Podpora výuky systémů pro ochranu zboží / Support for instruction in electronic surveillance of goods

Danišík, Milan

January 2008

The thesis deals with technologies of goods protection. It is focused on electronic technologies of goods protection, which call EAS (electronic article surveillance) in foreign literature. The goal of this thesis is support for instruction in electronic surveillance of goods. This document systematically describes principle and technical solution recent electronic technologies of goods protection. There are mentioned advantages and disadvantages too. The other chapter deals with basic operating mode and configuration parameters of loop systems, acoustic-magnetic system and radio system. On the basis of this was suggested laboratory task. This task is use for better understanding of principles electronic surveillance of goods. Some possible attacks of electronic surveillance of goods are described at the last chapter of this thesis. This attacks was also realized.

Proxy firewall / Proxy firewall

Kugler, Zdeněk

January 2009

This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.

Zefektivnění zabezpečení bezdrátových sítí / Security Protection efficiency improvement for Wireless Networks

Marušek, Michal

January 2009

Nowadays every wireless radio-communication services encompass huge type of technology used for transfer video, voice or data. Wireless communication is the most expanded branch and many companies are using this technology because of low cost and simply management. The biggest advantage is easy connection to shared wireless medium and allows users of network to move around whole covered area. The most expanded types of wireless networks are called Wireless LAN (WLAN). With rising number of WLANs is rising chance to attack shared wireless medium by hacker and many sensitive information can be stolen or modified. To avoid this chance was created the first security protocol used in WLAN called WEP. Its goal was protect data transmitted trough WLAN as strong as were protected in wired networks. Unfortunately WEP was hiding a big weakness which can be used in a crack of WLAN in a minute with the aid of special software. Example of this kid of software can be Airsnort constructed to monitor shared medium and captured every packet transferred trough this medium. Based on statistical method Airsnort can obtain hidden password in a few minutes. The second type of this software can be Aircrack-ng, which can crack hidden password without any user connected to WLAN. Aircrack-ng uses active techniques to generate network load and can obtain password more effectively and faster. The result of both cases was successful and protection of WLAN was completely cracked. Later was created new security protocol called WPA, which had to fix the cryptography weakness of previous WEP. WPA was only temporary security protocol, during standard 802.11 was developing which had to offer highest security and integrity protection of transferred data trough WLAN. For this reasons was created new version of WPA called WPA2 which satisfy requirements of standard 802.11i. Both protocols WPA/WPA2 contain weakness, which can crash security of WLAN. This crack is based on authentication PSK. Attacker during authentication is using information from four-way handshake between user of WLAN and access point. Based on this information attacker can crack password with the aid of password list attack which took approximately 30 minutes. Based on previous result is important to chose strong password contains alphanumeric string or special strings with satisfy length.

Útoky pomocí programu Cain & Abel / Network attacks by Cain & Abel

Smékal, Lukáš

January 2010

This Master’s thesis is dealt in the local area network security, cryptographic algorithms, particular attacks on computer networks a practical application these attacks in local area networks. To application particular attacks is used the Cain & Abel program. The detailed manual for this program is created from the results of these attacks. This manual contains the exhibits of usage particular program tools and the attack application exhibits. This manual considers consequences of particular attacks and summarises achieved results during work with tools too. Master thesis closely deals with one of the program tools called RSA SecureID Token Calculator. Authentication via hardware tokens is contained in this Master thesis. Thesis contains the way of authentication using RSA SecureID Token Calculator without physical owning of the hardware token. Cain & Abel program shows and interprets why cashed passwords in operation system are dangerous and it shows methods how attacker can reveal this passwords from the operation system memory. This Master thesis is focused on sniffing credentials and passwords in local area networks and it is focused on cryptographic algorithms cracking for username and passwords revealing.

Antivirová ochrana počítače z bootovacího úložiště / Antivirus protection of a computer from a boot repository

Mlejnek, Jiří

January 2012

ABSTRACT Theme of the thesis is the design method of anti-virus protection with the use of an alternative boot store. Processed is a related issue of viruses and the possibility of defenses against them. This thesis is focused on the design and selection of components solutions enabling the execution of antivirus test from the undistorted by the operating system. With selected components continues to realize an alternative booting the operating system from a Windows platform computer network with automatic virus checking of all local disks. The results of inspection are transmitted using signed files on a network server and typically give an overview of the results of the individual tests.

