|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Establishment of the graphic interface for firewall using Qt4 framework
Štefany, Martin ; Jelínek, Mojmír (referee) ; Matocha, Tomáš (advisor)
The aim of this thesis is to design an application, which will serve as a~graphical interface to the terminal application iptables. iptables is an application which uses the Netfilter framework for managing firewall in operating system GNU/Linux. Graphical interface is a~way how to raise a~comfort of firewall configuration and management, because user doesn't have to remember all of the commands and graphical interface also shows him actual structure and contents of the firewall in a~tree view. Thesis describes format and options of the commands and also the firewall structure and its function in Linux. Designed application is written in C++ language using aspects of object oriented programming and uses Qt4 framework. Qt4 is a~great framework for creating graphical user interfaces, brings a~lot of new classes and methods and extends programmer's possibilities during designing graphical or terminal applications for lots of platforms. Thesis also includes a~manual to designed graphical interface, to the application qIPtables, which user can use to learn the basics of using this application and firewall management.
|
|
|
Securing IP PBX against attacks and resistance testing
Kakvic, Martin ; Šedý, Jakub (referee) ; Šilhavý, Pavel (advisor)
This diploma thesis focuses on attacks on PBX Asterisk, FreeSWITCH and Yate in LTS versions. In this work was carried out two types of attacks, including an attack DoS and the attack Teardown. These attacks were carried out using two different protocols, SIP and IAX. During the denial of service attack was monitored CPU usage and detected if its possible to establish call and whether if call can be processed. The Security of PBX was build on two levels. As a first level of security there was used linux based firewall netfilter. The second level of security was ensured with protocols TLS and SRTP.
|
|
|
Adaptive Linux firewalls, geographic firewalls
Najbr, Ondřej ; Kacálek, Jan (referee) ; Pelka, Tomáš (advisor)
The aim of the Bachelor's thesis is to study and describe the options of adaptive firewalling, which has a Linux firewall netfilter, and to study the advanced routing and marginally geographic IP filtering. In detail I will deal with the work with Iptables and its using in creation of firewalls for the Linux operating system. In the next section in detail I will describe the design and implementation Linux applications of creating rules in Iptables.
|
|
|
OpenSource SW for data traffic inspection
Horák, Daniel ; Stančík, Peter (referee) ; Hajný, Jan (advisor)
This work deals with a usage of free and open software for filtering of network traffic and its installation in network gateway in small and middle-sized networks. Main focus is on filtering the http protocol on the level of a application layer. At the start a problems of free and open software is analyzed along with its advantages that result from its usage.There are as well given reasons for choosing the Debian GNU/Linux distribution. Further there are discussed possibilities of filtering network traffic on packets level and status filter along with the soft- ware iptables. Main part focuses on a filtering of http traffic on the application layer level using program Squid and DansGuardian. In a practical part the installation and configuration of operating system Debian GNU/Linux is presented including base services (ssh, DNS and DHCP server). Further more there are installations and configurations of softwares Squid and DansGuardian demonstrated. For DansGuardian there is a web configuration interface created.
|
|
| |
|
|
Implementation of the Network Traffic Filter by Microblaze in FPGA
Viktorin, Jan ; Korček, Pavol (referee) ; Kaštil, Jan (advisor)
The thesis explores the area of hardware acceleration of a software network traffic filter running inside processor MicroBlaze in the FPGA Spartan-3E. The accelerated application is widely used firewall from the Linux Kernel called iptables, more precisely its extension L7-filter. L7-filter performs lookups inside network traffic using regular expressions. Because of its significant influence on the application performance, it has been exchanged with a hardware unit controlled from the Linux Kernel. The performance has been increased more than twice.
|
|
|
Advanced features of traffic shaping for 802.3 and 802.11 networks under OS Linux
Pánek, Michal ; Endrle, Pavel (referee) ; Szőcs, Juraj (advisor)
This bachelor work deals with possibilities of traffic shaping and control in OS Linux. First part of the work examines indiviual tools needed for working with data stream. The second part consideres methods intended for traffic shaping. From these methods intended for use in standarts 802.3 and 802.11 were selected and described. The second part of paper focused on Hierarchical Token Bucket and Class-based queueing method. The third part is the practical application of methods on the hardware, the measurement of the individual standards and processing into charts.
|
|
|
Detection of P2P Networks
Vrba, Jindřich ; Kaštil, Jan (referee) ; Tobola, Jiří (advisor)
This thesis deals with peer-to-peer network detection. It describes possible techniques of identification on various ISO/OSI Layers. The goal of the practical part is to examine detection on the L7 layer by means of string patterns. A presentation of the results with graphs on web pages is also included. The application is intended for the GNU/Linux operating system.
|
|
|
User Oriented QoS System
Plchot, Oldřich ; Matoušek, Petr (referee) ; Kašpárek, Tomáš (advisor)
This master's thesis deals with the possibilities how to guarantee the quality of service in the area of computer networks using a GNU/Linux operating system. This work compares and evaluates tools which are necessary to guarantee the quality of service. The goal of this work is to discuss the advantages and disadvantages of these tools and to design a system which handles the problem of quality of service. Designed system uses a heuristics, which allows the user to set up the quality of service system without studying specific properties of communication protocols on the network or application layer. This work also includes a theoretical introduction into the quality of service and computer networks.
|
guest ::
