|
|
DPDK Accelerated Firewall
Holubář, Jiří ; Fukač, Tomáš (referee) ; Vrána, Roman (advisor)
Nowadays, when almost everyone uses the Internet, network traffic security must also be ensured. This is what firewall helps with. Some routes require higher bandwidth than others. This thesis explores possibilities of using the DPDK library when implementing the firewall in order to achieve the highest possible bandwidth.
|
|
| |
|
|
Packet Processing Using DPDK Library
Procházka, Aleš ; Lichtner, Ondrej (referee) ; Grégr, Matěj (advisor)
This master thesis focuses on filtering and forwarding packets in high speed networks. Firstly the DPDK framework is introduced, which is used for fast packet processing. This project also introduces a design of application for high-speed packet filtering and design of tools for making it easier to work with that application. Subsequently, the implementation of this design is introduced and testing with comparison of results with a standard firewall
|
|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Design methods for computer networks
Božek, Martin ; Stančík, Peter (referee) ; Hajný, Jan (advisor)
Bacherol‘s thesis deals with a topic of a suitable computer network design for a mid-sized infrastructure, its security and router and firewall realization. This boundary element is able to manage basic processes of network controlling between inner and outer network. There is a brief analysis of OSI model but we focused our attention on TCP/IP model more closely. Our project includes description and outlines an importance of the most common elements of the particular network type and their contribution to the security. Description of the three most frequent topologies of the infrastructure type follows. On the basis of the found information, we have chosen and analysed the most suitable topology from the security point of view. The result of the theoretical part is a network model proposal. In the practical part, some our findings are tested and implemented in a real setting. We used a technology of virtualization for the final realization and testing. Thanks to the virtualization used for realization and testing, we could configure the router and the firewall, which are boundary elements that separate the inner network from the Internet.
|
|
| |
|
|
Distributed Brute Force Attacks Protection
Richter, Jan ; Čejka, Rudolf (referee) ; Lampa, Petr (advisor)
This project deals with analysis of brute force attacks focused on breaking authentication of common services (especially ssh) of Linux and xBSD operating systems. It also examines real attacks, actual tools and ways of detection of theese attacks. Finaly there are designed new mechanisms of coordination and evaluation of distributed brute force attacks in distributed environment. These mechanisms are then implemented in distributed system called DBFAP.
|
|
|
Establishment of the graphic interface for firewall using Qt4 framework
Štefany, Martin ; Jelínek, Mojmír (referee) ; Matocha, Tomáš (advisor)
The aim of this thesis is to design an application, which will serve as a~graphical interface to the terminal application iptables. iptables is an application which uses the Netfilter framework for managing firewall in operating system GNU/Linux. Graphical interface is a~way how to raise a~comfort of firewall configuration and management, because user doesn't have to remember all of the commands and graphical interface also shows him actual structure and contents of the firewall in a~tree view. Thesis describes format and options of the commands and also the firewall structure and its function in Linux. Designed application is written in C++ language using aspects of object oriented programming and uses Qt4 framework. Qt4 is a~great framework for creating graphical user interfaces, brings a~lot of new classes and methods and extends programmer's possibilities during designing graphical or terminal applications for lots of platforms. Thesis also includes a~manual to designed graphical interface, to the application qIPtables, which user can use to learn the basics of using this application and firewall management.
|
|
|
Proposal of the secure network model
Kis, Matej ; Rosenberg, Martin (referee) ; Babnič, Patrik (advisor)
The goal of this work was to create a design of a secured network infrastructure with decribing different ways of securing at ISO/OSI layers. Create a list of protocols which can be used to achieve a secured network design. In the theoretical part of this work the attention was placed to analyze possible solutions, which can be appllied in a practical part of the work. The practical part involves a design of a network topology and simulation. The part of the simulation was device configuration and network security testing.
|
|
|
Performance and security testing of network applications
Matej, Michal ; Martinásek, Zdeněk (referee) ; Zeman, Václav (advisor)
The aim of this Master's thesis is to design and to implement the security test in considering a resistance of the device under test to the effects of the distributed denial of service attack DDoS SYN Flood. After processing the test results is developed a protocol about security test of the device under test. In this thesis are tested two devices, namely CISCO ASA5510 firewall and a server with the specified name Server. The theoretical part of the thesis discusses the primary types of network attacks such as reconnaissance, gain access and denial of service attacks. Explained the concept of DoS and its principle, further types of DoS attacks and distributed denial of service attacks DDoS.
|
guest ::
