|
|
Web application for visualization and analysis of correlation rules deployed in cyberspace
Závišková, Hana ; Říha, Kamil (referee) ; Safonov, Yehor (advisor)
In a world of constantly evolving modern technologies, there is a growing need of developing cyber security strategies to protect digital infrastructures as the number of cyber attacks is rapidly increasing. The main goal of the bachelor thesis is to create a tool for visualizing correlation rules of SIEM systems. The tool is implemented as an extension to an existing web application and aims to allow a security expert or application user to explore user Sigma rules according to different criteria and based on different views. From a theoretical point of view, the bachelor’s thesis focuses on introducing the reader to the basics of cyber security in terms of the motivation for providing security, explaining the basic concepts necessary to understand the content of the thesis and analyzing the perspectives in which cyber attacks can be viewed. It also contains a description of selected cyber attacks, the selection of which is based on the statistics of cyber attacks on the Czech Republic for the first three quarters of the year 2023. This is followed by an explanation of the principles of detection and prevention of cyber incidents, technologies for ensuring protection in cyberspace, including the issue of log sources and platforms for detecting information about threats and the principles of cyber incident investigation. This is followed by an introduction to the legal regulation of cyber security, including a description of ENISA recommendations. The practical part of the bachelor thesis is further divided into four chapters. In the first part, an analysis of available web frameworks that can be used in application development and an analysis of the rule visualization methods used in two modern SIEM solutions were performed. The second phase focuses on the design of different views that can be used to provide a pleasant, intuitive and interactive environment for displaying user rules. The visualization designs include the components available in the D3.js library and working with the MITRE ATT&CK matrix. The second phase also includes the creation of a structure for the layout of the elements in the web application. The third phase is oriented towards approaching the actual implementation of the appropriate views that result from the analysis performed in the second phase. It also includes a description of the experimental environment in which the application was developed and how the data was obtained. The last phase focuses on testing the visual part of the application from the user’s perspective. The whole thesis finishes with a conclusion, which summarizes the results of the bachelor’s thesis, which have been achieved, and suggestions for improving the application in the future.
|
|
|
Mapping Cyber Security Measures: From Legislation to Technical Implementation
Hopp, Jiří ; MSc, Mezera Michal, (referee) ; Sedlák, Petr (advisor)
In my thesis, I focused on creating a systematic tool for mapping technical measures and mitigations to national legislative cybersecurity requirements. I conducted an analysis of the addressed issue, which revealed opportunities for developing the tool and revealed forthcoming changes in legislative requirements based on the EU directive NIS2. In the following part of the thesis, I described the design and development of the mentioned tool in the form of a table. The tool met the client's requirements and mapped relevant technical measures to individual points of the current and NIS2-derived legislative requirements. Based on consultations with the client, I determined that the objectives outlined in the thesis were successfully met and that the developed tool will be utilized in a real-world environment.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Amplifying Cyber Threat Intelligence Analysis with Honeypots
Janout, Vladimír ; Gerlich, Tomáš (referee) ; Ricci, Sara (advisor)
Tato práce se věnuje nasazení honeypotů jako zdroje dat pro analýzu kybernetických hrozeb. Za tímto účelem je nakonfigurován honeypot a vystaven v cloudu na internet po určitou dobu pro sběr dat. V další části je navrhnut nástroj v jazyce Python pro dotazování tří zdrojů informací o hrozbách, který slouží k získávání metadat o indikátorech. Užitečnost nástroje je demonstována v praxi tím, že je využit k získávání metadat o indikátorech, které byli extrahovány ze sesbíraných dat. Poslední část práce se zabývá výsledky a trendy v chování útočníků na základě shromážděných a zpracovaných dat. V případové studii se práce zaměřuje na jednu SSH a relaci a výsledkem je zmapování technik útočníků na MITRE ATT&CK model.
|
|
|
Mapping Cyber Security Measures: From Legislation to Technical Implementation
Hopp, Jiří ; MSc, Mezera Michal, (referee) ; Sedlák, Petr (advisor)
In my thesis, I focused on creating a systematic tool for mapping technical measures and mitigations to national legislative cybersecurity requirements. I conducted an analysis of the addressed issue, which revealed opportunities for developing the tool and revealed forthcoming changes in legislative requirements based on the EU directive NIS2. In the following part of the thesis, I described the design and development of the mentioned tool in the form of a table. The tool met the client's requirements and mapped relevant technical measures to individual points of the current and NIS2-derived legislative requirements. Based on consultations with the client, I determined that the objectives outlined in the thesis were successfully met and that the developed tool will be utilized in a real-world environment.
|
|
|
Amplifying Cyber Threat Intelligence Analysis with Honeypots
Janout, Vladimír ; Gerlich, Tomáš (referee) ; Ricci, Sara (advisor)
Tato práce se věnuje nasazení honeypotů jako zdroje dat pro analýzu kybernetických hrozeb. Za tímto účelem je nakonfigurován honeypot a vystaven v cloudu na internet po určitou dobu pro sběr dat. V další části je navrhnut nástroj v jazyce Python pro dotazování tří zdrojů informací o hrozbách, který slouží k získávání metadat o indikátorech. Užitečnost nástroje je demonstována v praxi tím, že je využit k získávání metadat o indikátorech, které byli extrahovány ze sesbíraných dat. Poslední část práce se zabývá výsledky a trendy v chování útočníků na základě shromážděných a zpracovaných dat. V případové studii se práce zaměřuje na jednu SSH a relaci a výsledkem je zmapování technik útočníků na MITRE ATT&CK model.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
guest ::
