֥ȱļԤΤ 
ȼб


󥻥ƥٲѡȥʡåץɥ饤
Ͽ 6ȴ

2008ǯ 4

Ωˡ;ʵ
ͭǤˡ JPCERTǥ͡󥻥󥿡
ˡŻҾ󵻽ѻȶ
ˡ ԥ塼եȥ
ˡ 󥵡ӥȶ
ưˡܥͥåȥƥ


  


1.֥Ȥδ ....................................................................................................................................... 3 


1.1. ط ............................................................................................................................. 3 


1.2. ֥Ȥǵȥ֥ .................................................................................. 4 


1.3. ļԤǤ ................................................................................................. 6 


1.4. ܻŪ ............................................................................................................... 6 


2. ֥Ȥɬפк .............................................................................................................................. 7 


2.1. ȥ֥θȤʤȼ ...................................................................................... 7 


2.2. ³Ūк ............................................................................................. 8 


2.3. к»ܤˤ򤹤٤ ............................................................................... 8 


3. ֥ȤȼĤä ................................................................................................. 9 


3.1. ȼɤΤ褦˸Ĥ뤫 .................................................................................. 9 


3.2. IPAȼ˴ؤϢ ............................................................... 10


3.3. бϰջ׷꤫Ϥޤ ....................................................................................... 10


4. ֥ȱļԤΤȼбޥ˥奢 ...................................................................... 11 


4.1. бΤ˷α ........................................................................................... 12


4.2. ȼ˴ؤΤμ ....................................................................................... 13


4.3. ƥ̵ͭ˴ؤĴ .............................................................. 15


4.4. ƶкθƤ ....................................................................................... 16


4.5. кȤ˴ؤײ ............................................................................................... 17


4.6. кμ» ................................................................................................................ 18


4.7. λ ......................................................................................................... 19


4.8. ¾ ........................................................................................................................ 19
ϿȼˤĤΤκȥåꥹ .................................................. 20 


2 



1.֥Ȥδ
1.1. ط
¿Ͳٲ륦֥ 

ï⤬ưפ˥Ǥ륦֥Ȥϡ󥿡ͥåȥ桼γ
ȤȤˡȯŪáȯŸƤޤ󥿡ͥåȾˤʿ
Υ֥ȤưƤꡢȯ両ƥĤ
ơͭȯͽʤ¿ͲٲƤޤ 

ȤҤΥۡڡߤ뤳ȤϡפˤʤäƤơ
ҸιưϤ󡢾ʤμȯ߸˴󥵥ƥ󥰤
ݡʤɡ֥ȤȤΥӥͥץΰüô
Ƥޤ 

󥿡ͥåȤ¦ 

󥿡ͥåȤˤϡ˸ƾȯꥵӥ󶡤Ǥ
ȤåȤޤˡä̵ LANʤɤοʲˤꡢ
桼ϤɤˤƤ⼫ͳ˥֥ȤѤ뤳ȤǤޤ 

ΰïˤǤѤǤ褦˾˸Ƥ륦֥Ȥϡ
դä軰Ԥͥåȥۤ뤫⤷ʤȤꥹ
Ƥޤ 

ޤߥʤɤˤꡢ׾󤬥󥿡ͥåȾήФ뤳Ȥ
ޤ٥ͥåȥήФ򤹤٤Ʋ뤳ȤԲǽ
˶ᤤȹͤޤ 

桼

׾
ӥͥ
ץ֥
ȯ
߸˴
ݡ
󥿡ͥå
桼
դ
軰

 1-1 ӥͥץΰüô֥Ȥȥꥹ 

3



1.2. ֥Ȥǵȥ֥
ºݤ˥֥ȤǵƤ󥻥ƥΥȥ֥Ȥϡɤ
褦ʤΤǤ礦 

ȥ֥ 1ˤήСƧ沽 

դΤ軰Ԥ֥ȤФԤäꡢ֥
Υƥबԥ塼륹1˴̡Ŀ;ʤɤν׾
褵줿ꡢ֥ȤѤǤ褦˲¤뤳Ȥޤ

2005ǯ 5󶡥ӥ AҤǤϡҤξ󥵥Ȥ
줽б٤줿ᡢɥ桼Υ᡼륢ɥ쥹̤ήФ
ˡӥ 10ߤ򤨤ʤ֤˴٤ޤη̡
 1 5000ߡ2 5000ٸ90Ⱦä
ϰ 80Ⱦ˵ʤɤζŪﳲޤˡ
ƶϼˤȤɤޤ餺衢ɥ桼ʤɤΥ
ۥˤڤӡAҤμҲŪѤ礭»ʤޤ 

