Maestría en Tecnologías de la Información

Permanent URI for this collectionhttp://repositorio.uta.edu.ec/handle/123456789/36842

Browse

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    DETECCIÓN DE VULNERABILIDADES MEDIANTE PRUEBAS DE PENETRACIÓN A LA RED DE SERVIDORES Y SERVICIOS DEL INSTITUTO SUPERIOR TECNOLÓGICO SUCRE.
    (Universidad Tecnica de Ambato,Magíster en Tecnologías de la Información, 2022-11-15) Cedeño Zambrano, María Elizabeth; Ibarra Torres, Oscar Fernando
    Nowadays, computer security is a key point for all organizations, both public and private, regardless of their line of business. Thus, Sucre Higher Institute of Technology wants to provide its administrative, teaching and student staff with a quality and efficient technological infrastructure, but above all safe, so this research work seeks to develop an improvement plan to mitigate the vulnerabilities identified through the execution of penetration tests on the network of servers and services of the Institute. In order to develop the present work, the qualitative research methodology was used with an exploratory approach, using also a field research through interviews, observation, checklists and the execution of external black box penetration tests on the network of servers and services of Sucre Higher Institute of Technology. The penetration tests were carried out following a process of phases, such is the case, that in the first place a phase of recognition and collection of information was executed through the use of tools to analyze the domain, web page and IP addresses provided by the Institute, to subsequently perform an analysis phase to detect and obtain the vulnerabilities that affect these applications and services, which also allowed to know xvii the level of criticality of each vulnerability; with this data it was possible to execute the phase of exploitation of the critical vulnerabilities that affect these services. With the proper execution of the penetration tests it was possible to efficiently detect the vulnerabilities affecting the network of servers and services of Sucre Higher Institute of Technology, which also allowed the development of an improvement plan containing the recommendations of the actions that Sucre Higher Institute of Technology should implement to mitigate the vulnerabilities affecting its network and thus minimize the risks to which its infrastructure is exposed, thus guaranteeing compliance with the provisions of ISO 27001 in terms of ensuring the integrity, availability and confidentiality of the information at all times.