1 |
Campus Network Design and Man-In-The-Middle AttackNazari, Mahmood, Zhou, Kun January 2014 (has links)
Security is at the front line of most networks, and most companies apply an exclusive security policy enclosing many of the Open Systems Interconnection (OSI) layers, from application layer all the way down to Internet Protocol (IP) security. On the other hand, an area that is often not protected with high level of security is the second layer of OSI model and this can compromise the entire network to a diversity of attacks.This report presents an experimental performance analysis within the real environment. It focuses on understanding and preventing the Man-In-The-Middle (MITM) also known as Address Resolution Protocol (ARP) Poisoning on the Cisco Catalyst 3560 series switches with Cisco IOS Software. The Linux Command Line (CLI) tools and Ettercap tool were used to launch the Layer 2 attacks that you might come up against. Mitigation methods to stop this attack are evaluated and concluded. Finally we will answer if Secure Socket Layer (SSL) is enough to protect the users’ data against MITM in the network.A HP laptop and two DELL PCs were utilized for these tests and acted as the attacker, the Server and the victim. Victim PC runs Windows 7, attacker’s Laptop and server run Linux.Finally, three different case studies were analyzed and compared with each other and different solutions that might help to solve or detect the issue of MITM attack are concluded.
|
2 |
Analýza a demonstrace vybraných IPv6 útoků / An Analysis of Selected IPv6 Network AttacksPivarník, Jozef January 2013 (has links)
This master's thesis analyses and demonstrates selected IPv6 attacks including two Man-in-the-Middle attacks and one Denial of Service attack - Rogue Router Advertisement, Neighbor Cache Poisoning and Duplicate Address Detection DoS, respectively. In the first part the author presents necessary information related to the issue and provides detailed information on how to realize these attacks in practice using publicly available tools. The second part of the thesis presents various ways of mitigating presented attacks, analyses implementations of some of those countermeasures on Cisco and H3C devices and discussess their applicability.
|
3 |
The State of Man-in-the-Middle TLS Proxies: Prevalence and User AttitudesONeill, Mark Thomas 01 October 2016 (has links)
We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness. We also report the results of a survey of 1,976 individuals regarding their opinions of TLS proxies. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.
|
4 |
Den personliga integriteten och säkerheten i Internet of SportsRöstin, Simon, Persson, Patrik January 2017 (has links)
Intresset för den personliga hälsan ökar inom samtliga sociala grupper. Människor vill få utökad kontroll över hur sin hälsosituation och de tar till allt fler hjälpmedel för att kunna få bättre svar. Med det digitala samhället nära till hands dyker det upp allt fler tjänster och produkter som agerar hjälpmedel för att produktens användare ska kunna få en större och bättre kontroll över sin hälsa. Produkter och tjänster som gör detta ingår i området Internet of Sports. I samband med att fler användare ansluter sig till dessa tjänster och produkter ökar därmed också datamängden de samlar in. Skyddas denna data i överföringen mellan användaren och företagen och skyddar de som samlar in datan användarens personliga integritet? Uppsatsens syfte är att undersöka detta genom att granska utvalda företag som verkar inom Internet of Sports och se om det går att komma över användarnas personliga data genom man in the middle-attacker. / The interest for personal health is growing in all demographic groups. People want better control regarding their personal health and they are using more aids to get better answers. With the digital society close to hand new products and services are appearing to aid users to get a better knowledge and control of their personal health. The products and services that aim to do this are categorized as Internet of Sports. As more users are signing up for and using these products and services the gathering of data is growing. Is the data that these companies gather safely transfered from the user to the companies and are the companies protecting the user’s privacy? The thesis’ purpose is to examine chosen companies within Internet of Sports and to see if it is possible to access the user’s personal data through man in the middle attacks.
|
5 |
On Vulnerabilities of Building Automation SystemsCash, Michael 01 January 2024 (has links) (PDF)
Building automation systems (BAS) have become more commonplace in personal and commercial environments in recent years. They provide many functions for comfort and ease of use, from automating room temperature and shading, to monitoring equipment data and status. Even though their convenience is beneficial, their security has become an increased concerned in recent years. This research shows an extensive study on building automation systems and identifies vulnerabilities in some of the most common building communication protocols, BACnet and KNX. First, we explore the BACnet protocol, exploring its Standard BACnet objects and properties. An automation tool is designed and implemented to identify BACnet devices using their IP addresses and enumerate both standard and vendor-defined BACnet objects as well as their standard properties. This tool is applied to a testbed real-world BAS system on a university campus and successfully validates the tool's effectiveness. We present a false data injection attack on a KNX system using a man-in-the-middle (MITM) attack. A BAS is modeled to analyze the impact of false data injections to a system in terms of energy cost. A machine learning (ML) based detection strategy is designed to detect the false data injection attack using a novel feature based on the Jensen Shannon Divergence (JSD), measuring the similarity of the KNX telegram's interarrival time distributions with attack and with no attack. Real-world experiments are performed to validate the presented false data injection attack and the ML detection strategy. Our results show an increase in overall energy cost during a false data injection attack. Of the examined ML models, the Support Vector Machine (SVM) classifier achieved the best results with 100% detection rate using our proposed JSD similarity feature vector compared to more traditional features. Lastly, we introduce a simplified real-world BAS system, consisting of both BACnet and KNX equipment, and spanning over multiple building environments. We analyze the vulnerabilities of the BAS system at each level and component, introducing several attack scenarios which may occur and affect the system.
