Seguridad Activa

Unidad
4FHVSJEBEBDUJWBFOFMTJTUFNB
En esta unidad aprenderemos a:

t*OTUBMBS QSPCBSZBDUVBMJ[BS
BQMJDBDJPOFTFTQFDGJDBTQBSBMB
EFUFDDJOZFMJNJOBDJOEFTPGUXBSF
NBMJDJPTP
t$MBTJGJDBSZEFUFDUBSMBTQSJODJQBMFT
JODJEFODJBTZBNFOB[BTMHJDBTEFVO
TVCTJTUFNBMHJDP
t"QMJDBSUDOJDBTEFNPOJUPSJ[BDJO
EFBDDFTPTZBDUJWJEBEJEFOUJGJDBOEP
TJUVBDJPOFTBONBMBT
t7BMPSBSMBTWFOUBKBTRVFTVQPOFMB
VUJMJ[BDJOEFTJTUFNBTCJPNUSJDPT
Y estudiaremos:
t-BTFHVSJEBEFOFMBSSBORVFZFO
QBSUJDJPOFT
t-BTBDUVBMJ[BDJPOFTZQBSDIFTEF
TFHVSJEBEFOFMTJTUFNBZFOMBT
BQMJDBDJPOFT
t-BBVUFOUJDBDJOEFVTVBSJPT
t-JTUBTEFDPOUSPMEFBDDFTP
t-BNPOJUPSJ[BDJOEFMTJTUFNB
t&MTPGUXBSFRVFWVMOFSBMBTFHVSJEBE
EFMTJTUFNB
8448171373_SI_05.indd 105
06/04/10 11:05
1. Introduccin a la seguridad del sistema

&M UUVMP EFM UFNB IBDF SFGFSFODJB B VO DPODFQUP RVF WJNPT FO MB QSJNFSB VOJEBE MB
TFHVSJEBEBDUJWB EFGJOJEPDPNPFMDPOKVOUPEFNFEJEBTRVFQSFWJFOFOPJOUFOUBOFWJUBS
MPTEBPTFOFMTJTUFNBJOGPSNUJDP
4FUSBUBEFFTUVEJBSRVNFDBOJTNPTEFQSPUFDDJOQPEFNPTVUJMJ[BSFOOVFTUSPFRVJQP
JOGPSNUJDPQBSBFWJUBSBDDFTPTJOEFTFBEPTEFJOUSVTPT QFSTPOBTPQSPHSBNBTJOGPSN
UJDPT

"QSFOEFSFNPTBNFKPSBSMBTFHVSJEBEFOFMBDDFTPBMPSEFOBEPSNFEJBOUFFMVTPEF
DPOUSBTFBTFOMB#*04ZFOFMHFTUPSEFBSSBORVF5BNCJOBQSFOEFSFNPTBJNQFEJS
MBDBSHBEFVOTJTUFNBPQFSBUJWPEFTEFEJTQPTJUJWPTFYUSBCMFT NFNPSJBFYUFSOB64#
$%%7%y BDPOGJHVSBSMBTDPOUSBTFBTFOMBTDVFOUBT BNFKPSBSMBTFHVSJEBEBOUF
MPTBUBRVFTEFGJOJFOEPQPMUJDBTEFDPOUSBTFBTZNFDBOJTNPTEFBVUFOUJDBDJO ZQPS
MUJNP BVEJUBSFNPTUPEBTMBTBDDJPOFTBOUFSJPSFT
2. Seguridad en el acceso al ordenador

1BSBFWJUBSDVBMRVJFSBDDFTPJOEFTFBEPBOVFTUSPFRVJQPEFCFNPTBTFHVSBSFMBSSBORVF
EFMNJTNPNFEJBOUFFMVTPEFDPOUSBTFBT
4J BOBMJ[BNPT FM QSPDFTP EF FODFOEJEP EFM PSEFOBEPS SFDPSEBSFNPT MB JNQPSUBODJB
RVFUJFOFMB#*04FOFMNJTNPFTMBFODBSHBEBEFMPDBMJ[BSZDBSHBSFMTJTUFNBPQFSB
UJWPPHFTUPSEFBSSBORVF
2.1. Cmo evitamos que personas ajenas modifiquen la BIOS?

&MVTPEFDPOUSBTFBTQBSBBDDFEFSBMB#*04FWJUBSRVFQFSTPOBMOPBVUPSJ[BEPSFBMJ
DFNPEJGJDBDJPOFTJOEFTFBEBTFOMBDPOGJHVSBDJOEFMBNJTNB BTDPNPDBNCJPTFOMB
TFDVFODJBEFBSSBORVF MPRVFQFSNJUJSBMBQVFTUBFONBSDIBEFMFRVJQPEFTEFNFEJPT
FYUSBCMFTZFMBDDFTPBMPTEBUPTBMNBDFOBEPTFOFMNJTNP WVMOFSBOEPMBDPOGJEFODJB
MJEBEEFFTUPT
Claves y consejos
%FCJEP B MPT OVNFSPTPT GBCSJ
DBOUFT EF #*04 RVF IBZ FO FM
NFSDBEP SFDPNFOEBNPTDPOTVM
UBSFMNBOVBMEFMBQMBDBCBTF
QBSBWFSMBTJOTUSVDDJPOFTFTQF
DGJDBT
Caso prctico 1
Definimos la clave de supervisor para proteger el acceso a la BIOS
$POFTUBQSDUJDBWBNPTBQSPUFHFSFMBDDFTPBMB#*04DPOUSBQFSTPOBTOP
BVUPSJ[BEBTZBTEJGJDVMUBSFMBDDFTPBMFRVJQPBEJDIPQFSTPOBM
1. "M FOUSBS B MB #*04
BDDFEFNPTBMBQBOUB
MMBQSJODJQBM 'JH

/PTEFTQMB[BNPTQPS
FM NFO IBTUB MB PQ
DJO Security RVF TF
NVFTUSB FO MB QBSUF
TVQFSJPSEFMBJNBHFO
'JH

Importante
1BSBFOUSBSFOMB#*04EFCFNPT
QVMTBSMBUFDMB SupPF2 BMJOJDJBS
FMPSEFOBEPS BVORVFFTUPSFBM
NFOUFEFQFOEFEFMB#*04EFM
FRVJQP&OFMMJCSPTFIBIFDIP
VTPEFMB#*04EF7.8BSF
Fig. 5.1. Men principal BIOS.
(Contina)
106
8448171373_SI_05.indd 106
06/04/10 11:05
Caso prctico 1
(Continuacin)
-B'JHVSBNVFTUSBMBTPQDJPOFTEFTFHVSJEBERVFQP
EFNPTDPOGJHVSBSZFMFTUBEPEFMBTNJTNBT
&MJOUSVTPQPESBSFJOJDJBSFMPSEFOBEPSDPOVO$%QSP
WJTUP EF TPGUXBSF NBMJOUFODJPOBEP RVF MF QFSNJUJSB
EFTDVCSJSBMPTVTVBSJPTZMBTDPOUSBTFBTEFMFRVJQP
$POMBJOGPSNBDJODPOTFHVJEB UFOESBBDDFTPBMPT
EBUPTDPOGJEFODJBMFTEFUPEPTMPTVTVBSJPTEFMTJTUFNB
B
Fig. 5.2. Men Seguridad.
$PNPQPEFNPTWFSFOEJDIBGJHVSB MBDPOUSBTFBEF
4VQFSWJTPSFTUWBDB(Clear); DPOFTUBPQDJOQFSNJUJ
NPTMBNPEJGJDBDJOEFMB#*04BDVBMRVJFSQFSTPOB
"T VOJOUSVTPQPESBBDDFEFSBMB#*04ZNPEJGJDBSMB
TFDVFODJBEFBSSBORVFEFMFRVJQP 1SJNFSPEFTEF$%
TFHVOEPEFTEF-"/ UFSDFSPEFTEF)%

$POFMGJOEFFWJUBSMPTQPTJCMFTJOUFOUPTEFNPEJGJDB
DJOEFMB#*04 EFGJOJNPTVOBOVFWBDPOUSBTFBQBSB
FM4VQFSWJTPS
2. 1VMTBNPTEnter FOMBPQDJOSet Supervisor Password

%FGJOJSDMBWFEFM4VQFSWJTPS

3. 4FBCSFVOOVFWPDVBESPEFEJMPHP 'JH
FOFM
RVFFTDSJCJNPTMBDPOUSBTFBQBSBFM4VQFSWJTPSZQPT
UFSJPSNFOUF MB WFSJGJDBNPT FTDSJCJOEPMB OVFWBNFOUF
FOFMDBNQPEFDPOGJSNBDJO
"
DPOUJOVBDJOOPTBWJTBSEFRVFMPTDBNCJPTTFIBO
SFBMJ[BEPDPOYJUP
$
PNPWFNPTFOMB'JHVSBMBDPOUSBTFBEF4VQFS
WJTPSGJHVSBDPNPBTJHOBEB(Set).
" QBSUJS EF FTUF NPNFOUP TJFNQSF RVF RVFSBNPT BD
DFEFS B MB #*04 OPT FYJHJS RVF FTDSJCBNPT MB DPO
USBTFBEF4VQFSWJTPS FODBTPDPOUSBSJPEFOFHBSFM
BDDFTP
Fig. 5.3. Introduccin de contrasea.
4. 0USB NFEJEB EF TFHVSJEBE BEJDJPOBM RVF QPEFNPT

DPOGJHVSBS FO MB #*04 FWJUBSRVFQFSTPOBMOPBVUPSJ
[BEPBDDFEBBMTJTUFNBJOUSPEVDJFOEPMBDMBWFEF4V
QFSWJTPS FO FM NPNFOUP EF BSSBODBS FM FRVJQP 1BSB
FMMPBDUJWBSFNPTMBPQDJOEFPassword on boot DPO
USBTFB FO FM BSSBORVF
&T EFDJS MB DPOUSBTFB RVF
EFGJOJNPT FO MB #*04 TFS TPMJDJUBEB BM VTVBSJP UBOUP
FOFMBDDFTPBMB#*04DPNPFOFMBDDFTPBMTJTUFNB
PQFSBUJWPPHFTUPSEFBSSBORVF
&
OSFTVNFO DPOFTUBTNFEJEBTIFNPTFWJUBEPRVFQFS
TPOBTOPBVUPSJ[BEBTQVFEBONPEJGJDBSMBDPOGJHVSB
DJOEFMB#*04QFSNJUJFOEP QPSFKFNQMP FMBSSBORVF
EFMTJTUFNBNFEJBOUFEJTQPTJUJWPTFYUSBCMFT ZBDDFEFS
BTBMPTEBUPTBMNBDFOBEPTFOFMFRVJQPWVMOFSBOEP
MBDPOGJEFODJBMJEBEEFFTUPT
Fig. 5.4. Contrasea Supervisor en arranque de la BIOS.
107
8448171373_SI_05.indd 107
06/04/10 11:05
Claves y consejos
4JTFUFPMWJEBMBDPOUSBTFBEF
MB#*04 UFOESTRVFBCSJSFM1$
ZRVJUBSEVSBOUFVOSBUPMBQJMB
EFMBQMBDBCBTF%FTQVTWPM
WFNPTBJOTUBMBSMBZZBUFOFNPT
SFTFUFBEBMB#*04DPOMBDPOGJ
HVSBDJOEFMGBCSJDBOUF
2.2. Cmo proteger el GRUB con contrasea?

1BSBFWJUBSRVFQFSTPOBTOPBVUPSJ[BEBTUFOHBOBDDFTPBMBFEJDJOEFMBTPQDJPOFTEF
BSSBORVFEFMPTEJTUJOUPTTJTUFNBTPQFSBUJWPTRVFDPOUSPMBFM(36# FTUBCMFDFSFNPTVOB
DPOUSBTFB
Caso prctico 2
Definicin de contraseas en el GRUB en modo texto
%VSBOUFFTUFQSPDFTP WBNPTBNPEJGJDBSFMGJDIFSPRVFBMNBDFOBMBDPOGJHVSBDJO
EFMHFTUPSEFBSSBORVF (36#
QPSMPRVFFTSFDPNFOEBCMFSFBMJ[BSVOBDPQJBEF
TFHVSJEBEEFMNJTNP QBSBQPEFSSFTUBVSBSMBFODBTPEFRVFTFQSPEVKFTFBMHO
FSSPSFOFMBSSBORVFDPNPDPOTFDVFODJBEFMBTNPEJGJDBDJPOFTSFBMJ[BEBT
Actividades
1. 6OUDOJDPEFTFHVSJEBE
JOGPSNUJDB JOFYQFSUP
UJFOFQSPUFHJEPFMBDDFTP
B MB #*04 NFEJBOUF MB
DPOUSBTFB EF 4VQFSWJ
TPS $VBOEP PUSPT VTVB
SJPT QSFUFOEFO FOUSBS FO
MB #*04 EF MPT PSEFOB
EPSFTMFTTPMJDJUBMBDMBWF
EFM 4VQFSWJTPS &TUF OP
RVJFSF DPNVOJDBS FTUB
DPOUSBTFB B MPT VTVB
SJPTEFMPTFRVJQPTFJEFB
VOBTPMVDJOQBSBTPMWFO
UBSFMQSPCMFNBEFGJOJSMB
DPOUSBTFBEFVTVBSJPFO
MB#*04*OEJDBMPTQBTPT
RVFEFCFSFBMJ[BS
1. 1
BSBFMMP BCSJNPTVOOVFWPUFSNJOBMZUFDMFBNPTMBTJOTUSVDDJPOFTRVFBQBSFDFO
FOMB'JHVSB&TUBTJOTUSVDDJPOFTSFBMJ[BOVOBDPQJBEFTFHVSJEBEEFMGJDIFSP
menu.lst ZMBFEJDJOEFMNJTNP
Fig. 5.5. Instruccin para editar menu.lst.
2. #VTDBNPTMBMOFB#password topsecret.
3. #PSSBNPTMBBMNPIBEJMMB FTEFDJSMFRVJUBNPTFMDPNFOUBSJPZDBNCJBNPTMB
DPOUSBTFBUPQTFDSFUQPSMBRVFOPTPUSPTRVFSBNPTFOOVFTUSPFKFNQMPIFNPT
FMFHJEPjQBUBUBx 'JH
4FHVBSEBOMPTDBNCJPTFOFMGJDIFSPmenu.lst Z
TFSFJOJDJBMBNRVJOBQBSBQSPCBSMBNPEJGJDBDJOSFBMJ[BEB
2. %FTBDUJWBMBPQDJOEFMB
#*04 FODBTPEFUFOFSMB
BDUJWBEB RVFTJSWFQBSB
FODFOEFS FM FRVJQP EF
GPSNBSFNPUBBUSBWTEF
MBSFE
Vocabulario
&M HFTUPS EF BSSBORVF GRUB
(Grand Unifier Bootloader)QFS
NJUFTFMFDDJPOBSFOUSFMPTEJTUJO
UPTTJTUFNBTPQFSBUJWPTRVFUFO
HBNPTJOTUBMBEPTFOFMFRVJQP
&TUF HFTUPS FT FM RVF IBCJUVBM
NFOUF JOTUBMBO QPS EFGFDUP MBT
OVFWBT EJTUSJCVDJPOFT EF TJTUF
NBT(/6-JOVY
Fig. 5.6. Modicacin del parmetro password en el archivo menu.lst.
1BSBGJOBMJ[BSSFJOJDJBNPTFMFRVJQPZDPNQSPCBNPT TJNVMBOEPTFSVOVTVBSJPRVF
OPDPOPDFMBDPOUSBTFB RVFOPQPESFNPTNPEJGJDBSMBTPQDJPOFTEFBSSBORVF
RVFOPTNVFTUSBFMHFTUPSEFBSSBORVF
108
8448171373_SI_05.indd 108
06/04/10 11:05
Caso prctico 3
Definicin de contraseas cifradas en el GRUB en modo texto
1. %FCFNPTBCSJSVOOVFWPUFSNJOBMZFTDSJCJSgrub.
2. "DPOUJOVBDJO DPNPQPEFNPTWFSFOMB'JHVSB FTDSJCJNPTFMTVCDPNBOEP
md5crypt RVFOPTQFSNJUJSFODSJQUBSMBDPOUSBTFBRVFRVFSBNPTQPOFS
3. &TDSJCJNPTMBDMBWFBDPEJGJDBSZFMQSPHSBNBOPTNVFTUSBFMQBTTXPSEDPEJGJ
DBEP
4. 1PSMUJNP QBSBTBMJSEFMHSVCEFCFNPTFTDSJCJSquit TBMJS

Claves y consejos
-BTDPOUSBTFBTQBSBBDDFEFSB
MPTTJTUFNBTPQFSBUJWPTHFTUJPOB
EPT QPS FM HFTUPS EF BSSBORVF
EFCFODJGSBSTF4JOPTEFTDVCSFO
MBDMBWFRVFQFSNJUFBDDFEFSB
MB FEJDJO EFM (36# WFSBO MB
DPOUSBTFBZQPSUBOUPBDDFEF
SBOBMTJTUFNB4JQPSFMDPOUSB
SJPMBDMBWFTFFODVFOUSBDJGSBEB
WFSBOVOBDBEFOBEFDBSBDUF
SFTTJOTFOUJEP
Fig. 5.7. Encriptacin de la contrasea.
5. 6OBWF[FODSJQUBEBMBDPOUSBTFB EFCFSFNPTDPQJBSMBFOFMGJDIFSPmenu.lst,
DPNPQPEFNPTWFSFOMB'JHVSB'KBUFRVFMBMOFBOPFTTJNJMBSBMBEFMB
QSDUJDBBOUFSJPS ZBRVFTFIBBBEJEPMBPQDJO--md5,RVFJOEJDBRVFMB
DPOUSBTFBFTUFODSJQUBEB
Sabas que?
1PEFNPT BCSJS VO OVFWP UFSNJ
OBM EF EJWFSTBT NBOFSBT QVM
TBOEPALTF2,RVFOPTBCSJS
VOB WFOUBOB FO MB RVF EFCF
NPTFTDSJCJSgnome-terminal
'JH
P CJFO IBDJFOEP DMJD
TPCSFAplicaciones, Accesorios
y Terminal.
Fig. 5.8. Contrasea de acceso a GRUB cifrada.

