|
| |
|
|
Security exercises for ethical hacking
Paučo, Daniel ; Lieskovan, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
This master thesis deals with penetration testing and ethical hacking. Regarding to the layout of the thesis there was prepared appropiate enviroment to realize Red/Blue team exercise, where Red team is in a role of the attacker and Blue team is in a role of defender of the network infrastructure. Whole infrastructure is implemented in a cloud virtual enviroment of VMware vSphere. Second part of the thesis consists of preparation and creation of the exercise to test web application security. Third part of the thesis is dedicating to the automatization of redteaming. Main focus of this master thesis is to demonstrate different attack vectors how to attack the network infrastructure and web applications and use of the defense mechanisms to avoid this kinds of attacks.
|
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
Security of Red Hat Enterprise Linux based operating systems
Kňažeková, Nikola ; Ilgner, Petr (referee) ; Komosný, Dan (advisor)
Táto diplomová práca sa zameriava zvyšovanie bezpečnosti v operačných systémoch založených na Red Hat Enterprise Linux, na základe analyzovaných zraniteľnosti za posledných 5 rokov. V teoretickej časti sú popísané slabiny a zraniteľnosti, základné bezpečnostné mechanizmy v Linuxe, so zameraním na technológiu SELinux. Technológia SELinux je súčasťou operačných systémov Red Hat Enterprise Linux, Fedora a CentOS. Na základe analyzovaných zraniteľností bola v praktickej časti navrhnutá konfigurácia technológie SELinux. V návrhu sú popísané prvky, ktoré sa budú konfigurovať a tými sú SELinuxové booleany, SELinuxové moduly a SELinuxoví užívatelia, so zameraním na ochranu pamäte, eskalovanie privilégií, spúšťaniu kódu, úniku dat a obmedzenie procesov a užívateľov. Na základe návrhov bola vytvorená konfigurácia v konfiguračnom nástroji Ansible, ktorej cieľom je umožniť užívateľovi jednoducho a rýchlo nakonfigurovať hosťa. Okrem nej boli vytvorene ďalšie dve konfigurácie, ktoré umožnia vrátiť systém do predchádzajúceho stavu alebo uzamknúť SELinuxovú konfiguráciu. Následne sa overoval dopad konfigurácií na použiteľnosť systému a nájdené chyby boli opravené alebo nahlásené. Posledná časť overuje funkčnosť konfigurácie pred zneužitím zraniteľností.
|
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
|
|
Design of a smart meter testing methodology focusing on invasive testing
Biolek, Martin ; Sikora, Marek (referee) ; Lieskovan, Tomáš (advisor)
Bachelor thesis is focused on investigating the security deficits of smart meters through penetration testing. The theoretical part describes the standards that should be followed by smart meter manufacturers. This is followed by the practical part where the testing of two smart meter systems was conducted in order to discover their vulnerabilities. The result of the work is the exposure of one of the two systems of interest that requires significant security improvements before deployment of another version. A description of the vulnerabilities is included in the practical part of the thesis.
|
|
|
The proposal of ISMS implementation in the public administration
Štukhejl, Kamil ; Tomáš,, Krejčí (referee) ; Sedlák, Petr (advisor)
This diploma thesis focuses on the implementation of information security management system in the public administration based on ISO/IEC 27000 series of standards. The thesis contains theoretical background, introduction of the organization, risk analysis and a proposal of appropriate measures for minimization of these identified risks. In the end, an implementation plan is proposed including an economic evaluation.
|
|
|
Vulnerability Analysis of Data Protection in Selected Company
Strachová, Zuzana ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The bachelor thesis deals with security assessment in the area of data protection of a part of the information system in a selected company. In my thesis, I examine the security status and security controls in place and try to detect actual or potential vulnerabilities. Based on an analysis performed by means of interviews, using assisted assessment methodology and automated vulnerability-finding method, I suggest security enhancements. The theoretical part of the thesis provides an introduction to the topic of data protection and defines the basic related terms.
|
|
| |
|
|
The specifics of violence against women without shelter
Piknová, Tereza ; Tomeš, Igor (advisor) ; Pěnkava, Pavel (referee)
The diploma thesis is focused on the specifics of violence against the homeless women. The thesis is divided in theoretical and empirical part. Theoretical part is further divided into three chapters, structured from the general description of homelessness to the specifics of violence that is happening on the homeless women. The goal of the empirical part is also to identify barriers and preconditions for the solution of violence and recommendations for optimization of help with violence. The empirical part is based on two data sets, one of them is social workers/curators, second is homeless women. The research is qualitative and is conducted in the form of semi-structured interviews. In the final part of empirical research, a comparative analysis of both data sets is performed. From the analysis are derived the conclusions and recommendations on how to contribute to setting more effective means of solving violence against the homeless women.
|
guest ::
