Cómo eliminar las diez principales vulnerabilidades en Internet
Anuncio
,QIRUPHRULJLQDOGHO
KWWSZZZVHOVHJFRP
3RVWHGZLWKSHUPLVVLRQRIWKH6DQV,QVWLWXWH
3XEOLFDGRFRQSHUPLVRGHO6DQV,QVWLWXWH
&yPRHOLPLQDUODVGLH]YXOQHUDELOLGDGHVGH
VHJXULGDGHQ,QWHUQHWPiVFUtWLFDV
(OFRQVHQVRGHORVH[SHUWRV
9HUVLyQGHVHSWLHPEUHGH
&RS\ULJKW7KH6$16,QVWLWXWH
$FWXDOL]DFLRQHV
Y
$FWXDOL]DFLRQGHODSpQGLFH%
Y
£'HWHQHUORVDFFHVRVQRDXWRUL]DGRV
/DPD\RUtDGHORVDWDTXHVFRQp[LWRD
RUGHQDGRUHVPHGLDQWH,QWHUQHWVHSXHGHQ
DJUXSDUFRPRODXWLOL]DFLyQGHXQUHGXFLGR
Q~PHURGHYXOQHUDELOLGDGHV/DPD\RUSDUWH
GHORVRUGHQDGRUHVFRPSURPHWLGRVGXUDQWHHO
LQFLGHQWHFRQRFLGRFRPRµ6RODU6XQULVH
3HQWDJRQµIXHURQDWDFDGRVPHGLDQWHXQD
YXOQHUDELOLGDGFRQFUHWD8QDYXOQHUDELOLGDG
VLPLODUDHVDIXHODTXHVHXWLOL]ySDUD
FRQWURODUODPD\RUSDUWHGHORVRUGHQDGRUHV
TXHSRVWHULRUPHQWHVHXWLOL]DURQPDVLYDPHQWH
HQORVDWDTXHVGLVWULEXLGRVGHQHJDFLyQGH
VHUYLFLR'HODPLVPDIRUPDORVUHFLHQWHV
DFFHVRVLOHJDOHVDVHUYLGRUHVZHEEDVDGRVHQ
:LQGRZV17HVWiQDVRFLDGRVDODXWLOL]DFLyQGH
XQDYXOQHUDELOLGDGVREUDGDPHQWHFRQRFLGD
2WUDYXOQHUDELOLGDGWRGDYtDVXILFLHQWHPHQWH
HVWXGLDGDSDUDVHUODFDXVDGHSHUPLWLUHO
FRQWUROLOHJDOGHPiVGHVLVWHPDV/LQX[
$FWXDOL]DFLyQGHOD85/GH
VRSRUWHGH5HG+DW/LQX[
Y
1XHYRDSpQGLFH,QIRUPDFLyQ
GHDFWXDOL]DFLRQHVGH
GLVWULEXLGRUHVGH8QL[
Y
1XHYDVHFFLyQFRQODVSHUVRQDV
TXHKDQFRODERUDGRHQ
PHMRUDUHVWHGRFXPHQWR
Y
$FWXDOL]DFLyQGHODUHODFLyQGH
FyGLJRV&9(GHODVHFFLyQ
Y
$FWXDOL]DFLyQGHODVILUPDV
'RZQORDGV
'RFXPHQWRHQIRUPDWR3')$GREH
$FUREDW
&RQVyORDOJXQDVYXOQHUDELOLGDGHVHQGHILQLWLYDVHUHDOL]DQODPD\RUSDUWHGHORVDWDTXHV
FRQp[LWRGHELGRHQJUDQSDUWHDTXHORVDWDFDQWHVVRQRSRUWXQLVWDV²XWLOL]DQODYtDPiV
IiFLO\FRQYHQLHQWH8WLOL]DQODVEUHFKDVPHMRUFRQRFLGDVPHGLDQWHHOXVRGHGLYHUVDV
KHUUDPLHQWDVGHDWDTXHVPX\HIHFWLYDV\DPSOLDPHQWHGLIXQGLGDV6HDSURYHFKDQGH
DTXHOODVRUJDQL]DFLRQHVTXHQRDSOLFDQORVSDUFKHVSDUDUHVROYHUORVSUREOHPDV
UHDOL]DQGRKDELWXDOPHQWHDWDTXHVGHIRUPDLQGLVFULPLQDGDUDVWUHDQGRHQ,QWHUQHWSRUOD
H[LVWHQFLDGHVLVWHPDVYXOQHUDEOHV
/DPD\RUSDUWHGHORVDGPLQLVWUDGRUHVGHVLVWHPDVDILUPDQTXHQRKDQVROXFLRQDGRHVWDV
EUHFKDVGHVHJXULGDGSRUODVLPSOHUD]yQTXHGHVFRQRFHQFXDOHVGHORVSUREOHPDV
SRWHQFLDOHVVRQORVPiVSHOLJURVRV\FDUHFHQGHOWLHPSRQHFHVDULRSDUDSRGHUFRUUHJLUORV
WRGRV
/DFRPXQLGDGGHSURIHVLRQDOHVGHODVHJXULGDGLQIRUPiWLFDGHVHDUHVROYHUHVWHSUREOHPD
LGHQWLILFDQGRODViUHDVGHVHJXULGDGHQ,QWHUQHWPiVFUtWLFDV²HOJUXSRGH
YXOQHUDELOLGDGHVTXHORVDGPLQLVWUDGRUHVGHVLVWHPDVGHEHQHOLPLQDUGHIRUPDLQPHGLDWD
(VWDOLVWDFRQVHQVXDGDDODTXHGHQRPLQDUHPRV7RS7HQHVXQHMHPSORVLQSUHFHGHQWHV
GHFRRSHUDFLyQDFWLYDHQWUHODLQGXVWULDORVRUJDQLVPRVS~EOLFRV\ODVLQVWLWXFLRQHV
HGXFDWLYDV/RVSDUWLFLSDQWHVSURYLHQHQGHODVDJHQFLDVIHGHUDOHVFRQPD\RUFRQFLHQFLD
HQWHPDVGHVHJXULGDGGHORVSULQFLSDOHVGLVWULEXLGRUHVGHSURGXFWRVGHVHJXULGDGGH
FRQVXOWRUDVHVSHFLDOL]DGDVGHGLYHUVDVXQLYHUVLGDGHVFRQSURJUDPDVHVSHFLDOL]DGRVHQ
VHJXULGDG\GHO&(57&&\HO6$16,QVWLWXWH$OILQDOGHODUWLFXORLQFOXLPRVODUHODFLyQ
FRPSOHWDGHSDUWLFLSDQWHV
(VWDHVODOLVWDGHORVSUREOHPDVGHVHJXULGDGHQ,QWHUQHWPiVIUHFXHQWHPHQWH
XWLOL]DGRVFRQODUHODFLyQGHDFFLRQHVTXHGHEHQWRPDUVHSDUDSURWHJHUORVVLVWHPDVGH
ODVPLVPDV
7UHVQRWDVSDUDHOOHFWRU
1RWD(VWHHVXQGRFXPHQWRHQFRQVWDQWHHYROXFLyQ,QFOX\HODVLQVWUXFFLRQHV
LQLFLDOHVSDVRDSDVR\GLUHFFLRQHVSDUDVROXFLRQDUORVGHIHFWRV,UHPRV
DFWXDOL]DQGRODVLQVWUXFFLRQHVDPHGLGDTXHYD\DPRVLGHQWLILFDQGRFXDOHVVRQORV
SDVRVPiVFRQYHQLHQWHVVHDJUDGHFHUiQORVFRPHQWDULRVGHOOHFWRUDOUHVSHFWR
(VWHGRFXPHQWRHVXQFRQVHQVRGHODFRPXQLGDG²VXH[SHULHQFLDHQODHOLPLQDFLyQ
GHODVYXOQHUDELOLGDGHVSXHGHD\XGDUDORVTXHYHQJDQGHWUiV3DUDHQYLDUVXV
VXJHUHQFLDVHQYtHXQPHQVDMHDEDUFHORQD#VHOVHJFRP!XWLOL]DQGR´
&RPHQWDULRVDO7RS7HQµFRPRWHPDGHOPLVPR3DUDREWHQHUODYHUVLyQPiV
DFWXDOL]DGDGHHVWDVLQVWUXFFLRQHVHQYtHXQPHQVDMHDEDUFHORQD#VHOVHJFRP!
