|
|
Generation of IPv6 and ICMPv6 packets and their impact on the operation of network devices
Phan, Viet Anh ; Martinásek, Zdeněk (referee) ; Jeřábek, Jan (advisor)
Tato diplomová práce se zabývá problematikou fungování IPv6 (Internet Protocol verze 6), ICMPv6 (Internet Control Message Protocol verze 6), DHCPv6 (Dynamic Host Configuration Protocol verze 6), NAT64 (Network Address Translation 64) a DNS64 (Domain Name System 64) protokoly. Výzkumný proces je realizován nastavením síťových laboratorních scénářů, ve kterých si stanice vyměňují informace prostřednictvím protokolů IPv6. Ke zpracování a generování požadovaných typů paketů IPv6 za specifických okolností se používají nástroje, jako je vlastní program, aplikace Ostinato a stroj Kali Linux. Výsledky experimentu jsou analyzovány s cílem poskytnout správcům sítí nebo specialistům úplnější pochopení funkce protokolů IPv6 a také možných zranitelností.
|
|
|
Security testing of selected communication protocols and related vulnerabilities
Kuklovský, Adam ; Langhammer, Lukáš (referee) ; Jeřábek, Jan (advisor)
This master’s thesis extensively addresses the functionality and characteristics of the IPv6 protocol and its control protocol ICMPv6. Furthermore, the thesis discusses methods of penetration testing and technologies used in creating the testing environment. A key output of this work is a network scanning tool that has been compared with the popular Wireshark program. The conclusion describes the structure of the proposed tool and suggests possibilities for its future development and improvement.
|
|
|
Application explaining the principles of IP addressing
Bukovinský, Denis ; Jeřábek, Jan (referee) ; Langhammer, Lukáš (advisor)
This master's thesis presents the design and development of an application for teaching IP addressing in computer networks. The application includes a network simulator and an editor, allowing students to work with a predefined network topology, assign addresses to subnets, and customize the network as needed. It verifies the correctness of address assignments and detects address conflicts. The thesis covers theoretical background, implementation details, and testing of the application. The developed tool provides a valuable resource for students, facilitating their understanding and practice of IP addressing concepts in network education.
|
|
|
Design of a rescue button for emergency calls in cars
Jarabý, Šimon ; Jeřábek, Jan (referee) ; Dvořák, Jan (advisor)
This bachelor’s thesis focuses on the design and implementation of a prototype device, which aims to retrofit vehicles manufactured before 2018 with an emergency call sys- tem. The device will operate on similar principles as the eCall service introduced by the European Union. The first part of the work contains a basic acquaintance with the used technologies and procedures in the proposed devices. Since this is a device intended for cars, we perform this retrofit by connecting the device to the OBD-II (On Board Diagnostics) diagnostic connector. For this reason, in the theoretical part we get acquainted with the diagnostic connector OBD-II as well as with the CAN bus, com- munication protocols or the method of accident evaluation. The practical part with the subsequent design of equipment and selection of individual components. We will need to send location and communication from the devices via the 3G network, which is why we choose the Global Positioning System (GPS) and Global System for Mobile Commu- nications (GSM) modules. We will also evaluate the accident using an accelerometer so that we can determine the severity of the accident. The last part of the work describes the practical construction and implemented equipment.
|
|
|
DNS firewall and its deployment and integration in cyber center
Doležal, Martin ; Kubánková, Anna (referee) ; Jeřábek, Jan (advisor)
This bachelor's thesis deals with the deployment, integration, and testing of a DNS firewall in a security operations center. It describes the connection of endpoints and remote local area networks to the DNS firewall located in the security operations center. Furthermore, the enforcement of the DNS firewall is described. The main goal of the thesis was to deploy and integrate a DNS firewall inside a security operations center. The first chapter describes the security operations center in general. The second chapter deals with the DNS system. The following chapter describes the security of the DNS system and security of DNS requests, the reader is informed of the term DNS firewall and RPZ and VPN technologies. The fourth chapter describes the DNS firewall deployment process and its integration in a real security operations center. The next chapter describes connection methods of endpoint and remote local area networks to the DNS firewall and its enforcement inside the security operations center. The last chapter deals with performance testing and deployed DNS firewall availability. The outcome of the thesis involves a deployed, integrated, fully-functional, and tested DNS firewall in a real-world security operations center. The Bind software package along with the RPZ technology was used to implement and deploy the DNS firewall. For testing and connection of endpoints, the VPN technology, and the RIPE Atlas network was used.
