| 1 | \select@language {spanish} |
|---|
| 2 | \contentsline {part}{I\hspace {1em}Seguridad en las TIC y la Identidad Digital. Fundamentos}{7} |
|---|
| 3 | \contentsline {chapter}{\numberline {1}Bases de la identidad digital}{9} |
|---|
| 4 | \contentsline {section}{\numberline {1.1}Conceptos b\IeC {\'a}sicos}{9} |
|---|
| 5 | \contentsline {section}{\numberline {1.2}Implicaciones}{9} |
|---|
| 6 | \contentsline {section}{\numberline {1.3}Identificaci\IeC {\'o}n, autenticaci\IeC {\'o}n}{9} |
|---|
| 7 | \contentsline {subsection}{\numberline {1.3.1}T\IeC {\'e}cnicas de identificaci\IeC {\'o}n y autenticaci\IeC {\'o}n}{9} |
|---|
| 8 | \contentsline {subsubsection}{Contrase\IeC {\~n}as}{9} |
|---|
| 9 | \contentsline {subsubsection}{Certificados electr\IeC {\'o}nicos}{10} |
|---|
| 10 | \contentsline {subsubsection}{Firmas electr\IeC {\'o}nicas}{10} |
|---|
| 11 | \contentsline {subsubsection}{Dispositivos de usuario}{10} |
|---|
| 12 | \contentsline {chapter}{\numberline {2}Pol\IeC {\'\i }ticas de Seguridad}{27} |
|---|
| 13 | \contentsline {section}{\numberline {2.1}Pol\IeC {\'\i }ticas de seguridad de la informaci\IeC {\'o}n. Importancia.}{27} |
|---|
| 14 | \contentsline {section}{\numberline {2.2}Puestos de trabajo, centros de datos, seguridad l\IeC {\'o}gica y f\IeC {\'\i }sica}{27} |
|---|
| 15 | \contentsline {section}{\numberline {2.3}Pol\IeC {\'\i }ticas de Seguridad de las Tecnolog\IeC {\'\i }as de Informaci\IeC {\'o}n y Comunicaci\IeC {\'o}n}{27} |
|---|
| 16 | \contentsline {section}{\numberline {2.4}Importancia de la Seguridad de la Informaci\IeC {\'o}n}{29} |
|---|
| 17 | \contentsline {section}{\numberline {2.5}Seguridad de la Informaci\IeC {\'o}n para Tecnolog\IeC {\'\i }as Libres}{30} |
|---|
| 18 | \contentsline {section}{\numberline {2.6}Principio de Defensa en profundidad}{31} |
|---|
| 19 | \contentsline {subsection}{\numberline {2.6.1}Los principios generales de la defensa en profundidad}{32} |
|---|
| 20 | \contentsline {section}{\numberline {2.7}Responsabilidad}{33} |
|---|
| 21 | \contentsline {section}{\numberline {2.8}Procesos para aumentar la adopci\IeC {\'o}n de seguridad de la informaci\IeC {\'o}n}{34} |
|---|
| 22 | \contentsline {subsection}{\numberline {2.8.1}Identificaci\IeC {\'o}n de los riesgos}{34} |
|---|
| 23 | \contentsline {subsection}{\numberline {2.8.2}Evaluaci\IeC {\'o}n de los riesgos de seguridad}{36} |
|---|
| 24 | \contentsline {subsection}{\numberline {2.8.3}Selecci\IeC {\'o}n de los controles}{37} |
|---|
| 25 | \contentsline {subsection}{\numberline {2.8.4}Implementar los controles seleccionados}{39} |
|---|
| 26 | \contentsline {subsection}{\numberline {2.8.5}Monitorear y mejorar los controles de seguridad}{39} |
|---|
| 27 | \contentsline {section}{\numberline {2.9}Grupo de seguridad de la informaci\IeC {\'o}n}{40} |
|---|
| 28 | \contentsline {section}{\numberline {2.10}Gesti\IeC {\'o}n de Contrase\IeC {\~n}as}{41} |
|---|
| 29 | \contentsline {subsection}{\numberline {2.10.1}Claves con menos de ocho d\IeC {\'\i }gitos}{42} |
