Navegando por Autor "Vieira, Yago Dyogennes Bezerra"

Filtrar resultados informando o último nome do autor
Agora exibindo 1 - 2 de 2
  • Imagem de Miniatura
    Item
    Teste de Invasão: um relato de experiência em uma instituição pública de ensino no Brasil
    (2019) Silva, Thiago Francisco de Andrade; D’Emery, Richarlyson Alves; Vieira, Yago Dyogennes Bezerra; http://lattes.cnpq.br/3553920177544450; http://lattes.cnpq.br/7444148155690420
    Currently, the use of technologies grows in institutions making them susceptible to attacks that put their assets at risk, consequently, information security in the environment is demanded. Confidential information leaked and unavailability of acess can cause financial damage and the reputation of an organization. In this sense, intrusion tests are tools that allow validating information security in these environments, through the collection information on the network, mapping and exploiting vulnerabilities by analyzing assets of the organization, ranking the threats and their possible impact on the institution, classify and suggest solutions within the environment. Given this scenario, this monograph discusses and presents the use of pentest intrusion test in the prevention of cyber attacks to organizations, especially to a public educational institution. A survey was carried out on network information, that is, a mapping of vulnerabilities in the environment. The tools in Kali Linux were used: Nmap, Nbtscan, Nessus, Metasploit e Aircrack-ng. Although the mapping points to several vulnerabilities, stand out the NFS Exported Share Information Disclosure and Microsoft Windows SMB Sahres Unprivileged Acess, wich are considered as critical and high risk severity, respectively. Finally, suggestions are presented for the necessary solutions.
  • Imagem de Miniatura
    Item
    Utilização de pentest na prevenção de ataques cibernéticos às organizações
    (2018) Vieira, Yago Dyogennes Bezerra; D'Emery, Richarlyson Alves; http://lattes.cnpq.br/3553920177544450
    With the evolution of technology, new devices are created, more users connect to the Internet and become addicted. Black hats have found that information and data are valuable to users and businesses and use knowledge for illicit purposes, stealing data, leaving companies totally inoperable after attacks, achieving profit or even competitive advantage. Knowing that no system is totally safe, criminals are looking for failures to innovate more and more in their attacks and only the big and medium companies are concerned about security, some medium and small only care when they suffer some type of damage resulting from a security breach of information. Even if companies invest in security it is necessary to apply it correctly, and an exploited vulnerability can compromise the entire corporate environment. Information security is an area of computing that aims to protect systems and devices against potential threats using the international standards and prevention recommended by experts in the field. Unknown to many companies, Pentest allows them to test their level of protection by testing the entire environment, simulating a real attack by a criminal, and measuring the risk and consequences of such attacks. Pentest is carefully carried out between contractor and contractor to ensure that none of your services stop while the tests are performed, you can still use a sequence based on certain methodologies, depending on the customer's needs. Given this scenario, in this monograph, it is discussed and proposed the use of intrusion testing in the prevention of cyber-attacks to organizations. The work showed that it was possible to carry out security tests in a company's computing environments, which would lead to the leakage, alteration and destruction of information from both the company and all its customers if they were discovered by a black hat. Real flaws were exploited in the computing environment of a company, which did not have the culture to protect its information. The main objective of the work was to demonstrate a method of security failure analysis (Pentest) and the use of some invasion techniques used by black hats, which if implemented by security teams will help to prevent attacks based on this type, organizations that must cultivate a culture of protection of their data, because even with all necessary security, no system is totally safe. As results there were flaws that could be exploited and consequently could cause damages such as: access leaving company systems unusable, destruction of data alteration and theft, disclosure of personal data without authorization, and if these risks occurred, would result in incalculable losses. Tests the company has been willing to invest in security and fix the flaws.