|
|
Architecture and management of secure networks
Štangler, Jan ; Frolka, Jakub (referee) ; Člupek, Vlastimil (advisor)
This work is focused on the security of small to medium-sized networks with central administration, especially on the creation of a methodology for secure network design.The design of a secure network for a start-up IT company, using open-source software, is described. Deployment of the designed secure network, with central management, is performed and the connectivity of network elements are tested. The model simulates network traffic situations and network attacks using penetration testing techniques. In terms of the severity of the impact on network security, intercepted attacks are evaluated and immediately reported to responsible persons. Finally, the results of the intercepted attacks are processed and further actions are recommended.
|
|
|
Vizualizace síťového provozu s ohledem na bezpečnostní události
SOUBUSTA, Jan
The thesis deals with methods of visualization of network traffic and identification of unfair or offensive activities. The theoretical part is verified by experiments with virtual machines, where an attacker, generating malicious traffic, is simulated. The target of the thesis is to describe and test the ways of displaying data in the network so that it is humanly readable and possible to identify potentially dangerous activities of the attacker.
|
|
| |
|
|
Architecture and management of secure networks
Štangler, Jan ; Frolka, Jakub (referee) ; Člupek, Vlastimil (advisor)
This work is focused on the security of small to medium-sized networks with central administration, especially on the creation of a methodology for secure network design.The design of a secure network for a start-up IT company, using open-source software, is described. Deployment of the designed secure network, with central management, is performed and the connectivity of network elements are tested. The model simulates network traffic situations and network attacks using penetration testing techniques. In terms of the severity of the impact on network security, intercepted attacks are evaluated and immediately reported to responsible persons. Finally, the results of the intercepted attacks are processed and further actions are recommended.
|
|
|
Secure, reliable and adaptive network based on Cisco devices
Lefler, Přemysl ; Komosný, Dan (referee) ; Kubánková, Anna (advisor)
This bachelor thesis deals with design of secure, reliable and adaptive network using Cisco network devices. Thesis includes design of a network with description of each individual technology, that were used in the design to meet requirements for safety, reliability and adaptivity. The last chapter describes frequently occuring network attacks along with a description of their execution followed by implementation of defense against them.
|
|
|
Flood attacks generation
Hudec, David
Proposal of a high speed packet flooding device is presented in this paper. The product is based on the FPGA (Field-programmable Gate Array) platform, developed in VHDL (Very high speed integrated circuit Hardware Description Language) and set into the NetCOPE environment. It uses an existing solution of packet generator. Once done, it should be implemented on a COMBO-80G board to serve as a network stressing tool.
|
|
|
Secure Network Based on Virtual Next-Generation Firewall
Varmus, Pavol ; Burda, Karel (referee) ; Malina, Lukáš (advisor)
The bachelors thesis aims to study the issue of security of the networks that use firewalls. The next goal is to evaluate the characteristics of a different types of firewalls and to summarize its results. The other object is to design a small or medium sized network with description of best practice. The main objective of the thesis is to design a lecture task for students to test with a step-by-step solution. This task is for students to undertand the importance of firewalls as a network protection service tools and to try out different types of filters for maintainin network security. The task ends with a practical stress test made by a network attack in order to see its resistance to the attack.
|
|
|
Annotation of NetFlow Data from Perspective of Network Security
Kadletz, Lukáš ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This thesis describes design and implementation of application for offline NetFlow data annotation from perspective of network security. In this thesis is explained the NetFlow architecture in detail along with methods for security incidents detection in the captured data. The application design is based on analysis of manual annotation and supported by several UML diagrams. The Nemea system is used for detecting security events and Warden system as a source of information about reported security incidents on the network. The application uses technologies such as PHP 5, Nette framework, jQuery library and Bootstrap framework. The CESNET association provided NetFlow data for testing the application. The result of this thesis could be used for analysis and annotation of NetFlow data. Resulting data set could be used to verify proper functionality of detection tools.
|
|
|
Generating of flood attacks
Hudec, David ; Hajný, Jan (referee) ; Smékal, David (advisor)
The assessment comprises of two parts, describing theory and generating of flood attacks respectively. The first part covers flood attacks' analysis, deals with their available techniques and practices, known in the area, and a computer simulation program, revealing the behavior of a contested network as well as the attacker's procedure. In the following part, data generating solutions itself are described. These are represented by two hardware programs, adapted from existing solutions, and one C# application, created by the author. The comparison of these two approaches is included, as well as are the generation results and mitigation proposal.
|
|
|
Network Attack Simulator
Filičko, Dávid ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The thesis discusses about study of networks attacks and framework monitoring packets in the network. It proceeds especially network attacks, which can be detected without knowledge about the contents of packets. The aim of this thesis is to develop the simulator based on detected features, which will simulate these attacks. The output from the simulator will be created in the Nemea framework to improve the quality of tools of detection and prevention of given attacks. The simulator will be functioning for testing purpose only. Under no circumstances it will be possible to realize individual attacks.
|
guest ::