ββ
֥ɤμƥ֥ɤμ
嵡ΰＺ嵡ΰＺﳲʾ٤ﳲʾ٤
ˡȿˡȿ

եå󥰺եå󥰺
ؤΰѤؤΰߥߥ
ήоήХ֥Ȥ򽱤ȥ֥륦֥Ȥ򽱤ȥ֥
륹륹
кŪ»㲼кŪ»㲼
 1-2 ֥Ȥǵȥ֥ 

1軰ԤΥץǡ١ФưտŪ˲餫ﳲڤܤ褦˺
줿ץǤꡢǽǽȯµǽİʾͭΡ̾
Ⱦʡ˹𼨡֥ԥ塼륹кסʿ 
12ǯ 
12 
28ǽ

 4



ȥ֥㣲 ߥˤĿ;ή 

ƥԤߥήФΥȥ֥򾷤Ȥ⤢ޤ
ȤСĿ;δޤޤ줿ץե뤬äƥ֥Ȥθǥ
쥯ȥ֤Ƥ륱ǤߥϡФι俷
ƥؤΰܹԤʤɤѹ뤳Ȥ¿ȹͤޤ 

2002ǯ 5ƥƥåȤ BҤĤ륵Ȥǡ 5
ʬθĿ;ޤŻҥե뤬äƱǽʾ֤ˤʤäƤᡢ
ήФƤޤޤήФŻҥեϡ뤳Ȥ
Բǽǡʤե붦ͭեȤ𤷤ƥͥåȥή̤Ƥ
ȸޤʣﳲԤ BҤ˥ץ饤Х˴ؤʾ
򵯤Ϻۤ BҤ˰ߤʧ褦̿Ƚ
ޤ 

ȥ֥㣳 եå󥰺ؤΰ 

ҤΥ֥Ȥեå󥰺2ʤɤȺ԰٤˰Ѥ뤳Ȥ
ޤȤС֥Ȥ˥ȡץƥ3ȼ
4硢Ѥ졢桼ȤͶƳ IDѥ
䥯쥸åȥֹʤɤ򺾼褵ǽޤ 

2006ǯˤϡƺΥ󥵥Ȥ˥ȡץ
󥰤ȼȯ졢ˡȼѤեå󥰥
ȤиޤƱȤΥ桼Ҥˤ餵줿Ȥˤäơܵ
ȤοطӥͥפǤƱҤΥ֥ɤμƤǰޤ 

Τ֥ۤƥब󤷥ӥߤ˴٤äꡢɽƤ
Ȥäȥ֥뤬ȯǽޤ 

2ͻءʶԤ䥯쥸åȥɲҡˤʤɤäŻҥ᡼ꡢꡢ̾
Ըֹ桢쥸åȥֹʤɤθĿ;򺾼褹԰١ʥեåк
Ĳۡڡѡ 
3 WebȤηǼĤʤɤΥץ𤷤ơդΤ륳ɤ桼Υ֥饦
Ƥޤȼ 
4ȼʤ㤯ˡեȥˤơԥ塼
ԥ塼륹ιˤꤽεǽǽ»ʤȤʤ
սꡣ֥ץꥱˤäƤϡ֥ȱļԤ浡ǽˤ
ݸ٤ï⤬Ǥ褦ʡǡƤ֤ޤࡣ

 5



1.3. ļԤǤ
֥ȤǾ󥻥ƥΥȥ֥뤬ȯ硢Υ
ȤαļԤϡɤΤ褦Ω֤Ǥ礦 

ޤĿ;ήФȯˤϡ֥ȤαļԤϤλ
¤ɾģ𤹤ȤȤˡͶʤɤﳲɤ̣Ǥ⡢
ήФĿ;ܿͤˤλݤϢɬפޤ 

ޤ֥ȤαļԤϡ桼ФƥȤΥƥ
ݤǤ̤Ƥʤäơʾ٤оݤȤʤǽ
ޤºݤˤϤΥ֥ȤαĤλȼԤ˰Ƥơ
ȤǤϥȥ֥ȯ˴ͿƤʤäȤƤ⡢ﳲԤ鸫Ǥ
ԡפϰŪˤϤΥȤαļԤǤꡢʾ٤κݤȤʤ뤳Ȥ
ޤ 