|---|
| 30 | \contentsline {section}{\numberline {2.11}\IeC {\textquestiondown }Qu\IeC {\'e} se entiende por puesto de trabajo?}{43} |
|---|
| 31 | \contentsline {section}{\numberline {2.12}Centro de datos}{43} |
|---|
| 32 | \contentsline {section}{\numberline {2.13}\IeC {\textquestiondown }Que es seguridad l\IeC {\'o}gica?}{44} |
|---|
| 33 | \contentsline {section}{\numberline {2.14}\IeC {\textquestiondown }Qu\IeC {\'e} es seguridad f\IeC {\'\i }sica?}{44} |
|---|
| 34 | \contentsline {section}{\numberline {2.15}Cuenta de usuario}{44} |
|---|
| 35 | \contentsline {subsection}{\numberline {2.15.1}Cuenta de usuario cr\IeC {\'\i }tica}{44} |
|---|
| 36 | \contentsline {section}{\numberline {2.16}Vulnerabilidades de los sistemas de informaci\IeC {\'o}n}{44} |
|---|
| 37 | \contentsline {subsection}{\numberline {2.16.1}Causas de las vulnerabilidades de los sistemas inform\IeC {\'a}ticos}{44} |
|---|
| 38 | \contentsline {section}{\numberline {2.17}Herramientas para la seguridad de la informaci\IeC {\'o}n}{45} |
|---|
| 39 | \contentsline {subsection}{\numberline {2.17.1}Cortafuego}{45} |
|---|
| 40 | \contentsline {subsection}{\numberline {2.17.2}\IeC {\textquestiondown }Para qu\IeC {\'e} sirve el cortafuego?}{47} |
|---|
| 41 | \contentsline {subsection}{\numberline {2.17.3}Consideraciones para la instalaci\IeC {\'o}n y configuraci\IeC {\'o}n de cortafuegos}{48} |
|---|
| 42 | \contentsline {subsection}{\numberline {2.17.4}Sistemas de detecci\IeC {\'o}n de intrusiones (IDS)}{49} |
|---|
| 43 | \contentsline {section}{\numberline {2.18}Identificaci\IeC {\'o}n de los riesgos a terceros}{51} |
|---|
| 44 | \contentsline {section}{\numberline {2.19}Seguridad l\IeC {\'o}gica en los puestos de trabajo}{52} |
|---|
| 45 | \contentsline {section}{\numberline {2.20}Seguridad l\IeC {\'o}gica en el centro de datos}{53} |
|---|
| 46 | \contentsline {section}{\numberline {2.21}Seguridad f\IeC {\'\i }sica en los puestos de trabajo}{54} |
|---|
| 47 | \contentsline {section}{\numberline {2.22}Seguridad f\IeC {\'\i }sica en el centro de dato}{55} |
|---|
| 48 | \contentsline {subsection}{\numberline {2.22.1}Servicios que presta o prestar\IeC {\'a} el centro de datos: }{55} |
|---|
| 49 | \contentsline {subsection}{\numberline {2.22.2}Ubicaci\IeC {\'o}n y condici\IeC {\'o}n f\IeC {\'\i }sica del centro de datos}{55} |
|---|
| 50 | \contentsline {subsection}{\numberline {2.22.3}Especificaciones t\IeC {\'e}cnicas del centro de datos}{56} |
|---|
| 51 | \contentsline {subsection}{\numberline {2.22.4}Control de acceso f\IeC {\'\i }sico al centro de datos}{58} |
|---|
| 52 | \contentsline {subsection}{\numberline {2.22.5}Aire acondicionado}{59} |
|---|
| 53 | \contentsline {subsection}{\numberline {2.22.6}Protecci\IeC {\'o}n, detecci\IeC {\'o}n y extinci\IeC {\'o}n de incendios}{59} |
|---|
| 54 | \contentsline {section}{\numberline {2.23}Especificaci\IeC {\'o}n de las Pol\IeC {\'\i }ticas de seguridad de la informaci\IeC {\'o}n en el centro de datos}{60} |
