ANÁLISIS Y DETECCIÓN DE VULNERABILIDADES EN LOS SERVIDORES PÚBLICOS DEL CENTRO DE CÓMPUTO DE LA EMPRESA INTERMEDIARIA DE VENTAS UTILIZANDO LA METODOLOGÍA INTERNACIONAL OSSTMM
Fecha
2015-11
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad de Guayaquil Facultad de Ciencias Matemáticas y Físicas Carrera de Ingeniería en Networking y Telecomunicaciones
Resumen
El siguiente proyecto de tesis está aplicado a una empresa comercializadora de
prendas de vestir y tiene como objetivo realizar un estudio para determinar los
puntos vulnerables y grados de acceso que tendría un atacante en la
organización, así como incidentes que involucren la fuga o perdida de
información que pueden ser accidentales o provocados, siendo esto de vital
importancia para la continuidad de los servicios que presta la empresa.
Con los resultados obtenidos de este análisis podremos establecer medidas de
seguridad que nos permitan minimizar riesgos en la operatividad de la
organización evitando así la fuga de información sensible lo que puede
desencadenar en daños incalculables.
Por esta razón para el tratamiento de este tema se utilizó el Manual de la
metodología Abierta de Testeo de Seguridad (OSSTMM) el cual nos permitirá
destacar las áreas donde se puedan concentrar la mayoría de los ataques a la
red y así pueden crear las bases correctivas y las acciones preventivas para
evitar esos ataques, por otro lado hemos rescatado una herramienta de
seguridad informática “NESSUS”, esta selección se ha realizado debido a que
es un analizador de seguridad de redes potente y fácil de usar, con una amplia
base de datos que nos permite hacer pruebas y determinar si nuestra red o
equipo tiene fallos de seguridad, el cual no solo nos informara que
vulnerabilidades de seguridad existen y el nivel de riesgo (alto, medio, bajo) de
cada una de ellas, sino que también nos notificara sobre como mitigarlas
ofreciendo soluciones.
The following thesis project involves analysis and detection of vulnerabilities on public servers datacenter ENTERPRISE MIDDLE OF USING THE INTERNATIONAL SALES OSSTMM Methodology, applied to a marketer of apparel, it aims to conduct a study to identify vulnerabilities and degrees of access that an attacker would have on the organization as well as incidents involving the leaking or loss of data that can be accidental or deliberate, this being vital for the continuity of services provided by the company. Performing this analysis can identify weaknesses or vulnerabilities that could be used by malicious individuals to steal sensitive information from any organization which could mean immeasurable damage to any institution that suffer these attacks. For this reason to treat this issue the Manual of the Open Source Security Testing Methodology (OSSTMM) which will allow us to highlight areas where they can concentrate the majority of network attacks used and thus can create corrective foundation and preventive measures to prevent such attacks, on the other hand we have rescued a tool of security "NESSUS" This selection was made because it is a security scanner powerful and easy network to use, with a large database that allows us to test and determine if our network or computer has security flaws, which not only inform us that there are security vulnerabilities and the risk level (high, medium, low) of each, but we also notify offering solutions on how to mitigate them.
The following thesis project involves analysis and detection of vulnerabilities on public servers datacenter ENTERPRISE MIDDLE OF USING THE INTERNATIONAL SALES OSSTMM Methodology, applied to a marketer of apparel, it aims to conduct a study to identify vulnerabilities and degrees of access that an attacker would have on the organization as well as incidents involving the leaking or loss of data that can be accidental or deliberate, this being vital for the continuity of services provided by the company. Performing this analysis can identify weaknesses or vulnerabilities that could be used by malicious individuals to steal sensitive information from any organization which could mean immeasurable damage to any institution that suffer these attacks. For this reason to treat this issue the Manual of the Open Source Security Testing Methodology (OSSTMM) which will allow us to highlight areas where they can concentrate the majority of network attacks used and thus can create corrective foundation and preventive measures to prevent such attacks, on the other hand we have rescued a tool of security "NESSUS" This selection was made because it is a security scanner powerful and easy network to use, with a large database that allows us to test and determine if our network or computer has security flaws, which not only inform us that there are security vulnerabilities and the risk level (high, medium, low) of each, but we also notify offering solutions on how to mitigate them.
Descripción
Adobe
Palabras clave
Metodología abierta de testeo, Seguridad, OSSTMM, NESSUS