|
|
Establishment of the graphic interface for firewall using Qt4 framework
Štefany, Martin ; Jelínek, Mojmír (referee) ; Matocha, Tomáš (advisor)
The aim of this thesis is to design an application, which will serve as a~graphical interface to the terminal application iptables. iptables is an application which uses the Netfilter framework for managing firewall in operating system GNU/Linux. Graphical interface is a~way how to raise a~comfort of firewall configuration and management, because user doesn't have to remember all of the commands and graphical interface also shows him actual structure and contents of the firewall in a~tree view. Thesis describes format and options of the commands and also the firewall structure and its function in Linux. Designed application is written in C++ language using aspects of object oriented programming and uses Qt4 framework. Qt4 is a~great framework for creating graphical user interfaces, brings a~lot of new classes and methods and extends programmer's possibilities during designing graphical or terminal applications for lots of platforms. Thesis also includes a~manual to designed graphical interface, to the application qIPtables, which user can use to learn the basics of using this application and firewall management.
|
|
|
Advanced features of traffic shaping for 802.3 and 802.11 networks under OS Linux
Pánek, Michal ; Endrle, Pavel (referee) ; Szőcs, Juraj (advisor)
This bachelor work deals with possibilities of traffic shaping and control in OS Linux. First part of the work examines indiviual tools needed for working with data stream. The second part consideres methods intended for traffic shaping. From these methods intended for use in standarts 802.3 and 802.11 were selected and described. The second part of paper focused on Hierarchical Token Bucket and Class-based queueing method. The third part is the practical application of methods on the hardware, the measurement of the individual standards and processing into charts.
|
|
|
Detection of P2P Networks
Vrba, Jindřich ; Kaštil, Jan (referee) ; Tobola, Jiří (advisor)
This thesis deals with peer-to-peer network detection. It describes possible techniques of identification on various ISO/OSI Layers. The goal of the practical part is to examine detection on the L7 layer by means of string patterns. A presentation of the results with graphs on web pages is also included. The application is intended for the GNU/Linux operating system.
|
|
|
IPv6 Network Prefix Translation
Ježek, Lukáš ; Polčák, Libor (referee) ; Grégr, Matěj (advisor)
This master thesis deals with testing network prefix translation algorithm in IPv6. It tests existing implementation. This implementations are compared with each other. Some implementations end with error compilation. There are two options how to deal with this problem, it might be repaired or the port to the new kernel is created. Performance is tested with Spirent hardware packet generator.
|
|
|
Advanced filtering operation in the Linux operating system
Janura, Dominik ; Pelka, Tomáš (referee) ; Szőcs, Juraj (advisor)
This thesis is oriented on the subject of advanced filtering operations and network security under Linux operating system. It explains the procedure of creating a simple packet filtering firewall using the netfilter framework and verifies its efectivity. It further examines the options of user identification in peer-to-peer networks using L7-filtering. It contains design of a system that detects traffic in the most used P2P networks. This system’s function is attested by simulating a P2P traffic inside the local network.
|
|
|
Port Block Allocation for Network Address Translation
Odehnal, Tomáš ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této semestrální práce je nastudovat problematiku Carrier-Grade NAT (CGN) přístupu, který musí provádět záznam o překladu adres každého nového spojení. Protože CGN leží na rozhraních rozsáhlých sítí, může denně zaznamenat statisíce spojení. Toto množšství záznamů má vysoké paměťové nároky a ještě složitější je hledání konkrétního záznamu. Tyto problémy je možné řešit pomocí alokace bloku portů pro překlad adres. Výstupem této práce je vytvoření pravidla do iptables, které provádí tuto alokaci bloků pro překlad adres. To se skládá z uživatelské části, která zpracovává pravidla a kernelovský modul provádějící funkcionalitu pravidla.
|
|
|
Filtering and aggregation of network traffic
Zubov, Artem ; Blažek, Petr (referee) ; Martinásek, Zdeněk (advisor)
V této práci jsou zkoumaní základní principy odporů servisních útoků, nejběžnějších typů a účelu použití. Popsané dostupné techniky zmírnění různých typu útoků, nástrojů a přístupů v operačních systémech postavených na Linuxu. Nakonfigurován filtrcni server a pro účely testování simulovan SYN Flood, UDP Flood a ICMP Flood útoky. Bylo zjištěno, vhodne techniky vyrovnání tehto druhu útoku a realizováné příslušna konfigurace filtrování.
|
|
|
Security of Linux OS
Polách, Milan ; Vychodil, Petr (referee) ; Vymazal, Michal (advisor)
This thesis is focused on the possibility of better networking security operating system GNU/Linux with an appropriate set of rules Netfilter. There was established a program to allow easy configuration of rules for IP Address versions 4 and 6. This program not only allows to set individual rules, but also interfere with the newly required service and decide, how it will be further worked with. The first is the theoretical part describes the network communication with the model TCP/IP, the following is the introduction of Netfilter and outlining the local security. The practical part describes the various technologies and methods used for programming. The result of this work is easy to use program to set firewall rules for IP Address versions 6 with the possibility of deciding on the new established network traffic. The program is designed for new users of the operating system, who want to better secure their computer without the knowledge of Netfilter.
|
|
|
Simulated Fault-Injection in Network Communication
Rozsíval, Michal ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
The development of network applications takes place under ideal conditions, as opposed to deploying them in a real-world environment that contains vulnerabilities such as loss, latency, or cyber-attacks. Ensuring resilience against these vulnerabilities is thus crucial. This thesis introduces the NetLoiter, which aims to enable the simulation of the required vulnerabilities and thus allow developers to treat them correctly. The NetLoiter can be used in transparent (proxy server), hidden (captures communication directly from the system kernel), or hardware versions suitable for testing embedded systems. NetLoiter supports dynamic reconfiguration using a public interface that can be used to automate the testing process. NetLoiter has been successfully integrated and used in real projects.
|
|
|
Port Block Allocation for Network Address Translation
Odehnal, Tomáš ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této semestrální práce je nastudovat problematiku Carrier-Grade NAT (CGN) přístupu, který musí provádět záznam o překladu adres každého nového spojení. Protože CGN leží na rozhraních rozsáhlých sítí, může denně zaznamenat statisíce spojení. Toto množšství záznamů má vysoké paměťové nároky a ještě složitější je hledání konkrétního záznamu. Tyto problémy je možné řešit pomocí alokace bloku portů pro překlad adres. Výstupem této práce je vytvoření pravidla do iptables, které provádí tuto alokaci bloků pro překlad adres. To se skládá z uživatelské části, která zpracovává pravidla a kernelovský modul provádějící funkcionalitu pravidla.
|
guest ::
