|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
Security of mobile devices running Android in a corporate environment
Pecl, David ; Dvořák, Jan (referee) ; Frolka, Jakub (advisor)
The thesis deals with the security of the Android operating system. Firstly, it describes the basic architecture of the system and the security mechanisms we can find in this system, namely Linux kernel, application sandboxing, and application permissions. In the second part, it describes threats and attacks on the Android devices. Describes the risks to which the users are exposed and the impact on the device, user, and data security. For each threat and attack, the way the device can be compromised is mentioned. Threats and attacks are rated using CVSS. It also deals with Android updates. The last section describes applications that can be used to manage and secure Android mobile devices primarily in the corporate environment. There are described features of these applications and against what threats or attacks provide protection. Furthermore, there are examples of such applications. The thesis also provides a laboratory task that is created to demonstrate the mobile device management systems that are used in the corporate environment. Also, study material is created in the form of presentation for both lecture and self-study.
|
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
Security of mobile devices running Android in a corporate environment
Pecl, David ; Dvořák, Jan (referee) ; Frolka, Jakub (advisor)
The thesis deals with the security of the Android operating system. Firstly, it describes the basic architecture of the system and the security mechanisms we can find in this system, namely Linux kernel, application sandboxing, and application permissions. In the second part, it describes threats and attacks on the Android devices. Describes the risks to which the users are exposed and the impact on the device, user, and data security. For each threat and attack, the way the device can be compromised is mentioned. Threats and attacks are rated using CVSS. It also deals with Android updates. The last section describes applications that can be used to manage and secure Android mobile devices primarily in the corporate environment. There are described features of these applications and against what threats or attacks provide protection. Furthermore, there are examples of such applications. The thesis also provides a laboratory task that is created to demonstrate the mobile device management systems that are used in the corporate environment. Also, study material is created in the form of presentation for both lecture and self-study.
|
guest ::
