research-article

Vulnerability Analysis of the Exposed Public IPs in a Higher Education Institution

Authors:

Agustín Chancusi,

Damián NicolaldeAuthors Info & Claims

ICCNS '20: Proceedings of the 2020 10th International Conference on Communication and Network Security

Pages 83 - 90

https://doi.org/10.1145/3442520.3442523

Published: 13 March 2021 Publication History

Abstract

Public IP addresses from a private or public higher education institution receive large amounts of network traffic. However, the data network is vulnerable to the possibility of security attacks.

This study develops a case in a practical way based in the use of the Advance IP Scanner and Shodan software tools, and following a methodology that consists of discovering an education institution IP network and scanning its hosts of interest to then find the security vulnerabilities of the main network addresses.

From a statistical universe consisting of the entire range of IP addresses in the institution's network, a group of hosts of interest were defined as a sample set for further examination. On that base, the aim of this study is to analyze and classify the obtained vulnerabilities information by severity of the vulnerability for each found host using the described methodology, in order to obtain statistics at a host level and at the entire network level of the vulnerabilities by severity and quantity. It is concluded that most of the hosts have vulnerabilities in their Apache servers’ HTTP daemons, and they cause in a high percentage of them having vulnerabilities at the Critical level.

References

[1]

Avellán, N. & Zambrano, M. (2019). Ciberseguridad y su Aplicación en las Instituciones de Educación Superior Públicas de Manabí. (Master's Thesis). Escuela Superior Politécnica Agropecuaria de Manabí Manuel Félix López. Ecuador.

[2]

Harrell, C. R., Patton, M., Chen, H., & Samtani, S. (2018, November). Vulnerability Assessment, Remediation, and Automated Reporting: Case Studies of Higher Education Institutions. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) (pp. 148-153). IEEE.

Digital Library

[3]

Thakre, S., & Bojewar, S. (2018, July). Studying the Effectiveness of Various Tools in Detecting the Protecting Mechanisms Implemented in Web-Applications. In 2018 International Conference on Inventive Research in Computing Applications (ICIRCA) (pp. 1316-1321). IEEE.

[4]

Hasselquist, D., Rawat, A., & Gurtov, A. (2019). Trends and Detection Avoidance of Internet-Connected Industrial Control Systems. In IEEE Access, vol. 7, pp. 155504-155512.

[5]

Shodan: The Search Engine of the Internet of Things. Retrieved on April 5, 2020 at https://www.shodan.io/

[6]

Nmap Reference Guide. Retrieved on April 5, 2020 at https://nmap.org/book/man.html

[7]

Masscan Examples: From Installation to Everyday Use. Retrieved on April 5, 2020 at https://danielmiessler.com/study/masscan/

[8]

Green, A., & Woszczynski, A. (2019). Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems. In Communications of the Association for Information Systems (forthcoming), In Press.

[9]

Altaf, I., ul Rashid, F., Dar, J. A., & Rafiq, M. (2015, October). Vulnerability assessment and patching management. In 2015 International Conference on Soft Computing Techniques and Implementations (ICSCTI) (pp. 16-21). IEEE.

[10]

Tundis, A., Mazurczyk, W., & Mühlhäuser, M. (2018, August). A Review of Network Vulnerabilities Scanning Tools: Types, Capabilities and Functioning. In Proceedings of the 13th International Conference on Availability, Reliability and Security (pp. 1-10). IEEE.

Digital Library

[11]

Albataineh, A., & Alsmadi, I. (2019, June). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM) (pp. 1-5). IEEE.

[12]

Azú, R. (2019). Internet de las Cosas - Análisis de Vulnerabilidades de Dispositivos que se Pueden Visualizar en SHODAN: Caso de estudio Ecuador. (University Thesis). Universidad Estatal de Milagro. Ecuador.

[13]

Nessus Professional. #1 Vulnerability Assessment Solution. Retrieved on April 5, 2020 at https://www.tenable.com/products/nessus/nessus-professional

[14]

Piza, J. (2019). Estudio de las Amenazas y Vulnerabilidades de la Red Informática del Centro de Salud de Barreiro. (University Thesis). Universidad Técnica de Babahoyo. Ecuador.

