Sistema de selección automática de soluciones tecnológicas de seguridad

Desde la aparición de Internet, hace ya más de 20 años ha existido por parte de diversos sectores de la sociedad, científicos, empresas, usuarios, etc. la inquietud por la aplicación de esta tecnología a lo que se ha dado en llamar “El Internet de las Cosas”, que no es más que el control a distancia de cualquier elemento útil o necesario para la vida cotidiana y la industria. Sin embargo el desarrollo masivo de aplicaciones orientadas a esto, no ha evolucionado hasta que no se han producido avances importantes en dos campos: por un lado, en las Redes Inalámbricas de Sensores (WSN), redes compuestas por un conjunto de pequeños dispositivos capaces de transmitir la información que recogen, haciéndola llegar desde su propia red inalámbrica, a otras de amplia cobertura y por otro con la miniaturización cada vez mayor de dispositivos capaces de tener una autonomía suficiente como para procesar datos e interconectarse entre sí. Al igual que en las redes de ordenadores convencionales, las WSN se pueden ver comprometidas en lo que a seguridad se refiere, ya que la masiva implementación de estas redes hará que millones de Terabytes de datos, muchas veces comprometidos o sometidos a estrictas Leyes de protección de los mismos, circulen en la sociedad de la información, de forma que lo que nace como una ventaja muy interesante para sus usuarios, puede convertirse en una pesadilla debido a la amenaza constante hacia los servicios mínimos de seguridad que las compañías desarrolladoras han de garantizar a los usuarios de sus aplicaciones. Éstas, y con el objetivo de proveer un ámbito de seguridad mínimo, deben de realizar un minucioso estudio de la aplicación en particular que se quiere ofrecer con una WSN y también de las características específicas de la red ya que, al estar formadas por dispositivos prácticamente diminutos, pueden tener ciertas limitaciones en cuanto al tamaño de la batería, capacidad de procesamiento, memoria, etc. El presente proyecto desarrolla una aplicación, única, ya que en la actualidad no existe un software con similares características y que aporta un avance importante en dos campos principalmente: por un lado ayudará a los usuarios que deseen desplegar una aplicación en una red WSN a determinar de forma automática cuales son los mecanismos y servicios específicos de seguridad que se han de implementar en dicha red para esa aplicación concreta y, por otro lado proporcionará un apoyo extra a expertos de seguridad que estén investigando en la materia ya que, servirá de plataforma de pruebas para centralizar la información sobre seguridad que se tengan en ese momento en una base de conocimientos única, proporcionando también un método útil de prueba para posibles escenarios virtuales. ABSTRACT. It has been more than 20 years since the Internet appeared and with it, scientists, companies, users, etc. have been wanted to apply this technology to their environment which means to control remotely devices, which are useful for the industry or aspects of the daily life. However, the huge development of these applications oriented to that use, has not evolve till some important researches has been occurred in two fields: on one hand, the field of the Wireless Sensor Networks (WSN) which are networks composed of little devices that are able to transmit the information that they gather making it to pass through from their wireless network to other wider networks and on the other hand with the increase of the miniaturization of the devices which are able to work in autonomous mode so that to process data and connect to each other. WSN could be compromised in the matter of security as well as the conventional computer networks, due to the massive implementation of this kind of networks will cause that millions of Terabytes of data will be going around in the information society, thus what it is thought at first as an interesting advantage for people, could turn to be a nightmare because of the continuous threat to the minimal security services that developing companies must guarantee their applications users. These companies, and with the aim to provide a minimal security realm, they have to do a strict research about the application that they want to implement in one WSN and the specific characteristics of the network as they are made by tiny devices so that they could have certain limitations related to the battery, throughput, memory, etc. This project develops a unique application since, nowadays, there is not any software with similar characteristics and it will be really helpful in mainly two areas: on one side, it will help users who want to deploy an application in one WSN to determine in an automatically way, which ones security services and mechanisms are those which is necessary to implement in that network for the concrete application and, on the other side, it will provide an extra help for the security experts who are researching in wireless sensor network security so that ti will an exceptional platform in order to centralize information about security in the Wireless Sensor Networks in an exclusive knowledge base, providing at the same time a useful method to test virtual scenarios.

