1 | \contentsline {schapter}{Lista de Figuras}{xv} |
---|
2 | \contentsline {schapter}{Lista de Tablas}{xvii} |
---|
3 | \contentsline {schapter}{Pr\IeC {\'o}logo}{xix} |
---|
4 | \contentsline {schapter}{Prefacio}{xxi} |
---|
5 | \contentsline {schapter}{Agradecimientos}{xxiii} |
---|
6 | \contentsline {schapter}{Acr\IeC {\'o}nimos}{xxv} |
---|
7 | \contentsline {schapter}{Glosario}{xxvii} |
---|
8 | \contentsline {schapter}{Lista de S\IeC {\'\i }mbolos}{xxix} |
---|
9 | \contentsline {schapter}{Introducci\IeC {\'o}n}{xxxi} |
---|
10 | \contentsline {ichapter}{Linus Torvalds, Ing.}{xxxi} |
---|
11 | \contentsline {schapter}{Referencias}{xxxi} |
---|
12 | \contentsline {part}{I\hspace {1em}Seguridad en las TIC y la Identidad Digital. }{1} |
---|
13 | \contentsline {chapter}{\numberline {1}Bases de la identidad digital}{3} |
---|
14 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip A. Araujo, V. Bravo y R. Sumoza \hfill \vskip \chapheight |
---|
15 | \contentsline {section}{\numberline {1.1}Conceptos b\IeC {\'a}sicos}{3} |
---|
16 | \contentsline {section}{\numberline {1.2}Implicaciones}{3} |
---|
17 | \contentsline {section}{\numberline {1.3}Identificaci\IeC {\'o}n, autenticaci\IeC {\'o}n}{3} |
---|
18 | \contentsline {subsection}{\numberline {1.3.1}T\IeC {\'e}cnicas de identificaci\IeC {\'o}n y autenticaci\IeC {\'o}n}{4} |
---|
19 | \contentsline {subsubsection}{\numberline {1.3.1.1}Contrase\IeC {\~n}as}{4} |
---|
20 | <<<<<<< HEAD |
---|
21 | \contentsline {subsubsection}{\numberline {1.3.1.2}Certificados electr\IeC {\'o}nicos}{4} |
---|
22 | \contentsline {subsubsection}{\numberline {1.3.1.3}Firmas electr\IeC {\'o}nicas}{4} |
---|
23 | \contentsline {subsubsection}{\numberline {1.3.1.4}Dispositivos de usuario}{4} |
---|
24 | ======= |
---|
25 | \contentsline {subsubsection}{\numberline {1.3.1.2}Certificados electr\IeC {\'o}nicos}{5} |
---|
26 | \contentsline {subsubsection}{\numberline {1.3.1.3}Firmas electr\IeC {\'o}nicas}{5} |
---|
27 | \contentsline {subsubsection}{\numberline {1.3.1.4}Dispositivos de usuario}{6} |
---|
28 | >>>>>>> 82864d55d449a197893fe70ca3d806071f663995 |
---|
29 | \contentsline {chapter}{\numberline {2}Pol\'iticas de Seguridad}{21} |
---|
30 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip A. Araujo y V. Bravo \hfill \vskip \chapheight |
---|
31 | \contentsline {section}{\numberline {2.1}Pol\IeC {\'\i }ticas de seguridad de la informaci\IeC {\'o}n. Importancia.}{21} |
---|
32 | \contentsline {section}{\numberline {2.2}Puestos de trabajo, centros de datos, seguridad l\IeC {\'o}gica y f\IeC {\'\i }sica}{21} |
---|
33 | \contentsline {section}{\numberline {2.3}Pol\IeC {\'\i }ticas de Seguridad de las Tecnolog\IeC {\'\i }as de Informaci\IeC {\'o}n y Comunicaci\IeC {\'o}n}{21} |
---|
34 | \contentsline {section}{\numberline {2.4}Importancia de la Seguridad de la Informaci\IeC {\'o}n}{23} |
---|
35 | \contentsline {section}{\numberline {2.5}Seguridad de la Informaci\IeC {\'o}n para Tecnolog\IeC {\'\i }as Libres}{24} |
---|
36 | \contentsline {section}{\numberline {2.6}Principio de Defensa en profundidad}{24} |
---|
37 | \contentsline {subsection}{\numberline {2.6.1}Los principios generales de la defensa en profundidad}{26} |
---|
38 | \contentsline {section}{\numberline {2.7}Responsabilidad}{27} |
---|
39 | \contentsline {section}{\numberline {2.8}Procesos para aumentar la adopci\IeC {\'o}n de seguridad de la informaci\IeC {\'o}n}{27} |
---|