Fig. 5.9. Arranque Terminal.
109
8448171373_SI_05.indd 109
06/04/10 11:05
Caso prctico 4
Establecer contraseas al arranque de los sistemas operativos controlados por el
GRUB
$POFTUBQSDUJDBFWJUBSFNPTFMBDDFTPBMPTTJTUFNBTPQFSBUJWPTHFTUJPOBEPTQPS
FM(36#BQFSTPOBMOPBVUPSJ[BEP
1. &EJUBNPTFMGJDIFSPEFDPOGJHVSBDJOEFM(36# menu.lstZBMGJOBMEFMNJTNP
CVTDBNPTMBTMOFBTEPOEFTFEFGJOFFMUUVMPEFMTJTUFNBPQFSBUJWP UJUMF
ZBDPO
UJOVBDJOFTDSJCJSFNPTpassword --md5 ZMBDPOUSBTFB
Fig. 5.10. Contrasea de acceso al sistema Ubuntu cifrada.
Caso prctico 5
Establecer contrasea del gestor de arranque mediante la
aplicacin startupmanager en LINUX, distribucin Ubuntu
9.04, para evitar el acceso a los sistemas operativos ges-
tionados por el GRUB a personal no autorizado utilizando

una aplicacin visual
1. &O QSJNFS MVHBS EFCFNPT JOTUBMBS MB BQMJDBDJO FO

6CVOUVNFEJBOUFFMHFTUPSEFQBRVFUFT4ZOBQUJD DPNP
QPEFNPTWFSFOMBT'JHVSBTZ
Fig. 5.11. Gestor Synaptic.
Fig. 5.12. Instalacin startupmanager.
(Contina)
110
8448171373_SI_05.indd 110
06/04/10 11:05
Caso prctico 5
(Continuacin)
2. 6OBWF[JOTUBMBEP FKFDVUBNPTFMQSPHSBNBBDDFEJFOEP
BSistemaAdministracinAdministrador de Arranque 'JH

3. )BDFNPTDMJDTPCSFMBQFTUBBEFTFHVSJEBE BDUJWB
NPTMBPQDJOEFProteger con contrasea el cargador
de arranqueZFTDSJCJNPTMBDMBWFFMFHJEBDPNPQPEF
NPTWFSFOMB'JHVSB1BSBGJOBMJ[BSSFJOJDJBNPTMB
NRVJOBZDPNQSPCBNPTDNPBGFDUBFMDBNCJPBMB
DPOGJHVSBDJOEFMBSSBORVF
Fig. 5.13. Administrador de Arranque.
Fig. 5.14. Congurando contrasea en startupmanager.
Actividades
3. )B[FM$BTPQSDUJDPFKFDVUBOEPFMQSPHSBNBEJSFD
UBNFOUFFOFMUFSNJOBM
3FDVFSEBRVFEFCFSTUFOFSQSJWJMFHJPTEFBENJOJTUSB
EPSQBSBQPEFSSFBMJ[BSMP
4. $PNQSVFCBTJFMQSPHSBNBTUBSUVQNBOBHFSFTDSJCFMBT
DPOUSBTFBTFOFMBSDIJWPmenu.lstEFM(36#DJGSBEBT
PFOUFYUPDMBSP
111
8448171373_SI_05.indd 111
06/04/10 11:05
2.3. Cifrado de particiones

&O FTUF BQBSUBEP WBNPT B FTUVEJBS DNP QSPUFHFS MB DPOGJEFODJBMJEBE EF MPT EBUPT
BMNBDFOBEPTFOMPTEJTUJOUPTWPMNFOFTEFMFRVJQPNFEJBOUFFMDJGSBEPEFQBSUJDJPOFT
$VBMRVJFSTPGUXBSFEFFODSJQUBDJOEFEJTDPQSPUFHFMBJOGPSNBDJODPOUSBFMBDDFTPEF
QFSTPOBTOPBVUPSJ[BEBT
Caso prctico 6
Cifrar una particin en Windows
$PO FTUB QSDUJDB DPOTFHVJSFNPT QSPUFHFS VOB QBSUJDJO
EF8JOEPXT MBJOGPSNBDJOOPTFSBDDFTJCMFQBSBBRVF
MMBTQFSTPOBTRVFOPDPOP[DBOMBDMBWF
1BSBSFBMJ[BSFTUBBDUJWJEBEWBNPTBVUJMJ[BSVOQSPHSBNB
EF DEJHP BCJFSUP HSBUVJUP %JTL$SZQUPS (http://www.diskcryptor.de/en/downloads/).
1BSBJOTUBMBSFTUBBQMJDBDJOTMPOFDFTJUBNPT.#EF
FTQBDJPFOEJTDPEVSPZ.JDSPTPGU8JOEPXT
1. /PTEFTDBSHBNPT%JTL$SZQUPS MPEFTDPNQSJNJNPT
ZIBDFNPTEPCMFDMJDTPCSFFMBSDIJWPEDSZQURVFTF
FODVFOUSBFOMBDBSQFUBJ 'JH
BDPOUJOVBDJO
SFTQPOEFNPTBGJSNBUJWBNFOUFBMBQSFHVOUBTPCSFMB
JOTUBMBDJOEFMDPOUSPMBEPS%JTL$SZQUPS
Fig. 5.15. Instalacin del controlador DiskCryptor.
2. 6OBWF[JOTUBMBEPFKFDVUBNPTMBBQMJDBDJOEDSZQU
Fig. 5.16. Programa DiskCryptor.

(Contina)
112
8448171373_SI_05.indd 112
06/04/10 11:06
Caso prctico 6
(Continuacin)
$PNPIFNPTWJTUPFOMB'JHVSBMBBQMJDBDJOWJTVBMJ[B
MBT VOJEBEFT EF EJTDP RVF QVFEFT FODSJQUBS &O OVFTUSP
DBTP MPRVFRVFSFNPTFODSJQUBSFTMB% VOJEBEEFEJDBEB
BEBUPT
3. -BTFMFDDJPOBNPTZIBDFNPTDMJDTPCSFFMCPUO&ODSZQU
DJGSBS
1PTUFSJPSNFOUFEFCFSFNPTTFMFDDJPOBSFOUSFMPT
EJTUJOUPTBMHPSJUNPTEFFODSJQUBDJO "&4 5XPGJTI 4FS
QFOU "&45XPGJTI 4FSQFOU"&4 "&45XPGJTI4FSQFOUy

ZIBDFSDMJDFOFMCPUONext TJHVJFOUF

Fig. 5.17. Seleccin del algoritmo de encriptacin.
4. &OMBTJHVJFOUFQBOUBMMB EFCFSFNPTFTDSJCJSMBDPOUSB
TFBEFFODSJQUBDJO"EFNT FOFTUFQBTPMBBQMJ
DBDJO OPT JOGPSNB EF MB WVMOFSBCJMJEBE EF OVFTUSB
DPOUSBTFBTFHOVOHSGJDP-BDPOUSBTFBRVFIFNPT
FTDSJUPFT/BCDC!ZFTDPOTJEFSBEBEFEJGJ
DVMUBE.FEJB1VMTBNPTOKZEFTQVTEFVOPTNJOVUPT
UFOESFNPTDJGSBEBMBVOJEBEZGVFSBEFMBMDBODFEFQFS
TPOBTRVFOPDPOP[DBOMBDMBWFEFDJGSBEP
Fig. 5.18. Conguracin de la contrasea.
113
8448171373_SI_05.indd 113
06/04/10 11:06
Caso prctico 7
Cifrar una particin en Linux
7BNPT B BQSFOEFS B FODSJQUBS VOB VOJEBE 64# FO -JOVY
DPOFMQSPHSBNB5SVF$SZQU BQMJDBDJOHSBUVJUBRVFOPTQP
EFNPTEFTDBSHBSEFMBQHJOB http://www.truecrypt.org.
$PO FMMP DPOTFHVJNPT RVF BRVFMMBT QFSTPOBT RVF OP DP
OP[DBOMBDMBWFOPQVFEBOBDDFEFSBMBJOGPSNBDJOBMNB
DFOBEBFOMBVOJEBE64#
1. 1BSBJOTUBMBS5SVF$SZQU EFCFNPTEFTDBSHBSOPTMBWFS
TJOQBSBMBEJTUSJCVDJOEF(/6-JOVYEFMQSPHSBNB
FOOVFTUSPDBTP6CVOUV
EFEJDIBQHJOB EFTDPNQSJ
NJSMPZFKFDVUBSFMQSPHSBNBEFJOTUBMBDJO
2. 5SBTJOTUBMBSMP FKFDVUBNPTMBBQMJDBDJOZWFSFNPTVOB
WFOUBOBTJNJMBSBMB'JHVSB
Fig. 5.19. Ventana principal TrueCrypt.
&OMB'JHVSBWFNPTVOBMJTUBEFUPEBTMBTVOJEBEFTEF
5SVF$SZQU$PNPBDBCBNPTEFJOTUBMBSMP OPUJFOFOJOHVOB
EFFMMBTBTJHOBEB
3. 1BSBDJGSBSMBVOJEBEEF64# EFCFNPTIBDFSDMJDFOFM
CPUOCreate Volume DSFBSVOJEBE
"DPOUJOVBDJO TF
BCSJSVOBWFOUBOB FOMBRVFTFNVFTUSBOEPTPQDJPOFT
tCreate an encrypted file container DSFBSVOBDBSQFUB
DJGSBEB

tCreate a volumen within a partition/drive DSFBSVOB
VOJEBEQBSBVOBQBSUJDJOPEJTQPTJUJWP

-BQSJNFSBEFFMMBTFTMBRVFFMQSPHSBNBSFDPNJFOEB
QBSBFMQFSTPOBMJOFYQFSUP&OFTUFDBTPOPFTOFDFTB
SJPGPSNBUFBSMBVOJEBE TPMPDSFBVOBDBSQFUBEPOEF
TVDPOUFOJEPTFSDJGSBEP
4. -BTFHVOEBPQDJOTFSMBRVFTFMFDDJPOBSFNPTQBSB
BMDBO[BSOVFTUSPPCKFUJWP-BBQMJDBDJOOPTBEWJFSUF
RVFBMSFBMJ[BSFTUBFMFDDJOTFGPSNBUFBSMBVOJEBEZ
DJGSBSMBQBSUJDJO"DPOUJOVBDJO EFCFSFNPTWFSVOB
OVFWBQBOUBMMBTJNJMBSBMB'JHVSB
Fig. 5.20. Seleccin de tipo de unidad.
(Contina)
114
8448171373_SI_05.indd 114
06/04/10 11:06
Caso prctico 7
(Continuacin)
5. 4FMFDDJPOBNPTMBQSJNFSBPQDJOStandard TrueCrypt
volumen DSFBSVOBVOJEBE5SVF$SZQSUOPSNBM
ZIBDF
NPTDMJDTPCSFFMCPUONext.
6. &OMBTJHVJFOUFQBOUBMMB 'JH
EFCFNPTTFMFDDJP
OBSMBVOJEBEBGPSNBUFBS)BDFNPTDMJDFOFMCPUO
Select Device TFMFDDJPOBSEJTQPTJUJWP

Fig. 5.21. Seleccin de dispositivo.
7. "QBSFDFVOBQBOUBMMB 'JH
DPOUPEPTMPTEJTQP
TJUJWPT EF BMNBDFOBNJFOUP RVF UFOFNPT DPOFDUBEPT
BMPSEFOBEPS4FMFDDJPOBNPTFMEJTQPTJUJWP64#SFDP
OPDJEPFOOVFTUSPDBTPDPNPEFWTECEF.#
%FQFOEJFOEPEFMBEJTUSJCVDJOEF-JOVYZEFMPTEJT
UJOUPTEJTQPTJUJWPTDPOFDUBEPTFOFMFRVJQPQVFEFTFS
SFDPOPDJEBDPOPUSPOPNCSF
Fig. 5.22. Seleccin de particin.
8. 1PTUFSJPSNFOUF DPNPQPEFNPTWFSFOMBJNBHFO 'JH

EFCFNPT TFMFDDJPOBS FM BMHPSJUNP EF FODSJQ
UBDJO -BT PQDJPOFT TPO OVNFSPTBT "&4 #MPXGJTI
4FSQFOU 5XPGJTI "&45XPGJTI4FSQFOUy &O OVFTUSP
FKFNQMPIFNPTTFMFDDJPOBEPFMBMHPSJUNP"&45XPGJTI
4FSQFOUZ3*1&.%QBSBHFOFSBSMBDMBWF"DPOUJ
OVBDJOIBDFNPTDMJDTPCSFFMCPUONext.
Fig. 5.23. Eleccin del algoritmo de cifrado.
9. "QBSFDFVOBOVFWBQBOUBMMB 'JH
FOMBRVFJOUSP
EVDJSFNPTMBDPOUSBTFB&OFTUFQVOUP MBBQMJDBDJO
OPTBEWJFSUFEFMBJNQPSUBODJBEFFMFHJSVOBCVFOBDPO
USBTFBRVFOPTFBOQBMBCSBTRVFQPEBNPTFODPOUSBS
FOEJDDJPOBSJPTPDPNCJOBDJPOFTEFWBSJBT-BDMBWFOP
EFCFUFOFSJOGPSNBDJOQFSTPOBMDPNPOPNCSFPGFDIB
EF OBDJNJFOUP 6OB CVFOB DPOUSBTFB EFCF TFS VOB
DPNCJOBDJOEFMFUSBTNBZTDVMBT NJOTDVMBT ONFSPT

Z DBSBDUFSFT FTQFDJBMFT ! y 3FDPNJFOEB RVF FM
UBNBPEFMBNJTNBTFBEFNTEFDBSBDUFSFT
VBOUPNBZPSTFBFMONFSP NFOPTWVMOFSBCMFTFSMB
$
DPOUSBTFB
5SVF$SZQUBENJUFDPOUSBTFBTEFIBTUBDBSBDUFSFT
(Contina)
115
8448171373_SI_05.indd 115
06/04/10 11:06
Caso prctico 7
(Continuacin)
10. 4JBDUJWBNPTMBPQDJODisplay password WJTVBMJ[BSDMBWF

QPEFNPTWFSMPTDBSBDUFSFTEFMBDPOUSBTFB
&TDSJCJNPTMBDMBWFZIBDFNPTDMJDFOFMCPUONext.
Fig. 5.24. Denicin de contrasea.
11. "DPOUJOVBDJO EFCFNPTFMFHJSFMUJQPEFTJTUFNBEF

GJDIFSPT RVF VUJMJ[BSFNPT FO OVFTUSP 64# %FCFNPT
UFOFSFODVFOUBEOEFWBNPTBVUJMJ[BSFMEJTQPTJUJWPTJ
TPMPMPGVTFNPTBVUJMJ[BSFO-JOVY MPGPSNBUFBSBNPT
FO&95 QFSPTJBEFNTRVJTJTFNPTVUJMJ[BSMPFO8JO
EPXT EFCFSBNPTGPSNBUFBSMPFO'"5
$PNPOPTPUSPTMPWBNPTBVUJMJ[BSJOEJTUJOUBNFOUFFO
-JOVYZFO8JOEPXT MPGPSNBUFBNPTDPOFMTJTUFNBEF
BSDIJWPT'"5
"OUFTEFGPSNBUFBSMBBQMJDBDJOOPTSFDPNJFOEBORVF
IBHBNPTNPWJNJFOUPTDPOFMSBUO&TUPTDBMDVMBSOMPT
WBMPSFTBMFBUPSJPTRVFTFVUJMJ[BSOQBSBDSFBSMBDMBWF
EF DJGSBEP 4J FTUT TFHVSP EF RVF OP UJFOFT OJOHO
EBUPJNQPSUBOUFRVFQVEJFTFTQFSEFSFOFM64#QVFEFT
TFHVJSDPOFMQSPDFTPEBOEPGPSNBUPBMEJTQPTJUJWP
&MQSPDFTPIBGJOBMJ[BEP MBVOJEBEZBFTUQSFQBSBEB
QBSBRVFUPEPTMPTEBUPTRVFJOUSPEV[DBNPTFOFMMB
TFBODJGSBEPTBVUPNUJDBNFOUF FTEFDJSRVFUSBCBKFEF
GPSNBUSBOTQBSFOUFQBSBFMVTVBSJP
12. "OUFT EF VUJMJ[BS MB VOJEBE 64# EFCFNPT NPOUBSMB
DPOMBBQMJDBDJO5SVF$SZQU QBSBFMMPEFCFNPTWPMWFS
BMBQBOUBMMBJOJDJBMEFEJDIBBQMJDBDJO 'JH
Z
IBDFSDMJDTPCSFSelect Device TFMFDDJPOBSEJTQPTJUJWP

4FBCSJSVOBWFOUBOBTJNJMBSBMBEFMB'JHVSB
EPOEFFMFHJSFNPTMBVOJEBERVFIFNPTDJGSBEP"DPO
UJOVBDJO MB BQMJDBDJO TPMJDJUBS MB DPOUSBTFB 6OB
WF[RVFJOUSPEVDJNPTMBDPOUSBTFB MBVOJEBETFNPOUB
DPNP truecrypt1 'JH

Fig. 5.25. Unidad montada.
116
8448171373_SI_05.indd 116
06/04/10 11:06
2.4. Cuotas de disco

-B NBZPSB EF MPT TJTUFNBT PQFSBUJWPT QPTFFO NFDBOJTNPT QBSB JNQFEJS RVF DJFSUPT
VTVBSJPTIBHBOVOVTPJOEFCJEPEFMBDBQBDJEBEEFMEJTDP ZBTFWJUBSMBSBMFOUJ[BDJO
EFMFRVJQPQPSTBUVSBDJOEFMTJTUFNBEFGJDIFSPTZFMQFSKVJDJPBMSFTUPEFMPTVTVBSJPT
BMMJNJUBSMFTFMFTQBDJPFOFMEJTDP
-BTDVPUBTEFEJTDPTFQVFEFODPOGJHVSBSFOGVODJOEFWBSJPTDSJUFSJPT TFHOVTVBSJPT
HSVQPTPQPSWPMNFOFT
Vocabulario
Herramientas CAD.4POBQMJDB
DJPOFT EF %JTFP "TJTUJEP QPS
0SEFOBEPS
7FBNPTFTUPMUJNPDPOFKFNQMPT
t 4VQPOHBNPTVOBGBNJMJBEFUSFTNJFNCSPT .BDBSFOB 'FSOBOEPZ(VTUBWP1PESB
NPTFTUBCMFDFSVOBDVPUBEFEJTDPQBSB(VTUBWPEF(# QBSB.BDBSFOBEF(#Z
QBSB'FSOBOEPRVFTVFMFNBOFKBSQMBOPTRVFPDVQBONVDIPFTQBDJP MFQFSNJUJNPT
VOBDVPUBEF(#&TEFDJS DBEBVTVBSJPQVFEFUFOFSVOBDVPUBEJTUJOUBFOGVO
DJOEFTVTOFDFTJEBEFTOPUJFOFOQPSRVUFOFSUPEPTMBNJTNB
t 4VQPOHBNPTMBFNQSFTBEFDPOTUSVDDJO4J$PN FOMBRVFMPTVTVBSJPTTFFODVFO
USBO DMBTJGJDBEPT QPS HSVQPT $POUBCJMJEBE "SRVJUFDUPT Z %JSFDDJO 3FQBSUJSFNPT
FMTJTUFNBEFGJDIFSPTFOUSFMPTEJWFSTPTHSVQPTFOGVODJOEFMBTOFDFTJEBEFTEF
MPTNJTNPT&MHSVQPEF$POUBCJMJEBETVFMFUSBCBKBSDPOBSDIJWPT&YDFMZ8PSE EF
QFRVFPUBNBP BMJHVBMRVFFMHSVQPEFEJSFDDJO
4JOFNCBSHP FMHSVQPEF"SRVJUFDUPTOFDFTJUBONVDIPFTQBDJP ZBRVFTVFMFOUSB

