Scribd Logo
Upload

Welcome to Scribd!

  • Informe Técnico Redes

    Uploaded by

    jachb1976
    104 views20 pages
    Ejemplo de un informe para revisión se enlaces de una empresa

    Original Title

    Informe Técnico redes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Ejemplo de un informe para revisión se enlaces de una empresa

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    104 views20 pages

    Informe Técnico Redes

    Uploaded by

    jachb1976
    Ejemplo de un informe para revisión se enlaces de una empresa

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Quito, 25 de Octubre del 2013

    Informe Tcnico
    Despues de la instalacin del nuevo servidor de correo realizada por el Ingeniero Ricardo
    Ortega, para completar el proceso de configuracin de seguridad se ha implementado dentro
    de la empresa los siguientes puntos.

    Configuracin del servidor, hardening, optimizacin de cuentas de usuarios

    Automatizacin para la migracin de cuentas y mensajes de correo

    Monitoreo y soporte tcnico a los usuarios

    El servidor ser el nico equipo que utilice el puerto 25 (smtp) adems de los
    protocolos http, https, smtps, pop3s,imaps.

    Monitoreo permanente del trfico desde y hacia internet para bloquearmediante


    cortafuegos y proxy las actividades maliciosas

    En este punto se ha realizado los siguientes procedimientos


    1. Configuracin del servicio de correo electrnico a traves del programa Outlook incluido
    dentro del Office en todos los usuarios de la empresa
    2. Bloqueo del puerto 25 en la red interna de la empresa, y en su lugarestamos usando
    smtps puerto 463 que requiere cifrado y autenticacin.
    3. Cifrado SSL y TLS para usar los protocolos POP3S (puerto 995) e IMAPS(993) en vez
    de POP (110) e IMAP (143).
    4. Revisin y eliminacin de virus, spyware, rootkits etc. en las estaciones,
    revisin/activacin de cortafuegos y actualizaciones del sistema operativo, eliminacin
    de programas no empresariales y bloqueo de pginas no empresariales.
    5. Hemos dado de baja las cuentas que no se utilizan
    6. Formateo y respaldos de la maquina que utilizaba el usuario Jazzmin Suarez que
    labora en las oficinas de Guayaquil, ya que se encontr en el analisis y monitoreo del
    trafico de red que esta maquina era la que presentaba los conflictos que causaban
    problemas al servidor de correos adjunto varios mensajes que se obtubieron dentro
    del proceso de revision dentro de las paginas de control y bloqueo SPAM de la
    Internet

    Mensaje 1
    From jsuarez@adfolsa.com.ec Thu Oct 03 19:33:34 2013
    victim@smtp.example,
    victim@smtp.example
    Delivery-date: Thu, 03 Oct 2013 19:33:34 -0400
    Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
    by mail.victim.example with esmtp (Exim 4.63)
    (envelope-from <jsuarez@adfolsa.com.ec>)
    id 1VRsOk-0007ev-6q; Thu, 03 Oct 2013 19:33:34 -0400
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id 44E772328917;
    Thu, 3 Oct 2013 18:44:19 -0500 (ECT)
    Received: from mail.adfolsa.com.ec ([127.0.0.1])
    by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
    with ESMTP id NMrqG33-FIGv; Thu, 3 Oct 2013 18:44:18 0500 (ECT)
    Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
    8.0.250])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id 249E92328157;
    Thu, 3 Oct 2013 18:44:09 -0500 (ECT)
    Date: Thu, 3 Oct 2013 18:44:09 -0500 (ECT)
    From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
    ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
    Subject: Attention: Sir/Madam...1
    MIME-Version: 1.0
    To: undisclosed-recipients:;
    --=20
    Dear Beneficiary,
    Following this year's (2013) review of the global financial matters

    and jus=
    t concluded investigations today by the Federal Bureau of Investi
    gation in =
    conjunction with the EFCC, in view of the foregoing, a new paym
    ent of Eight=
    Million Five Hundred Thousand Dollars Only has been approved
    in your favor=
    and credited into an ATM CARD which shall be delivered to you.
    Our final conclusion was that, the fund should be paid to you via
    an automa=
    ted teller machine card (ATM) as it seems, this will be easier and
    faster f=
    or you to receive payment.
    Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
    Thank you for your anticipated cooperation and we are looking fo
    rward to he=
    aring from you. Please confirm the follows:
    1. Full Names:
    2. Residence address:
    3. Telephone/Fax number:
    4. Age:
    5. Next of Kin
    6. Country of Residence
    7. A copy of your driver=E2=80=99s license / international passp
    ort:
    Regards,
    Sen. Ehigie Edobor.
    Swift Debit ATM Card Payment System
    Senate Committee on Banking, Finance and Payments