40 | \contentsline {subsection}{\numberline {2.8.1}Identificaci\IeC {\'o}n de los riesgos}{28} |
---|
41 | \contentsline {subsection}{\numberline {2.8.2}Evaluaci\IeC {\'o}n de los riesgos de seguridad}{29} |
---|
42 | \contentsline {subsection}{\numberline {2.8.3}Selecci\IeC {\'o}n de los controles}{31} |
---|
43 | \contentsline {subsection}{\numberline {2.8.4}Implementar los controles seleccionados}{32} |
---|
44 | \contentsline {subsection}{\numberline {2.8.5}Monitorear y mejorar los controles de seguridad}{32} |
---|
45 | \contentsline {section}{\numberline {2.9}Grupo de seguridad de la informaci\IeC {\'o}n}{33} |
---|
46 | \contentsline {section}{\numberline {2.10}Gesti\IeC {\'o}n de Contrase\IeC {\~n}as}{34} |
---|
47 | \contentsline {subsection}{\numberline {2.10.1}Claves con menos de ocho d\IeC {\'\i }gitos}{35} |
---|
48 | \contentsline {section}{\numberline {2.11}\IeC {\textquestiondown }Qu\IeC {\'e} se entiende por puesto de trabajo?}{36} |
---|
49 | \contentsline {section}{\numberline {2.12}Centro de datos}{36} |
---|
50 | \contentsline {section}{\numberline {2.13}\IeC {\textquestiondown }Que es seguridad l\IeC {\'o}gica?}{36} |
---|
51 | \contentsline {section}{\numberline {2.14}\IeC {\textquestiondown }Qu\IeC {\'e} es seguridad f\IeC {\'\i }sica?}{36} |
---|
52 | \contentsline {section}{\numberline {2.15}Cuenta de usuario}{36} |
---|
53 | \contentsline {subsection}{\numberline {2.15.1}Cuenta de usuario cr\IeC {\'\i }tica}{36} |
---|
54 | \contentsline {section}{\numberline {2.16}Vulnerabilidades de los sistemas de informaci\IeC {\'o}n}{37} |
---|
55 | \contentsline {subsection}{\numberline {2.16.1}Causas de las vulnerabilidades de los sistemas inform\IeC {\'a}ticos}{37} |
---|
56 | \contentsline {section}{\numberline {2.17}Herramientas para la seguridad de la informaci\IeC {\'o}n}{37} |
---|
57 | \contentsline {subsection}{\numberline {2.17.1}Cortafuego}{37} |
---|
58 | \contentsline {subsection}{\numberline {2.17.2}\IeC {\textquestiondown }Para qu\IeC {\'e} sirve el cortafuego?}{39} |
---|
59 | \contentsline {subsection}{\numberline {2.17.3}Consideraciones para la instalaci\IeC {\'o}n y configuraci\IeC {\'o}n de cortafuegos}{40} |
---|
60 | \contentsline {subsection}{\numberline {2.17.4}Sistemas de detecci\IeC {\'o}n de intrusiones (IDS)}{41} |
---|
61 | \contentsline {section}{\numberline {2.18}Identificaci\IeC {\'o}n de los riesgos a terceros}{43} |
---|
62 | \contentsline {section}{\numberline {2.19}Seguridad l\IeC {\'o}gica en los puestos de trabajo}{43} |
---|
63 | \contentsline {section}{\numberline {2.20}Seguridad l\IeC {\'o}gica en el centro de datos}{44} |
---|
64 | \contentsline {section}{\numberline {2.21}Seguridad f\IeC {\'\i }sica en los puestos de trabajo}{45} |
---|
65 | \contentsline {section}{\numberline {2.22}Seguridad f\IeC {\'\i }sica en el centro de dato}{46} |
---|
66 | \contentsline {subsection}{\numberline {2.22.1}Servicios que presta o prestar\IeC {\'a} el centro de datos: }{46} |
---|
67 | \contentsline {subsection}{\numberline {2.22.2}Ubicaci\IeC {\'o}n y condici\IeC {\'o}n f\IeC {\'\i }sica del centro de datos}{47} |
---|
68 | \contentsline {subsection}{\numberline {2.22.3}Especificaciones t\IeC {\'e}cnicas del centro de datos}{47} |
---|
69 | \contentsline {subsection}{\numberline {2.22.4}Control de acceso f\IeC {\'\i }sico al centro de datos}{49} |
---|
70 | \contentsline {subsection}{\numberline {2.22.5}Aire acondicionado}{49} |
---|
