|
|
Identity management
Kefer, Daniel ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The master thesis is divided into two parts. In the first part, identity management is described on theoretical basis. Particular domains of identity management including authentication, authorization and audit are explained as well as Single Sign-On concept, i.e. using single credentials and entering them just once for access to multiple independent systems or services. In the second part, which forms the main part of this thesis, a practical project was implemented on the infrastructure of the Department of Telecommunications within the Faculty of Electrical Engineering and Communication, Brno University of Technology. The goal of this project was to create an environment for central 4 authentication and Single Sign-On using only open source technologies within a computer laboratory used for teaching OS Linux. The project is based on OS Linux Debian, Kerberos as a protocol for secure authentication and LDAP server OpenLDAP. For the Single Sign-On demonstration, NFS services for accessing data on the network were chosen. Using NFS services, users can sign-on to any workstation and access all their data. Administration of users and their import from central FEEC databases was implemented using scripts developed in Python. Next, using Apache, PHP and MySQL, a front-end audit interface for the network administrator was developed in order to inspect and evaluate security events in the network. Messages about suspicious events are delivered to administrator’s mailbox in real time. The project is intended as a security platform which means that other services can be implemented for Single Sign-On as well as new mechanisms for evaluation of suspicious events.
|
|
|
Integrated telecommunication environment
Tomeček, Jan ; Škorpil, Vladislav (referee) ; Polívka, Michal (advisor)
The thesis described the proposal for a wireless network problems. There are recorded and compared the characteristics of different wireless technologies. The possibility of voice communication securing is outlined and solutions implemented in the form of ZRTP protocol. The requirements for quality of service are discussed and the solutions to this issue are proposed. Other chapters are devoted to the actual design of specific equipment, including antennas and advance resource. The whole network is practically implemented in the mountainous countryside of eastern Wallachia. In conclusion, this work is network mate in terms of QoS (quality of service) and tested in terms of prioritization of voice communication.
|
|
|
Security risks of wireless access networks
Špidla, Milan ; Hošek, Jiří (referee) ; Polívka, Michal (advisor)
Master´s thesis „Security risks of wireless access networks“ deals with wireless access networks, which are the most widespread in this time. The main target is realization of attacks wireless access networks protected by various using methods. This thesis shows main securities gaps, which originate from project this networks. These securities gaps are used for realization attacts in practical part. In the next part I took attention of network´s monitoring possibilities.
|
|
|
Handset based computer control
Kovář, Jan ; Kouřil, Jiří (referee) ; Polívka, Michal (advisor)
The master's thesis is focused on Java based solution of remote PC control using a mobile phone. Application is made up of client and server, which are communicating via Bluetooth interface. The client represents a mobile application (MIDlet) and commands sent to the server. Server, run on a computer (with any operating system), read these orders and evaluate their algorithms to control the PC. The issue of the draft text is divided into two units, each of them describes just one part of the application. The client describes its functionality. It is also fully examines the structure of mobile application programmed in Java ME, together with the most important methods of this code. Text dealing with the server part describes its activities as well as individual options utilization. It describes the structure of the server application which is programmed in Java SE. There are also a description of the most important methods of the Java SE code. This thesis gives the results of both components of the application that allow to remotely control the computer and especially the presentation. The application was properly debugged and tested, and form a functional multiplatform software.
|
|
|
Server clustering techniques
Čech, Martin ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The work is given an analysis of Open Source Software (further referred as OSS), which allows use and create computer clusters. It explored the issue of clustering and construction of clusters. All installations, configuration and cluster management have been done on the operating system GNU / Linux. Presented OSS makes possible to compile a storage cluster, cluster with load distribution, cluster with high availability and computing cluster. Different types of benchmarks was theoretically analyzed, and practically used for measuring cluster’s performance. Results were compared with others, eg. the TOP500 list of the best clusters available online. Practical part of the work deals with comparing performance computing clusters. With several tens of computational nodes has been established cluster, where was installed package OpenMPI, which allows parallelization of calculations. Subsequently, tests were performed with the High Performance Linpack, which by calculation of linear equations provides total performance. Influence of the parallelization to algorithm PEA was also tested. To present practical usability, cluster has been tested by program John the Ripper, which serves to cracking users passwords. The work shall include the quantity of graphs clarifying the function and mainly showing the achieved results.
|
|
|
Design of a virtual local computer network for educational purposes
Janošík, Martin ; Polívka, Michal (referee) ; Škorpil, Vladislav (advisor)
The master’s thesis focuses on the virtual local computer network for laboratory usage. It aims to propose and realize proper network connection in order to monitor expected data flow. Thanks to the network analysers (software ClearSight and hardware NetTool Series II) it plans to pursue in detail the used transmission protocols of TCP/IP layers. The most decisive feature happens to be the right choice of appropriate network components and their precise configuration. Consequently, the thesis formulates a proposal of a laboratory task for the needs of students, which is also closely related to the actual problems. The assignment of the task will serve the teachers as a test pattern for measurement. The results elaborated in the form of the model protocol should enable later comparison of the recorded data. Another part of the diploma thesis is the working-out of well arranged manuals for the network analysers involved.
