|
|
Proposal of the secure network model
Kis, Matej ; Rosenberg, Martin (referee) ; Babnič, Patrik (advisor)
The goal of this work was to create a design of a secured network infrastructure with decribing different ways of securing at ISO/OSI layers. Create a list of protocols which can be used to achieve a secured network design. In the theoretical part of this work the attention was placed to analyze possible solutions, which can be appllied in a practical part of the work. The practical part involves a design of a network topology and simulation. The part of the simulation was device configuration and network security testing.
|
|
|
Software support of teaching of cryptography protocols
Marek, Tomáš ; Lambertová, Petra (referee) ; Burda, Karel (advisor)
Document contains informations about authentication, encryption, data integrity and data authenticity. Next part includes description of well know cryptography protocols, their functions and also their weaknesses. All of these acquired informations were used in concept and final software support for teaching of cryptography protocols, which is able to run on clasic web-browser. Thats why the application was designed as web PHP pages using JavaScript and AJAX, which ensures plaform and OS architecture independency. Besides the descripted and ilustrated part of application there are also interactive parts and animations. The last period contains description of education software and its functions. Source code can be found on the appended CD.
|
|
|
Performance Test Suite for MIT Kerberos
Špaček, Petr ; Müller, Petr (referee) ; Zelený, Jan (advisor)
Tato práce se zaměřuje na vyvinutí nástrojů pro výkonnostní testování, které umožní otestovat infrastrukturu systému MIT Kerberos, zjistit její výkonnostní charakteristiky a detekovat potenciální problémy. Práce shrnuje teoretické základy protokolu Kerberos a analyzuje potenciální výkonnostní problémy v různých konfiguracích MIT Kerberosu. Dále práce obsahuje popis návrhu a implementace sady nástrojů pro distribuované testování. Pomocí implementovaných nástrojů bylo odhaleno několik výkonnostních problémů, které jsou v práci popsány spolu s návrhem jejich řešení.
|
|
|
Implementation of External Authentication Modules for nginx
Kameníčková, Petra ; Očenášek, Pavel (referee) ; Rychlý, Marek (advisor)
This bachelor's thesis describes the process of design and development of authentication modules for nginx web server. These modules are used for enrollment of nginx-based applications and services into FreeIPA environment. The first part of the thesis explains the basics of FreeIPA and nginx architectures and principles of Kerberos and PAM authentication mechanisms as well. The second part of the thesis solves the practical problems - existing Apache modules analysis, nginx design description and implementation details. The last part describes confi guration requirements and possible enhancements.
|
|
|
Cosign Authentication in PHP
Kovářík, Jiří ; Skokanová, Jana (referee) ; Lampa, Petr (advisor)
Master's thesis deals with issue of cookie-based central authentication services. Present-day methods of single sign-on are described. The specification of single sign-on mechanism Cosign and its authentication filter is closely viewed. Cryptographic algorithms needed by this filter are described, as well as their possible realization in PHP. Next, the implementation of Cosign authentication filter is described. Performance of the filter is tested and its future use is analysed.
|
|
|
Formal analysis of cryptographic protocols
Petrovský, Peter ; Martinásek, Zdeněk (referee) ; Člupek, Vlastimil (advisor)
This diploma thesis deals with cryptography. It describes its basic allocation and problems of number theory that needs to be addressed. It also deals with methods used to review the formal security of cryptographic protocols from a mathematical point of view. It analyse the tools used to automatic and semi-automatic evaluation of the safety of cryptographic protocols. It describes the process of working with these tools and finally test the security of protocols Kerberos, EKE and Unilateral authentication using symmetric cryptography, HMAC function and hash function. These tests are in tools AVISPA, ProVerif and Scyther. At the end is comparison of results.
|
|
|
Privacy protection on the internet
Lučenič, Lukáš ; Babnič, Patrik (referee) ; Rosenberg, Martin (advisor)
In this bachelor thesis are analyzed social networks and their security, methods of obtaining information from users and examples of Internet crime. The second part describes authentication methods and authentication protocols. The final section describes a principled own proposal anonymous authentication protocol.
|
|
|
Corporate Identity and Access Management System Architecture Improvement Proposal
Nop, Dominik ; MBA, Igor Gricinko, (referee) ; Ondrák, Viktor (advisor)
The master thesis focuses on assessment of current implementation of identity management system and proposal of a new implementation to increase level of stability and information security in the company, primarily regarding the systems that process financial data. In first part, basic theoretical knowledge related to identity management systems is defined. In second part, an analysis of current system state is performed. Based on this analysis, new organizational and technical solutions are proposed to the company. Finally, an implementation project proposal as well as with risk analysis and economic evaluation is completed in the end of this thesis.
|
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
|
|
Identity management
Kefer, Daniel ; Polívka, Michal (referee) ; Pelka, Tomáš (advisor)
The master thesis is divided into two parts. In the first part, identity management is described on theoretical basis. Particular domains of identity management including authentication, authorization and audit are explained as well as Single Sign-On concept, i.e. using single credentials and entering them just once for access to multiple independent systems or services. In the second part, which forms the main part of this thesis, a practical project was implemented on the infrastructure of the Department of Telecommunications within the Faculty of Electrical Engineering and Communication, Brno University of Technology. The goal of this project was to create an environment for central 4 authentication and Single Sign-On using only open source technologies within a computer laboratory used for teaching OS Linux. The project is based on OS Linux Debian, Kerberos as a protocol for secure authentication and LDAP server OpenLDAP. For the Single Sign-On demonstration, NFS services for accessing data on the network were chosen. Using NFS services, users can sign-on to any workstation and access all their data. Administration of users and their import from central FEEC databases was implemented using scripts developed in Python. Next, using Apache, PHP and MySQL, a front-end audit interface for the network administrator was developed in order to inspect and evaluate security events in the network. Messages about suspicious events are delivered to administrator’s mailbox in real time. The project is intended as a security platform which means that other services can be implemented for Single Sign-On as well as new mechanisms for evaluation of suspicious events.
|
guest ::