CBKBSDPOIFSSBNJFOUBT$"%&OGVODJOEFMBTOFDFTJEBEFTBOUFSJPSFTZFMONFSP
EFVTVBSJPTBETDSJUPTBFTPTHSVQPTTFEFGJOFOMBTDVPUBT (#QBSBFMHSVQPEF
DPOUBCJMJEBE (#QBSBFMHSVQPEFEJSFDDJOZ5#QBSBFMHSVQPEFBSRVJUFDUPT
t 4VQPOHBNPTRVFFOVO1$IBZEPTQBSUJDJPOFT VOBEFMBTQBSUJDJPOFTQPESBUFOFS
DVPUBT EF VTVBSJP NVZ SFTUSJDUJWBT Z FO MB PUSB QBSUJDJO UFOFS PUSBT DVPUBT NFOPT
MJNJUBEBTPJODMVTPOJTJRVJFSBUFOFSMBT
Importante
-BTDVPUBTEFEJTDPFO8JOEPXT
TPMP TF QVFEFO VUJMJ[BS TPCSF
WPMNFOFTDPOTJTUFNBTEFGJDIF
SPT/5'4
Claves y consejos
$VJEBEPDPOTFSFYDFTJWBNFOUF
SFTUSJDUJWPDPOMBDVPUB
1PESBNPTJNQFEJSJODMVTPFMJOJ
DJPEFTFTJOEFVOVTVBSJP QPS
OPUFOFSTVGJDJFOUFFTQBDJPQBSB
DSFBSTVDBSQFUBFODocuments
and Settings.
Activacin y uso de cuotas de disco en Windows

1BSBBDUJWBSMBTDVPUBTEFEJTDPFOVOBQBSUJDJOFO8JOEPXT
EFCFNPTTFHVJSMPTTJHVJFOUFTQBTPT
%FCFNPT IBDFS DMJD FO FM CPUO EFSFDIP TPCSF MB QBSUJDJO
EPOEFRVFSFNPTFTUBCMFDFSMBTDVPUBTZFMFHJSMBPQDJOPropiedades.
)BCJMJUBNPTMBBENJOJTUSBDJOEFMBDVPUBTFMFDDJPOBOEPMBDB
TJMMB 'JH

4JTPMPRVFSFNPTIBDFSVOTFHVJNJFOUPEFMVTPEFMTJTUFNBEFGJ
DIFSPTQPSQBSUFEFMPTVTVBSJPTZHSVQPTOPTFMFDDJPOBSFNPTMB
TJHVJFOUFPQDJORVFNVFTUSBMB'JHVSB Denegar espacio
de disco a usuarios que excedan el lmite de cuota
Fig. 5.26. Cuotas.

117
8448171373_SI_05.indd 117
06/04/10 11:06
Claves y consejos
1BSBFKFDVUBSFMWJTPSEFTVDF
TPTQPEFNPTFTDSJCJSeventvwr.
mscFOMBDPOTPMBPFOFMNFO
FKFDVUBSEFInicio,PJSBPanel
de Control Herramientas
Administrativas Visor de
Sucesos.
4JQPSFMDPOUSBSJPRVFSFNPTMJNJUBSFMFTQBDJPEFMTJTUFNBEFGJDIFSPTBMPTVTVBSJPT
EFCFNPTEFGJOJSMBDBQBDJEBEEFEJTDPEFMBRVFWBOBEJTQPOFSDBEBVOPEFFMMPT
BTDPNPEFMOJWFMEFBEWFSUFODJBZBDUJWBSMBPQDJOEFDenegar espacio de disco a
usuarios que excedan el lmite de cuota
Actividades
5. 1JFOTB EF RV GPSNB VO
BENJOJTUSBEPS EF VO TFS
WJEPS EF DPSSFP FMFDUS
OJDPQPESBBTJHOBS
.#EFFTQBDJPFOEJTDPB
VTVBSJPTEFQBHPZ.#
BMSFTUPEFVTVBSJPTSFHJT
USBEPT
6. $SFB VO VTVBSJP Z BTH
OBMFVOBDVPUBEFUBOTPMP
.# {1VFEFT BSSBODBS
VOBOVFWBTFTJODPOFTUF
VTVBSJP +VTUJGJDB MB SFT
QVFTUB
Fig. 5.27. Limitacin de espacios.
4JTFNBSDBOMBTEPTPQDJPOFTRVFBQBSFDFOBMGJOBMEFMB'JHVSB FMTJTUFNBPQF
SBUJWPSFHJTUSBSBMPTFWFOUPT IBCFSTVQFSBEPFMOJWFMEFBEWFSUFODJBPIBCFSTVQFSBEP
FMMNJUFEFDVPUB FOFMWJTPSEFTVDFTPT
&MVTVBSJPQVFEFWFSNFEJBOUFFMWJTPSEFTVDFTPTEJDIBJOGPSNBDJO 'JHTZ

Fig. 5.28. Visor de sucesos.

Fig. 5.29. Propiedades de suceso.
118
8448171373_SI_05.indd 118
06/04/10 11:06
Cuotas de usuario en UBUNTU

1BSBHFTUJPOBSMBTDVPUBTEFEJTDPTFO-JOVYWBNPTBVUJMJ[BSMBIFSSBNJFOUBEFDPOGJ
HVSBDJOEFMTJTUFNBDPOPDJEBDPNP8FCNJO&TUBIFSSBNJFOUBOPWJFOFJOTUBMBEBQPS
EFGFDUPDPOFMTJTUFNBPQFSBUJWP BTRVFUFOESFNPTRVFJOTUBMBSMBVUJMJ[BOEPFMHFTUPS
EFQBRVFUFT4ZOBQUJDPVUJMJ[BOEPFMDPNBOEPapt-get.
&OFTUFDBTP WBNPTBSFBMJ[BSMPVUJMJ[BOEPMBPSEFOapt-get.%FCFNPTTFHVJSMPTQB
TPTRVFTFEFUBMMBOBDPOUJOVBDJO
1BSBRVFFMDPNBOEPapt-getGVODJPOFFJOTUBMFDPSSFDUBNFOUFFTUBIFSSBNJFOUB EFCF
NPTBBEJSFMSFQPTJUPSJPIUUQEPXOMPBEXFCNJODPNEPXOMPBESFQPTJUPSZTBSHFDPO
USJCBMGJOBMEFMGJDIFSPsources.list NFEJBOUFMBPSEFOgedit, DPNPWFNPTFOMB
'JHVSB
Importante
&ODBTPEFOPUFOFSJOTUBMBEPFM
QBRVFUF RVPUB QFSNJUF EFGJOJS
MBTDVPUBTEFEJTDPFO-JOVY
VTB
SFNPTMBPSEFOapt-get install quota.
Fig. 5.30. Comandos.
"DPOUJOVBDJO EFCFNPTFKFDVUBSMPTTJHVJFOUFTUSFTDPNBOEPTRVFBQBSFDFOFOMB'J
HVSBQBSBBBEJSMBDMBWFQCMJDB QBSFKBEFMBQSJWBEB DPOMBRVFTFIBGJSNBEP
FMSFQPTJUPSJP
1PSMUJNP BDUVBMJ[BNPTFJOTUBMBNPTMBIFSSBNJFOUBXFCNJO NFEJBOUFMBFKFDVDJOEF
MPTTJHVJFOUFTDPNBOEPT 'JHTZ

Fig. 5.31. Orden apt-get update.
Fig. 5.32. Instalacin webmin.

119
8448171373_SI_05.indd 119
16/04/10 11:47
1BSB FKFDVUBS MB BQMJDBDJO UFOESFNPT RVF BCSJS VO OBWFHBEPS XFC FO OVFTUSP DBTP
'JSFGPY F JS B MB TJHVJFOUF EJSFDDJO IUUQTMPDBMIPTU &T NVZ QSPCBCMF RVF BM
BDDFEFSBEJDIBEJSFDDJOFMTJTUFNBOPTEFWVFMWBVOFSSPSDPNPFMRVFTFNVFTUSBFO
MB'JHVSB
Fig. 5.33. Error del certicado.
1BSBTPMVDJPOBSEJDIPFSSPSEFCFNPTDSFBSVOBFYDFQDJO
"DPOUJOVBDJOBQBSFDFSVOBQHJOBDPNPMBRVFTFNVFTUSBFOMB'JHVSB
Fig. 5.34. Formulario de conexin a la aplicacin Webmin.
Claves y consejos
*OUSPEVDJNPTDPNPVTVBSJPBMBENJOJTUSBEPSSPPUZMBDPOUSBTFBEFMNJTNP"DPOUJOVB
DJOWFSFNPTVOBOVFWBWFOUBOBDPNPMBRVFTFNVFTUSBFOMB'JHVSB
4JOPUJFOFTVOBQBSUJDJOJOEF
QFOEJFOUFQBSB /home,QVFEFT
DSFBSVOBOVFWBQBSUJDJOZSFB
MJ[BSFMDBTPQSDUJDPTPCSFFTB
QBSUJDJO
Fig. 5.35. Pantalla inicial webmin.
$PNPQPEFNPTWFS FTUFQSPHSBNBFTVOBBQMJDBDJOXFCRVFTFQVFEFVUJMJ[BSQBSB
DPOGJHVSBSNVMUJUVEEFPQDJPOFTEFMTJTUFNB
120
8448171373_SI_05.indd 120
06/04/10 11:06
$PNPWFNPTFOMB'JHVSB MBQHJOBEFFOUSBEBUJFOFVONBSDPBMBJ[RVJFSEBDPO
VONFO&TDPHFNPTMBPQDJOSystem TJTUFNB
ZEFOUSPEFFTUBMBPQDJO Disk and
Network Filesystems %JTDPZ4JTUFNBTEFBSDIJWPTFOSFE
6OBWF[SFBMJ[BEBMBTFMFD
DJO FMNBSDPEFMBEFSFDIBTFBDUVBMJ[BWJTVBMJ[BOEPUPEPTMPTTJTUFNBTEFBSDIJWPTEF
OVFTUSPFRVJQP 'JH

Fig. 5.36. Disk and Network Filesystems.
%FUPEPTFMMPTOPTWBNPTBDFOUSBSFOFMEJSFDUPSJPhome,RVFFTUNPOUBEPFOVOB
QBSUJDJOJOEFQFOEJFOUFZFTMBJEOFBQBSBBDUJWBSMBTDVPUBTEFVTVBSJP QPSTFSFO
FMMBEPOEFTFHVBSEBSOUPEPTMPTBSDIJWPTEFMPTNJTNPT&OFMNBSDPEFMBEFSFDIB
EFMBQHJOB TFMFDDJPOBNPTDPOFMSBUOMBPQDJOhome, RVFOPTMMFWBSBVOBOVFWB
QBOUBMMB 'JH

Fig. 5.37. Edit Mount.
&OFTUBOVFWBQHJOB UFOESFNPTRVFQPOFSMBPQDJOUse Quotas? {VTBSDVPUBT

DPO
FMWBMPSUser only TMPVTVBSJP
QVFTWBNPTBBQMJDBSMBTDVPUBTEFEJTDPQPSVTVBSJP
ZOPQPSHSVQPT
&MTJHVJFOUFQBTPDPOTJTUJSFOFTUBCMFDFSMBTDVPUBTRVFRVFSBNPTBDBEBVOPEFMPT
VTVBSJPTEFMTJTUFNB1BSBFMMPFMFHJSFNPTFOFMNBSDPEFMBEFSFDIBMBPQDJOSystem
4JTUFNB
Z FO FMMB MB PQDJO disk quotas DVPUBT EF EJTDP
DPNP QPEFNPT WFS FO MB
'JHVSB
121
8448171373_SI_05.indd 121
06/04/10 11:06
Fig. 5.38. Cuotas de disco.
&OFTUBOVFWBQBOUBMMBBQBSFDFOMPTTJTUFNBTEFGJDIFSPTQBSBMPTRVFTFIBZBOFTUBCMF
DJEPDVPUBTEFEJTDP RVFDPNPTFWF TPMPTFIBSFBMJ[BEPFOMBQBSUJDJO/home.4J
NBSDBNPTDPOFMSBUOMBPQDJO/home,JSFNPTBVOBOVFWBQBOUBMMBRVFDPOUJFOFVOB
MOFBQPSDBEBVTVBSJPEFMTJTUFNB 'JH

Fig. 5.39. Cuotas de los usuarios.
1PSMUJNP TMPOPTRVFEBTFMFDDJPOBSMPTVTVBSJPTBMPTRVFRVFSFNPTBTJHOBSMFTDVPUBT
EFEJTDPZFTUBCMFDFSMBTNJTNBT1BSBFMMPTFTFMFDDJPOBSFMVTVBSJPFMFHJEP BQBSF
DJFOEPVOBOVFWBQBOUBMMBDPNPMBRVFTFNVFTUSBFOMB'JHVSB
Fig. 5.40. Asignacin de cuota a usuario.
6OBWF[EFGJOJEBTMBTDVPUBT IBDFNPTDMJDTPCSFFMCPUOUpdate BDUVBMJ[BS

4JRVJTJ
TFNPTQPOFSDVPUBTBPUSPVTVBSJP SFQFUJSBNPTFMQSPDFTPBOUFSJPS
122
8448171373_SI_05.indd 122
06/04/10 11:06
3. Autenticacin de los usuarios

4FHOMB3FBM"DBEFNJB&TQBPMB autenticarTFEFGJOFDPNPjEBSTFHVSJEBEEFRVF
BMHVJFOPBMHPFTMPRVFSFQSFTFOUBPQBSFDFx
-PTNUPEPTEFBVUFOUJDBDJO FOOVFTUSPDBTP TPOMPTNFDBOJTNPTRVFVOBNRVJOB
UJFOFQBSBDPNQSPCBSRVFFMVTVBSJPRVFJOUFOUBBDDFEFSFTRVJFOEJDFTFS
&TUPTNUPEPTTFQVFEFODMBTJGJDBSFOUSFTHSVQPT FOGVODJOEFMPTNFEJPTRVFTFWB
ZBOBVUJMJ[BSQBSBJEFOUJGJDBSTF
t Algo que el usuario sabe Z RVF FM SFTUP EF MBT QFSTPOBT EFTDPOPDFO FT MP NT
VUJMJ[BEP -P VTBNPT QBSB BDDFEFS B OVFTUSB DVFOUB EF DPSSFP FMFDUSOJDP QBSB
DPOFDUBSOPTB5VFOUJy VUJMJ[BNPTVOOPNCSFEFVTVBSJPZVOBDPOUSBTFBRVFTPMP
DPOPDFNPTOPTPUSPT

t Algo que el usuario posee,QPSFKFNQMP VOBUBSKFUBEFJEFOUJEBE
t Alguna caracterstica propia del usuario, SBTHPT GTJDPT P DPNQPSUBNJFOUPT &KFN
QMPTMBIVFMMBEBDUJMBS DBSBDUFSTUJDBVUJMJ[BEBFOFM%/*QBSBJEFOUJGJDBSOPTMBSFUJ
OB MBNBOFSBEFUFDMFBSy"FTUFUJQPEFNFEJEBTTFMFDPOPDFDPNPNFDBOJTNPT
CJPNUSJDPT
)BZTJTUFNBTEFBVUFOUJDBDJORVFDPNCJOBOEJTUJOUPTNUPEPTQBSBBMDBO[BSVONBZPS
HSBEPEFTFHVSJEBEQFOTFNPTDVBOEPWBNPTBTBDBSEJOFSPEFVODBKFSPBVUPNUJDP
RVFQSJNFSPEFCFNPTJOTFSUBSOVFTUSBUBSKFUBEFDSEJUP BMHPRVFQPTFP
ZMVFHPTPMJDJUB
FMONFSPEFJEFOUJGJDBDJO 1*/ BMHPRVFDPOP[DP

Actividades
7. %FGJOF VOB QPMUJDB EF
DPOUSBTFBTQBSBMBSFE
EFMBVMB%JDIBQPMUJDB
EFCFSJODMVJSMPTTJHVJFO
UFTBQBSUBEPT
t 0CKFUJWPEFMEPDVNFOUP
t NCJUPEFMBBQMJDBDJO
BRVVTVBSJPTJOGMVZF

t 'PSNBUPEFMBTDPOUSBTF
BT
t -POHJUVEEFMBTDPOUSBTF
BT
t 5JFNQPEFWJEBEFMB
DPOUSBTFB
t 'PS[BSFMIJTUPSJBMEF
DPOUSBTFBT
t *OEJDBUSBTDVOUPTJO
UFOUPTTFCMPRVFBSMB
DVFOUB
3.1. Polticas de contraseas