    Mensaje 2
    From jsuarez@adfolsa.com.ec Thu Oct 03 19:37:46 2013
    victim@smtp.example,
    victim@smtp.example
    Delivery-date: Thu, 03 Oct 2013 19:37:46 -0400
    Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
    by mail.victim.example with esmtp (Exim 4.63)
    (envelope-from <jsuarez@adfolsa.com.ec>)
    id 1VRsSo-0000oL-Qn; Thu, 03 Oct 2013 19:37:46 -0400
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id 1D7182328A23;
    Thu, 3 Oct 2013 18:48:32 -0500 (ECT)
    Received: from mail.adfolsa.com.ec ([127.0.0.1])
    by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
    with ESMTP id U2HLf8IT1zdx; Thu, 3 Oct 2013 18:48:31 0500 (ECT)
    Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
    8.0.250])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id 41AB02328157;
    Thu, 3 Oct 2013 18:48:26 -0500 (ECT)
    Date: Thu, 3 Oct 2013 18:48:26 -0500 (ECT)
    From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
    ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
    Subject: REPLY.
    MIME-Version: 1.0
    To: undisclosed-recipients:;
    --=20
    Dear Beneficiary,
    Following this year's (2013) review of the global financial matters
    and jus=
    t concluded investigations today by the Federal Bureau of Investi

    gation in =
    conjunction with the EFCC, in view of the foregoing, a new paym
    ent of Eight=
    Million Five Hundred Thousand Dollars Only has been approved
    in your favor=
    and credited into an ATM CARD which shall be delivered to you.
    Our final conclusion was that, the fund should be paid to you via
    an automa=
    ted teller machine card (ATM) as it seems, this will be easier and
    faster f=
    or you to receive payment.
    Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
    Thank you for your anticipated cooperation and we are looking fo
    rward to he=
    aring from you. Please confirm the follows:
    1. Full Names:
    2. Residence address:
    3. Telephone/Fax number:
    4. Age:
    5. Next of Kin
    6. Country of Residence
    7. A copy of your driver=E2=80=99s license / international passp
    ort:
    Regards,
    Sen. Ehigie Edobor.
    Swift Debit ATM Card Payment System
    Senate Committee on Banking, Finance and Payments

    Mensaje 3
    From jsuarez@adfolsa.com.ec Thu Oct 03 19:58:08 2013
    Delivery-date: Thu, 03 Oct 2013 19:58:08 -0400
    Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
    by mail.victim.example with esmtp (Exim 4.63)
    (envelope-from <jsuarez@adfolsa.com.ec>)
    id 1VRsmW-00084d-0H
    for victim@smtp.example; Thu, 03 Oct 2013 19:58:08 -0400
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id C860C2328A1A;
    Thu, 3 Oct 2013 19:08:52 -0500 (ECT)
    Received: from mail.adfolsa.com.ec ([127.0.0.1])
    by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
    with ESMTP id vTttrHs7qDf6; Thu, 3 Oct 2013 19:08:52 0500 (ECT)
    Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
    8.0.250])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id AFDDE2328157;
    Thu, 3 Oct 2013 19:08:49 -0500 (ECT)
    Date: Thu, 3 Oct 2013 19:08:49 -0500 (ECT)
    From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
    ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
    Subject: Attention: Sir/Madam...
    MIME-Version: 1.0
    To: undisclosed-recipients:;
    --=20
    Dear Beneficiary,
    Following this year's (2013) review of the global financial matters
    and jus=

    t concluded investigations today by the Federal Bureau of Investi


    gation in =
    conjunction with the EFCC, in view of the foregoing, a new paym
    ent of Eight=
    Million Five Hundred Thousand Dollars Only has been approved
    in your favor=
    and credited into an ATM CARD which shall be delivered to you.
    Our final conclusion was that, the fund should be paid to you via
    an automa=
    ted teller machine card (ATM) as it seems, this will be easier and
    faster f=
    or you to receive payment.
    Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
    Thank you for your anticipated cooperation and we are looking fo
    rward to he=
    aring from you. Please confirm the follows:
    1. Full Names:
    2. Residence address:
    3. Telephone/Fax number:
    4. Age:
    5. Next of Kin
    6. Country of Residence
    7. A copy of your driver=E2=80=99s license / international passp
    ort:
    Regards,
    Sen. Ehigie Edobor.
    Swift Debit ATM Card Payment System
    Senate Committee on Banking, Finance and Payments

    Mensaje 4
    From jsuarez@adfolsa.com.ec Thu Oct 03 20:08:57 2013
    Delivery-date: Thu, 03 Oct 2013 20:08:57 -0400
    Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
    by mail.victim.example with esmtp (Exim 4.63)
    (envelope-from <jsuarez@adfolsa.com.ec>)
    id 1VRswz-0003jQ-Cw
    for victim@smtp.example; Thu, 03 Oct 2013 20:08:57 -0400
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id BB5652328B2E;
    Thu, 3 Oct 2013 19:19:43 -0500 (ECT)
    Received: from mail.adfolsa.com.ec ([127.0.0.1])
    by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
    with ESMTP id M0IdBkORiHww; Thu, 3 Oct 2013 19:19:43 0500 (ECT)
    Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
    8.0.250])
    by mail.adfolsa.com.ec (Postfix) with ESMTP id D0BDC2328157;
    Thu, 3 Oct 2013 19:19:40 -0500 (ECT)
    Date: Thu, 3 Oct 2013 19:19:40 -0500 (ECT)
    From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
    ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
    Subject: Attention: Sir/Madam...
    MIME-Version: 1.0
    To: undisclosed-recipients:;
    --=20
    Dear Beneficiary,
    Following this year's (2013) review of the global financial matters
    and jus=
    t concluded investigations today by the Federal Bureau of Investi

