Spanish Honeynet Project
-
Upload
conferencias-fist -
Category
Technology
-
view
689 -
download
1
description
Transcript of Spanish Honeynet Project
![Page 1: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/1.jpg)
The Spanish Honeynet Project 1
The Spanish Honeynet Project
Raúl Siles ([email protected])
FIST Conference Febrero/Madrid 2005
![Page 2: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/2.jpg)
The Spanish Honeynet Project 2
Agenda
• Honeynets• The Honeynet Project• The Spanish Honeynet Project• Presente y futuro
![Page 3: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/3.jpg)
The Spanish Honeynet Project 3
Ponente
• Raúl Siles• Ingeniero Informático – UPM• Consultor Técnico de Seguridad HP• CCNP, GCIH, GCIA, GSNA, GCUX,
GCFW, GCFA• GSE
![Page 4: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/4.jpg)
The Spanish Honeynet Project 4
Honeynets
• Problema• Conceptos básicos• Características• Lecciones aprendidas• Honey-things• Aspectos legales• Honeynets: productos comerciales
(03:00)
![Page 5: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/5.jpg)
The Spanish Honeynet Project 5
Honeynets: problema
¿Cómo podemos defendernos contra un enemigo, cuando ni siquiera sabemos
quién es?
Aprendiendo cuales son las herramientas, tácticas y motivacionesde la comunidad blackhat, y compartiendo las lecciones aprendidas.
![Page 6: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/6.jpg)
The Spanish Honeynet Project 6
Honeynets: conceptos (1)
• Redes trampa• Fuera de producción (< falsos
positivos)• Tráfico ilegítimo por naturaleza• Valor principal: información• Nuevos ataques• Comunicaciones encriptadas o IPv6
![Page 7: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/7.jpg)
The Spanish Honeynet Project 7
Honeynets: conceptos (2)
• Interacción: – Baja: emulación (honeyd)– Alta: sistemas reales – RIESGO –
• Generaciones: – Gen I (routing + NAT)– Gen II (bridging)
• Honeypots reales y virtuales
![Page 8: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/8.jpg)
The Spanish Honeynet Project 8
Honeynets: conceptos (3)
Imag
en e
xtra
ída
de:
http
://w
ww
.hon
eyne
t.or
g/sp
eaki
ng/h
oney
net_
proj
ect-
2.1.
2.pp
t.zi
p
![Page 9: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/9.jpg)
The Spanish Honeynet Project 9
Honeynets: características
• Control de datos• Captura de datos• Análisis de datos
![Page 10: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/10.jpg)
The Spanish Honeynet Project 10
Honeynets: control
Internet
Honeywall
Honeypot
Honeypot
No Restrictions
Connections Limited Packet Scrubbed
Imagen extraída de: http://www.honeynet.org/speaking/honeynet_project-2.1.2.ppt.zip
![Page 11: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/11.jpg)
The Spanish Honeynet Project 11
Honeynets: captura (1)
Imagen extraída de: http://www.honeynet.org/tools/sebek/sebek_intro.png
![Page 12: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/12.jpg)
The Spanish Honeynet Project 12
Honeynets: captura (2)
Imagen extraída de: http://www.honeynet.org/speaking/honeynet_project-2.1.2.ppt.zip
![Page 13: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/13.jpg)
The Spanish Honeynet Project 13
Honeynets: análisis
• Análisis forense de red• Análisis forense de sistema• Malware: ingeniería inversa
![Page 14: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/14.jpg)
The Spanish Honeynet Project 14
Honeynets: lecciones aprendidas
• Chantaje mediante DDoS• Redes de intercambio de tarjetas
de crédito• Evolución de honeypots Linux
![Page 15: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/15.jpg)
The Spanish Honeynet Project 15
Honey-things
• Honeypots• Honeynets• Honeytokens• Honeypots cliente…
![Page 16: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/16.jpg)
The Spanish Honeynet Project 16
Honeynets: aspectos legales
