|
|
An Architecture for Global Distributed SIP Network Using IPv4 Anycast
Anděl, Ladislav ; Polívka, Michal (referee) ; Kovář, Petr (advisor)
Tato diplomová práce se zabývá metodami pro výběr nejbližší RTP proxy k VoIP klientům s použitím IP anycastu. RTP proxy servery jsou umístěny v síti Internetu a přeposílají RTP data pro VoIP klienty za síťovými překladači adres(NAT). Bez zeměpisně rozmístěných RTP proxy serverů a metod pro nalezení nejbližšího RTP proxy serveru by došlo ke zbytečnému poklesu kvality přenosu médialních dat a velkému zpoždení. Tento dokument navrhuje 4 metody a jejich porovnání s podrobnějšími rozbory metod s využitím DNS resolvování a přímo SIP protokolu. Tento dokument také obsahuje měření chování IP anycastu v porovnání mezi metrikami směrování a metrikami časovými. Nakonec dokumentu je také uvedena implemetace na SIP Express Router platformě.
|
|
|
Http Tunneling of Camera Image Data Transmission
Kabelka, Michal ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
This thesis is trying to describe design and implementation of software for communication interface of camera with server developed for company Wasatis. The first part is describing difficulties and effort to finding solutions to given problems. The next part is about communication through interface called Call Back Connection. In next few parts it is describing process of implementation and principle of configuration of applications. In final part it solves security questions of communication.
|
|
|
Acceleration of NAT and Packet Filter in FPGA for 10G Networks
Orsák, Michal ; Kořenek, Jan (referee) ; Viktorin, Jan (advisor)
This thesis deals with the design of a universal hardware acceleration unit for packet filtering in FPGA for 10G networks. Maximum count of rules is greatly increased by the use of external QDR-II memory. Parameters of accelerator are suitable for NAT, packet filtering and lawful interceptions. The platform uses variable number of processing units. One of them controls accelerator by USB port. The rest is used for network processing.
|
|
|
Application of simulation model of access network
Szymeczek, Andrzej ; Sládok, Ondřej (referee) ; Grenar, David (advisor)
The topic of the diploma thesis is " Application of simulation model of access network". The aim of the thesis was to create a part of the access network in which were tested simulations for TCP and UDP traffic. The theoretical part of the thesis deals with general information about the GNS3 program and the possibilities which this program allows. The next part of the thesis describes the Mikrotik RouterOS program, which was used in the topology. The next section describes the types of routing in IP networks, as well as the types of packet delivery. The practical part deals with the creation of test topologies and verification of the performance of the simulation tool. Furthermore, the practical part deals with the programming of a network generator for TCP and UDP traffic in the network. The generator was created by using a Bash script and a combination of the dd and nc commands. At the end, the thesis describes the results of simulations in terms of transmission speed, network throughput, packet size distribution and in the case of TCP also bidirectional delay – RTT.
|
|
|
Computer Identification Based on Packet Timestamps
Novotný, Jan ; Polčák, Libor (referee) ; Kaštil, Jan (advisor)
This work describes perspective identification technique called computer identification based on packet timestamps. This work also describes an algorithm to calculate skew of computer clock, on which the entire computer identification technique is based on. We will use this technique to identify a number of computers in the real computer network, the device that is running NAT and computers located behind NAT. Finally we show, how to determine the number of computers located behind NAT.
|
|
|
Proxy firewall
Kugler, Zdeněk ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
|
|
|
Installation, configuration and testing of server services DHCP, FTP, VPN, NAT and SNMP in IPv4 and IPv6 environments
Brázda, Libor ; Sysel, Petr (referee) ; Novotný, Vít (advisor)
This bachelor thesis focuses on selecting server services such as FTP, DHCP, VPN, NAT and SNMP and their implementation in operating system Windows Server 2008 R2 and linux distribution Debian. The theoretical part analyzes the problems of TCP/IP protocol including addressing in IPv4 and IPv6 environments. In next chapters, thesis contains detailed descriptions of individual services, their principles, security, etc. The last part is focused on the description of the laboratory task, their activities and contribution to student and also software used in the implementation tasks. The result of laboratory work is created job on the configuration of individual services in both operating systems. Tasks are made for students without previous knowledge of the problem, so they can successfully configure and test these tasks.
|
|
|
Dungeon Lords Board Game
Kawulok, Lukáš ; Kubát, David (referee) ; Doležel, Michal (advisor)
In this work I am describing transformation board game Dungeon lords into computer game. Computer version of the game will have the same rules as board version.Final build of the game allows network playing, saving of game and loading of the saved game. During development of the game is aviable only board version. In documentation I describe steps of developing and also rules of the game. In the end is described the way of testing and also revieling of bugs and their repair. Projet was created in C# language in MS Visual Studio 2010. To creation of GUI is used WDF technique.
|
|
|
User accounting in next generation networks
Grégr, Matěj ; Pustka,, Martin (referee) ; Satrapa,, Pavel (referee) ; Švéda, Miroslav (advisor)
Velikost sítě Internet dosáhla takového rozměru, že globálně jednoznačná adresace všech připojených zařízení již není možná při zachování současné architektury TCP/IPv4. Tímto problémem se začalo zabývat již v 90. letech a od té doby bylo představeno několik návrhů nových architektur a síťových protokolů, které mají či měly ambice omezení adresace vyřešit. V současné době, v roce 2016, je jediným globálně nasazovaným řešením problému adresace protokol IPv6. Tento protokol zvětšuje velikosti síťové adresy čímž umožňuje adresovat téměř libovolné množství zařízení, ovšem za cenu nekompatibility se současným protokolem IPv4. Rozdílně se také staví ke způsobu automatické konfigurace koncových zařízení, proměnlivé velikosti síťové hlavičky a omezení nekompatibility řeší různými přechodovými mechanismy. Tato práce diskutuje dopady, které tyto změny mají na oblast monitorování a účtování uživatelů. Zejména změny způsobu konfigurace adresy vyžadují jiný přístup než v současných monitorovacích systémech, které ukládají pouze metadata o síťové komunikace pomocí protokolu NetFlow/IPFIX. Práce je zaměřena primárně na vyřešení problému účtování uživatelů v sítích kde jsou souběžně nasazeny protokoly IPv4 i IPv6, použity tunelovací přechodové mechanismy nebo překlad adres. Část práce je za- měřena na měření globálního vývoje a nasazení protokolu IPv6 mezi koncovými poskytovateli internetového připojení, poskytovateli obsahu a páteřními operátory.
|
|
|
Identities in Tunelled Networks and during Network Address Translation
Šeptun, Michal ; Marek, Marcel (referee) ; Polčák, Libor (advisor)
This thesis introduces the design and implementation of the extension of the system for lawful interception. The system is developed as a part of the Sec6Net project at FIT BUT and provides a platform for research activities in determining identities in computer networks. Parts which has the task of monitoring changes in a user's identity will be extended, so that the system is able to determine the identity even in the tunneled and translated networks. It describes the problems encountered during implementation and their solutions. There are described mechanisms for tunneling networks, mainly virtual private networks and transition mechanisms for IPv6, IP addresses and NAT variants. In the end the tests of the individual modules are described.
|
guest ::