&OMBNBZPSBEFMPTFRVJQPTJOGPSNUJDPT MBBVUFOUJDBDJOEFMPTVTVBSJPTTFSFBMJ[B
JOUSPEVDJFOEPVOOPNCSFZVOBDPOUSBTFB$BEBVTVBSJPUJFOFBTJHOBEPVOJEFOUJGJDB
EPSZVOBDMBWF RVFQFSNJUJSODPNQSPCBSMBJEFOUJEBEEFMNJTNPFOFMNPNFOUPEFMB
BVUFOUJDBDJO
$PNPFTMHJDPQFOTBS MBTFHVSJEBEEFMTJTUFNBWBBFTUBSGVFSUFNFOUFSFMBDJPOBEBDPO
MBCVFOBFMFDDJOEFMBDPOUSBTFBZMBDPOGJEFODJBMJEBEEFMBNJTNB1PSFTUFNPUJWP
MBTFNQSFTBTTVFMFOUFOFSEFGJOJEBTQPMUJDBTEFDPOUSBTFBTEPOEFTFFTUBCMFDFMBMPO
HJUVENOJNBEFMBNJTNB TVGPSNBUP FMUJFNQPRVFTFSWMJEB FUD
"DPOUJOVBDJO WBNPTBFTUVEJBSMBTDBSBDUFSTUJDBTRVFEFCFDVNQMJSVOBCVFOBDPO
USBTFB
t /P EFCFO FTUBS GPSNBEBT QPS QBMBCSBT RVF FODPOUSFNPT FO EJDDJPOBSJPT OJ FO
FTQBPM OJ FO OJOHO PUSP JEJPNB ZB RVF DVBMRVJFS QSPHSBNB EF GVFS[B CSVUB MP
EFTDVCSJSBDPOGBDJMJEBE
t /PEFCFOVTBSTFTMPMFUSBTNBZTDVMBTPNJOTDVMBT QPSRVFTFSFEVDJSBOMBTDPN
CJOBDJPOFTFOVOBMUPHSBEPFKFNQMPTSFDIB[BCMFT"/" BWFTUSV[ BCDEFG
t /PEFCFOFTUBSGPSNBEBTFYDMVTJWBNFOUFQPSONFSPT QPSFMNJTNPNPUJWPRVFFO
FMDBTPBOUFSJPS&KFNQMPT
t /P EFCFNPT VUJMJ[BS JOGPSNBDJO QFSTPOBM OPNCSF EF OVFTUSPT GBNJMJBSFT GFDIB
EFOBDJNJFOUP ONFSPEFUFMGPOPyZBRVFDVBMRVJFSQFSTPOBDFSDBOBBOPTPUSPT
QPESBEFTDVCSJSMB&KFNQMPTDQ &TUFGBMMPFTNVZIBCJUVBMFO
MBTQSFHVOUBTRVFUFSFBMJ[BOEFUFSNJOBEBTQHJOBT DPSSFPTFMFDUSOJDPT
DVBOEP
OPSFDVFSEBTMBDPOUSBTFB
t /PEFCFNPTJOWFSUJSQBMBCSBTSFDPOPDJCMFT DPNPBUBUBQ [VSUTFWB$VBMRVJFSQSP
HSBNBDSFBEPQBSBFTUFGJOMPEFTDVCSJSBFOVODPSUPFTQBDJPEFUJFNQP
t /PEFCFNPTSFQFUJSMPTNJTNPTDBSBDUFSFTFOMBNJTNBDPOUSBTFB
123
8448171373_SI_05.indd 123
06/04/10 11:06
t /PEFCFNPTFTDSJCJSMBDPOUSBTFBFOOJOHOTJUJP OJFOQBQFMOJFOEPDVNFOUPT
FMFDUSOJDPTRVFOPIBZBOTJEPFODSJQUBEPT
t /PEFCFNPTFOWJBSMBFOOJOHODPSSFPFMFDUSOJDPRVFOPTMBTPMJDJUF
t /PEFCFNPTDPNVOJDBSMBBOBEJFQPSUFMGPOP
t %FCFNPTMJNJUBSFMONFSPEFJOUFOUPTGBMMJEPT4JFYDFEFFMONFSPNYJNPEFJOUFO
UPTQFSNJUJEPT FMVTVBSJPEFCFRVFEBSCMPRVFBEP QPSMPRVFUFOESRVFQPOFSTFFO
DPOUBDUPDPOFMUDOJDPEFTFHVSJEBE&TMPRVFPDVSSFFOMPTDBKFSPTBVUPNUJDPT TJ
UFFRVJWPDBTUSFTWFDFTBMJOUSPEVDJSMBDMBWF FMDBKFSPTFRVFEBDPOMBUBSKFUB$PO
FMMPFWJUBNPTRVFTFQVFEBOTFHVJSIBDJFOEPJOUFOUPTJOEFGJOJEBNFOUFZBMGJOBMTF
EFTDVCSBFMONFSPTFDSFUP
t %FCFNPTDBNCJBSMBTDPOUSBTFBTEFBDDFTP EBEBTQPSEFGFDUPQPSMPTGBCSJDBOUFT
EFSPVUFSTZPUSPTQFSJGSJDPT RVFOPTQFSNJUFOFMBDDFTPBMBSFE
t /PEFCFNPTVUJMJ[BSMBNJTNBDPOUSBTFBFOMBTEJTUJOUBTNRVJOBTPTJTUFNBT ZB
RVFTJOPTMBEFTDVCSFO IBSBNPTWVMOFSBCMFTFMSFTUPEFFRVJQPTBMPTRVFUFOFNPT
BDDFTP
t -BTDPOUSBTFBTEFCFODBEVDBSZFYJHJSRVFTFDBNCJFODBEBDJFSUPUJFNQP BMNF
OPTVOBWF[BMBP
t /PEFCFNPTQFSNJUJSRVFMBTBQMJDBDJPOFTSFDVFSEFOMBTDPOUSBTFBT
1PS MP UBOUP MBT DPOUSBTFBT EFCFO TFS DBEFOBT EF DBSBDUFSFT RVF JODMVZBO UBOUP MF
USBTNBZTDVMBT NJOTDVMBT ONFSPTZDBSBDUFSFTFTQFDJBMFTTJOOJOHOUJQPEFMHJDB
BQBSFOUF-BMPOHJUVEEFMBNJTNBEFCFTFSTVQFSJPSBPDIPDBSBDUFSFT BVORVFMPNT
SFDPNFOEBCMFFTRVFTVQFSFMPTRVJODF
"MHVOPTDPOTFKPTQBSBQPEFSSFDPSEBSMBDPOUSBTFB ZBRVFDPNPIFNPTDPNFOUBEP
BOUFSJPSNFOUFOPQPESFNPTFTDSJCJSMBFOOJOHOTJUJP TFSBFMFHJSQBMBCSBTTJOTFOUJEP
QFSPRVFTFBOQSPOVODJBCMFT PCJFOFMFHJSMBQSJNFSBMFUSBEFVOBGSBTFRVFSFDPSEFNPT
QPSTFSQBSUFEFVOBDBODJORVFOPTHVTUB PEFBMHOSFDVFSEP QPSFKFNQMPj/BD
FMEFKVOJPEFMFO.BESJEDFSDBEFMBTEFMBNBESVHBEBx /FE+EF.DEMEMN
QBSBDPNQMJDBSMB TFQVFEFQPOFSBMHOTNCPMPFTQFDJBMFOVOBQPTJDJORVFQPEBNPT
SFDPSEBS
4J DVNQMJNPT DPO UPEBT MBT SFDPNFOEBDJPOFT FYQVFTUBT BOUFSJPSNFOUF IBSFNPT RVF
DVBMRVJFSJOUSVTPRVFJOUFOUFEFTDVCSJSMBDMBWFEFBDDFTPNFEJBOUFQSPHSBNBTEFGVFS
[BCSVUB DPNP+PIOUIF3JQQFSPTJNJMBSFT UFOHBRVFQFSEFSNVDIPUJFNQPZEFTJTUB
EFMQSPDFTP
3FDPSEBE VOBDPOUSBTFBNBMFMFHJEBPNBMQSPUFHJEBQVFEFTVQPOFSVOJNQPSUBOUF
BHVKFSPFOMBTFHVSJEBEEFMTJTUFNB
1BSBBRVFMMPT EFWPTPUSPT RVF OPUFOHJTNVDIBJNBHJOBDJOQBSBDSFBSDMBWFT IBZ
NVMUJUVEEFQSPHSBNBTRVFPTQFSNJUFOHFOFSBSDPOUSBTFBTDPOMBTDBSBDUFSTUJDBTRVF
WPTPUSPTRVFSJT&KFNQMPTEFFTPTQSPHSBNBTTPO.BY1BTTXPSEZ1BTTXPSE(FOFSBUPS
Actividades
8. %FTDBSHBPTMBBQMJDBDJO+PIOUIF3JQQFS(www.openwall.com)ZDPNQSPCBE
MPTUJFNQPTRVFUBSEBFOEFTDVCSJSDPOUSBTFBT
t ' PSNBEBTQPSVOBQBMBCSBRVFQPEJTFODPOUSBSFOFMEJDDJPOBSJP QPSFKFN
QMPQBUBUB
t 'PSNBEBTTPMPQPSONFSPT
t 'PSNBEBTQPSQBMBCSBTJOWFSUJEBT QPSFKFNQMPQBUBUBBMSFWT BUBUBQ
t 'PSNBEBTQPSQBMBCSBTFOPUSPTJEJPNBT DPNQVUFS
t 'PSNBEBQPSVODPOKVOUPEFDBSBDUFSFTTJOTFOUJEP"I6OC\
124
8448171373_SI_05.indd 124
06/04/10 11:06
3.2. Sistemas biomtricos

-PTTJTUFNBTCJPNUSJDPT TFVUJMJ[BOQBSBBVUFOUJDBSBMPTVTVBSJPTBUSBWTEFTVTSBTHPT
GTJDPTPDPOEVDUBT
&TUPTTJTUFNBTTFFTUOQPQVMBSJ[BOEPFOMBBDUVBMJEBEQPEFNPTFODPOUSBSQPSUUJMFT
RVF OPT PCMJHBO B BVUFOUJDBSOPT QBSB BDDFEFS B TV TJTUFNB PQFSBUJWP B USBWT EF MB
EFUFDDJOEFMBIVFMMBEJHJUBM
0USPDBTPTJNJMBSOPTMPFODPOUSBNPTFO%JTOFZ8PSME MBJEFOUJGJDBDJOEFMPTVTVBSJPT
RVFQPTFFOFOUSBEBWMJEBQBSBWBSJPTEBT TFSFBMJ[BNFEJBOUFTJTUFNBTCJPNUSJDPTEF
FTUBNBOFSB TFFWJUBRVFVOHSVQPEFBNJHPTTBRVFOFOUSBEBTQBSBWBSJPTEBTBQSPWF
DIBOEPFMEFTDVFOUPZRVFQPTUFSJPSNFOUFBDDFEBOBMQBSRVFFOEJTUJOUPTEBTSFQBSUJEPT
FOQFRVFPTHSVQPT
Cmo funciona un sistema biomtrico?

&MGVODJPOBNJFOUPEFMTJTUFNBCJPNUSJDPTFDPNQPOFEFEPTNEVMPT FMEFJOTDSJQDJO
ZFMEFJEFOUJGJDBDJO 'JH

&MQSJNFSPEFFMMPT NFEJBOUFTFOTPSFT MFFZFYUSBFMBDBSBDUFSTUJDBRVFJEFOUJGJDBBM
VTVBSJP BMNBDFOBOEPFMQBUSOFOVOBCBTFEFEBUPT
&MNEVMPEFJEFOUJGJDBDJOMFFZFYUSBFMBDBSBDUFSTUJDBRVFSFDPOPDFBMVTVBSJP&TF
QBUSOFTDPNQBSBEPDPOMPTRVFTFUJFOFOBMNBDFOBEPTFOMBCBTFEFEBUPTZTFEF
WVFMWFMBEFDJTJOTPCSFMBJEFOUJEBEEFMVTVBSJP
Rasgos
Extraccin
patrn
Lectura
sensores
Mdulo de inscripcin
BD
Rasgos
Lectura
sensores
Extraccin
patrn
Comparacin
patrn
Mdulo de identificacin
Fig. 5.41. Funcionamiento de un sistema biomtrico.

Fig. 5.42. Sistemas biomtricos.
-PTUJQPTEFTJTUFNBTCJPNUSJDPTNTQPQVMBSFTTPO
t 7FSJGJDBDJPOFTBOBUNJDBT
o.BOPIVFMMBTEBDUJMBSFT HFPNFUSB WFOBT
o3PTUSPHFPNFUSB
o1BUSPOFTPDVMBSFTSFUJOB JSJT
t 7FSJGJDBDJOEFMDPNQPSUBNJFOUP
o5JNCSFEFMBWP[
o&TDSJUVSBVTPEFMUFDMBEP FTDSJUVSBNBOVBMEFVOUFYUPQSFEFGJOJEP GJSNBEFMVTVBSJP
o-POHJUVEZDBEFODJBEFMQBTP
125
8448171373_SI_05.indd 125
06/04/10 11:07
3.3. Listas de control de acceso

-BTMJTUBTEFDPOUSPMEFBDDFTP UBNCJODPOPDJEBTQPSTVTJHMBFOJOHMT"$- NFKPSBOMB
TFHVSJEBEEFMPTBSDIJWPTEFOVFTUSPTJTUFNB&OEJDIBTMJTUBT TFEFGJOFOMPTQSJWJMFHJPT
RVFUJFOFVOVTVBSJPEFGPSNBJOEJWJEVBMTPCSFVOEFUFSNJOBEPGJDIFSP FTEFDJS QFSNJ
UFOPMJNJUBOFMBDDFTPBMPTBSDIJWPTEFNBOFSBJOEJWJEVBMTJOUFOFSFODVFOUBFMHSVQP
BMRVFQFSUFOFDFFMVTVBSJP
Caso prctico 8
Definir listas de control de acceso en Ubuntu 9.04 para restringir el acceso a los archivos
1. 1BSBQPEFSIBDFSVTPEFMBTMJTUBTEFDPOUSPMEFBDDFTP
EFCFNPT DPNVOJDBSMF BM TJTUFNB FO RV QBSUJDJPOFT
WBNPTBRVFSFSVTBSMBT1BSBFMMP OFDFTJUBNPTDPOGJHV
SBSFMGJDIFSP/etc/fstab.
-PTTJTUFNBTEFGJDIFSPTNPOUBEPTDPO"$- UFOESO
MBQBMBCSBDMBWFjBDMxFOMBTPQDJPOFTEFNPOUBKFEF
EJDIPGJDIFSP
2. &O OVFTUSP DBTP BEFNT EF MBT QBSUJDJPOFT EF SPPU
ZTXBQ UFOFNPTVOBUFSDFSBEFEJDBEBBMBMNBDFOB
NJFOUP EF EBUPT FO FTUB MUJNB WBNPT B DPOGJHVSBS
MBMJTUBEFDPOUSPMEFBDDFTPQBSBFMMPNPEJGJDBNPTFM
GJDIFSPfstab 'JH
BBEJFOEPMBMOFBDPSSFT
QPOEJFOUFBEJDIBQBSUJDJO 'JH
Claves y consejos
1BSBDPNQSPCBSRVFMBEJTUSJCV
DJOEF-*/69TPCSFMBRVFWBT
BUSBCBKBSTPQPSUB"$- EFCFT
VUJMJ[BSFMDPNBOEPgrep,DPNP
TFNVFTUSBFOMBJNBHFO
Fig. 5.43. Edicin de chero fstab.
Fig. 5.46. Comprobacin ACL.
Importante
1BSBDPOGJHVSBSMBTMJTUBTEFDPO
USPM EF BDDFTP "$-
EFCFNPT
SFBMJ[BSMPCBKPFMQFSGJMEFBENJ
OJTUSBEPS
Fig. 5.44. Fichero fstab.
3. "DPOUJOVBDJO QSPDFEFSFNPTBNPOUBSMBQBSUJDJOOVFWBNFOUF 'JH

Actividades
9. {2V EJGFSFODJBT IBZ
FOUSFFMVTPEFMBT"$-Z
FMEFMBPSEFOchmod
Fig. 5.45. Remontar unidad.

