã«ç¢ºèªç»é¢ãå¿ é é ç®ãèšçœ® |
ä¿ç®¡ããŒã¿ã®æå·åã»ããã¯ã¢ãã | ã»ããŒã¿ã»ã³ã¿ãŒã®ç¢ºèª |
ã¢ã¯ã»ã¹å¶åŸ¡ | ã»ã¢ã¯ã»ã¹ãŠãŒã¶ãŒã®æš©é管ç ã»IPã¢ãã¬ã¹å¶é ã»äºèŠçŽ èªèšŒ |
äž»ãªãã©ãŒã äœæããŒã«ã®ã»ãã¥ãªãã£å¯Ÿç
ãã¡ãã§ã¯ããã©ãŒã äœæããŒã«ã®äžã§ãæåãªGoogleãã©ãŒã ãšããã©ã°ã€ã³ã䜿ã£ãŠãã©ãŒã ãäœæã§ããWordPressã®ã»ãã¥ãªãã£å¯Ÿçã«ã€ããŠãŸãšããŸããã
Googleãã©ãŒã
Googleãã©ãŒã ã¯ãGoogleãæäŸããŠããç¡æã®ãã©ãŒã äœæããŒã«ã§ããã¢ã³ã±ãŒããåãåããããã£ã³ããŒã³ãžã®ç³ã蟌ã¿ãªã©ãæ§ã ãªçšéã§å©çšãããŠããŸãã
Googleãã©ãŒã ã®ã»ãã¥ãªãã£å¯ŸçãšããŠã¯ã以äžã®ãããªããšãè¡ãããŠããŸãã
- ããŒã¿è»¢éæãä¿åãããããŒã¿ã®æå·å
- è匱æ§ã®ç®¡çãäžæ£ãªãœãããŠã§ã¢ã®æ€åº
- Google reCAPTCHAã«ããã¹ãã ã®é²æ¢
- ãã°ã€ã³æã®äºæ®µéèªèšŒèšå®ãå¯èœ
- ããŒã¿ã»ã³ã¿ãŒãäžçäžã«åæ£ããŠä¿æ
ãŸããGoogleã¯ISO27001ãISO27017ãªã©ã®ãã»ãã¥ãªãã£ã«é¢ããåœéèŠæ ŒãååŸããŠããŸãããããã¯å šäžçã§çµ±äžãããã»ãã¥ãªãã£ã®åºæºã§ãããGoogleãåœéçã«èšå®ãããåºæºãã¯ãªã¢ããŠãããšä¿èšŒãããŠããããšã瀺ããŸãã
ãã®ããã«ãGoogleãã©ãŒã ã§ã¯åŒ·åºãªã»ãã¥ãªãã£å¯Ÿçãè¡ãããŠããããšãåãããŸãã
WordPressã®ãã©ã°ã€ã³
ç¶ããŠãWordPressã®ãã©ã°ã€ã³ã䜿çšããŠäœæã§ããã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯ŸçãèŠãŠã¿ãŸãããããã©ãŒã ãäœæã§ãã代衚çãªãã©ã°ã€ã³ã«ã¯ãContact Form 7ãããMW WP FormãããããŸãã
Contact Form 7ã§ã¯ãreCAPTCHAã®èšçœ®ã«ããã¹ãã ãé²æ¢ããããè匱æ§ãä¿®æ£ããããã®ã¢ããããŒããç¶ç¶çã«è¡ããããªã©ã®ã»ãã¥ãªãã£å¯ŸçããããŸãã
ãŸããMW WP Formã§ãåæ§ã«ã¹ãã ã®é²æ¢ãè匱æ§ã®ä¿®æ£ãšãã£ã察çãè¡ãããŠããŸãã
WordPressã®ãã©ãŒã äœæãã©ã°ã€ã³ã«ã¯å€ãã®çš®é¡ããããŸãããå°å ¥ã®éã«ã¯è匱æ§ã«ã€ããŠå ±åãããŠããããå®æçãªã¢ããããŒããè¡ãããŠããããšãã£ãç¹ã確èªããããšã倧åã§ãã
ãŸããWordPressèªäœãžã®äžæ£ã¢ã¯ã»ã¹ãé²ãã ãããµã€ãå šäœãæå·åãããã©ã°ã€ã³ãããã®ã§ããã¡ããæ€èšããããã«ããŸãããã
ã»ãã¥ãªãã£ãèæ ®ãããã©ãŒã ã䜿ããªãformrunããããã
formrunã¯ãåŒç€Ÿã®æäŸãããã©ãŒã äœæããŒã«ã§ãã
- SSL/TSLã«ããéä¿¡ã®æå·å
- é«åºŠãªã»ãã¥ãªãã£èŠä»¶ãæºãããããŒã¿ã»ã³ã¿ãŒãAWSããæ¡çš
- PããŒã¯ãISO27001ã®ååŸ
- 24æé365æ¥ã®ãµãŒããŒç£èŠäœå¶
ãšãã£ãã»ãã¥ãªãã£å¯Ÿçãè¡ãããŠãããã»ãã¥ãªãã£ãéèŠããããšã«å ããäžèšã®ãããªèŠä»¶ãããå Žåã¯ãformrunãã䜿ãããšãããããã§ãã
- çæéã§ç°¡åã«ãã©ãŒã ãäœæããã
- ãã¶ã€ã³æ§ã®é«ããã©ãŒã ãäœæããã
- ãã©ãŒã ã®åçãå¹ççã«ç®¡çããã
ç¡æããå§ããããšãã§ããã®ã§ããã²äžåºŠè©ŠããŠã¿ãŠãã ããã
ãŸãšã
ã¡ãŒã«ãã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçãäžååã ãšãæ å ±ã®æŒæŽ©ã»æ¹ããã®ãªã¹ã¯ãé«ããªããäŒæ¥ã®ä¿¡çšåºŠã®äœäžãæ害ã®çºçã«ã€ãªããããšã«ãªããŸãããã®ãããã©ã®ãããªæ»ææ¹æ³ãããã®ããç¥ãããããã®å¯Ÿçãè¡ã£ãŠããããšãå¿ èŠã§ãã
ããHTMLãCSSã§äœæãããã©ãŒã ã®ã»ãã¥ãªãã£å¯Ÿçãé£ããå Žåã¯ãååã«å¯Ÿçãè¡ããããã©ãŒã äœæãµãŒãã¹ãå©çšããããšãæ¹æ³ã®1ã€ã§ãããããã©ãŒã äœæããŒã«ã«ã¯ããŸããŸãªçš®é¡ãããã®ã§ãæ¯èŒããªãããŽã£ããã®ããŒã«ãèŠã€ããŠã¿ãŠãã ããã
formrunããã©ãŒã äœæã顧客管çã«é¢ããæ å ±ãçºä¿¡ããŠãããŸãã
EFOïŒãšã³ããªãŒãã©ãŒã æé©åïŒãåãåãã察å¿ãªã©ã
ãã©ãŒã ã«é¢ãããæ©ã¿ã解決ããŸãã