ȥ֥򵯤֥Ȥߤ̡夲˰ƶ
ڤܤǽޤˤäƤϡ»׵ᤵ뤳Ȥˤ
ޤ 

ˡ餬ﳲԤǤˤ⤫餺ԥ塼륹򻵤
餹ֲóԡפȤʤäƤ硢ͥåȥҲΰǤȤȤ
ƼҲŪǤ̤Ƥʤ񤵤Ǥ礦ξ硢ԥ塼
륹ζǤʤδθĴ٤褷ʤ¤ꡢ
ƤӥȤƱȥ֥򷫤֤Ȥˤʤ꤫ͤޤ 

1.4. ܻŪ
ܻϡ˥֥ȱļԤ˸ơ֥Ȥȼ⤿
餹ȥ֥ɬפкγ⡢˥֥ȱļԤˤȼ
˾ޤʤɤҲ𤷤Ƥޤ 

طԤϡȼб˸θƤ䡢ºݤб˺ݤ
򻲹ͤˤбޤ褦ꤤ夲ޤ 

6



2. ֥Ȥɬפк
2.1. ȥ֥θȤʤȼ
֥Ȥǵ󥻥ƥΥȥ֥θ¿ϡ
ȥȼˤޤȼȤϡץ˵
ּפǤդΤ軰ԤȼѤԤȡ
곰ϥǡˤդ줿ꡢƤʤϤΥ
ɤƤޤѤơͥåȥۤ˸
¤åǡήСӥߤʤɤ򤵤Ƥޤޤ

֥ȤȼϡCGICommon Gateway Interface˥ץ
ʤɥƥκߥ˵Τ¿ޤˡ
OSδץեȤ䥦֥ץꥱ󥽥եȤȼʤɤ
ȥ֥θȤʤޤ 

դΤꥯ
դΤ륳ޥ
ʤꤹޤ


ɸŪΥԥ塼

ȼѤ԰
¤å
ά衦
Ƨ
ƥ
󥿡ͥå
ȼ򹶷
 2-1 ȼѤ륤᡼ 


7



2.2.³Ūк
ȼкϡ֥ƥδ衦߷סȯ鱿ѡݼޤǡ͡
ʶ̤Ƿ³Ū˼Ȥɬפޤ 

ˤϡ֥ƥ󶡤륵ӥ˷륻ƥǽ
ˤޤ֥ӥΤΥƥΥ󥹤
Ȥ顢ƥݥꥷޤ¿ŪʻǤθƤ˾ޤޤ 

ˡ߷׻ˤϡ񻺤νӥη³
׵٥롢ӥθϰϤʤɤƧޤ˾ޤ륻ƥ
Τˤɬפޤˡ̳εǽ׷Ǥʤ
ȼкθ׵ͤѰդơȯԤȯ٤Ǥ礦

ޤ֥ȤαѻˤϡץեȤ䥢ץꥱ󡢥ե
ȼȯơȥ֥򾷤Ȥޤ
ȼ󤬸ɽ줿ݤŬڤбǤ褦ˡƥ๽
İ³Ū˴뤳ȤɬפǤۡˡȼγǧ
ǤԤȤͭǤˡƥΥƥʥ󥹤俷ƥ
ΰܹԤκݤˤϡΥߥʤå뤳ȤפǤ 

2.3. к»ܤˤ򤹤٤
Ȥˤ󥷥ƥǤԤˤϡ֥Ȥȼ
˴ؤʲ򤷤Ƥɬפޤ 

ޤȼΤʤʥƥۤ뤳Ȥ񤷤Ȥ
Ǥʥƥɵ᤹뤿ˤͽʤФʤ餺
Ū˳˹礤ޤ 

ޤޤǤ˿ƤȤꡢԥ塼ƥϡ֤Ф
ߤƤ꤬ȯФꥹƤơϰǤ⤤İ
Ǥʤʤ뤫狼ޤ󡣤Ĥޤꡢƥΰϻ֤ȤȤ
ȹͤ٤Ǥݻ뤿ˤŬڤʥƥʥ󥹤Բ
Ǥꡢѡݼˤͽȿͼ򤫤ɬפޤѡݼ
åդݤǤʤˤϡλȼԤ˰뤳ȤͭǤ 

