{"id":12,"date":"2007-01-16T08:41:56","date_gmt":"2007-01-16T11:41:56","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=12"},"modified":"2007-01-16T08:41:56","modified_gmt":"2007-01-16T11:41:56","slug":"los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/","title":{"rendered":"Los IDS como instrumento de lucha contra los exploits y el malware"},"content":{"rendered":"

Luchar contra el malware y las vulnerabilidades mediante la adici\u00c3\u00b3n de firmas al IDS.<\/p>\n

Parece pr\u00c3\u00a1cticamente inexcusable que a estas alturas cualquier red que se precie proteger cuente con mecanismos de detecci\u00c3\u00b3n de intrusos.<\/p>\n

De entre las m\u00c3\u00baltiples opciones que poseen los administradores, hay un sistema de detecci\u00c3\u00b3n bastante popular. Se trata de Snort<\/a>, un buen sistema de detecci\u00c3\u00b3n que adem\u00c3\u00a1s, es libre y gratu\u00c3\u00adto.<\/p>\n

Una de las grandes ventajas de Snort es que admite la carga de firmas espec\u00c3\u00adficas para determinadas vulnerabilidades, factor interesante a tener en cuenta a la hora de minimizar el riesgo que proviene de la existencia de exploits masivos que puden atacar nuestra infraestructura.<\/p>\n

As\u00c3\u00ad por ejemplo, a ra\u00c3\u00adz de la reciente publicaci\u00c3\u00b3n de MS06-042, sobre la que se habl\u00c3\u00b3 extensamente ayer en una-al-d\u00c3\u00ada<\/a>, han aparecido algunos exploits on the wild que pueden ser detenidos con ayuda de nuestro amigo Snort.<\/p>\n

Para ello, basta con a\u00c3\u00b1adir firmas que permitan identificar estos exploits. Desde la firma m\u00c3\u00a1s gen\u00c3\u00a9rica, del tipo alert tcp any any -> any $RPC_PORTS (msg:”US-CERT MS06-040 Indicator”; content:”| 90 90 EB 04 2B 38 03 78 |”; classtype:malicious-activity; sid:1000003; rev:1;), a firmas m\u00c3\u00a1s elaboradas<\/a>, que incluyen informaci\u00c3\u00b3n suficiente para identificar al vuelo los exploits conocidos para un determinado problema de seguridad.<\/p>\n

Para entender la secuencia PCRE que sirve habitualmente como firma para un IDS como Snort, basta con acudir a una referencia Regular Expression Basic Syntax Reference<\/a>, en la que se estandariza la sintaxis adecuada para codificar firmas adecuadamente. Estas PCRE son las llamadas Perl Compatible Regular Expressions<\/a>, orientadas a ofrecer patrones de coincidencia (matching) en expresiones regulares.<\/p>\n

Este tipo de firmas pueden ser consultadas y descargadas de servicios como Bleeding Edge Snort<\/a>. Otro ejemplo interesante de firma sirve para contrarrestar el reciente troyano que se comunica v\u00c3\u00ada t\u00c3\u00banel ICMP<\/a>, y sobre el que habl\u00c3\u00b3 Julio en nuestro blog del laboratorio<\/a>.<\/p>\n

Fuente: http:\/\/www.hispasec.com\/corporate\/noticias\/127<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Luchar contra el malware y las vulnerabilidades mediante la adici\u00c3\u00b3n de firmas al IDS. Parece pr\u00c3\u00a1cticamente inexcusable que a estas alturas cualquier red que se precie proteger cuente con mecanismos de detecci\u00c3\u00b3n de intrusos. De entre las m\u00c3\u00baltiples opciones que poseen los administradores, hay un sistema de detecci\u00c3\u00b3n bastante popular. Se trata de Snort, un […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-12","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - Los IDS como instrumento de lucha contra los exploits y el malware<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Los IDS como instrumento de lucha contra los exploits y el malware\",\"datePublished\":\"2007-01-16T11:41:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\"},\"wordCount\":345,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Los IDS como instrumento de lucha contra los exploits y el malware\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-01-16T11:41:56+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Los IDS como instrumento de lucha contra los exploits y el malware","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Los IDS como instrumento de lucha contra los exploits y el malware","datePublished":"2007-01-16T11:41:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/"},"wordCount":345,"commentCount":0,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Profesional"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/","url":"https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Los IDS como instrumento de lucha contra los exploits y el malware","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-01-16T11:41:56+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/los-ids-como-instrumento-de-lucha-contra-los-exploits-y-el-malware\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/12","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=12"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/12\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=12"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=12"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}