|
| |
|
|
Secure network based on CISCO systems
Wagner, Zdeněk ; Beran, Jan (referee) ; Macho, Tomáš (advisor)
This work deals with the matter of Virtual Private Network (VPN) utilizing both contemporary and older protocols and the possibilities of their use. Among the most interesting parts there are those presenting various ways of use of the VPN technology, IPSec protocol, IOS SSLVPN and RSA server with HW token ensuring the two-factor user authentication.
|
|
|
Analysis of security and authentication of wireless networks
Kulíř, Tomáš ; Jeřábek, Jan (referee) ; Szőcs, Juraj (advisor)
This master's thesis deals with wireless networks, mainly about the WiFi. It deals with summary of individual security mechanism both theoretically and using them in real hardware. Mainly it is interested in the security of the individual mechanisms and their weaknesses, which cause rupture of security. At each chapter the ideas and methods, that the attackers are trying for infiltration of wireless networks and decrypt encryption WEP, WPA or WPA2, are outlined. The principle of the authentication of the WiFi by the authentication server and its options, which is connected with directory service LDAP, is also explained in this thesis. The penultimate chapter deals with the summary of security mechanisms and references that should be adhered by design of the WiFi for the provision of the high security. The ending of the master's thesis is devoted to social engineering and its most famous representatives.
|
|
|
Implementation of advanced filters based on packet classification using Linux
Malár, Lukáš ; Holešinský, Pavel (referee) ; Matocha, Tomáš (advisor)
The Master’s thesis ”The Implementation of the Advanced Filtering Based on the Packets’ Classification using Linux” is intended to the realization of an internet gateway. The gateway serves to make the connection between local network and the internet. The thesis contains a short theoretic description of parameters and types of QoS services. The classful and classless queues are mentioned in detail. The last theoretic part refers to the introducing of LDAP protocol and its usage. The practical part of this thesis captures the configuration of firewall, dns and radius server connected with LDAP databases. The thesis also contains detailed description of the production QoS by HTB with L7-filter including the compilation of system’s core. The end of the thesis contains the series of tests of created scripts.
|
|
|
Establishment of the Linux internet gateway using advanced filtering
Matocha, Tomáš ; Pust, Radim (referee) ; Jelínek, Mojmír (advisor)
The thesis Establishment of the Linux internet gateway using advanced filtering focuses on~the installation of~the Linux operating system on~the older computers, that functions as a gateway to connect clients in the internal network to the Internet. The thesis describes creation an advanced filter with using iptables. Shows some types of security against attacks from the Internet. The other chapters are discussed, advanced traffic control mechanism (such as a TC and a qdisc). The system queue, it is highly beneficial where it is necessary to hierarchically divide traffic between users. It describes types of queue and assembled configurations for clients in the internal network. Next chapter describes the DNS server caching-only type and application denyhosts, which increases the overall security system. Have your own DNS server is certified, especially if we want to reduce the data traffic. Last chapter describes the RADIUS server and its implementation using Apache and MySQL database. Furthermore, the configuration options are described and the examples of the particular configurations are provided. Finally, it presented a system for authentication through the RADIUS server. The thesis seeks to provide a~complex view of security and filtering.
|
|
|
Solution of the authentification and authorization for wireless local networks
Čížek, Michal ; Pust, Radim (referee) ; Burda, Karel (advisor)
This thesis is about available priciples and methods of authentication and authorization in wireless local area networks. First part is about available methods of authentication with short description each of them and usage analysis for small and middle-sized wireless networks. There is a project of authentication and authorization for school wireless network of three access points in the second part of the thesis, including description of Mikrotik RouterOS configuration and FreeRadius configuration. In the end of the thesis there is a project tests and usage analysis.
|
|
|
Design of user authentication for small and medium networks
Hajný, Jan ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main focus of this Master’s thesis is user authentication and access control in a computer network. I analyze the TCP/IP model in connection with security and describe main stepping stones of authentication protocols (mainly hash functions). The authentication protocol analysis follows. I begin with LANMAN protocol analysis for the reason of a security comparison. The NTLM, Kerberos and Radius follows. The focus is on the Kerberos which is chosen as a main authentication protocol. This is also a reason why the modification used in MS domains is described. The implementation and functional verification is placed in the second part which is more practical. The virtualization technology is used for an easier manipulation. The result is a computer network model requiring user authentication and minimizing the possibility of an attack by unauthorized clients.
|
|
|
Autentizace síťových portů pomocí protokolu 802.1X ve firemním prostředí
Malinka, Tomáš
This thesis describes the draft and implementation of a new security with 802.1x in the corporate environment. The work is divided into two parts. The first part outlines the topic theoretically and the second part solves specific draft using 802.1x and its implementation in the corporate environment. The implementation is outlined with configuration of end clients, switches including RADIUS server and settings in AD. During the implementation, there is also described the authentication of devices by Mac Authentication Bypass.
|
|
|
Setting and wireless security network
Hendrich, Michal ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The work discusses wireless security in practice. And the security at access points, application-layer security, security data storage and protection against weather finally surrounding networks and the Internet. Part of the practical part, which describes the real install a RADIUS server. The RADIUS server is then connected to the enterprise Wi-Fi solution, which is called UniFi. Finally, it created an HTTP proxy that uses the user accounts created on the RADIUS server. The HTTP proxy access rights are defined, and this is achieved by different approaches to neighboring networks for different users or user groups.
|
|
|
Network access control
Kalina, Tomáš ; Pavlíček, Luboš (advisor) ; Knapovský, Miroslav (referee)
This bachelor's work discusses IT issues of network access control. The first part deals with the theoretical background of network access control. There are explained various ways of authenticating and authorization users. Thanks these function, it is possible to prevent unauthorized persons access to computer networks. Knowledge of these technologies is essential for understanding the next part of the work. The remaining part of the work is concerned with recommendations and draft network access control for various model situations, especially for the college of University of Economics, Prague. Specific examples are given for network infrastructure based on device of the 3com company.
|
guest ::