|---|
| 55 | \contentsline {section}{\numberline {2.24}Pol\IeC {\'\i }ticas de Respaldo y recuperaci\IeC {\'o}n}{61} |
|---|
| 56 | \contentsline {subsection}{\numberline {2.24.1}Normas para las pol\IeC {\'\i }ticas de respaldo y recuperaci\IeC {\'o}n}{62} |
|---|
| 57 | \contentsline {section}{\numberline {2.25}Gesti\IeC {\'o}n de Incidentes de seguridad}{63} |
|---|
| 58 | \contentsline {subsection}{\numberline {2.25.1}Antes del incidente de seguridad:}{63} |
|---|
| 59 | \contentsline {subsection}{\numberline {2.25.2}Durante el incidente de seguridad:}{64} |
|---|
| 60 | \contentsline {subsection}{\numberline {2.25.3}Despu\IeC {\'e}s del incidente de seguridad:}{65} |
|---|
| 61 | \contentsline {section}{\numberline {2.26}Plan de Recuperaci\IeC {\'o}n antes Desastres}{65} |
|---|
| 62 | \contentsline {section}{\numberline {2.27}Seguridad en redes}{66} |
|---|
| 63 | \contentsline {chapter}{\numberline {3}Privacidad}{67} |
|---|
| 64 | \contentsline {section}{\numberline {3.1}Definici\IeC {\'o}n y pol\IeC {\'\i }ticas de privacidad}{67} |
|---|
| 65 | \contentsline {section}{\numberline {3.2}T\IeC {\'e}cnicas para proporcionar privacidad}{67} |
|---|
| 66 | \contentsline {subsection}{\numberline {3.2.1}Anonimato}{67} |
|---|
| 67 | \contentsline {subsubsection}{Redes de mezcla}{67} |
|---|
| 68 | \contentsline {subsubsection}{Enrutamiento cebolla}{67} |
|---|
| 69 | \contentsline {chapter}{\numberline {4}Fundamentos Jur\IeC {\'\i }dicos}{69} |
|---|
| 70 | \contentsline {section}{\numberline {4.1}El ordenamiento jur\IeC {\'\i }dico venezolano y las nuevas tecnolog\IeC {\'\i }as de la informaci\IeC {\'o}n}{69} |
|---|
| 71 | \contentsline {subsection}{\numberline {4.1.1}Ley de Mensajes de Datos y Firmas Electr\IeC {\'o}nicas, Ley de Infogobierno, Ley de Interoperabilidad y Ley Especial Contra los Delitos Inform\IeC {\'a}ticos}{69} |
|---|
| 72 | \contentsline {section}{\numberline {4.2}La insuficiencia de las regulaciones jur\IeC {\'\i }dicas existentes}{69} |
|---|
| 73 | \contentsline {part}{II\hspace {1em}Aportes de CENDITEL en la Seguridad vinculada a la Identidad Digital en las TIC}{71} |
|---|
| 74 | \contentsline {chapter}{\numberline {5}Certificaci\IeC {\'o}n Electr\IeC {\'o}nica}{73} |
|---|
| 75 | \contentsline {section}{\numberline {5.1}Introducci\'on}{74} |
|---|
| 76 | \contentsline {section}{\numberline {5.2}Marco Te'orico}{75} |
|---|
| 77 | \contentsline {subsection}{\numberline {5.2.1}Seguridad Inform\'atica}{75} |
|---|
| 78 | \contentsline {subsection}{\numberline {5.2.2}Criptograf\'ia}{76} |
|---|
| 79 | \contentsline {subsection}{\numberline {5.2.3}Certificados digitales}{77} |
|---|
| 80 | \contentsline {subsection}{\numberline {5.2.4}Est\'andar X.509}{77} |
|---|
| 81 | \contentsline {subsection}{\numberline {5.2.5}Lenguaje Unificado de Modelado}{79} |
|---|
| 82 | \contentsline {subsection}{\numberline {5.2.6}Software Libre}{80} |
|---|
