SciELO - Scientific Electronic Library Online

 
vol.35 issue1Biodegradable plastic production based on cassava starch through a thermomechanical processBIM 6D methodology as a tool to evaluate thermal comfort in Costa Rican schools author indexsubject indexarticles search 		Home Pagealphabetic serial listing  

Services on Demand

Journal

Article

Indicators

Related links

  • Have no similar articlesSimilars in SciELO

Share

Ingeniería

On-line version ISSN 2215-2652Print version ISSN 1409-2441

Abstract

SANTILLAN, Holger; AREVALO SATAN, Julio Andrés  and  WONG, Peregrina. Un análisis integral de la infraestructura de ciberseguridad en ambientes académicos. Ingeniería [online]. 2024, vol.35, n.1, pp.11-23. ISSN 2215-2652.  http://dx.doi.org/10.15517/ri.v35i1.60075.

This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: ''www.ups.edu.ec'', ''cas.ups.edu.ec'', ''virtual.ups.edu.ec'' y ''dspace.ups.edu.ec'', of the Salesian Polytechnic University, using specialized tools such as Kali Linux and Nessus. Through these technologies, critical aspects of the system's security are evaluated: its ability to resist attacks, how effective its defense mechanisms are, and its capacity to identify exploitable weak points. A novel methodology is applied to evaluate the security of the system, using emerging technologies and innovative techniques.

During the research, several vulnerabilities were identified covering the four studied domains. These were classified using the CVSS (Common Vulnerability Scoring System) rating protocol, which allowed the most critical ones to be prioritized and addressed first. In addition, a scan of open ports was performed to recognize possible unauthorized access points. As part of the security testing, a simulation of an email phishing attack was carried out by cloning the Salesian University access website, in order to assess users' susceptibility to this threat.

Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in ''virtual.ups.edu.ec''. SSL/TLS security issues were also detected, such as the use of weak ciphers and outdated versions of TLS (CVSS up to 7.5). In addition, medium risks related to lack of HSTS and vulnerabilities in PHP and jQuery were found, along with weaker SSH configurations of lesser impact (CVSS 2.6-3.7). These results show the need for security updates and improvements.

Keywords : Cybersecurity; Kali Linux; Nessus; phishing; vulnerabilities.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )

 
Sede Rodrigo Facio Brenes, Universidad de Costa Rica, Ciudad de la Investigación, Instituto de Investigaciones en Ingeniería. San Pedro de Montes de Oca, San José, Costa Rica, San José, San José, Costa Rica, CR, 11501-2060 , 2511-6676, 2511-6691