|
|
Automated network for deceiving attackers through illusory assets in cyberspace
Maťaš, Matúš ; Lieskovan, Tomáš (referee) ; Safonov, Yehor (advisor)
The bachelor thesis deals with the design of a fake network to deceive attackers using SIEM to monitor network activity and SOAR to create scenarios with automatic countermeasures. The theoretical part of the thesis is describes the principles of attacker deception technologies, security monitoring and automated responses to security incidents. The practical part provides a detailed analysis of available tools for deceiving attackers. Subsequently, the design of a fake network is created with the use of virtual devices. The network incorporates a SIEM system for device monitoring and centralized log collection, and a SOAR system for creating scenarios with automatic countermeasures in the case of a security incident. The practical result of this work is the creation of a real network to deceive attackers with fake devices and the combination of advanced SIEM and SOAR solutions. Several attacks have been designed and simulated within this constructed network. Automated countermeasures have subsequently been created to respond to them.
|
|
|
Honeypot for operational technology
Tydlačková, Julie ; Holasová, Eva (referee) ; Blažek, Petr (advisor)
This bachelor thesis discusses the challenges associated with the deploying a honeypot for operational technologies protocols. Specifically, it examines the current situation regarding the OPC UA protocol. Despite its proliferation, reliable implementations for the OPC UA honeypots still do not exist. To address this gap, a simple honeypot design was created and implemented. It was built on the honeynet project. The knowledge necessary for this implementation was gained from the analysis of existing honeypots and theoretical insights.
|
|
|
Honeypot for LoRaWAN protocol
Zhukova, Viktoriia ; Pospíšil, Jan (referee) ; Pospíšil, Ondřej (advisor)
The bachelor’s thesis in the theoretical section focuses on LoRaWAN technology. It describes network communication, LoRaWAN security, vulnerabilities, and mitigation measures. The second half of the theoretical section focuses on describing honeypot technology and its distribution, listing its advantages and disadvantages, and comparing IoT honeypots. The practical section focuses on building an experimental environment. There is a description of the selected hardware and software. It describes the commissioning of the LoRaWAN network, the configuration of the gateway, and the startup of the LoRaWAN server. Next, the whole procedure of honeypot assembly is described. Two variants of high-interaction honeypot are described and investigated. One without the use of sandboxing and using a firewall, the other with the use of sandboxing and an implementation of chroot/jail.
|
|
|
Analyzis of Parallel Honeypot Tools
Antal, Lukáš ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
This bachelor thesis analyzes the selected shadow honeypot tool. The thesis explaines the need for having tool for early detection of a new type of cyber-attack. Shadow honeypot tool analyzed in the thesis is called Argos. Argos is one of the results of the international project called European Network of Affined honeypots (NoAH). The thesis includes thorough analysis and testing of Argos tool. The paper also includes implementation of Argos log files parsing utility.
|
|
|
Implementation of Honeypot tool for monitoring and analysis of network attacks
Němeček, Ladislav ; Červenka, Vladimír (referee) ; Bartl, Milan (advisor)
The goal of this thesis is to describe and categorize the malicious software. Thesis deals with the network attacks and the protection against them as well as how to detect and analyze the attack by the eligible tools. The next part of the thesis deals with the honeypot topic and the possibilities of detection using this software, specifically then the Argos tool. The installation, usage, and the methods of detection of the tool are also being described. The next chapter describes how to secure the honeypot against abuse. Last but not least, the thesis also contains the results of the network monitoring, attacks on the honeypot, and describes the log files used by Argos to interpret the results of the attack detection.
|
|
|
Honeypot: a tool for fighting malware
Karger, David ; Lieskovan, Tomáš (referee) ; Hajný, Jan (advisor)
This bachelor thesis is focused on deploying a honeypot to fight malware. The aim was to study the issue of honeypots and their use in detection and analysis of malware. The first part is dedicated to malware, its history and individual types. The so-called botnet is described in the next part. The last part is devoted on the honeypot itself and its distribution. The practical realization is done through honeypots Cowrie and Mailoney.
|
|
|
Automatic Honeypots Deployment and Data Gathering
Ďuriš, Tomáš ; Pluskal, Jan (referee) ; Zobal, Lukáš (advisor)
This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet
|
|
|
Capturing cyber-threats of industrial systems
Dobrík, Andrej ; Pospíšil, Ondřej (referee) ; Fujdiak, Radek (advisor)
S vedomím že kybernetické útoky stoja korporácie každoročne miliardy, počínajúc neoprávnenými útokmi, distribuovanými útokmi odmietnutia služieb (DDOS) až po vírusy a počítačové červy atď., prichádza problém s nástrojmi, ktoré majú k dispozícii správcovia systému. Táto diplomová práca sa venuje skúmaniu jedného z takýchto nástrojov, Honeypot. Presnejšie, Honeypot zariadeniam pre priemyselné riadiace systémy. Od historicky počiatočných implementácií takýchto systémov, cez analýzu súčasných riešení až po vytvorenie nového riešenia Honeypot, s vysokou mierou interakcie a následným nasadením na nový virtuálny súkromný server, po ktorom nasleduje analýza narušení, ktoré sa vyskytnú počas obdobia nasadenia.
|
|
| |
|
|
Modern computer viruses
Malina, Lukáš ; Malý, Jan (referee) ; Pust, Radim (advisor)
Bachelor’s thesis “Modern computer’s viruses” is composed from two mainly object (analysis computer’s viruses and suggestion of security middle computer network), separated for three parts: Analysis computer’s viruses, Personal suggestion of security personal computer end-user (computer terminal) and Personal suggestion of security middle computer network. Methods of transmission and infection, specific properties of viruses and impact upon personal computers are examined in the first part. Resolution of personal suggestion of security personal computer with help of antivirus software, personal firewall and antispam software is inducted in the second part. Futher, results of testing some free AV software and other security software are summarized with possible progress of configuration and recommendation for correct running this software. Complex suggestion of security middle computer network is adduced in the third part, where is inducted structure of security network. Configuration progression and recommendation for maximum security is indicated on particular used components. Structure is adapted for active network Cisco components, which are most used around these days. Completely suggestion of security network is directed on hardware firewall Cisco PIX, where is unfolded potential possibility of options. Futher, the third part contain some important tips and recommendation for completely working network, including setting security preference, security passwords and data encryption. Also, there is described various techniques monitoring and supervision working security network using complex monitoring software MARS (Cisco security monitoring, analyzing and response system) from Cisco company.
|
guest ::
