|
|
Threat management for CERT/CSIRT teams
Machálek, Jiří ; Peterka, Jiří (advisor) ; Lukeš, Dan (referee)
The increasing importance of the Internet as an integral part of contemporary society has stressed the need to formalize the process of response to security incidents that accompany it inseparably. Security teams of the CERT/CSIRT type are established at different levels for this purpose. These teams respond to reports from their constituency and cooperate with other teams. This thesis introduces the reader to the issues these teams deal with and analyzes their needs in resolving threats and problems related to DNS and its domains. Part of the work is an overview of the basic existing tools to support the work of CERT/CSIRT teams to solve problems with domains, the design of a tool Malicious Domain Manager and description of its implementation. The results of test run of this tool by CZ.NIC-CSIRT team show its contribution to security of DNS.
|
|
|
Cipher framework
Bureš, Filip ; Lukeš, Dan (advisor) ; Beneš, Antonín (referee)
The aim of this bachelor thesis is to create a scripting language and a program (language interpreter), which on basis of these scripts encrypts and decrypts texts. The program is as independent on a concrete operating system as possible. The programming language used to create this program is C (C++ if necessary). The thesis is primarily aimed to substitution and transposition ciphers, the computational difficulty of which does not eliminate practical use of the interpreter for their implementation. Part of the program is the possibility, that users can create their own libraries of functions, which could be used for writing scripts. One of the assumed uses of this system is its use as a basic instructional material for elementary and/or popularizing seminars about encrypting. The interpreter makes it possible to observe the processing of the chosen script and the values of variables (debugging tool). User and programmer documentation (incl. formal language syntax description) is included.
|
|
|
Encrypted VPN (multipoint)
Severýn, Prokop ; Lukeš, Dan (advisor) ; Calda, Jiří (referee)
The purpose of this project is to construct a software equipment for a cryptography protected transfer of a biggest information volume in IP network. The cryptography methods are selected for a higher rate of an encryption with currently keeping high level of safety. It is possible to route the communication of two points, over other members of network. The pseudorandom generator is the part of the program, the safety of used algorhitms is based on PRNG quality. The program has a simple text user interface.
|
|
|
Dispatcher for Workflow Management System
Kozina, Stanislav ; Lukeš, Dan (advisor) ; Tomášek, Jiří (referee)
Present work considers processing and identification of the messages under UN/EDIFACT, Inhouse or ebXML standard. There are two main goals of this work. The first goal is to design a template format describing the structure of the messages and the location of identification information in the message. The second goal is to design and implement system for processing and information extraction from the message according to the template. Templates itself should be very similar for all three standards, should be easily read and written by human and must be able to describe any structure of the message. Information which where picked up from the message are subsequently written in the message sticker, which serves for easier identification in later processing.
|
|
|
Monitoring of SLD DNS servers
Šťastný, Petr ; Peterka, Jiří (advisor) ; Lukeš, Dan (referee)
This publication directly follows the bachelor thesis. It contains necessary theory of HTTP, SMTP and some other protocols and services. This knowledge is then used to draw a methodology to build additional tests to verify availability and functionality of basic Internet services of a domain name. This methodology is then implemented as an application that uses distributed processing to analyse a large number of domains. Obtained results are then compiled into statistical outputs. One chapter is also devoted to overview of the attacks on DNS and security options of DNS servers and domain records.
|
|
|
STalk - zabezpečená aplikace pro komunikaci
Gróf, Szabolcs ; Forst, Libor (advisor) ; Lukeš, Dan (referee)
In the present work we study the methods of using cryptographic algorithms to ensure the security of communication over computer networks and give a new perspective on the classic UNIX console chat program called talk. The thesis starts by describing the various protocols of the TCP/IP protocol suite, and also gives a brief description of how these protocols are used from the viewpoint of a UNIX programmer. It is followed by a cryptographic overview, mainly the description of the RSA and DES algorithms. Finally, the program's implementation and usage is described.
|
|
|
IP Multicast data transfer with partial congestion control
Smrčina, Jan ; Lukeš, Dan (advisor) ; Zavoral, Filip (referee)
TODO The work is dedicated to examine possibilities of peer-to-many-peers, reliable, application layer protocol, which has no central controller and transfers data over IP multicast. The protocol should maximize utilisation of multicast in order to minimize the sum of data transferred over all links of the network. It also has to take all wide-area network properties into account, such as data loss, data reordering, and varying throughput of each part of the network in time. The work proposes such experimental protocol and contains its implementation for UNIX-like operating systems. The protocol is very complex and hard to implement, what allows much improvement and further works. Powered by TCPDF (www.tcpdf.org)
|
|
| |
|
|
Trusted proxy in SSL/TLS connection
Smolík, Jiří ; Forst, Libor (advisor) ; Lukeš, Dan (referee)
The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)
|
|
|
VPN security settings influence on system peformance
Winter, Daniel ; Peterka, Jiří (advisor) ; Lukeš, Dan (referee)
Development of computer networks along with the growth of information technology connects geographically remote places. Considerable cost of building and operating the network infrastructure is entailed. This issue can be solved by leasing of data lines, or using Internet as an existing network infrastructure. Not to forget to mention a technology called Virtual Private Network (VPN) to create a minimal financial cost computer network over a shared infrastructure. This paper deals with the principle of operation of virtual private networks, various possibilities of their implementation with consequent impact on the performance of the system environment and the communication speed. First of all everything is first examined in theory and then subsequently validated on specific reports on MS Windows platform. Powered by TCPDF (www.tcpdf.org)
|
guest ::
RSS feed.