Abstract
Nowadays, public and private organizations have demonstrated some sensibility in maintenance and security updates of their equipment. However, their main focus are servers and workstations, leaving network devices, such as routers and switches often forgotten in this process. This research addresses the vulnerabilities on network equipment, intending to evaluate their dimension, in Portugal’s City Halls and, after that, analyze and rate their impact according to taxonomies, such as CAPEC. This study also aims to set of vulnerabilities to reply, elucidate and sensitize not just City Halls ITs, but also other type of public and private organizations about the risks related to outdate network devices. The vulnerability demonstrations were done through the design of different scenarios, with real devices, installed in a mobile rack, called “Hack Móvel” and using network simulators. Each scenario was documented with multimedia contents, allowing teaching hacking techniques in network devices. As methodology, the study adopts the quantitative method, through the application of questionnaires applied to each City Hall, in order to collect relevant information about the device models and brands, as well as the firmware version they are really using. It is also adopted the quantitative method in order to perform tests with real users and evaluate the scenarios that were designed. Results show a really good acceptance of the “Hack Móvel” by users and their motivation to increase their knowledge on the computer security and hacking techniques field.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Seacord, R., Householder, A.: A Structures Approach to Classifying Security Vulnerabilities (2005). http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA430968. Accessed June 2018
CAPEC: Common Attack Pattern Enumeration and Classification. https://capec.mitre.org. Accessed Aug 2018
CWE: Common Weakness Enumeration. http://cwe.mitre.org. Accessed Aug 2018
CVE: Common Vulnerabilities and Exposures. https://cve.mitre.org. Accessed Aug 2018
CVSS: Common Vulnerability Scoring System. http://www.first.org/cvss. Accessed Aug 2018
Liebmann, L.: SNMP’s Real Vulnerability. Communication News, p. 50, April 2002
Agarwal, A.K., Wang, W.: An experimental study of the performance impact of path-based DoS attacks in wireless mesh networks. Mob. Netw. Appl. 15(5), 693–709 (2010)
Shivamalini, L., Manjunath, S.: An approach to secure hierarchical network using joint security and routing analysis. Int. J. Comput. Appl. 28(8) (2011). http://www.ijcaonline.org/volume28/number8/pxc3874752.pdf. Accessed July 2018
Stasinopoulos, A., Ntantogian, C., Xenakis, C.: The weakest link on the network: exploiting ADSL routers to perform cyber-attacks. IEEE (2013). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6781868&sortType%3Dasc_p_Sequence%26filter%3DAND(p_IS_Number%3A6781844). Accessed July 2018
National Statistical Institute. https://www.ine.pt/xportal/xmain?xpid=INE&xpgid=ine_destaques&DESTAQUESdest_boui=83328022&DESTAQUESmodo=2&xlang=en. Accessed July 2018
WSilicon Week. http://www.siliconweek.es/noticias/y-los-fabricantes-mas-valorados-de-routers-y-switches-son-52916. Accessed July 2018
CVE Details: The Ultimate Security Vulnerability Datasource. http://www.cvedetails.com. Accessed June 2018
Akram, O.K., Mohammed Jamil, N.F., Franco, D.J., Graça, A., Ismail, S.: How to Guide Your Research Using ONDAS Framework (2018)
Acknowledgments
Thanks to “Fundação para a Ciência e a Tecnologia” for grant through “UID/CEC/04668/2016-LISP.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Franco, D.J., Silva, R.M., Muhammed, A., Akram, O.K., Graça, A. (2020). Network Security Evaluation and Training Based on Real World Scenarios of Vulnerabilities Detected in Portuguese Municipalities’ Network Devices. In: Madureira, A., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds) Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). SoCPaR 2018. Advances in Intelligent Systems and Computing, vol 942. Springer, Cham. https://doi.org/10.1007/978-3-030-17065-3_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-17065-3_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17064-6
Online ISBN: 978-3-030-17065-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)