| 83 | \contentsline {section}{\numberline {5.3}Infraestructura de Clave P\'ublica}{80} |
|---|
| 84 | \contentsline {subsection}{\numberline {5.3.1}Componentes de la Infraestructura de Claves P\'ublica (ICP)}{81} |
|---|
| 85 | \contentsline {section}{\numberline {5.4}Desarrollo de la aplicaci\'on}{82} |
|---|
| 86 | \contentsline {subsection}{\numberline {5.4.1}Conceptualizaci\'on}{82} |
|---|
| 87 | \contentsline {subsection}{\numberline {5.4.2}Dise\~no}{83} |
|---|
| 88 | \contentsline {subsection}{\numberline {5.4.3}Implementaci\'on}{85} |
|---|
| 89 | \contentsline {subsection}{\numberline {5.4.4}Pruebas}{87} |
|---|
| 90 | \contentsline {subsection}{\numberline {5.4.5}Despliegue y configuraci\'on}{88} |
|---|
| 91 | \contentsline {section}{\numberline {5.5}Conclusiones}{89} |
|---|
| 92 | \contentsline {section}{\numberline {5.6}Glosario}{90} |
|---|
| 93 | \contentsline {chapter}{\numberline {6}Firmas Electr\IeC {\'o}nicas}{93} |
|---|
| 94 | \contentsline {section}{\numberline {6.1}Introducci\IeC {\'o}n}{93} |
|---|
| 95 | \contentsline {section}{\numberline {6.2}El modelo actual de Firma Electr\IeC {\'o}nica}{94} |
|---|
| 96 | \contentsline {section}{\numberline {6.3}Antecedentes}{96} |
|---|
| 97 | \contentsline {section}{\numberline {6.4}Acoplamiento de la Firma Electr\IeC {\'o}nica Avanzada}{97} |
|---|
| 98 | \contentsline {subsection}{\numberline {6.4.1}Componente de Firma Electr\IeC {\'o}nica Avanzada}{97} |
|---|
| 99 | \contentsline {subsection}{\numberline {6.4.2}M\IeC {\'e}todo de conex\IeC {\'\i }\IeC {\'o}n}{99} |
|---|
| 100 | \contentsline {section}{\numberline {6.5}Casos de estudio}{101} |
|---|
| 101 | \contentsline {subsection}{\numberline {6.5.1}Caso OpenERP }{102} |
|---|
| 102 | \contentsline {subsection}{\numberline {6.5.2}Caso SAID}{104} |
|---|
| 103 | \contentsline {subsection}{\numberline {6.5.3}Caso Flujos de Trabajo}{105} |
|---|
| 104 | \contentsline {section}{\numberline {6.6}Conclusiones}{106} |
|---|
| 105 | \contentsline {chapter}{\numberline {7}Anonimato}{113} |
|---|
| 106 | \contentsline {section}{\numberline {7.1}Modelo de protocolo para un sistema an\IeC {\'o}nimo basado en estrategias bio-inspiradas}{113} |
|---|
| 107 | \contentsline {subsection}{\numberline {7.1.1}Introduction}{113} |
|---|
| 108 | \contentsline {subsection}{\numberline {7.1.2}Artificial Systems Ant Colony in Anonymity}{114} |
|---|
| 109 | \contentsline {subsection}{\numberline {7.1.3}Conclusion}{116} |
|---|
| 110 | \contentsline {section}{\numberline {7.2}Sistema de medici\IeC {\'o}n alternativo}{118} |
|---|
| 111 | \contentsline {subsection}{\numberline {7.2.1}Introduction}{118} |
|---|
| 112 | \contentsline {subsection}{\numberline {7.2.2}Related work}{119} |
|---|
| 113 | \contentsline {subsection}{\numberline {7.2.3}Proposal}{120} |
|---|
| 114 | \contentsline {subsubsection}{Root Squared Mean Error - RSME}{120} |
|---|
| 115 | \contentsline {subsubsection}{Jennesen-Shannon divergence}{120} |
|---|
| 116 | \contentsline {subsubsection}{Results}{121} |
|---|
