|
|
Implementation of mechanisms providing Segment Routing for IPv6 (SRv6) using the FD.io VPP platform
Mjasojedov, Igor ; Dvořák, Jan (oponent) ; Koláčková, Aneta (vedoucí práce)
The development of the mobile networks of fifth-generation (5G) accomplishes the requirements of transported services. New applications and services put high pressure on bandwidth, reliability and flexibility of the data transport. Due to this trend, network technologies need to be developed to address it and ensure transmission quality. This master's thesis aims at the Segment Routing (SR) concept and its commitment to improving transport quality in the transport part of 5G mobile networks. SR allows the integration of network programming into the traditional design of transport networks. SR uses either MPLS (SR-MPLS) or IPv6 (SRv6) on the forwarding plane. This thesis aims at SRv6. The main goal of the thesis is to design and implement a communication scenario for the transport part of the network with the SRv6 protocol. Docker platform is used to create a topology with all its nodes. The VPP platform is used to enable SRv6 on top of this topology. VPP has the ability to be configured via NETCONF protocol thanks to the Honeycomb agent, which can process NETCONF messages and propagate them to the VPP configuration. This configuration is done by the program Ansible, which can send NETCONF configurations to all SR nodes with Honeycomb installed. Testing and verification of the topology with all SRv6 policies is handled by the TRex traffic generator.
|
|
|
Automatic Honeypots Deployment and Data Gathering
Ďuriš, Tomáš ; Pluskal, Jan (oponent) ; Zobal, Lukáš (vedoucí práce)
This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet
|
|
|
Secure deployment and testing of oVirt platform
Vágner, Vojtěch ; Martinásek, Zdeněk (oponent) ; Dzurenda, Petr (vedoucí práce)
The oVirt virtualization platform offers a wide range of different configurations. All of those configurations are by no means inherently secure when deployed out of the blue. The secure configurations are defined by security standards which the configurations claim conformance to. Since oVirt is a community project, it is hard to get such a software certified in the field of security standards. Certifications in the field of security standards are expensive. Luckily, oVirt shares common ground with Red~Hat~Virtualization to which certain security standards are applicable (FIPS 140-2, DISA STIG, Common Criteria). The link between Red~Hat~Virtualization and oVirt enables secure configurations also for oVirt. The focus of this thesis is then to determine which configurations are supported by the standards, therefore secure, and how to verify that the secure configurations are present. This is done through the use of a script in the form of an Ansible Playbook incorporating Ansible Roles that manage compliance evaluation for each of the presented security standards.
|
|
|
System for Automatic Filtering of Tests
Lysoněk, Milan ; Smrčka, Aleš (oponent) ; Malík, Viktor (vedoucí práce)
The goal of this thesis is to create a system that automatically determines a set of tests that must be run when a change is done in the ComplianceAsCode project. The proposed method selects a set of tests based on static analysis of the changed sources, taking into account the internal structure of ComplianceAsCode. The created system is divided into four parts - obtaining changes from the versioning system, static analysis of different types of files, computing the set of files affected by the change, and computing the set of tests that must be run to test the given change. We implemented analysis of several types of files and our system is designed to be easily extended by other analyses for other file types. The created implementation is deployed on the server where it automatically analyzes new contributions to the ComplianceAsCode project. The automatic running informs contributors and developers about changes that it found and recommends which tests should be run for the change. This saves the time spent on verifying the correctness of contributions as well as the time spent on running tests.
|
|
|
Automatic verification of software packages with help of DNS
Sehnoutka, Martin ; Dvořák, Jan (oponent) ; Jeřábek, Jan (vedoucí práce)
This master’s thesis deals with the problem of secure software distribution. An enhancement for the current state is proposed with the help of the domain name system which is used as a storage for verification keys. These keys are necessary for integrity verification of packages downloaded using a package manager. Furthermore, an extended version is proposed, which takes into account also repository metadata. Both versions are implemented using the Python programming language and integrated into the dnf package manager. This implementation is then tested in a virtual environment, discussed and evaluated in terms of its performance.