71 | \contentsline {subsection}{\numberline {2.22.6}Protecci\IeC {\'o}n, detecci\IeC {\'o}n y extinci\IeC {\'o}n de incendios}{50} |
---|
72 | \contentsline {section}{\numberline {2.23}Especificaci\IeC {\'o}n de las Pol\IeC {\'\i }ticas de seguridad de la informaci\IeC {\'o}n en el centro de datos}{50} |
---|
73 | \contentsline {section}{\numberline {2.24}Pol\IeC {\'\i }ticas de Respaldo y recuperaci\IeC {\'o}n}{52} |
---|
74 | \contentsline {subsection}{\numberline {2.24.1}Normas para las pol\IeC {\'\i }ticas de respaldo y recuperaci\IeC {\'o}n}{52} |
---|
75 | \contentsline {section}{\numberline {2.25}Gesti\IeC {\'o}n de Incidentes de seguridad}{53} |
---|
76 | \contentsline {subsection}{\numberline {2.25.1}Antes del incidente de seguridad:}{53} |
---|
77 | \contentsline {subsection}{\numberline {2.25.2}Durante el incidente de seguridad:}{54} |
---|
78 | \contentsline {subsection}{\numberline {2.25.3}Despu\IeC {\'e}s del incidente de seguridad:}{55} |
---|
79 | \contentsline {section}{\numberline {2.26}Plan de Recuperaci\IeC {\'o}n antes Desastres}{55} |
---|
80 | \contentsline {section}{\numberline {2.27}Seguridad en redes}{56} |
---|
81 | \contentsline {chapter}{\numberline {3}Privacidad}{57} |
---|
82 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip R. Sumoza \hfill \vskip \chapheight |
---|
83 | \contentsline {section}{\numberline {3.1}Definici\IeC {\'o}n y pol\IeC {\'\i }ticas de privacidad}{57} |
---|
84 | \contentsline {section}{\numberline {3.2}T\IeC {\'e}cnicas para proporcionar privacidad}{57} |
---|
85 | \contentsline {subsection}{\numberline {3.2.1}Anonimato}{57} |
---|
86 | \contentsline {subsubsection}{\numberline {3.2.1.1}Redes de mezcla}{57} |
---|
87 | \contentsline {subsubsection}{\numberline {3.2.1.2}Enrutamiento cebolla}{58} |
---|
88 | \contentsline {chapter}{\numberline {4}Fundamentos Jur\'idicos}{59} |
---|
89 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip E. Mora \hfill \vskip \chapheight |
---|
90 | \contentsline {section}{\numberline {4.1}El ordenamiento jur\IeC {\'\i }dico venezolano y las nuevas tecnolog\IeC {\'\i }as de la informaci\IeC {\'o}n}{59} |
---|
91 | \contentsline {subsection}{\numberline {4.1.1}Ley de Mensajes de Datos y Firmas Electr\IeC {\'o}nicas, Ley de Infogobierno, Ley de Interoperabilidad y Ley Especial Contra los Delitos Inform\IeC {\'a}ticos}{59} |
---|
92 | \contentsline {section}{\numberline {4.2}La insuficiencia de las regulaciones jur\IeC {\'\i }dicas existentes}{59} |
---|
93 | \contentsline {part}{II\hspace {1em}Aportes de CENDITEL en la Seguridad vinculada a la Identidad Digital en las TIC}{61} |
---|
94 | \contentsline {chapter}{\numberline {5}Certificaci\'on Electr\'onica}{63} |
---|
95 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip V. Bravo y A. Araujo \hfill \vskip \chapheight |
---|
96 | \contentsline {section}{\numberline {5.1}Introducci\'on}{64} |
---|
97 | \contentsline {section}{\numberline {5.2}Marco Te'orico}{65} |
---|
98 | \contentsline {subsection}{\numberline {5.2.1}Seguridad Inform\'atica}{65} |
---|
99 | \contentsline {subsection}{\numberline {5.2.2}Criptograf\'ia}{66} |
---|
100 | \contentsline {subsection}{\numberline {5.2.3}Certificados digitales}{67} |
---|
101 | \contentsline {subsection}{\numberline {5.2.4}Est\'andar X.509}{67} |
---|
102 | \contentsline {subsection}{\numberline {5.2.5}Lenguaje Unificado de Modelado}{69} |
---|
103 | \contentsline {subsection}{\numberline {5.2.6}Software Libre}{70} |
