A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments
This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: “www.ups.edu.ec”, “cas.ups.edu.ec”, “virtual.ups.edu.ec” y “dspace.ups.edu.ec”, of the Salesian Polytechnic University, using specialized tools such as Kali Linux and...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Universidad de Costa Rica
2024-10-01
|
| Series: | Ingeniería |
| Subjects: | |
| Online Access: | https://revistas.ucr.ac.cr/index.php/ingenieria/article/view/60075 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850052811370266624 |
|---|---|
| author | Holger Santillan Julio Andrés Arévalo Satán Peregrina Wong |
| author_facet | Holger Santillan Julio Andrés Arévalo Satán Peregrina Wong |
| author_sort | Holger Santillan |
| collection | DOAJ |
| description |
This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: “www.ups.edu.ec”, “cas.ups.edu.ec”, “virtual.ups.edu.ec” y “dspace.ups.edu.ec”, of the Salesian Polytechnic University, using specialized tools such as Kali Linux and Nessus. Through these technologies, critical aspects of the system’s security are evaluated: its ability to resist attacks, how effective its defense mechanisms are, and its capacity to identify exploitable weak points. A novel methodology is applied to evaluate the security of the system, using emerging technologies and innovative techniques.
During the research, several vulnerabilities were identified covering the four studied domains. These were classified using the CVSS (Common Vulnerability Scoring System) rating protocol, which allowed the most critical ones to be prioritized and addressed first. In addition, a scan of open ports was performed to recognize possible unauthorized access points. As part of the security testing, a simulation of an email phishing attack was carried out by cloning the Salesian University access website, in order to assess users' susceptibility to this threat.
Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in “virtual.ups.edu.ec”. SSL/TLS security issues were also detected, such as the use of weak ciphers and outdated versions of TLS (CVSS up to 7.5). In addition, medium risks related to lack of HSTS and vulnerabilities in PHP and jQuery were found, along with weaker SSH configurations of lesser impact (CVSS 2.6-3.7). These results show the need for security updates and improvements.
|
| format | Article |
| id | doaj-art-c3910eacdf284aca9a105af4f8635bb1 |
| institution | DOAJ |
| issn | 1409-2441 2215-2652 |
| language | English |
| publishDate | 2024-10-01 |
| publisher | Universidad de Costa Rica |
| record_format | Article |
| series | Ingeniería |
| spelling | doaj-art-c3910eacdf284aca9a105af4f8635bb12025-08-20T02:52:42ZengUniversidad de Costa RicaIngeniería1409-24412215-26522024-10-0135110.15517/ri.v35i1.60075A Comprehensive Analysis of Cybersecurity Infrastructure in Academic EnvironmentsHolger Santillan0Julio Andrés Arévalo Satán 1Peregrina Wong 21 Universidad Politécnica Salesiana, Grupo de Investigación en Sistemas de Telecomunicaciones – GISTEL, Guayaquil, EcuadorUniversidad de las Palmas de Gran Canaria, Las Palmas de Gran Canaria, SpainUniversidad de las Palmas de Gran Canaria, Las Palmas de Gran Canaria, Spain This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: “www.ups.edu.ec”, “cas.ups.edu.ec”, “virtual.ups.edu.ec” y “dspace.ups.edu.ec”, of the Salesian Polytechnic University, using specialized tools such as Kali Linux and Nessus. Through these technologies, critical aspects of the system’s security are evaluated: its ability to resist attacks, how effective its defense mechanisms are, and its capacity to identify exploitable weak points. A novel methodology is applied to evaluate the security of the system, using emerging technologies and innovative techniques. During the research, several vulnerabilities were identified covering the four studied domains. These were classified using the CVSS (Common Vulnerability Scoring System) rating protocol, which allowed the most critical ones to be prioritized and addressed first. In addition, a scan of open ports was performed to recognize possible unauthorized access points. As part of the security testing, a simulation of an email phishing attack was carried out by cloning the Salesian University access website, in order to assess users' susceptibility to this threat. Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in “virtual.ups.edu.ec”. SSL/TLS security issues were also detected, such as the use of weak ciphers and outdated versions of TLS (CVSS up to 7.5). In addition, medium risks related to lack of HSTS and vulnerabilities in PHP and jQuery were found, along with weaker SSH configurations of lesser impact (CVSS 2.6-3.7). These results show the need for security updates and improvements. https://revistas.ucr.ac.cr/index.php/ingenieria/article/view/60075CybersecurityKali LinuxNessusphishingvulnerabilities |
| spellingShingle | Holger Santillan Julio Andrés Arévalo Satán Peregrina Wong A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments Ingeniería Cybersecurity Kali Linux Nessus phishing vulnerabilities |
| title | A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments |
| title_full | A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments |
| title_fullStr | A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments |
| title_full_unstemmed | A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments |
| title_short | A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments |
| title_sort | comprehensive analysis of cybersecurity infrastructure in academic environments |
| topic | Cybersecurity Kali Linux Nessus phishing vulnerabilities |
| url | https://revistas.ucr.ac.cr/index.php/ingenieria/article/view/60075 |
| work_keys_str_mv | AT holgersantillan acomprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments AT julioandresarevalosatan acomprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments AT peregrinawong acomprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments AT holgersantillan comprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments AT julioandresarevalosatan comprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments AT peregrinawong comprehensiveanalysisofcybersecurityinfrastructureinacademicenvironments |