Distribuovaný systém kryptoanalýzy / Distributed systems for cryptoanalysis

Vašek, Jiří

January 2012

This thesis should introduce a reader with basic objectives of parallel computing followed by distributed systems. The thesis is also aimed at description of cryptographic attacks. The main point should be to obtain theoretic information for design of distributed system for cryptoanalysis.

Statistické metody detekce anomálií datové komunikace / Statistical anomaly detection methods of data communication

Woidig, Eduard

January 2015

This thesis serves as a theoretical basis for a practical solution to the issue of the use of statistical methods for detecting anomalies in data traffic. The basic focus of anomaly detection data traffic is on the data attacks. Therefore, the main focus is the analysis of data attacks. Within the solving are data attacks sorted by protocols that attackers exploit for their own activities. Each section describes the protocol itself, its usage and behavior. For each protocol is gradually solved description of the attacks, including the methodology leading to the attack and penalties on an already compromised system or station. For the most serious attacks are outlined procedures for the detection and the potential defenses against them. These findings are summarized in the theoretical analysis, which should serve as a starting point for the practical part, which will be the analysis of real data traffic. The practical part is divided into several sections. The first of these describes the procedures for obtaining and preparing the samples to allow them to carry out further analysis. Further described herein are created scripts that are used for obtaining needed data from the recorded samples. These data are were analyzed in detail, using statistical methods such as time series and descriptive statistics. Subsequently acquired properties and monitored behavior is verified using artificial and real attacks, which is the original clean operation modified. Using a new analysis of the modified traffics compared with the original samples and an evaluation of whether it has been some kind of anomaly detected. The results and tracking are collectively summarized and evaluated in a separate chapter with a description of possible further attacks, which were not directly part of the test analysis.

Pokročilé metody pro zabezpečení multimediálních dat / Advanced Methods to Multimedia Data Protection

Mikulčík, Ondřej

January 2014

To protect the the copyright of multimedia works have been developed watermarking techniques, that insert an invisible watermark to the original data. The aim of this thesis was to explore modern watermarking techniques, choose three of them and realize them. Also test them, evaluate their properties and possibly improve them. All methods insert a watermark into luminance component of the original image, and work with binary or black and white watermark. All techniques work in the frequency domain using discrete wavelet transform. For the implementation of methods, have been developed software named "Watermarking" that has been programmed in JAVA Version 7. The first chapter describes the types of watermarks, the general process of insertion and extraction, watermarking systems and important feature requests of embedded water- marks. In addition, qualitative methods are mentioned for their comparisons and testing. The chapter also contains a theoretical description of the used transformations and functions. In the second chapter is described the user interface of the software "Water- marking". Chapters three and four contain a theoretical description of the implemented methods and description of implementation of insertion and extraction processes of the watermark. Also there are discussed the exact procedures for testing, the sample data, and the results which are clearly displayed in the tables. The fifth chapter discusses in detail the results obtained in testing the robustness of the watermark, using the software StirMark. In the conclusion are evaluated the advantages and disadvantages of methods and quality parameters.

Využití útoku "Pass the hash attack" na kompromitaci vysoce privilegovaných účtů / Using of the attack "Pass the hash attack" for the compromising of high privileged accounts.

Jakab, Vojtěch

January 2014

The master thesis deals with the attack "‘pass the hash"’ on high privileged accounts. Within the theoretical part is discussed creating hashes and its use. Next is a descrip- tion of the authentication in Windows operating system. There are also pointed out weaknesses in the design of authentication mechanisms. The last part deals with the individual attack and security options for mitigating the impacts. In the practical part are tested available tools for retrieving hashes from the files of the operating systems and tools which allow the attack itself. The output of this section is selection of the appropriate tools to demonstrate the attack in a proposed real environ- ment. The last topic is about designing the experimental environment, demostration of the attack with the possibility of getting through the network. The last steps deal with mitigating the impact of the attack.

Analýza síťových útoků pomocí nástroje Honeyd / Network Attack Analysis Using Honeyd Tool

Kohoutek, Jan

January 2010

Network attack analysis using honeyd tool. Opensource honeypots WinHoneyd and LaBrea deployment testing. Description and solving deployment problems conected with applied operating system. Capture of network attack with packet sniffer. Captured data analyzing and procesing