Advertisement

Network Security Evaluation and Training Based on Real World Scenarios of Vulnerabilities Detected in Portuguese Municipalities’ Network Devices

  • Daniel José FrancoEmail author
  • Rui Miguel SilvaEmail author
  • Abdullah Muhammed
  • Omar Khasro Akram
  • Andreia Graça
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)

Abstract

Nowadays, public and private organizations have demonstrated some sensibility in maintenance and security updates of their equipment. However, their main focus are servers and workstations, leaving network devices, such as routers and switches often forgotten in this process. This research addresses the vulnerabilities on network equipment, intending to evaluate their dimension, in Portugal’s City Halls and, after that, analyze and rate their impact according to taxonomies, such as CAPEC. This study also aims to set of vulnerabilities to reply, elucidate and sensitize not just City Halls ITs, but also other type of public and private organizations about the risks related to outdate network devices. The vulnerability demonstrations were done through the design of different scenarios, with real devices, installed in a mobile rack, called “Hack Móvel” and using network simulators. Each scenario was documented with multimedia contents, allowing teaching hacking techniques in network devices. As methodology, the study adopts the quantitative method, through the application of questionnaires applied to each City Hall, in order to collect relevant information about the device models and brands, as well as the firmware version they are really using. It is also adopted the quantitative method in order to perform tests with real users and evaluate the scenarios that were designed. Results show a really good acceptance of the “Hack Móvel” by users and their motivation to increase their knowledge on the computer security and hacking techniques field.

Keywords

Pentest Audits to information systems Network devices Network security Network vulnerabilities Security training 

Notes

Acknowledgments

Thanks to “Fundação para a Ciência e a Tecnologia” for grant through “UID/CEC/04668/2016-LISP.

References

  1. 1.
    Seacord, R., Householder, A.: A Structures Approach to Classifying Security Vulnerabilities (2005). http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA430968. Accessed June 2018
  2. 2.
    CAPEC: Common Attack Pattern Enumeration and Classification. https://capec.mitre.org. Accessed Aug 2018
  3. 3.
    CWE: Common Weakness Enumeration. http://cwe.mitre.org. Accessed Aug 2018
  4. 4.
    CVE: Common Vulnerabilities and Exposures. https://cve.mitre.org. Accessed Aug 2018
  5. 5.
    CVSS: Common Vulnerability Scoring System. http://www.first.org/cvss. Accessed Aug 2018
  6. 6.
    Liebmann, L.: SNMP’s Real Vulnerability. Communication News, p. 50, April 2002Google Scholar
  7. 7.
    Agarwal, A.K., Wang, W.: An experimental study of the performance impact of path-based DoS attacks in wireless mesh networks. Mob. Netw. Appl. 15(5), 693–709 (2010)CrossRefGoogle Scholar
  8. 8.
    Shivamalini, L., Manjunath, S.: An approach to secure hierarchical network using joint security and routing analysis. Int. J. Comput. Appl. 28(8) (2011). http://www.ijcaonline.org/volume28/number8/pxc3874752.pdf. Accessed July 2018
  9. 9.
    Stasinopoulos, A., Ntantogian, C., Xenakis, C.: The weakest link on the network: exploiting ADSL routers to perform cyber-attacks. IEEE (2013). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6781868&sortType%3Dasc_p_Sequence%26filter%3DAND(p_IS_Number%3A6781844). Accessed July 2018
  10. 10.
  11. 11.
  12. 12.
    CVE Details: The Ultimate Security Vulnerability Datasource. http://www.cvedetails.com. Accessed June 2018
  13. 13.
    Akram, O.K., Mohammed Jamil, N.F., Franco, D.J., Graça, A., Ismail, S.: How to Guide Your Research Using ONDAS Framework (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Daniel José Franco
    • 1
    Email author
  • Rui Miguel Silva
    • 2
    Email author
  • Abdullah Muhammed
    • 1
  • Omar Khasro Akram
    • 3
  • Andreia Graça
    • 2
  1. 1.Faculty of Computer Science and Information TechnologyUniversity Putra Malaysia (UPM)SerdangMalaysia
  2. 2.Lab UbiNET/LISPPolytechnic Institute of BejaBejaPortugal
  3. 3.Faculty of Design and ArchitectureUniversity Putra Malaysia (UPM)SerdangMalaysia

Personalised recommendations