palestra de alexandro silva - alexos na latinoware
TRANSCRIPT
![Page 1: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/1.jpg)
OSSIM – Monitorando ameaças tecnológicas em
tempo real
Alexandro Silva
http://alexos.org
![Page 2: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/2.jpg)
Quem é esse “cabra”?
Gerente de Operações na iBLISS Segurança e Inteligência
ProfessorCofundador da Nullbyte
Security Conference
![Page 3: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/3.jpg)
Prevenção
Ferramentas de proteção estão preparadas para
acompanhar a evolução das ameaças?
![Page 4: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/4.jpg)
Ameaças
![Page 5: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/5.jpg)
Ameaças Externas vs Ameaças Internas
Managing cyber risks in an interconnected world
http://www.dol.gov/ebsa/pdf/erisaadvisorycouncil2015security3.pdf
![Page 6: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/6.jpg)
Ameaças
![Page 7: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/7.jpg)
Como vocês se previnem hoje?
![Page 8: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/8.jpg)
Prevenção
![Page 9: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/9.jpg)
Prevenção
![Page 10: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/10.jpg)
Prevenção
![Page 11: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/11.jpg)
Prevenção
Como se previnir?
![Page 12: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/12.jpg)
Prevenção
Usando processos e procedimentos
![Page 13: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/13.jpg)
O processo
PlanejarAuditarCorrigirMonitorar
![Page 14: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/14.jpg)
Prevenção
Auditar Ativos Aplicações Sistemas Pessoas
Gerencimento de ameaças tecnológicasTDIMonitoração continuada
![Page 15: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/15.jpg)
Cenário
Foi possível identificar que em certos horários do dia, ocorre um grande fluxo de pacotes saindo da rede interna para Internet deixando a rede lenta.Após horas de análise Severino, o Sysadmin, identificou o servidor comprometido e localizou os seguintes arquivos dentro do diretório /tmp :
• Jonh the ripper • Shadows e Passwd • Um arquivo contendo senhas “crackeadas”
![Page 16: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/16.jpg)
Monitorar
Monitoração Contínua de
Ameaças
![Page 17: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/17.jpg)
Security Information and Event Management (SIEM)
Coleta, normaliza e relaciona informações enviada de diversas origens:
FirewallsServidoresIDS/IPSAplicações
![Page 18: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/18.jpg)
Security Information and Event Management (SIEM)
A partir da correlação desses eventos é possível gerar várias ações:
Alertas (email, SMS,etc)BloqueiosAbertura de ticketsRelatórios
![Page 19: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/19.jpg)
Security Information and Event Management (SIEM)
![Page 20: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/20.jpg)
Security Information and Event Management (SIEM)
![Page 21: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/21.jpg)
Alienvault OSSIM
Arquitetura
![Page 22: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/22.jpg)
Alienvault OSSIM
PRADS Identifica hosts e serviços passivamente.
OpenVAS Análise de vulnerabilidade e correlação cruzada com alertas de IDS
Snort Detecção de intrusão também usado para correlação com Nessus.
Suricata Sistema de detecção de intrusão padrão do OSSIM
![Page 23: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/23.jpg)
Alienvault OSSIM
Tcptrack – Obtém informações sobre sessão para correlação de ataques.
Nagios Monitoramento de ativosOSSEC Sistema de detecção de intrusão
para hostsMunin Análise de tráfego de rede .NFSen/NFDump Coleta e analisa
informações de NetFlow.FProbe, gera o NetFlow de dados capturados.
![Page 24: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/24.jpg)
Alienvault OSSIM
https://www.alienvault.com/doc-repo/usm/security-intelligence/AlienVault_Correlation_Reference_Guide.pdf
![Page 25: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/25.jpg)
Alienvault OSSIMCorrelação de Eventos
https://www.alienvault.com/doc-repo/usm/security-intelligence/AlienVault_Correlation_Reference_Guide.pdf
![Page 26: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/26.jpg)
Alienvault OSSIMCorrelação de Eventos
![Page 27: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/27.jpg)
Alienvault OSSIMBrute force
https://www.alienvault.com/doc-repo/usm/security-intelligence/AlienVault_Correlation_Reference_Guide.pdf
![Page 28: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/28.jpg)
Alienvault OSSIMCross-correlação
https://www.alienvault.com/doc-repo/usm/security-intelligence/AlienVault_Correlation_Reference_Guide.pdf
![Page 29: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/29.jpg)
Alienvault OSSIM
Casos
![Page 30: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/30.jpg)
Alienvault OSSIM
NegóciosFraudes
![Page 31: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/31.jpg)
Alienvault OSSIM
Infraestrutura
![Page 32: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/32.jpg)
Alienvault OSSIM
Segurança
![Page 33: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/33.jpg)
Alienvault OSSIM
Hands On
![Page 34: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/34.jpg)
FerramentaSIEM
![Page 35: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/35.jpg)
FerramentaSIEM
![Page 36: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/36.jpg)
![Page 37: Palestra de Alexandro Silva - Alexos na Latinoware](https://reader030.vdocuments.site/reader030/viewer/2022020119/5879615f1a28ab1e388b6495/html5/thumbnails/37.jpg)
Rua Nestor Pestana, 30 cj 156São Paulo-SP
+55 11 3255-3926 Telwww.ibliss.com.br
Alexandro Silva