Documente Academic
Documente Profesional
Documente Cultură
de Seguridad Cibernética
Montevideo, Uruguay
Noviembre de 2010
AGENDA
bad.dnset.com bad5.dnset.com
bad7.pcanywhere.com
122.224.x.x 216.134.x.x
66.124.x.x
very.bad.otzo.com bad6.otzo.com
66.124.x.x 66.104.x.x
7
Caso Práctico
• Einstein I (E1)
Netflow
• Einstein II (E2)
Intrusion Detection System
• Cada intrusión involucra múltiples dominios DNS, pero siempre se
inicia con una devolución de llamada
• Resolución de DNS cambia múltiples veces durante cada intrusión;
Bloqueo de IPs es corto, corto en términos de solución.
• En mas del (>70%) intrusiones, hay varios días entre el
compromiso inicial comprometido y la actual actividad C2 en la Red.
• ChangeIP no es solo un juego en la ciudad, también vemos mucha
maldad y miedo, 3322 y Sitelutions
Caso Práctico
• CODIGO MALICIOSO
• TabNabbing
Ingeniería Social
• PRIORIDADES
o Expansión de internet a toda la población.
- iniciativas Privadas < Banda Ancha
- iniciativas Pública > Inclusión Digital
o Crecimiento seguro de E-Goverment
o Seguridad y rapidez
o Controles de los .gob (esferas de gobierno)
o Cloud computing – Redes Sociales
Uso por el gobierno
o Cyber Seguridad x Defensa cibernética
- Papel del CSIRT
Open Source Incident
Management Use Case:
* Consider Implementing support to Graph-Databases. CERT/CC will be releasing a Technical Note in 2011 on this topic
Communicate - 2
E-Mail
• Managing Email Groups
– Automated
– Spam Filtering
– Built in AV
– Moderated
– Privacy
• LISTSERV
– www.lsoft.com/products/lists
erv.asp
Communicate – 3
Secure Instant Messaging, IRC, QoS for data throughput management
Requested Attributes in WHOIS
and PGP SILC Public Key format
passphrase and public key auth based on digital signatures
• Gnu Privacy Guard AES, Twofish, Cast-256, Blowfish, RC5
– PGP Compatible SHA-1, MD5 RSA (PKCS #1 version 1.5)
Diffie-Hellman key exchange (PKCS #3)
• www.gnupg.org/ CBC, Randomized CBC
default 256 bits, 192 bits, 128 bits
public key default 2048 bits, up to 16384 bits
• IRC and IM Diffie-Hellman groups: 1024 bits, 1536 bits, 2048 bits
cryptographically strong random number generator
– Use PGP Keys for
authentication
– Provide conference chat like
capability securely
– Compatible client to use with
other IM and IRC servers
• SILC Pidgin and SILC Server
– silcnet.org/
Communicate - 4
Data Visualization
• Integrate with tickets
• Populate reports
• Interactive analysis
– Network Data
• www.eqnets.com
– Security Visualization
• Secviz.org
Monitor - 1
Server and Application Status
• Push and Pull status
• Customizable Front Ends
• Add-ons for Notification
Capabilities
– to incorporate into ticketing
systems
• Systems of System capable
• Nagios
– www.nagios.org/
Monitor - 3
Intrusion Detection
• Network Sensor
– Snort www.snort.org/
– Bro IDS www.bro-ids.org/
– YAF tools.netsa.cert.org/
• Analyst Console
– Sguil www.sguil.org/
Analysis
Malware Forensics
• Sandbox • CAINE Live CD
– mwanalysis.org/ – caine-live.net
– www.norman.com/security_c • CERT Forensics Appliance
enter/security_tools/
– www.cert.org/forensics/repos
• Antivirus itory/
– Clam AV • Forensics Wiki
• Network Packets – www.forensicswiki.org
– Wireshark • Create VM’s from disk
– chaosReader.pl images
– liveview.sourceforge.net
National Cyber Security Division
Cyber Security Overview
November 17, 2010
Cyber Infrastructure
Emergency
Services
Transportation
Banking &
Finance
Illustrative examples only -- not all inclusive
Government Energy
4/20/2019 33
Interdependencies between physical and cyber infrastructures can
lead to cascading effects in an attack or catastrophic event
4/20/2019 34
CONCLUSIONES