Mecanismos para mitigar riesgos generados por la intrusión en Routers de frontera basados en resultados de un Honeypot Virtual.

Abstract

In the present investigation, the mechanisms to mitigate the risks generated by the intrusion in routers based on the results of a Virtual HoneyPot were implemented. The main vulnerabilities and threats were found commonly within network environments WAN, where the device with a bigger generated risk is the edge router, in its protocol SNMP specifically. For the construction of the planned solution, the Methodology of Analysis and the Risk Management of the Information Systems PAe-MAGERIT v.3 were analyzed, the scientific journal IEEE: “Honeypot Router for routing Protocol protection” and the book “Honeypots Tracking Hackers”. In addition, some standard recommendations and safety norms in environments WAN. The solution called HONEYPOT-ROUTER-SNMP is focused on attacks such as: DDos, Tracking of Ports, and Brute Force Attacks, which threat in a big percentage the impact generated by the risk of safety SNMP within its three versions, and consists of two components which are: 1) Infrastructures of solution (with two stages: a) Study and Detection of vulnerabilities and attacks and b) Apply the protection and safety measurements); and 2) Prevention Mechanisms (with which the steps are completed to detect and prevent threats). By using the solution of functioning of the edge router, with which, its availability and trustworthy increased, notoriously. It is recommended the implementing of a solution of Management of Event Correlation after the IPS, where the alerts will be emitted, which should be verified and in consequence designated by the organization.