(Contina)
126
8448171373_SI_05.indd 126
06/04/10 11:07
Caso prctico 8
(Continuacin)
1BSBSFBMJ[BSFMFKFNQMP SPPUIBDSFBEPVOGJDIFSPMMB
NBEPQSVFCB
Fig. 5.47. Ficheros de un directorio.
4. " DPOUJOVBDJO NFEJBOUF FM DPNBOEP getfacl,

WBNPTBWFSMBJOGPSNBDJORVFBMNBDFOBMBMJTUBEF
DPOUSPMEFBDDFTPEFMGJDIFSPQSVFCBZEFMEJSFDUPSJP
BDUVBM
/PTJOGPSNBEFMOPNCSFEFMGJDIFSP EFMQSPQJFUB
SJP EFMHSVQPZMPRVFNTOPTJOUFSFTB MPTQFSNJ
TPTEFMQSPQJFUBSJP VTFSSX
EFMHSVQP HSPVQS

ZEFMNVOEP PUIFSS
-PNJTNPQBSBFMEJSFDUPSJP
BDUVBM 'JH

Fig. 5.48. Resultado comando getfacl.
5. " DPOUJOVBDJO WBNPT B EBSMF QFSNJTPT B 'FS

OBOEP QBSBRVFQVFEBMFFSZNPEJGJDBSFMGJDIFSP
QSVFCB 1BSB FMMP EFCFNPT VUJMJ[BS FM DPNBOEP
setfacl DPO MB PQDJO jNx RVF OPT QFSNJUF
NPEJGJDBSMB"$- ZQPSMUJNP DPNQSPCBNPTRVF
TFIBSFBMJ[BEPMBNPEJGJDBDJOTPMJDJUBEB 'JH

Fig. 5.49. Resultado comandosetfacl.
127
8448171373_SI_05.indd 127
06/04/10 11:07
Caso prctico 9
Definir listas de control de acceso en Windows utilizando el comando cacls
para evitar el acceso a los ficheros a usuarios no autorizados
1. 1BSBMBSFBMJ[BDJOEFFTUBBDUJWJEBEEFCFNPTUFOFSDSFBEPTBMNFOPTEPTVTVB
SJPT6TVBSJPZ6TVBSJP
2. &OMBDBSQFUBMis DocumentosEFM6TVBSJP DSFBSFNPTPUSPTEPTEJSFDUPSJPT
$POGJEFODJBMZ%BUPTDPNQBSUJEPT
3. &M6TVBSJPRVJFSFQFSNJUJSRVF6TVBSJPQVFEBMFFSEPDVNFOUPTRVFIBZBMNB
DFOBEPTFO%BUPTDPNQBSUJEPT&OFTUPTNPNFOUPTFTPFTJNQPTJCMF FM6TVB
SJP OP UJFOF QFSNJTPT QBSB BDDFEFS B %BUPT DPNQBSUJEPT {2V QPEFNPT
IBDFS .PEJGJDBSMBMJTUBEFDPOUSPMEFBDDFTPQBSBQFSNJUJSMFFOUSBSBMBDBSQFUB
%BUPTDPNQBSUJEPT"EFNT EFCFNPTQFSNJUJSFMBDDFTPBMBDBSQFUB6TVBSJP
EFDocuments and SettingsZBMEJSFDUPSJPMis Documentos.
1BSBFMMPEFCFNPTFKFDVUBSMBJOTUSVDDJOcacls,DVZBTJOUBYJTFT
Cacls fichero /parmetros
-PTQBSNFUSPTTPO
U$BNCJBMBT"$-4EFMPTBSDIJWPTFTQFDJGJDBEPTFOFMEJSFDUPSJPBDUVBMZFO
UPEPTTVTTVCEJSFDUPSJPT
F.PEJGJDBMB"$-FOWF[EFSFFNQMB[BSMB&TUFQBSNFUSPFTNVZJNQPSUBOUF
TVQPOHBNPTRVFRVFSFNPTEBSMFQFSNJTPTBM6TVBSJPZOPVUJMJ[BNPTFTUF
NPEJGJDBEPSFOUPODFTTFSFFNQMB[BMB"$-BOUJHVBQPSMBOVFWB OPQFSNJ
UJFOEPBM6TVBSJPBDDFEFSBTVJOGPSNBDJO
D'VFS[BMBNPEJGJDBDJOBVORVFFODVFOUSFFSSPSFT
HVTVBSJPQFSNJTPT3 MFDUVSB
& FTDSJUVSB
$ DBNCJBS
Z' DPOUSPMUPUBM

$PODFEFEFSFDIPTEFBDDFTPBMVTVBSJP
3VTVBSJP4VTQFOEFMPTEFSFDIPTBMVTVBSJP
QVTVBSJPQFSN4VTUJUVZFMPTEFSFDIPTEFMVTVBSJPFTQFDJGJDBEP
EVTVBSJP%FOJFHBFMBDDFTPBMVTVBSJPFTQFDJGJDBEP
-BJOTUSVDDJOcacls QFSNJUFNPEJGJDBSMBTMJTUBTEFDPOUSPMEFBDDFTPBMPTGJDIFSPT
4FHOMBTJOUBYJTBOUFSJPS EFCFNPTFKFDVUBSFMDPNBOEPRVFBQBSFDFFOMB
'JHVSB
Fig. 5.50. Modicacin ACL del directorio actual y subdirectorios.
&MSFTVMUBEPFTRVFFM6TVBSJPQVFEFFOUSBSBUPEPTMPTEJSFDUPSJPTZGJDIFSPT
RVFDVFMHVFOEFMEJSFDUPSJP6TVBSJP PMPRVFFTMPNJTNP QVFEFWJTVBMJ[BS
DVBMRVJFSEPDVNFOUPEFEJDIPVTVBSJP
$PNPUPEBMBJOGPSNBDJOEFM6TVBSJPFTUBMNBDFOBEBFOEPTDBSQFUBT $PO
GJEFODJBMZ%BUPT$PNQBSUJEPT QBSBRVFOPUFOHBBDDFTPFM6TVBSJPBMEJSFD
UPSJP$POGJEFODJBMEFM6TVBSJP EFCFNPTFKFDVUBSMBPSEFOEFMB'JHVSB
Fig. 5.51. Denegacin de acceso a carpeta condencial.

128
8448171373_SI_05.indd 128
06/04/10 11:07
4. Vulnerabilidades del sistema

-PTTJTUFNBTPQFSBUJWPTTPOQSPHSBNBEPTZTPNFUJEPTBOVNFSPTBTQSVFCBTBOUFTEF
TFSMBO[BEPTBMNFSDBEP QFSPOPTFEFTDVCSFOTVTWFSEBEFSBTWVMOFSBCJMJEBEFTIBTUB
RVF MPT jFYQFSUPT FO TFHVSJEBEx IBDLFST DSBDLFST WJSVTy
MP TPNFUFO B TVT EVSBT
QSVFCBT&OUPODFT FTPTBHVKFSPTTPODPSSFHJEPTDPOMBNBZPSDFMFSJEBEQPTJCMFQPSMPT
QSPHSBNBEPSFTEFMTJTUFNB
1PSFMMP TJFNQSFEFCFNPTNBOUFOFSFMTJTUFNBBDUVBMJ[BEP
4.1. Evitar vulnerabilidades en Windows
Sabas que?
8JOEPXTQVCMJDBMBTBDUVBMJ[B
DJPOFTMPTTFHVOEPTNBSUFTEF
DBEBNFT DPOPDJEPDPNP1BUDI
5VFTEBZ NBSUFT EF DPSSFDDJP
OFT
BOPTFSRVFTFBVOBBDUVB
MJ[BDJODSUJDB FOFTFDBTPTF
QVCMJDBTFHOTFUFSNJOF
1BSBFWJUBSMBTWVMOFSBCJMJEBEFTFO8JOEPXT EFCFNPTNBOUFOFSFMTJTUFNBBDUVBMJ[BEP
DPOMPTMUJNPTQBSDIFT&TUPMPQPEFNPTSFBMJ[BSEFEJTUJOUBTNBOFSBT
8JOEPXTQSPQPSDJPOBVOTFSWJDJPEFBDUVBMJ[BDJPOFTBVUPNUJDBTBUSBWTEFMB8FC
EFOPNJOBEP 8JOEPXT 6QEBUF VCJDBEP FO XJOEPXTVQEBUFNJDSPTPGUDPN 4J OPT DP
OFDUBNPTBFTUBQHJOB FMTFSWJDJPBOBMJ[BFMTJTUFNBPQFSBUJWPZEFUFSNJOBMBTBDUVBMJ
[BDJPOFTRVFFTOFDFTBSJPEFTDBSHBS
0USBNBOFSBFTDPOGJHVSBSFMTJTUFNBPQFSBUJWPQBSBRVFSFBMJDFMBTEFTDBSHBTEFMBT
BDUVBMJ[BDJPOFTBVUPNUJDBNFOUF1BSBFMMPEFCFNPTQVMTBSFMCPUO*OJDJPEF8JOEPXT
7JTUB IBDFSDMJDTPCSFFMPanel de ControlZTFMFDDJPOBSMBPQDJOEFWindows Update
'JH

Fig. 5.52. Panel de control.
"DPOUJOVBDJO TFBCSFVOBOVFWBWFOUBOBTJNJMBSBMBRVFTFNVFTUSBFOMB'JHVSB
Fig. 5.53. Windows Update en Windows Vista.

129
8448171373_SI_05.indd 129
06/04/10 11:07
&O FTB WFOUBOB QPEFNPT CVTDBS BDUVBMJ[BDJPOFT DBNCJBS MB DPOGJHVSBDJO DPOTVMUBS
FMIJTUPSJBMEFBDUVBMJ[BDJPOFT SFTUBVSBSBDUVBMJ[BDJPOFTPDVMUBTZWFSMBTQSFHVOUBTGSF
DVFOUFTTPCSFFMQSPDFTPEFBDUVBMJ[BSFMTJTUFNB
$PNP FTUBNPT JOUFOUBOEP DPOGJHVSBS MBT BDUVBMJ[BDJPOFT BVUPNUJDBNFOUF EFCFNPT
IBDFSDMJDFOMBPQDJOCambiar configuracin RVFTFNVFTUSBFOFMNBSDPJ[RVJFSEP
EFMB'JHVSB
Fig. 5.54. Conguracin Actualizaciones.
&OMBOVFWBWFOUBOB 'JH
TFMFDDJPOBNPTMBQSJNFSBPQDJO Instalar actualizaciones automticamente (recomendado),EFGJOJFOEPDVOEPRVFSFNPTRVFTFJOTUBMFOMBT
OVFWBTBDUVBMJ[BDJPOFT$PNPTBCFNPTRVF8JOEPXTTVFMFQVCMJDBSMBTBDUVBMJ[BDJPOFT
MPTNBSUFT MPQPEFNPTDPOGJHVSBSQBSBRVFTFJOTUBMFOMPTWJFSOFTBMBTIPSBT
EFFTUBNBOFSB OPTBTFHVSBNPTRVFOPIBOEBEPQSPCMFNBTMPTQBSDIFTQVCMJDBEPT
0USBPQDJORVFQPEFNPTTFMFDDJPOBSFOMBNJTNBWFOUBOBFTDescargar actualizaciones, pero permitirme elegir si deseo instalarlas;DPNPTVOPNCSFJOEJDBTFEFTDBSHBOMBT
BDUVBMJ[BDJPOFT QFSPOPTPOJOTUBMBEBTIBTUBRVFOPEFNPTMBPQPSUVOBPSEFO
0USB TFMFDDJO QPTJCMF FT Buscar las actualizaciones, pero permitirme elegir si deseo
descargarlas e instalarlas;EFFTUBNBOFSB OPTFEFTDBSHBOMBTBDUVBMJ[BDJPOFT PDV
QBOEPFTQBDJPFOFMEJTDPEVSPIBTUBFMNPNFOUPFORVFMBTJOTUBMBNPT
1PS MUJNP QPEFNPT PQUBS QPS OP CVTDBS MBT BDUVBMJ[BDJPOFT FO FTF DBTP TPNPT MPT
SFTQPOTBCMFTEFBDDFEFSBMBQHJOBEF8JOEPXT6QEBUFZEFUFSNJOBSMBTBDUVBMJ[B
DJPOFTRVFOFDFTJUBNPTQBSBNBOUFOFSOVFTUSPFRVJQPTJOWVMOFSBCJMJEBEFT
%F MB NJTNB NBOFSB RVF NBOUFOFNPT BDUVBMJ[BEP FM TJTUFNB PQFSBUJWP EFCFNPT
NBOUFOFS BDUVBMJ[BEP MPT QSPHSBNBT RVF UFOFNPT JOTUBMBEPT Z QPS TVQVFTUP FM GJS
NXBSFEFMPTEJTUJOUPTQFSJGSJDPTRVFDPOFDUBNPTBMFRVJQPSPVUFS TXJUDI FUD
$PNPQFSEFSBNPTNVDIPUJFNQPDPOTVMUBOEPMBQHJOBEFDBEBGBCSJDBOUFQBSBWFSTJ
IBOQVCMJDBEPOVFWBTBDUVBMJ[BDJPOFTEFMBTBQMJDBDJPOFTJOTUBMBEBT QPEFNPTVUJMJ[BS
BMHVOPTEFMPTOVNFSPTPTQSPHSBNBTHSBUVJUPTRVFFYJTUFO&TUPTTFDPOFDUBOB*OUFSOFU
ZOPTJOGPSNBOEFTJIBZOVFWBTBDUVBMJ[BDJPOFTQVCMJDBEBTRVFBOOPUFOHBNPTJOT
UBMBEBT
"MHVOPT FKFNQMPT EF EJDIPT QSPHSBNBT TPO "11(&5 46.0 -0(*$*&*."$$0.
"11'3&4) 61%"5&/05*'*&3(http://cleansofts.org),FUD
130
8448171373_SI_05.indd 130
06/04/10 11:07
5. Monitorizacin del sistema

$POMBNPOJUPSJ[BDJOEFMTJTUFNBWBNPTBQPEFSBVEJUBSMPTFWFOUPTRVFTFIBOQSPEV
DJEPFOOVFTUSPFRVJQP
5.1. Monitorizacin en Windows

$PNPZBFTUVEJBNPT QPEFNPTBCSJSFMWJTPSEFTVDFTPTNFEJBOUFMBPSEFOeventvwr.
msc&OMB'JHVSB QPEFNPTWFSRVFHVBSEBJOGPSNBDJOEFMPTTVDFTPTEFBQMJDB
DJO TFHVSJEBEZTJTUFNB
Fig. 5.55. Visor de sucesos Windows.
&TUBJOGPSNBDJOFTHVBSEBEBFOMPTBSDIJWPT"QQ&WFOU&WU 4FD&WFOU&WUZ4ZT&WFOU&WU
VCJDBEPTUPEPTFMMPTFOFMEJSFDUPSJP4ZTUFN3PPU=TZTUFN=DPOGJH
&T NVZ JNQPSUBOUF DPOGJHVSBS DPSSFDUBNFOUF FM UBNBP Z FM BDDFTP B MPT NJTNPT &M
UBNBPEFCFTFSMPTVGJDJFOUFNFOUFHSBOEFQBSBBMCFSHBSMPTTVDFTPTQSPEVDJEPTFOFM
TJTUFNBIBTUBRVFMPBVEJUFNPT:DPNPFTMHJDP QBSBFWJUBSRVFMPTJOUSVTPTCPSSFO
TVTIVFMMBTTMPEFCFSOUFOFSQFSNJTPTEFDPOUSPMUPUBMFMUDOJDPPUDOJDPTFODBSHBEPT
EFMBTFHVSJEBEEFMTJTUFNB
5.2. Monitorizacin en Linux

-JOVYUJFOFVODPNQMFKPWJTPSEFTVDFTPT 'JH
RVFQPEFNPTBSSBODBSEFTEFSistemaAdministracinVisor de archivos de sucesos.
Fig. 5.56. Visor de sucesos Linux.

131
8448171373_SI_05.indd 131
06/04/10 11:07
1BSBTJNQMJGJDBSMBBVEJUPSB -JOVYUJFOFVODPOKVOUPEFDPNBOEPT RVFTFFTQFDJBMJ[BOFOFM

SFHJTUSPEFMPTEJTUJOUPTFWFOUPT1BSBBVEJUBSMBTFOUSBEBTBMTJTUFNBVUJMJ[BSFNPTFMDPNBOEP
last 'JH
QBSBBVEJUBSMBTBDDFTPTGBMMJEPTVTBSFNPTFMDPNBOEPlastb 'JH
Z
QBSBMBTDPOFYJPOFTBMTJTUFNBQPSSFEVUJMJ[BSFNPTFMDPNBOEPlastlog 'JH

-PT GJDIFSPT EPOEF TF HVBSEB MB JOGPSNBDJO TF FODVFOUSBO VCJDBEPT FO FM EJSFDUPSJP
/var/log 'JH

Vocabulario
Log.&TFMSFHJTUSPEFVOFWFOUP
RVFTFQSPEVDFFOFMTJTUFNB
Sabas que?
#MPHWJFOFEFXF#-0(
Fig. 5.57. Ubicacin logs de Linux.
"DPOUJOVBDJO WBNPTBWFSVOPTFKFNQMPTEFMPTDPNBOEPTWJTUPTBOUFSJPSNFOUF
Fig. 5.58. Resultado comando last.
Fig. 5.59. Salida comando lastb.
Fig. 5.60. Resultado comando lastlog.

132
8448171373_SI_05.indd 132
06/04/10 11:07
6. Software que vulnera la seguridad

del sistema
&OFTUFBQBSUBEPWBNPTBFTUVEJBSUBOUPMBTBQMJDBDJPOFT WJSVT HVTBOPT TOJGBEPSFTy

DPNPFMUJQPEFJOUSVTPTRVFNFEJBOUFFMVTPEFMBTNJTNBTBNFOB[BOMBTFHVSJEBEEFM
TJTUFNB
6.1. Clasificacin de los atacantes

