|
|
Security verification tool for industrial and energy equipments
Sagindykova, Anel ; Kuchař, Karel (referee) ; Blažek, Petr (advisor)
Cílem této práce je analyzovat různé vyhledávače a vybrat ty nejvhodnější pro vytvoření nástroje k testování průmyslových a energetických zařízení z pohledu bezpečnosti. Bylo provedeno porovnání mezi Shodan, ZoomEye, Nexpose, Censys a BinaryEdge. Tyto vyhledávače byly porovnávány podle různých kritérií, například výkonnosti a jejich dalších veřejně dostupných informací. Jako nejvhodnější byly vybrány Shodan a ZoomEye a pomocí těchto vyhledavačů byla vytvořena webová aplikace. Tato aplikace je schopna načítat výsledky vyhledávání ze serverů pomocí jejich rozhraní API a je schopna je ukládat do databáze. Součástí práce je popis průmyslových a energetických protokolů, sítí a jejich bezpečnostních prvků. V rámci práce byl také popis několika nejznámějších útoků na tyto sítě. Posledním cílem práce je provést testování a evaluaci realizovaného nástroje na minimálně dvou zařízeních.
|
|
|
Cyber security testing in an environment of operational technology
Kuna, Erik ; Pospíšil, Ondřej (referee) ; Paučo, Daniel (advisor)
The topic of this work is security testing in connection with operational technology networks. The theoretical part covers description of operational technology, analysis of the current state of security in such networks and the methodology for penetration testing in this context. A section is devoted to protocols relating to said networks, comprising their characteristics, comparison of the same and related advantages and disadvantages. The theoretical part aids comprehension of the practical section, which details design and implementation of a suitable environment for testing and performing security in ICS/SCADA. Therein, emphasis is placed on security issues that pertain to the ModBus protocol.
|
|
|
Appropriate strategy for security incident detection in industrial networks
Kuchař, Karel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
|
|
|
Cyber-environment for systems of ICS/SCADA type
Váňa, Martin ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
The thesis explores the problematics of cyber environment for the ICS/SCADA systems. First, shorter section is mainly focused on general introduction into the ICS/SCADA systems and their inner workings. Communication model of a general SCADA system and its foundational elements are explained. It is mainly theoretical passage and it serves as an introduction. It is necessary for understanding the second part which is mainly practical. The appropriate system is chosen as a first thing in the practical part of the thesis for the implementation of the whole project. There are defined criteria on which the system itself is implemented. Following that the system itself is implemented under a framework called openMUC and it is tested with help of the simulators according to the objective of the thesis.
|
|
|
Emulation of Attacks on SCADA/ICS Communication
Grofčík, Peter ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The goal of this master's thesis is to emulate suitable network attacks on the control communication of ICS/SCADA systems with a subsequent design and implementation that can detect them. The first part of the work consists of categorization and acquaintance with individual types of attacks on industrial networks. Using classified datasets combined with a research of available datasets, in the next chapter I describe the selection of suitable attacks, which are at least indirectly related to control communication and are also feasible on virtual devices that are communicating using the IEC104 protocol, which I chose for my work. I then perform the selected attacks and record their progress in a set of PCAP files. Those files form the input for the next part that concerns anomaly detection using statistical methods.
|
|
|
A Proposal for Industrial ISMS Implementation in Manufacturing Company
Kulhánek, Radek ; Milan,, Šobr (referee) ; Sedlák, Petr (advisor)
This diploma thesis deals with industrial ISMS implementation in manufacturing company. The theoretical part of thesis summarizes the theoretical knowledge in the field of information security and industrial security. In the following section company AB Komponenty s.r.o. is analysed. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the countermeasure to minimalize potential threats.
|
|
|
Design of ICS Infrastructure for Industrial Compan
Sidor, Peter ; Křepelka, Václav (referee) ; Škorpil, Vladislav (advisor)
This thesis deals with the issues of industrial communication, that is necessary to take account before making a final draft of industrial infrastructure and the overall design of a network infrastructure for a particular object. The first part of this thesis describes ICS system, parts of ICS and principle of operation. The thesis also focuses on the current trends in industrial networks, systems communication, security requirements of physical layer and the main differences from commercial infrastructures. The second part of the thesis describes the design of infrastructure for the foundry object. The final draft resolves the location of the switchboards, the specification of the used elements, the security, the cost of the solution and the final solution in practice.
|
|
| |
|
|
Creating an industrial scenario using WinCC Unified
Šotola, Bohuslav ; Blažek, Petr (referee) ; Pospíšil, Ondřej (advisor)
This bachelor thesis is devoted to the Creation of industrial scenario by means of using WinCC Unified. WinCC Unified is a visualization tool supporting remote access via the web without the necessity to install softwares. The urgency for using this technology results in particular from the introduction of digitization and the associated simplification of industrial processes. The issue of remote communication is discussed at first which is followed by a description of the basic functions of WinCC Unified. Then various communication scenarios are processed which are the main target of the bachelor’s thesis together with the creation of the HMI library. The work is ended by the topic of analysis of communication load between HMI and PLC depending on the number of animated objects on the HMI screen.
|
|
| |
guest ::
