|
|
IMAP Implementation in C++
Pohl, Marek ; Janoušek, Vladimír (referee) ; Peringer, Petr (advisor)
This thesis has focused on development of library of IMAP network protocol in C++ programming language. This work has focused on design and on interface of the library. Object design of this library is based on analysis of the IMAP protocol. Developed library contains implementation of a client and server part of the IMAP protocol. This work shows also the another IMAP libraries and evaluates pros and cons of the different solutions. Security of a network transfer is explained here in this thesis. This work deals with authentication methods, which are used to protect user credentials during authentication process. Created library can be easily used by software developers to develop an applications like an email client program and IMAP mail server. Part of this work has focused on testing of this developed library.
|
|
|
Design of user authentication for small and medium networks
Hajný, Jan ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main focus of this Master’s thesis is user authentication and access control in a computer network. I analyze the TCP/IP model in connection with security and describe main stepping stones of authentication protocols (mainly hash functions). The authentication protocol analysis follows. I begin with LANMAN protocol analysis for the reason of a security comparison. The NTLM, Kerberos and Radius follows. The focus is on the Kerberos which is chosen as a main authentication protocol. This is also a reason why the modification used in MS domains is described. The implementation and functional verification is placed in the second part which is more practical. The virtualization technology is used for an easier manipulation. The result is a computer network model requiring user authentication and minimizing the possibility of an attack by unauthorized clients.
|
|
|
Interception of Modern Encrypted Protocols
Marček, Ján ; Korček, Pavol (referee) ; Kajan, Michal (advisor)
This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.
|
|
|
Simulated Fault-Injection in Network Communication
Rozsíval, Michal ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
The development of network applications takes place under ideal conditions, as opposed to deploying them in a real-world environment that contains vulnerabilities such as loss, latency, or cyber-attacks. Ensuring resilience against these vulnerabilities is thus crucial. This thesis introduces the NetLoiter, which aims to enable the simulation of the required vulnerabilities and thus allow developers to treat them correctly. The NetLoiter can be used in transparent (proxy server), hidden (captures communication directly from the system kernel), or hardware versions suitable for testing embedded systems. NetLoiter supports dynamic reconfiguration using a public interface that can be used to automate the testing process. NetLoiter has been successfully integrated and used in real projects.
|
|
|
Module Orchestration of Multitenant Systems
Freyburg, Petr ; Pavela, Jiří (referee) ; Smrčka, Aleš (advisor)
This thesis deals with the creation of multitenant systems and their orchestration. The creation process is based on the transformation of an existing monolithic but modular system in order to extract a selected module. The resulting solution includes an infrastructure that enables secure transmission between the information system and the extracted module. This infrastructure isolates the individual tenants from each other. The individual modules are containerized in Docker technology and orchestrated using Kubernetes. The proposed solution supports several interfaces between the module and the system. Supported interfaces include, for example, a standard client-server architecture or a standard input/output to allow the single-running of console applications.
|
|
| |
|
|
Advanced proxy for penetration testing
Válka, Michal ; Vilém,, Šlesinger (referee) ; Sedlák, Petr (advisor)
This master’s thesis focuses on improving the open-source proxy tool for penetration testing of thick clients. The thesis is divided into three main chapters, the first of which is focused on the theoretical background on which the thesis is based. The second chapter describes the analysis of the current state and defines user requirements, which must be met. The third chapter deals with increasing the quality and expanding the functionality based on user requirements. At the same time, a testing methodology is created and a vulnerable application is developed as a teaching material for the methodology. The chapter concludes with a summary of the economic costs and benefits of the application for the penetration testing process.
|
|
|
Trusted proxy in SSL/TLS connection
Smolík, Jiří ; Forst, Libor (advisor) ; Lukeš, Dan (referee)
The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)
|
|
|
Design and Creation of Proxy for Penetration Testing
Válka, Michal ; Bláha, Lukáš (referee) ; Dydowicz, Petr (advisor)
This bachelor’s thesis is aimed at design and development of proxy for penetration testing. The thesis is divided into three main parts and begins with a theoretical part, which is focused on fundamental technologies and principles on which the application is based. The second part is focused on comparison of currently available solutions. The third part contains the creation of the proxy itself. The last chapter contains a summary of this thesis and the benefits of the developed product for penetration testing.
|
|
|
Censorship in the Internet
Rajecký, Michal ; Rychlý, Marek (referee) ; Očenášek, Pavel (advisor)
Internet censorship is a phenomenon of the time, which significantly restricts freedom of speech. The aim of this work was to find out the current state of Internet censorship in China. As part of the analysis, I designed and implemented a tool for testing website availability and detecting censorship of potentially blocked keywords. This tool verified different levels of access to a target server. The analysis showed that the city of Beijing forms a significant part of China's system in the implementation of censorship, as it loses a large part of Internet communication, up to 97% of all lost data. Testing also revealed the variability of censorship over time. On average, 57.6% of websites received different results during the testing period. This article provides an up-to-date picture of the state of Chinese Internet censorship and its impact on users. Censorship in China can be considered centralized, very extensive and variable over time.
|
guest ::
