|
|
Secure Network Based on Virtual Next-Generation Firewall
Varmus, Pavol ; Burda, Karel (referee) ; Malina, Lukáš (advisor)
The bachelors thesis aims to study the issue of security of the networks that use firewalls. The next goal is to evaluate the characteristics of a different types of firewalls and to summarize its results. The other object is to design a small or medium sized network with description of best practice. The main objective of the thesis is to design a lecture task for students to test with a step-by-step solution. This task is for students to undertand the importance of firewalls as a network protection service tools and to try out different types of filters for maintainin network security. The task ends with a practical stress test made by a network attack in order to see its resistance to the attack.
|
|
|
Inference of DDoS Mitigation Rules
Jacko, Daniel ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis focuses on DDoS attacks, their types and means of their mitigation. The aim of the thesis is to design and implement an algorithm which would be able to derive rules to block DDoS attacks. For this, we chose the algorithm of machine learning, a decision tree, which starts operating as soon as the attack is detected. The algorithm operates with a sample of data detected during the attack, and with a sample of legitimate communication. A part of this thesis is also a description of a BPF format and an overview of executed experiments.
|
|
|
Laboratory task demonstrates Intrusion Protection System
Bronda, Samuel ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis is divided into two parts. The theoretical part describes security systems, various types of attacks and details of systems to protect computer networks. The practical part focuses on the workplace, where will operate IDS / IPS system Snort and Suricata, the necessary adjustments and simulation of attacks. The bachelor thesis also includes putting the system into real terms.
|
|
|
Network Configuration Synthesis and Verification
Černeková, Alžbeta ; Veselý, Vladimír (referee) ; Ryšavý, Ondřej (advisor)
The subject of this master's thesis is to address the topic of network devices configuring. It resolves the problems related to simplifying certain parts of configuration while eliminating frequent errors or issues. It introduces a solution to setting of IP addresses on router's interfaces. Furthermore it presents the generation of configuration for particular dynamic routing scenarios and its application and methods for its verification on network devices. It also demonstrates the preparation of configuration of VPN tunnel between two devices. The conclusion of this thesis contains possibilities for further extensions or improvements.
|
|
|
Automation of DDoS Attack Mitigation
Nagy, Peter ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
The aim of this thesis is automation of DDoS attack mitigation. This thesis provides an overview of GNU/Linux network platforms and different approaches for their configuration. The aim is to select a platform that could be extended to automate DDoS mitigation. DDoS attack types are explained as well. Selected methods for DDoS mitigation are described in more detail such as Remote Triggered Black Hole and BGP Flowspec. Existing tools like DDoS Defender and FastNetMon are used to detect a DDoS attack. NETX was chosen as target implementation platform. To communicate with devices, API or BGP protocol with Flowspec extension are used.
|
|
|
Software design for mapping of the network topology
Janura, Dominik ; Novotný, Bohumil (referee) ; Sobek, Jiří (advisor)
This thesis addresses the issues of network topology mapping, where the network consists of multiple Cisco devices. It includes theoretical knowledge in this field and closely describes possible solutions to this problem. It explains the process of design and implementation of this kind of network mapping software by chosen means. Correct function of the created application is tested on a virtual network.
|
|
|
Inference of DDoS Mitigation Rules
Jacko, Daniel ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis focuses on DDoS attacks, their types and means of their mitigation. The aim of the thesis is to design and implement an algorithm which would be able to derive rules to block DDoS attacks. For this, we chose the algorithm of machine learning, a decision tree, which starts operating as soon as the attack is detected. The algorithm operates with a sample of data detected during the attack, and with a sample of legitimate communication. A part of this thesis is also a description of a BPF format and an overview of executed experiments.
|
|
|
Cyberpropaganda and its Communication Models
Gladiš, Michal ; Marcelli, Miroslav (advisor) ; Mucha, Ivan (referee)
Cyberpropaganda and its Communication Models In this thesis, communication models representing the functioning of communication in a network of social interactions are analyzed. Understanding the communication of new media can contribute to understanding the processes that take place in cyberspace. The aim of this thesis is to decipher the forms of propaganda that operate in it. This work can contribute to the understanding of several forms of current social events, such as public relations, influencing public opinion or political struggle, which have significantly moved into cyberspace. The presentation of cyberspace and new media from several perspectives, together with the complex characterization of the communication that takes place in them, creates its overall image, in which the thesis reveals possible penetrations of propaganda tendencies of targeted manipulation with its members. In this thesis, cyberpropaganda is approached from several points of view. It is about updating propaganda models from the mass media to the emergence of new forms, techniques and tools that have enabled the new media. The starting point of this research is to clarify the complexity of communication, which is not shaped exclusively by its new technical aspects, but is to some extent a continuation of its previous...
|
|
|
User and Device Metadata Collection from the Darkweb
Gula, Ján ; Matoušek, Petr (referee) ; Veselý, Vladimír (advisor)
This bachelor's thesis solves the problem of anonymization on the Internet, that is widely used for dealing with illegal substances. This problem drives law enforcement agencies to be interested in web pages that represent markets with forbidden content which are hidden behind anonymity networks. My goal is to focus on the biggest markets with such content and to gather as much information as possible about subjects that posture on similar types of web pages either as sellers or as buyers. I have resolved the given problem by choosing the most impactful markets according to the number of users signed in. I have become one of the users and applied algorithms for data scraping to get information from web pages into a structured form that is more suitable for a deeper analysis. The results of this thesis will help law enforcement agencies with the analysis of metadata of users that commit illegal activities as they will not have to manually search through the illegal markets, and they will have all available data summed up in a structured form in a database. Unifying data into a structured form will help speeding up the investigation and address the biggest drug sellers.
|
|
|
Automation of DDoS Attack Mitigation
Nagy, Peter ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
The aim of this thesis is automation of DDoS attack mitigation. This thesis provides an overview of GNU/Linux network platforms and different approaches for their configuration. The aim is to select a platform that could be extended to automate DDoS mitigation. DDoS attack types are explained as well. Selected methods for DDoS mitigation are described in more detail such as Remote Triggered Black Hole and BGP Flowspec. Existing tools like DDoS Defender and FastNetMon are used to detect a DDoS attack. NETX was chosen as target implementation platform. To communicate with devices, API or BGP protocol with Flowspec extension are used.
|
guest ::