FRQHOWHPD´'RFXPHQWR7RS7HQµ
1RWD(QFRQWUDUiUHIHUHQFLDDUHJLVWURV&9(²ORVQ~PHURVGHUHIHUHQFLDGHODV
9XOQHUDELOLGDGHV\([SRVLFLRQHVPiV+DELWXDOHVTXHVHFRUUHVSRQGHQFRQXQD
YXOQHUDELOLGDG/RVQ~PHURV&$1FRUUHVSRQGHQDSURSXHVWDVGH&9(TXHQRKDQ
VLGRWRWDOPHQWHYHULILFDGDV3DUDLQIRUPDFLyQDGLFLRQDOVREUHHOSUR\HFWR&9(
YLVLWHKWWSFYHPLWUHRUJ
1RWD$OILQDOGHODOLVWDHQFRQWUDUiXQDVHFFLyQH[WUDFRQXQDUHODFLyQGHORV
SXHUWRVXWLOL]DGRVSRUORVVHUYLFLRVKDELWXDOPHQWHVRQGHDGRV\
DWDFDGRV%ORTXHDQGRHOWUiILFRDGLFKRVSXHUWRVHQVXFRUWDIXHJRVXRWUR
GLVSRVLWLYRGHSURWHFFLyQSHULPHWUDOREWHQGUiXQQLYHOH[WUDGHGHIHQVDTXHOH
D\XGDDSURWHJHUVHGHORVHUURUHVGHFRQILJXUDFLyQ
&RQWHQLGR
'HELOLGDGHVGH%,1'nxtqinvHin.namedSHUPLWHQFRPSURPHWHUOD
FXHQWDGHURRWLQPHGLDWDPHQWH
3URJUDPDV&*,\H[WHQVLRQHVGHDSOLFDFLyQSRUHMHPSOR&ROG)XVLRQ
LQVWDODGRVHQVHUYLGRUHVZHE
'HELOLGDGHVHQOODPDGDVGHSURFHGLPLHQWRUHPRWR53&HQUSFWWGEVHUYHUG
7RRO7DONUSFFPVG&DOHQGDU0DQDJHU\USFVWDWGTXHSHUPLWHQOD
REWHQFLyQLQPHGLDWDGHSULYLOHJLRGHURRW
$JXMHURGHVHJXULGDG5'6HQ0LFURVRIW,QWHUQHW,QIRUPDWLRQ6HUYHU,,6
'HELOLGDGSRUGHVERUGDPLHQWRGHEXIIHUHQVHQGPDLODWDTXHVPHGLDQWH
iUHDVGHLQWHUFRQH[LyQGHPHPRULD\0,0(ERWRGDVHOODVSHUPLWHQ
FRPSURPHWHUODFXHQWDGHURRWLQPHGLDWDPHQWH
VDGPLQG\PRXQWG
&RPSDUWLFLyQGHDUFKLYRVJOREDO\FRPSDUWLFLyQGHLQIRUPDFLyQLQDSURSLDGD
PHGLDQWH1HW%,26\ORVSXHUWRV!HQ:LQGRZV17HQ:LQGRZV
H[SRUWVGH1)6HQ8QL[SXHUWRFRPSDUWLFLyQYtDZHEHQ
0DFLQWRVK\$SSOHVKDUH,3HQSXHUWRV\
&XHQWDVGHXVXDULRHVSHFLDOPHQWHODGHURRWRDGPLQLVWUDGRUVLQ
FRQWUDVHxDRFRQFRQWUDVHxDSRFRVHJXUD
9XOQHUDELOLGDGHVGHGHVERUGDPLHQWRGHEXIIHURFRQILJXUDFLyQLQFRUUHFWDHQ
,0$3\323
1RPEUHVGHFRPXQLGDG6103SRURPLVLyQ¶SXEOLF·\¶SULYDWH·
,QIRUPDFLyQDGLFLRQDO
•
•
•
•
8QSXQWRSULRULWDULRSDUDORVXVXDULRV\RDGPLQLVWUDGRUHVGH:LQGRZV
YDULRVDJXMHURVGHVFULSWHQ,QWHUQHW([SORUHU\2IILFH
3URWHFFLyQSHULPHWUDOSDUDXQDOtQHDDGLFLRQDOGHGHIHQVD
,QIRUPDFLyQGHVRSRUWHGHORVGLYHUVRVIDEULFDQWHVGH8QL[
)LUPDQWHV
Debilidades
de BIND: nxt, qinv e in.named permiten
comprometer la cuenta de root inmediatamente
(OSDTXHWH%HUNHOH\,QWHUQHW1DPH'RPDLQ%,1'HVODLPSOHPHQWDFLyQPiV
XWLOL]DGDGHVHUYLFLRGHQRPEUHVGHGRPLQLR'16HOLPSRUWDQWHVLVWHPDTXHQRV
SHUPLWHORFDOL]DUORVVLVWHPDVHQ,QWHUQHWSRUVXQRPEUHSRUHMHPSOR
ZZZVDQVRUJVLQQHFHVLGDGGHXWLOL]DUGLUHFFLRQHV,3ORTXHORFRQYLHUWHHQXQR
GHORVEODQFRVIDYRULWRVSDUDXQDWDTXH(VWULVWHYHUTXHGHDFXHUGRFRQXQD
HQFXHVWDUHDOL]DGDDPHGLDGRVGHFHUFDGHOGHWRGRVORVVHUYLGRUHVGH
'16FRQHFWDGRVD,QWHUQHWXWLOL]DEDQXQDYHUVLyQGH%,1'YXOQHUDEOH(QXQDWDTXH
WtSLFRD%,1'ORVLQWUXVRVERUUDQORVDUFKLYRVORJGHOVLVWHPDHLQVWDODQKHUUDPLHQWDV
TXHOHVSHUPLWHQREWHQHUSULYLOHJLRVGHDGPLQLVWUDGRU$FRQWLQXDFLyQFRPSLODQH
LQVWDODQGLYHUVDVXWLOLGDGHVGH,5&\HVFDQHRGHUHGHVTXHODVXWLOL]DUiQSDUD
HQFRQWUDUGHQWURGHOUDQJRGHYDULDVFODVHV%GHGLUHFFLRQHV,3RWURVVLVWHPDVTXH
WDPELpQXWLOLFHQYHUVLRQHVYXOQHUDEOHVGH%,1'(QFXHVWLyQGHPLQXWRVKDEUiQ
XWLOL]DGRHOVLVWHPDFRPSURPHWLGRSDUDDWDFDUFLHQWRVGHVLVWHPDVUHPRWRV
REWHQLHQGRHOFRQWUROGHORVPLVPRV(VWRLOXVWUDHOFDRVTXHSXHGHUHVXOWDUGHXQD
VLPSOHYXOQHUDELOLGDGHQXQVRIWZDUHSDUDODJHVWLyQGHVHUYLFLRVXQLYHUVDOHVHQ
,QWHUQHWFRPRSXHGHVHUHO'16
6LVWHPDVDIHFWDGRV
'LYHUVRVVLVWHPDV81,;\/LQX[
$IHFKDGHPD\RGHWRGDVODVYHUVLRQHVGH%,1'DQWHULRUHVDODY
DFWXDOL]DFLyQVRQYXOQHUDEOHV
5HJLVWUR&9(
Q[W&9(
TLQY&9(
2WURVUHJLVWURV&9(UHODFLRQDGRV&9(&9(&9(
&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
'HVDFWLYDUHOGDHPRQ%,1'QDPHGHQWRGRVDTXHOORVVLVWHPDVTXHQRDFW~DQ
FRPRVHUYLGRUHVGH'16$OJXQRVH[SHUWRVLQFOXVRUHFRPLHQGDQOD
GHVLQVWDODFLyQGHOVRIWZDUHGH'16
(QPiTXLQDVTXHDFW~DQFRPRVHUYLGRUHVGH'16DFWXDOL]DUDOD~OWLPD
YHUVLyQDGHPD\RGHODYHUVLyQPiVUHFLHQWHHVODY
DFWXDOL]DFLyQ
3XHGHVHJXLUORVFRQVHMRVLQGLFDGRVHQORVVLJXLHQWHVDYLVRV
3DUDODYXOQHUDELOLGDG1;7KWWSZZZFHUWRUJDGYLVRULHV&$
ELQGKWPO
3DUDODVYXOQHUDELOLGDGHV4,19SUHJXQWDLQYHUVD\1$0('
KWWSZZZFHUWRUJDGYLVRULHV&$ELQGBSUREOHPVKWPO
KWWSZZZFHUWRUJVXPPDULHV&6KWPO
•
•
(MHFXWH%,1'FRPRXQXVXDULRVLQSULYLOHJLRVFRPRPHGLGDGHSURWHFFLyQDQWH
IXWXURVDWDTXHV1RREVWDQWHVyORORVSURFHVRVTXHVHHMHFXWDQFRPRURRW
SXHGHQVHUFRQILJXUDGRVSDUDXWLOL]DUORVSXHUWRVLQIHULRUHVDO²XQ
UHTXLVLWRGHO'163RUWDQWRGHEHUiFRQILJXUDU%,1'SDUDTXHFDPELHGH
XVXDULRXQDYH]VHKD\DDVRFLDGRDOSXHUWR
(MHFXWH%,1'HQXQDHVWUXFWXUDGHGLUHFWRULRVFKURRWFRPRPHGLGDGH
SURWHFFLyQDQWHIXWXURVDWDTXHV
Programas CGI y extensiones de aplicación (por ejemplo,
ColdFusion) instalados en servidores web.
