|
|
Ensuring availability and security in industrial networks
Zatloukal, Zdeněk ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
Currently, a key aspect of industrial automation is ensuring a high level of security, reliability, and data availability in industrial communication networks. Given the rising cyber threats, it is essential to develop and implement advanced strategies for protecting industrial infrastructures. This thesis aims to perform a comprehensive analysis and development of security solutions for industrial networks, focusing on the Modbus RTU/TCP and MQTT communication protocols, which are crucial for the effective management of modern industrial operations. The work employs methodological approaches that combine theoretical research with practical experiments. It includes an analysis of existing protocols, the design of communication security through these protocols, and their subsequent testing in a controlled industrial environment to verify security, efficiency, and reliability. The analysis revealed significant deficiencies in the security of existing systems and led to the integration of new security measures into the industrial switchgear, which significantly improved the protection of data and communication infrastructure. The implemented solutions demonstrate significant progress in protecting industrial networks against various types of attacks. This thesis represents a significant contribution to the field of industrial network security. The results of the work provide valuable information for the further development of security technologies in the industry and offer practical guides for engineers and technicians who are working on improving the security status of industrial systems.
|
|
|
Linux encryptor for network traffic
Suchý, Daniel ; Malina, Lukáš (referee) ; Hajný, Jan (advisor)
This bachelor's thesis deals with the possibilities of encrypting network traffic on the Linux platform. The goal is to create a virtual machine that can encrypt incoming traffic and send it to it‘s destination. Encryption of network traffic was implemented using the ip-xfrm framework in the form of encryption of the packet’s payload. The encryption algorithm chosen was AES-256 with a key generated and established using QKD. For the possibility of expanding the functionality of the encryptor for multiple clients, a VPN server was implemented on the encryptor.
|
|
|
Hardware cryptographic modules for LAN security
Loutocký, Tomáš ; Lambertová, Petra (referee) ; Zeman, Václav (advisor)
The thesis deal with the problems of virtual private network (VPN). The first part of the thesis is focused on the description of the basic terms of computer security which are useful for better understanding the other parts. There is a description of VPN technology and its separation of VPN by various aspects in the second part of the thesis. The next chapter is dedicated to the description of realization of VPN by using IPSec. There is shown how to secure laboratory network by using of the products of the Safenet Company in the practical part of the thesis. There are also stated the modular techniques how to use products in the network in practical part. Some of the modular techniques describe security weaknesses of the products which are possible to exploit in the laboratory network and they also describe the ways how to protect them against misusage.
|
|
|
Porting OpenVPN to Windows CE Platform
Ešner, Oldřich ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
The motivation for inception of this MSc. thesis which follows on from a term project of the same name was the transfer of the application for building private virtual OpenVPN networks from Windows XP operating system to Windows CE Embedded 6.0 platform. The project deals with virtual private networks in general and looks more closely at its implementation - OpenVPN. It also introduces the basic features of the Windows CE operating system. The project goes on to describe device drivers in NT-based Windows operating systems, the Windows Driver Model used, the NDIS network interface model and also the model of Windows CE drivers - the Stream Interface Model. The project continues with a~description of communication in OpenVPN application and primarily the role of TUN/TAP virtual network interfaces. This is followed by a proposal for transfer of TUN/TAP adapter drivers together with a description of limitations and necessary modifications between both platforms. As a result a TAP network device driver is implemented whose function is verified by test application that emulates the behaviour of a TUN adapter. The project concludes with an evaluation of the achieved results, the possibilities for further work on this theme and with the overall contribution of this project.
|
|
|
Remote training station
Kučera, Tomáš ; Jirgl, Miroslav (referee) ; Štohl, Radek (advisor)
The purpose of the thesis is design and contruction of remote training station for training with Schneider Electric products. Its purpose is to introduce company PLCs, familirize user with configuring variable speed drives and servo drives and prezenting Machine Advisor and EcoStruxure Augmented Operator Advisor online servives The begining is dedicated to introduction to company and a range of its products in the field of industrial automation. In second chapter, I select components for building training station. Third chapter is dedicated to assembly of station. In fourth chaper I describe programing of individual elements and example.
|
|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Communication systems based on IP telephony
Zimek, Josef ; Kapoun, Vladimír (referee) ; Herman, Ivo (advisor)
My master’s thesis is focused on designing and creating communication network, which provides communication between two independent networks through encrypted tunnel. My solution is based on routers formed by older personal computers with FreeBSD like a operating system. Between routers is created static encrypted tunnel by using IPSec protocol. Voice services provides packet oriented exchange Asterisk with support of signaling protocol SIP. This solution can be used eg. for connecting remote branch to headquarters of company and then can branch utilize shrared resources. To headquarters can connect also remote workers from their home. In this case are used SSL certificates to authentication of user. This scenario is very required today.
|
|
|
Proposal of the secure network model
Kis, Matej ; Rosenberg, Martin (referee) ; Babnič, Patrik (advisor)
The goal of this work was to create a design of a secured network infrastructure with decribing different ways of securing at ISO/OSI layers. Create a list of protocols which can be used to achieve a secured network design. In the theoretical part of this work the attention was placed to analyze possible solutions, which can be appllied in a practical part of the work. The practical part involves a design of a network topology and simulation. The part of the simulation was device configuration and network security testing.
|
|
|
Secure network based on CISCO systems
Wagner, Zdeněk ; Beran, Jan (referee) ; Macho, Tomáš (advisor)
This work deals with the matter of Virtual Private Network (VPN) utilizing both contemporary and older protocols and the possibilities of their use. Among the most interesting parts there are those presenting various ways of use of the VPN technology, IPSec protocol, IOS SSLVPN and RSA server with HW token ensuring the two-factor user authentication.
|
|
| |
guest ::