ˡΥ֥Ȥȼȯ줿ˤϡͽۤ
Ҥƶ򴪰ƤơŬڤк򤹤٤Ǥͽͼ­
ͳȼ֤Ƥȡ1.2Ǽ褦ʥȥ֥뤬ȯƥ桼
Ǥ򤫤뤳Ȥˤʤ꤫ͤޤ 

8



3. ֥ȤȼĤä
3.1. ȼɤΤ褦˸Ĥ뤫
֥Ȥ˿ȼäȤƤ⡢ȥ֥ʤưƤ
硢˵ŤȤưפǤϤޤ 

ޤ֥ȤǻѤƤץեȤ䥢ץꥱȼ
ɽ뤳ȤΤǡ˾ۤꤹɬפޤ
ˤäƤбϰۤʤΤǡ֥Ȥκǿι
ǧƤ٤Ǥ礦 

ޤդ軰Ԥˤԥ塼륹ؤδ
Υȥ֥䤽ͽ򤭤äȤơץߥ˵
Ȥޤ֥ƥबԿʵư򼨤硢ȼ
򹶷⤵줿ȤǤǽƤ٤Ǥ 

ˡҤΥ֥ȤȼˤĤơ軰ԤŦ뤳
ȤޤȤС桼֥ȤѤƤơ
˥ǤƤޤǽ䡢ץư鲿餫
񤷤Ƥ뵿˵ŤȤޤ桼䤤碌
ˤϡ®䤫Ĵȼ̵ͭǧ٤Ǥ礦 

ȥ֥򤭤ä˵Ť㳰ȯϢ륱 


⤷ơ
Υ֥Ȥˤ
ȼ뤫⡩
ߤ䤫Ĵˤȼ̵ͭǧߤ䤫Ĵˤȼ̵ͭǧ
ﳲﳲ
륹륹
֥ȱļ()ʵ
Ͻ
Ϣ
Ϣ
Ѽȯ
 3-1 ȼ˵Ť 

9


3.2. IPAȼ˴ؤϢ
Ωˡ ʵIPAˤǤϡ֥եȥȼϢ
谷סʿ 16ǯкѻȾʹ 235 5ι𼨤Ƨޤ2004
ǯ 7饽եȥʵڤӥ֥ץꥱȼ˴ؤ
ФդƤޤ6 

IPAǤϡ֥Ȥȼ˴ؤϽФդ硢
֥ȤαļԤˤλݤϢȼкμ»ܤ¥ޤ 

ȼϢ
Ͻ
ȼϢ
Ͻ
ȯ


ȼϢ


ɽ
бν
ɽĴĴ
ɽηꡢ
Ĵ
ȤϢ


ĿͥƥƳ
ٱ
ե
ȯ
ȼϢή
եȥ
ʤȼ
WebȤ
ȼ
б 
ȼϢ
桼
𤵤줿
ȼϢ 
Ƴǧ
աʬϵ
ʬϻٱ絡
ʤ 
Webȱļ 
ڡк»
Ŀ;ϳϻ´طɽ
ȼкݡ
ƥкʶĲ
JPCERT/CCͭǤˡ JPCERTǥ͡󥻥󥿡Ωˡͻȵ縦
 3-2 󥻥ƥٲѡȥʡåפΤ 

3.3. бϰջ׷꤫Ϥޤ
֥Ȥȼȯ줿ꡢդ軰Ԥι䥳ԥ塼
륹꤬ȯΥȥ֥бϡȥ֥ɥ
μƤбĴפɤ뤬»ˤĤʤ꤫ͤޤ󡣤äơ
̳θξΤ褦ŪαĹȤªΤǤϤʤȷ³
δªȤȤƤΰջ׷˴Ťнؿˤ
󼨤٤Ǥ 

ޤλȼԤݼ̳ƤˤϡȼкˤĤ
Ƥ˴ޤᡢ۵޻ˤ߳б褦ˤĤ
Ƥ餫դƤȤ˾ޤޤ 

5 http://www.meti.go.jp/policy/netsecurity/vulhandlingG.html 
6 http://www.ipa.go.jp/security/vuln/index.html 

10



4.֥ȱļԤΤȼбޥ˥奢
֥ȱļԤϡȼ̵ͭˤĤƤĴ˳ǧɬפ
ȼץŬѤȤäкԤޤޤȼ
Ĥƴط䡢ȤѼԤȤδ֤Ϣ
֥¦Ǿνȴôޤ 

нˤäƤˤ䡢кηײ򥦥֥ȱļԼȤȽ
˴ŤƹԤȤɬפȤʤޤ 

֥ȱļԤȼ˴ؤϢäݤн
ή򲼿ޤ˼ޤ 

1.ȼ˴ؤΤμ
2. ƥ̵ͭ˴ؤĴ
3. ƶкθƤ
4. кȤ˴ؤײ
5. кμ»
6. λ
 4-1 ȼϢؤнή 

11



4.1.бΤ˷α
ʣ˳Ϣݤб 
ȼϢΤݤˤϡIPAȯԤޤطԴ
ɤߥ˥ݻ뤳Ȥб븰Ȥʤޤ 
ȯŪŪ˹Ԥȼ٤ȡ³ǧޤ
褦뤳ȤȤʤޤ֥ȱļԤˤȤäƤôˤʤ
ޤнˡײǡǽϰϤ
ȤڤǤ 

