Spanish Honeynet Project

728 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
728
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Spanish Honeynet Project

  1. 1. The Spanish Honeynet Project Raúl Siles (raul.siles@hp.com) FIST Conference Febrero/Madrid 2005 The Spanish Honeynet Project 1
  2. 2. Agenda• Honeynets• The Honeynet Project• The Spanish Honeynet Project• Presente y futuro The Spanish Honeynet Project 2
  3. 3. Ponente• Raúl Siles• Ingeniero Informático – UPM• Consultor Técnico de Seguridad HP• CCNP, GCIH, GCIA, GSNA, GCUX, GCFW, GCFA• GSE The Spanish Honeynet Project 3
  4. 4. Honeynets (03:00)• Problema• Conceptos básicos• Características• Lecciones aprendidas• Honey-things• Aspectos legales• Honeynets: productos comerciales The Spanish Honeynet Project 4
  5. 5. Honeynets: problema¿Cómo podemos defendernos contra un enemigo, cuando ni siquiera sabemos quién es?Aprendiendo cuales son lasherramientas, tácticas y motivacionesde la comunidad blackhat, y compartiendolas lecciones aprendidas. The Spanish Honeynet Project 5
  6. 6. Honeynets: conceptos (1)• Redes trampa• Fuera de producción (< falsos positivos)• Tráfico ilegítimo por naturaleza• Valor principal: información• Nuevos ataques• Comunicaciones encriptadas o IPv6 The Spanish Honeynet Project 6
  7. 7. Honeynets: conceptos (2)• Interacción: – Baja: emulación (honeyd) – Alta: sistemas reales – RIESGO –• Generaciones: – Gen I (routing + NAT) – Gen II (bridging)• Honeypots reales y virtuales The Spanish Honeynet Project 7
  8. 8. The Spanish Honeynet Project Honeynets: conceptos (3) Imagen extraída de: http://www.honeynet.org/speaking/honeynet_project-2.1.2.ppt.zip8
  9. 9. Honeynets: características• Control de datos• Captura de datos• Análisis de datos The Spanish Honeynet Project 9
  10. 10. Honeynets: control No Restrictions Honeypot Internet Honeywall Connections Limited Packet Scrubbed HoneypotImagen extraída de: http://www.honeynet.org/speaking/honeynet_project-2.1.2.ppt.zip The Spanish Honeynet Project 10
  11. 11. Honeynets: captura (1)Imagen extraída de: http://www.honeynet.org/tools/sebek/sebek_intro.png The Spanish Honeynet Project 11
  12. 12. Honeynets: captura (2)Imagen extraída de:http://www.honeynet.org/speaking/honeynet_project-2.1.2.ppt.zip The Spanish Honeynet Project 12
  13. 13. Honeynets: análisis• Análisis forense de red• Análisis forense de sistema• Malware: ingeniería inversa The Spanish Honeynet Project 13
  14. 14. Honeynets: lecciones aprendidas• Chantaje mediante DDoS• Redes de intercambio de tarjetas de crédito• Evolución de honeypots Linux The Spanish Honeynet Project 14
  15. 15. Honey-things• Honeypots• Honeynets• Honeytokens• Honeypots cliente… The Spanish Honeynet Project 15
  16. 16. Honeynets: aspectos legales• Monitorización de datos – Cabeceras – Contenidos• Daños colaterales: responsabilidad• Evidencias forenses The Spanish Honeynet Project 16
  17. 17. Honeynets: productos comerciales• Open-source• Symantec Decoy Server (ManTrap)• NetBait• PatriotBox, KFSensor, Specter IDS http://www.tracking-hackers.com/solutions/ The Spanish Honeynet Project 17
  18. 18. The Honeynet Projecthttp://www.honeynet.org 1999-2005 (4 fases) Lance Spitznerhttp://www.honeypots.com The Spanish Honeynet Project 18
  19. 19. The Honeynet Project (2)• Documentación: “Known Your Enemy” (KYE) http://www.honeynet.org/papers/ The Spanish Honeynet Project 19
  20. 20. The Honeynet Project (3)• Herramientas: http://www.honeynet.org/tools/- Honeywall (CD-ROM)- Control- Captura- Análisis The Spanish Honeynet Project 20
  21. 21. The Honeynet Project (4)• Desafíos (Challenges):http://www.honeynet.org/misc/chall.html- SotM (+30) – 2004: “SotM32”- Reverse (posición 11) - 2002- Forensic (posición 10) - 2001 The Spanish Honeynet Project 21
  22. 22. The Honeynet Project: Research Alliance http://www.honeynet.org/alliance/ (20 organizaciones)• Mailing list (“Honeypots”): http://www.securityfocus.com/archive The Spanish Honeynet Project 22
  23. 23. The Spanish Honeynet Project http://www.honeynet.org.es• Objetivos• Miembros• Recursos• Proyectos futuros The Spanish Honeynet Project 23
  24. 24. SHP: Objetivos The Spanish Honeynet Project 24
  25. 25. SHP: Miembros• Diego González Gómez (*) - HIS• Javier Fernández-Sanguino• Jorge Ortiz• Raúl Siles• David Pérez The Spanish Honeynet Project 25
  26. 26. SHP: Recursos• Documentación• Herramientas/Scripts• Informes The Spanish Honeynet Project 26
  27. 27. SHP: Proyectos futuros• Consolidación del entorno• Honeynet SPAM• Honeynet Wi-Fi (802.11)• Honeypots cliente The Spanish Honeynet Project 27
  28. 28. Presente y futuro (1)• Honeynets distribuidas• Phishing, IPV6, bots…• Honeypots cliente• Honeypots avanzados: – Sistema y aplicaciones – DNS, Google… The Spanish Honeynet Project 28
  29. 29. Presente y futuro (2)• HoneyWall: – eeyore – v0.69 – roo• Correlacción de información: Hflow y Walleye• Entornos de producción en España The Spanish Honeynet Project 29
  30. 30. ¡¡Muchas gracias!! ¿Preguntas?FIST Conference Febrero/Madrid 2005 The Spanish Honeynet Project 30
  31. 31. Attribution-NonCommercial- NoDerivs 2.0You are free:to copy, distribute, display, and perform the workUnder the following conditions: Attribution. You must give the original author credit. Noncommercial. You may not use this work for commercial purposes. No Derivative Works. You may not alter, transform, or build upon this work.For any reuse or distribution, you must make clear to others the license terms of this work.Any of these conditions can be waived if you get permission from the author.Your fair use and other rights are in no way affected by the above.This is a human-readable summary of the http://creativecommons.org/licenses/by-nc- nd/2.0/. The Spanish Honeynet Project 31

×