|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
|
| |
|
| |
|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
|
| |
|
| |
|
|
Information Security Risk Analysis in company operating in the distribution of healthcare and beauty products
Genský, Oliver ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This thesis processes the risk analysis topic, which is included in the overall information security management system. Thesis is divided into two parts; theoretical and practical. Terms and processes used in the risk analysis are included in the theoretical part. This section also describes standards that offer best practices of information security management, based on historical experience in variety of businesses. The defined terms and the chosen standards and methods are thereafter applied in the practical section, where risks of a particular business are analyzed and afterwards supported by an evaluation of risks and proposed solutions. This work is concluded by an overall information security report, which is consulted with the lead management of the business.
|
|
|
Information Security in the context of ITIL
Korous, Petr ; Bruckner, Tomáš (advisor) ; Chlapek, Dušan (referee)
The diploma thesis discusses information security management in the context of ITIL framework. In the introductory part is explained the concept of information security, its importance and main goals. In subsequent chapters, the work aims to explore methodologies, frameworks and standards related to information security and internal control. Selected frameworks and models and described and compared with each other based on different criteria. The comparison is also one of the benefits of the work because similar topics which compare different models of internal control and information security are quite rare in the literature. The practical part of the thesis forms new methodology on basis of researched models and standards, including ISO 27000, ITIL and COBIT. This methodology provides a relatively simple way to evaluate the level of information security in an organization. It uses process capability model which is applied on selected company. Another benefit of the thesis is the developed methodology and its demonstration on a selected company.
|
|
|
Information security management system in small business
Kraus, Vojtěch ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
This thesis discusses information security management and information security management systems in small businesses. The goal and prospective added value of this thesis is to provide with a set of practical comments and recommendations for those who implement and/or administer an information security management system in the delicate environment of a small enterprise. First part of the thesis contains theoretical definition of information security and information security management systems. Also, this part describes standards relevant to this thesis. Second part defines the concept of "small business" and discusses possible options of designing ISMS in such business so that it complies with standards mentioned above and is an effective as well as affordable solution which does not demand excessive amount of company's resources. Third and final part of this thesis is analysis of ISMS of a specific company that fits the definition of small business -- BDO IT a.s.
|
|
|
The Method of Service Desk assessment according to ITIL and other methodologies
Vrchotová, Olga ; Bruckner, Tomáš (advisor) ; Pavlíček, Luboš (referee)
The goal of this diploma thesis is to create a methodology for rapid assessment of Service Desk function. The thesis comprises three logical units. The introductory part describes a theoretical framework of methodologies used for general functions of IT services. As a part of this section, the case study of delivery of IT services in company Pražská energetika a.s. follows. In the second part, the diploma thesis describes a methodology based on introductory analysis for evaluation of Service Desk in certain aspects of its operation including related issues of lifecycle of providing IT services. The final part of the thesis provides a case study which is based on application of the proposed methodology on several selected companies.
|
guest ::
