|
|
Cyber Attacks in JMeter
Klimeš, Jan ; Člupek, Vlastimil (referee) ; Číka, Petr (advisor)
Bachelor thesis deals with the security of computer networks based on TCP/IP protocol stack. The main aim is to create extension modules for application JMeter that add features to the software generate DoS attacks, SYN flood, UDP flood, DNS Server attack and DNS Amplification using applications Trafgen. The theoretical part generally describes cyber attacks, associated with network protocols and application JMeter itself. The practical part contains a description of the graphical interface of the expansion modules, each class which the modules consist of and test results.
|
|
|
Protection Against DoS Attacks Using P4 Language
Vojanec, Kamil ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This thesis focuses on reimplementation of existing DoS (Denial of Service) attack mitigation device with high-level P4 programming language. The main reason for using P4 is to enhance adaptability and functionality to different types of DoS attacks. The created device is designed in a modular way and enables easy alterations by using interchangeable components. The target platform for this thesis is an FPGA acceleration card. The work results in designing several DoS mitigation components and implementing applications composed of these components. Pats of this work have been presented at IEEE ANCS (Symposium on Architectures for Networking and Communication Systems) in September 2019 at University of Cambridge.
|
|
|
Implementation of plugins for JMeter
Švehlák, Milan ; Člupek, Vlastimil (referee) ; Martinásek, Zdeněk (advisor)
This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.
|
|
|
Analysis of possible threats in old OS Linux version
Chovancová, Emília ; Dejdar, Petr (referee) ; Tomašov, Adrián (advisor)
The bachelor thesis is focused on the security aspect of an older version of a Linux based machine. The document is split into a theoretical part which contains a description of what operating system, kernel, UNIX, GNU/LINUX and Linux OS are in general. Then the description proceeds to explanation of active and passive attacks such as replay, masquarade, denial of service, man in the middle or listening and analysing the network. Afterwards it continues with description of potentially vulnerable spots that are common on operating systems. With the help provided from scanning software, especially Nmap and Lynis, the document proceeds to the practical part which contains various types of successful and unsuccesfful attacks such as password recovery, denial of service, spectre, brute force of a password and cross-site scripting. The last part covers the protection against succesfull attacks and adds a little bit more of additional protection in general in a form of an ansible script.
|
|
|
Secure Network Based on Virtual Next-Generation Firewall
Varmus, Pavol ; Burda, Karel (referee) ; Malina, Lukáš (advisor)
The bachelors thesis aims to study the issue of security of the networks that use firewalls. The next goal is to evaluate the characteristics of a different types of firewalls and to summarize its results. The other object is to design a small or medium sized network with description of best practice. The main objective of the thesis is to design a lecture task for students to test with a step-by-step solution. This task is for students to undertand the importance of firewalls as a network protection service tools and to try out different types of filters for maintainin network security. The task ends with a practical stress test made by a network attack in order to see its resistance to the attack.
|
|
|
Generating of flood attacks
Hudec, David ; Hajný, Jan (referee) ; Smékal, David (advisor)
The assessment comprises of two parts, describing theory and generating of flood attacks respectively. The first part covers flood attacks' analysis, deals with their available techniques and practices, known in the area, and a computer simulation program, revealing the behavior of a contested network as well as the attacker's procedure. In the following part, data generating solutions itself are described. These are represented by two hardware programs, adapted from existing solutions, and one C# application, created by the author. The comparison of these two approaches is included, as well as are the generation results and mitigation proposal.
|
|
|
Stress tester
Charvát, Ondřej ; Martinásek, Zdeněk (referee) ; Zeman, Václav (advisor)
The diploma thesis deals with network infrastructure load testing. It’s target is to design and implement a network probe which will be in a form of JMeter plugin one of the components in load tester project. It offers sufficient theoretical basis about load testing, analyzes different types of DoS which can be used to stress the tested infrastructure and also discusses some solutions for load testing realization used in practice. Following is a study of possible ways for realization of the probe with help of several open-source tools. The suitability of individual tools is evaluated from the point of view of the network probe requirements and then the most suitable ones are selected as the basis for it’s implementation. Then, a network probe design is constructed in which it’s functionality is divided into two separated plug-ins, a network probe itself and a server emulator, and the implementation phase is commenced. The implementation is done in Java programming language to allow the new components to use all the neccessary JMeter API functions. The structure of individual parts of the modules as well as many implementation details are analyzed thoroughly in the text. The final chapter of the thesis describes function of the newly created components. After their installation into the load tester the procedure and the results of the functional testing are presented. This thesis describes the whole process of developing a plug-in for JMeter software.
|
|
|
Generator of Cyber Attacks
Halaška, Peter ; Burda, Karel (referee) ; Hajný, Jan (advisor)
This work deals with the security of computer networks based on TCP/IP protocol stack. The main objective is to develop a generator of DoS flooding attacks which carries out attacks such SYN flood, RST flood, UDP flood, ICMP flood, ARP flood, DNS flood and DHCP starvation. The theoretical part describes the features of the mentioned attacks and protocols or mechanisms associated with them. Next part deals with the comparison of selected tools (Hping3, Mausezahn, Trafgen) in terms of number of packets per second (pps) and the link utilization (MB/s). The practical part describes design and implementation of the new attacking tool. There is explained the importance of it’s individual modules, it’s installation and usage options. New tool is also being tested. Then there is described the development, options and installation of control interface which is in the form of web application.
|
|
|
Generator of illegitimate network traffic
Blažek, Ondřej ; Smékal, David (referee) ; Blažek, Petr (advisor)
The diploma thesis deals with the problems of DoS/DDoS attacks and development of a tool, in C lanugage, for generating them. In the first chapter the principles of DoS attacks targeting the internet and transport layers of ISO/OSI model are described and also according to their characteristics divided. Selected attacks on the application layer are also described here in detail togehter with protocols which they are based on. In the following chapter there has been created a comparison of freely available tools, which could be used as a attack generators. The practical part is dedicated to a development of a tool for DoS attacks, especially design, general description and usage. Further there is a summary of the newly created library, including results of web server testing, and extensions of a web interface, which is part of the developed tool.
|
|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
guest ::
