Global ETD Search

21	Evaluation of Key Management Protocols and Their Implementations / Utvärdering av Key Management Protokoll och dess implementationer Andersson, Erik, Combler, David January 2018 (has links) When constructing a network system it is important to consider the attributes which deﬁne said system and how to best build around those attributes. In this report we’ve studied Key Management Protocols as well as 802.15.4 WPAN networks and how key managment is conducted in such networks. This was done to better understand how Key Management Protocols themselves work and if, or how, they differ when used in 802.15.4 networks. In this report we studied 4 different Key Management Protocols: IKEv2,HIPv2,PANA and 802.1X as well as their various implementations. Based on the information gathered we analyzed how an implementation would work according to IEEE 802.15.9. Firstly we found was that IKEv2 offers a lot of functionality at the cost of system complexity and required a lot of memory. It also required major modiﬁcations to work in 802.15.4 networks. Secondly we found that HIPv2 offers the ability to separate the locator and identiﬁer tags of TCP/IP and is lightweight. It doesn’t use IP or TCP/UDP and as such required minor changes to work in 802.15.4 networks. Finally, PANA and 802.1X both offer client-to-network authentication using EAP and use a moderate to high amount of space. 802.1X required a moderate amount of changes to work in 802.15.4 networks. PANA on the other hand required few changes, though it should not be used as a general purpose Key Management Protocol in 802.15.4 networks. Key Management Protcol Key Management Evaluation Comparison IKEv2 HIPv2 PANA 802.1X Implementation strongSwan OpenHIP openPANA Open1X Computer Sciences Datavetenskap (datalogi)
22	Snabb och säker roaming i WLAN / Fast and Secure Roaming in WLAN Falk, Magnus January 2004 (has links) This thesis investigates how Ericsson AB should do to achieve fast and secure handover when roaming in a WLAN. It also provides a security analysis of the system that the wireless access point is part of. The reason for this is that Ericsson is selling an access point called the ABS 2200 aimed at the public hotspot market. The premise was that they wanted a standardized way of handling the roaming issue. At the outset the 802.11F standard looked like a good alternative (in fact the only standardized alternative). Towards last stages of the work though, it was discovered that the 802.11F standard is no longer supported by IEEE. Despite this fact, the conclusion is that secure and fast roaming can be attained if 802.11F is combined with the security standard 802.11i. The security analysis concludes that Denial Of Service is a major threat to WLAN hotspots. It also points out the link between the access point and authentication server is the weakest link in the system. The recommendation is that this link receives an additional layer of protection through IPsec withESP. The algorithm recommendations for ESP are AES for confidentiality and SHA-1 for integrity. This thesis can also be used as a primer on security in WLAN and contains an extensive glossary making it useful as a reference when reading 802.11 standards. Datalogi 802.11 802.11i 802.11F IAPP WPA WPA2 RADIUS EAP-SIM WLAN 802.1X Datalogi Computer Sciences Datavetenskap (datalogi)
23	Implementering av 802.1x i trådbundna datanätverk / Implementation of 802.1x in wired computer networks Forsman, Gustaf, Hult, Daniel January 2008 (has links) I dagsläget ligger oftast fokus för datasäkerhet hos de flesta företag och organisationer på att skydda gränsen mellan det egna interna datanätverket och det yttre publika. Detta kan leda till att skyddet på insidan försummas och öppna upp möjligheter för olika typer av obehörig användning. Företag X har ett stort datanätverk med behov av skydd på insidan. Detta beror på att fysisk tillgång till nätverket är svår att begränsa på grund av att det till största del är placerat i öppna miljöer. Detta examensarbete behandlar en implementation av standarden 802.1x hos detta företag. 