Técnicas y herramientas de análisis de vulnerabilidades de una red

El presente documento pretende ofrecer una visión general del estado del conjunto de herramientas disponibles para el análisis y explotación de vulnerabilidades en sistemas informáticos y más concretamente en redes de ordenadores. Por un lado se ha procedido a describir analíticamente el conjunto de herramientas de software libre que se ofrecen en la actualidad para analizar y detectar vulnerabilidades en sistemas informáticos. Se ha descrito el funcionamiento, las opciones, y la motivación de uso para dichas herramientas, comparándolas con otras en algunos casos, describiendo sus diferencias en otros, y justificando su elección en todos ellos. Por otro lado se ha procedido a utilizar dichas herramientas analizadas con el objetivo de desarrollar ejemplos concretos de uso con sus diferentes parámetros seleccionados observando su comportamiento y tratando de discernir qué datos son útiles para obtener información acerca de las vulnerabilidades existentes en el sistema. Además, se ha desarrollado un caso práctico en el que se pone en práctica el conocimiento teórico presentado de forma que el lector sea capaz de asentar lo aprendido comprobando mediante un caso real la utilidad de las herramientas descritas. Los resultados obtenidos han demostrado que el análisis y detección de vulnerabilidades por parte de un administrador de sistemas competente permite ofrecer a la organización en cuestión un conjunto de técnicas para mejorar su seguridad informática y así evitar problemas con potenciales atacantes. ABSTRACT. This paper tries to provide an overview of the features of the set of tools available for the analysis and exploitation of vulnerabilities in computer systems and more specifically in computer networks. On the one hand we pretend analytically describe the set of free software tools that are offered today to analyze and detect vulnerabilities in computer systems. We have described the operation, options, and motivation to use these tools in comparison with other in some case, describing their differences in others, and justifying them in all cases. On the other hand we proceeded to use these analyzed tools in order to develop concrete examples of use with different parameters selected by observing their behavior and trying to discern what data are useful for obtaining information on existing vulnerabilities in the system. In addition, we have developed a practical case in which we put in practice the theoretical knowledge presented so that the reader is able to settle what has been learned through a real case verifying the usefulness of the tools previously described. The results have shown that vulnerabilities analysis and detection made by a competent system administrator can provide to an organization a set of techniques to improve its systems and avoid any potential attacker.