&DVLWRGRVORVVHUYLGRUHVZHEGDQVRSRUWHDSURJUDPDV&*,&RPPRQ*DWHZD\
,QWHUIDFHSDUDRIUHFHUSiJLQDVLQWHUDFWLYDVWDOHVFRPRODREWHQFLyQ\YHULILFDFLyQ
GHGDWRV0XFKRVVHUYLGRUHVLQFOX\HQGLYHUVRVSURJUDPDV&*,GHHMHPSORTXHVH
LQVWDODQSRURPLVLyQ'HVDIRUWXQDGDPHQWHDOJXQRVSURJUDPDGRUHVGH&*,VQRKDQ
FRQVLGHUDGRODSRVLELOLGDGTXHVXVSURJUDPDVSXHGHQVHUXWLOL]DGRVGHIRUPD
LQFRUUHFWDRVHUHQJDxDGRVSDUDHMHFXWDUPDQGDWRVFRQILQHVPDOLFLRVRV/RV&*,V
YXOQHUDEOHVVRQXQEODQFRSDUWLFXODUPHQWHDWUDFWLYRSDUDORVLQWUXVRV\DTXHVRQ
UHODWLYDPHQWHIiFLOHVGHORFDOL]DU\IXQFLRQDQFRQORVPLVPRVSULYLOHJLRV\SRGHUTXH
HOVRIWZDUHGHOVHUYLGRUZHE
6HVDEHTXHORVLQWUXVRVVHKDQDSURYHFKDGRGH&*,VYXOQHUDEOHVSDUDPRGLILFDU
SiJLQDVZHEUREDULQIRUPDFLyQGHWDUMHWDVGHFUpGLWRHLQVWDODUSXHUWDVWUDVHUDV
SDUDSRVWHULRUHVLQWUXVLRQHVLQFOXVRHQHOPRPHQWRHQTXHORV&*,V\DKDQVLGR
SURWHJLGRV&XDQGRODIRWRGH-DQHW5HQRIXHVXVWLWXLGDSRUODGH$GROSK+LWOHUXQ
LQIRUPHLQWHUQRFRQFOX\yTXHODFDXVDPiVSUREDEOHSDUDHODWDTXHIXHODXWLOL]DFLyQ
GHXQDJXMHURGHVHJXULGDGHQXQSURJUDPD&*,
&ROG)XVLRQGH$OODLUHHVXQSDTXHWHGHDSOLFDFLRQHVSDUDVHUYLGRUHVZHETXHLQVWDOD
DOJXQRVSURJUDPDVGHHMHPSORFRQYXOQHUDELOLGDGHV&RPRQRUPDJHQHUDOORV
SURJUDPDVGHHMHPSORGHEHQVHUVLHPSUHHOLPLQDGRVGHORVVLVWHPDVGHSURGXFFLyQ
6LVWHPDVDIHFWDGRV
7RGRVORVVHUYLGRUHVZHE
5HJLVWURV&9(
•
•
•
•
3URJUDPDV&*,GHHMHPSORWRGRVORV&*,V
5HPHGLR
(OLPLQDUORVSURJUDPDV&*,GHHMHPSORHQORVVHUYLGRUHVGHSURGXFFLyQ
&$1
,QWHUQHW,QIRUPDWLRQ6HUYHU0LFURVRIW6LWH6HUYHUTXHVHLQFOX\HHQ
HO0LFURVRIW6LWH6HUYHU&RPPHUFH(GLWLRQ0LFURVRIW&RPPHUFLDO
,QWHUQHW6HUYHU\0LFURVRIW%DFN2IILFH6HUYHU\
FRQVXOWDUKWWSZZZPLFURVRIWFRPWHFKQHWVHFXULW\EXOOHWLQPV
DVS
5HPHGLR
$SOLFDUHOSDUFKHGLVSRQLEOHHQIWSIWSPLFURVRIWFRPEXVV\VLLVLLV
SXEOLFIL[HVXVD9LHZFRGHIL[
&9(
3URJUDPDGHDJHQGDHVFULWRHQSKILQFOXLGRHQYHUVLRQHVDQWLJXDVGHORV
VHUYLGRUHV1&6$\$SDFKH
&9(
6FULSWGHHMHPSOR¶P\ORJKWPO·LQFOXLGRHQ3+3),
•
•
•
&9(
,5,;\
&9(
3URJUDPDVGHHMHPSORLQFOXLGRVHQHOSDTXHWH3+3),
&9(
,5,;
9XOQHUDELOLGDGHVGH&*,VPiVLPSRUWDQWHVVLQLQFOXLUORVSURJUDPDVGHHMHPSOR
•
•
•
•
•
•
•
•
•
•
•
&$1
&*,GH/LEURGHYLVLWDVGH:HE&RP
&$1DSOLFDEOHDWRGRVORVVHUYLGRUHV
&RQVXOWDUKWWSZZZFHUWRUJDGYLVRLUHV&$
LQWHUSUHWHUVBLQBFJLBELQBGLUKWPO
5HPHGLR
/DVROXFLyQDHVWHSUREOHPDHVDVHJXUDUVHTXHQRVHHQFXHQWUHQLQJXQDFRSLD
GHORVSURJUDPDVLQWpUSUHWHVGHOHQJXDMHVSURSyVLWRJHQHUDOFRPRSRU
HMHPSOR3(5/7&/VKHOOVGH8QL[VKFVKNVKHWF
&9(
ZZZFRXQWYHUVLyQ
&9(
6XEVLVWHPD2XWER[GH,5,;
&9(
3DTXHWH3+3),
&9(
*OLPSVH+773\:HE*OLPSVH
&9(
6XEVLVWHPD2XWER[GH,5,;
&9(
6XEVLVWHPD2XWER[GH,5,;
&9(DSOLFDEOHDWRGRVORVVHUYLGRUHV
&RQVXOWDUKWWS[IRUFHLVVQHWVWDWLFSKS\
KWWSZZZQHWVFDSHRUJFJLELQZD"$ LQG%/ EXJWUDT3 5
5HPHGLR
(OLPLQDUHOVFULSW¶YLHZVRXUFH·GHOGLUHFWRULRFJLELQGHOVHUYLGRUZHE
&9(
:HEVLWHGH2·5HLOO\
&9(
:HEVLWHGH2·5HLOO\
•
•
•
•
•
•
•
•
&9(
/LEURGHYLVLWDVGH:HEFRPSDUDVHUYLGRUHVZHEHQHQWRUQR:LQ
&9(
)D[6XUYH\SDUDVLVWHPDV/LQX[
&9(
([FLWHIRU:HE6HUYHUV
&9(
$JHQWHGHJHVWLyQ\XWLOLGDGGHDQiOLVLVGH&RPSDT
&9(
&*,2PQL+773G
&9(
&*,GHO0LFURVRIW64/6HUYHU
&9(
6LVWHPDGHE~VTXHGD$OWDYLVWD
&9(
KWVHDUFKSDUDKWGLJ
9XOQHUDELOLGDGHVHQORVSURJUDPDVGHHMHPSORGH&ROG)XVLRQ
•
•
•
&$1
&$1
&$1
2WUDVYXOQHUDELOLGDGHVGH&ROG)XVLRQ
•
•
&$1
&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
•
•
1RHMHFXWDUHOVHUYLGRUZHEFRPRURRW
(OLPLQDUORVLQWpUSUHWHVGHVFULSWVSDUD&*,VGHORVGLUHFWRULRVELQ
KWWSZZZFHUWRUJDGYLVRULHV&$LQWHUSUHWHUVBLQBFJLBELQBGLUKWPO
(OLPLQDUORVVFULSWV&*,QRVHJXURV
KWWSZZZFHUWRUJDGYLVRULHV&$QSKWHVWFJLBVFULSWKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$FJLBH[DPSOHBFRGHKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$ZHEGLVWKWPO
(VFULELUSURJUDPDV&*,VHJXURV
KWWSZZZLEPFRPVRIWZDUHGHYHORSHUOLEUDU\VHFXUHFJL
KWWSZZZFHUWRUJWHFKBWLSVFJLBPHWDFKDUDFWHUVKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$&RXQWBFJLKWPO
•
•
1RFRQILJXUDUHOVRSRUWHGH&*,VHQDTXHOORVVHUYLGRUHVZHETXHQROR
QHFHVLWHQ
(MHFXWDUHOVHUYLGRUZHEHQXQHQWRUQRGHGLUHFWRULRVFKURRWSDUDSURWHJHUOD
PiTXLQDGHSRVLEOHVDWDTXHVWRGDYtDQRGHVFXELHUWRV
Debilidades en llamadas de procedimiento remoto (RPC) en
rpc.ttdbserverd (ToolTalk), rpc.cmsd (Calendar Manager) y
rpc.statd que permiten la obtención inmediata de privilegio de
root
/DVOODPDGDVGHSURFHGLPLHQWRUHPRWR53&SHUPLWHQDORVSURJUDPDVGHXQ
RUGHQDGRUODHMHFXFLyQGHSURJUDPDVHQXQVHJXQGRRUGHQDGRU6HXWLOL]DQ
KDELWXDOPHQWHSDUDDFFHGHUDVHUYLFLRVGHUHGWDOHVFRPRODFRPSDUWLFLyQGH
DUFKLYRVHQ1)6'LYHUVDVYXOQHUDELOLGDGHVRULJLQDGDVSRUEUHFKDVGH53&VRQ
H[SORWDGDVGHIRUPDDFWLYD([LVWHXQDHYLGHQFLDFRQYLQFHQWHTXHODPD\RUSDUWHGH
ORVDWDTXHVGLVWULEXLGRVGHGHQHJDFLyQGHVHUYLFLRHIHFWXDGRVGXUDQWH\
SULQFLSLRVGHOIXHURQHMHFXWDGRVSRUVLVWHPDVDORVTXHVHKDEtDFRPSURPHWLGR
GHELGRDVXVYXOQHUDELOLGDGHVHQSURJUDPDV53&(ODWDTXHH[LWRVRJHQHUDOFRQWUD
ORVVLVWHPDVGHOHMpUFLWRGHORV((88RFXUULGRHQHOLQFLGHQWH
6RODU6XQULVH
XWLOL]y
LJXDOPHQWHXQHUURUHQXQSURJUDPD53&SUHVHQWHHQFLHQWRVGHVLVWHPDVGHO
GHSDUWDPHQWRGHGHIHQVDDPHULFDQR
6LVWHPDVDIHFWDGRV
'LYHUVRVVLVWHPDV81,;\/LQX[
5HJLVWUR&9(
USFWWGEVHUYHUG&9(&9(&9(
HVPiVUHFLHQWHTXHHOSHURDPERVSHUPLWHQDORVDWDFDQWHVUHPRWRV
REWHQHUSULYLOHJLRVGHURRW\HVEDVWDQWHSUREDEOHTXHHOWRGDYtDHVEDVWDQWH
