Evaluación y mitigación de ataques reales a redes ip utilizando tecnologías de virtualización de libre distribución
Main Article Content
Abstract
Los ataques a redes IP pueden colapsar la continuidad de los servicios de las empresas afectando su imagen y causando graves pérdidas económicas. La presente investigación se centra en la evaluación de diversos ataques reales de redes IP utilizando plataformas de virtualización con el fin de establecer mecanismos de seguridad para mitigarlos. Para llevarlo a cabo, se diseñaron e implementaron varias topologías de experimentación usando entornos virtuales de red, dentro de las cuales se probaron el escaneo de puertos, fuerza bruta, suplantación de identidad y denegación de servicios, tanto en una red de área local como en una extendida. Para cada topología, se utilizó diferente software libre tanto para producir el ataque como para obtener el flujo de tráfico, evaluándose las consecuencias del ataque. Para contrarrestar dichos ataques, se desarrolló un demonio en Shell script que es capaz de detectar, controlar y mitigar los ataques mencionados de manera programable y constante. Los resultados muestran la funcionalidad de esta investigación que reduce las amenazas y vulnerabilidades de las redes en producción.
Keywords
References
M. Krause and H. Tipton, Handbook of information security management, 5th ed. Auerbach Publications, 1998.
S. Garfinkel and G. Spafford, Web security, privacy & commerce, 2nd ed. O’Reilly Media, Incorporated, 2001.
W. Fuertes, J. de Vergara, and F. Meneses, “Educational platform using virtualization technologies: Teaching-learning applications and research uses cases,” in Proc. II ACE Seminar: Knowledge Construction in Online Collaborative Communities, Albuquerque, NM - USA, October, 2009.
K. Scarfone, S. M, and P. Hoffman, Guide to Security for Full Virtualization Technologies. DIANE Publishing, 2010, Recommendations of the National Institute of Standards and Technology, Gaithersburg, MD.
J. Keller and R. Naues, “A collaborative virtual computer security lab,” in Second IEEE International Conference on e-Science and Grid Com puting e-Science’06. California, EEUU: IEEE, 2006, p. 126.
P. Li and T. Mohammed, “Integration of virtualization technology into network security laboratory,” in 38th Annual Procedings Frontiers in Education Conference, FIE. Saratoga, New York: IEEE, October, 2008, pp. S2A–7.
F. Abbasi and R. Harris, “Experiences with a generation iii virtual honeynet,” in Telecommunication Networks and Applications Conference (ATNAC). Canberra, Australia: IEEE, May, 2009, pp. 1–6.
F. Galán and D. Fernández, “Use of VNUML in virtual honeynets deployment,” in IX Reunión Española sobre Criptología y Seguridad de la Información (RECSI), Barcelona, Spain, September, 2006.
E. Damiani, F. Frati, and D. Rebeccani, “The open source virtual lab: a case study,” in Procedings of the Workshop on Free and Open Source Learning Environments and Tools, FOSLET, Italy, 2006, pp. 5–12.
Co-innovation lab Tokyo. Disaster recovery solution using virtualization technology. White paper. [Online]. Available: http://www.cisco.com/en/US/prod/collateral/ ps4159/ps6409/ps5990/N037_COIL_en.pdf
P. Ferrie, “Attacks on more virtual machine emulators,” Symantec Technology Exchange, 2008.
F. Galán, D. Fernández, W. Fuertes, M. Gómez, and J. López de Vergara, “Scenario-based virtual network infrastructure management in research and educational testbeds with VNUML,” Annals of Telecommunications, vol. 64, no. 5, pp. 305–323, 2009.
W. Fuertes and J. López de Vergara M, “An emulation of VoD services using virtual network environments,” in Procedings of the GI/ITG Workshop on Overlay and Network Virtualization NVWS’09, vol. 17, Kassel-Germany, March, 2009.
VMware home page. [Online]. Available: http: //www.vmware.com
VirtualBox home page. [Online]. Available: http://www.virtualbox.org
C. Lee, C. Roedel, and E. Silenok, “Detection and characterization of port scan attacks,” Univeristy of California, Department of Computer Science and Engineering, 2003. [Online]. Available: http: //cseweb.ucsd.edu/users/clbailey/PortScans.pdf
Hacking. VII Ataques por fuerza bruta. [Online]. Available: http://jbercero.com/index.php? option=com_content&view=article&id=71: hacking-vii-ataques-por-fuerza-bruta&catid=40: hacking-tecnicas-y-contramedidas&Itemid=66
Laboratorios. Hacking, técnicas y contramedidas, ataques por fuerza bruta (BruteForce) III. [Online]. Available: http://labs. dragonjar.org/laboratorios-hacking-tecnicasfuerza-bruta-brute-force-iii
Jhon the Ripper 1.7.6. [Online]. Available: www.openwall.com/jhon/
F. Callegati, W. Cerroni, and M. Ramilli, “Manin-the-Middle attack to the HTTPS protocol,” Security & Privacy, vol. 7, no. 1, pp. 78–81, 2009.