Detección de intrusiones basada en análisis de eventos del DNS

En este proyecto se hace un análisis en profundidad de las técnicas de ataque a las redes de ordenadores conocidas como APTs (Advanced Persistent Threats), viendo cuál es el impacto que pueden llegar a tener en los equipos de una empresa y el posible robo de información y pérdida monetaria que puede llevar asociada. Para hacer esta introspección veremos qué técnicas utilizan los atacantes para introducir el malware en la red y también cómo dicho malware escala privilegios, obtiene información privilegiada y se mantiene oculto. Además, y cómo parte experimental de este proyecto se ha desarrollado una plataforma para la detección de malware de una red en base a las webs, URLs e IPs que visitan los nodos que la componen. Obtendremos esta visión gracias a la extracción de los logs y registros de DNS de consulta de la compañía, sobre los que realizaremos un análisis exhaustivo. Para poder inferir correctamente qué equipos están infectados o no se ha utilizado un algoritmo de desarrollo propio inspirado en la técnica Belief Propagation (“Propagación basada en creencia”) que ya ha sido usada antes por desarrolladores cómo los de los Álamos en Nuevo México (Estados Unidos) para fines similares a los que aquí se muestran. Además, para mejorar la velocidad de inferencia y el rendimiento del sistema se propone un algoritmo adaptado a la plataforma Hadoop de Apache, por lo que se modifica el paradigma de programación habitual y se busca un nuevo paradigma conocido como MapReduce que consiste en la división de la información en conceptos clave-valor. Por una parte, los algoritmos que existen basados en Belief Propagation para el descubrimiento de malware son propietarios y no han sido publicados completamente hasta la fecha, por otra parte, estos algoritmos aún no han sido adaptados a Hadoop ni a ningún modelo de programación distribuida aspecto que se abordará en este proyecto. No es propósito de este proyecto desarrollar una plataforma comercial o funcionalmente completa, sino estudiar el problema de las APTs y una implementación que demuestre que la plataforma mencionada es factible de implementar. Este proyecto abre, a su vez, un horizonte nuevo de investigación en el campo de la adaptación al modelo MapReduce de algoritmos del tipo Belief Propagation basados en la detección del malware mediante registros DNS. ABSTRACT. This project makes an in-depth investigation about problems related to APT in computer networks nowadays, seeing how much damage could they inflict on the hosts of a Company and how much monetary and information loss may they cause. In our investigation we will find what techniques are generally applied by attackers to inject malware into networks and how this malware escalates its privileges, extracts privileged information and stays hidden. As the main part of this Project, this paper shows how to develop and configure a platform that could detect malware from URLs and IPs visited by the hosts of the network. This information can be extracted from the logs and DNS query records of the Company, on which we will make an analysis in depth. A self-developed algorithm inspired on Belief Propagation technique has been used to infer which hosts are infected and which are not. This technique has been used before by developers of Los Alamos Lab (New Mexico, USA) for similar purposes. Moreover, this project proposes an algorithm adapted to Apache Hadoop Platform in order to improve the inference speed and system performance. This platform replaces the traditional coding paradigm by a new paradigm called MapReduce which splits and shares information among hosts and uses key-value tokens. On the one hand, existing algorithms based on Belief Propagation are part of owner software and they have not been published yet because they have been patented due to the huge economic benefits they could give. On the other hand these algorithms have neither been adapted to Hadoop nor to other distributed coding paradigms. This situation turn the challenge into a complicated problem and could lead to a dramatic increase of its installation difficulty on a client corporation. The purpose of this Project is to develop a complete and 100% functional brand platform. Herein, show a short summary of the APT problem will be presented and make an effort will be made to demonstrate the viability of an APT discovering platform. At the same time, this project opens up new horizons of investigation about adapting Belief Propagation algorithms to the MapReduce model and about malware detection with DNS records.

Wirecloud Mobile: soporte para el enriquecimiento y la visualización de mashups de aplicación en dispositivos móviles