IUHFXHQWHVyORSXHGHXWLOL]DUVHDQLYHOORFDOSHURSHUPLWHREWHQHUSULYLOHJLR
GHURRW
USFFPVG²&9(
USFVWDWG&9(&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
6LHPSUHTXHVHDSRVLEOHGHVDFWLYDU\RHOLPLQDUHVWRVVHUYLFLRVHQODV
PiTXLQDVTXHVRQGLUHFWDPHQWHDFFHVLEOHVGHVGH,QWHUQHW
&XDQGRVHDQHFHVDULRXWLOL]DUORVLQVWDODUORVSDUFKHVPiVUHFLHQWHV
3DUFKHVSDUDVLVWHPDV6RODULV
KWWSVXQVROYHVXQFRP
3DUD$,;GH,%0
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPVXSSRUWUVVXSSRUWGRZQORDGV
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPUVNIL[HVKWPO
3DUDVLVWHPDV6*,
KWWSVXSSRUWVJLFRP
3DUD&RPSDT'LJLWDO8QL[
KWWSZZZFRPSDTFRPVXSSRUW
%XVFDUHQODVEDVHVGHGDWRVGHSDUFKHVGHFDGDIDEULFDQWHORVSDUFKHVSDUD
WRROWDONHLQVWDODUORVGHIRUPDLQPHGLDWD
8QGRFXPHQWRTXHUHVXPHORVFRQVHMRVHVSHFtILFRVSDUDFDGDXQDGHODVWUHV
YXOQHUDELOLGDGHVSULQFLSDOHVGH53&VHHQFXHQWUDHQ
KWWSZZZFHUWRUJLQFLGHQWBQRWHV,1KWPO
3DUDVWDWGG
KWWSZZZFHUWRUJDGYLVRULHV&$VWDWGDXWRPRXQWGKWPO
3DUD7RRO7DON
KWWSZZZFHUWRUJDGYLVRULHV&$WRROWDONKWPO
3DUD&DOHQGDU0DQDJHU
KWWSZZZFHUWRUJDGYLVRULHV&$FPVGKWPO
Agujero de seguridad RDS en Microsoft
Internet Information Server (IIS)
0LFURVRIW,QWHUQHW,QIRUPDWLRQ6HUYHU,,6HVHOVHUYLGRUZHEXWLOL]DGRSRUOD
PD\RUtDGHVHUYLGRUHVZHELQVWDODGRVHQODSODWDIRUPD:LQGRZV17\:LQGRZV
$OJXQRVHUURUHVHQODSURJUDPDFLyQGHORVVHUYLFLRVGHGDWRVUHPRWRV5HPRWH
'DWD6HUYLFHV5'6VRQXWLOL]DGRVSRUXVXDULRVFRQPDODVLQWHQFLRQHVSDUDHMHFXWDU
PDQGDWRVUHPRWRVFRQSULYLOHJLRGHDGPLQLVWUDGRU$OJXQRVGHORVSDUWLFLSDQWHVHQ
ODUHGDFFLyQGHODOLVWD´7RS7HQµFRQVLGHUDQTXHRWUDVEUHFKDVGHO,,6WDOHVFRPR
ORVDUFKLYRV+75VRQSRUORPHQRVWDQXWLOL]DGDVFRPRHVWDEUHFKDGHO5'6/D
SUXGHQFLDUHFRPLHQGDDODVRUJDQL]DFLRQHVXVXDULDVGHO,,6DSURYHFKDUOD
LQVWDODFLyQDFWXDOL]DFLyQQHFHVDULDSDUDVROXFLRQDUHOSUREOHPDFRQ5'6SDUDOD
LQVWDODFLyQGHWRGRVORVSDUFKHV\DFWXDOL]DFLRQHVQHFHVDULRVSDUDVROXFLRQDUWRGDV
ODVEUHFKDVGHVHJXULGDGFRQRFLGDVGHO,,6
6LVWHPDVDIHFWDGRV
6LVWHPDVFRQ0LFURVRIW:LQGRZV17TXHXWLOLFHQHO,QWHUQHW,QIRUPDWLRQ6HUYHU
5HJLVWUR&9(
&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
8QDFRPSOHWDJXLDVREUHHVWDGHELOLGDG\VREUHFRPRVROXFLRQDUODVH
HQFXHQWUDGLVSRQLEOHHQ
8WLOL]DUODLQIRUPDFLyQSXEOLFDGDSRU0LFURVRIWSDUDGHVKDELOLWDUHOVHUYLFLRR
VROXFLRQDUODYXOQHUDELOLGDG5'6\RWURVSUREOHPDVGHVHJXULGDGGHO,,6
KWWSVXSSRUWPLFURVRIWFRPVXSSRUWNEDUWLFOHVTDVS
KWWSZZZPLFURVRIWFRPWHFKQHWVHFXULW\EXOOHWLQPVDVS
KWWSZZZPLFURVRIWFRPWHFKQHWVHFXULW\EXOOHWLQPVDVS
Debilidad por el desbordamiento de buffer en sendmail
ataques mediante áreas de interconexión de memoria y
MIMEbo; todas ellas permiten comprometer la cuenta root
inmediatamente.
6HQGPDLOHVHOSURJUDPDPiVXWLOL]DGRHQVLVWHPDV81,;\/LQX[SDUDHQYLDUUHFLELU
\UHGLUHFFLRQDUHOFRUUHRHOHFWUyQLFR/DDPSOLDXWLOL]DFLyQGH6HQGPDLOHQ,QWHUQHW
ORFRQYLHUWHHQXQRGHORVSULQFLSDOHVREMHWLYRVGHORVDWDFDQWHV$ORODUJRGHORV
DxRVVHKDQGHWHFWDGRGLYHUVRVGHIHFWRV/DSULPHUDUHFRPHQGDFLyQHPLWLGDSRU
HO&(57&&HQKDFtDUHIHUHQFLDDXQDGHELOLGDGH[SORWDEOHGHVHQGPDLO(Q
XQRGHORVDWDTXHVPiVKDELWXDOHVHODWDFDQWHHQYtDXQPHQVDMH
FRQYHQLHQWHPHQWHIRUPDWHDGRDOVLVWHPDTXHHMHFXWD6HQGPDLOpVWHORLQWHUSUHWD
FRPRXQFRQMXQWRGHLQVWUXFFLRQHVPHGLDQWHODVFXDOHVODPiTXLQDYtFWLPDGHO
DWDTXHHQYtDHODUFKLYRGHFRQWUDVHxDVDODPiTXLQDGHODWDFDQWHRFXDOTXLHURWUD
YtFWLPDGRQGHVHSRGUiQGHVFLIUDUODVFRQWUDVHxDV
6LVWHPDVDIHFWDGRV
'LYHUVRVVLVWHPDV81,;\/LQX[
5HJLVWUR&9(
&9(&9(&9(&9(&9(
&9(
&9(VyORSXHGHXWLOL]DUVHORFDOPHQWH
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
$FWXDOL]DUDOD~OWLPDYHUVLyQGHVHQGPDLO\RLPSOHPHQWDUORVSDUFKHVSDUD
VHQGPDLO&RQVXOWDU
KWWSZZZFHUWRUJDGYLVRULHV&$VHQGPDLOKWPO
1RHMHFXWDUVHQGPDLOHQPRGDOLGDGGDHPRQGHVDFWLYDUODRSFLyQEGHQ
ORVVLVWHPDVTXHQRVRQVHUYLGRUHVRHQFDPLQDGRUHVGHFRUUHR
sadmind y mountd
6DGPLQGSHUPLWHODDGPLQLVWUDFLyQUHPRWDGHORVVLVWHPDV6RODULVSURSRUFLRQDQGR
XQDFFHVRJUiILFRDODVWDUHDVGHDGPLQLVWUDFLyQGHOVLVWHPD0RXQWGFRQWUROD\
DUEULWUDHODFFHVRDORVYRO~PHQHV1)6HQORVVLVWHPDV81,;([LVWHQ
GHVERUGDPLHQWRVGHEXIIHUVHQHVWDVDSOLFDFLRQHVTXHSXHGHQVHUXWLOL]DGRVSRU
DWDFDQWHVSDUDREWHQHUHODFFHVRDODFXHQWDURRW
6LVWHPDVDIHFWDGRV
'LYHUVRVVLVWHPDV81,;\/LQX[
6DGPLQGVyORVLVWHPDV6RODULV
5HJLVWUR&9(
VDGPLQG&9(
PRXQWG&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
•
6LHPSUHTXHVHDSRVLEOHGHVDFWLYDU\RHOLPLQDUHVWRVVHUYLFLRVHQODV
PiTXLQDVTXHVRQGLUHFWDPHQWHDFFHVLEOHVGHVGH,QWHUQHW
,QVWDODUORV~OWLPRVSDUFKHV
3DUFKHVSDUDVLVWHPDV6RODULV
KWWSVXQVROYHVXQFRP
3DUD$,;GH,%0
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPVXSSRUWUVVXSSRUWGRZQORDGV
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPUVNIL[HVKWPO
3DUDVLVWHPDV6*,
KWWSVXSSRUWVJLFRP
3DUD&RPSDT'LJLWDO8QL[
KWWSZZZFRPSDTFRPVXSSRUW
0iVLQIRUPDFLyQHQ
KWWSZZZFHUWRUJDGYLVRULHV&$VDGPLQGKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$PRXQWGKWPO
Compartición de archivos global y compartición de información
inapropiada mediante NetBIOS y los puertos 135 -> 139 en
Windows NT (445 en Windows 2000); exports de NFS en Unix
(puerto 2049), compartición vía web en Macintosh y Appleshare/IP
en los puertos 80, 427 y 548.
