A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments
Guardado en:
| Autores: | , , |
|---|---|
| Formato: | artículo original |
| Estado: | Versión publicada |
| Fecha de Publicación: | 2024 |
| Descripción: | This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: “www.ups.edu.ec”, “cas.ups.edu.ec”, “virtual.ups.edu.ec” y “dspace.ups.edu.ec”, of the Salesian Polytechnic University, using specialized tools such as Kali Linux and Nessus. Through these technologies, critical aspects of the system’s security are evaluated: its ability to resist attacks, how effective its defense mechanisms are, and its capacity to identify exploitable weak points. A novel methodology is applied to evaluate the security of the system, using emerging technologies and innovative techniques. During the research, several vulnerabilities were identified covering the four studied domains. These were classified using the CVSS (Common Vulnerability Scoring System) rating protocol, which allowed the most critical ones to be prioritized and addressed first. In addition, a scan of open ports was performed to recognize possible unauthorized access points. As part of the security testing, a simulation of an email phishing attack was carried out by cloning the Salesian University access website, in order to assess users' susceptibility to this threat. Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in “virtual.ups.edu.ec”. SSL/TLS security issues were also detected, such as the use of weak ciphers and outdated versions of TLS (CVSS up to 7.5). In addition, medium risks related to lack of HSTS and vulnerabilities in PHP and jQuery were found, along with weaker SSH configurations of lesser impact (CVSS 2.6-3.7). These results show the need for security updates and improvements. |
| País: | Portal de Revistas UCR |
| Institución: | Universidad de Costa Rica |
| Repositorio: | Portal de Revistas UCR |
| Lenguaje: | Español |
| OAI Identifier: | oai:portal.ucr.ac.cr:article/60075 |
| Acceso en línea: | https://revistas.ucr.ac.cr/index.php/ingenieria/article/view/60075 |
| Palabra clave: | Cybersecurity Kali Linux Nessus phishing vulnerabilities seguridad cibernética vulnerabilidades |