---|
104 | \contentsline {section}{\numberline {5.3}Infraestructura de Clave P\'ublica}{70} |
---|
105 | \contentsline {subsection}{\numberline {5.3.1}Componentes de la Infraestructura de Claves P\'ublica (ICP)}{70} |
---|
106 | \contentsline {section}{\numberline {5.4}Desarrollo de la aplicaci\'on}{71} |
---|
107 | \contentsline {subsection}{\numberline {5.4.1}Conceptualizaci\'on}{71} |
---|
108 | \contentsline {subsection}{\numberline {5.4.2}Dise\~no}{72} |
---|
109 | \contentsline {subsection}{\numberline {5.4.3}Implementaci\'on}{74} |
---|
110 | \contentsline {subsection}{\numberline {5.4.4}Pruebas}{76} |
---|
111 | \contentsline {subsection}{\numberline {5.4.5}Despliegue y configuraci\'on}{77} |
---|
112 | \contentsline {section}{\numberline {5.5}Conclusiones}{78} |
---|
113 | \contentsline {section}{\numberline {5.6}Glosario}{79} |
---|
114 | \contentsline {chapter}{\numberline {6}Firmas Electr\'onicas}{81} |
---|
115 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip V. Bravo y A. Araujo \hfill \vskip \chapheight |
---|
116 | \contentsline {section}{\numberline {6.1}Introducci\IeC {\'o}n}{82} |
---|
117 | \contentsline {section}{\numberline {6.2}El modelo actual de Firma Electr\IeC {\'o}nica}{82} |
---|
118 | \contentsline {section}{\numberline {6.3}Antecedentes}{84} |
---|
119 | \contentsline {section}{\numberline {6.4}Acoplamiento de la Firma Electr\IeC {\'o}nica Avanzada}{85} |
---|
120 | \contentsline {subsection}{\numberline {6.4.1}Componente de Firma Electr\IeC {\'o}nica Avanzada}{85} |
---|
121 | \contentsline {subsection}{\numberline {6.4.2}M\IeC {\'e}todo de conex\IeC {\'\i }\IeC {\'o}n}{87} |
---|
122 | \contentsline {section}{\numberline {6.5}Casos de estudio}{89} |
---|
123 | \contentsline {subsection}{\numberline {6.5.1}Caso OpenERP }{89} |
---|
124 | \contentsline {subsection}{\numberline {6.5.2}Caso SAID}{90} |
---|
125 | \contentsline {subsection}{\numberline {6.5.3}Caso Flujos de Trabajo}{92} |
---|
126 | \contentsline {section}{\numberline {6.6}Conclusiones}{93} |
---|
127 | \contentsline {schapter}{Referencias}{95} |
---|
128 | \contentsline {chapter}{\numberline {7}Anonimato}{97} |
---|
129 | \nobreak \vskip \authorskip \noindent \vrule height 9pt width0pt\hskip \chapskip R. Sumoza \hfill \vskip \chapheight |
---|
130 | \contentsline {section}{\numberline {7.1}Modelo de protocolo para un sistema an\IeC {\'o}nimo basado en estrategias bio-inspiradas}{97} |
---|
131 | \contentsline {subsection}{\numberline {7.1.1}Introduction}{98} |
---|
132 | \contentsline {subsection}{\numberline {7.1.2}Artificial Systems Ant Colony in Anonymity}{98} |
---|
133 | \contentsline {subsection}{\numberline {7.1.3}Conclusion}{100} |
---|
134 | \contentsline {schapter}{Referencias}{101} |
---|
135 | \contentsline {section}{\numberline {7.2}Sistema de medici\IeC {\'o}n alternativo}{102} |
---|
136 | \contentsline {subsection}{\numberline {7.2.1}Introduction}{102} |
---|
137 | \contentsline {subsection}{\numberline {7.2.2}Related work}{103} |
---|
138 | \contentsline {subsection}{\numberline {7.2.3}Proposal}{103} |
---|
139 | \contentsline {subsubsection}{\numberline {7.2.3.1}Root Squared Mean Error - RSME}{104} |
---|
140 | \contentsline {subsubsection}{\numberline {7.2.3.2}Jennesen-Shannon divergence}{104} |
---|
141 | \contentsline {subsubsection}{\numberline {7.2.3.3}Results}{104} |
---|
142 | \contentsline {schapter}{Referencias}{107} |
---|