|
|
DNS firewall and its deployment and integration in cyber center
Doležal, Martin ; Kubánková, Anna (referee) ; Jeřábek, Jan (advisor)
This bachelor's thesis deals with the deployment, integration, and testing of a DNS firewall in a security operations center. It describes the connection of endpoints and remote local area networks to the DNS firewall located in the security operations center. Furthermore, the enforcement of the DNS firewall is described. The main goal of the thesis was to deploy and integrate a DNS firewall inside a security operations center. The first chapter describes the security operations center in general. The second chapter deals with the DNS system. The following chapter describes the security of the DNS system and security of DNS requests, the reader is informed of the term DNS firewall and RPZ and VPN technologies. The fourth chapter describes the DNS firewall deployment process and its integration in a real security operations center. The next chapter describes connection methods of endpoint and remote local area networks to the DNS firewall and its enforcement inside the security operations center. The last chapter deals with performance testing and deployed DNS firewall availability. The outcome of the thesis involves a deployed, integrated, fully-functional, and tested DNS firewall in a real-world security operations center. The Bind software package along with the RPZ technology was used to implement and deploy the DNS firewall. For testing and connection of endpoints, the VPN technology, and the RIPE Atlas network was used.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Log Analysis Using TeskaLab Platform
Kocinec, Patrik ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This work describes the usage of machine learning methods for processing logging information on LogMan.io system. The work includes a description of methods of processing logging information for the purposes of security monitoring, as well as machine learning methods and principles of data processing. Subsequently, the work focuses on the introduction of the LogMan.io system and its components. Then, an application for processing logging information is designed and implemented on LogMan.io system, which uses machine learning methods to detect malign domains. When implementing the application for model training, several methods were used focusing on the accuracy of detection.
|
|
|
Security Monitoring of Home IoT Networks
Krajč, Patrik ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The main purpose of my bachelor thesis is create system for security monitoring of home IoT networks and user interface for network anomalies detection. Final application shows information about traffic in specified time intervals for specific day and hour. Traffic information are obtained from IPFIX records stored in MySQL database. Used test kits of IPFIX records were created from communication of locally connected devices that used CoAP protocol.
|
|
|
Industrial control system security design
Strnad, Matěj ; Martin,, Keprt (referee) ; Sedlák, Petr (advisor)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
|
|
Company network security monitoring
Kališ, Martin ; Pavlíček, Luboš (advisor) ; Matuška, Miroslav (referee)
Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.
|
guest ::
