|
|
Network Protocols Semiautomatic Diagnostics
Svoboda, Ondřej ; Ryšavý, Ondřej (referee) ; Holkovič, Martin (advisor)
This thesis is about semiautomatic network protocol diagnostics and creating protocol description from eavesdropped communication. Several network eavesdropping techniques and some common programs for network analysis are introduced. Well-known network protocols are described, with focus on their communication messages. Some already existing methods for creating models from examples are mentioned and their characteristics defined. Next we design architecture of developed tool and some methods, that create protocol description. After that we explain implementation of this tool and finally the tool is tested and experimented with.
|
|
|
Traffic detection and analysis using SSL/TLS
Hutar, Jan ; Dvořák, Jan (referee) ; Smékal, David (advisor)
This diploma thesis deals with a detection and analysis of secure connections of electro- nic communication through SSL/TLS protocols. The thesis begins with introduction to SSL/TLS protocols. Thereafter, an analysis of messages used to establish secure con- nections using STARTTLS and postal protocols SMTP, POP3, and IMAP was made. Metadata detection and extraction of secured simplex and duplex connections take place using deep packet inspection tools. The tool of choice is the nDPI library from the Ntop project. The library was extended to detect the connections and extract the metadata based on studies and analysis of transmitted messages. Finally, testing is performed on a training data set and a basic analysis of acquired metadata is made.
|
|
|
Probe for the Application Protocols Monitoring
Fukač, Tomáš ; Košař, Vlastimil (referee) ; Viktorin, Jan (advisor)
This work describes an extension of the Microprobe functionality for detection and filtering of application protocols. The Microprobe is an embedded system designed for monitoring network links at speed 1 Gb/s without loosing any packets. The detection of application protocols requires using of computationally expensive operations, especially string lookup (usually based on regular expressions). Based on the study of several protocols (SMTP, POP3, FTP, SIP) a draft of a new architecture has been created. The new architecture splits this functionality between programmable logic FPGA and processor. The FPGA performs preprocessing of network traffic consisting of a lookup for user identifiers and protocol-specific patterns. The processor verifies that it is the requested communication. The processor does not need to process the entire network traffic but only the part pre-filtered in the FPGA. The software part is extended by a module for the analysis of SMTP which allows processing of more than 5,000 network flows per second. Support for other protocols can be added by an extension of the software part.
|
|
|
IMAP Proxy for POP3 Mailboxes
Kružliak, Miroslav ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
This bachelor's thesis deals with retrieving e-mails from different accounts on POP3 servers and their organisation in one account on IMAP server. It also studies settings and configuration of IMAP servers in enviroment of operating system Linux. Protocols IMAP and POP3 are briefly compared here from implementation point of view. Further it studies possibilities of periodical start of processes and secure saving of sensitive information. In this part of my thesis main methods of cryptography are shortly confronted.
|
|
| |
|
|
Intelligent Mailbox
Pohlídal, Antonín ; Drozd, Michal (referee) ; Chmelař, Petr (advisor)
This master's thesis deals with the use of text classification for sorting of incoming emails. First, there is described the Knowledge Discovery in Databases and there is also analyzed in detail the text classification with selected methods. Further, this thesis describes the email communication and SMTP, POP3 and IMAP protocols. The next part contains design of the system that classifies incoming emails and there are also described realated technologie ie Apache James Server, PostgreSQL and RapidMiner. Further, there is described the implementation of all necessary components. The last part contains an experiments with email server using Enron Dataset.
|
|
|
Configurable Security Email Proxy
Židek, Stanislav ; Samek, Jan (referee) ; Cvrček, Daniel (advisor)
This bachelor thesis deals with design and implementation of multiuser configurable system capable of securing communication via electronic mail. Emphasis is put especially on remote configuration. It also describes existing protocols used for this communication and some of the mechanisms that can secure this communication from different points of view.
|
|
|
Detection of Dictionary Attacks on Network Services Using IP Flow Analysis
Činčala, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
Existing research suggests that it is possible to detect dictionary attacks using IP flows. This type of detection was successfully implemented for SSH, LDAP and RDP protocols. To determine whether it is possible to use the same methods of detection for e-mail protocols virtual test environment was created. I deduced the characteristics of attacks in flows from the data, which I gained from this virtual environment. Than I chose the statistical value that separates the attacks from legitimate traffic. Variance of specific flow parameters was chosen as main characteristic of attacks. IP addresses with flows that have small variance of chosen parameters and high frequency of packet arrival are considered untrustworthy. Variance is calculated from IP history to rule out false positives. The IP history of legitimate user contains variation of flows which prevents marking this IP address as dangerous. On the basis of this principal the script, which detects the attacks from the nfdump output, was created. The success of detection of the attacks was tested on classificated data from the real environment. The results of tests showed, that with good configuration of marginal values the percentage of detected attacks is high and there are no false positives. Detection is not limited only on mail protocols. With regard to universal design, the script is able to detect dictionary attacks on SSH, LDAP, SIP, RDP, SQL, telnet and some other attacks.
|
|
|
Implementation of multi-purpose server based on WINDOWS
Depiak, Petr ; Kouřil, Jiří (referee) ; Pfeifer, Václav (advisor)
This thesis puts brain to the pieces of knowledge of the network services which are occurred in the server systems. These services are related to data storing, transport and data interpretation. Basically there are transport services which are used by FTP and SMB protocols. These protocols define them generally and their security too. Next section describes principles and application possibilities of electronic mail. It is based on SMTP, POP3 and IMAP protocols. The important part of this thesis is the World Wide Web service exploiting the HTTP protocol. It also refers to creation of dynamic presentation of electronic document by using the MySQL relational database and PHP script language. Practical part goes out of the theoretical part discussed above and all services are implemented on the MS Windows 2003 Server EE R2 platform. The main scope is oriented to the highest usage of data security within the available software. Other part presents the introduction to hosting of the Novell eDirectory service. It is practically applied on the MS Windows platform. This application also includes the administration of eDirecroty service by using the standard tool. This tool allows the administration though the web interface.
|
|
|
System for automatic evaluation of email messages
Frkal, Jan ; Červenka, Vladimír (referee) ; Koutný, Martin (advisor)
This diploma thesis deals with the design and realisation of system for automatic evaluation of e-mail messages. The system works with PHP language and MySQL database. It also allows automatic synchronisation. During the synchronisation e-mail messages are downloaded and saved using IMAP or POP3 protocol. Subsequently, the messages are analysed. During the analysis the reports are classified into types, according to pre-defined keywords. The system also works with black lists and white lists. If the sender of an e-mail is during the synchronisation found in the blacklist, that e-mail will be skipped. On the contrary, if the sender of an e-mail is found within the white list, that e-mail will be excluded from keyword matching and from the list is type and category loaded. Most of the values from the carried out evaluation of the e-mails can be clearly seen in advanced statistics. Pie charts and numerical statistics are available. Access to the system is protected by a login. Therefore, login can only registered users.
|
guest ::