802.1x gör det möjligt att begränsa användandet av datanätverket baserat på vilka premisser ändutrustningen verifierar sig med. Åtkomst till nätverket sätts redan på den fysiska porten i nätverket där utrustningen kopplas in. Kraven och önskemålen från företaget har varit att ta fram och genomföra test av en lösning som innehåller verifieringsmetoder för olika typer av ändutrustning. Kraven har inkluderat metoder för att verifiera ordinarie användare, besökare och övrig utrustning. Dessutom fanns krav på att lösningen inte skulle påverka nuvarande produktionssystem nämnvärt samt vara redundant för att garantera kontinuerlig tillgänglighet. För att ta fram denna lösning utfördes laborationer i en miljö som motsvarar företagets produktionsmiljö. Lösningen som togs fram bygger i månt och mycket på befintliga komponenter i företagets datasystem. En radiusserver tar emot inloggningsförfrågningar från ändutrustning och verifierar mot katalogtjänsten. För att passa in i nuvarande system har FreeRADIUS använts för detta ändamål då funktionalitet finns för samarbete gentemot företagets befintliga katalogtjänst som är Novell eDirectory. Olika sorters användare och ändutrustning får sedan tillgång till rätt resurser dynamiskt beroende på deras förutbestämda rättigheter. / In today’s computer networks, the companies and organisations concerns of security mostly are about protecting the border between the internal and external networks. This can lead to neglecting the inside protection which creates opportunities for unauthorized usage of the companies resources. The company that this thesis discusses have a large computer network with protection needed on the inside as physical access to the network is hard to limit due to open environments. This thesis focuses on an implementation of the 802.1x standard at the above mentioned company. 802.1x make it possible to limit usage of the computer network based on the credentials delivered from the connected devices. The devices get validated on the physical port that they connect to the network through. The company requested a solution which included methods for authentication of different kinds of users and equipment. This could be regular users, visitors and other devices. Part from that there were demands of a minimal influence on the existing environment and redundancy to guarantee highest possible availability. To reach the solution, a test setup was implemented in an environment corresponding to the company’s production system. The final solution was mainly built on components already existing at company’s site. Authentication requests made by users or devices are passed to a radius server which in turn asks the directory service for authentication validation. FreeRADIUS have been the solution of choice for this as it fits the requirements to cooperate with the company’s already existing Novell eDirectory. The end users and devices then dynamically get access to appropriate resources based on their assigned rights. 802.1x EAP EAPOL RADIUS Supplicant Authenticator Authentication Server FreeRADIUS Novell eDirectory Cisco Systems Computer Sciences Datavetenskap (datalogi)
24	Softwarová podpora výuky kryptografických protokolů / Software support of teaching of cryptography protocols Marek, Tomáš January 2009 (has links) Document contains informations about authentication, encryption, data integrity and data authenticity. Next part includes description of well know cryptography protocols, their functions and also their weaknesses. All of these acquired informations were used in concept and final software support for teaching of cryptography protocols, which is able to run on clasic web-browser. Thats why the application was designed as web PHP pages using JavaScript and AJAX, which ensures plaform and OS architecture independency. Besides the descripted and ilustrated part of application there are also interactive parts and animations. The last period contains description of education software and its functions. Source code can be found on the appended CD.
25	Bezpečnost bezdrátové sítě poskytovatele internetových služeb / Wireless Network Security of Internet Service Provider Parolek, Pavel January 2013 (has links) This thesis analyzes the wireless network security of the Internet service provider company Net-Connect s.r.o. It identifies its weak points and suggests measures that lead to the increase of the wireless network security.