|
|
|
Design of a rescue button for emergency calls in cars
Jarabý, Šimon ; Jeřábek, Jan (referee) ; Dvořák, Jan (advisor)
This bachelor’s thesis focuses on the design and implementation of a prototype device, which aims to retrofit vehicles manufactured before 2018 with an emergency call sys- tem. The device will operate on similar principles as the eCall service introduced by the European Union. The first part of the work contains a basic acquaintance with the used technologies and procedures in the proposed devices. Since this is a device intended for cars, we perform this retrofit by connecting the device to the OBD-II (On Board Diagnostics) diagnostic connector. For this reason, in the theoretical part we get acquainted with the diagnostic connector OBD-II as well as with the CAN bus, com- munication protocols or the method of accident evaluation. The practical part with the subsequent design of equipment and selection of individual components. We will need to send location and communication from the devices via the 3G network, which is why we choose the Global Positioning System (GPS) and Global System for Mobile Commu- nications (GSM) modules. We will also evaluate the accident using an accelerometer so that we can determine the severity of the accident. The last part of the work describes the practical construction and implemented equipment.
|
|
|
New scenarios with Wireshark in communication technologies
Šíma, Jan ; Dvořák, Jan (referee) ; Jeřábek, Jan (advisor)
The aim of this thesis is to design and create scenarios that will be used by students as a basis for laboratory exercises in a course that focuses on communication technologies. These scenarios also need to be accompanied by a theoretical introduction that will introduce the topic under discussion to the students. The created scenarios contain additional tasks that are intended for individual work of students. For the teachers there are prepared separate files summarising the correct solution of these tasks. This thesis starts with a theoretical description of used network protocols. First the TCP/IP model is described and then the protocols that belong to this model. The main ones are those that occur in multiple created scenarios, such as TCP, UDP or DNS. The programs and applications that are used in the scenarios are also described. The main program is Wireshark and also the application called Klient DNS. This is followed by a chapter that deals with the drafting of each scenario. The drafts outline what the scenarios goals are. The drafts also list the protocols, programs, and utilities that are used in the exercise. The first scenario contains tasks based on Network Address Translation and its interaction with other protocols, such as the previously mentioned TCP, UDP, and also ICMP and FTP protocols. The second created scenario is dealing and analyzing protocols that try to secure the translation of domain names. Specifically, the DNSSEC extension and also the DoH protocol. The third scenario is focusing more in detail at the function of recursive servers in DNS and DNSSEC communication. The last created scenario explains the planning and allocation of the address space, where again the NAT topic is encountered and the function of routing tables is also explained here.
|
|
|
Security testing of selected network protocols and related vulnerabilities
Böhmová, Monika ; Šeda, Pavel (referee) ; Jeřábek, Jan (advisor)
This thesis focuses on problematics of IPv6, ICMPv6 and DNS protocols, vulnerabilities and testing of aforementioned protocols. Methods of testing including black-box, whitebox and grey-box are explained. Testing instances and scenarios are listed for black-box and white-box testing methods. Furthermore manual and automated testing with use of tools is differentiated. Thesis also includes creation of testing environment and tool for automated testing. Environment is created using a software tool for virtualization of network infrastructure and its elements using GNS3 tool. Tool for automated testing is created with the use of Python 3 programming language. This tool includes scripts which test devices present, settings of connected networks and verify device vulnerability to Man in the Middle attack. Testing of the tool on its own is performed using the created testing environment with various types of end devices which influence the progress and results of the tests which are the output of the automated testing tool either in human readable or machine readable formats.
|
|
|
Application for automatic control of CISCO device configuration
Zbořil, Tomáš ; Jeřábek, Jan (referee) ; Kubánková, Anna (advisor)
The problem of mismatched running configurations on the networking devices is common and it is not always easy to troubleshoot. Another problem of the same scale is an analysis of the routing information in routers, its heterogeneity in terms of dynamic routing protocols, numerous various settings, and last but not least, management of these protocols. These problems require a software solution that would be helpful in analysis and would allow for automated addressing of problems found during the analysis. This master's thesis attempts to do this by designing and implementing such program for the protocol OSPFv2. It uses the SSH protocol to allow for retrieval of running configuration files from the devices and their comparison to the user-added configuration files. SSH protocol is also used to run commands on the devices and to gather their outputs, which are subsequently analysed. The output of the analysis is used in automated error correction, the correctness of which, is checked by the presence of the routes on the routers to the rest of the network.
|
|
|
New functions of client application for DNS protocol for lectures
Ramosová, Patrícia ; Komosný, Dan (referee) ; Jeřábek, Jan (advisor)
The aim of this Master thesis entitled New functions of client application for DNS protocol for lectures is to gain understanding of domain name translation protocols, examine the existing clientDNS application, its source codes and compare it with similar existing tools, such as DNS Benchmark, Nslookup and Dig. Based on the performed analysis, new functionality was designed and various errors that the original application contained were identified. After implementing the proposed features and minor improvements, the new version of the DNS client app has been properly tested. The main innovations of the application consist of new modules for DNS over TLS and Link-Local Multicast Name Resolution protocols, and a new module for Mass testing of DNS servers and domain names. Minor improvements consist mainly of a new graphical interface adapted for small and large screens, multi-thread architecture, automatic translation and much more.
|
guest ::
RSS feed.