• Monitorización de datos– Cabeceras– Contenidos
• Daños colaterales: responsabilidad• Evidencias forenses
![Page 17: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/17.jpg)
The Spanish Honeynet Project 17
Honeynets: productos comerciales
• Open-source• Symantec Decoy Server (ManTrap)• NetBait• PatriotBox, KFSensor, Specter IDS
http://www.tracking-hackers.com/solutions/
![Page 18: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/18.jpg)
The Spanish Honeynet Project 18
The Honeynet Project
http://www.honeynet.org1999-2005 (4 fases)
Lance Spitznerhttp://www.honeypots.com
![Page 19: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/19.jpg)
The Spanish Honeynet Project 19
The Honeynet Project (2)
• Documentación: “Known Your Enemy” (KYE)http://www.honeynet.org/papers/
![Page 20: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/20.jpg)
The Spanish Honeynet Project 20
The Honeynet Project (3)
• Herramientas:http://www.honeynet.org/tools/
- Honeywall (CD-ROM)- Control- Captura- Análisis
![Page 21: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/21.jpg)
The Spanish Honeynet Project 21
The Honeynet Project (4)
• Desafíos (Challenges):http://www.honeynet.org/misc/chall.html
- SotM (+30) – 2004: “SotM32”- Reverse (posición 11) - 2002- Forensic (posición 10) - 2001
![Page 22: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/22.jpg)
The Spanish Honeynet Project 22
The Honeynet Project: Research Alliance
http://www.honeynet.org/alliance/(20 organizaciones)
• Mailing list (“Honeypots”):http://www.securityfocus.com/archive
![Page 23: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/23.jpg)
The Spanish Honeynet Project 23
The Spanish Honeynet Project
http://www.honeynet.org.es
• Objetivos• Miembros• Recursos• Proyectos futuros
![Page 24: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/24.jpg)
The Spanish Honeynet Project 24
SHP: Objetivos
![Page 25: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/25.jpg)
The Spanish Honeynet Project 25
SHP: Miembros
• Diego González Gómez (*) - HIS• Javier Fernández-Sanguino• Jorge Ortiz• Raúl Siles• David Pérez
![Page 26: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/26.jpg)
The Spanish Honeynet Project 26
SHP: Recursos
• Documentación• Herramientas/Scripts• Informes
![Page 27: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/27.jpg)
The Spanish Honeynet Project 27
SHP: Proyectos futuros
• Consolidación del entorno• Honeynet SPAM• Honeynet Wi-Fi (802.11)• Honeypots cliente
![Page 28: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/28.jpg)
The Spanish Honeynet Project 28
Presente y futuro (1)
• Honeynets distribuidas• Phishing, IPV6, bots…• Honeypots cliente• Honeypots avanzados:
– Sistema y aplicaciones– DNS, Google…
![Page 29: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/29.jpg)
The Spanish Honeynet Project 29
Presente y futuro (2)
• HoneyWall: – eeyore – v0.69 – roo
• Correlacción de información: Hflow y Walleye
• Entornos de producción en España
![Page 30: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/30.jpg)
The Spanish Honeynet Project 30
¡¡Muchas gracias!!
¿Preguntas?
FIST Conference Febrero/Madrid 2005
![Page 31: Spanish Honeynet Project](https://reader033.fdocuments.us/reader033/viewer/2022061216/54b194144a79594a5a8b4578/html5/thumbnails/31.jpg)
The Spanish Honeynet Project 31
Attribution-NonCommercial-NoDerivs 2.0
You are free:to copy, distribute, display, and perform the work Under the following conditions:
Attribution. You must give the original author credit.
Noncommercial. You may not use this work for commercial purposes.
No Derivative Works. You may not alter, transform, or build upon this work.
For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above.This is a human-readable summary of the http://creativecommons.org/licenses/by-nc-
nd/2.0/.