|
|
Security protection techniques of wireless networks of internet providers
Žiško, Róbert ; Pelka, Tomáš (referee) ; Burda, Karel (advisor)
This master’s thesis can be used as the guidebook for Wi-Fi networks provider in non-licensed zones 2,4GHz and 5GHz. It is good tool to understand wireless technology area and its protection. Reader can follow network design and avoid mistakes that are mentioned in work. This text shouldn’t be a tool or a guide for possible attackers, but an impulse for small providers who provide their networks in unsecured form. In the opening chapter of my work, matters of Wi-Fi networks are thoroughly analyzed. As they are able to get internet connection in a lot of inaccessible places, they are considered to be crucial for the present times. The basic procedure describing Wi-Fi planning is written in thesis and also its legislative that has to be strictly observed. The big disadvantage is riskiness of the wireless connection that allows attackers to attack network in many ways. For mentioned reason it is very important to take utmost account of Wi-Fi network’s security and attack resistance. Unfortunately a lot of networks are either secured partially or unsecured at all. These types of networks are frequently attacked in order to get “free” Internet access or because of competitors fight. In the text below we can find possible Wi-Fi attack forms using by attackers to get Internet access or destroy network hardware what can cause big financial loss to providers. I described design and realization of little-town network using safety tools implementation based on my experience. For that purpose I implemented benchmark tests in graphics as well as practical format.
|
|
|
Software design support of burglar alarm system
Vymazal, Michal ; Pelka, Tomáš (referee) ; Burda, Karel (advisor)
This thesis deals with implementation of software support of alarm system design for security levels 1 and 2 based on web technologies. It was created intuitive and interactive graphical interface that allows to create high-quality alarm system design even for laymen. First of all the paper deals with standards and jurisdictions in the Czech Republic, according to which the alarm system design must be followed. In theoretical part there are described in detail characteristics of alarm systems and its components, proper functioning principles, installation principle, advantages and disadvantages of use, individual steps of alarm system design and proposed methodology of alarm system design for security level 1 and 2. In practical part there are described the technologies used for the implementation of this paper, structure of created webpage and detailed steps of alarm system design, as seen by user during creating. The result of this paper is a webpage, which is divided into two parts: theoretical and practical. The theoretical part provides information about the alarm system architecture, alarm system design and established methodology for the alarm system design for security level 1 and 2. In the practical part the user, on the basis of gained information and interactive help, can create high-quality alarm system design that meets all the conditions for reliable function in real traffic.
|
|
|
Server clustering techniques
Čech, Martin ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The work is given an analysis of Open Source Software (further referred as OSS), which allows use and create computer clusters. It explored the issue of clustering and construction of clusters. All installations, configuration and cluster management have been done on the operating system GNU / Linux. Presented OSS makes possible to compile a storage cluster, cluster with load distribution, cluster with high availability and computing cluster. Different types of benchmarks was theoretically analyzed, and practically used for measuring cluster’s performance. Results were compared with others, eg. the TOP500 list of the best clusters available online. Practical part of the work deals with comparing performance computing clusters. With several tens of computational nodes has been established cluster, where was installed package OpenMPI, which allows parallelization of calculations. Subsequently, tests were performed with the High Performance Linpack, which by calculation of linear equations provides total performance. Influence of the parallelization to algorithm PEA was also tested. To present practical usability, cluster has been tested by program John the Ripper, which serves to cracking users passwords. The work shall include the quantity of graphs clarifying the function and mainly showing the achieved results.
|
|
|
Proxy firewall
Kugler, Zdeněk ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
|
|
|
SELinux application for Linux server security
Jirka, Michal ; Pelka, Tomáš (referee) ; Šimek, Milan (advisor)
This work is engaged in access control mechanism in GNU/Linux operating systems. At first discretionary and mandatory access control are compared and examine basic technologies based on mandatory access control. More closely is focused on project SELinux, whose generation of new rules is explained. Within the thesis is made application for logging evaluation and for writing new Type Enforcement rules.
|
|
|
Design, administration and analysis of SSM multicast network
Žák, Jakub ; Pelka, Tomáš (referee) ; Šimek, Milan (advisor)
My thesis deals with the Multicast transfer in IP networks and it describes distribution technology of packets with special focus on Multicast technology. The thesis is devoted to the principles of Multicast including the description of scheme, protocol Multicast distribution, registration in the Multicast groups and finally the advantages and disadvantages of the Multicast transfer. Further in the thesis is described in details the Source Specific Multicast technology (SSM) that comes from multicast. There is a description how this technology Works and its implementation in the network equipment including the user side. This part of the thesis also deals with so called Distribution Trees that are used as multicast distribution via the IP networks like for example Internet. Based on the knowledge of the Multicast was created the network to spread the multimedia data with support of Multicast and SSM. The network is designed based on the Cisco system equipment as is: Cisco Content Engine 566, Cisco IP/TV broadcast server and router 1812. This multimedia network provides many services including the live TV broadcast and video channels. In this network using the multicast distribution of packets was done an analysis by protocol analyzer unit WIreshark and Finisar. This protocol analyzer unit allows us to compare the efficiency of multimedia data transfer between the Unicast, Multicast and SSM.
|
|
|
CDN and clustering in GNU/Linux with performance testing
Mikulka, Pavel ; Pelka, Tomáš (referee) ; Šimek, Milan (advisor)
Fault tolerance is essential in a production-grade service delivery network. One of the solution is build a clustered environment to keep system failure to a minimum. This thesis examines the use of high availability and load balancing services using open source tools in GNU/Linux. The thesis discusses some general technologies of high availability computing as virtualization, synchronization and mirroring. To build relatively cheap high availability clusters is suitable DRDB tool. DRDB is tool for build synchronized Linux block devices. This paper also examines Linux-HA project, Redhat Cluster Suite, LVS, etc. Content Delivery Networks (CDN) replicate content over several mirrored web servers strategically placed at various locations in order to deal with the flash crowds. A CDN has some combination a request-routing and replication mechanism. Thus CDNs offer fast and reliable applications and services by distributing content to cache servers located close to end-users. This work examines open-source CDNs Globule and CoralCDN and test performance of this CDNs in global deployment.
|
|
|
Mandatory access control
Grepl, Miroslav ; Soumar, Michal (referee) ; Pelka, Tomáš (advisor)
This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.
|
|
|
Implementation of modular web based application
Suchý, Petr ; Koutný, Martin (referee) ; Pelka, Tomáš (advisor)
Diploma thesis Implementation of modular web based application deals with web modular systems. The aim of web modular system is to allow creating universal web presentation without necessity of creation new systems. Diploma thesis is devided into couple parts. Advantages of modular solution of web systems are highlighted in the first part and after that is analyzed the current situation of this problem. In the next part is designed own web modular system above all its kernel, modules and data model. In the final part is described own implementation of own designed system. The most stress is layed on security of the system. In the conclusion is summed up own solution and its most advantages.
|
|
|
Worm conveyor
Pelka, Tomáš ; Škopán, Miroslav (referee) ; Malášek, Jiří (advisor)
This bachelor project deals with, specifies and makes design of the worm horizontal conveyor. The project is divided into drawings and written part including the funcional capacity calculation and electromotor output. Further the part includes proposal of key dimensions of the conveyer with the soilidity control of the worm, solving of the suspended bearings, assemble issues, maintenance and potencial exchange of the worm due to abrasion.
|
guest ::
