vale security conference - 2011 - 14 - alexandro silva (alexos) [dc labs]
DESCRIPTION
Vale Security Conference - 2011 Domingo - 14ª Palestra Palestrante : Alexandro Silva (Alexos) [DC Labs] Palestra : Comendo JBoss com Farinha! Twitter (Alexandro Silva) : https://twitter.com/#!/alexandrosilva Slide (SlideShare) : http://www.slideshare.net/valesecconf/alexosTRANSCRIPT
![Page 1: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/1.jpg)
03 e 04 de setembro 2011 – São Paulo/SP
![Page 2: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/2.jpg)
![Page 3: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/3.jpg)
• Analista de Segurança;
• Professor na pós-graduação em Segurança da
Informação;
• Membro do DClabs.
![Page 4: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/4.jpg)
JBoss é um servidor de aplicações Java baseado no
padrão J2EE. Ele é responsável pela hospedagem,
publicação e gerenciamento de portais corporativos.
● Muitos portais *.gov.br;
● Globo.com
![Page 5: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/5.jpg)
Motivação
● (In)experiência;
● Auto aprendizado ;
● Desafio.
![Page 6: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/6.jpg)
Pesquisas anteriores
● Tyler Krpata – Defcon 18
● Christian Papathanasiou – BlackHat 10
![Page 7: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/7.jpg)
● Porque usar JBossAS?
● Fácil instalação;
● Bom conteúdo
estático;
● Excelente solução de
clustering;
● Segue totalmente o
padrão
![Page 8: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/8.jpg)
Arquitetura
![Page 9: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/9.jpg)
Integração do JMX-Console
![Page 10: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/10.jpg)
JMX-Console
![Page 11: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/11.jpg)
(IN)segurança● O foco não é segurança;
● Instalação padrão vulnerável:
➔ Parar serviço ou servidor;
➔ Execução de software malicioso.
![Page 12: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/12.jpg)
Exploits● Exploits públicos:
● JBoss Autopwn por Christian
Papathanasiou – Trustwave Spiderlabs
● JBossAS Remote Exploit por Kingcope
![Page 13: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/13.jpg)
Vitimasinurl:"/jmx-console" intext:"JMX Agent View"
![Page 14: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/14.jpg)
![Page 15: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/15.jpg)
Ohh my F*cking God!!
How I resolve this???
![Page 16: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/16.jpg)
DicasDicas
![Page 17: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/17.jpg)
● Mitigação ( Linux ):
● top;
● lsof -i;
● strace -fp [PID];
● Cuidado com o process syscom;
![Page 18: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/18.jpg)
● Habilite a autenticação:
● JMX-Console
● Web-console
Mitigação
![Page 19: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/19.jpg)
Referências
● Securing the JMX Console –http://community.jboss.org/wiki/SecureTheJmxConsole
● JBossAS Admin Guide - http://docs.jboss.org/jbossas/jboss4guide/r3/adminguide.pdf
● JBoss AS 6.0 Security Guide –http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html
![Page 20: Vale Security Conference - 2011 - 14 - Alexandro Silva (Alexos) [DC Labs]](https://reader033.vdocuments.com.br/reader033/viewer/2022042623/5484de67b4af9faf0d8b4cb5/html5/thumbnails/20.jpg)
Contatos
Email: [email protected]
Sites: http://www.dclabs.com.br http://alexos.org
Twitter:@alexandrosilva