Caracterização Escalável de Vulnerabilidades de Segurança: um Estudo de Caso na Internet Brasileira
Abstract
Monitoring services such as Shodan are increasingly popular for tracking applications and vulnerabilities on the Internet. In this paper we analyze monitoring data from Shodan to characterize vulnerabilities found in Brazilian networks. In addition, we discuss Data Science methods to scale and improve the depth of the analyses, and combine external network and vulnerability metadata to support richer results and conclusions. Our characterization exposes several vulnerabilities of high severity, and some of them remain widespread despite being five years old. We hope that the analyses presented in this paper will encourage organizations to deploy updates and protection mechanisms to mitigate these threats.
References
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet- Wide Scanning. In Proc. of ACM SIGSAC Conf. on Computer and Comm. Security.
Genge, B. e Enachescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696–2714.
Hasselquist, D., Rawat, A., e Gurtov, A. (2019). Trends and Detection Avoidance of Internet-Connected Industrial Control Systems. IEEE Access, 7:155504–155512.
Holland, J. et al. (2020). Classifying Network Vendors at Internet Scale. Computing Research Repository, abs/2006.13086.
Izhikevich, L., Teixeira, R., e Durumeric, Z. (2021). LZR: Identifying Unexpected Internet Services. In USENIX Security.
Mousavi, S. H., Khansari, M., e Rahmani, R. (2020). A fully scalable big data framework for Botnet detection based on network traffic analysis. Information Sciences, 512:629–640.
Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63–73.