ʣ˥ȥ֥뤬ȯƤȼؤб 
֥Ȥˤ륻ƥΥȥ֥ФƤϡȯο®
бɬפǤƧˤƤ硢եå󥰺
˰ѤƤ硢륹򻵤餷Ƥˤϡޤ
֥ȤߤﳲɤޤäơĿ;ϳ̤ѼԤؤ
륹ȯˤϡ®䤫ﳲ¤θɽ˾ޤޤ 

ȥ֥ϡ륹˥֥Ȥμȼ
ƵޤﳲɻߤΤˤϡ륹ζƻ붯ν
Ǥʤ֥ȤȼǤǽθǫĴ
Ԥäơַ򸫤ĤƺɤפȤڤǤ 

ȼؤμƤʬǤʤޤޥӥ³󶡤кƤﳲ
ǽ⤢ޤȼĴ佤ˤϺȻ֤ɬפ
ޤˤäƤϥȤŪߤȤäǤɬפǤ 

֥ȱļԤϡﳲ¤θɽ䥵ӥƳΥߥ󥰤θ
ʤ顢ȼ˴ؤ뵻ŪȤʤƤɬפޤ 

ʣSIȼԤȤζ 
Ȥαķ֤ˤäƤϡSIȼԤ˾Ϥ̤ȼγ
ǧк»ܤ˴ؤŪȤꤹꤵޤȼؤ
нˤĤ SIȼԤζϤˤĤƤϳƼα򼨤ޤ
ΤǻͤˤƤ 

нξܺ٤ʺȤˤĤƤϡSIȼԤˤȼϢ谷˴ؤ
ȼΤΥ󥹡סʼˡ 󥵡ӥȶ񡢼
ˡ ŻҾ󵻽ѻȶ 7⻲ͤȤʤޤ 

7 http://www.jisa.or.jp/report/2004/vulhandling_guide.pdf 

12



4.2. ȼ˴ؤΤμ
֥ȱļԤϡȤΥ֥ץꥱȼϢ
ˤĤΤդΩˤޤ 
ʳǤϡ֥ȱļԤϰʲκȤԤޤ 

(1)ȼϢŬڤôԤؤμϤ 
(2)ΤΤݤֿ 
(3)IPAȯԤȤϢʤγΩΰ층Ź沽᡼λѡ
¤ꡢϢϿκ 
(4)ȿбγǧôԡ衦ơջ׷ץ
 
(5)SIȼԤؤκȰԤɤȽ 
(6)ȯԤľܾ򴹤ԤɤȽ 
(7)IPAȯԤؤγǧȼΤͤïȼϢ
ɽǽȻ  

ΤϡIPA֥ȱļԤΤƤȡȯԤ
ļԤľΤƤ 2Ĥ礭ʬ뤳ȤǤޤʲ
줾ξˤĤƼޤ 

ξˤĤƤ⡢֥ȱļԤϡΤäݤ
®䤫˹Ԥ褦ؤƤ 

 IPAϢб 
֥Ȥ˴ؤȼϢȯԤ IPAϽФ줿
ˤϡIPA饦֥ȱļԤΤԤޤIPAΤ
Żҥ᡼vuln-contact@ipa.go.jpˤѤ 3ʳǹԤޤ 

 1ʳ

IPAȼβǽ륦֥Ȥ˵ܤ줿Ϣ襢ɥ
˥᡼ޤΥ᡼Ǥȼβǽ륦
Ȥ URLΤ餻ޤȼξܺ٤ʾޤ 

֥ȱļԤϡܺ٤ʾϢб
Ȥ륢ɥ쥹ˤ򵭺ܤ᡼ IPAֿƤ 

13



 2ʳ
֥ȱļԤбɥ쥹˰ƤŻҥ᡼ǡ
Ϣ᡼ѤŹ沽ˤĤƳǧޤ 

 3ʳ

֥ȱļԤбɥ쥹ƤŻҥ᡼ǡ
ܺ٤ȼϢΤޤȼϢϡ˵
Ūʾǡȼμ䡢ꤵꥹξ
ߤޤ 

ޤΰʸΥ᡼ˤϡ谷ֹ㡧IPA12345678
դޤIPAϢԤݤˤϤֹѤޤ 
IPAܺپäˤϡΤݤ IPAֿ
 

IPAȼϢΤȯԤ̾ϥ֥ȱļԤ
Τޤ󡣤ʤ顢Ĵʤɤǥ֥ȱļԤ˾
ȯԤ⤳Ʊդˤϡ򴹤뤹٤Ƥμ̤ IPA
󶡤뤳ȤˡȼϢξܺ٤˴ؤȯԤľܾ
򴹤ԤȤ٤ޤ 

 ȯԤľϢб 