-PTBUBDBOUFTTFQVFEFODMBTJGJDBSTFHOFMUJQPEFBUBRVF
t Hackers:TPOQFSTPOBTDPOHSBOEFTDPOPDJNJFOUPTJOGPSNUJDPTZUFMFNUJDPT FYQFS
UPTQSPHSBNBEPSFT
1PSTVJOGJOJUBDVSJPTJEBEEFEJDBOVOHSBOFTGVFS[PBJOWFTUJHBS
MPTTJTUFNBTPQFSBUJWPTZMPTTJTUFNBTEFTFHVSJEBEQBSBEFTDVCSJSUPEBTTVTWVMOF
SBCJMJEBEFT-BQSJODJQBMNPUJWBDJOEFMPTIBDLFSTFTTFHVJSBQSFOEJFOEPZNPTUSBS
MBTWVMOFSBCJMJEBEFTEFMPTTJTUFNBTBMNVOEP&OOJOHODBTPCVTDBOVOCFOFGJDJP
FDPONJDP P EBBS MB FTUSVDUVSB EFM TJTUFNB 1PESBNPT IBDFS VO TNJM DPO VOB
QFSTPOBRVFIBTJEPDBQB[EFBDDFEFSBMJOUFSJPSEFVOBDBKBGVFSUF QFSPOPTFIB
MMFWBEPOBEB TJNQMFNFOUFIBEFKBEPVOBOPUBJOGPSNBUJWBEJDJFOEPRVFIBFTUBEP
BMM QBSBJOGPSNBSEFMBWVMOFSBCJMJEBEEFMBNJTNB5BNCJOTPODPOPDJEPTDPNP
IBDLFSTEFTPNCSFSPCMBODP
t Crackers o hackers de sombrero negro:FMUSNJOPhackerGVFVUJMJ[BEPQPSMPTNF
EJPTEFDPNVOJDBDJOEFGPSNBHFOSJDB QBSBSFGFSJSTFBDVBMRVJFSJOUSVTPFOVOTJT
UFNB TJOUFOFSFODVFOUBMBGJOBMJEBEEFMBUBRVF1PSFTUFNPUJWP MPTQSPQJPTIBDLFST
JOWFOUBSPOVOBOVFWBQBMBCSBQBSBEFTJHOBSBBRVFMMBTQFSTPOBTRVFSPNQBOMBT
CBSSFSBTEFTFHVSJEBEEFMPTTJTUFNBTDPOGJOFTNBMJDJPTPT CJFOQPSRVFCVTDBCBO
VOCFOFGJDJPFDPONJDPPCJFOQPSRVFQPSWFOHBO[BEBBCBOMBTFTUSVDUVSBTEFMPT
TJTUFNBT FUD-BQBMBCSBDSBDLFSQSPWJFOFEF$3JNJOBMI"$,&3 FTEFDJSIBDLFST
DSJNJOBMFT IBDLFSTDVZBTJOUFODJPOFTTPONBMJDJPTBT
Sabas que?
Luser FTFMUSNJOPRVFVUJMJ[BO
MPT BUBDBOUFT QBSB SFGFSJSTF BM
VTVBSJP RVF WB B TFS BUBDBEP
&TMBBCSFWJBUVSBEF-PDBM64&3
Sabas que?
-BQBMBCSBhackerIBTJEPVUJMJ
[BEBFSSOFBNFOUFQPSMBQSFO
TBQBSBSFGFSJSTFBBRVFMMBTQFS
TPOBTJOWPMVDSBEBTFODVBMRVJFS
BDUP RVF BUBRVF MB TFHVSJEBE
JOGPSNUJDB TJOUFOFSFODVFOUB
FMGJOEFMNJTNP
t Phreakers:TPOFYQFSUPTFOUFMFGPOB4PODPOPDJEPTDPNPMPTQIPOFDSBDLFST MPT
DSBDLFSTEFMBUFMFGPOB CVTDBOVOCFOFGJDJPFDPONJDPTBCPUFBOEPMBTSFEFTUFMF
GOJDBTQBSBSFBMJ[BSMMBNBEBTHSBUVJUBT
t Ciberterroristas: TPOFYQFSUPTFOJOGPSNUJDBZFOJOUSVTJTNPFOMBSFE RVFQPOFOTVT
DPOPDJNJFOUPTBMTFSWJDJPEFQBTFTZPSHBOJ[BDJPOFTQBSBFMFTQJPOBKFPTBCPUBKF
JOGPSNUJDP
t Programadores de virus:TPOFYQFSUPTFOQSPHSBNBDJO FOTJTUFNBTZFOSFEFT RVF
DSFBOQFRVFPTQSPHSBNBTEBJOPT RVFQPSVOPVPUSPNPUJWPMMFHBOBMBSFEZ
TFEJTUSJCVZFODPOSBQJEF[PDBTJPOBOEPEBPTFOMPTTJTUFNBTPFOMBJOGPSNBDJO
BMNBDFOBEBFOMPTNJTNPT
t Carders:BUBDBOMPTTJTUFNBTEFUBSKFUBT FTQFDJBMNFOUFMPTDBKFSPTBVUPNUJDPT
t Sniffers:MPQPESBNPTUSBEVDJSDPNPcotilla,TPOMBTQFSTPOBTRVFTFEFEJDBOBFT
DVDIBSFMUSGJDPEFMBSFE QBSBJOUFOUBSSFDPNQPOFSZEFTDJGSBSMPTNFOTBKFTRVF
DJSDVMBOQPSMBNJTNB
t Lammers: UBNCJO DPOPDJEPT DPNP wannabes P script-kiddies P click-kiddies, TPO
DIJDPTKWFOFTRVFTJOHSBOEFTDPOPDJNJFOUPTJOGPSNUJDPT TFDSFFOWFSEBEFSPTIBD
LFSTZTFMPIBDFODSFFSBMPTNJFNCSPTEFTVTQBOEJMMBT&TUPTTMPTFIBOEFTDBS
HBEPIFSSBNJFOUBTPQSPHSBNBTEF*OUFSOFUQBSBSFBMJ[BSBUBRVFTJOGPSNUJDPTZMPT
IBOQVFTUPFONBSDIBTJOTBCFSDNPGVODJPOBO-PTWFSEBEFSPTIBDLFSTNVFTUSBO
VOBHSBOSFQVMTBIBDJBMPTMBNNFST
t Newbie:TPOMPTIBDLFSTOPWBUPT FNQJF[BOBBQSFOEFSZWBOTVQFSBOEPMPTQSJNF
SPTSFUPTQBSBMMFHBSBTFSWFSEBEFSPTIBDLFST
133
8448171373_SI_05.indd 133
06/04/10 11:07
6.2. Tipos de ataques

1PEFNPTIBDFSVOBQSJNFSBDMBTJGJDBDJOEFMPTUJQPTEFBUBRVFTsegn los objetivosEF
TFHVSJEBERVFWVMOFSBO
t Interrupcin,FTUFUJQPEFBUBRVFWVMOFSBMBEJTQPOJCJMJEBEEFVOSFDVSTPEFMTJTUFNB
PEFMBSFE&MSFDVSTPOPQPESTFSVUJMJ[BEP&KFNQMPT EFOFHBDJOEFMTFSWJDJP
FMBQBHBEPNBOVBMEFDVBMRVJFSSFDVSTP FRVJQP TFSWJEPS JNQSFTPSBT
FMSPCPEF
VOEJTDPEVSP DPSUBSVOBMOFBEFDPNVOJDBDJO EFTIBCJMJUBDJOEFVOTJTUFNBEF
GJDIFSPT VNPVOU

*OUFSSVQDJO
Fig. 5.61. Interrupcin.
t Intercepcin,BUBDBMBDPOGJEFODJBMJEBE6OJOUSVTPBDDFEFBJOGPSNBDJOBMNBDFOB
EBFOOVFTUSPTJTUFNBPBMRVFIFNPTUSBTNJUJEPQPSMBSFE FTEFDJS MBJOGPSNBDJO
IBDBEPFONBOPTEFQFSTPOBMOPBVUPSJ[BEP&KFNQMPT DBQUVSBEFJOGPSNBDJOFO
MBSFEPDPQJBEFBSDIJWPTOPBVUPSJ[BEB
*OUFSDFQDJO
Fig. 5.62. Intercepcin.
t Modificacin,BUBDBFMPCKFUJWPEFJOUFHSJEBE-PTEBUPTIBOTJEPNBOJQVMBEPTQPS
QFSTPOBMOPBVUPSJ[BEPFOBMHONPNFOUPFOUSFTVDSFBDJOZTVMMFHBEBBMEFTUJOB
UBSJP-BJOGPSNBDJORVFTFEJTQPOFEFTQVTEFVOBUBRVFEFFTUBTDBSBDUFSTUJDBT
OP FT WMJEB OJ DPOTJTUFOUF &KFNQMPT MBT NPEJGJDBDJPOFT EF QSPHSBNBT QBSB RVF
SFBMJDFOBDDJPOFTEJGFSFOUFTBMBTQSPQVFTUBTPSJHJOBMNFOUF NPEJGJDBSVONFOTBKF
USBOTNJUJEPQPSMBSFE %/4TQPPGJOH y
.PEJGJDBDJO
Fig. 5.63. Modicacin.
t Fabricacin,FTUFUJQPEFBUBRVFWVMOFSBMBBVUFOUJDJEBE4FUSBUBEFNPEJGJDBDJPOFT
EFTUJOBEBTBDPOTFHVJSRVFFMQSPEVDUPGJOBMTFBTJNJMBSBMBUBDBEPEFGPSNBRVF
TFBEJGDJMEJTUJOHVJSMPEFMPSJHJOBM1PSFKFNQMP FMQIJTJOH
'BCSJDBDJO
Fig. 5.64. Fabricacin.
134
8448171373_SI_05.indd 134
06/04/10 11:07
0USP UJQP EF DMBTJGJDBDJO TF QVFEF SFBMJ[BS en funcin de la forma de actuar EF MPT
BUBRVFT
t Spoofing o suplantacin de la identidad: MBUDOJDBEFTQPPGJOH FOHBPPGBMTFB
NJFOUP
TFVTBFOSFEFTFUIFSOFUDPONVUBEBT FTEFDJS FOSFEFTRVFIBDFOVTPEF
TXJUDIDPNPFMFNFOUPEFJOUFSDPOFYJOFOUSFMPTEJGFSFOUFT1$
&TUFBUBRVFDPOTJTUFFOGBMTFBSBMHOEBUPEFVO1$BUBDBEP&YJTUFOEJTUJOUPTUJQPT
EFTQPPGJOH DPNPQVFEFTFSFMBSQTQPPGJOHPBSQQPJTPOJOH RVFDPOTJTUFFOFO
HBBSBMBUBCMBBSQRVFMPTFRVJQPTHVBSEBOFONFNPSJB UBCMBRVFTJNQMFNFOUF
BTPDJBVOBEJSFDDJOGTJDBPNBDEFVOBUBSKFUBEFSFEDPOTV*1 'JH

Ten cuidado
&M DPNBOEP "31 QFSNJUF WFS
P NPEJGJDBS MBT FOUSBEBT EF MB
UBCMBEF*1."$
Fig. 5.65. Tabla ARP de PC atacado antes de realizar ARP Spoong.
$POFTUBUDOJDBEFFOHBPQPEFNPTIBDFSDSFFSBVO1$BUBDBEPRVFMBEJSFDDJO
GTJDBEFPUSP1$ UBNCJOBUBDBEPEFMBSFE FTMBEFM1$EFMBUBDBOUF DPOTJHVJFOEP
DPOFMMPRVFUPEPFMUSGJDPEFSFEFOUSFMPTEPT1$BUBDBEPTQBTFQPSFM1$EFMBUBDBOUF
'JH
FTMPRVFTFDPOPDFDPNPman in the middle IPNCSFFONFEJP

&O MB 'JHVSB QPEFNPT WFS DPNP MB ."$ EF MB EJSFDDJO EFM 1$ BUBDBEP

IBTJEPNPEJGJDBEBDPOMBEJSFDDJOGTJDB GFBF
RVFFT
MBEJSFDDJOGTJDBEFMBUBDBOUF
Fig. 5.66. Tabla ARP del PC atacado tras el ARP Spoong.
0USBWFSTJOEFFTUFUJQPEFBUBRVFTFTFM%/4TQPPGJOHPFOHBPEF%/4 RVFDPOTJT
UFFOGBMTFBSMBSFTQVFTUBEFMTFSWJEPS%/4TPCSFVOBQFUJDJOZEBSMFVOBEJSFDDJO*1
EJGFSFOUFBMBSFBM&TEFDJS RVFDVBOEPVO1$BUBDBEPQJEFQPSFKFNQMPMB*1EFXXX
NJCBODPFTBTVTFSWJEPS%/4 FMFRVJQPBUBDBOUFGBMTFBSFMQBRVFUFEFEBUPTEFMPT
%/4DPOMBSFTQVFTUBZMFQVFEFFOHBBSEOEPMFMB*1EFPUSPFRVJQPDVBMRVJFSB"T
FOWF[EFDPOFDUBSTFBTVCBODPTFDPOFDUBSBBPUSP1$EJGFSFOUFQVEJFOEPGBMTFBSMB
QBHJOBEFFOUSBEBEFTVCBODBFMFDUSOJDBZDBQUVSBOEPTVTDMBWFTEFBDDFTPBMBNJTNB
7FBNPTFTUBTEPTUDOJDBTNFEJBOUFVOBQSDUJDBSFBMJ[BEBDPOFMQSPHSBNB$"*/RVF
UFQVFEFTEFTDBSHBSEFMBQHJOBhttp://www.oxld.it/cain.html.
135
8448171373_SI_05.indd 135
06/04/10 11:07
Caso prctico 10
ARP spoofing y DNS spoofing
&O FTUB QSDUJDB WBNPT B IBDFS RVF DVBOEP VO VTVBSJP EFTEF VO 1$ BUBDBEP
SFTVFMWBMB*1BTPDJBEBBMOPNCSFXXXHPPHMFDPN FOWF[EFDPOUFTUBSMFDPOMB
EJSFDDJOSFBM PCUFOESDPNPSFQVFTUBMB*1EFVOFRVJQPEFOVFTUSBSFE
"OUFT EF IBDFS FM %/4 TQPPGJOH UFOESFNPT RVF SFBMJ[BS VO FOWFOFOBNJFOUP EF
MBUBCMB"31 QBSBBTDBNCJBSMBTUBCMBT*1."$EFM1$BUBDBEPZEFMSPVUFSZ
SFEJSJHJSUPEPFMUSGJDPRVFWBEFTEFFM1$BUBDBEPIBDJBFMSPVUFSBUSBWTEFM1$
EFMBUBDBOUF
$PNPWFNPTFOMB'JHVSBBOUFTEFMBUBRVF FM%/4SFTVFMWFMBEJSFDDJOEF
(PPHMFDPOTVEJSFDDJO*1SFBM

Fig. 5.67. Ping a la direccin www.google.com.
%FTQVTEFMBUBRVF FMBUBDBOUFNPEJGJDBMBEJSFDDJOEFWVFMUBQPSFM%/4QPSVOB
EJSFDDJORVFFMBUBDBOUFDPOGJHVSBBUSBWTEFMBBQMJDBDJO$"*/1BSBSFBMJ[BS
FTUBQSDUJDBEFCFNPTTFHVJSEPTTFODJMMPTQBTPT
1. &MQSJNFSP DSFBSVOBFOUSBEBEFFOWFOFOBNJFOUP"31 'JH
$POFTUPDPO
TFHVJSFNPTRVFUPEPFMUSGJDPFOUSF1$BUBDBEPZFMSPVUFSTFBSFEJSFDDJPOBEP
BM1$EFMBUBDBOUF
Fig. 5.68. Entrada de envenenamiento.
2. &MTFHVOEPQBTP DPOTJTUFFOJOUSPEVDJSVOBFOUSBEBEF%/4TQPPGJOH 'JH

DPOTJHVJFOEPRVFDVBOEPFMBUBDBEPTFRVJFSBDPOFDUBSB(PPHMFSFBMNFOUFTF
DPOFDUBSBMFRVJQPDPOMB*1
(Contina)
136
8448171373_SI_05.indd 136
06/04/10 11:07
Caso prctico 10
(Continuacin)
Vocabulario
MAC. .FEJB "DDFTT $POUSPM
FT VO ONFSP EF CJUT RVF
HFOFSBMNFOUFTFFYQSFTBDPNP
EHJUPTIFYBEFDJNBMFT ZRVF
JEFOUJGJDBEFGPSNBOJDBBDBEB
UBSKFUBEFSFEFUIFSOFU
Fig. 5.69. Entrada de DNS spoong.
$PNPTFQVFEFWFSFOMBTJHVJFOUFJNBHFO DVBOEPIBDFNPTVOQJOHB(PPHMF
EFTEF FM FRVJQP BUBDBEP EFWVFMWF MB EJSFDDJO RVF IB DPOGJHVSBEP FM BUBDBOUF

Fig. 5.70. Resultado de la entrada de DNS spooting.
$PNP FT MHJDP QFOTBS FTUB UDOJDB TF QVFEF VUJMJ[BS QBSB DPNFUFS GSBVEFT FO
JOUSBOFUTPSFEFTDPSQPSBUJWBTSFFOWJBOEPBMBUBDBEPBVOBQHJOBNVZTJNJMBSB
MBPSJHJOBM QFSPGBMTB QPSMPRVFFMJOUSVTPQPESWFSTVTDMBWFT
$POUSBFTUFUJQPEFBUBRVFTQPEFNPTMVDIBSDSFBOEPMBTUBCMBT"31EFMPTFRVJQPT
FYQVFTUPTEFGPSNBFTUUJDBNFEJBOUFFMDPNBOEP"31
Sniffing o anlisis de trfico:DPNPIFNPTDPNFOUBEPFOFMFQHSBGFEFUJQPTEFBUBDBO

UFT FTUFUJQPEFBUBRVFTDPOTJTUFFOFTDVDIBSFMUSGJDPEFMBSFE
&O MBT SFEFT EF SFB MPDBM RVF VUJMJ[BO FM )6# DPNP NFEJP EF JOUFSDPOFYJO FOUSF
MPTFRVJQPT FTUBUDOJDBTFDPOWJFSUFFOVOKVFHPEFOJPTDPNPTBCFNPT MPTIVCT
P DPODFOUSBEPSFT SFQJUFO UPEB MB JOGPSNBDJO SFDJCJEB QPS DBEB VOP EF TVT QVFSUPT
1BSBEJGJDVMUBSFMVTPEFFTUBUDOJDB EFCFNPTTVTUJUVJSMPTDPODFOUSBEPSFTQPSTXJUDIT
PDPONVUBEPSFT ZBRVFFTUPTMUJNPTBMUFOFSEFGJOJEBTMBTUBCMBTEFEJSFDDJPOBNJFOUP
$".$POUSPM"EESFTTBCMF.FNPSZ
TMPNBOEBOMBJOGPSNBDJOSFDJCJEBQPSFMQVFSUP
BEFDVBEP1FSPFTUBOGDJMDPNPVUJMJ[BSVOBUDOJDBEF."$GMPPEJOH RVFDPOTJTUFFO
TBUVSBSMBNFNPSJBEFMPTDPONVUBEPSFTQBSBRVFQJFSEBOMBUBCMBEFEJSFDDJPOBNJFOUP
Z UFSNJOFO GVODJPOBOEP DPNP DPODFOUSBEPSFT FT EFDJS RVF SFFOWBO MB JOGPSNBDJO
SFDJCJEBQPSUPEPTMPTQVFSUPTQPSOPTBCFSQPSDVMEFFMMPTEFCFFOWJBSMB
137
8448171373_SI_05.indd 137
06/04/10 11:07
Caso prctico 11
Comprometer una sesin telnet entre dos equipos atacados
1BSB MB SFBMJ[BDJO EF FTUB QSDUJDB IFNPT VUJMJ[BEP USFT
FRVJQPT DPOFDUBEPT B MB NJTNB SFE NFEJBOUF VO TXJUDI
7PMWFSFNPTBVUJMJ[BSMBNJTNBBQMJDBDJORVFFOFMDBTP
QSDUJDP BOUFSJPS $"*/ DPO MB RVF FOWFOFOBSFNPT NF
EJBOUFMBUDOJDBEFM"31TQPPGJOHFMUSGJDPHFOFSBEPFO
USFMPTEPT1$BUBDBEPTDPOTJHVJFOEPWJTVBMJ[BSFMDPOUFOJ
EPEFMBTFTJOUFMOFUFOUSFMPTNJTNPT
1. $PNPQVFEFTWFSFOMBTJHVJFOUFJNBHFO 'JH

TFFTUFOWFOFOBOEPFMUSGJDPFOUSFEPT1$VOPDPO
MBEJSFDDJO*1 RVFTFSFMRVFJOJDJFMB
TFTJOUFMOFU ZPUSPDPOEJSFDDJO*1RVF
FTRVJFOUJFOFFOFKFDVDJOVOTFSWJEPSUFMOFU
2. &OFMTJHVJFOUFQBTP WBNPTBWFSDPNPFMTOJGGFSFTDV
DIB FM USGJDP HFOFSBEP FOUSF MPT EPT 1$ BUBDBEPT
EVSBOUFVOBTFTJOEFBDDFTPSFNPUP
&OQSJNFSMVHBS&NJMJPJOJDJBVOBTFTJOUFMOFUBVUFOUJDOEP
TFNFEJBOUFTVOPNCSFZVTBOEPDPNPDPOUSBTFBQBUBUB
'JH

