|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Transport Layer DOS Attack Generator and Protection
Pelánek, Lukáš ; Kula, Michal (referee) ; Musil, Petr (advisor)
This bachelor thesis focuses on the issues of Denial of Service attacks and the defense against them. It explains the inner workings of computer networks, the principles of DoS attacks and the defense against them. The second part of the thesis focuses on the design and deployment of an application that is able to generate network attacks SYN flood, UDP flood and ICMP flood. The conclusion of this thesis describes the process of testing the application and evaluation of the achieved results.
|
|
|
Collection of laboratory works for demonstration of computer attacks
Plašil, Matouš ; Ležák, Petr (referee) ; Burda, Karel (advisor)
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
|
|
|
Apache module for the DoS attack mitigation
Ruman, Róbert ; Sikora, Marek (referee) ; Jurek, Michael (advisor)
Táto práca sa venuje mitigácii viacerých typov útokov DoS. Naším cieľom bolo vytvoriť vlastný modul apache, ktorý dokáže zmierniť útoky typu flood, ako aj logické útoky. Modul bol vytvorený v jazyku C pomocou programu VS Code. Po vytvorení modulu sme vykonali viacero testov na získanie údajov, aby sme mohli náš modul porovnať s už existujúcimi modulmi apache. Porovnaním výsledkov testov sme dospeli k záveru, že náš modul dokáže zmierniť oba typy útokov. Výsledky testov sú vizualizované pomocou grafov v prílohe.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Transport Layer DOS Attack Generator and Protection
Pelánek, Lukáš ; Kula, Michal (referee) ; Musil, Petr (advisor)
This bachelor thesis focuses on the issues of Denial of Service attacks and the defense against them. It explains the inner workings of computer networks, the principles of DoS attacks and the defense against them. The second part of the thesis focuses on the design and deployment of an application that is able to generate network attacks SYN flood, UDP flood and ICMP flood. The conclusion of this thesis describes the process of testing the application and evaluation of the achieved results.
|
|
|
Collection of laboratory works for demonstration of computer attacks
Plašil, Matouš ; Ležák, Petr (referee) ; Burda, Karel (advisor)
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
|
guest ::
