|
|
Support of Multiple Replica Types in FreeIPA
Hamada, Ondřej ; Burget, Radek (referee) ; Zelený, Jan (advisor)
Velmi rozšířeným prostředkem pro správu uživatelských účtů a řízení přístupu k výpočetní infrastruktuře a službám je kombinace protokolů LDAP a Kerberos. Instalace jakož i samotná správa sítě postavené nad těmito technologiemi však skýtá mnoho překážek. Jedním z řešení je použití open-sourcové aplikace FreeIPA, která patří mezi takzvané řešení pro správu identit a bezpečnostních politik. FreeIPA výrazně usnadňuje práci s těmito protokoly od samotného nasazení až po správu celého systému. Cílem této práce je rozšíření aplikace FreeIPA o možnost použití read-only replik, které přispěje k snadnější a účinnější škálovatelnosti.
|
|
| |
|
|
Internet communication risks
Štěrba, Radek ; Jeřábek, Jan (referee) ; Polívka, Michal (advisor)
This work deals with problems of communications protocols and servers. Primarily protocols TCP/IP are described. Next four the most used IM protocols (account of log in, communications and security) are described. Protocols for voice communications and problems of software phone systems are described here. Also database systems especially LDAP are mentioned here. A practical working is a part of this work too – a putting server for voice communications and sending messages and database LDAP into service. The process for putting the servers into service, connecting competent clients, and last but not least communications with LDAP are described.
|
|
|
Analysis of security and authentication of wireless networks
Kulíř, Tomáš ; Jeřábek, Jan (referee) ; Szőcs, Juraj (advisor)
This master's thesis deals with wireless networks, mainly about the WiFi. It deals with summary of individual security mechanism both theoretically and using them in real hardware. Mainly it is interested in the security of the individual mechanisms and their weaknesses, which cause rupture of security. At each chapter the ideas and methods, that the attackers are trying for infiltration of wireless networks and decrypt encryption WEP, WPA or WPA2, are outlined. The principle of the authentication of the WiFi by the authentication server and its options, which is connected with directory service LDAP, is also explained in this thesis. The penultimate chapter deals with the summary of security mechanisms and references that should be adhered by design of the WiFi for the provision of the high security. The ending of the master's thesis is devoted to social engineering and its most famous representatives.
|
|
|
Implementation of advanced filters based on packet classification using Linux
Malár, Lukáš ; Holešinský, Pavel (referee) ; Matocha, Tomáš (advisor)
The Master’s thesis ”The Implementation of the Advanced Filtering Based on the Packets’ Classification using Linux” is intended to the realization of an internet gateway. The gateway serves to make the connection between local network and the internet. The thesis contains a short theoretic description of parameters and types of QoS services. The classful and classless queues are mentioned in detail. The last theoretic part refers to the introducing of LDAP protocol and its usage. The practical part of this thesis captures the configuration of firewall, dns and radius server connected with LDAP databases. The thesis also contains detailed description of the production QoS by HTB with L7-filter including the compilation of system’s core. The end of the thesis contains the series of tests of created scripts.
|
|
|
Identity management
Kefer, Daniel ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The master thesis is divided into two parts. In the first part, identity management is described on theoretical basis. Particular domains of identity management including authentication, authorization and audit are explained as well as Single Sign-On concept, i.e. using single credentials and entering them just once for access to multiple independent systems or services. In the second part, which forms the main part of this thesis, a practical project was implemented on the infrastructure of the Department of Telecommunications within the Faculty of Electrical Engineering and Communication, Brno University of Technology. The goal of this project was to create an environment for central 4 authentication and Single Sign-On using only open source technologies within a computer laboratory used for teaching OS Linux. The project is based on OS Linux Debian, Kerberos as a protocol for secure authentication and LDAP server OpenLDAP. For the Single Sign-On demonstration, NFS services for accessing data on the network were chosen. Using NFS services, users can sign-on to any workstation and access all their data. Administration of users and their import from central FEEC databases was implemented using scripts developed in Python. Next, using Apache, PHP and MySQL, a front-end audit interface for the network administrator was developed in order to inspect and evaluate security events in the network. Messages about suspicious events are delivered to administrator’s mailbox in real time. The project is intended as a security platform which means that other services can be implemented for Single Sign-On as well as new mechanisms for evaluation of suspicious events.
|
|
|
Access and communication security in SAP information systems
Karkošková, Soňa ; Bruckner, Tomáš (advisor) ; Holub, Ilja (referee)
This diploma thesis deals with the methods used to ensure access and communication security in large-scale SAP information systems. It deals with the analysis of existing methods, compares them, and identifies how the methods are usable in the operation of large-scale SAP information systems, as well as it identifies methods that fail in this environment. Justification of methods usability is carried out. Attention is focused on the use and implementation of single sign-on safe authentication methods, secure sharing of user identity and secure communication within the framework of a large-scale SAP information system. In this thesis is carried out a design proposal of the architecture in order to ensure access and communication security in SAP information systems using the LDAP service, SNC Kerberos and single sign-on authentication. In the practical example is documented the detailed technical implementation of this architecture. Furthermore, this thesis deals with the specifics which exist especially in large-scale SAP information systems in the area of access and communication security and documents the appropriate ways to address them.
|
|
| |
|
|
Information system for music school
SVOBODA, Lukáš
Subject of the BA thesis is development of information system designed specifically for musical schools. The thesis is divided into several parts. First part is focused on analysis of the issue and on designing a solution. Second part describes development of the system. The information system is designed with emphasis on future functional and technological extensibility and maintainability which results in SOA product. User interface is a web application composed of several portlets built on top of Liferay portal stack. Web services provider is a standalone application with SOAP interface. User identities as roles are stored in an LDAP server which is utilized by both applications.
|
|
| |
guest ::