|
|
|
Software for assuming control over the computer
Kostelník, Jan ; Kouřil, Jiří (referee) ; Polívka, Michal (advisor)
The introduction of this Master’s thesis describes a historical and technological evolution of the terminal application, including its advantages and disadvantages. In the following part, a general description of the services and their understanding are mentioned. The benefits and general advantages of the terminal services are described. For the each type of the terminal service, all the functions, options, exact advantages and disadvantages are described. Consequently, the study of the suitability of the compression is presented. On the demo application, the impact of an excessive (voluntary) loss of information is demonstrated. In the next part, the thesis deals with the most frequently used remote-control applications. The tests and comparisons are made as well. The fifth chapter is the fundamental part of this work. The design approach of the workbench is presented there. Consequently, the design approach and system implementation intended for the supervision and control is described. This system makes the user possible to observe other user’s activities and also to control their workstations. The supervising user can also access their drives and other memory devices, which are located in the monitored workstation. The communication is compressed and encrypted. The symmetric and asymmetric encryption algorithms are used there. In the following part, there are two supplementary applications mentioned – application for the key generating and network file manager. In the end of my work, the results of the performance test and also the design of other improvements are presented.
|
|
|
Modern e-learning system on the JAVA platform
Hák, Tomáš ; Polívka, Michal (referee) ; Pfeifer, Václav (advisor)
This dissertation is studying e-learning – electronic form of education. At once it is analysing in details the advantages and disadvantages of this new form of education approach and is describing possibilities of some chosen e-learning systems and their basic structures. In the second part of this dissertation are said basic principles and possibilities of programming language Java in which language is designed it's own concept of system, that should make possible for users to manage and control the e-learning. In this part is described progress of communication between server and client, method of sending off the SQL (query) and receiving result too. In last part is viewed resulting application as a whole, is explained basic controlling, possibilities of administration and methods of entering data. Application itself is tested on local testing server.
|
|
|
Application for monitoring and controlling the security of large LAN and WAN computer networks
Maloušek, Zdeněk ; Polívka, Michal (referee) ; Novotný, Vít (advisor)
Computer networks are used in much wider extent than 20 years ago. People use the computer mainly for communication, entertainment and data storage. Information is often stored only in electronic devices and that is why the security of the data is so important. The objective of my thesis is to describe network security problems and their solutions. First chapter deals with the network security, security checks and attacks. It describes procedures used in practise. First part deals with traffic scanning and filtering at various layers of the TCP/IP model. Second part presents the types of proxy and its pros and cons. Network Address Translation (NAT) is a favourite technique of managing IP addresses of inside and outside network which helps to improve the security and lower the costs paid for IP addresses. NAT description, IPSec, VPN and basic attacks are described in this section. The second chapter of the thesis presents set of Perl scripts for network security checking. The purpose of the project is not to check the whole network security. It is designed for contemporary needs of IBM Global Services Delivery Centrum Brno. The first script checks running applications on target object. The aim is to detect services that are not necessary to run or that are not updated. The second one checks the security of the Cisco device configuration. There is a list of rules that has to be kept. The third script inspects the Nokia firewall configuration which is on the border of IBM network. If some of the rule is broken, it shows the command that has to be proceeded at the particular device. The output of the first and the second script is an HTML file. The third script uses the command line for the final report. The last part of this chapter gives advice to configure Cisco devices. It is a list of security recommendations that can be used by configuring e.g. routers. The appendix presents two laboratory exercises. The aim is to give students an opportunity to learn something about programs and technologies which are used in practise by IT experts to check the weaknesses of their networks.
|
|
|
An Architecture for Global Distributed SIP Network Using IPv4 Anycast
Anděl, Ladislav ; Polívka, Michal (referee) ; Kovář, Petr (advisor)
Tato diplomová práce se zabývá metodami pro výběr nejbližší RTP proxy k VoIP klientům s použitím IP anycastu. RTP proxy servery jsou umístěny v síti Internetu a přeposílají RTP data pro VoIP klienty za síťovými překladači adres(NAT). Bez zeměpisně rozmístěných RTP proxy serverů a metod pro nalezení nejbližšího RTP proxy serveru by došlo ke zbytečnému poklesu kvality přenosu médialních dat a velkému zpoždení. Tento dokument navrhuje 4 metody a jejich porovnání s podrobnějšími rozbory metod s využitím DNS resolvování a přímo SIP protokolu. Tento dokument také obsahuje měření chování IP anycastu v porovnání mezi metrikami směrování a metrikami časovými. Nakonec dokumentu je také uvedena implemetace na SIP Express Router platformě.
|
guest ::
RSS feed.