|
|
Automatic configuration of workstations in Cisco academy laboratory
Homolka, Jiří ; Jelínek, Mojmír (referee) ; Komosný, Dan (advisor)
My thesis is focused on the subject of working with distant stations connected with the laboratory control of Cisco academy. Station operations, i.e. laboratory control, have been carried in the environment of the Linux operating systems. The first part of the thesis includes a description of the laboratory, its network architecture and software equipment. Also, the VMware tool is described here. VMware tool is intended for virtualization of computer stations, where the virtual station is created. In this virtual station another operating system may be run. The problems of the command interpreter, its function and possibilities are described here too. Main attention is devoted to the Bash command interpreter and to the creation of the scripts. There are descriptions of the basic tools intended for the network communication with the distant stations. Among the most important parts belong the protected communication, the production of the autentization keys as well as the tool for data recording on more stations at the same time. The description of the access rights to the files and directories is included too. The target of this thesis was to create the scripts in the Bash programming language. The scripts are focused on working with the laboratory stations. They are the sublayers of the common project for this laboratory control. They were developed for the cooperation with the the web interface and MySQL database, created by Bc. Zdeněk Hrabal. The Scripts are intended for the finding information about the stations and virtual systems, and also for the recording images and configuration files of the virtual systems at the distant stations. Recording files and directories is enabled too. The other scripts deal with the erasing and changing of the rights of the particular files and directories. Setting commads with the super-user competence is used at this place. The scripts for the switching on and off the laboratory workstations were created too. To solve the problem described above I chose to develope more scripts. Each of them subserves the particular part of the task. The form of the input and output data of the scripts was select with the reference to the cooperation with the web interface and database. The data are implemented by the form of the input and output files. The output information and the process of the carried operations are displayed through the web interface. The scripts together with the web interface are placed and run from the school server adela.utko.feec.vutbr.cz. In the thesis the settings of the access privileges for the current directories and the files of virtual systems and scripts are presented too.
|
|
|
Establishment of the Linux internet gateway using advanced filtering
Matocha, Tomáš ; Pust, Radim (referee) ; Jelínek, Mojmír (advisor)
The thesis Establishment of the Linux internet gateway using advanced filtering focuses on~the installation of~the Linux operating system on~the older computers, that functions as a gateway to connect clients in the internal network to the Internet. The thesis describes creation an advanced filter with using iptables. Shows some types of security against attacks from the Internet. The other chapters are discussed, advanced traffic control mechanism (such as a TC and a qdisc). The system queue, it is highly beneficial where it is necessary to hierarchically divide traffic between users. It describes types of queue and assembled configurations for clients in the internal network. Next chapter describes the DNS server caching-only type and application denyhosts, which increases the overall security system. Have your own DNS server is certified, especially if we want to reduce the data traffic. Last chapter describes the RADIUS server and its implementation using Apache and MySQL database. Furthermore, the configuration options are described and the examples of the particular configurations are provided. Finally, it presented a system for authentication through the RADIUS server. The thesis seeks to provide a~complex view of security and filtering.
|
|
|
Proxy firewall
Kugler, Zdeněk ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
|
|
|
Communiacation software for terminal clients of a Linux server
Hanák, Karel ; Jeřábek, Jan (referee) ; Jelínek, Mojmír (advisor)
The thesis contains a proposal and implementation of an environment convenient for operation of network client applications which use common terminals. It also consists of implemented examples where the way of their usage is presented. The centralized way of communication is the basis. The approach is used also for the possibility of their joining with managing subsystems, i.e. unlimited ways of regulation of systems for real estate management, access to devices, user authority access to access data points to the devices. The environment is based on operation system Linux and database MySQL. Their realization is supposed on a server, in the network environment. This relates also to the overall security policy and this work also focused on social treatment of clients possibilities.
|
|
|
Infrastructure of public keys
Bědajánek, Ondřej ; Malý, Jan (referee) ; Pust, Radim (advisor)
The subject of my thesis dscribes function and principles of the public key infrastructure as well as certificate authority. Under the operation system Linux was created self signed certificate authority. Web interface was devoloped in PHP for the purpose of the generation, distribution and rejection certificates. Configuration files for OpenVPN are included in the thesis and wireless security is achived by OpenVPN.