ȯԤ IPA𤵤ľܥ֥ȱļԤȼϢ
ΤƤ뤳ȤޤξϡȯԤ¤äؤ
Ƥ IPAϽФ褦ȯԤ˵Ȥ
ޤ 

ȼϢΤ줿ˤϡʲδϢ󤬴ޤޤ뤫ǧ
ޤξ󤬴ޤޤƤʤˤ IPA뤤ȯԤ䤤
碌Ƥ 

1) ȼϢ IPA¾ԤΡʸɽˤɤ 
2) ȼϢȯԤɽջסɽʤͽꤹ 
SIȼԤ̤ 

ȱѤˤĤ SIȼԤ˰ꤷƤ硢뤤ϡΤ
ΤΥ֥ȱļԼȤˤн褬ȽǤˤϡSI
ȼԤ̤ʤбʤ򤪾ᤷޤ 

14



4.3. ƥ̵ͭ˴ؤĴ
֥ȱļԤϡΤȼˤĤƤ̵ͭǧ
äɾޤ 
ʳǤϡ֥ȱļԤϰʲκȤԤޤ 

(1)ǧȤɬפʥ꥽γݡطԤؤζ 
(2)꤬륦֥ƥ 
(3)Ŧ줿ȼˤĤʤ븽ݤκƸ 
(4)ȼθȯ 
(5)IPA뤤ȯԤؤοĽϢ 

ȼ¸ߤǧΤʳǤϡ⤿餵ﳲŬڤ
к̤ΤǤϤޤꤵﳲк餫ˤȤ
ĤƤϡ٤ξİѤޤ˲ƷײŪ˺ȤԤޤ

ȼ¸ߤ̵ͭΤˤʤäʳǡȼ˴ؤϢ󤻤Ƥ
IPA뤤ȯԡˤˡȼ¸ߤƤˤĤ
ǧݤϢƤ 

IPAΤݤˤϡIPA̤ʤнʤ뤳ȤǤ
ޤ⤷ȼ򤦤ޤƸǤʤξˤϤ̤ 

SIȼԤĴꤹ 

ǧȤˤĤ SIȼԤ˰ꤹˤϡаޤȴˤĤ
ƤSIȼԤȼϢ󶡤ݤˤϼ
餦褦ˤޤʰʸμǤƱͤǤˡλˤ SIȼ
ǧƤˤĤƤϴʷäƤ 

15



4.4. ƶкθƤ
Ū˥֥ȤĴԤս꤬ڤܤƶΤˤ
ˡƤޤʳǤϰʲκȤԤޤ 

(1)Ȥɬפʥ꥽γݡطԤؤζ 
(2)ȼαƶϰϤĴ 
(3)кŬѤαƶ٤Ĵ 
(4)ˡθƤ 
(5)塼θѤ 
(6)бѤθѤ 
(7)Ƥ𤪤б˰ƤΤȤޤȤ 

IPAΤ硢塼ˤĤƤϡܺپΤ
Ƥ 3ܽбƤ3Ǥб񤷤
硢бפ֤θѤ IPAˤϢ 

SIȼԤкθƤꤹοʤ 

SIȼԤˤϾ嵭(2)(7)ζŪܤˤĤƤĴƤꤷޤ
֥ȱļԤ SIȼԤ˾嵭ĴȤʤɬפʥƥ
˴ؤ󡢺ȤɬפʴĶ丢Ŭ󶡤SIȼԤȤޤ
᤿Ƥ𤪤б˰ƤȤäƤ 

16



4.5. кȤ˴ؤײ
кȤ˼ݤ˷ײΩƤޤSIȼԤкμ»ܤꤹ
ˤϡȷײ¾ĤλˤĤĴϤդȤޤ
ʳǤϰʲκȤԤޤ 

(1)ޤǤ˼ȶͭ 
(2)Ȥ˴ؤγǧ 
(3)кܻͥβ 
(4)ѡͰȻ֡¾к»ܤɬפʥ꥽γ 
(5)кײγ 
(6)ȻϢγǧ 
(7)ȼ»ܤ˷ SIȼԤȤĴ 

ΤäȤ˴ؤơιôԤ䱿ôԤȤδ֤Ƿ
󤬤СƤǧƤޤ 

ޤǤ餫ˤʤäƴطԤǶͭǧ
֥ȱļԤȤơȤʤȼˤɤΤ褦бԤ
ˤĤƴŪбˤꤷޤ碌кȤɬפѡ
ȻΥ꥽γݤˤĤƤȿƱդäƤޤ 

ޤǤκȤǺкƤ١к˴ؤײꤵ
ޤȻϢˤĤƤǧƤޤ 

SIȼԤкμ»ܤꤹ 

SIȼԤкμ»ܡʼˤꤹˤϡƤб˰
