Tesis Telecomunicaciones

Permanent URI for this collectionhttp://repositorio.uta.edu.ec/handle/123456789/34848

Browse

Filters

2023 - 20242

Settings

Subject: search.filters.subject.VULNERABILIDAD

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Honeynet para análisis, evaluación y tratamiento de riesgos cibernéticos en un sistema iot
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2024-08) Acosta Proaño, Yulisa Francisca; Sánchez Zumba, Andrea Patricia
    The security of home IoT systems is critical for protecting sensitive data and ensuring the integrity, availability, and confidentiality of information and devices. Nessus was utilized to analyze the vulnerabilities of the most common smart devices on the market. Based on these findings, a Honeynet was designed to expose these vulnerabilities and illustrate potential attacks on home IoT devices. Penetration tests were conducted to assess the security of devices within the home IoT system, as well as tests through the Honeynet, which included WiFi network hacking and control of IoT devices from the LAN. The honeypots deployed in the project are ConPot and CitrixHoneypot, which logged exploits of vulnerabilities CVE-2013-2566 and CVE-2015-2808. Additionally, a custom honeypot in Python was created to capture TCP SYN Flooding DoS attacks on port 6668/TCP utilizing the IRC service. The results of these tests were crucial in developing a risk treatment plan, based on a baseline model for data security, privacy of individuals, and IoT devices in home environments. A GAP analysis was conducted to determine the current state of the system. The risk treatment plan proposes specific controls and policies to mitigate identified risks and enhance the security of the IoT system, ensuring continuous and robust protection for IoT devices in smart homes.
  • No Thumbnail Available
    Item
    Evaluación de riesgos para un sistema de gestión de seguridad de la información en base a la Norma ISO/IEC 27001 aplicado a un proveedor de servicios de internet
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2023-09) Hidalgo Martinez, William David; Sánchez Zumba, Andrea Patricia
    Cybercrime is a constant threat to individuals and organizations worldwide, as it utilizes exposed techniques to steal confidential information, damage systems, and cause significant financial and reputational harm. The importance of cybersecurity is evident in the wake of the COVID-19 pandemic, as cybercriminals seek new ways to exploit vulnerabilities in systems and networks. One of the primary concerns is protecting sensitive data of companies and users. In today's digital age, it is crucial to safeguard against cyber threats and attacks, secure information, and ensure the integrity of systems and critical infrastructure. In the case of an ISP, Risk Assessment is important due to the critical nature of the data they handle. Risks may include unauthorized access to user information, data loss, online fraud, and damage to the organization's reputation. This assessment is comprehensive, considering factors such as confidentiality, integrity, and availability of information, as well as risks associated with processes and technology used based on the ISO/IEC 27001 standard. Since an ISP manages large amounts of customer and user data, it provides a framework for the establishment, implementation, maintenance, and continuous improvement against threats, vulnerability assessment, and the likelihood of occurrence for each risk, along with mitigation measures. Through Open Source technology, information assets are identified, and the evaluation of threats and vulnerabilities to which they are exposed is conducted. Additionally, the potential impact of a threat on the company is determined. With this information, appropriate information security measures are implemented to mitigate the identified risks.