7RGRVHVWRVVHUYLFLRVSHUPLWHQODFRPSDUWLFLyQGHDUFKLYRVHQUHGHV&XDQGRVRQ
FRQILJXUDGRVGHIRUPDLQDSURSLDGDSXHGHQH[SRQHUDUFKLYRVGHVLVWHPDFUtWLFRVR
LQFOXVRSHUPLWLUXQDFFHVRFRPSOHWRDOVLVWHPDGHDUFKLYRVDFXDOTXLHUDTXHHVWp
FRQHFWDGRHQODUHG0XFKRVSURSLHWDULRVGHRUGHQDGRUHV\DGPLQLVWUDGRUHVXWLOL]DQ
HVWRVVHUYLFLRVSDUDSHUPLWLUTXHVXVVLVWHPDVGHDUFKLYRVVHDQYLVLEOHVHQ
PRGDOLGDGGHOHFWXUD\RHVFULWXUDHQXQLQWHQWRGHKDFHUPiVFRQYHQLHQWHHO
DFFHVRDORVGDWRV/RVDGPLQLVWUDGRUHVGHXQVLVWHPDGHOJRELHUQRGHORV((88
GHGLFDGRDOGHVDUUROORGHVRIWZDUHSDUDODSODQLILFDFLyQGHPLVLRQHVORFRQILJXUDURQ
GHWDOIRUPDTXHFXDOTXLHUDSXGLHUDOHHUORVDUFKLYRVGHIRUPDTXHORVFRPSDxHURV
GHRWURVHGLILFLRVWXYLHUDQXQIiFLODFFHVRDODLQIRUPDFLyQ6yORGRVGtDVGHVSXpV
RWUDVSHUVRQDVKDEtDQGHVFXELHUWRHVWDFRPSDUWLFLyQDELHUWD\UREDURQHOVRIWZDUH
GHSODQLILFDFLyQGHPLVLRQHV
&XDQGRODFRPSDUWLFLyQGHDUFKLYRVVHHQFXHQWUDDFWLYDGDHQODVPiTXLQDV
:LQGRZVpVWDVVRQYXOQHUDEOHVDOURERGHLQIRUPDFLyQ\DORVHIHFWRVGH
GHWHUPLQDGRVWLSRVGHYLUXVGHUiSLGDGLIXVLyQ8QYLUXVUHFLHQWHPHQWHSXEOLFDGR
GHQRPLQDGRµ:RUPµXWLOL]DODFRPSDUWLFLyQGHDUFKLYRVGHORVVLVWHPDV
:LQGRZV\SDUDSURSDJDUVH\KDFHTXHHORUGHQDGRULQIHFWDGRXWLOLFHVX
PyGHPSDUDOODPDUDOQ~PHURGHHPHUJHQFLDVHQ((88/RVRUGHQDGRUHV
0DFLQWRVKVRQWDPELpQYXOQHUDEOHVDORVDWDTXHVGHODFRPSDUWLFLyQGHDUFKLYRV
(OPLVPRPHFDQLVPR1HW%,26TXHSHUPLWHODFRPSDUWLFLyQGHDUFKLYRVHQ:LQGRZV
SXHGHVHUXWLOL]DGRSDUDREWHQHULQIRUPDFLyQVHQVLEOHGHORVVLVWHPDV170HGLDQWH
ODXWLOL]DFLyQGHXQDµVHVLyQQXODµDOVHUYLFLRGHVHVLyQ1HW%,26VHSXHGHREWHQHU
LQIRUPDFLyQVREUHORVXVXDULRV\JUXSRVQRPEUHGHXVXDULRIHFKDGHOD~OWLPD
FRQH[LyQSROtWLFDGHFRQWUDVHxDVLQIRUPDFLyQGHDFFHVRUHPRWRLQIRUPDFLyQ
VREUHHOVLVWHPD\GHWHUPLQDGDVHQWUDGDVGHOUHJLVWUR(VWDLQIRUPDFLyQHV
KDELWXDOPHQWHXWLOL]DGDSDUDRUJDQL]DUXQDWDTXHGHIXHU]DEUXWDSDUDGHWHUPLQDU
FRQWUDVHxDVRELHQXQDVLPSOHSUXHEDGHGLYHUVDVFRQWUDVHxDV
6LVWHPDVDIHFWDGRV
6LVWHPDV81,;:LQGRZV\0DFLQWRVK
5HJLVWUR&9(
&RPSDUWLFLRQHV60%FRQXQHVFDVRFRQWUROGHDFFHVR&$1
([SRUWVGH1)6SDUDWRGRV&$1
(VWRVUHJLVWURVFDQGLGDWRVVHUiQFRQWRGDSUREDELOLGDGDPSOLDPHQWHPRGLILFDGRV
DQWHVGHVHUDFHSWDGRVFRPRUHJLVWURV&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
&XDQGRVHFRPSDUWHQGLVFRVPRQWDGRVYHULILFDUTXH~QLFDPHQWHORV
GLUHFWRULRVQHFHVDULRVVRQFRPSDUWLGRV
•
•
•
•
•
3DUDPD\RUVHJXULGDGSHUPLWLUVyORODFRPSDUWLFLyQDGLUHFFLRQHV,3
HVSHFtILFDVGDGRTXHORVQRPEUHVGH'16SXHGHQVHUVXSODQWDGRV
(QORVVLVWHPDV:LQGRZVYHULILFDUTXHWRGDVODVFRPSDUWLFLRQHVHVWiQ
SURWHJLGDVPHGLDQWHFRQWUDVHxDVIXHUWHV
(QORVVLVWHPDV:LQGRZV17SUHYHQLUODHQXPHUDFLyQDQyQLPDGHXVXDULRV
JUXSRVFRQILJXUDFLyQGHOVLVWHPD\YDORUHVGHOUHJLVWURPHGLDQWHXQD
FRQH[LyQDQyQLPD
%ORTXHDUODVFRQH[LRQHVHQWUDQWHVDOVHUYLFLRGHVHVLyQ1HW%,26SXHUWRWFS
HQHOGLUHFFLRQDGRURHQODPiTXLQD17
&RQVLGHUDUODLPSODQWDFLyQGHODFODYHGHOUHJLVWURRestrictAnonymous
HQDTXHOORVVLVWHPDVLQGHSHQGLHQWHVRHQGRPLQLRVQRFRQILDEOHV\TXH
HVWpQFRQHFWDGRVD,QWHUQHW
17KWWSVXSSRUWPLFURVRIWFRPVXSSRUWNEDUWLFOHV4DVS
:LQGRZV
KWWSVXSSRUWPLFURVRIWFRPVXSSRUWNEDUWLFOHV4$63
(QORVVLVWHPDV0DFLQWRVKGHVKDELOLWDUODVH[WHQVLRQHVGHFRPSDUWLFLyQGH
DUFKLYRV\FRPSDUWLFLyQZHEVLQRVRQUHDOPHQWHQHFHVDULRV6LOD
FRPSDUWLFLyQGHDUFKLYRVGHEHHVWDUDFWLYDUYHULILFDUODXWLOL]DFLyQGH
FRQWUDVHxDVIXHUWHVSDUDHODFFHVR\GHWHQHUODFRPSDUWLFLyQGHDUFKLYRV
FXDQGRQRVHXWLOLFH
3DUDGHVDFWLYDUGHIRUPDSHUPDQHQWHODFRPSDUWLFLyQZHEHQ0DF26\
0DF26ERUUDUORVDUFKLYRV\UHLQLFLDU
Carpeta del sistema:Paneles de control:Compartir web
Carpeta del sistema:Extensiones:Extensión compartir web
3DUDGHVKDELOLWDUSHUPDQHQWHPHQWH$SSOH6KDUH,3HQ0DF26ERUUDUHO
VLJXLHQWHDUFKLYR\UHLQLFLDUODPiTXLQD
Carpeta del sistema:Extensiones:Shareway IP Personal
Subord.
([LVWHXQWHVWUiSLGRVHJXUR\JUDWXLWRSDUDGHWHUPLQDUVLODFRPSDUWLFLyQ
GHDUFKLYRV1HW%,26\ODVYXOQHUDELOLGDGHVDVRFLDGDVHVWiQSUHVHQWHV(VWH
WHVWSXHGHUHDOL]DUVHGHVGH&8$/48,(5VLVWHPDRSHUDWLYR\VHHQFXHQWUD
HQODSiJLQDZHEGH*LEVRQ5HVHDUFK&RUSRUDWLRQ6yORHVQHFHVDULR
DFFHGHUDODSiJLQDKWWSJUFFRP\KDFHUFOLFHQHOLFRQR´6KLHOGV83µ
SDUDUHFLELUXQLQIRUPHHQWLHPSRUHDOGHFXDOTXLHUYXOQHUDELOLGDG
1HW%,26DFFHVLEOHGHVGH,QWHUQHW6HLQFOX\HQLQVWUXFFLRQHVGHWDOODGDVSDUD
D\XGDUDORVXVXDULRVGH0LFURVRIW:LQGRZVHQODHOLPLQDFLyQGHHVWDV
YXOQHUDELOLGDGHV
Cuentas de usuario, especialmente la de root o del administrador
sin contraseñas o con contraseñas débiles.
