Vulnerability mitigation in an ISP core network: A case study
Cybersecurity incidents in ISP (Internet Service Provider) infrastructure have grown significantly and it is necessary to identify vulnerabilities that need immediate protection. In this environment, the firewall can filter data packets, analyzing the headers and deciding about the routing of the packet based on the established rules. This device is very essential in an ISP network because it mitigates the vulnerabilities coming from the network, maintaining a higher degree of computer security for your internal network, thus guaranteeing the availability, integrity, and confidentiality of the information. In the case study, a Mikrotik brand infrastructure was selected with a proprietary operating system called RouterOS, which will function as a core router, where the security rules will be applied to your firewall for each type of attack that will be generated against the router. , whether they are internal or external attacks on the network, avoiding causing serious security failures such as being the victim of a DoS (Denial of Service) attack, brute force attacks, etc. As a result, a 50% decrease in CPU consumption was obtained in each attack generated, thus achieving the proper functioning of the network infrastructure and guaranteeing stability and availability of the communications network.
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A. J. I. C. S., & Tutorials. (2015). Security in software defined networks: A survey. 17(4), 2317-2346.
Aldaoud, M., Al-Abri, D., Al Maashri, A., Kausar, F. J. J. o. C. V., & Techniques, H. (2021). DHCP attacking tools: An analysis. 17(2), 119-129.
Arhami, M., & Hidayat, H. T. (2019). Analysis and implementation of the Port Knocking method using Firewall-based Mikrotik Rout-erOS. Paper presented at the IOP Conference Series: Materials Science and Engineering.
Bartholemy, A., & Chen, W. (2015). An examination of distributed denial of service attacks. Paper presented at the 2015 IEEE In-ternational Conference on Electro/Information Technology (EIT).
Braem, B., Bergs, J., Avonts, J., & Blondia, C. (2014). Mapping a community network. Paper presented at the 2014 Global Infor-mation Infrastructure and Networking Symposium (GIIS).
Chauhan, A. S. (2018). Practical Network Scanning: Capture network vulnerabilities using standard tools such as Nmap and Nessus: Packt Publishing Ltd.
Domínguez, H. M., Maya, E. A., Peluffo, D. H., & Crisanto, C. M. J. M. (2016). Aplicación de técnicas de fuerza bruta con dicciona-rio de datos, para vulnerar servicios con métodos de autenti-cación simple “Contraseñas”, pruebas de concepto con soft-ware libre y su remediación. 7, 87-95.
EcuaCERT. (2021). EcuaCERT. Retrieved from https://www.ecucert.gob.ec/
Grover, V. (2020). An Efficient Brute Force Attack Handling Tech-niques for Server Virtualization. Paper presented at the Pro-ceedings of the International Conference on Innovative Com-puting & Communications (ICICC).
Gunnam, G. R., & Kumar, S. J. J. o. I. S. (2017). Do ICMP Security Attacks Have Same Impact on Servers? , 8(3), 274-283.
Kadafi, M., & Khusnawi, K. J. C. I. T. J. (2015). Analisis Rogue DHCP Packets Menggunakan Wireshark Network Protocol Analyzer. 2(2), 165-180.
Kali. (2019). Yersinia tools. Retrieved from https://tools.kali.org/vulnerability-analysis/yersinia
Kaspersky. (2020). Kaspersky registra 45 ataques por segundo en América Latina. Retrieved from https://latam.kaspersky.com/blog/kaspersky-registra-45-ataques-por-segundo-en-america-latina/15274/
Linux, K. (2018). hping3. Retrieved from https://tools.kali.org/information-gathering/hping3
López, R. A. (2017). Sistemas de gestión de la seguridad informáti-ca. In: Bogotá: AREANDINA. Fundación Universitaria del Área Andina.
Mukhtar, H., Salah, K., Iraqi, Y. J. C., & Engineering, E. (2012). Miti-gation of DHCP starvation attack. 38(5), 1115-1128.
Shaikh, A., Pardeshi, B., & Dalvi, F. (2020). Overcoming Threats and Vulnerabilities in DNS. Paper presented at the Proceedings of the 3rd International Conference on Advances in Science & Technology (ICAST).
Singh, A., Juneja, D. J. I. J. o. E. S., & Technology. (2010). Agent based preventive measure for UDP flood attack in DDoS at-tacks. 2(8), 3405-3411.
Sukaridhoto, S., & ST Ph, D. J. S. P. (2014). Buku Jaringan Komputer I. 2014, 11-12.
Wu, C.-H. J., & Irwin, J. D. (2016). Introduction to computer net-works and cybersecurity: CRC Press.
PDF (Español (España)) 31
Copyright (c) 2021 Diego Avila-Pesantez
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors maintain the rights to the articles and are therefore free to share, copy, distribute, execute, and publicly communicate the work on their personal websites or in institutional deposits, after its publication in this journal, as long as they provide bibliographic information that certifies its publication in this journal.
The works are under one https://creativecommons.org/licenses/by-nc-nd/4.0/