|
|
|
Design of user authentication for small and medium networks
Hajný, Jan ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main focus of this Master’s thesis is user authentication and access control in a computer network. I analyze the TCP/IP model in connection with security and describe main stepping stones of authentication protocols (mainly hash functions). The authentication protocol analysis follows. I begin with LANMAN protocol analysis for the reason of a security comparison. The NTLM, Kerberos and Radius follows. The focus is on the Kerberos which is chosen as a main authentication protocol. This is also a reason why the modification used in MS domains is described. The implementation and functional verification is placed in the second part which is more practical. The virtualization technology is used for an easier manipulation. The result is a computer network model requiring user authentication and minimizing the possibility of an attack by unauthorized clients.
|
|
|
Establishing the physical position of a computer in the Internet
Relovský, Josef ; Kubánková, Anna (referee) ; Komosný, Dan (advisor)
This master‘s thesis is formed as a part of the research project for whose analyse is used the worldwide experimental network called PlanetLab. The whole dilemma is engaged by IPTV technology. IPTV is a protocol that makes possible transfer data of a television content over the Internet to the end user. In the IPTV technology the server is a source. These data are presented as a video and audio signal (streem) which are required to deliver to the end users. Some structure, which presents alternate these computers´connection, has been established, because the technology making use of the big pretention is used. The most patent way between the source and the destination is found. My objective is design this structure in the pursuit. The principle of the signal ramification from one node to several nodes (in group) is called multicast. Rather said from one node to the set of nodes. In the IPTV is presented each one single program for one multicast group. The concrete end users (recipients) are members of one or several obtainable multicast groups. The switch between programs demands a change from one multicast group to other group. For an analyse is used the worldwide experimental network called PlanetLab. This network was created after the floatation of three American´s universities in 2002. Nowadays it takes in more than 800 nodes which are distributed over the world. The PlanetLab is used by multinational company such as the Intel or the Hewlett-Packard. It is created for the testing and the scientific scope. I make the scripts in the Linux for the formation of the interconnecting structure. The main item by the course of the unreeling is response time. I investigate it with a command called “ping”. Everything is created in the Linux because all nodes use the operation system Linux in PlanetLab. By the help of the command “ping” I take the active nodes and response times. According to the response time I make a distance vectors which are used for the finding a location in the face of the references points which were determined before. According to the similarity of these vectors is designated to what end point is put to the point.
|
|
|
Universal linux server for small and medium companies enabling simple network control
Juřena, Stanislav ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main object of this thesis was to design a computer network for small and medium companies which will be made among others from network server providing simple network control. The next task was to provide internet connection to subscribers of local area network, their security and access to common services. There had been discussed the choice of distribution of Linux operation system with regarding to demanded services, stability and long lasting operation in theoretical part. One part of the work is a theoretic preliminary to separate services, to the purpose of their using and to their weaknesses. The practical part deals with an installation and configuration of Debian operating system, launching the base services and the setting of selected monitoring programs.
|
|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Experimental testing of bus peripherals on single-board computer Beagleboard.
Hladík, René ; Zuth, Daniel (referee) ; Věchet, Stanislav (advisor)
This bachelor’s thesis obtains a kind and possibility of communication, which single board computer offers. Check range of communications using mobile robotics and summary for this system. The result of this work provides a configuration all peripherals for Beagleboard system using. The introductory part of work is focuses on the definition and summary single board computer systems. Description main differences single board systems. Next point is competition and summary single board computers from the world's leading manufacturers and hardware differences. The next part is making complete description and summary of using single board computer Beagleboard xm Rev C. Practical realization obtains the most important interface of communication, which we can use in case of prototypes mobile systems. Realization of USB camera, multifunctional interface GPIO, serial communication of CMUcam3 camera module and in conclusion I2C communication using GPIO SRF08 ultrasonic sensor. Demonstration of Beagleboard system diversity, what can use all users of embedding systems in mobile robotics. Modern mobile robotics systems are complex analog and digital devices like different kind of sensors, sensing elements, cams and else. Bachelor work describe basic configuration some possibility communication with using cameras, sensors and systems elements.
|
guest ::