El mundo actual es una fuente ilimitada de información. El manejo y análisis de estas enormes cantidades de información es casi imposible, pero también es difícil poder capturar y relacionar diferentes tipos de datos entre sí y, a partir de este análisis, sacar conclusiones que puedan conllevar a la realización, o no, de un conjunto de acciones. Esto hace necesario la implementación de sistemas que faciliten el acceso, visualización y manejo de estos datos; con el objetivo de poder relacionarlos, analizarlos, y permitir al usuario que, de la manera más sencilla posible, pueda sacar conclusiones de estos. De esta necesidad de manejar, visualizar y relacionar datos nació la plataforma Wirecloud. Wirecloud ha sido desarrollado en el laboratorio Computer Networks & Web Technologies Lab (CoNWeT Lab) del grupo CETTICO, ubicado en la Escuela Técnica Superior de Ingenieros Informáticos de la Universidad Politécnica de Madrid. Wirecloud es una plataforma de código abierto que permite, utilizando las últimas tecnologías web, recoger la información que se quiere analizar de diferentes fuentes en tiempo real e, interconectando entre sí una serie de componentes y operadores, realizar una mezcla y procesado de esta información para después usarla y mostrarla de la manera más usable posible al usuario. Un ejemplo de uso real de la plataforma podría ser: utilizar la lista de repartidores de una empresa de envío urgente para conocer cuáles son sus posiciones en tiempo real sobre un mapa utilizando el posicionamiento GPS de sus dispositivos móviles, y poder asignarles el destino y la ruta más óptima; todo esto desde la misma pantalla. El proyecto Wirecloud Mobile corresponde a la versión móvil de la plataforma Wirecloud, cuyo objetivos principales pretenden compatibilizar Wirecloud con el mayor número de sistemas operativos móviles que actualmente hay en el mercado, permitiendo su uso en cualquier parte del mundo; y poder enriquecer los componentes mencionados en el párrafo anterior con las características y propiedades nativas de los dispositivos móviles actuales, como por ejemplo el posicionamiento GPS, el acelerómetro, la cámara, el micrófono, los altavoces o tecnologías de comunicación como el Bluetooth o el NFC.---ABSTRACT---The current world is a limitless source of information. Use and analysis of this huge amount of information is nearly impossible; but it is also difficult being able to capture and relate different kinds of data to each other and, from this analysis, draw conclusions that can lead to the fulfilment or not of a set of relevant actions. This requires the implementation of systems to facilitate the access, visualization and management of this data easier; with the purpose of being capable of relate, analyse, and allow the user to draw conclusions from them. And out of this need to manage, visualize and relate data, the Wirecloud platform was born. Wirecloud has been developed at the Computer Networks & Web Technologies Lab (CoNWeT Lab) of CETTICO group, located at Escuela Técnica Superior de Ingenieros Informáticos of Universidad Politécnica de Madrid. Wirecloud is an open-source platform that allows, using the latest web technologies, to collect the information from different sources in real time and interlinking a set of widgets and operators, make a mixture and processing of this information, so then use it and show it in the most usable way. An example of the actual use of the platform could be: using the list of deliverymen from an express delivery company in order to know, using GPS positioning from their mobile devices, which are their current locations in a map; and be able to assign them the destination and optimum route; all of this from the same display/screen. Wirecloud Mobile Project is the mobile version of the Wirecloud platform, whose main objectives aim to make Wirecloud compatible with the largest amount of mobile operative systems that are currently available, allowing its use everywhere; and enriching and improving the previously mentioned components with the native specifications and properties of the present mobile devices, such as GPS positioning, accelerometer, camera, microphone, built-in speakers, or communication technologies such as Bluetooth or NFC (Near Field Communications).

Mecanismos para determinação de rotas de proteção em redes MPLS-TP com topologia em malha.

As redes atuais de telecomunicações utilizam tecnologias de comutação de pacotes para integração de voz, dados, imagens e outros serviços. O tráfego nessas redes costuma ser feito por meio de tecnologias como o MPLS-TP e com regras heurísticas para a determinação dos melhores caminhos. O uso de boas regras afeta diretamente o desempenho e a segurança da operação. Este trabalho propõe o uso de simulação de baixo custo para prever o comportamento e avaliar regras de escolha de caminhos. Para isso, este trabalho avalia três métodos de seleção de caminhos de LSPs, combinados com duas heurísticas de recuperação, usados em redes MPLS-TP em malha com mecanismos de proteção em malha compartilhada. Os resultados das simulações medem o impacto dos métodos e heurísticas utilizados, demonstrando o quanto uma melhor seleção de caminhos pode contribuir para a redução do uso dos recursos da rede e do número máximo de LSPs afetados em caso de falhas na rede. Os resultados deste trabalho, bem como a técnica de análise proposta, almejam ser uma contribuição para a padronização de regras de seleção de LSPs em redes heterogêneas.

Arquitetura computacional para redes orgânicas e heterogêneas: plano de controle do sistema operacional swarm.