    gation in =
    conjunction with the EFCC, in view of the foregoing, a new paym
    ent of Eight=
    Million Five Hundred Thousand Dollars Only has been approved
    in your favor=
    and credited into an ATM CARD which shall be delivered to you.
    Our final conclusion was that, the fund should be paid to you via
    an automa=
    ted teller machine card (ATM) as it seems, this will be easier and
    faster f=
    or you to receive payment.
    Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
    Thank you for your anticipated cooperation and we are looking fo
    rward to he=
    aring from you. Please confirm the follows:
    1. Full Names:
    2. Residence address:
    3. Telephone/Fax number:
    4. Age:
    5. Next of Kin
    6. Country of Residence
    7. A copy of your driver=E2=80=99s license / international passp
    ort:
    Regards,
    Sen. Ehigie Edobor.
    Swift Debit ATM Card Payment System
    Senate Committee on Banking, Finance and Payments

    7.

    Se procede con la solicitud de desbloqueo de paginas (ms de 48 ) lista negra de


    SPAM, Adjunto a este documento los informes generados desde Internet por las
    pginas de control de SPAM que nos bloquean el envo de correos, incluyendo una
    traduccin de algunos mensajes que han sido enviados al administrador de sistema.

    El proveedor del servicio de internet nos hizo llegar un comunicado en el cual nos hacian
    conocer el conflicto que presentaba la direccin IP del equipo que hace las veces de servidor
    de correos y el Dominio que maneja mail.adfolsa.com.ec
    Adjunto el mensaje de TELCONET

    NOTIFICACION DE IP SPAMMER
    FOR IAC 10 VER 09 11 09
    Estimado cliente:
    Le informo que la IP 186.5.101.118 asignada a MATERIALES AUTOADHESIVOS S.A.
    ADFOLSA se encuentra listado en RBLs como generador de SPAM; por lo cual solicitamos su
    justificacin del uso del puerto TCP 25 (SMTP) y las medidas Anti-spam que se estn usando.
    El plazo mximo que otorga el Departamento de Seguridad Lgica ante esta incidencia es 2
    das laborables, posterior a este se proceder al bloqueo de reenvo de trfico por dicho
    puerto.
    Quedo a la espera de su pronta respuesta, gracias por la atencin a la presente.

    Atentamente,
    Miguel Vaca
    Ingeniero - IAC
    Tel. (593)-2-3963100 ext. 4513
    Cel. (593)-8-7591604
    Av. 12 de Octubre N24-660 y Francisco Salazar, Quito - Ecuador
    www.telconet.net
    Estimado Cliente,
    Como le haba comentado el bloqueo aun no ha sido realizado, sin embargo veo que la IP esta
    listada en varias paginas en el mundo.
    De la lista mostrada abajo por favor solo no tomar en cuenta l2.apews.org.

    Passive Spam Block List

    PSBL

    This interface allows you to find out whether an IP address is/was listed in the PSBL and why. For every IP address that is/was
    listed, the site will show you the time(s) a spamtrap received email from said IP address, as well as the time(s) the IP address was

    News
    List query
    Remove an IP

    removed from the list.


    127.0.0.2

    PSBL list query

    127.0.0.2

    Check evidence

    Latest events
    How to use PSBL
    PSBL FAQ
    About PSBL

    Query Results
    Received spamtrap mail for 186.5.101.118. Note that spamtrap addresses, URLs and some headers have been munged to prevent
    listwashing. If you think this is not spam, please contact me at psbl(at)surriel(dot)com so future listings can be prevented.
    Yes, this email really came from 186.5.101.118.
    If this does not have the kind of Received: line your mail server creates, chances are you have a PC infected with spamware. Is
    186.5.101.118 also your firewall?
    186.5.101.118

    Remove from PSBL

    Al momento todava vamos encontrando Pginas que bloquean los mensajes del dominio
    mail.adfolsa.com, razn por la cual se recomienda seguir con el monitoreo del servicio de
    Zimbra por lo menos 1 mes ms, para as protegernos de cualquier problema que pueda
    suscitarse..

    Al momento hago entrega de las claves del servicio de correos de Zimbra.


    Usuario de administracin: admin
    Password: Admin*Zimbra-2013-10-05
    Adicional a estas contraseas entrego las que se han creado para acceder al sitema Operativo
    del servidor de correo a travs de Acceso Remoto.
    El Programa utilizado para este trabajo es el VNC.
    Host: mail.adfolsa.com.ec:1
    Password: adfolsa*2013
    Las claves de acceso directo al servidor por favor solicitar al Ingeniero Ricardo Ortega, ya que
    el maneja todo lo que se refiere al Sistema Operativo.

    Atentamente,

    Jaime Chvez
    Monitoreo y Soporte

    You might also like