([LVWHQVLVWHPDVTXHYLHQHQSUHFRQILJXUDGRVFRQFXHQWDVGHXVXDULRGH
GHPRVWUDFLyQRLQYLWDGRTXHFDUHFHQGHFRQWUDVHxDRXWLOL]DQXQDFRQWUDVHxDSRU
RPLVLyQDPSOLDPHQWHFRQRFLGD/RVRSHUDULRVGHVHUYLFLRDFRVWXPEUDQDGHMDUODV
FXHQWDVFUHDGDVSDUDHOPDQWHQLPLHQWRVLQFRQWUDVHxDV\GHWHUPLQDGRVVLVWHPDVGH
JHVWLyQGHEDVHGHGDWRVLQVWDODQFXHQWDVGHDGPLQLVWUDFLyQXWLOL]DQGRFRQWUDVHxDV
SRURPLVLyQ3RURWUDSDUWHORVDGPLQLVWUDGRUHVGHVLVWHPDVVXHOHQXWLOL]DU
FRQWUDVHxDVTXHVRQIiFLOPHQWHLGHQWLILFDEOHV
DPRU
GLQHUR
PDJLD
VRQPX\
KDELWXDOHVRVLPSOHPHQWHXQDFRQWUDVHxDHQEODQFR/DXWLOL]DFLyQGHODV
FRQWUDVHxDVSRURPLVLyQSHUPLWHDORVDWDFDQWHVHODFFHVRDORVVLVWHPDVVLQQLQJ~Q
HVIXHU]R0XFKRVDWDFDQWHVSUXHEDQHQSULPHUOXJDUDQWHVGHODQ]DUXQDWDTXH
PiVVRILVWLFDGRHOXVRGHODVFRQWUDVHxDVSRURPLVLyQ\VLHVQHFHVDULRD
FRQWLQXDFLyQFRQODVFRQWUDVHxDVPiVKDELWXDOHV/DVFXHQWDVFRPSURPHWLGDV
VXSRQHQTXHHODWDFDQWHVHHQFXHQWUDGHQWURGHOFRUWDIXHJRV\GHODPiTXLQD
REMHWLYR8QDYH]GHQWURODPD\RUtDGHORVDWDFDQWHVXWLOL]DQDOJXQRVGHORV
DPSOLDPHQWHGLYXOJDGRVPpWRGRVSDUDREWHQHUHOSULYLOHJLRGHURRWR
DGPLQLVWUDGRU
6LVWHPDVDIHFWDGRV
7RGRVORVVLVWHPDV
5HJLVWUR&9(
&RQWUDVHxDVGH8QL[IiFLOPHQWHLGHQWLILFDEOHVGpELOHV&$1
&RQWUDVHxDVSRURPLVLyQRHQEODQFRGH8QL[&$1
&RQWUDVHxDVGH17IiFLOPHQWHLGHQWLILFDEOHVGpELOHV&$1
&RQWUDVHxDVSRURPLVLyQRHQEODQFRGH17&$1
(VWRVUHJLVWURVFDQGLGDWRVVHUiQFRQWRGDSUREDELOLGDGDPSOLDPHQWHPRGLILFDGRV
DQWHVGHVHUDFHSWDGRVFRPRUHJLVWURV&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
•
&UHDUXQDSROtWLFDGHFRQWUDVHxDVDFHSWDEOHGRQGHVHLQGLTXHODDVLJQDFLyQ
GHUHVSRQVDELOLGDGHV\ODIUHFXHQFLDFRQTXHGHEHYHULILFDUVHODFDOLGDGGH
ODVFRQWUDVHxDV$VHJXUDUVHTXHORVDOWRVHMHFXWLYRVGHODHPSUHVDQRHVWpQ
H[HQWRV,JXDOPHQWHLQFOXLUHQODSROtWLFDHOUHTXLVLWRGHPRGLILFDUWRGDVODV
FRQWUDVHxDVSRURPLVLyQFRPRSDVRSUHYLRDODFRQH[LyQGHXQRUGHQDGRUD
,QWHUQHWHVSHFLILFDQGRODVSHQDOL]DFLRQHVSRULQFXPSOLPLHQWRGHODQRUPD
£08<,03257$17(2EWHQHUDXWRUL]DFLyQSRUHVFULWRSDUDYHULILFDUODV
FRQWUDVHxDV
9HULILFDUODIRUWDOH]DGHODVFRQWUDVHxDVPHGLDQWHSURJUDPDVGHFUDTXHRGH
FRQWUDVHxDV
3DUD:LQGRZV17OSKWFUDFNKWWSZZZOSKWFRP
•
•
•
3DUD81,;&UDFNKWWSZZZXVHUVGLUFRQFRXNaFU\SWR
,PSOHPHQWDUXWLOLGDGHVTXHYHULILTXHQODVFRQWUDVHxDVHQHOPRPHQWRHQ
TXHVHFUHDQ
3DUD81,;1SDVVZGKWWSZZZXWH[DVHGXFFXQL[VRIWZDUHQSDVVZG
3DUD:LQGRZV17
KWWSVXSSRUWPLFURVRIWFRPVXSSRUWNEDUWLFOHV4DVS
)RU]DUODH[SLUDFLyQSHULyGLFDGHODVFRQWUDVHxDVGHDFXHUGRFRQOD
IUHFXHQFLDLQGLFDGDHQODSROtWLFDGHVHJXULGDG
0DQWHQHUKLVWyULFRVGHFRQWUDVHxDVSDUDHYLWDUTXHORVXVXDULRVYXHOYDQD
XWLOL]DUODVFRQWUDVHxDVDQWLJXDV
3DUDLQIRUPDFLyQDGLFLRQDOFRQVXOWDU
KWWSZZZFHUWRUJWHFKBWLSVSDVVZGBILOHBSURWHFWLRQKWPO
KWWSZZZFHUWRUJLQFLGHQWBQRWHV,1KWPO
KWWSZZZFHUWRUJLQFLGHQWBQRWHV,1LUL[KWPO
Vulnerabilidades de desbordamiento de buffer o configuración
incorrecta de IMAP y POP.
,0$3\323VRQXQRVSURWRFRORVGHFRUUHRUHPRWRPX\SRSXODUHV\DTXHSHUPLWHQHO
DFFHVRDODVFXHQWDVGHFRUUHRHOHFWUyQLFRGHVGHODVUHGHVLQWHUQDV\RH[WHUQDV
/DVFDUDFWHUtVWLFDVGHµDFFHVRDELHUWRµGHHVWRVVHUYLFLRVORVKDFHHVSHFLDOPHQWH
YXOQHUDEOHVDDWDTXHVGDGRTXHORVFRUWDIXHJRVKDELWXDOPHQWHSHUPLWHQHODFFHVRD
ORVPLVPRVSDUDSHUPLWLUHODFFHVRUHPRWRDOFRUUHRHOHFWUyQLFR/RVDWDFDQWHV
TXHH[SORWDQODVYXOQHUDELOLGDGHVHQ,0$3R323KDELWXDOPHQWHREWLHQHDFFHVR
LQVWDQWiQHRFRPRURRW
6LVWHPDVDIHFWDGRV
'LYHUVRVVLVWHPDV81,;\/LQX[
5HJLVWUR&9(
&9(&9(&9(&9(&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
•
'HVKDELOLWDUHVWRVVHUYLFLRVHQDTXHOODVPiTXLQDVTXHQRVRQVHUYLGRUHVGH
FRUUHR
8WLOL]DUODVYHUVLRQHVPiVPRGHUQDVFRQORVSDUFKHVPiVUHFLHQWHV
3DUDLQIRUPDFLyQDGLFLRQDOFRQVXOWDU
KWWSZZZFHUWRUJDGYLVRULHV&$LPDSGKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$TSRSSHUBYXOKWPO
KWWSZZZFHUWRUJDGYLVRULHV&$LPDSBSRSKWPO
$OJXQRVH[SHUWRVDFRQVHMDQLJXDOPHQWHFRQWURODUHODFFHVRDHVWRVVHUYLFLRV
XWLOL]DQGR7&3ZUDSSHUV\FDQDOHVHQFULSWDGRVWDOHVFRPR66+\66/FRQHO
REMHWLYRGHSURWHJHUODVFRQWUDVHxDV
Nombres de comunidad SNMP por omisión como
‘public’ y ‘private’.