26	ATM versus Gigabit Ethernet im TCP/IP-LAN. Design und Implementierung eines Hochgeschwindigkeitsnetzwerkes für TCP/IP Müller, Jean-Alexander 20 October 2017 (has links) Für die Implementierung von Hochgeschwindigkeits-LANs bieten sich gegenwärtig zwei Technologien an. Dies ist zunächst der verbindungsorientiert arbeitende Asynchronus Transfer Mode (ATM), welcher u.a. garantierte Bandbreiten ermöglicht und auch für WAN-Anwendungen einsetzbar ist. Ein Nachteil von ATM ist die Inkompatiblität zu den verbreitetsten LAN- Technologien, Ethernet und Token Ring. Für die Kopplung mit solchen LANs müssen spezielle Server herangezogen werden. Im Gegensatz dazu steht Gigabit Ethernet (GE) als Weiterentwicklung des Ethernet-Standards (IEEE 802.3). GE arbeitet verbindungslos und ist kompatibel zur Ethernet-Familie und anderen IEEE 802 konformen Technologien. Mit der Verfügbarkeit der IEEE-Standards 802.1p, 802.1x, 802.1Q und 802.1D sowie proprietären Mechanismen können mit Gigabit Ethernet LANs aufgebaut werden, die ATM-ähnliche Eigenschaften besitzen. Durch den Einsatz des TCP/IP Protokolls, welches traditionell in Netzen zur wissenschaftlichen Datenverarbeitung Verwendung findet, bleiben Eigenschaften, vor allem von ATM, verborgen. Dies betrifft insbesondere die dynamische Anforderung von Bandbreitengarantien (QoS). info:eu-repo/classification/ddc/000 ddc:000
27	Netzentwicklung im CSN Schade, Markus 10 September 2004 (has links) Das Chemnitzer StudentenNetz (CSN) verwaltet ein mittelgroßes Netzwerk in den Wohnheimen des Studentenwerkes Chemnitz-Zwickau. Mitarbeitern und Interessenten erhalten einen Überblick und Einblick in die vorhandene Netzstruktur und die Konfiguration der verwendeten Technik. Es wird auch auf mögliche Szenarien für zukünftige Entwicklungen eingegangen. info:eu-repo/classification/ddc/004 ddc:004 Cisco Netzwerk Netzwerktopologie Routing 3com 802.1q WLAN 802.1x CSN Chemnitzer StudentenNetz VLAN
28	Comparative Study of Network Access Control Technologies Qazi, Hasham Ud Din January 2007 (has links) <p>This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.</p><p>There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.</p><p>This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.</p><p>One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.</p> NAC Network Access Control Trusted Platform Module Trusted Computing Group Trusted Network Connect Network Access Protection Network Admission Control 802.1X root of trust Computer science Datavetenskap
29	Comparative Study of Network Access Control Technologies Qazi, Hasham Ud Din January 2007 (has links) This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide. There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies. This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network. One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance. NAC Network Access Control Trusted Platform Module Trusted Computing Group Trusted Network Connect Network Access Protection Network Admission Control 802.1X root of trust Computer Sciences Datavetenskap (datalogi)
30	Bezpečnost bezdrátových počítačových sítí / Security of wireless computer networks Jelínek, Martin January 2010 (has links) The master's thesis deals with the issue of Wireless Local Area Network (WLAN) from the viewpoint of the security and functional principle of security mechanisms. The transition to the issue concerning the security is accompanied by the methods of wireless data transmission operating on the level of physical layer (FHSS, DSSS, OFDM, MIMO), which is followed by the summary of individual 802.11 standards. The next part deals with the issue of shared transmission medium (CSMA/CA), influence of interference and correcting mechanisms (RTS/CTS). Within the security, the principles of the authentication along with the commonly used methods of security (WEP, WPA, WPA2) are described in detail. The first part concerning security deals with the security in the form of the WEP protocol, which is considered insufficient nowadays and points out the imperfect implementation and the consequent risks. The following part describes the security in the form of WPA which eliminates the implementation weaknesses of the previous WEP security protocol. The description of commonly used mechanisms of authentication (PSK, 802.1x), required temporary key management (PTK, GTK), data integrity (MIC) and encryption which uses TKIP protocol are also included. The last part, possible WLAN security, is aimed at the full support of 802.11i standard, which is called WPA2 (sometimes RSN). That part describes the basic encryption security element CCMP, which is based on the AES block cipher modes. The practical part of the thesis deals with the security verification of current wireless networks. In the process of verification the accessible HW means and programming tools of Open Source Software (OSS) are used. By means of verification it has been pointed out that there are possible security risks resulting from the security method which has been used. Also several recommendations how to reduce the security risks of the used method to minimum are mentioned.

Search results