١ˤơ֥ȱļԤ SIȼԤǷײβޤ
ˤѡ塼롢¾꥽γݤˤĤƤĴޤޤ
ޤޤSIȼԤĽ륿ߥ󥰤ˤĤƤײ褷Ƥ
ޤʺȤ礭ܡȤĹˤϰ ˡ 

17



4.6. кμ»
ȷײ˴Ťк»ܤޤѼԤˤ뽤Ȥ濴Ȥʤ
Ʊ˥ȤαѤ˴ؤαդɬפȤʤޤ 
֥ȱļԤ SIȼԤ˼»ܤꤹˤϡSIȼԤϻ
ĴȤ»ܤޤʳǤϰʲκȤԤޤ 

(1)кȤȼ˴ؤ륵ѼԤؤΥʥ 
(2)ѼԤؤκȼ»ܴؼʤ󶡡 
(3)κ 
(4)ĶǤΥƥȤȼ»ܼ 
(5)кμ»Ŭ 
(6)к̤γǧ 
(7)ѼԤ䤤碌ؤб 
(8)Ľκ 

֥ȱļԤϡȤѼԤФƺȤȼȰ
Υʥ󥹤Ԥޤ碌ƺѼԤؤб
ʤ󶡡䤤碌ؤ ˤˤĤɬפʼۤԤޤ 

к»ܤεŪʬμϡκĶǤΥƥȤȼ»
ꡢкμ»Ŭѡк̤γǧ 4ʳʤޤ 

к̤γǧ˺ݤƤϡŬڤͭкܤƤ뤳Ȥ
ǡǧޤǿкˤĤƾĳδƺ٥Ѥ
뤳ȤͭǤ 

SIȼԤкμ»ܤꤹ 

кμ»ܤˤĤ SIȼԤ˺Ȥꤹˤϡ˼褦
ײ˱äƿʤƤĽˤĤƤŬ褦ˤޤ

 18



4.7. λ
ȼбλ顢֥ȱļԤϰʲκȤԤޤ 
(1)IPAȯԤؤνλ 
IPAϢбäˤϽλʼ谷ֹ桢
ݤΥ֥URLбơˤ IPAؤꤤޤ 

4.8. ¾
Ȥʤäȼ˴ϢơĿ;ϳΥȥ֥뤬ȯ
ˤϡΤ˴ؤԤޤˤϡѼԤؤιΡ
̳ģؤޤޤޤޤĿ;ήФˤϡ
ﳲɤˡƶǽΤܿͤ˲ǽʸ¤Ϣ뤳
˾ޤޤ8 

8ܸĿ;ݸĿ;ݸ˴ؤ륬ɥ饤ˤĤ 


http://www5.cao.go.jp/seikatsu/kojin/gaidorainkentou.html 

19



ϿȼˤĤΤκ åꥹ

IPAȯԤȼ˴ؤϢݤнˤĤơΤή
ʬ褦ˡʳγפʷ˼ʳǥ֥ȱļԤ
ưǼޤ 

No å å SIȼ
ϲ
ǽʹ
.ȼ˴ؤΤμ 
(1) ȼϢŬڤôԤؤμϤ  
(2) ΤΤݤֿ  
(3) IPAȯԤȤϢʤγΩ  
(4) ȿбγǧ  
(5) SIȼԤؤκȰԤɤȽ  
(6) ȯԤľܾ򴹤ԤˤĤƤȽ   
(7) IPAȯԤؤγǧ   
.ƥ̵ͭ˴ؤĴ 
(1) ǧȤɬפʥ꥽γݡطԤؤζ  
(2) ꤬륦֥ƥ   
(3) Ŧ줿ȼˤĤʤ븽ݤκƸ   
(4) ȼθȯ   
(5) IPA뤤ȯԤؤοĽϢ 
.ƶкθƤ 
(1) Ȥɬפʥ꥽γݡطԤؤζ  
(2) ȼαƶϰϤĴ   
(3) кŬѤαƶ٤Ĵ   
(4) ˡθƤ   
(5) 塼θѤ   
(6) бѤθѤ   
(7) Ƥ𤪤б˰ƤΤȤޤȤ   

