Ingeniería en Sistemas, Electrónica e Industrial

Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1

Browse

Filters

2022 - 20255

Settings

Start date: 2020Subject: search.filters.subject.VULNERABILIDADES

Search Results

Now showing 1 - 5 of 5
  • No Thumbnail Available
    Item
    Sistema de detección de intrusos (ids) para fortalecer la seguridad informática en la empresa Ambacar
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2025-02) Balseca Castro Josué Guillermo; Sánchez Zumba Andrea Patricia
    Network security in corporate environments is crucial to safeguarding and ensuring the confidentiality, integrity, and availability of data and services, addressing a growing concern in cybersecurity. The development of an Intrusion Detection System (IDS) emerges as an effective solution to mitigate threats in a corporate setting. The methodology applied consisted of three stages. The first stage involved legal agreements, a grey-box reconnaissance phase, and threat analysis. Tools like Nmap were utilized, and under the PTE’s methodology, several critical vulnerabilities were identified in services such as SMB, OpenSSH, RDP, and insecure SSL configurations, which exposed corporate data to potential MiTM and DoS attacks. The second stage focused on the implementation and configuration of the IDS using Suricata, alongside the integration of a visualization system with the ELK Stack. Finally, in the third stage, the IDS’s functionality was validated through simulated attacks, including Slowloris exploits, EternalBlue, DoS attacks, and MiTM scenarios. After allowing the IDS to mature, a high volume of events from legitimate traffic was identified, leading to the implementation of thresholds to filter events and prioritize critical alerts. This optimization enhanced the system’s efficiency in detecting real threats, ensuring more accurate responses. By the end of the process, the system achieved 100% precision in threat detection with an average response time of 25.16 seconds. It enabled the generation of precise alerts and detailed reports, which will be utilized by IT personnel for audits.
  • No Thumbnail Available
    Item
    Análisis de vulnerabilidades mediante pruebas de penetración en los servidores del departamento financiero de la Empresa Eléctrica Ambato Regional Centro Norte S.A.
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2024-08) Ruilova Romero, Rosana Emperatriz; Buenaño Valencia, Edwin Hernando
    The purpose of this research project is to conduct a vulnerability analysis on the servers of the Financial Department of Empresa Eléctrica Ambato Regional Centro Norte S.A., which will allow for the mitigation of risks associated with the loss or leakage of information. For the development of the project, the Deming Cycle, also known as PDCA (Plan, Do, Check, Act), is used. This methodology ensures effective management and continuous improvement of the research. By complementing the Deming Cycle with the specific phases of pentesting, systematic control of each stage is guaranteed, namely: Reconnaissance, Vulnerability Analysis, Exploitation, Privilege Escalation, and Reporting. The integration of the PDCA methodology with the phases of a pentesting project guarantees efficient management, oriented towards continuous improvement and the protection of the Financial Department's IT systems. With the development of the research, IT security improvements will be implemented on the Financial Department's servers, mitigating risks to services and ensuring the availability of information. This research allows for the identification and correction of critical vulnerabilities, which contributes to maintaining a more secure IT infrastructure. In doing so, digital assets are safeguarded, and the trust and satisfaction of all clients are reinforced.
  • No Thumbnail Available
    Item
    Hacking ético para la detección de vulnerabilidades mediante la utilización de herramientas Open Source en la red inalámbrica de la Unidad Educativa Pelileo
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2024-02) Núñez López, Shirley de los Angeles; Torres Valverde, Leonardo David
    In today's digital age, the use of wireless technologies has transformed the way we connect. Every day, thousands of people access the network through devices such as smartphones and laptops. However, with this increase in connectivity, cybercriminals are looking to exploit vulnerabilities to access sensitive data, compromise privacy and, in extreme cases, carry out broader attacks, both commercially and domestically. This research project aims to find vulnerabilities by penetration testing the Wi Fi network of the Pelileo Educational Unit for threat analysis, assessing the reliability, integrity and accessibility of the information and network. During the development, in the evaluation phase following the ISSAF methodology, controlled intrusion tests such as brute force attack, Evil Twin attack, denial of service and Man-in-the-Middle are performed. Specific OWISAM security controls are applied and Open Source tools such as Aircrack-ng and Ettercap, essential for the execution of these tests, are selected. The results obtained from these evaluations provide the network security status. In summary, this work stands out for its practical approach, applying intrusion attacks by determining weaknesses affecting the Wi-Fi network in an educational context. The proposal contributes to the field of cybersecurity by providing a specific methodology to analyze and strengthen wireless networks in similar environments.
  • No Thumbnail Available
    Item
    Soluciones de seguridad en sistemas iot de hogares inteligentes para mitigar riesgos y vulnerabilidades mediante la realización de pruebas de penetración
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2024-02) Araujo Robalino, María Isabel; Cuji Rodríguez, Julio Enrique
    The Internet of Things (IoT) is revolutionizing the intercommunication between smart home devices. However, the security of these systems faces security challenges as more devices are incorporated, so effective solutions are needed to protect sensitive data and information integrity. The IoT system designed for this research is made up of a variety of devices common in smart homes, such as lights, switches, plugs, security cameras, motion sensors, and an "Alexa" voice assistant. Penetration testing on this system uses the Stride model, which analyzes six categories of threats: spoofing, data tampering, repudiation, information disclosure, denial of service, and elevation of privilege; to identify specific risks and vulnerabilities. Based on these results, measures are established to ensure the security of the system, including limiting access to authorized devices, assigning static IP addresses, and strong passwords in the router's configuration. In addition, specific tools are incorporated in the machine to monitor and control data traffic, allowing users to supervise their network’s status. The evaluation of the effectiveness of these measures reveals a mitigation of vulnerabilities of up to 64,052% in the total system. This highlights the effectiveness of the security measures applied. This high percentage of mitigation evidences the robustness of the system in protecting against possible attacks and guarantees a more secure environment for the system's IoT devices
  • No Thumbnail Available
    Item
    Evaluación de seguridad del sistema de video vigilancia de la empresa ECUASEG
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Electrónica y Comunicaciones, 2022-09) Velasteguí Vásquez, Edwin Aníbal; Sánchez Zumba, Andrea Patricia
    Connectivity in recent years has increased, causing almost all devices such as cameras, alarms, electric intercoms are connected to the internet for user manipulation, viewing and control, Despite the great benefits that connectivity provides, it leaves gaps that cybercriminals take advantage of to steal information and compromise equipment. That is why, this project is focused on performing an analysis of the video surveillance system of the company ECUASEG in order to determine the vulnerabilities of the system through the tools provided by ethical hacking, in order to define guiding procedures to anticipate possible attacks on the Company. Where the research focused on the detection of vulnerabilities, threats and risks of the video surveillance system in the company ECUASEG, through 6 phases: recognition, exploration, gaining access, maintaining access, keep hidden and report to evaluate the security of the video surveillance system where the importance of cybersecurity in systems, technological infrastructure, etc.