Computational Swarms (enxames computacionais), consistindo da integração de sensores e atuadores inteligentes no nosso mundo conectado, possibilitam uma extensão da info-esfera no mundo físico. Nós chamamos esta info-esfera extendida, cíber-física, de Swarm. Este trabalho propõe uma visão de Swarm onde dispositivos computacionais cooperam dinâmica e oportunisticamente, gerando redes orgânicas e heterogêneas. A tese apresenta uma arquitetura computacional do Plano de Controle do Sistema Operacional do Swarm, que é uma camada de software distribuída embarcada em todos os dispositivos que fazem parte do Swarm, responsável por gerenciar recursos, definindo atores, como descrever e utilizar serviços e recursos (como divulgá-los e descobrí-los, como realizar transações, adaptações de conteúdos e cooperação multiagentes). O projeto da arquitetura foi iniciado com uma revisão da caracterização do conceito de Swarm, revisitando a definição de termos e estabelecendo uma terminologia para ser utilizada. Requisitos e desafios foram identificados e uma visão operacional foi proposta. Esta visão operacional foi exercitada com casos de uso e os elementos arquiteturais foram extraídos dela e organizados em uma arquitetura. A arquitetura foi testada com os casos de uso, gerando revisões do sistema. Cada um dos elementos arquiteturais requereram revisões do estado da arte. Uma prova de conceito do Plano de Controle foi implementada e uma demonstração foi proposta e implementada. A demonstração selecionada foi o Smart Jukebox, que exercita os aspectos distribuídos e a dinamicidade do sistema proposto. Este trabalho apresenta a visão do Swarm computacional e apresenta uma plataforma aplicável na prática. A evolução desta arquitetura pode ser a base de uma rede global, heterogênea e orgânica de redes de dispositivos computacionais alavancando a integração de sistemas cíber-físicos na núvem permitindo a cooperação de sistemas escaláveis e flexíveis, interoperando para alcançar objetivos comuns.

Experiences with free and open courses using on-line multimedia resources

This paper analyzes the learning experiences and opinions obtained from a group of undergraduate students in their interaction with several on-line multimedia resources included in a free on-line course about Computer Networks. These new educational resources employed are based on the Web2.0 approach such as blogs, videos and virtual labs which have been added in a web-site for distance self-learning.

A formal framework for modelling complex network management systems

Society today is completely dependent on computer networks, the Internet and distributed systems, which place at our disposal the necessary services to perform our daily tasks. Subconsciously, we rely increasingly on network management systems. These systems allow us to, in general, maintain, manage, configure, scale, adapt, modify, edit, protect, and enhance the main distributed systems. Their role is secondary and is unknown and transparent to the users. They provide the necessary support to maintain the distributed systems whose services we use every day. If we do not consider network management systems during the development stage of distributed systems, then there could be serious consequences or even total failures in the development of the distributed system. It is necessary, therefore, to consider the management of the systems within the design of the distributed systems and to systematise their design to minimise the impact of network management in distributed systems projects. In this paper, we present a framework that allows the design of network management systems systematically. To accomplish this goal, formal modelling tools are used for modelling different views sequentially proposed of the same problem. These views cover all the aspects that are involved in the system; based on process definitions for identifying responsible and defining the involved agents to propose the deployment in a distributed architecture that is both feasible and appropriate.

Conceptual Modelling of Complex Network Management Systems

Society, as we know it today, is completely dependent on computer networks, Internet and distributed systems, which place at our disposal the necessary services to perform our daily tasks. Moreover, and unconsciously, all services and distributed systems require network management systems. These systems allow us to, in general, maintain, manage, configure, scale, adapt, modify, edit, protect or improve the main distributed systems. Their role is secondary and is unknown and transparent to the users. They provide the necessary support to maintain the distributed systems whose services we use every day. If we don’t consider network management systems during the development stage of main distributed systems, then there could be serious consequences or even total failures in the development of the distributed systems. It is necessary, therefore, to consider the management of the systems within the design of distributed systems and systematize their conception to minimize the impact of the management of networks within the project of distributed systems. In this paper, we present a formalization method of the conceptual modelling for design of a network management system through the use of formal modelling tools, thus allowing from the definition of processes to identify those responsible for these. Finally we will propose a use case to design a conceptual model intrusion detection system in network.

Connecting the Nation : classrooms, libraries, and health care organizations in the Information age : update 1995 /

Mode of access: Internet.

Model framework for management control over automated information system /

Mode of access: Internet.

Item analysis /

Thesis (M. S.)--University of Illinois at Urbana-Champaign.

Load regulation and dispatching in a network of computers /

Thesis (M. S.)--University of Illinois at Urbana-Champaign.

Queues and network computers.

Bibliography: p. 68-71.

Characterization of a distributed data base system /

Thesis--University of Illinois at Urbana-Champaign.