|
|
Network Attack Simulator
Filičko, Dávid ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The thesis discusses about study of networks attacks and framework monitoring packets in the network. It proceeds especially network attacks, which can be detected without knowledge about the contents of packets. The aim of this thesis is to develop the simulator based on detected features, which will simulate these attacks. The output from the simulator will be created in the Nemea framework to improve the quality of tools of detection and prevention of given attacks. The simulator will be functioning for testing purpose only. Under no circumstances it will be possible to realize individual attacks.
|
|
|
Protection Against DoS Attacks Using P4 Language
Vojanec, Kamil ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This thesis focuses on reimplementation of existing DoS (Denial of Service) attack mitigation device with high-level P4 programming language. The main reason for using P4 is to enhance adaptability and functionality to different types of DoS attacks. The created device is designed in a modular way and enables easy alterations by using interchangeable components. The target platform for this thesis is an FPGA acceleration card. The work results in designing several DoS mitigation components and implementing applications composed of these components. Pats of this work have been presented at IEEE ANCS (Symposium on Architectures for Networking and Communication Systems) in September 2019 at University of Cambridge.
|
|
|
An Analysis of Selected IPv6 Network Attacks
Pivarník, Jozef ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
This master's thesis analyses and demonstrates selected IPv6 attacks including two Man-in-the-Middle attacks and one Denial of Service attack - Rogue Router Advertisement, Neighbor Cache Poisoning and Duplicate Address Detection DoS, respectively. In the first part the author presents necessary information related to the issue and provides detailed information on how to realize these attacks in practice using publicly available tools. The second part of the thesis presents various ways of mitigating presented attacks, analyses implementations of some of those countermeasures on Cisco and H3C devices and discussess their applicability.
|
|
|
Prototype of Intrusion Solution for Mobile Networks
Kamenský, Timotej ; Letavay, Viliam (referee) ; Veselý, Vladimír (advisor)
Spolu s rozvojom mobilných sietí stúpa aj dôležitosť ich zabezpečenia. Zraniteľnosti jed- notlivých mobilných protokolov na vrstve L1 - L3 je možné ľahko zneužiť. S použitím malého a relatívne lacného Software Defined Radio je možné implementovať rôzne druhy útokov cieliacich na mobilné siete. Cieľom tejto práce je vytvoriť intruzívny nástroj, implementujúci dostupné útoky. Tie zahrňujú zarušenie spojenia, Zníženie kvality služieb, Denial of Service, Sledovanie polohy, IMSI catcher.
|
|
|
System for testing the robustness of communication unit LAN of remote data acquisition
Mlýnek, Petr ; Zeman, Václav (referee) ; Mišurec, Jiří (advisor)
Remote data collection systems are widely used. One of the area is also data collection in energetics, where the energy consumption can be collected daily and presented to users on-line. The advantage of the remote data collection is possibility of frequent readings without a physical presence at the electrometers. The data transmission over the Internet can be subject of various attacks, which is the disadvantage. The understanding of attack method is the most important thing. The protection against the hackers is not complicated, but requires lot of attention. This master's thesis is focused on testing security of the communication unit LAN of remote data acquisition against attacks from the Internet. The next aim of this thesis is to describe algorithm of particular attack, needed recourses for their realization and method of their measurement and evaluation. Communication unit and component composition for attacks simulation is described in the first part of this thesis. The next part is focused on scanning for hosts and ports. The main part of this thesis is focused on the denial of service attacks and man in the middle attacks. In the end of my thesis is described selection of cryptographic system for remote data acquisition and is showed possibility of authentication mirroring. Problems of physical security are described too. The result of this thesis is script implementing all attacks, which are described.
