|
|
Criminal and criminological aspects of cybercrime with a focus on denial of service attacks
Přívozník, Lukáš ; Krupička, Jiří (advisor) ; Heranová, Simona (referee)
Criminal and criminological aspects of cybercrime with a focus on denial of service attacks Abstract The aim of this master thesis is to analyze the criminal law assessment of denial of service (DoS) cyber-attacks and related criminological aspects. The author deals with the technical characteristics and typology of this type of attack. He analyzes its individual variants, as the way of performing the attack, that is reflected in its criminal assessment. The thesis also describes the facts concerning the largest series of DoS attacks that occurred in the Czech Republic in 2013. Next, the author deals with the criminological aspects of cybercrime, namely its expansion and latency, the perpetrators and victims of the denial of service attack and related prevention, including techniques and methods of defense against this attack. In the main part of the thesis, the author analyzes the criminal law aspects of this specific type of crime. The thesis deals with the development of law in this area at international level, within the European Union and at national level. It also deals with the analysis of the factual situation of cybercrime provided for in Sections 230 to 232 of the Criminal Code and the criminal law assessment of individual variants of the attack. The thesis deals with related problematic points,...
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
Flood attacks generation
Hudec, David
Proposal of a high speed packet flooding device is presented in this paper. The product is based on the FPGA (Field-programmable Gate Array) platform, developed in VHDL (Very high speed integrated circuit Hardware Description Language) and set into the NetCOPE environment. It uses an existing solution of packet generator. Once done, it should be implemented on a COMBO-80G board to serve as a network stressing tool.
|
|
|
Cyber Attacks
Zmeškal, Jiří ; Člupek, Vlastimil (referee) ; Číka, Petr (advisor)
Theoretical part of this thesis is dedicated to describing basic terms of network communication. Usage of network communication has become a necessity and is used on daily basis for a number of purposes, starting with communication between people, going across internet shopping and banking all the way to remote controlling industrial machinery. Another theoretically described topic is how attackers abuse attributes and shortcomings of communication protocols in order to commit illegal activities, specifically denial of service type of attacks. Finally, theoretical part includes a list of found open source applications capable of launching such attacks. Practical part describes development of application, capable of launching two selected forms of attack. These attacks are HTTP GET Flood, based on sending massive amounts of GET request, and Slow HTTP GET, based on imitating a user with slow internet connection. The development is described step by step and includes multithread processing, used publicly available components (Boost library for example) and challenges encountered during development (such as library limitations and cross platform compatibility).
|
|
|
Network Attack Simulator
Filičko, Dávid ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The thesis discusses about study of networks attacks and framework monitoring packets in the network. It proceeds especially network attacks, which can be detected without knowledge about the contents of packets. The aim of this thesis is to develop the simulator based on detected features, which will simulate these attacks. The output from the simulator will be created in the Nemea framework to improve the quality of tools of detection and prevention of given attacks. The simulator will be functioning for testing purpose only. Under no circumstances it will be possible to realize individual attacks.
|
|
|
An Analysis of Selected IPv6 Network Attacks
Pivarník, Jozef ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
This master's thesis analyses and demonstrates selected IPv6 attacks including two Man-in-the-Middle attacks and one Denial of Service attack - Rogue Router Advertisement, Neighbor Cache Poisoning and Duplicate Address Detection DoS, respectively. In the first part the author presents necessary information related to the issue and provides detailed information on how to realize these attacks in practice using publicly available tools. The second part of the thesis presents various ways of mitigating presented attacks, analyses implementations of some of those countermeasures on Cisco and H3C devices and discussess their applicability.
|
|
|
Open source PBX security against attacks
Orsák, David ; Daněček, Vít (referee) ; Šilhavý, Pavel (advisor)
This master's thesis deals with open source PBX security against security attacks. In the theoretical part is detailed description of problematic about attacks that could be used on VoIP systems with high focus on the Denial of Service attack. Furthermore are in theoretical part described methods of security of initialization protocol SIP. Individual chapter is devoted to intrusion detection and prevention of IDS and IPS systems, focusing on Snort and OSSEC. In the practical part of the work was created generator of attacks against various PBX systems, which was subsequently used for detailed testing. Special tests of PBX system are then used against DoS attacks, for which was created protection in form of active elements consisting of IDS Snort & OSSEC. These are capable to provide protection in real-time. The protection was tested on particular PBX systems and in matter of comparison were measured possibilities before and after of security implementation. The output of this work is attacks generator VoIPtester and creation of configuration rules for Snort and OSSEC.
|
|
|
Modern computer viruses
Malina, Lukáš ; Malý, Jan (referee) ; Pust, Radim (advisor)
Bachelor’s thesis “Modern computer’s viruses” is composed from two mainly object (analysis computer’s viruses and suggestion of security middle computer network), separated for three parts: Analysis computer’s viruses, Personal suggestion of security personal computer end-user (computer terminal) and Personal suggestion of security middle computer network. Methods of transmission and infection, specific properties of viruses and impact upon personal computers are examined in the first part. Resolution of personal suggestion of security personal computer with help of antivirus software, personal firewall and antispam software is inducted in the second part. Futher, results of testing some free AV software and other security software are summarized with possible progress of configuration and recommendation for correct running this software. Complex suggestion of security middle computer network is adduced in the third part, where is inducted structure of security network. Configuration progression and recommendation for maximum security is indicated on particular used components. Structure is adapted for active network Cisco components, which are most used around these days. Completely suggestion of security network is directed on hardware firewall Cisco PIX, where is unfolded potential possibility of options. Futher, the third part contain some important tips and recommendation for completely working network, including setting security preference, security passwords and data encryption. Also, there is described various techniques monitoring and supervision working security network using complex monitoring software MARS (Cisco security monitoring, analyzing and response system) from Cisco company.
|
|
|
System for testing the robustness of communication unit LAN of remote data acquisition
Mlýnek, Petr ; Zeman, Václav (referee) ; Mišurec, Jiří (advisor)
Remote data collection systems are widely used. One of the area is also data collection in energetics, where the energy consumption can be collected daily and presented to users on-line. The advantage of the remote data collection is possibility of frequent readings without a physical presence at the electrometers. The data transmission over the Internet can be subject of various attacks, which is the disadvantage. The understanding of attack method is the most important thing. The protection against the hackers is not complicated, but requires lot of attention. This master's thesis is focused on testing security of the communication unit LAN of remote data acquisition against attacks from the Internet. The next aim of this thesis is to describe algorithm of particular attack, needed recourses for their realization and method of their measurement and evaluation. Communication unit and component composition for attacks simulation is described in the first part of this thesis. The next part is focused on scanning for hosts and ports. The main part of this thesis is focused on the denial of service attacks and man in the middle attacks. In the end of my thesis is described selection of cryptographic system for remote data acquisition and is showed possibility of authentication mirroring. Problems of physical security are described too. The result of this thesis is script implementing all attacks, which are described.
|
|
|
Web application security
Matušek, Václav ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The Bachelor thesis deals with the security of web applications. The main aim is to create complex view of most frequent attacks in practice and also to describe possibilities in prevention of the attacks. The prevention is described for both, user's and developer's side. Thesis contains also information about their origin and reminds the attacks from the past. It includes review of the standards and Czech legislation, which affect the security or define proper way how to develop the application. Important output of this thesis is also list of rules, which helps the developer to design secure application.
|
guest ::
