Análisis y evaluación de la seguridad en la red de la Unidad Educativa Salesiana Cardenal Spellman, utilizando herramientas de Ingeniería social, y recomendar medidas preventivas.

Abstract

The goal of this project is to analyze the information security of the network of the Unidad Educativa Salesiana Cardenal Spellman, using techniques and tools of Social Engineering, which allow evading protection in hardware and software, since these attacks go straight to the user. Two test scenarios implemented in different areas of the institution were designed. Two methodologies were used Pilot Project and Cyber Kill Chain. In the first scenario, the administrative personnel were attacked with Social-Engineer Toolkit (SET) that it was used to clone the access page to Google accounts and the Esemtia academic system, in which a 40% success rate was obtained, as result of this, the credentials captured was used in a theft identity attack. In the second scenario, the Phishing and Pretexting techniques were used to send a fake message, offering free training to teachers, 29.6% success was obtained by email and 8% through WhatsApp, personal and work information was obtained, then family and residential data was found with the help of Social Networks and Google's services. As final results provide recommendations to prevent social engineering attacks and resolve the vulnerabilities found, to raise awareness in the educational community of the risks involved in not having the right knowledge of information management and don't have an own security policy's in the UESCS.