|
6 |
Practical authentication in large-scale internet applicationsDacosta, Italo 03 July 2012 (has links)
Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific requirements and threat model of large-scale Internet applications, we can design authentication protocols for such applications that are not only more robust but also have low impact on performance, scalability and existing infrastructure. In particular, we show that there is no inherent conflict between stronger authentication and other system goals. For this purpose, we have designed, implemented and experimentally evaluated three robust authentication protocols: Proxychain, for SIP-based VoIP authentication; One-Time Cookies (OTC), for Web session authentication; and Direct Validation of SSL/TLS Certificates (DVCert), for server-side SSL/TLS authentication. These protocols not only offer better security guarantees, but they also have low performance overheads and do not require additional infrastructure. In so doing, we provide robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications.
|
7 |
Podoby a proměny vztahu muže a ženy ve 2. polovině 19. století / Forms and changes of the relationship between man and women in the second half of the 19th centuryKřížová, Lenka January 2019 (has links)
The theme of the thesis is the partnership between men and women in the second half of the 19th century, on the example of the middle classes in the Czech society. Attention is paid to all stages of relationships before marriage as well as of the marital relationship. The thesis dwells on the development of an ideal partner, the strategy of finding and choosing one, periods of courtesy, and changes of the relationship caused by marriage and the arrival of children. Discussion on the reform of the institution of marriage in the early 20th century between representatives of the Catholic Church and their opponents is also included. One part of the thesis deals with the issue of divorce, marital separation, as well as widowhood. In addition to ego-documents the main sources for the theses were prescriptive literature, social catechisms, periodicals and specialised and academic literature of the period.
|
8 |
Bezpečné kryptografické algoritmy / Safe Cryptography AlgorithmsZbránek, Lukáš January 2008 (has links)
In this thesis there is description of cryptographic algorithms. Their properties are being compared, weak and strong points and right usage of particular algorithms. The main topics are safeness of algorithms, their bugs and improvements and difficulty of breaching. As a complement to ciphers there are also hash functions taken in consideration. There are also showed the most common methods of cryptanalysis. As a practical application of described algorithms I analyze systems for secure data transfer SSH and SSL/TLS and demonstrate an attack on SSL connection. In conclusion there is recommendation of safe algorithms for further usage and safe parameters of SSH and SSL/TLS connections.
|
9 |
Analýza a demonstrace vybraných L2 útoků / An Analysis of Selected Layer 2 Network AttacksLomnický, Marek January 2009 (has links)
This MSc Thesis focuses on principles, practical performability and security against four attacks used in contemporary local-area networks: CAM Table Overflow capable of capturing traffic in switched networks, ARP Man-in-the-Middle, whose target is to redirect or modify traffic and against two variants of VLAN Hopping attack allowing a hacker to send and capture data from VLANs he has no access to.
|
10 |
Data Encryption on a NetworkLuque González, Jorge, Arenchaga Fernandez, Ignacio January 2010 (has links)
In this project you can find a study about different encryption algorithms, which are use to safeguard the information on messages over the network. We have developed a client-server application which will send information through the network which has to be secured. There are two kinds of encryption algorithms, the symmetric and the asymmetric key algorithms. Both were used to establish the communication, the asymmetric algorithm (RSA) is used to set up a symmetric key and then, all the communication process is done only with the symmetric algorithm (Blowfish). / En este proyecto encontraras un estudio sobre diferentes algoritmos de encriptación, que son usados para salvaguardar la información en mensajes por la red. Además hemos desarrollado una aplicación cliente-servidor que enviara información a través de la red de forma segura. Hay dos tipos de algoritmos de encriptación, los simétricos y los asimétricos. Ambos tipos de algoritmos son utilizados para establecer la comunicación, el asimétrico (RSA) es utilizado para establecer la clave del simétrico y a partir de entonces se utilizara exclusivamente el algoritmo simétrico (Blowfish).
|
Page generated in 0.0233 seconds