[15]

Dávila, M. & Muñoz, M. (2019). Plan de Mejora ante Vulnerabilidades Encontradas en Implementaciones de Sistemas Gestores de Bases de Datos. (Master's Thesis). Escuela Superior Politécnica Agropecuaria de Manabí Manuel Félix López. Ecuador.

[16]

Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017, December). Vulnerability Scanning of IoT Devices in Jordan using Shodan. In 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS) (pp. 1-6). IEEE.

[17]

Debebe, H. G. (2019), Security Testing Of Ethiopian E-Governmental Websites Using Penetration Testing Tools. (Master's Thesis). Near East University. Turkish Republic of Northern Cyprus.

[18]

Vlajic, N., & Zhou, D. (2018). IoT as a Land of Opportunity for DDoS Hackers. In Computer, vol. 51, no. 7, pp. 26-34.

[19]

Acunetix: Is your Website Vulnerable to Hacks?. Retrieved on April 5, 2020 at https://www.acunetix.com/web-vulnerability-scanner/

[20]

Vega Vulnerability Scanner. Retrieved on April 5, 2020 at https://subgraph.com/vega/

[21]

NetSparker. Check the security of your web assets. Retrieved on April 5, 2020 at https://www.netsparker.com/scan-website-security-issues/

[22]

Vyamajala, S., Mohd, T. K., & Javaid, A. (2018, May). A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning. In 2018 IEEE International Conference on Electro/Information Technology (EIT) (pp. 0198-0202). IEEE.

[23]

Chabla, R. (2019). Análisis de Vulnerabilidades en Redes Inalámbricas Mediante Test de Intrusión Wifi-Pineapple y Metodologías de Seguridad Informática OWISAM y OSSTMM para el Aeropuerto José Joaquín de Olmedo de la Ciudad de Guayaquil. (University Thesis). Universidad de Guayaquil. Ecuador.

Cited By

Suarez LAlshubrumi DO’Connor TSudhakaran S(2024)Unsafe at any Bandwidth: Towards Understanding Risk Factors for Ransomware in Higher EducationProcedia Computer Science10.1016/j.procs.2024.06.097238(815-820)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.06.097
Kaushik KPunhani ISharma SMartolia M(2022)An Advanced Approach for performing Cyber Fraud using Banner Grabbing2022 5th International Conference on Contemporary Computing and Informatics (IC3I)10.1109/IC3I56241.2022.10072445(298-302)Online publication date: 14-Dec-2022
https://doi.org/10.1109/IC3I56241.2022.10072445

Recommendations

Global Network Security: A Vulnerability Assessment of Seven Popular Outsourcing Countries
GREENCOM '12: Proceedings of the 2012 IEEE International Conference on Green Computing and Communications

With increasingly more businesses engaging in offshore outsourcing, organisations need to be made aware of the global differences in network security, before entrusting a nation with sensitive information. In July 2011, Syn and Nackrst1 explored this ...
Call in the Cyber National Guard!

Today, it's not clear how the US would respond to a well-orchestrated cyberattack. A few National Guard units around the US are prepared to help thwart cyberattacks, but their numbers are small. Perhaps it's time to consider creating an organized cadre ...
An OVAL-based active vulnerability assessment system for enterprise computer networks

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCNS '20: Proceedings of the 2020 10th International Conference on Communication and Network Security

November 2020

145 pages

ISBN:9781450389037

DOI:10.1145/3442520

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCNS 2020

ICCNS 2020: 2020 the 10th International Conference on Communication and Network Security

November 27 - 29, 2020

Tokyo, Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
129
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Suarez LAlshubrumi DO’Connor TSudhakaran S(2024)Unsafe at any Bandwidth: Towards Understanding Risk Factors for Ransomware in Higher EducationProcedia Computer Science10.1016/j.procs.2024.06.097238(815-820)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.06.097
Kaushik KPunhani ISharma SMartolia M(2022)An Advanced Approach for performing Cyber Fraud using Banner Grabbing2022 5th International Conference on Contemporary Computing and Informatics (IC3I)10.1109/IC3I56241.2022.10072445(298-302)Online publication date: 14-Dec-2022
https://doi.org/10.1109/IC3I56241.2022.10072445

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents