|
|
Application for illustrating the structure of the tested environment
Kuřina, Petr ; Holasová, Eva (referee) ; Kuchař, Karel (advisor)
This bachelor work deals with the creation of an application for the representation of the structures of the tested environment. The theoretical part describes the tools that are processed in the practical part, they are mainly the JavaScript programming language, Vue.js framework and penetration testing in general. The practical part presents the results of network topology testing was performed by Nmap tool. The aim of the practical part is to create an application that will clearly explain the results of testing to the user.
|
|
|
Cyber game for the OpenStack platform
Píš, Patrik ; Holasová, Eva (referee) ; Martinásek, Zdeněk (advisor)
This bachelor's thesis presents matters of penetration testing and ethical hacking with primary focus on binary exploitation. The main goal of this bachelor's thesis was to design and implement a cyber game which focuses on combining various exploitation techniques and presenting them in educative and engaging way. The theoretical part of this thesis concentrates on penetration testing methodology and provides a detailed analysis of a given vulnerability's mechanics and technologies that were crucial for the game's development. Practical part of this thesis consists of a detailed description of the game's design and implementation to OpenStack and cyber arena platforms. Additionally, the practical part of this thesis focuses on development of vulnerable applications, methodology and steps necessary for their successful exploitation. Due to the character of cyber game, a few protection mechanisms were necessary to deploy, and their description takes place in practical part of this bachelor's thesis as well.
|
|
|
Cyber attacks on operating systems
Holasová, Eva ; Komosný, Dan (referee) ; Člupek, Vlastimil (advisor)
This bachelor thesis is focused on cybernetic attacks towards operating systems. In the thesis, there are discussed base security functions of operating systems Windows, Linux and macOS; followed by described cybernetic attacks and its differences. The chapter Malware describes the most harmful software. Next chapter is about common awareness of cybernetic attacks, in which terms antivirus, firewall and IDS/IPS (Intrusion Detection System/Intrusion Prevention System) systems are defined. Following chapter brings scenario of ethics of hacking on operating system of personal computer, server and web server by using penetration tests. The thesis is finished by doing ethics hacking and evaluations. The goal of this thesis is to summarize the problem of cybernetic attacks, methods and tools whose goal is to break the security of the system, the use some of these method to do ethics hacking in virtualized environment.
|
|
|
Detection of DoS and DDoS attacks in IPv6
Frátrik, Tibor ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
This bachelor thesis in the theoretical part contains a description of the network and transport layer. The protocols of individual layers are also discussed. It is primarily about their function and safety. Individual attacks are also related to these layers. In this thesis are mentioned DoS (denial-of-service) and DDoS (distributed denial-of-service) attacks. Furthermore, the bachelor thesis mentioned detection and mitigation tools, and the possible solutions. The practical part contains descriptions of detections that were created in the Snort and Suricata programs. Finally, the individual detections and mitigations were also tested. In the detection of DoS attacks, the Suriata and Snort programs focused primarily on the number of packets per unit time. Detection in the Scapy program was focused mainly on individual ports of the transport layer. The goal was for DoS attacks to be detected and for ordinary network traffic not to be detected.
|
|
|
Specific anomaly detection methods in wireless communication networks
Holasová, Eva ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
The diploma thesis is focuses on technologies and security of the wireless networks in standard IEEE 802.11, describes the most used standards, definition of physical layer, MAC layer and specific technologies for wireless networks. The diploma thesis is focused on description of selected security protocols, their technologies as well as weaknesses. Also, in the thesis, there are described security threats and vectors of attacks towards wireless networks 802.11. Selected threats were simulated in established experimental network, for these threats were designed detection methods. For testing and implementing designed detection methods, IDS system Zeek is used together with network scripts written in programming language Python. In the end there were trained and tested models of machine learning both supervised and unsupervised machine learning.
|
|
|
System for network device detection and recognition of used protocols
Sasák, Libor ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
This master's thesis deals with the recognition of used protocols in a network using machine learning and the creation of a system for this purpose. It focuses on the most widely used industrial and common application protocols and describes selected well-proven machine learning techniques for their recognition. However, priority is given to artificial neural networks. It briefly describes databases and the specific implementation SQLite3 used in the final system implementation. A virtual environment for simulating selected Modbus/TCP, DNP3, HTTPS and FTP protocols is also created and described. Part of the thesis is devoted to the collection, analysis and processing of the data needed to recognize the protocols. Furthermore, it covers the creation and testing of machine learning models for the given protocols. Last but not least, the thesis is devoted to the design of the recognition system and its implementation with a graphical user interface. It also includes testing and evaluation of its advantages and limitations.
|
|
|
Development of a calculator for assessing vulnerabilities in Javascript
Škrhák, Pavel ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
The aim of this work is to describe the known methods of vulnerability assessment, and to implement them in a web application using the Vue.js framework. The thesis describes two vulnerability assessment systems, namely CVSS (Common Vulnerability Scoring System) and OWASP (Open Web Application Security Project) Risk Rating Methodology. Their parts, metrics and methods of calculation of the evaluation are described. Subsequently, these systems are compared and their strengths and weaknesses are determined. The work then evaluates some known vulnerabilities using these two assessment methods. The work then describes the design of the frontend and backend of the web application. The frontend uses the Vue.js framework, which allows the creation of dynamic one-page web applications. The components and layout of the application are designed. Furthermore, the appearance of the front application and its components is designed. The backend was designed to suit with the Djnago framework, which together with the django REST framework can be used to quickly create an API (Application Programming Interface) communicating with the database. A model for storing data from a frontend application was designed. The work then describes the implementation of this application divided into frontend and backend. The backend describes the implementation of the API and the database. The implementation of the model itself, serializer and methods for communication with the frontend application are described. In the frontend, a vue router is created, which is used to dynamically change the content of the page, then the components themselves are created, which serve as building blocks of the application. These components contain three parts, namely structure, JavaScript code and CSS (Cascading Sytle Sheets). Components can pass data and call functions of other components. The last part of the work is testing of the application itself. Its functionality is tested by calculating the score of already assessed vulnerabilities and some items of the OWASP ASVS (Application Security Verification Standard). Furthermore, security is tested by testing several known vulnerabilities, along with testing with OWASP ASVS.
|
|
|
Advanced network device scanner
Procházka, Michal ; Blažek, Petr (referee) ; Holasová, Eva (advisor)
The master thesis focuses on problem of identifying device types on a local network. The work explores current methods for device recognition on local networks and examines a survey of open-source tools capable of identifying these devices or gathering additional supplementary information. The discovered tools are compared based on several criteria. Furthermore, a laboratory environment is created for testing the identified tools as well as for testing own implementation. Subsequently, this thesis presents a proposal for the own implementation of a device identification method and the retrieval of advanced information about these devices. The main part of the work focuses on describing several possible methods of device identification, including practical examples. Scripting of the practical examples is implemented in Python or through the command line. Based on the outlined approaches, the thesis presents a list of all recognized devices from the experimental setup. Finally, the methods are compared in terms of network utilization during scanning.
|
|
|
Performance and security analysis of Wireguard technology
Varga, Oliver ; Holasová, Eva (referee) ; Krajsa, Ondřej (advisor)
This thesis deals with the description of WireGuard virtual private networks technology, its comparison with the technologies IPsec and OpenVPN based on the encrpytion algorithms they use to ensure security and also compares their technical parameters such as latency, jitter and transfer speeds. The work includes a description of the WireGuard technology, a comparison of the mentioned technologies and finally the results of the measurements of their technical parameters. The methodology chosen by us for testing the parameters, the hardware used to obtain the results and the network topology are also described. Finally, the results obtained from the tests are compared.
|
|
|
Industrial device authentication system using blockchain
Hnátek, Michal ; Holasová, Eva (referee) ; Fujdiak, Radek (advisor)
This bachelor thesis deals primarily with industrial networks and blockchain. Current implementations of network security are enumerated. A large part is devoted to the analysis of consensus algorithms and their suitability for industrial networks. The work also includes an extensive comparison of libraries for blockchain creation. In the area of industrial networks, the Modbus protocol is represented. The general function of blockchain and its modifications for use in industrial private networks are described. The creation of a private blockchain with the Proof of Authority consensus algorithm using the go-ethereum library is described, as well as the creation of a smart contract for a given blockchain.
|
guest ::
