|
|
Software for seeking vulnerable computers in network
Krkoš, Radko ; Pelka, Tomáš (referee) ; Polívka, Michal (advisor)
This thesis concerns about computer system and network infrastructure security. It describes the topic of security holes and vulnerabilities and discusses possibilities for computer attack defense. Common security holes and client and server systems configuration errors are described. There are stated simple rules and advices for configuring network environment according to security and minimalization of failure or violation risk due to security holes and vulnerabilities. Thesis adresses approaches of security hole detection in programs and devices entrusted to administrator, device and security holes inventory control and prevention possibilities. Thesis describes how to execute self security audit and how to process its results. It suggests techniques and methods to administer network, server, or intranet during its lifespan according to security. It also analyses existing available software and evaluates its features and resources with regard to security topic. Software is chosen to simplify work for administrator in some or more parts of security management like network condition analysis, error and vulnerability detection in computer systems, network infrastructure, web applications or applications for network alternation detection. Thesis recommends requirements for security audit application and discusses eligible features in regard of functionality and added value. Created set of scripts simplifies administrator's work by automating common and time consuming tasks and delivers information in compact and simple form, what makes the work more comfortable and shortens the reaction time to crises such as discovery of new security hole or security breach.
|
|
|
CISCO security laboratory exercise
Švec, Martin ; Hajný, Jan (referee) ; Pelka, Tomáš (advisor)
The main purpose of this diploma thesis is to become familiar with the principles and technical solutions regarding security components of Cisco company and configure assigned system according to valid rules of security. In introduction are explained the reasons for networks security solutions. This work also analyses different kinds of security weaknesses which include deficiencies of networks protocols and also the attacks from hackers. The principle of firewall is described and also its particular types. This work is focused on explanation and classification of PIX firewall, which has dominant role in the field of network security. The other equipments of Cisco, which are improving the level of security, are also mentioned. The practical part of this diploma thesis is composed of networks connections and configuration of system consisting of router, PIX firewall and switch. It also includes the detailed procedure and description of configuration of network equipments. The focus is put on minimalization of threats and elimination of DoS attacks.
|
|
|
Network load generators
Kubík, Pavel ; Koutný, Martin (referee) ; Pelka, Tomáš (advisor)
The aim is to create, test and describe the network load generator for server-client connection type. It´s used language C++ under Linux. It was also used socket and multithreading programming. Load on the server is done by sending HTTP requests. The load generator have different adjustable parameters and displays the test statistics. In this work is described mechanisms wich are used, by the application, to load. Testing was done on one server with a different size of the target file.
|
|
|
Spelling check in the czech texts
Bureš, Stanislav ; Pelka, Tomáš (referee) ; Fojtová, Lucie (advisor)
The Master‘s thesis deals with spell checking in the czech texts. It also contains an overview of the most used phonetic algorithms, including their properties and it deals with focus on metric methods, which are used to compare two words. The second part of this thesis deals with implementation of selected algorithms to the spell checker software and demonstration its spell - checking function in czech texts. The last part of this thesis deals about building context – sensitive algorithm, which is performs text correction.
|
|
|
Proxy firewall
Kugler, Zdeněk ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
|
|
|
Security protocols in practice
Milfajt, Jiří ; Koutný, Martin (referee) ; Pelka, Tomáš (advisor)
This bachelor's thesis maps the most used AAA protocols in these days. These protocols include RADIUS, TACACS+, DIAMETER and KERBEROS. The first part considers its main signs. Then there is describes basic communication between user and server. The thesis also compares each protocol by its advantages, disadvantages and its possible security weaknesses. The second part is dedicated to configuration of RADIUS and KERBEROS protocol.
|
|
|
Network server performance when communicating with a great number of clients
Mašín, Jan ; Pelka, Tomáš (referee) ; Komosný, Dan (advisor)
The aim is to create a simulation system between two computers of the server-client type to generace the process to server while usany UDP protocol: to set different parameters of the generated process (size of paquet, interval of sending) and evaluace the server-sources consumption (memory), to work out the outcomes in a well-organized manner. There have been tested two servers (each of different output) and operational systéme Windows XP, Windows Server 2003, Linux Mandriva 8.0 and Linux Fedora 7, each of these had been installed on the servers with different outputs. The generated process is carried out with usaje of the paquet generator made in the programming language C++.Two different programmes needed have been created, one of them for klient(paquet generation in OS Windows), its aim is to generate the paquets, the sekond on efor server (functional version working in OS Linux had had to be made) receiving the generated paquets. Evaulation of the source-consumption was carried out by two monitoring programs, one of them suited for OS Windows, the other for OS Linux. Both programs safe the information about procesor-work and operational memory into a text dokument which is very simple and fast way for searching the information. The measured values show charts and graphs that express the efficiency of separate OSs or, in case of need, servers of different outputs are able to handle the generated paquets and how do the alterations of the paquet generator affect the source efficiency( paquet size and paquet-sending interval).
|
|
|
CDN and clustering in GNU/Linux with performance testing
Mikulka, Pavel ; Pelka, Tomáš (referee) ; Šimek, Milan (advisor)
Fault tolerance is essential in a production-grade service delivery network. One of the solution is build a clustered environment to keep system failure to a minimum. This thesis examines the use of high availability and load balancing services using open source tools in GNU/Linux. The thesis discusses some general technologies of high availability computing as virtualization, synchronization and mirroring. To build relatively cheap high availability clusters is suitable DRDB tool. DRDB is tool for build synchronized Linux block devices. This paper also examines Linux-HA project, Redhat Cluster Suite, LVS, etc. Content Delivery Networks (CDN) replicate content over several mirrored web servers strategically placed at various locations in order to deal with the flash crowds. A CDN has some combination a request-routing and replication mechanism. Thus CDNs offer fast and reliable applications and services by distributing content to cache servers located close to end-users. This work examines open-source CDNs Globule and CoralCDN and test performance of this CDNs in global deployment.
|
|
|
GWT and other modern web frameworks
Hill, Tomáš ; Lambertová, Petra (referee) ; Pelka, Tomáš (advisor)
This bachelor thesis deals with the comparison of modern web frameworks. The main aim is to describe JavaScript framework Google Web Toolkit and also compare it with other JavaScripts frameworks such as DoJo or MooTools. The web frameworks are designed to facilitate the development of web applications. In the next part of this thesis is carried out a web application with Google Web Toolkit framework, which is intended to manage various school projects.
|
|
|
Cryptographic protocols in practice
Truneček, Petr ; Hajný, Jan (referee) ; Pelka, Tomáš (advisor)
The purpose of this work was first to describe the requirements for cryptographic protocols. Furthermore, the classification of these protocols should have been made with specific examples given. The aim of the next part of the work was to describe the methods which are suitable for description and modeling of cryptographic protocols. This work also addressed the analysis of cryptographic protocols by appropriate analytical means. The CSP method for modeling of the cryptographic protocols was applied in the practical part. The Yahalom protocol was selected as a protocol suitable for modeling. Two analysis was made. The first analysis concerned the standard version of the Yahalom protocol, which was tested to the requirements of cryptographic properties of the secrecy and authenticity. The second analysis was based on the possibility of disclosure of the key, including counterexamples and traces given by FDR. The first analysis did not reveal any weakening, in terms of two cryptographic properties. To demonstrate the possibility of FDR, Yahalom protocol was modified in order to cause the situation when the disclosure of keys appears. FDR then finds the exact procedure that an intruder must make to get the possession of the key.
|
guest ::
