|
|
GPON network security incident reporting software
Kupka, Ondřej ; Holík, Martin (referee) ; Horváth, Tomáš (advisor)
This thesis focuses on development of software for security incident reporting from GPON networks. The theoretical part introduces the principles of GPON and provides an introduction to security incidents. The practical part is focused on the selection of suitable open-source systems and the design of an application in Python for the creation of alerts. The output of the work is the deployment of TheHive, Cortex and MISP systems and the creation of an application enabling the creation of various types of alerts based on prepared template. The thesis is finalized by a detailed description of deployment, custom configuration and testing.
|
|
|
Forensic Malware Analysis
Král, Benjamin ; Trchalík, Roman (referee) ; Očenášek, Pavel (advisor)
This master's thesis describes methodologies used in malware forensic analysis including methods used in static and dynamic analysis. Based on those methods a tool intended to be used by Computer Security Incident Response Teams (CSIRT) is designed to allow fast analysis and decisions regarding malware samples in security incident investigations. The design of this tool is thorougly described in the work along with the tool's requirements on which the tool design is based on. Based on the design a ForensIRT tool is implemented and then used to analyze a malware sample Cridex to demonstrate its capabilities. Finally the analysis results are compared to those of other comparable available malware forensics tools.
|
|
|
Threat management for CERT/CSIRT teams
Machálek, Jiří ; Peterka, Jiří (advisor) ; Lukeš, Dan (referee)
The increasing importance of the Internet as an integral part of contemporary society has stressed the need to formalize the process of response to security incidents that accompany it inseparably. Security teams of the CERT/CSIRT type are established at different levels for this purpose. These teams respond to reports from their constituency and cooperate with other teams. This thesis introduces the reader to the issues these teams deal with and analyzes their needs in resolving threats and problems related to DNS and its domains. Part of the work is an overview of the basic existing tools to support the work of CERT/CSIRT teams to solve problems with domains, the design of a tool Malicious Domain Manager and description of its implementation. The results of test run of this tool by CZ.NIC-CSIRT team show its contribution to security of DNS.
|
|
|
The Case Management Approach in the Design of a Knowledge Management System Used by CSIRT Teams
Tichý, Dušan ; Milan,, Boháček (referee) ; Sedlák, Petr (advisor)
Tématem této práce je využití case management přístupu při designu knowledge management systémů pro IR (skupiny reakce na incidenty) CSIRT týmů. Cílem práce je vysvětlit pojem case management, jak může být aplikován při podpoře rozhodování znalostních pracovníků skupiny reakce na incidenty a jaké benefity přináší toto použití case management přístupu organizaci z hlediska ekonomického a z hlediska znalostního kapitálu. Práce popisuje návrh informačního systému založeného na principech case managementu, návrh transformuje stávající procesy v procesy využívající knowledge management a pokročilou automatizaci. Návrh je demonstrovaný na prototypu, který prezentuje hlavní procesy a kroky znalostního pracovníka při řešení spear-phishing incidentu.
|
|
|
GPON network security incident reporting software
Kupka, Ondřej ; Holík, Martin (referee) ; Horváth, Tomáš (advisor)
This thesis focuses on development of software for security incident reporting from GPON networks. The theoretical part introduces the principles of GPON and provides an introduction to security incidents. The practical part is focused on the selection of suitable open-source systems and the design of an application in Python for the creation of alerts. The output of the work is the deployment of TheHive, Cortex and MISP systems and the creation of an application enabling the creation of various types of alerts based on prepared template. The thesis is finalized by a detailed description of deployment, custom configuration and testing.
|
|
|
Forensic Malware Analysis
Král, Benjamin ; Trchalík, Roman (referee) ; Očenášek, Pavel (advisor)
This master's thesis describes methodologies used in malware forensic analysis including methods used in static and dynamic analysis. Based on those methods a tool intended to be used by Computer Security Incident Response Teams (CSIRT) is designed to allow fast analysis and decisions regarding malware samples in security incident investigations. The design of this tool is thorougly described in the work along with the tool's requirements on which the tool design is based on. Based on the design a ForensIRT tool is implemented and then used to analyze a malware sample Cridex to demonstrate its capabilities. Finally the analysis results are compared to those of other comparable available malware forensics tools.
|
|
|
Threat management for CERT/CSIRT teams
Machálek, Jiří ; Peterka, Jiří (advisor) ; Lukeš, Dan (referee)
The increasing importance of the Internet as an integral part of contemporary society has stressed the need to formalize the process of response to security incidents that accompany it inseparably. Security teams of the CERT/CSIRT type are established at different levels for this purpose. These teams respond to reports from their constituency and cooperate with other teams. This thesis introduces the reader to the issues these teams deal with and analyzes their needs in resolving threats and problems related to DNS and its domains. Part of the work is an overview of the basic existing tools to support the work of CERT/CSIRT teams to solve problems with domains, the design of a tool Malicious Domain Manager and description of its implementation. The results of test run of this tool by CZ.NIC-CSIRT team show its contribution to security of DNS.
|
guest ::