|
|
|
Automatic Component Metadata Extractor and Consolidator for Continuous Integration
Kulda, Jiří ; Smrčka, Aleš (oponent) ; Vojnar, Tomáš (vedoucí práce)
This Master Thesis focuses on the modification of continuous integration practice within the Platform team at Red Hat. The result of this thesis is the Metamorph, tool which will make it possible to unify the continuous integration tools of sub teams under the Platform team. The theoretical part describes the creation of a continuous integration practice and explains its benefits. Subsequently, existing CI tools (in the industry) are presented in detail. The following section demonstrates how continuous integration uses the Jenkins tool. This master thesis also contains the particulars of existing internal CI solutions at Red Hat. In the practical part, the design and implementation of tool that was made during the creation of this master thesis are introduced. In conclusion, the results are tested by one team at Red Hat and a possible extension is outlined.
|
|
|
Bezpečnostní cvičení na platformě OpenStack
Fišarová, Veronika ; Hajný, Jan (oponent) ; Lieskovan, Tomáš (vedoucí práce)
Cílem bakalářské práce je seznámení s platformami, které se používají pro tvorbu cyber rangů. Hlavní část práce je zaměřena na cloudovou platformu OpenStack a její využití při tvorbě cyber range. Rozebrány jsou možnosti instalace OpenStacku a je vybrána instalace, která je vhodná pro nasazení projektu KYPO. Poslední část práce se věnuje analýze projektu KYPO a instalaci OpenStacku na virtuální stanici. Následuje nasazení platformy KYPO na vhodně upravený OpenStack a zprovoznění trénovacího scénáře.
|
|
|
Systém pro správu a monitoring PC
Kudláček, Marek ; Zeman, Kryštof (oponent) ; Mašek, Pavel (vedoucí práce)
Diplomová práce se zabývá systémem pro hromadnou správu a monitoring PC. Je zde uveden stručný popis nástrojů Puppet, Chef a Ansible, které tuto funkcionalitu umožňují. Celková problematika systému je řešena pomocí nástroje Ansible. Součástí je vytvořený scénář pro vzdálenou správu učebny, podle předem stanoveného zadání. Systém zajišťuje vzdálenou instalaci a konfiguraci aplikací, vytváření uživatelů, editaci souborů, aktualizace systému a mnohé další. Pro tento systém je vytvořena webová aplikace, díky která může být systém ovládán pomocí webového prohlížeče, jak z lokální, tak i veřejné sítě. Součástí práce jsou praktické ukázky řešené problematiky.
|
|
|
Analysis of possible threats in old OS Linux version
Chovancová, Emília ; Dejdar, Petr (oponent) ; Tomašov, Adrián (vedoucí práce)
The bachelor thesis is focused on the security aspect of an older version of a Linux based machine. The document is split into a theoretical part which contains a description of what operating system, kernel, UNIX, GNU/LINUX and Linux OS are in general. Then the description proceeds to explanation of active and passive attacks such as replay, masquarade, denial of service, man in the middle or listening and analysing the network. Afterwards it continues with description of potentially vulnerable spots that are common on operating systems. With the help provided from scanning software, especially Nmap and Lynis, the document proceeds to the practical part which contains various types of successful and unsuccesfful attacks such as password recovery, denial of service, spectre, brute force of a password and cross-site scripting. The last part covers the protection against succesfull attacks and adds a little bit more of additional protection in general in a form of an ansible script.
|
|
|
Podpora průběžné integrace v rámci systému Copr
Klusoň, Martin ; Hruška, Martin (oponent) ; Rogalewicz, Adam (vedoucí práce)
Práce se zabývá implementací průběžné integrace pro build systém Copr. Implementace využívá framework Citool a jeho moduly, které se již používají pro průběžnou integraci build systému Koji. Výsledný systém umožňuje automaticky spustit testování pro nový balíček v build systému Copr a otestovat ho v prostředí virtuálního stroje. Práce ukazuje způsob, jakým je možné realizovat průběžnou integraci pro build systém Copr.
|
host ::
RSS.