|
|
Identification of industrial devices
Šotola, Bohuslav ; Blažek, Petr (referee) ; Pospíšil, Ondřej (advisor)
This thesis, titled Identification of Industrial Devices, deals with the use of machine learning for the passive identification of exclusively programmable logic controllers (PLCs) from Siemens, communicating via network traffic. The identification is performed to obtain information about vulnerabilities in the devices currently in use. The motivation for introducing identification in the industry is to minimize the likelihood of attacks and thus reduce losses in production. Datasets in the field of Industrial Control Systems (ICS) are created for targeted device identification within 5 minutes of capturing network traffic. These datasets are statistically processed to find input parameters showing independence from topology and time. The statistically processed parameters are then subjected to machine learning models. If they are found to be sufficiently independent, the idea is verified on independent data not related to previous ones. In identification, there is also an attempt to utilize network transmission parameters that are independent of the PLC device manufacturer. Identification of PLC devices is possible, with the ideal use of the older version of the proprietary S7 protocol, as it allows identification within 5 minutes of capturing traffic. Identification based on the older version of the protocol is also relevant because it is used in practice. An obstacle to capturing traffic for identification is the fact that potential users often need appropriate permissions. Firmware updates must be taken into account, providing new data security features.
|
|
|
Network probe module for industrial protocol analysis
Srovnal, Dominik ; Pospíšil, Ondřej (referee) ; Blažek, Petr (advisor)
Industrial networks are often the target of attacks, which need to be adequately responded to. Therefore, it is necessary to prevent these attacks from the outset through protection and prevention. Such protection is provided by intrusion detection and prevention systems, which are capable of preventing unwanted intrusions, based on those modules. As attacks become more and more sophisticated, it is essential that these modules are continuously developed and got proposed in new, safer measures. The theoretical part describes industrial protocols (IEC 61850, IEC 60870, Ethernet/IP and S7). The practical part focuses on the creation of a module for the analysis of the industrial protocol S7. Furthermore, the paper describes possible attacks on the S7 protocol and proposes rules for detecting these attacks using the Suricata module.
|
|
|
Security verification tool for industrial and energy equipments
Sagindykova, Anel ; Kuchař, Karel (referee) ; Blažek, Petr (advisor)
Cílem této práce je analyzovat různé vyhledávače a vybrat ty nejvhodnější pro vytvoření nástroje k testování průmyslových a energetických zařízení z pohledu bezpečnosti. Bylo provedeno porovnání mezi Shodan, ZoomEye, Nexpose, Censys a BinaryEdge. Tyto vyhledávače byly porovnávány podle různých kritérií, například výkonnosti a jejich dalších veřejně dostupných informací. Jako nejvhodnější byly vybrány Shodan a ZoomEye a pomocí těchto vyhledavačů byla vytvořena webová aplikace. Tato aplikace je schopna načítat výsledky vyhledávání ze serverů pomocí jejich rozhraní API a je schopna je ukládat do databáze. Součástí práce je popis průmyslových a energetických protokolů, sítí a jejich bezpečnostních prvků. V rámci práce byl také popis několika nejznámějších útoků na tyto sítě. Posledním cílem práce je provést testování a evaluaci realizovaného nástroje na minimálně dvou zařízeních.
|
|
|
The Training and Recreation Center
Lím, Štěpán ; Blažek, Petr (referee) ; Fišarová, Zuzana (advisor)
Thesis Training and recreational center at the documentation for the execution of works. The building was designed so that the object is divided into two parts. The first part is a training and recreation center, which is developed to the level of documentation for construction. The second part is a space for accommodation, which is designed only as a preparatory study and work. The building is divided into three main units, which include middle entrance portion, training and recreational facilities and accommodation for clients and visitors. The leisure center facilities include a swimming pool, whirlpools, saunas and massages. There are lecture hall, projection room and small cafe in the area of training center. In areas 1.NP is restaurant. The building is brick of brick blocks. Foundation structures bearing walls are designed footings. Roof construction over the area of the training center is oblique, supporting elements are tie beams. Flat roof DUO is designed over other areas of the entrance and the accommodation parts. The entire building is insulated outer contact insulation. The building has a cellar.
