|
|
Secure, reliable and adaptive network based on Cisco devices
Lefler, Přemysl ; Komosný, Dan (referee) ; Kubánková, Anna (advisor)
This bachelor thesis deals with design of secure, reliable and adaptive network using Cisco network devices. Thesis includes design of a network with description of each individual technology, that were used in the design to meet requirements for safety, reliability and adaptivity. The last chapter describes frequently occuring network attacks along with a description of their execution followed by implementation of defense against them.
|
|
|
Network Attack Simulator
Filičko, Dávid ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The thesis discusses about study of networks attacks and framework monitoring packets in the network. It proceeds especially network attacks, which can be detected without knowledge about the contents of packets. The aim of this thesis is to develop the simulator based on detected features, which will simulate these attacks. The output from the simulator will be created in the Nemea framework to improve the quality of tools of detection and prevention of given attacks. The simulator will be functioning for testing purpose only. Under no circumstances it will be possible to realize individual attacks.
|
|
|
Network Attack Generator
Buček, Hynek ; Košař, Vlastimil (referee) ; Bartoš, Václav (advisor)
This thesis is focused on the study of the best-known network attacks, especially on those that can be theoretically detected without knowledge of the contents of transmitted messages. The goal is to use the basis of acquired knowledge to create a tool that will simulate the behavior of the communication in different network attacks. Simulation outputs will be used for testing the quality of security tools designed to defend against network attacks. The simulator will be used only for offline testing, it will not be possible to carry out real attacks. Purpose of this work is to improve the security against network attacks nowadays.
|
|
|
Secure Network Based on Virtual Next-Generation Firewall
Varmus, Pavol ; Burda, Karel (referee) ; Malina, Lukáš (advisor)
The bachelors thesis aims to study the issue of security of the networks that use firewalls. The next goal is to evaluate the characteristics of a different types of firewalls and to summarize its results. The other object is to design a small or medium sized network with description of best practice. The main objective of the thesis is to design a lecture task for students to test with a step-by-step solution. This task is for students to undertand the importance of firewalls as a network protection service tools and to try out different types of filters for maintainin network security. The task ends with a practical stress test made by a network attack in order to see its resistance to the attack.
|
|
|
Generating of flood attacks
Hudec, David ; Hajný, Jan (referee) ; Smékal, David (advisor)
The assessment comprises of two parts, describing theory and generating of flood attacks respectively. The first part covers flood attacks' analysis, deals with their available techniques and practices, known in the area, and a computer simulation program, revealing the behavior of a contested network as well as the attacker's procedure. In the following part, data generating solutions itself are described. These are represented by two hardware programs, adapted from existing solutions, and one C# application, created by the author. The comparison of these two approaches is included, as well as are the generation results and mitigation proposal.
|
|
|
Proxy firewall
Kugler, Zdeněk ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
|
|
|
Analysis of the wireless network security
Bencel, Jozef ; Koutný, Martin (referee) ; Jeřábek, Jan (advisor)
This master's thesis deals with security of wireless network standard 802.11. There are described security mechanisms as hide SSID, MAC address filtering, WEP, WPA, WPA2 protocols. There are described also the most often kinds of attacks (Denial of Service, disclosure WEP key, Man-in-the-Middle). The work contains investigation of used security mechanisms in wireless networks in parts of Brno. There were used NetStumbler and inSSIDer applications for this measurement. The last part of work contains measurement of security mechanisms (WEP, WPA, WPA2) effect to transfer rate from the point of view of the end user. The measurement was realized with Iperf application.
|
|
|
Safety risks of current routers
Bubelíny, Peter ; Vymazal, Michal (referee) ; Vychodil, Petr (advisor)
The thesis aims to study and document the problem router security. It present the characteristic information about a router, functions, types and locations in a computer network. Because router is integrated part of network, next are described the most commonly types of attacks and generally available security technologies. The thesis also offers insight into the router as a safety device in the role of the throat network, part of the deeper security infrastructure or access point in wireless networks. Next are described the selected security technologies against some of already mentioned attacks and also are offered opportunities to improve safety router. The next are demonstrated DoS and brute-force attacks on router in ethernet network and attacks based on sniffing packets on router in wireless network. Finally, the results are presented.
|
|
|
Annotation of NetFlow Data from Perspective of Network Security
Kadletz, Lukáš ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This thesis describes design and implementation of application for offline NetFlow data annotation from perspective of network security. In this thesis is explained the NetFlow architecture in detail along with methods for security incidents detection in the captured data. The application design is based on analysis of manual annotation and supported by several UML diagrams. The Nemea system is used for detecting security events and Warden system as a source of information about reported security incidents on the network. The application uses technologies such as PHP 5, Nette framework, jQuery library and Bootstrap framework. The CESNET association provided NetFlow data for testing the application. The result of this thesis could be used for analysis and annotation of NetFlow data. Resulting data set could be used to verify proper functionality of detection tools.
|
|
|
Network attacks of Linux operating system
Valčák, Richard ; Janovič, Filip (referee) ; Pelka, Tomáš (advisor)
Main objective of this bachelor thesis is to inform with the most famous security attacks, describe their characteristics, evaluate risk degree and suggest security against of these attacks. The bachelor work presents theoretical and practical part focused on security attacks of Linux operational system. First chapters describe operational system security shell theory. Followed by the most frequent attacks like Buffer overflow, ARP Cache poisoning, SYN flood , Denial of Service, DHCP, which are described theoretically, demonstrated by these examples and possible security assignment against this attacks registered. Basic theoretical system Linux knowledge is necessary for the practical part of the bachelor thesis.
|
guest ::
