|
|
Enterprise Network IPS Security
Jakab, Vojtěch ; Babnič, Patrik (referee) ; Červenka, Vladimír (advisor)
This bachelor's thesis addresses the local area network security. The scope of this thesis is to explore the possibilities of security of these networks and introduction of some attacks which can threaten these networks. The main goal, however, is to design maximum security measures of testing network. CISCO router and Fortinet's firewall are available. Their configuration is limited by possibilities of their operating systems. By the appropriate programms the configuration of IPS configured on firewall is examined and they are used to try to evade this component. The last part of this work deals with executing particular network attacks. They are alaysed and agains successful attacks are proposed apropriate countermeasures.
|
|
|
Intrusion prevention system for network security
Popovec, Juraj ; Verner, Lukáš (referee) ; Balej, Jiří (advisor)
This thesis describes mostly used technologies and methods used for securing computer networks. In detail discusses detection and intrusion prevention system (IPS) issues. Includes laboratory excercise for configuring packet firewall and the second excercise, which simulates securing organization network by firewall with intrusion and prevention system technology.
|
|
|
Distributed Brute Force Attacks Protection
Richter, Jan ; Čejka, Rudolf (referee) ; Lampa, Petr (advisor)
This project deals with analysis of brute force attacks focused on breaking authentication of common services (especially ssh) of Linux and xBSD operating systems. It also examines real attacks, actual tools and ways of detection of theese attacks. Finaly there are designed new mechanisms of coordination and evaluation of distributed brute force attacks in distributed environment. These mechanisms are then implemented in distributed system called DBFAP.
|
|
|
Metrics for Intrusion Detection in Network Traffic
Homoliak, Ivan ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
Publication aims to propose and apply new metrics for intrusion detection in network traffic according to analysis of existing metrics, analysis of network traffic and behavioral characteristics of known attacks. The main goal of the thesis is to propose and implement new collection of metrics which will be capable to detect zero day attacks.
|
|
|
Extension of Behavioral Analysis of Network Traffic Focusing on Attack Detection
Teknős, Martin ; Zbořil, František (referee) ; Homoliak, Ivan (advisor)
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
|
|
|
Program for monitor testing
Matyáš, Pavel ; Prokeš, Aleš (referee) ; Michálek, Václav (advisor)
The goal of this term project are problems of LCD panels. The beginning of the term project is about theoretical description of particular types and features of actual LCD panels, origin of picture defects on computer monitors, measuring and picture quality testing methods of monitors. Practical part of project involves designing testing patterns and it's realisation in Borland Delphi development environment.
|
|
|
Network Traffic Monitoring using Long Working Analyser
Gilík, Aleš ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This diploma thesis is focused on network monitoring. The theoretical part describes using of detection and prevention systems, properties of these systems, their components and detection techniques. Next part of the thesis is focused on EndaceProbe analyzer and analytic application EndaceVision. Also web services, programming language WSDL and protocol SOAP are described. The practical part is focused on creating three laboratory exercises for network monitoring and for using EndaceProbe. Components of the exercises are the traffic generator IXIA and Cisco switches with the application of remote switched port analyzer. There are also used web services EndaceProbe, programming language WSDL and SOAP protocol.
|
|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Network infrastructure attacks and their mitigation using an IPS/IDS Snort
Olexa, Martin ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This paper gives an insight to detection and prevention systems regarding a network infrastructure. First part of the paper concentrates on key concepts in an information systems security and describes examples of attacks with tools used to mitigate them. A broader description is reserved for IDS/IPS systems with a focus on the Snort software. Second part of the paper analysis a sample attack abusing a vulnerable version of the OpenSSL library. This attack is used to describe a process of getting the necessary information, creating a Snort rule and testing the fixed vulnerability. Aim of this paper is to provide a manual and theoretical background regarding implementing an IDS/IPS solution in a computer network through an example attack.
|
|
|
Platby spotřebitelských účtů a služba inkasa hotovostníh plateb v České republice: podklady pro připravení strategie vstupu
Vorobyeva, Irina ; Halík, Jaroslav (advisor) ; Malý, Josef (referee)
The thesis is focused on consumer bill payments (payments of a small and medium value of 10 to 100 EUR) and the provision of payment-collection service in the Czech Republic, which being a member-state of the EU can show the trends and characteristics that can be identified in the markets of Germany, France, Italy and other countries of the Single Market of the EU. The purpose of this research is to analyze payment channels used by consumers in C2B level of transfers in the Czech Republic, what provides the basics to understand the appropriate form an instant payments business entity (consumer bill payment collector) should better take to have the space for future development and growth. The focus is made on the market of consumer bill payments and the current development of C2B payments sphere in the Czech Republic and the EU -- all to see the specifics of the market and to answer the question if the entrance and the launch of an IPS in the Czech Republic, first, would be of demand and, second, would have enough time to develop and mature itself to stay in existence in a long-term.
|
guest ::