|
|
|
Modern computer viruses
Malina, Lukáš ; Malý, Jan (referee) ; Pust, Radim (advisor)
Bachelor’s thesis “Modern computer’s viruses” is composed from two mainly object (analysis computer’s viruses and suggestion of security middle computer network), separated for three parts: Analysis computer’s viruses, Personal suggestion of security personal computer end-user (computer terminal) and Personal suggestion of security middle computer network. Methods of transmission and infection, specific properties of viruses and impact upon personal computers are examined in the first part. Resolution of personal suggestion of security personal computer with help of antivirus software, personal firewall and antispam software is inducted in the second part. Futher, results of testing some free AV software and other security software are summarized with possible progress of configuration and recommendation for correct running this software. Complex suggestion of security middle computer network is adduced in the third part, where is inducted structure of security network. Configuration progression and recommendation for maximum security is indicated on particular used components. Structure is adapted for active network Cisco components, which are most used around these days. Completely suggestion of security network is directed on hardware firewall Cisco PIX, where is unfolded potential possibility of options. Futher, the third part contain some important tips and recommendation for completely working network, including setting security preference, security passwords and data encryption. Also, there is described various techniques monitoring and supervision working security network using complex monitoring software MARS (Cisco security monitoring, analyzing and response system) from Cisco company.
|
|
|
Mitigation of DoS Attacks Using Neural Networks
Odehnal, Tomáš ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with design and implementation of two approaches as protection against SYN Flood attacks, which are part of DoS attacks. Nowadays Denial of Service attack are very widespread and their execution are quite simple. While they can cause big financial damage to internet or service providers. The purpose of this work is to determine that conventional algorithmic approach and heuristic approach using neural network are capable of SYN Flood attacks mitigation. Implementation of both approaches were done by their design. Then both implementations were tested.
|
|
|
Open source PBX security against attacks
Orsák, David ; Daněček, Vít (referee) ; Šilhavý, Pavel (advisor)
This master's thesis deals with open source PBX security against security attacks. In the theoretical part is detailed description of problematic about attacks that could be used on VoIP systems with high focus on the Denial of Service attack. Furthermore are in theoretical part described methods of security of initialization protocol SIP. Individual chapter is devoted to intrusion detection and prevention of IDS and IPS systems, focusing on Snort and OSSEC. In the practical part of the work was created generator of attacks against various PBX systems, which was subsequently used for detailed testing. Special tests of PBX system are then used against DoS attacks, for which was created protection in form of active elements consisting of IDS Snort & OSSEC. These are capable to provide protection in real-time. The protection was tested on particular PBX systems and in matter of comparison were measured possibilities before and after of security implementation. The output of this work is attacks generator VoIPtester and creation of configuration rules for Snort and OSSEC.
|
|
|
Cyber Attacks
Zmeškal, Jiří ; Člupek, Vlastimil (referee) ; Číka, Petr (advisor)
Theoretical part of this thesis is dedicated to describing basic terms of network communication. Usage of network communication has become a necessity and is used on daily basis for a number of purposes, starting with communication between people, going across internet shopping and banking all the way to remote controlling industrial machinery. Another theoretically described topic is how attackers abuse attributes and shortcomings of communication protocols in order to commit illegal activities, specifically denial of service type of attacks. Finally, theoretical part includes a list of found open source applications capable of launching such attacks. Practical part describes development of application, capable of launching two selected forms of attack. These attacks are HTTP GET Flood, based on sending massive amounts of GET request, and Slow HTTP GET, based on imitating a user with slow internet connection. The development is described step by step and includes multithread processing, used publicly available components (Boost library for example) and challenges encountered during development (such as library limitations and cross platform compatibility).
|
|
|
Cybercrime: Concept, Detection and Prevention
Tureček, David ; Froehling, Kenneth (referee) ; Ellederová, Eva (advisor)
Tato bakalářská práce se zabývá koncepcí kybernetické kriminality. Začíná popisem historického vývoje kybernetické kriminality a s ní související počítačové technologie. Práce dále uvádí důvody, proč ke kybernetické kriminalitě dochází, a popisuje kybernetickou kriminalitu z praktičtějšího hlediska, přičemž analyzuje různé typy útoků a útočníků včetně názorných příkladů. Teoretická část práce je zakončena kapitolou věnující se prevenci a detekci kybernetických hrozeb. Účelem praktické části je ukázka jednoduchého Denial of Service útoku.
|
guest ::