Fig. 5.71. Envenenamiento del trco entre dos PC.
&OMBTJHVJFOUFJNBHFO WFNPTDPNPFMTOJGGFSNFEJBOUFMB
BQMJDBDJO$"*/IBTJEPDBQB[EFDPNQSPNFUFSOVFTUSB
TFTJOUFMOFU 'JH
&MJOUSVTPWFFMOPNCSFEFVTVBSJP
Z MB DPOUSBTFB VUJMJ[BEPT QBSB MB DPOFYJO Z QPTUFSJPS
NFOUFMBFKFDVDJOEFMDPNBOEPdirSFBMJ[BEBEVSBOUFMB
TFTJOQPSFMBUBDBEP
Fig. 5.72. Inicio sesin telnet.
Fig. 5.73. Telnet comprometido.
138
8448171373_SI_05.indd 138
06/04/10 11:07
t Conexin no autorizada a equipos y servidores: FTUFUJQPEFBUBRVFDPOTJTUFFOEFT

DVCSJSEJTUJOUPTBHVKFSPTFOMBTFHVSJEBEEFVOTJTUFNBJOGPSNUJDPZFTUBCMFDFSDPO
FMNJTNPVOBDPOFYJOOPBVUPSJ[BEB:BTFBQPSRVFIFNPTEFTDVCJFSUPMBTDPO
USBTFBTEFBMHVOPTVTVBSJPT DPNPFOFMDBTPQSDUJDPBOUFSJPS PCJFOVUJMJ[BOEP
BQMJDBDJPOFTNBMXBSFRVFBQSPWFDIBOMBTQVFSUBTUSBTFSBTPBHVKFSPTQBSBQFSNJUJS
FMBDDFTPBMFRVJQPEFTEFFMFYUFSJPS
t Introduccin en el sistema de malware. Virus, troyanos y gusanos: MPTWJSVT USPZBOPT
PHVTBOPTTPODPOPDJEPTDPNPNBMXBSF QSPHSBNBTNBMJOUFODJPOBEPT RVFJOGFDUBO
OVFTUSPFRVJQPEBBOEPEFNMUJQMFTGPSNBTOVFTUSPTJTUFNB
5
Software
1VFEFTEFTDBSHBSUFVOBWFSTJO
EFNP EF EBT EFM BOUJWJSVT
&4&5 FO http://demos.eset.es/.
&O FM TJUJP QPEST FMFHJS FOUSF
&4&5 /0% "OUJWJSVT P &4&5
4NBSU4FDVSJUZ1VFEFTTPMJDJUBS
NTJOGPSNBDJOBUVQSPGFTPS
o-PTvirusTPOQSPHSBNBTRVFTFQSPQBHBOFOUSFMPTFRVJQPT4VDEJHPTFBEKVO
UBBMEFPUSPQSPHSBNBFYJTUFOUFFOFMTJTUFNBQBSBGBDJMJUBSMBQSPQBHBDJOEFM
NJTNP Z DBVTBS MPT EBPT QBSB MPT RVF IBO TJEP EJTFBEPT QPS FM DSFBEPS -B
DBSBDUFSTUJDBQSJODJQBMFTRVFTVDEJHPIBTJEPFTDSJUPDPOMBJOUFODJOEFRVFTF
WBZBSFQMJDBOEPQBSBBTJOGFDUBSFMNBZPSONFSPEFFRVJQPTQPTJCMFT&KFNQMPT
GBNPTPTEFWJSVTTPO#BSSPUFT 7JFSOFTy
o-PTgusanosTPOEJTFBEPTDPOFMNJTNPGJORVFMPTWJSVT RVFTFQSPQBHVFOQPS
MBSFE4FEJGFSFODJBOFORVFTUPTOPOFDFTJUBOMBJOUFSWFODJOEFMVTVBSJP ZB
RVFOPTFBEKVOUBOBOJOHOPUSPQSPHSBNB TJOPRVFTPOEJTUSJCVJEPTEFNBOFSB
DPNQMFUBQPSMBSFEDPOTVNJFOEPFOMBHSBONBZPSBEFMPTDBTPTVOHSBOBODIP
EF CBOEB EF MB SFE P QVFEFO MMFHBS B CMPRVFBS FM FRVJQP JOGFDUBEP "MHVOPT
FKFNQMPTGBNPTPTEFFTUFUJQPEFQSPHSBNBTTPO4BTTFSZ#MBTUFS
o-PTtroyanosTPOBQMJDBDJPOFTBQBSFOUFNFOUFJOPGFOTJWBTRVFGBDJMJUBOFOMBNBZP
SBEFMPTDBTPTFMBDDFTPSFNPUPBMPTFRVJQPTJOGFDUBEPT&TUBTBQMJDBDJPOFTTF
QVFEFOFTDPOEFSFOBSDIJWPTBEKVOUPTFOMPTNFOTBKFTRVFFOWJBNPTQPSMBSFE
&TUPTEBPTWBSBOEFTEFBRVFMMPTRVFOPSFBMJ[BOOJOHOQFSKVJDJPBMFRVJQPJOGFDUBEP
IBTUBPUSPTRVFSFBMJ[BOWFSEBEFSPTEFTUSP[PTJSSFWFSTJCMFTFOOVFTUSPTJTUFNB
1BSBFWJUBSFMBUBRVFEFFTUFUJQPEFQSPHSBNBTTFIBODPNFSDJBMJ[BEPBQMJDBDJPOFTEF
OPNJOBEBTBOUJWJSVTRVFNBOUJFOFOBDUVBMJ[BEBTTVTGJDIFSPTEFGJSNBTQBSBEFUFDUBSZ
FMJNJOBSMPTQSPHSBNBTDPODEJHPNBMJDJPTP&KFNQMPTEFBOUJWJSVTTPO1BOEB /PSUPO
"7( FUD5PEPTFMMPTUJFOFOBOUJWJSVT on-line FOMOFB
RVFFOMBNBZPSBEFMPTDBTPT
TMPQFSNJUFOEFUFDUBSTJOVFTUSBNRVJOBFTUJOGFDUBEB
&TBDPOTFKBCMFUFOFSJOTUBMBEPVOBOUJWJSVT UFOJFOEPFODVFOUBRVFUPEPTFMMPTSBMFOUJ[BO
UBOUPFMBSSBORVFDPNPFMOPSNBMGVODJPOBNJFOUPEFMFRVJQPQPSDPOTVNJSSFDVSTPTEFM
FRVJQP
Fig. 5.74. Antivirus online de Panda.
Importante
%FCFTDBNCJBSMBTDPOUSBTFBT
RVFQPOFOQPSEFGFDUPMPTGBCSJ
DBOUFTBMPTEJTUJOUPTQFSJGSJDPT
RVFOPTQFSNJUFOMBDPOFYJOB
*OUFSOFUQBSBFWJUBSDPOFYJPOFT
OPBVUPSJ[BEBTBMPTNJTNPT
Sabas que?
"MHVOPTWJSVTGBNPTPT
t&MWJSVT'03.IBDFTPOBSMPT
EBTEFDBEBNFTVOQJUJEP
QPSDBEBUFDMBQVMTBEB&TUP
TJNQMFNFOUF TF QVFEF DPOTJ
EFSBSVOBCSPNBNTPNFOPT
JODNPEB
t&MWJSVT7*&3/&4CPSSBMPT
QSPHSBNBTVUJMJ[BEPTFOEJDIP
EBBGFDUBOEPFYDMVTJWBNFOUF
BMPTBSDIJWPTFKFDVUBCMFT
t( FOFSJD #BDLEPPS QFSNJ
UF B MPT JOUSVTPT BDDFEFS EF
NBOFSBSFNPUBBMPSEFOBEPS
BGFDUBEP QPSMPRVFDPNQSP
NFUFMBDPOGJEFODJBMJEBEEFMB
JOGPSNBDJOBMNBDFOBEBFOFM
FRVJQP
t4 BTTFS FT VO HVTBOP RVF
BQSPWFDIBOEPVOBWVMOFSBCJ
MJEBEEF8JOEPXT BQBHBCB
FMFRVJQP
t&ML $MPOFS QSPHSBNBEP QPS
3JDI 4LSFOUB B MPT RVJODF
BPTEFFEBE FTDPOTJEFSB
EPFMQSJNFSWJSVTEFTBSSPMMB
EP Z FYQBOEJEP QPS MB SFE
"GFDUBCB B MPT FRVJQPT DPO
TJTUFNBT."$JOTUBMBEP
139
8448171373_SI_05.indd 139
16/04/10 11:49
Caso prctico 12
Configurar el anlisis en busca de virus y otras amenazas
del Antivirus Panda
$PNPIFNPTDPNFOUBEPBOUFSJPSNFOUF MPTBOUJWJSVTSBMFO
UJ[BOFMBSSBORVFEFMPTFRVJQPTEFCJEPBMBOMJTJTFOCVT
DBEFNBMXBSFRVFSFBMJ[BOFODBEBVOPEFMPTBSSBORVFT
Fig. 5.75. Anlisis Panda.
2. &OFMNBSDPEFSFDIPEFMB'JHVSBIBDFNPTDMJDFO
Programar la ejecucin de anlisis. "QBSFDFVOBOVFWB
WFOUBOB 'JH
FOMBRVFTFOPTNVFTUSBOEPTCPUP
OFTFMQSJNFSPEFFMMPTQFSNJUFHFOFSBSVOOVFWPBOMJ
TJTZFMTFHVOEPQFSNJUFNPEJGJDBSMBDPOGJHVSBDJOEFM
BOMJTJTQSPHSBNBEP&OOVFTUSPDBTPRVFSFNPTNPEJGJ
DBSMBQFSJPEJDJEBEEFMBOMJTJT QPSMPEFCFNPTIBDFS
DMJDFOFMCPUOConfigurar anlisis
Fig. 5.77. Congurar anlisis.
1PSFMMPWBNPTBDBNCJBSMBDPOGJHVSBDJOEFMBOMJTJTQBSB
RVFOPTFSFBMJDFFOUPEPTMPTBSSBORVFTTJOPTMPMPTWJFS
OFT
1. 6OB WF[ BSSBODBEP FM BOUJWJSVT EFCFNPT IBDFS DMJD
TPCSFMBQFTUBBAnalizar 'JH

Fig. 5.76. Programar anlisis.
3. &OMBTJHVJFOUFQBOUBMMB 'JH
IBDFNPTDMJDTPCSF
FMCPUOPlanificacin.
4. "QBSFDFVOBOVFWBWFOUBOBFOMBRVFQPEFNPTEFGJOJS
DVOEPRVFSFNPTRVFTFIBHBFMBOMJTJT$PNPRVFSF
NPTRVFTFSFBMJDFUPEPTMPTWJFSOFTEFCFNPTIBDFSDMJD
TPCSFMBMUJNBPQDJO TFMFDDJPOBOEPFOFMEFTQMFHB
CMFFMEB FOOVFTUSPDBTP7JFSOFT
FOFMRVFRVFSFNPT
RVFTFIBHBMBDPNQSPCBDJO 'JH

Fig. 5.78. Conguracin de la periodicidad del anlisis.
140
8448171373_SI_05.indd 140
06/04/10 11:08
t Keyloggers: MBUSBEVDDJOMJUFSBMEFFTUBQBMBCSB SFHJTUSBEPS(logger) EFUFDMBT(keys),

OPTEBVOBJEFBEFMUJQPEFBUBRVFRVFWBBSFBMJ[BS4FVUJMJ[BDPNPIFSSBNJFOUB
NBMJDJPTBQBSBDPOPDFSUPEPMPRVFVOVTVBSJPFTDSJCFBUSBWTEFMUFDMBEP JODMVTP
BWFDFTSFHJTUSBODBQUVSBTEFQBOUBMMBEFMFRVJQP1BSBBMDBO[BSFTUPTPCKFUJWPTFYJT
UFOIFSSBNJFOUBTIBSEXBSFZTPGUXBSF-PTQFSJGSJDPTEJTFBEPTQBSBUBMGJOQVFEFO
JSEFTEFVOUFDMBEPFOBQBSJFODJBJEOUJDPBVOPOPSNBMQFSPRVFDPOUJFOFVOBNF
NPSJBOPWPMUJMEPOEFBMNBDFOBMBJOGPSNBDJOFTDSJUBPCJFONFEJBOUFVOQFRVFP
EJTQPTJUJWPRVFTFDPOFDUBFOUSFFMQVFSUPEFMPSEFOBEPS 64#P14
ZVOUFDMBEP
t Denegacin del servicio: FTUF UJQP EF BUBRVF UBNCJO FT DPOPDJEP QPS TVT TJHMBT
%P4 %FOJBM0G4FSWJDF
4FFKFDVUBDPOUSBTFSWJEPSFTPSFEFTEFPSEFOBEPSFTDPO
FMQSPQTJUPEFJOUFSSVNQJSFMTFSWJDJPRVFFTUOPGSFDJFOEP&TDPOPDJEPFMBUBRVF
%P4RVFSFBMJ[BSPOQJSBUBTJOGPSNUJDPTEFMBBOUJHVB6OJO4PWJUJDBZRVFQBSBMJ[
FMBDDFTPB*OUFSOFUEFMPTFTUPOJPT USBTMBEFDJTJOEFMHPCJFSOPEFMQBTCMUJDPEF
SFUJSBSVOBFTUBUVBRVFDPONFNPSBCBBMPTNVFSUPTTPWJUJDPTEVSBOUFMB4FHVOEB
(VFSSB.VOEJBM5BNCJOTPODPOPDJEPTMPTBUBRVFTEFFTUFUJQPMBO[BEPTDPOUSB
MPT TFSWJEPSFT SB[ EFM TJTUFNB EF OPNCSFT EJTUSJCVJEP %/4 DPO FM GJO EF EFKBS
*OUFSOFUQBSBMJ[BEBBMOPQPEFSEJTQPOFSMPTVTVBSJPTEFMTFSWJDJPEFSFTPMVDJOEF
OPNCSFT&OUSFMPTNMUJQMFTUJQPTEFBUBRVF%P4TFQVFEFOEFTUBDBSMPTTJHVJFOUFT
Vocabulario
Zombie. 0SEFOBEPS FO FM RVF
VO IBDLFS EF TPNCSFSP OFHSP
IBDPOTFHVJEPJOTUBMBSTPGUXBSF
NBMJDJPTP QBSB IBDFSTF DPO FM
DPOUSPMEFMNJTNP
Spam.5BNCJODPOPDJEPDPNP
DPSSFPCBTVSB$PSSFPIBCJUVBM
NFOUFEFQVCMJDJEBERVFOPIB
TJEPTPMJDJUBEP
o-BNBZPSBEFMPTBUBRVFTEFEFOFHBDJOEFTFSWJDJPTTPOSFBMJ[BEPTBMVOTPOP
EFTEFNMUJQMFTNRVJOBTRVFIBOTJEPDPOWFSUJEBTFO[PNCJFTQPSDSBDLFSTEF
MBSFE MMBNOEPTFFOFTUFDBTP%%P4 BUBRVFEF%FOFHBDJOEF4FSWJDJP%JTUSJ
CVJEP
o1JOH EF MB NVFSUF DPOTJTUF FO FOWJBS NVMUJUVE EF QJOHT B VO PSEFOBEPS DPO VO
UBNBPEFCZUFTNVZHSBOEF MPRVFCMPRVFBCBMBTDPOFYJPOFTFOMPTBOUJHVPT
TJTUFNBTPQFSBUJWPTFOMPTBDUVBMFTFTUFUJQPEFBUBRVFFTUTVCTBOBEPZQPSUBOUP
TFQVFEFDPOTJEFSBSDPNPIJTUPSJB
t Inundacin de peticiones SYN: NTDPOPDJEPQPS4:/'MPPE DPOTJTUFFOIBDFSVOB
QFUJDJOEFFTUBCMFDJNJFOUPEFDPOFYJOBVOTFSWJEPSZOPSFTQPOEFSBTVBDFQ
UBDJOEFDPOFYJO CJFOTFBQPSRVFTFGBMTFFMQBRVFUFEFQFUJDJODPOVOB*1
GBMTBPQPSBMHVOBPUSBDBVTB&TUFUJQPEFBUBRVFQSPWPDBVOBTBUVSBDJOFOMBT
DPOFYJPOFTBCJFSUBTEFMTFSWJEPS EFUBMGPSNBRVFTJFTUBTTPONVZFMFWBEBTQVFEFO
MMFHBSBQSPEVDJSVODPMBQTPEFMTFSWJDJPPGSFDJEPDPOMBDPOTJHVJFOUFEFOFHBDJO
EFTFSWJDJP.FEJBOUFFMTJNQMFVTPEFMDPNBOEPnetstat DPNBOEPRVFOPTQFS
NJUFWFSFMFTUBEPEFMBTDPOFYJPOFT
TFQVFEFWFSTJFTUBNPTTJFOEPWDUJNBTEFVO
BUBRVFEFFTUFUJQPZQBSBDPNCBUJSMPTFSFDPNJFOEBFMVTPEFGJMUSPTFOMPTSPVUFST
RVFQBSFOFMUSGJDPEF*1RVFQVFEBOTFSGBMTFBEBT
t Dialers: UBNCJODPOPDJEPTDPNPNBSDBEPSFTUFMFGOJDPT TFIJDJFSPONVZGBNPTPT
B QSJODJQJPT EF MPT BPT OPWFOUB DVBOEP MB NBZPSB EF MB HFOUF TF DPOFDUBCB B
*OUFSOFUNFEJBOUFNEFN
4POQSPHSBNBTEFDPOFYJOB*OUFSOFUNFEJBOUFNEFN RVFSFBMJ[BOVOBMMBNBEB
B VO UFMGPOP DPO UBSJGJDBDJO FTQFDJBM DPNP BRVFMMPT RVF FNQF[BCBO QPS
&TUPTQSPHSBNBTBDUVBCBOTJOMBJOUFSWFODJOZTJOFMDPOTFOUJNJFOUPEFMVTVBSJPQSP
WPDBOEPVOBGBDUVSBUFMFGOJDBEFTPSCJUBEB)PZFOEBDPOMBTDPOFYJPOFT"%4-
MPTEJBMFSTDBTJIBOEFTBQBSFDJEPFOMBNBZPSBEFMPTIPHBSFT
t Ingeniera social: FT VO BUBRVF RVF BGFDUB BM PCKFUJWP EF DPOGJEFODJBMJEBE EF MB
TFHVSJEBEJOGPSNUJDB&TUBUDOJDBDPOTJTUFFOPCUFOFSJOGPSNBDJOTFDSFUBEFVOB
QFSTPOBVPSHBOJTNPQBSBVUJMJ[BSMBQPTUFSJPSNFOUFDPOGJOFTNBMJDJPTPT)BCJUVBM
NFOUF MPT JOHFOJFSPT TPDJBMFT VUJMJ[BO FM DPSSFP FMFDUSOJDP QHJOBT 8FCT GBMTBT
FMDPSSFPPSEJOBSJPPFMUFMGPOPQBSBMMFWBSBDBCPTVTQMBOFT-PTFKFNQMPTNT
MMBNBUJWPTEFFTUPTBUBRVFTTPOFMQIJTJOHZFMVTPEFVOBNRVJOBBUBDBEBQBSB
MBFOWPEFTQBN
141
8448171373_SI_05.indd 141
06/04/10 11:08
t Phishing: FT VOB UDOJDB EF FOHBP BM VTVBSJP RVF JOUFOUB BERVJSJS JOGPSNBDJO
DPOGJEFODJBMEFMNJTNPTVQMBOUBOEPMBJEFOUJEBEEFPUSBTQFSTPOBT PSHBOJTNPTP
QHJOBT8&#EF*OUFSOFU6OPEFMPTNUPEPTEF1IJTIJOHNTVUJMJ[BEPTIPZFO
EBDPOTJTUFFODPMHBSFO*OUFSOFUVOBQHJOBRVFFTDPQJBJEOUJDBEFBMHVOBPUSB
DPNPQVFEFTFSMBEFBMHVOBFOUJEBEGJOBODJFSBPCBODP
Actividades
10. &MOBWFHBEPS*OUFSOFU&Y
QMPSFSBQBSUJSEFMBWFS
TJO JODMVZF MB GVODJP
OBMJEBEfiltro de suplantacin de identidad.
1BSB DPOGJHVSBSMP EFCF
NPTBDDFEFSBMBTOpciones avanzadasEFMNFO
EFHerramientas (Opciones de Internet).
&OMBGJDIBEF Opciones
avanzadas QPESFNPTBDUJ
WBSMBDPNQSPCBDJOBVUP
NUJDBEFTJUJPTXFCFOFM
BQBSUBEP EF TFHVSJEBE
%F FTUB NBOFSB TJFNQSF
RVF BDDFEBNPT B VOB
QHJOB DPNQSPCBS TV
BVUFOUJDJEBE JONFEJBUB
NFOUF
&MFOHBPDPOTJTUFFORVFTJBMHVJFODPOGVOEFFTUBQHJOBGBMTBDPOMBPSJHJOBM
FJOUSPEVDFFOFMMBTVTEBUPTQFSTPOBMFTDPNPQVFEBOTFSFMONFSPEFUBSKFUB
PFM1*/EFMBNJTNB FTUPTONFSPTTFMFTNBOEBEJSFDUBNFOUFBMPTDSFBEPSFT
EFMBFTUBGB RVFDPOTJHVFOBTUFOFSFOTVQPEFSJOGPSNBDJORVFQVFEFDPN
QSPNFUFSOPT
-BNBOFSBEFOPDBFSFOFTUBTFTUBGBTFTUFOFSFODVFOUBRVFOVODBMPTCBODPTOJ
PSHBOJTNPTPGJDJBMFTQJEFOBUSBWTEFDPSSFPTFMFDUSOJDPTEBUPTDPOGJEFODJBMFT
5BNCJOEFCFNPTNJSBSDPODBVUFMBMBTEJSFDDJPOFT63-EFMBTQHJOBTWJTJUBEBT
QVFTTVDFEFBNFOVEPRVFTJMBEJSFDDJOSFBMFTQPSFKFNQMPXXXNJCBODBFT
MBEJSFDDJORVFVUJMJ[BOFTUFUJQPEFEFMJODVFOUFTQBSBEJTFDDJPOBSMBQHJOBTFS
BMHPBTDPNPXXXNJCBODPFTPXXXNJTCBODBFT&TEFDJS MB63-UJFOFVOB
QFRVFBEJGFSFODJBRVFBQSJNFSBWJTUBOPTFOPUBSQFSPRVFPCMJHBUPSJBNFOUF
IBEFUFOFS
)BTUBIBDFQPDPUJFNQP FTUFUJQPEFBUBRVFTTPMPBGFDUBCBBFOUJEBEFTGJOBODJFSBT
QFSPBDUVBMNFOUFFTUPTBUBRVFTIBOBGFDUBEPBPUSPTPSHBOJTNPT DPNPFM*/&.
$NBSBTEF$PNFSDJPTEFEJGFSFOUFTDJVEBEFTZMUJNBNFOUFBMB"HFODJB5SJCVUBSJB
'JH

