|
|
Application for illustrating the structure of the tested environment
Kuřina, Petr ; Holasová, Eva (referee) ; Kuchař, Karel (advisor)
This bachelor work deals with the creation of an application for the representation of the structures of the tested environment. The theoretical part describes the tools that are processed in the practical part, they are mainly the JavaScript programming language, Vue.js framework and penetration testing in general. The practical part presents the results of network topology testing was performed by Nmap tool. The aim of the practical part is to create an application that will clearly explain the results of testing to the user.
|
|
|
Analyzing the S7 protocol and creating a virtualized industrial scenario
Srovnal, Dominik ; Kuchař, Karel (referee) ; Pospíšil, Ondřej (advisor)
Industrial network is frequent target of attacks used to damage production and disrupt today infrasctructure. It is necessary to capture such attacks and be able to react correctly to them. That is the reason, why it is necessary to deal with the problematics from the very beginning to the final element. Meaning of this is a prevention of possible attacks and the prerequisite for preventing such attacks on network communication. In order to detect potential weaknesses, communication analyzes and simulations need to be performed. This can be achieved using sofware designed specificly for such situations. Thus two programs were created to simulate the industrial scenario and analyze the S7 protocol. The data received from this communication were analyzed and subsequently scrutinized.
|
|
|
Web platform to support penetration testing
Lazarov, Willi ; Kuchař, Karel (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis deals with the design, development, and implementation of a web platform to support penetration testing. The theoretical part of the thesis is devoted to the description of penetration testing and vulnerability severity assessment. Next, the technologies used in the development of the final solution are described. The practical part describes the gradual solution of partial requirements of the web platform. The individual chapters summarize the problem, design, and implementation of the solution. The practical part starts with the design of a highly scalable model that addresses the main problem of the assignment of this thesis. Next, the design of the platform, its embedding in the proposed model, and the development of a modular web application. Furthermore, the actual development of the application part is described, specifically, its connection with the relational database, tools for automated penetration testing, and the report generator. In the next chapter, the testing of the platform in a production environment is described. The last chapter compares relevant tools for penetration testing. The result of the work is a web platform with the main purpose of increasing the effect of penetration testing to such an extent that the time, complexity, and work required to successfully complete the entire test will be considerably lower than using currently relevant available tools.
|
|
|
Industrial Network Security Module
Kuchař, Karel ; Holasová, Eva
This article is focused on a fast and efficient evaluation method of communication of theModbus/TCP protocol. Modbus/TCP does not implement authentication or communication encryption.Therefore, a Modbus Security module was created, which allows sniffing specific network trafficand parsing particular information from the packets. This information is stored in the database usingPostgreSQL on each master and slave station. It evaluates whether there is an attack on the networkby comparing information in individual databases. There is an additional authentication of individualstations using the created SSH connection between databases. Everything is visualised using theGrafana tool.
|
|
|
Specific Anomaly Detection Method In Wireless Communication Networks
Holasová, Eva ; Kuchař, Karel
This paper is focused on security problems in wireless networks covering on problems of security protocols like weak cipher in WEP (Wired Equivalent Privacy), dictionary attack in WPA (Wi-Fi Protected Access) and KRACK (Key Reinstallation attack) in WPA2. The structure of KRACK attack is described. Potential solution of KRACK is handling the network traffic especially with EAPOL (Extensible Authentication Protocol over LAN) frames is described, too. As a result security consists of multiple parts and it is important to both keep and update security level on every part of the network.
|
|
|
An Appropriate Strategy For Detecting Security Incidents In Industrial Networks
Kuchař, Karel ; Holasová, Eva
This paper is focused on environment of critical infrastructure and inadequate security problem. Industrial network typically works with old devices and a potential update may cause delay in the production and costs a lot of money. That is the reason why additional devices improving security of all system must be introduced. Tools like IDS/IPS (Intrusion Detection System/Intrusion Prevention System) are great for detecting anomalies and defining signatures in the network traffic. For such types of the network it is critical proper handling of security issues and generated alerts.
|
|
|
Detection of DoS and DDoS attacks targeting a web server
Nguyen, Minh Hien ; Fujdiak, Radek (referee) ; Kuchař, Karel (advisor)
The bachelor thesis deals with the detection of DoS (Denial of service) and DDoS (Distributed Denial of Service) attacks targeting a web server. This work aims to design detection methods, which will be subsequently tested. Analysis of attacks according to the ISO/OSI (International Organization for Standardization/Open Systems Interconnection) reference model will allow an understanding of the features of individual attacks. In the practical part, some tools are used to implement attacks, then there are generators of legitimate network traffic and a secure web server. Substantial data are created from ongoing attacks and communications of ordinary users. These data are an important part of the proposed methods. The purpose of assessing the achieved results is to evaluate the effectiveness of individual detection methods in terms of accuracy and time consumption.
|
|
|
Appropriate strategy for security incident detection in industrial networks
Kuchař, Karel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
|
|
|
Municipal by-laws
Kuchař, Karel ; Vedral, Josef (advisor) ; Rajchl, Jiří (referee)
Generally binding ordinances of municipalities] Abstract This thesis deals with generally binding ordinances of municipalities. A generally binding ordinance is a legal regulation that is, in accordance with the provisions of Article 104 Paragraph 3 of the Constitution of the Czech republic, issued by the municipal council. This is significant and we can say the unique expression of the right of municipalities to self- government, which is also guaranteed by the municipalities at the constitutional level. After the first chapter in which the necessary terms for the following text are defined, follows the chapter focused on the constitutional and legal bases of issuing of generally binding ordinances. This chapter also describes the Constitutional Court's first judgement concerning with generally binding ordinances and subsequent discussion which this judgement provoked. This chapter is followed in the fifth chapter of the thesis, which focuses on the development of the case law of the Constitutional Court and describes its further development. Especially, the attention is focused on judgement Pl. ÚS 45/06 and on the change of the legal opinion of the Constitutional Court with this judgement related. The third chapter deals with selected topics related to the issuance of generally binding ordinances. In its...
|
|
|
Security of operating systems
Kuchař, Karel ; Komosný, Dan (referee) ; Člupek, Vlastimil (advisor)
This bachelor thesis is focused on security of operating systems, which is more and more important. At first, basics of security of operating systems will be covered, followed by describing elements, which help secure communication on internet. In the third chapter, there are discussed the most using operating systems in terms of security and mentioned their most common weaknesses. Following chapter talks about scenarios in which is defined how to properly set each part of the system, so it is secure; also, security applications that make operating system more secure are mentioned. In fifth chapter are above mentioned scenarios applied to virtual machines. To test chosen security settings were individual machines exposed to penetration test. Afterwards, the chosen security settings are evaluated and further steps are recommended. The goal of this thesis is to apprise with problems of security of operating systems and the importance of implementation of security measures.
|
guest ::
RSS feed.