|
|
Security analysis of network protocols
Bednařík, Jan ; Sobotka, Jiří (referee) ; Hajný, Jan (advisor)
The aim of my bachalor’s thesis is security of net protocols analysis. Because of the huge number of net protocols, I’ve decided to choose only a few of them to describe. My task is to describe the TCP/IP model structure in term of security, so I have chosen to devide my thesis into two separate parts. The first part contains describtions of particular TCP/IP layers and adumbration of possibilities of securing. The second part contains more accurate describtions of some chosen protocols, mostly the case of their security. At the close of my work it is my task to describe some utilities and methods which can be used to accomplish an successful attack on chosen net protocols. I have chosen protocols HTTP, FTP and SSL. As the utilities I have chosen programs Wireshark, Brutus and SSLSTRIP.
|
|
|
SSH Public Key Management in FreeIPA and SSSD
Cholasta, Jan ; Smrčka, Aleš (referee) ; Zelený, Jan (advisor)
SSH je jeden z nejpoužívanějších protokolů pro vzdálený přístup v Internetu. SSH je flexibilní a rozšiřitelný protokol, který se skládá ze tří hlavních součástí: SSH transportního protokolu, který obstarává důvěrnost, integritu a autentizaci serveru, SSH autentizačního protokolu, který obstarává autentizaci uživatelů a SSH spojovacího protokolu, který obstarává multiplexování více kanálů různých typů (interaktivní sezení, přesměrování TCP/IP spojení, atd.) do jednoho spojení. OpenSSH je jedna z nejrozšířenějších implemetací SSH. OpenSSH obsahuje SSH server, SSH klienty, generátor SSH klíčů a autentizační agent, který usnadňuje autentizaci pomocí veřejných klíčů. FreeIPA a SSSD jsou projekty poskytující centrální správu identit pro Linuxové a Unixové systémy. Tyto projekty sice v době psaní této práce přímou podporu SSH neobsahovaly, ale do jisté míry je ve spojení s OpenSSH používat možné bylo.
|
|
|
Distributed Brute Force Attacks Protection
Richter, Jan ; Čejka, Rudolf (referee) ; Lampa, Petr (advisor)
This project deals with analysis of brute force attacks focused on breaking authentication of common services (especially ssh) of Linux and xBSD operating systems. It also examines real attacks, actual tools and ways of detection of theese attacks. Finaly there are designed new mechanisms of coordination and evaluation of distributed brute force attacks in distributed environment. These mechanisms are then implemented in distributed system called DBFAP.
|
|
|
Measurement of PlanetLab experimental network
Andrašov, Ivan ; Bečková, Zuzana (referee) ; Komosný, Dan (advisor)
This thesis deals with measurement of transfer parameters for nodes in experimental network PlanetLab. In theoretical part of this thesis we analyse experimental network PlanetLab, basic terminology in this network, its goals and some current projects run- ning under this network. Next we analyse measured network parameters specifically Ping, SSH delay and respond to SCP. Practical part of this thesis is formed around real im- plementation of measurement where in specific sub chapters are written exact problems of said parameter together with source code.
|
|
|
Protecting Local Network Using NetFlow
Hanousek, Vít ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
This bachelor's thesis deals with the use of NetFlow data for monitoring local networks. There is an analysis of the best known threads for a local network in the first part of the thesis. Detection algorithms based on signature NetFlow detection were implemented for the chosen threads. Four plugins for an open-source application NfSen are outputs of this thesis. These plugins detects the following threads: vertical and horizontal scans, dictionary based attacks on SSH protocol, spam machines.
|
|
| |
|
|
Monitoring of communication properties in Internet
Iľko, Pavol ; Červenka, Vladimír (referee) ; Komosný, Dan (advisor)
This thesis deals with measuring transmission parameters of the Internet network, in particular latency of ping, SSH protocol and bandwidth. The thesis is divided into a theoretical and a practical part. Theoretical part describes PlanetLab network, its brief history and contemporary projects. At the same time, tools for data mining from web pages are described. These information obtained from the theoretical part are used for creating PlanetLab nodes list and for programming applications which measure the network transmission parameters. Applications, list of nodes and obtained data are attached on DVD disc.
|
|
|
Acceleration of Network Traffic Encryption
Koranda, Karel ; Kajan, Michal (referee) ; Polčák, Libor (advisor)
This thesis deals with the design of hardware unit used for acceleration of the process of securing network traffic within Lawful Interception System developed as a part of Sec6Net project. First aim of the thesis is the analysis of available security mechanisms commonly used for securing network traffic. Based on this analysis, SSH protocol is chosen as the most suitable mechanism for the target system. Next, the thesis aims at introduction of possible variations of acceleration unit for SSH protocol. In addition, the thesis presents a detailed design description and implementation of the unit variation based on AES-GCM algorithm, which provides confidentiality, integrity and authentication of transmitted data. The implemented acceleration unit reaches maximum throughput of 2,4 Gbps.
|
|
|
Geographic location of PlanetLab servers
Iľko, Pavol ; Balej, Jiří (referee) ; Komosný, Dan (advisor)
This thesis deals with accuracy of location of nodes in experimental network PlanetLab. Thesis is devided into a theoretical and a practical part. Theoretical part consists of the description of network PlanetLab, its brief history and current projects. At the same time, Google Maps framework, which is later employed in the practical part, is described. Practical part describes the functionality of the application aimed at validation of location accuracy. Nextly, the application measuring latency of node to SSH is also described, as well as the map which contains PlanetLab nodes located in Europe. Applications and obtained data are attached on CD disk.
|
|
|
Management and Monitoring System for Computer Lab
Kudláček, Marek ; Zeman, Kryštof (referee) ; Mašek, Pavel (advisor)
This master's thesis deals with a system for PC mass management and monitoring. There is a brief description of Puppet, Chef and Ansible, which are tools enabling this functionality. The overall system issues are solved by Ansible. This thesis also includes a script created for a classroom’s remote management according to a beforehand fixed assignment. The system enables remote installation and configuration of applications, creation of users, editing the files, update of the system and many more. A web application was created for this system. Through this application, the system can be controlled via web browser, both from local and public network. Practical examples of the issue dealt with is also part of the thesis.
|
guest ::