(OSURWRFRORVLPSOHGHJHVWLyQGHUHG6103HVKDELWXDOPHQWHXWLOL]DGRSRUORV
DGPLQLVWUDGRUHVGHUHGSDUDODPRQLWRUL]DFLyQ\DGPLQLVWUDFLyQGHWRGRWLSRGH
GLVSRVLWLYRVFRQHFWDGRVDODUHGGHVGHHQFDPLQDGRUHVKDVWDLPSUHVRUDVSDVDQGRSRU
RUGHQDGRUHV6103XWLOL]DFRPR~QLFRPHFDQLVPRGHDXWHQWLFDFLyQXQµQRPEUHGH
FRPXQLGDGµTXHVHHQYtDVLQHQFULSWDU6LODIDOWDGHHQFULSWDFLyQ\DGHSRUVLHV
PDODSHRUD~QHVTXHODPD\RUSDUWHGHORVGLVSRVLWLYRV6103XWLOL]DQFRPR
FRPXQLGDGSRURPLVLyQODSDODEUDµSXEOLFµDOJXQRVIDEULFDQWHV
LQWHOLJHQWHV
GH
GLVSRVLWLYRVGHUHGKDQFDPELDGRHOQRPEUH\XWLOL]DQODSDODEUDµSULYDWHµ
/RVDWDFDQWHVSXHGHQXWLOL]DUHVWDYXOQHUDELOLGDGGHO6103SDUDUHFRQILJXUDUR
GHWHQHUGHIRUPDUHPRWDORVGLVSRVLWLYRV/DFDSWXUDGHOWUiILFR6103SRURWUD
SDUWHSXHGHUHYHODUXQDJUDQFDQWLGDGGHLQIRUPDFLyQVREUHODHVWUXFWXUDGHODUHG
DVtFRPRGHORVGLVSRVLWLYRV\VLVWHPDVFRQHFWDGRVDODPLVPD(VWDLQIRUPDFLyQHV
PX\~WLOSDUDORVDWDFDQWHVHQYLVWDVDODVHOHFFLyQGHEODQFRVSDUDVXVDWDTXHV
6LVWHPDVDIHFWDGRV
7RGRVORVVLVWHPDV\GLVSRVLWLYRVGHUHG
5HJLVWUR&9(
1RPEUHGHFRPXQLGDGSXEOLF6103HQEODQFRRSRURPLVLyQ&$1
1RPEUHGHFRPXQLGDG6103IiFLOPHQWHLGHQWLILFDEOH&$1
1RPEUHVGHFRPXQLGDG6103RFXOWRV&$1&$1
(VWRVUHJLVWURVFDQGLGDWRVVHUiQFRQWRGDSUREDELOLGDGDPSOLDPHQWHPRGLILFDGRV
DQWHVGHVHUDFHSWDGRVFRPRUHJLVWURV&9(
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
•
•
•
•
6LQRVHXWLOL]D6103GHVKDELOLWDUOR
6LVHXWLOL]D6103XWLOL]DUODPLVPDSROtWLFDXWLOL]DGDSDUDODVFRQWUDVHxDV
GHVFULWDHQHOSXQWRSDUDORVQRPEUHVGHFRPXQLGDG
9DOLGDU\YHULILFDUORVQRPEUHVGHFRPXQLGDGPHGLDQWHVQPSZDON
6LHPSUHTXHVHDSRVLEOHFRQILJXUDUORV0,%VHQPRGDOLGDGGHVyOROHFWXUD
,QIRUPDFLyQDGLFLRQDO
KWWSZZZFLVFRFRPXQLYHUFGFFWGGRFFLVLQWZNLWRBGRFVQPSKWP[WRFLG
Un punto de alta prioridad para usuarios y administradores
de Windows: Varios agujeros de script en Internet Explorer y
Microsoft Office 2000
/RVUHFLHQWHVDWDTXHVGHYLUXVKDQSXHVWRGHUHOLHYHFRPRXQDVPDFURVRVFULSWV
SXHGHQSURSDJDUVHIiFLOPHQWHDWUDYpVGHDUFKLYRVDVRFLDGRVDOFRUUHRHOHFWUyQLFR
OOHJDQGRDWHQHUTXHDFRQVHMDUDORVXVXDULRVTXHQRDEUDQQLQJ~QDUFKLYRDVRFLDGR
DXQPHQVDMHTXHVHDSRWHQFLDOPHQWHSHOLJURVR1RREVWDQWHORVXVXDULRVGH
:LQGRZVSXHGHQD\XGDUDODSURSDJDFLyQGHSHOLJURVRVYLUXVVLQWHQHUTXHDEULU
QLQJ~QDUFKLYR0LFURVRIW2XWORRN\2XWORRN([SUHVVHMHFXWDQHQVXV
FRQILJXUDFLRQHVSRURPLVLyQHOFyGLJR+70/\ORVVFULSWVLQFOXLGRVHQORV
PHQVDMHV$GLFLRQDOPHQWHDOJXQRVFRPSRQHQWHV$FWLYH;SXHGHQVHUXWLOL]DGDV
GHVGHHOFyGLJRLQFOXLGRHQDOJXQRVPHQVDMHVFRQ+70/$OJXQRVGHORVFRQWUROHV
YXOQHUDEOHVVRQHO6FULSOHWW\SOLELQFOXLGRHQ,([<[\HOFRQWURO8$2IILFH
2WUDVSRVLEOHVYXOQHUDELOLGDGHVSRUODXWLOL]DFLyQGH$FWLYH6FULSWLQJVRQOD
SRVLELOLGDGGHTXHXQPHQVDMHLQVWDOHXQSURJUDPDHQHORUGHQDGRUGHOXVXDULR
$FWXDOPHQWHH[LVWHXQYLUXVUHODWLYDPHQWHEHQLJQRGHQRPLQDGR.$.TXHVH
SURSDJDXWLOL]DQGRHVWRVPHFDQLVPRV(QFXDOTXLHUPRPHQWRHVSRVLEOHTXH
DSDUH]FDXQDYHUVLyQPDOLJQDGHNDN$FRQVHMDPRVTXHWRGRVORVXVXDULRV\
DGPLQLVWUDGRUHVFRQILJXUHQ2XWORRN\2XWORRN([SUHVVSDUDXWLOL]DUHOFRUUHR
HOHFWUyQLFRFRPRµ=RQDGHVLWLRVUHVWULQJLGRVµ\DGLFLRQDOPHQWHGHVKDELOLWDU
WRGDVODVRSFLRQHVUHODFLRQDGDVFRQ$FWLYH6FULSWLQJ\$FWLYH;GHQWURGHHVD
]RQD(VWRVHKDFHDWUDYpVGHODSDUWDGR+HUUDPLHQWDV_2SFLRQHV_6HJXULGDG
SHURSXHGHDXWRPDWL]DUVHDWUDYpVGHODVSROtWLFDVGHOVLVWHPD0LFURVRIWKD
SXEOLFDGRSDUFKHVSDUDORVSUREOHPDVLQGLYLGXDOHV\HVWiXOWLPDQGRXQSDUFKHTXH
ILMDUiORVYDORUHVGHVHJXULGDGHQ2XWORRNDXQTXHDSDUHQWHPHQWHQRKD\SODQHV
GHDUUHJODU2XWORRN([SUHVV
6LVWHPDVDIHFWDGRV
7RGRVORVVLVWHPDV:LQGRZVFRQ,QWHUQHW([SORUHU[\[LQFOXVRVLQRVHXWLOL]D
R2IILFH:LQGRZVQRVHYHDIHFWDGRSRUDOJXQDVGHODVYXOQHUDELOLGDGHV
GH,QWHUQHW([SORUHU
5HJLVWUR&9(
&9(
&$1
&RQVHMRVSDUDODUHVROXFLyQGHOSUREOHPD
KWWSZZZPLFURVRIWFRPVHFXULW\EXOOHWLQVPVDVS
KWWSZZZPLFURVRIWFRPVHFXULW\EXOOHWLQV06DVS
KWWSZZZPLFURVRIWFRPWHFKQHWVHFXULW\EXOOHWLQ06DVS
/RVSDUFKHVSDUDODVYXOQHUDELOLGDGHVSDUWLFXODUHVGHVFULWDVVHHQFXHQWUDQHQ
KWWSZZZPLFURVRIWFRPPVGRZQORDGLHEXLOGVFULSWOHWHQVFULSWOHWKWP
KWWSZZZPLFURVRIWFRPPVGRZQORDGLHEXLOGDVFRQWUROHQDVFRQWUROKWP
KWWSRIILFHXSGDWHPLFURVRIWFRPLQIRRF[KWP
'HEHUiPRGLILFDUVHOD]RQDGHVHJXULGDGDµVLWLRVUHVWULQJLGRVµGHVKDELOLWDQGR
WRGRHOFRQWHQLGRDFWLYRHQGLFKD]RQD\DSOLFDUHOSDUFKHSDUD2XWORRNWDQSURQWR
FRPRHVWpGLVSRQLEOHHQ
KWWSZZZRIILFHXSGDWHFRPDUWLFOHVRXWNVHFDUWLFOHKWP
/DDFWXDOL]DFLyQGHOVLVWHPDGHGHWHFFLyQGHYLUXVVLELHQHVLPSRUWDQWHQRHV
XQDVROXFLyQFRPSOHWDDHVWHSUREOHPD(VQHFHVDULRWDPELpQODFRUUHFFLyQGH
ODVYXOQHUDELOLGDGHVGHOVRIWZDUHGH0LFURVRIW
Protección perimetral para una línea adicional de
defensa.