&OFTUFMUJNPDBTP FMBUBRVFDPOTJTUFFOMBSFNJTJOEFVODPSSFPFMFDUSOJDPRVF
JOGPSNB RVF FM SFDFQUPS EFM NFOTBKF UJFOF EFSFDIP B VO SFFNCPMTP EF JNQVFTUPT
JOFYJTUFOUFT1FSPQBSBQPEFSEJTQPOFSEFMEJOFSP FMSFDFQUPSEFCFFOWJBSMPTONF
SPTEFDVFOUBTCBODBSJBTZUBSKFUBTEFDSEJUP
Fig. 5.79. Conguracin momento anlisis.

142
8448171373_SI_05.indd 142
06/04/10 11:08
Comprueba t u aprendizaje
Aplicar mecanismos de seguridad activa describiendo sus
caractersticas y relacionndolas con las necesidades de
uso del sistema informtico
6. &OVOQFRVFPDPMFHJPFTOFDFTBSJPRVFMPTBMVNOPT
DPNQBSUBOMPTFRVJQPTEFVOBVMBEFJOGPSNUJDB-PT
QFSGJMFTEFMPTBMVNOPTRVFDPNQBSUFOFMBVMBTPO
1. &ONVMUJUVEEFOPUJDJBTQPEFNPTMFFSRVFFMEFTQFDIP
EFMPTFNQMFBEPTEJTQBSBFMSPCPEFJOGPSNBDJOFOMBT
FNQSFTBT&MEFMBTVTUSBDDJOEFJOGPSNBDJOTF
QSPEVDFBUSBWTEFMBTNFNPSJBTFYUFSOBT64#1BSB
FWJUBSEJDIPTSPCPTQPEFNPTEFTIBCJMJUBSFTUPTBUSBWT
EFMB#*04
"DDFEF B MB #*04 Z EFTBDUJWB MPT EJTQPTJUJWPT 64#
0USBGPSNBEFQSPUFHFSOPTDPOUSBEJDIPTSPCPTFTEFT
BDUJWBOEPEJDIPTEJTQPTJUJWPT64#BUSBWTEFMTJTUFNB
PQFSBUJWP&OVNFSBMPTQBTPTRVFIBTSFBMJ[BEPQBSB
EFTBDUJWBSEJDIPTEJTQPTJUJWPTBUSBWTEFM4JTUFNB0QF
SBUJWP
2. 4QPPG(VBSEFTVOBIFSSBNJFOUBRVFOPTBZVEBBEJT
DFSOJSTJFTUBNPTTJFOEPWDUJNBTEFVOBUBRVFNBMJO
UFODJPOBEP EF TQPPGJOH P EF QIJTJOH &TUB BQMJDB
DJOBBEFVOTFNGPSPFOMBCBSSBEFIFSSBNJFOUBT
EFM OBWFHBEPS RVF OPT JOEJDB MB QFMJHSPTJEBE EF MB
QHJOB
%FTDBSHB FM QSPHSBNB EF MB QHJOB http://crypto.
stanford.edu/SpoofGuard/,JOTUMBMPZDPNQSVFCBRVF
EFQFOEJFOEPEFMBMV[EFMTFNGPSPMBQHJOBRVFWJTJ
UBTOPIBTJEPBUBDBEBPQPSFMDPOUSBSJPFTVOBQPTJ
CMFQHJOBXFCGSBVEVMFOUB
3. .PEJGJDB FM GJDIFSP EF DPOGJHVSBDJO EFM HFTUPS EF
BSSBORVF (36#
menu.lst, QBSB RVF CMPRVFF FM
BSSBORVFEFMUFTUEFNFNPSJB
*OEJDBMPTQBTPTRVFIBTSFBMJ[BEPQBSBBMDBO[BSFM
PCKFUJWP
4. %FTDBSHB MB EFNP EF MB BQMJDBDJO #JPQBTTXPSE EF
http://smartadvisors.net/biopassword/demo.php, JOT
UMBMB DPOGJHSBMBZDPNQSVFCBRVFTJFTDSJCFPUSBQFS
TPOBEJGFSFOUFBMBRVFIBSFBMJ[BEPFMNEVMPEFJOT
DSJQDJOMPSFDPOPDFZQSPEVDFVOFSSPSEJDJFOEPRVF
UVGPSNBEFFTDSJCJSOPTFDPSSFTQPOEFDPOFMQBUSO
SFHJTUSBEP
5. %FTDBSHBFMBOUJWJSVT"7(EFhttp://free.avg.com/,JOT
UMBMPZIB[VOBDPNQSPCBDJOEFMFTUBEPEFUVTEJTQP
TJUJWPTEFBMNBDFOBNJFOUP
Asegurar la privacidad de la informacin transmitida en
redes informticas describiendo vulnerabilidades e instalando software especfico
t "
MVNOPTEFHFTUJOBENJOJTUSBUJWB&TUPTVUJMJ[BOMPT
FRVJQPTQBSBBQSFOEFSNFDBOPHSBGBZFMQBRVFUF
PGJNUJDPEF.JDSPTPGU
t "
MVNOPTEFDPOTUSVDDJORVFVUJMJ[BO"VUPDBEQBSB
MBSFBMJ[BDJOEFQMBOPTZ13&450QBSBFMDMDVMP
EFQSFTVQVFTUPT
t "
MVNOPTEFVODVSTPEF+"7" MPTDVBMFTVUJMJ[BOVO
DPNQJMBEPSEFEJDIPQSPHSBNB
4FIBPCTFSWBEPRVFMPTBMVNOPTEFMDVSTPEF+"7"
TFEFEJDBOBJOTUBMBSKVFHPTFOMPTFRVJQPTEFNBOFSB
JOEJTDSJNJOBEB QPSMPRVFTFFTUOWJFOEPQFSKVEJDB
EPTTVTDPNQBFSPT
{$NPQPEFNPTTPMWFOUBSMBTJUVBDJO {2VNFEJEBT
UPNBSBT
7. &TUBBDUJWJEBETFEFCFSSFBMJ[BSFOHSVQP%FTDBSHB
EFMBQHJOBXFChttp://www.effetech.com/download/
FMQSPHSBNB.4/TOJGGFSFJOTUMBMPFOVOPEFMPTFRVJ
QPTEFMBSFE
0USPTEPTDPNQBFSPTEFCFOIBDFSVTPEFM.FTTFOHFS
NBOUFOJFOEPVOBDPOWFSTBDJOFOUSFFMMPT
{1VFEFT WFS MB DPOWFSTBDJO NBOUFOJEB EFTEF UV
FRVJQP
&ODBTPEFRVFMBSFTQVFTUBTFBOFHBUJWB{1PSRVOP
QVFEFTWJTVBMJ[BSMB {$NPQPESBTMMFHBSBWJTVBMJ[BS
MBDPOWFSTBDJO
8. %FTDBSHB &GGF5FDI )551 4OJGGFS EF MB QHJOB 8FC
http://www.effetech.com/download/FJOTUMBMPFOVOP
EFMPTFRVJQPTEFMBSFE
0USPDPNQBFSPEFCFWJTJUBSEJTUJOUBTQHJOBT8FC
{1VFEFTWFSMBTQHJOBTRVFWJTJUBUVDPNQBFSP &O
DBTPEFRVFMBSFTQVFTUBTFBOFHBUJWB {QPSRVOP
QVFEFTWJTVBMJ[BSMBT {$NPQPESBTMMFHBSBWJTVBMJ[BS
MBTQHJOBTRVFWJTJUBUVDPNQBFSP
9. $BQUVSBMBTDPOUSBTFBTEFJOJDJPEFTFTJOEFPUSPT
VTVBSJPTEFUVSFEZFOWBMBTBMDSBDLFBEPSEFDPOUSBTF
BTQBSBNTUBSEFJOUFOUBSBWFSJHVBSMBT
{2VNUPEPVUJMJ[BTQBSBBWFSJHVBSMBT {'VFS[BCSVUB
EJDDJPOBSJPP3BJOCPXUBCMFT
143
8448171373_SI_05.indd 143
06/04/10 11:08
Snt esis
&WJUBSBDDFTPB#*04
4FHVSJEBEFOFMBDDFTP
BMPSEFOBEPS
1SPUFHFSFMHFTUPS
EFBSSBORVF(36#
$JGSBEPEFMBTQBSUJDJPOFT
$VPUBTEFEJTDP
Seguridad activa en el sistema
1PMUJDBTEFDPOUSBTFBT
"VUFOUJDBDJOEFMPTVTVBSJPT
4JTUFNBTCJPNUSJDPT
-JTUBTEFDPOUSPMEFBDDFTP
.POJUPSJ[BDJOEFMTJTUFNB
5JQPTEFBUBDBOUFT
Vulnerabilidades del sistema
5JQPTEFBUBRVFT
4PGUXBSFQBSBFWJUBSBUBRVFT
144
8448171373_SI_05.indd 144
06/04/10 11:08

Seguridad Activa

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Seguridad Activa

Cargado por

Copyright:

Formatos disponibles

Unidad

En esta unidad aprenderemos a:

1. Introduccin a la seguridad del sistema

2. Seguridad en el acceso al ordenador

2.1. Cmo evitamos que personas ajenas modifiquen la BIOS?

Fig. 5.1. Men principal BIOS.

Fig. 5.2. Men Seguridad.

2. 1VMTBNPTEnter FOMBPQDJOSet Supervisor Password

4. 0USB NFEJEB EF TFHVSJEBE BEJDJPOBM RVF QPEFNPT

Fig. 5.4. Contrasea Supervisor en arranque de la BIOS.

2.2. Cmo proteger el GRUB con contrasea?

Fig. 5.5. Instruccin para editar menu.lst.

Fig. 5.6. Modicacin del parmetro password en el archivo menu.lst.

Fig. 5.7. Encriptacin de la contrasea.

Fig. 5.8. Contrasea de acceso a GRUB cifrada.

Fig. 5.10. Contrasea de acceso al sistema Ubuntu cifrada.

tionados por el GRUB a personal no autorizado utilizando

1. &O QSJNFS MVHBS EFCFNPT JOTUBMBS MB BQMJDBDJO FO

Fig. 5.11. Gestor Synaptic.

Fig. 5.12. Instalacin startupmanager.

Fig. 5.13. Administrador de Arranque.

Fig. 5.14. Congurando contrasea en startupmanager.

2.3. Cifrado de particiones

Fig. 5.15. Instalacin del controlador DiskCryptor.

Fig. 5.16. Programa DiskCryptor.

Fig. 5.17. Seleccin del algoritmo de encriptacin.

Fig. 5.18. Conguracin de la contrasea.

Fig. 5.19. Ventana principal TrueCrypt.

Fig. 5.20. Seleccin de tipo de unidad.

Fig. 5.21. Seleccin de dispositivo.

Fig. 5.22. Seleccin de particin.

8. 1PTUFSJPSNFOUF DPNPQPEFNPTWFSFOMBJNBHFO 'JH

Fig. 5.23. Eleccin del algoritmo de cifrado.

DPNCJOBDJOEFMFUSBTNBZTDVMBT NJOTDVMBT ONFSPT

10. 4JBDUJWBNPTMBPQDJODisplay password WJTVBMJ[BSDMBWF

Fig. 5.24. Denicin de contrasea.

11. "DPOUJOVBDJO EFCFNPTFMFHJSFMUJQPEFTJTUFNBEF

Fig. 5.25. Unidad montada.

2.4. Cuotas de disco

4JOFNCBSHP FMHSVQPEF"SRVJUFDUPTOFDFTJUBONVDIPFTQBDJP ZBRVFTVFMFOUSB

Activacin y uso de cuotas de disco en Windows

Fig. 5.26. Cuotas.

Fig. 5.27. Limitacin de espacios.

Fig. 5.28. Visor de sucesos.

Cuotas de usuario en UBUNTU

Fig. 5.30. Comandos.

Fig. 5.31. Orden apt-get update.

Fig. 5.32. Instalacin webmin.

Fig. 5.33. Error del certicado.

Fig. 5.34. Formulario de conexin a la aplicacin Webmin.

Fig. 5.35. Pantalla inicial webmin.

Fig. 5.36. Disk and Network Filesystems.

Fig. 5.37. Edit Mount.

&OFTUBOVFWBQHJOB UFOESFNPTRVFQPOFSMBPQDJOUse Quotas? {VTBSDVPUBT

Fig. 5.38. Cuotas de disco.

Fig. 5.39. Cuotas de los usuarios.

Fig. 5.40. Asignacin de cuota a usuario.

6OBWF[EFGJOJEBTMBTDVPUBT IBDFNPTDMJDTPCSFFMCPUOUpdate BDUVBMJ[BS

3. Autenticacin de los usuarios

3.1. Polticas de contraseas

3.2. Sistemas biomtricos

Cmo funciona un sistema biomtrico?

Fig. 5.41. Funcionamiento de un sistema biomtrico.

3.3. Listas de control de acceso

8. 1PTUFSJPSNFOUF DPNPQPEFNPTWFSFOMBJNBHFO 'JH

4JOFNCBSHP FMHSVQPEF"SRVJUFDUPTOFDFTJUBONVDIPFTQBDJP ZBRVFTVFMFOUSB

3. "DPOUJOVBDJO QSPDFEFSFNPTBNPOUBSMBQBSUJDJOOVFWBNFOUF 'JH

5. " DPOUJOVBDJO WBNPT B EBSMF QFSNJTPT B 'FS

2. &MTFHVOEPQBTP DPOTJTUFFOJOUSPEVDJSVOBFOUSBEBEF%/4TQPPGJOH 'JH

Sniffing o anlisis de trfico:DPNPIFNPTDPNFOUBEPFOFMFQHSBGFEFUJQPTEFBUBDBO

t Conexin no autorizada a equipos y servidores: FTUFUJQPEFBUBRVFDPOTJTUFFOEFT