Nemesis. Última comprobación. [Online]. Available: http://nemesis.sourceforge.net/
S/a. [Online]. Available: http://www. estrellateyarde.org/so/logs-en-linux
S/n. [Online]. Available: http://usemoslinux. blogspot.com/2010/11/cron-crontab-explicados. html
J. Li, N. Li, X. Wang, and T. Yu, “Denial of service attacks and defenses in decentralized trust management,” International Journal of Information Security, vol. 8, no. 2, pp. 89–101, 2009.
J. Matthews, W. Hu, M. Hapuarachchi, T. Deshane, D. Dimatos, G. Hamilton, M. McCabe, and J. Owens, “Quantifying the performance isolation properties of virtualization systems,” in Proceedings of the 2007 Workshop on Experimental Computer Science. San Diego, CA: ACM, June, 2007, p. 6.
S. Garfinkel and G. Spafford, Web security, privacy & commerce, 2nd ed. O’Reilly Media, Incorporated, 2001.
W. Fuertes, J. de Vergara, and F. Meneses, “Educational platform using virtualization technologies: Teaching-learning applications and research uses cases,” in Proc. II ACE Seminar: Knowledge Construction in Online Collaborative Communities, Albuquerque, NM - USA, October, 2009.
K. Scarfone, S. M, and P. Hoffman, Guide to Security for Full Virtualization Technologies. DIANE Publishing, 2010, Recommendations of the National Institute of Standards and Technology, Gaithersburg, MD.
J. Keller and R. Naues, “A collaborative virtual computer security lab,” in Second IEEE International Conference on e-Science and Grid Com puting e-Science’06. California, EEUU: IEEE, 2006, p. 126.
P. Li and T. Mohammed, “Integration of virtualization technology into network security laboratory,” in 38th Annual Procedings Frontiers in Education Conference, FIE. Saratoga, New York: IEEE, October, 2008, pp. S2A–7.
F. Abbasi and R. Harris, “Experiences with a generation iii virtual honeynet,” in Telecommunication Networks and Applications Conference (ATNAC). Canberra, Australia: IEEE, May, 2009, pp. 1–6.
F. Galán and D. Fernández, “Use of VNUML in virtual honeynets deployment,” in IX Reunión Española sobre Criptología y Seguridad de la Información (RECSI), Barcelona, Spain, September, 2006.
E. Damiani, F. Frati, and D. Rebeccani, “The open source virtual lab: a case study,” in Procedings of the Workshop on Free and Open Source Learning Environments and Tools, FOSLET, Italy, 2006, pp. 5–12.
Co-innovation lab Tokyo. Disaster recovery solution using virtualization technology. White paper. [Online]. Available: http://www.cisco.com/en/US/prod/collateral/ ps4159/ps6409/ps5990/N037_COIL_en.pdf
P. Ferrie, “Attacks on more virtual machine emulators,” Symantec Technology Exchange, 2008.
F. Galán, D. Fernández, W. Fuertes, M. Gómez, and J. López de Vergara, “Scenario-based virtual network infrastructure management in research and educational testbeds with VNUML,” Annals of Telecommunications, vol. 64, no. 5, pp. 305–323, 2009.
W. Fuertes and J. López de Vergara M, “An emulation of VoD services using virtual network environments,” in Procedings of the GI/ITG Workshop on Overlay and Network Virtualization NVWS’09, vol. 17, Kassel-Germany, March, 2009.
VMware home page. [Online]. Available: http: //www.vmware.com
VirtualBox home page. [Online]. Available: http://www.virtualbox.org
C. Lee, C. Roedel, and E. Silenok, “Detection and characterization of port scan attacks,” Univeristy of California, Department of Computer Science and Engineering, 2003. [Online]. Available: http: //cseweb.ucsd.edu/users/clbailey/PortScans.pdf
Hacking. VII Ataques por fuerza bruta. [Online]. Available: http://jbercero.com/index.php? option=com_content&view=article&id=71: hacking-vii-ataques-por-fuerza-bruta&catid=40: hacking-tecnicas-y-contramedidas&Itemid=66
Laboratorios. Hacking, técnicas y contramedidas, ataques por fuerza bruta (BruteForce) III. [Online]. Available: http://labs. dragonjar.org/laboratorios-hacking-tecnicasfuerza-bruta-brute-force-iii
Jhon the Ripper 1.7.6. [Online]. Available: www.openwall.com/jhon/
F. Callegati, W. Cerroni, and M. Ramilli, “Manin-the-Middle attack to the HTTPS protocol,” Security & Privacy, vol. 7, no. 1, pp. 78–81, 2009.
Nemesis. Última comprobación. [Online]. Available: http://nemesis.sourceforge.net/
S/a. [Online]. Available: http://www. estrellateyarde.org/so/logs-en-linux
S/n. [Online]. Available: http://usemoslinux. blogspot.com/2010/11/cron-crontab-explicados. html
J. Li, N. Li, X. Wang, and T. Yu, “Denial of service attacks and defenses in decentralized trust management,” International Journal of Information Security, vol. 8, no. 2, pp. 89–101, 2009.
J. Matthews, W. Hu, M. Hapuarachchi, T. Deshane, D. Dimatos, G. Hamilton, M. McCabe, and J. Owens, “Quantifying the performance isolation properties of virtualization systems,” in Proceedings of the 2007 Workshop on Experimental Computer Science. San Diego, CA: ACM, June, 2007, p. 6.