|
|
|
Detection of slow-rate DDoS attacks
Sikora, Marek ; Frolka, Jakub (referee) ; Blažek, Petr (advisor)
This diploma thesis is focused on the detection and protection against Slow DoS and DDoS attacks using computer network traffic analysis. The reader is introduced to the basic issues of this specific category of sophisticated attacks, and the characteristics of several specific attacks are clarified. There is also a set of methods for detecting and protecting against these attacks. The proposed methods are used to implement custom intrusion prevention system that is deployed on the border filtering server of computer network in order to protect Web servers against attacks from the Internet. Then created system is tested in the laboratory network. Presented results of the testing show that the system is able to detect attacks Slow GET, Slow POST, Slow Read and Apache Range Header and then protect Web servers from affecting provided services.
|
|
|
Methods of steganography
Obdržálková, Karolína ; Blažek, Petr (referee) ; Člupek, Vlastimil (advisor)
This bachelor thesis deals with steganography, its types and methods. Steganography is generally described in this work. A significant part of this thesis is devoted to the development of steganography and also describes how is steganography used for malware and copyright protection. The next part describes the types of steganography according to the type of carrier, their methods and properties of steganographic methods. Based on theoretical knowledge, an application with a graphical user interface was created to hide and reveal secret information using steganographic method LSB. This application is described in the final part together with the evaluation of security of hidden information.
|
|
| |
|
|
Elementary School in Moravany u Brno
Trojánek, Lukáš ; Blažek, Petr (referee) ; Fišarová, Zuzana (advisor)
The theme of this thesis is the preparation of project documentation at the level for the implementation of the construction of primary schools in the village Moravany u Brna. In the framework of the preparatory study work has been processed the entire campus, including outdoor sports facilities, paved surfaces, parking lots and additional objects required for the running of the school. The subject of this thesis is only part of the main object SO01 elementary school and part of it and this is a three storey building with the main longitudinal structural wall system. The carrier of the walls and the ceiling structure is of reinforced concrete. The roof structure is designed as a desktop with internal drainage. The façade of the building is divided according to the floor, the first floor is addressed to the contact insulation system for cladding of ceramic straps in the second and the third floor is designed to ventilated the facade of fiber cement plates with colored solution. The subject of the proposal is to solve traffic in peace into two parking lots and the Terminal for lifting children.
|
|
|
Wastewater treatment plant testbed controlled by PLC
Kopáč, Ondřej ; Blažek, Petr (referee) ; Pospíšil, Ondřej (advisor)
This master thesis deals with the design of a wastewater treatment plant, which will be controlled by a PLC. The theoretical part describes the types of wastewater and sewage systems that are important in the design of wastewater treatment plants. The thesis also describes programmable logic controllers, theirs programming languages, SCADA (Supervisory Control And Data Acquisition) systems and automation.The thesis also deals with theoretical description of wastewater treatment plants, their functions and security. Next part describes the design of the wastewater treatment plant. The last part of the thesis describes implementation of the wastewater treatment plant controlled by a PLC.
|
|
|
Network communication monitoring probe
Klečka, Jan ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
Master thesis deals with analysis of single board PC which use Linux as operation system. Analysis of individual NIDS systems and examined their properties for choosing right candidate for single board computer which shall be used as network probe for analysis, filtering and logging of network traffic. Part of the work is aimed on development of a interface which is used for configuration of network probe through the web browser. Web interface allows perform basic operations over network probe which influence network traffic or specify, which information shall be logged. Subsequently network parsers were implemented for network protocols using the Scappy library. The conclusion of the thesis contains the design of the security cover for the device according to the IP54 requirements.
|
guest ::
