Ingeniería en Sistemas, Electrónica e Industrial
Permanent URI for this communityhttp://repositorio.uta.edu.ec/handle/123456789/1
Browse
7 results
Search Results
Item Sistema de detección de intrusos (ids) para fortalecer la seguridad informática en la empresa Ambacar(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2025-02) Balseca Castro Josué Guillermo; Sánchez Zumba Andrea PatriciaNetwork security in corporate environments is crucial to safeguarding and ensuring the confidentiality, integrity, and availability of data and services, addressing a growing concern in cybersecurity. The development of an Intrusion Detection System (IDS) emerges as an effective solution to mitigate threats in a corporate setting. The methodology applied consisted of three stages. The first stage involved legal agreements, a grey-box reconnaissance phase, and threat analysis. Tools like Nmap were utilized, and under the PTE’s methodology, several critical vulnerabilities were identified in services such as SMB, OpenSSH, RDP, and insecure SSL configurations, which exposed corporate data to potential MiTM and DoS attacks. The second stage focused on the implementation and configuration of the IDS using Suricata, alongside the integration of a visualization system with the ELK Stack. Finally, in the third stage, the IDS’s functionality was validated through simulated attacks, including Slowloris exploits, EternalBlue, DoS attacks, and MiTM scenarios. After allowing the IDS to mature, a high volume of events from legitimate traffic was identified, leading to the implementation of thresholds to filter events and prioritize critical alerts. This optimization enhanced the system’s efficiency in detecting real threats, ensuring more accurate responses. By the end of the process, the system achieved 100% precision in threat detection with an average response time of 25.16 seconds. It enabled the generation of precise alerts and detailed reports, which will be utilized by IT personnel for audits.Item Testbed para el aprendizaje de informática forense(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Telecomunicaciones, 2025-02) Robalino Gavilanes Victor Guillermo; Manzano Villafuerte Víctor SantiagoThe research addresses the cybersecurity talent gap in Latin America and in the field of computer forensics, problems and challenges are identified as the shortage of resources and training, this research expresses the need for a strengthening of the National Cybersecurity Strategy of Ecuador through investment and education. As a main objective to implement a test environment for learning computer forensics. The methodological approach will combine a local environment and a cloud of resources to maximize analysis capabilities and preserve the integrity of evidence, thus providing a comprehensive system for computer forensics education. In this paper, the steps of the practical forensic analysis process performed in the research, from the configuration of controlled attack scenarios on local virtual machines to advanced analysis in the cloud through AWS services, have been presented as results. Through practical guides, the key-steps were explained, including evidence collection, subsequent transfer ensuring integrity through hash values and its processing on EC2 instances. As simulation and experimentation using cloud platforms was developed, tools and technologies deployable in both cloud and on-premises environments were integrated, creating practical guidelines to address the acquisition of digital forensics skills for both academic and professional audiences.Item Evaluación de riesgos y vulnerabilidades aplicando técnicas de pentesting en los dispositivos smart tv del barrio Pucará en la parroquia Ambatillo.(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2024-02) Matza Masabalin, Jonathan Israel; Torres Valverde, Leonardo DavidCurrently, smart devices, especially Smart TVs, have seen a significant increase in homes. These devices offer a wide range of functions that go beyond simple television viewing, including Internet access, streaming content, games and interactive applications, however, the lack of security standards and users' lack of awareness of attacks , have created an open door for possible cyber threats since these devices not only serve to display content, but are also interconnected with home networks and store personal data. The objective of this work is to carry out Pentesting tests through the OWASP methodology, using specialized tools such as Wireshark, Nmap, Nessus, Metasploit, Ettercap and ADB, thus evaluating security by performing penetration tests on smart home devices. The ultimate goal is to provide concrete recommendations and security measures to establish practices and policies that protect the integrity of users, raising awareness about the risks and providing them with tools to improve security in the digital home environment.Item Hacking ético para la detección de vulnerabilidades mediante la utilización de herramientas Open Source en la red inalámbrica de la Unidad Educativa Pelileo(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2024-02) Núñez López, Shirley de los Angeles; Torres Valverde, Leonardo DavidIn today's digital age, the use of wireless technologies has transformed the way we connect. Every day, thousands of people access the network through devices such as smartphones and laptops. However, with this increase in connectivity, cybercriminals are looking to exploit vulnerabilities to access sensitive data, compromise privacy and, in extreme cases, carry out broader attacks, both commercially and domestically. This research project aims to find vulnerabilities by penetration testing the Wi Fi network of the Pelileo Educational Unit for threat analysis, assessing the reliability, integrity and accessibility of the information and network. During the development, in the evaluation phase following the ISSAF methodology, controlled intrusion tests such as brute force attack, Evil Twin attack, denial of service and Man-in-the-Middle are performed. Specific OWISAM security controls are applied and Open Source tools such as Aircrack-ng and Ettercap, essential for the execution of these tests, are selected. The results obtained from these evaluations provide the network security status. In summary, this work stands out for its practical approach, applying intrusion attacks by determining weaknesses affecting the Wi-Fi network in an educational context. The proposal contributes to the field of cybersecurity by providing a specific methodology to analyze and strengthen wireless networks in similar environments.Item Aplicación del proceso threat hunting para la detección de vulnerabilidades y contramedidas en la infraestructura de red del Cuerpo de Bomberos de Ambato.