(QHVWDVHFFLyQOLVWDPRVORVSXHUWRVTXHVRQKDELWXDOPHQWHVRQGHDGRV\
DWDFDGRV(OEORTXHRGHHVWRVSXHUWRVVHFRQVLGHUDXQUHTXLVLWRPtQLPRSDUDOD
VHJXULGDGSHULPHWUDODXQTXHQRGHEHFRQVLGHUDUVHFRPRXQDOLVWDGH
HVSHFLILFDFLRQHVFRPSOHWDSDUDHOFRUWDIXHJRV8QDQRUPDPXFKRPHMRUHV
EORTXHDUWRGRVORVSXHUWRVTXHQRVHXWLOLFHQ(LQFOXVRVDELHQGRTXHHVWRVSXHUWRV
HVWiQEORTXHDGRVGHEHUHPRVPRQLWRUL]DUORVDFWLYDPHQWHSDUDGHWHFWDULQWHQWRV
GHLQWUXVLyQ'HWRGDVIRUPDVVHKDFHQHFHVDULRXQDYLVR(OEORTXHRGHDOJXQRV
GHORVSXHUWRVLQFOXLGRVHQODOLVWDSXHGHGHVKDELOLWDUDOJXQRVVHUYLFLRVQHFHVDULRV
3RUWDQWRGHEHQFRQVLGHUDUVHORVHIHFWRVSRWHQFLDOHVGHHVWDVUHFRPHQGDFLRQHVGH
IRUPDSUHYLDDVXLPSOHPHQWDFLyQ
%ORTXHDUODVGLUHFFLRQHVVXSODQWDGDVSDTXHWHVSURYHQLHQWHVGHOH[WHULRU
FRQXQDGLUHFFLyQGHRULJHQGHQWURGHOUDQJRGHGLUHFFLRQHVLQWHUQDVR
SULYDGDV5)&\UHGDVtFRPRORVUDQJRVGHGLUHFFLRQHVUHVHUYDGRV
SRUOD,$1$%ORTXHDULJXDOPHQWHORVSDTXHWHVGHGLUHFFLRQDPLHQWRHQ
RULJHQ
6HUYLFLRVGHFRQH[LyQWHOQHWWFS66+WFS)73WFS1HW%,26
WFSUORJLQHWFGHOWFSDOWFS
53&\1)63RUWPDSUSFELQGWFS\XGS1)6WFS\
XGSORFNGWFS\XGS
1HW%,26HQ:LQGRZV17WFS\XGSXGSXGSWFS
:LQGRZV²ORVSXHUWRVDQWHULRUHV\WDPELpQHOWFS\XGS
;:LQGRZVSXHUWRVWFSGHODO
6HUYLFLRVGHQRPEUHV'16XGSHQWRGDVODVPiTXLQDVTXHQRVHDQ
VHUYLGRUHVGH'16WUDQVIHUHQFLDVGH]RQDGH'16WFSH[FHSWRHQORV
VHUYLGRUHVVHFXQGDULRVH[WHUQRV/'$3WFS\XGS
&RUUHR6073WFSHQWRGDVODVPiTXLQDVH[FHSWRHQORVVHUYLGRUHVGH
FRUUHRYLVLEOHVGHVGHHOH[WHULRU323WFS\WFS,0$3WFS
:HE+773WFS\66/WFSH[FHSWRHQORVVHUYLGRUHVZHE
DFFHVLEOHVGHVGHHOH[WHULRUGHEHUtDQEORTXHDUVHLJXDOPHQWHORVSXHUWRVQR
SULYLOHJLDGRVKDELWXDOPHQWHXWLOL]DGRVSRUORVVHUYLGRUHVZHEWFS
WFSWFSHWF
µ6PDOO6HUYLFHVµSXHUWRVLQIHULRUHVDOWFS\XGSWLPHWFS\
XGS
0LVFHOiQHD7)73XGSILQJHUWFS1173WFS173
WFS/3'WFSV\VORJXGS6103WFS\XGS
WFS\XGS%*3WFS62&.6WFS
,&03EORTXHDUODVVROLFLWXGHVGHHFRHQWUDQWHVSLQJ\WUDFHURXWHDVt
FRPRODVVROLFLWXGHVVDOLHQWHVGHHFRWLHPSRH[FHGLGR\QRDFFHVLEOH
H[FHSWRORVPHQVDMHVGH´SDTXHWHPX\JUDQGHµWLSRFyGLJR(VWD
OLPLWDFLyQDVXPHTXHGHVHDPRVSULYDUQRVGHORVXVRVOHJtWLPRVGHO
SURWRFROR,&03HQYLVWDVDLPSHGLUVXXWLOL]DFLyQGHIRUPDPDOLFLRVD
Información de soporte de los distribuidores de Unix
&RPSDT'LJLWDO8QL[
KWWSZZZFRPSDTFRPVXSSRUW
)UHH%6'
KWWSZZZIUHHEVGRUJVHFXULW\
+38;GH+3
(Q(VWDGRV8QLGRV&DQDGi$VLD3DFtILFR\$PpULFDGHO6XU
KWWSXVVXSSRUWH[WHUQDOKSFRP
(Q(XURSD
KWWSHXURSHVXSSRUWH[WHUQDOKSFRP
6HOHFFLRQDUORVSDTXHWHVLQGLYLGXDOHV\DFRQWLQXDFLyQFRQHFWDURFUHDUXQ
QXHYR,'GHFRQH[LyQ
3DUDREWHQHUODPDWUL]GHSDUFKHGHVHJXULGDG
IWSXVIIVH[WHUQDOKSFRPH[SRUWSDWFKHVKSX[BSDWFKBPDWUL[
$,;GH,%0
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPUVVXSSRUWGRZQORDGV
KWWSWHFKVXSSRUWVHUYLFHVLEPFRPUVNIL[HVKWPO
6&22SHQ6HUYHU\8QL[:DUH
KWWSZZZVFRFRPVHFXULW\
%ROHWLQHVGHVHJXULGDG\SDUFKHV
KWWSZZZVFRFRPVXSSRUWIWSOLVWVLQGH[KWPO
3DUFKHVJHQHUDOHVGHOVLVWHPDRSHUDWLYR
6XQ6RODULV
KWWSVXQVROYHVXQFRP
3DUFKHV\UHFRPHQGDFLRQHVGHVHJXULGDG
6*,
KWWSVXSSRUWVJLFRP
/LQX[
&DOGHUD
KWWSZZZFDOGHUDFRPVXSSRUWVHFXULW\
'HELDQ
KWWSZZZGHELDQRUJVHFXULW\LQGH[HQKWPO
0DQGUDNH
KWWSZZZOLQX[PDQGUDNHFRPHQIXSGDWHVSKS
5HG+DW
KWWSZZZUHGKDWFRPVXSSRUWXSGDWHVKWPO
6X6(
KWWSZZZVXVHFRPVXSSRUWGRZQORDGXSGDWHVLQGH[KWPO
KWWSZZZVXVHGHHQVXSSRUWVHFXULW\LQGH[KWPO
Firmantes.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
5DQG\0DUFKDQ\9LUJLQLD7HFK
6FRWW&RQWLXQLYHUVLGDGGH0DVVDFKXVHWWV
0DWW%LVKRSXQLYHUVLGDGGH&DOLIRUQLD'DYLV
6WHQ'UHVFKHU7LYROL6\VWHPV
/DQFH6SLW]QHU6XQ0LFURV\VWHPV*(666HFXULW\7HDP
$ODQ3DOOHU6$16,QVWLWXWH
6WHSKHQ1RUWKFXWW6$16,QVWLWXWH
(ULF&ROH6$16,QVWLWXWH
*HQH6SDIIRUG&(5,$6GHODXQLYHUVLGDG3XUGXH
-LP5DQVRPH3LORW1HWZRUN6HUYLFHV
)UDQN6ZLIW3LORW1HWZRUN6HUYLFHV
-LP0DJG\FK1HWZRUN$VVRFLDWHV,QF
-LPP\.XR1HWZRUN$VVRFLDWHV,QF
,JRU*DVKLQVN\1HW6HF,QF
*UHJ6KLSOH\1HRKDSVLV
7RQ\6DJHU$JHQFLD1DFLRQDOGH6HJXULGDG
/DUU\0HUULWW$JHQFLD1DFLRQDOGH6HJXULGDG
%LOO+LOO0,75(
6WHYH&KULVWH\0,75(
9LUL\D8SDWLVLQJ/R[OH\,QIRUPDWLRQ6HUYLFHV&R
0DUFXV6DFKV-7)&1''HSDUWDPHQWRGHGHIHQVDGHORV((88
%LOO\$XVWLQ,QWUXVLRQFRP
&KULVWRSKHU:.ODXV,QWHUQHW6HFXULW\6\VWHPV
:D\QH6WHQVRQ+RQH\ZHOO
0DUWLQ5RHVFK+LYHUZRUOG,QF
-HII6WXW]PDQ+HDOWKFDUH,6$&
(G6NRXGLV*OREDO,QWHJULW\
*HQH6FKXOW]*OREDO,QWHJULW\
.HOO\&RRSHU*HQXLW\
(ULF6FKXOW]H)RXQGVWRQH
%LOO+DQFRFN([RGXV&RPPXQLFDWLRQV
5RQ1JX\HQ(UQVW<RXQJ
/HH%URW]PDQ1$6,5&$OOLHG7HFKQRORJ\*URXS,QF
6FRWW/DZOHU&HUWGHO'HSDUWDPHQWRGHGHIHQVDGHORV((88
+DO3RPHUDQ]'HHU5XQ$VVRFLDWHV
&KULV%UHQWRQ'DUWPRXWK,QVWLWXWHIRU6HFXULW\6WXGLHV
%UXFH6FKQHLHU&RXQWHUSDQH,QWHUQHW6HFXULW\,QF
1LFN)LW]*HUDOG&RPSXWHU9LUXV&RQVXOWLQJ/WG
6KDZQ+HUQDQ&(57&RRUGLQDWLRQ&HQWHU
.DWK\)LWKHQ&(57&RRUGLQDWLRQ&HQWHU
'HUHN6LPPHO&DUQHJLH0HOORQ8QLYHUVLW\
-HVSHU-RKDQVVRQ%RVWRQ8QLYHUVLW\
'DYH0DQQ%LQG9LHZ
5RE&O\GH$[HQW
'DYLG1RODQ$UFK3DJLQJ
0XGJH#VWDNH
Expertos en seguridad que colaboran en la detección y solución
de estas vulnerabilidades
•
•
5REHUW+DUULV
6FRWW&UDLJ.PDUW
