|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
|
|
Testing the vulnerabilities of network elements and applications
Vlha, Matej ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
The aim of a bachelor´s thesis is familiarization with the testing methods vulnerability terminals and servers. In This work are described the most dangerous vulnerabilities in present, testing and comparing the tools and applications that allow such testing. Another part of bachelor´s thesis is to design a procedure and protocol testing vulnerabilities. The proposed method is veriĄed by testing the practical implementation of the selected devices and output is drawned demonstration protocol of testing. Results of testing focus on the visualization of results and possible countermeasures.
|
|
|
Web application for data transfer using TLS protocol
Dzadíková, Slavomíra ; Slavíček, Karel (referee) ; Smékal, David (advisor)
The work deals with web application development, implementation possibilities of web application, secure communication between server part and client part. Protocol HTTPS (Hyper Text Transfer Protocol) and TLS (Transport Layer Protocol) are described in more detail way, also the issue of PKI (Public Key Infrastructure). The work also covers authentication and authorization methods which are used in web applications, and the most common attacks according OWASP TOP 10. Technologies, programming languages and environments, which have been used: Python, Flask, Bootstrap, OpenSSL, Nginx, Nessus, JMeter, Lighthouse.
|
|
|
Analýza dat z automatických bezpečnostních scannerů
VODSTRČIL, Pavel
This bachelor thesis deals with the examination and processing of reports from automatic vulnerability scanners. In the beginning of the theoretical part there is a brief introduction to scanning. Further are analyzed individual outputs from scanners (reports), description of items. The next part is followed by familiarization with Common Vulnerability Scoring System, which is used in the practical part for evaluation. At the end of the first part are listed some functions of the created application. The beginning of the practical part is devoted to database design and selected framework for creation. The following is an introduction to the functions of the application and the possibility of displaying the results.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Web application for data transfer using TLS protocol
Dzadíková, Slavomíra ; Slavíček, Karel (referee) ; Smékal, David (advisor)
The work deals with web application development, implementation possibilities of web application, secure communication between server part and client part. Protocol HTTPS (Hyper Text Transfer Protocol) and TLS (Transport Layer Protocol) are described in more detail way, also the issue of PKI (Public Key Infrastructure). The work also covers authentication and authorization methods which are used in web applications, and the most common attacks according OWASP TOP 10. Technologies, programming languages and environments, which have been used: Python, Flask, Bootstrap, OpenSSL, Nginx, Nessus, JMeter, Lighthouse.
|
|
|
Testing the vulnerabilities of network elements and applications
Vlha, Matej ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
The aim of a bachelor´s thesis is familiarization with the testing methods vulnerability terminals and servers. In This work are described the most dangerous vulnerabilities in present, testing and comparing the tools and applications that allow such testing. Another part of bachelor´s thesis is to design a procedure and protocol testing vulnerabilities. The proposed method is veriĄed by testing the practical implementation of the selected devices and output is drawned demonstration protocol of testing. Results of testing focus on the visualization of results and possible countermeasures.
|
|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
|
|
Vulnerability assesment tools
Charvát, Michal ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
This bachelor thesis is focused on a specific area of information systems security, which is called vulnerability assesment. Vulnerability assesment is executed with special tools called vulnerability scanners. In the the beginning of the first part I will introdukce the area of information systems security and its breaf history, the basic terms of vulnerability assesment and related topics, such as penetration testing. In the following part few test will be executed using some of the chosen available and free tools and then analyze its results. The main criteria will be the number and criticality of the given vulnerabilities. Finally the user-friedly aspect of each tool will be evalueted, which could be a little subjective matter.
|
guest ::