(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Tecnologías de la Información, 2023-09) Avilés Vasco, Bryan Jardiel; Sánchez Zumba, Andrea PatriciaThe security of the network infrastructure of Ambato Fire Department takes on a vital role, as it houses sensitive and strategic data for the functioning of its operations. Given the constant increase in cyberattacks and the ongoing evolution of tactics employed by malicious actors, it is essential to have an effective strategy that enables the identification and mitigation of threats in real time. In this context, this work proposes the development of a comprehensive manual to implement the Threat Hunting process in the network of Ambato Fire Department. Utilizing a variety of specialized cybersecurity tools such as Wireshark, Nessus, and Advanced IP Scanner. Additionally, a manual analysis of log files was conducted, delving into the understanding of their handling and their relevance in the realm of cybersecurity. As a complement, a Python code was developed to enhance the analysis, with the purpose of identifying and addressing vulnerabilities that could jeopardize the solidity of the network infrastructure. This approach not only allowed for the detection of security weaknesses but also paved the way for the planning of various countermeasures aimed at strengthening the identified susceptible points in the network. Finally, the process was documented to ensure the traceability and replicability of the undertaken actions.Item Procedimiento de gestión para ciberseguridad en la infraestructura tecnológica del sector financiero segmento 1 regulado por la Superintendencia de Economía Popular y Solidaria (SEPS) en el cantón Ambato – Ecuador(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Ingeniería en Sistemas Computacionales e Informáticos, 2021-09) Quispe García, Christian Paul; Urrutia Urrutia, Elsa PilarCurrently, technological evolution generates risks such as computer incidents, loss of functionality in technological tools, cyberattacks, theft or hacking of information and fraud. That is why, this work determines a management procedure for cybersecurity according to the analysis of network monitoring tools. In this sense, the phases for the management of cybersecurity risks are established based on the case study. To this end, documents in Spanish and English indexed in databases such as: Journal of Cyber Security Technology, Science Direct, Scopus, Springer, Espacios and ProQuest were reviewed. Next, the analysis of the literature allowed to support the object of study and consolidate the results based on the monitoring and network analysis tools according to the basic approach of the Magerit Methodology. In conclusion, the research reflects the importance of a management procedure for cybersecurity in the technological infrastructure of the financial sector in order to safeguard functions such as availability, authenticity, integrity and confidentiality.Item Los ataque informáticos y su incidencia en la seguridad de servidores con Sistema Operativo Linux de Entidades de Gobierno Local(Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Maestría en Gerencia de Sistemas de Información, 2019) Aguilar Feijóo, Francisco Javier; Hurtado Vargas, Luis Fabiána presente investigación tuvo como finalidad determinar la incidencia de los ataques informáticos en los servidores con sistema operativo Linux del Gobierno Autónomo Descentralizado de la Provincia de Orellana (GADPO), para lo cual inicialmente se determinó los ataques informáticos más comunes que han afectado a las organizaciones los últimos años. Fue de gran utilidad el uso del cuadrante mágico de Gartner para conocer las empresas líderes del mercado en lo que respecta a seguridad informática, para a partir de sus reportes estadísticos publicados obtener los ataques informáticos a ser estudiados. Se estableció, como ataques informáticos objeto de estudio, los ataques de pishing y Distributed Denial of Service (DDoS). Para realizar los ataques de phishing se utilizó la herramienta Social Engineer Toolkit (SET), la misma que permitió cuantificar la cantidad de usuarios afectados por el ataque. Los ataques informáticos DDoS SYN Flood fueron realizados utilizando la herramienta hping3 para inundar la red de datos, y Multi Router Traffic Grapher (MRTG) para cuantificar el uso de ancho de banda que originaba el ataque. Con los resultados obtenidos de los ataques de phishing y DDoS SYN Flood, mediante la aplicación de la metodología de gestión de riesgos de los sistemas de información (MAGERIT) se procedió a calcular la vulnerabilidad impacto y riesgo que los ataques informáticos provocaban en los servidores Linux del GADPO. Para mitigar los efectos de los ataques informáticos estudiados, se propuso en el caso de phishing un plan de concientización y entrenamiento basado en la “NIST SP 800-50 Construcción de un Programa de Concientización y Entrenamiento de Seguridad de Tecnologías de Información” del Instituto Nacional de Estándares y Tecnología (NIST) del Departamento de Comercio de los Estados Unidos, que fue aplicado a los funcionarios del GADPO. En lo que respecta al ataque DDoS de tipo SYN Flood, se utilizó reglas de iptables que fueron configuradas en el servidor firewall, equipo que fue objetivo de este tipo de ataques por ser considerado un servicio crítico que, en caso de verse comprometido, provocaría el colapso de la red de datos.