A Comprehensive Analysis of Cybersecurity Infrastructure in Academic Environments

This paper addresses a comprehensive analysis of cybersecurity systems in academic environments taking as a case study the domains: “www. ups. edu. ec”, “cas. ups. edu. ec”, “virtual. ups. edu. ec” y “dspace. ups. edu. ec”, of the Salesian Polytechnic University, using specialized tools such as Kali Linux and Nessus. Through these technologies, critical aspects of the system’s security are evaluated: its ability to resist attacks, how effective its defense mechanisms are, and its capacity to identify exploitable weak points. A novel methodology is applied to evaluate the security of the system, using emerging technologies and innovative techniques. During the research, several vulnerabilities were identified covering the four studied domains. These were classified using the CVSS (Common Vulnerability Scoring System) rating protocol, which allowed the most critical ones to be prioritized and addressed first. In addition, a scan of open ports was performed to recognize possible unauthorized access points. As part of the security testing, a simulation of an email phishing attack was carried out by cloning the Salesian University access website, in order to assess users’ susceptibility to this threat. Domain security analysis revealed critical vulnerabilities, including an outdated version of PHP and possible remote code execution (CVSS 9.8-10) in “virtual. ups. edu. ec”. SSL/TLS security issues were also detected, such as the use of weak ciphers and outdated versions of TLS (CVSS up to 7.5). In addition, medium risks related to lack of HSTS and vulnerabilities in PHP and jQuery were found, along with weaker SSH configurations of lesser impact (CVSS 2.6-3.7). These results show the need for security updates and improvements.