20



.кȤ˴ؤײ 
(1) ޤǤ˼ȶͭ   
(2) Ȥ˴ؤγǧ  
(3) кܻͥβ   
(4) ѡͰȻ֡¾к»ܤɬפʥ꥽
 
 
(5) кײγ   
(6) ȻϢγǧ   
(7) ȼ»ܤ˷ SIȼԤȤĴ   
.кμ» 
(1)кȤȼ˴ؤ륵ѼԤؤΥ
 
 
(2) ѼԤؤκȼ»ܴؼʤ󶡡   
(3) κ   
(4) ĶǤΥƥȤȼ»ܼ   
(5) кμ»Ŭ   
(6) к̤γǧ   
(7) ѼԤ䤤碌ؤб  
(8) Ľκ   
.λ 
(1) IPA뤤ȯԤؤνλ  

21



ܻΰդ
ǯܹˤƥեȥ䥦֥ץꥱȼȯ뤳ȤƤ
ꡢȼѤ԰٤䥳ԥ塼륹äˤꡢȳưߤ
񻺤ǼĿ;ϳ̤ȤäﳲƤޤ 
ǡȼϢȯ줿ˡɤΤ褦˼갷٤򼨤кѻ
ʹ𼨡֥եȥȼϢ谷פꤵ졢ι𼨤դޤطԤ˿侩
٤ȤޤȤ᤿־󥻥ƥٲѡȥʡåץɥ饤 ɽƤޤ 
ܻϡΥɥ饤2008ǯ 4 4ǡˤϿ6֥֥ȱļԤΤȼ
ޥ˥奢פʸȴ褷֥Ȥȼ⤿餹Ūʥȥ֥䱿ļԤ
Ǥ֥Ȥ˵³ŪкȼĤäбʤɤ⤷Τ
˥֥ȱļԤˤѤꤷƤꡢȼ˴ؤΤ˾ޤ
ˤĤơĤˤ򼨤Ƥޤ 
طԤϡȼб˸θƤ䡢ºݤб˺ݤܻ򻲹ͤˤб
ޤ褦ꤤ夲ޤ 
ܻۤ¤Ϥޤܻϡ URLɤǤޤ 
http://www.ipa.go.jp/security/ciadr/partnership_guide.html 
http://www.jpcert.or.jp/vh/#guideline 
ȼϢή̤δȤߡ־󥻥ƥٲѡȥʡåס 
ȼϢ
Ͻ
ȼϢ
Ͻ
ȯ


ȼϢ

ˡ
ɽ
бν
ɽĴĴ
ɽηꡢ
Ĵ
ȤϢ


ĿͥƥƳ
ٱ
ե
ȯ
ȼϢή
եȥ
ʤȼ
WebȤ
ȼ
б
ȼϢ
桼
𤵤줿
ȼϢ 
Ƴǧ
աʬϵ
ʬϻٱ絡
ʤ 
Webȱļ
ڡк»
Ŀ;ϳϻ´طɽ
ȼкݡ
ƥкʶĲ
JPCERT/CCͭǤˡ JPCERT ǥ͡󥻥󥿡Ωˡ ȵ縦
ܻ˴ؤ뤪碌 
Ωˡ ʵάΡIPA ƥ󥿡 
113-6591 ʸܶ 28 8 ʸ꡼󥳡ȥ󥿡ե 16 
http://www.ipa.go.jp/security/ TEL: 03-5978-7527 FAX: 03-5978-7518 
ȼϢ
Ͻ
ȼϢ
Ͻ
ȯ


ȼϢ

ˡ
ɽ
бν
ɽĴĴ
ɽηꡢ
Ĵ
ȤϢ


ĿͥƥƳ
ٱ
ե
ȯ
ȼϢή
եȥ
ʤȼ
WebȤ
ȼ
б
ȼϢ
桼
𤵤줿
ȼϢ 
Ƴǧ
աʬϵ
ʬϻٱ絡
ʤ 
Webȱļ
ڡк»
Ŀ;ϳϻ´طɽ
ȼкݡ
ƥкʶĲ
JPCERT/CCͭǤˡ JPCERT ǥ͡󥻥󥿡Ωˡ ȵ縦
ܻ˴ؤ뤪碌 
Ωˡ ʵάΡIPA ƥ󥿡 
113-6591 ʸܶ 28 8 ʸ꡼󥳡ȥ󥿡ե 16 
http://www.ipa.go.jp/security/ TEL: 03-5978-7527 FAX: 03-5978-7518 
֥ȱļԤΤȼб 
 󥻥ƥٲѡȥʡåץɥ饤 Ͽ 6ȴ [
ȯ ]ǯ  裱 

ǯ   裲 
[ ] 󥷥ƥȼμ谷˴ؤ븦 
[ ̳] Ωˡ ʵ 


