Dynamicky zasílané WWW-stránky / Dynamic web pages

Kotlín, Jiří

January 2009

Serving dynamic web pages raises higher load of web servers and associated technologies. This can to some extent eliminate setting up reverse proxy with cache in front of the web server. The primary goal of this thesis is to implement this technique via presently most popular web server -- Apache. These Apache's proxy features were at first well tested and described, later practically applied in real LAMP software bundle enviroment (Linux, Apache, PHP, MySQL).

Caching HTTP : A comparative study of caching reverse proxies Varnish and Nginx

Logren Dély, Tobias

January 2014

With the amount of users on the web steadily increasing websites must at times endure heavy loads and risk grinding to a halt beneath the flood of visitors. One solution to this problem is by using HTTP reverse proxy caching, which acts as an intermediate between web application and user. Content from the application is stored and passed on, avoiding the need for the application produce it anew for every request. One popular application designed solely for this task is Varnish; another interesting application for the task is Nginx which is primarily designed as a web server. This thesis compares the performance of the two applications in terms of number of requests served in relation to response time, as well as system load and free memory. With both applications using their default configuration, the experiments find that Nginx performs better in the majority of tests performed. The difference is however very slightly in tests with low request rate.

Web accelerator

Web cache

Reverse proxy

Varnish

Nginx

Tsung

Computer Sciences

Datavetenskap (datalogi)

Možnosti optimalizace výkonu LAMP (linux/apache/mysql/php) / Optimization of LAMP (linux/apache/mysql/php)

Kotlář, Pavel

January 2009

This work deals with topic of LAMP software bundle performance optimalization. Step by step, it tries to discover performance problems in all four parts of LAMP (in Linux, HTTP server Apache, MySQL database and PHP language interpreter). A model web application is created for these testing purposes. When a problem is found, a change in configuration files is done or a performance improving technology is applied to the corresponding part. A set of optimalization recommendations is compiled and verified on server running real web application.

Web-based prototype for protecting controllers from existing cyber-attacks in an industrial control system / Webbaserad prototyp för att skydda styrsystem från förekommande cyberattacker i ett industriellt kontrollsystem

Sanyang, Pa

January 2020

Industrial control system or ICS is a critical part of the infrastructure in society. An example of ICS is the rail networks or energy plants like the nuclear plant. SCADA is an ICS system following a hierarchical structure. Due to the fact that a control system can be very large, monitoring remote through networks is an effective way to do so. But because of digitalization ICS or SCADA systems are vulnerable to cyber attacks that can hijack or intercept network traffic or deny legitimate user services. SCADA protocols (e.g. Modbus, DNP3) that are prone to get attacks due to not being a secure protocol make a SCADA system even more vulnerable to attacks. The paper focuses on how to best protect the network traffic between an HMI as the client and a different controller as the server from attacks. The proposed solution, the prototype, is based on the reverse proxy server setup to protect controllers from the external network traffic. Only the reverse proxy server, or gateway server, can forward a client request to the intended controller. The gateway server, a web-based solution, will be the additional security layer that encrypts the payload in the application layer using TLS version 1.2 by using HTTPS protocol, thereby protect from usual security threats. The prototype went through a penetration testing of MITM (Based on ARP-poisoning), SYN flooding, slow HTTP POST attacks. And the result indicated that the prototype was vulnerable to SYN flooding and the network traffic was intercepted by the MITM. But from the Confidentiality-Integrity-Availability (C.I.A) criteria, the prototype did uphold the integrity and confidentiality due to the TLS security and successful mitigation of certain attacks. The results and suggestions on how to improve the gateway server security were discussed, including that the testing was not comprehensive but that the result is still valuable. In conclusion, more testing in the future would most likely showcase different results, but that will only mean to better the security of the gateway server, the network that the client and gateway server runs in and the physical security of the location where the client and gateway server is located. / Industrial Control System (ICS, sve. Industriella Kontrollsystem) är en kritisk del av infrastrukturen i samhället. Ett exempel på ICS är järnvägsnät eller energianläggningar som kärnkraftverket. SCADA är ett ICS-system som följer en hierarkisk struktur. Eftersom ett kontrollsystem kan täcka stora ytor är fjärrövervakning och fjärrstyrning via nätverk ett effektivt sätt att göra det på. Men på grund av digitalisering är ICS- eller SCADA-system sårbara för cyberattacker som kan kapa nätverkstrafik eller förneka legitima användare från att nå vissa tjänster. SCADA-protokoll (t.ex. Modbus, DNP3) som är benägna att få attacker på grund av att de inte är ett säkert protokoll gör SCADA-system ännu mer sårbart för attacker. Uppsatsen fokuserar huvudsakligen på hur man bäst skyddar nätverkstrafiken mellan en HMI som klient och en annan controller som servern från attacker. Den föreslagna lösningen, prototypen, är baserad på hur en reverse proxy server är uppsatt för att skydda styrenheter från den externa nätverkstrafiken. Endast reverse proxy servern eller gateway-servern kan vidarebefordra en begäran från en klient till den avsedda styrenheten. Gateway-servern, en webbaserad lösning, kommer att vara det extra säkerhetslagret som krypterar nyttolasten (eng. payload) i applikationslagret med TLS version 1.2 med hjä lp av protokollet HTTPS, och därmed skyddar mot de mest förekommande säkerhetshot som vill se och påverka skyddad information. Prototypen genomgick en penetrationstestning av MITM (Baserat på ARP-poisoning), SYN-flooding, slow HTTP POST-attacker. Och resultatet indikerade att prototypen var sårbar för SYN-flooding och nätverkstrafiken avlyssnades genom MITM. Men baserad på kriterierna för C.I.A (sve. Konfidentialitet, Integritet och Tillgänglighet) upprätthöllprototypen integriteten och konfidentialiteten på grund av säkerhetsprotokollen TLSv1.2 och framgångsrika minskningar av vissa attacker. Resultaten och förslag på hur man kan förbättra prototypen diskuterades, inklusive att testningen inte var omfattande men att resultatet fortfarande är värdefullt. Sammanfattningsvis skulle fler tester i framtiden sannolikt visa ett helt annat resultat, men det kommer bara att innebära att förbättra säkerheten för gateway-servern, nätverket som klienten och gateway-servern kör i och den fysiska säkerheten för platsen där klienten och gateway-servern befinner sig inom.

ICS

SCADA

Modbus

Honeypot

Conpot

Cyber attacks

MITM

DoS

Flooding

Reverse proxy server

AWS

ICS

SCADA

Modbus

Honeypot

Conpot

Cyber attacks

MITM

DoS

Flooding

Reverse proxy server

AWS

Computer and Information Sciences

Data- och informationsvetenskap

Alta disponibilidade: uma abordagem com DNS e Proxy Reverso em Multi-Cloud

Pires, Luis Paulo Gon?alves

15 December 2016

Submitted by SBI Biblioteca Digital (sbi.bibliotecadigital@puc-campinas.edu.br) on 2017-02-01T13:15:39Z No. of bitstreams: 1 LUIS PAULO GONCALVES PIRES.pdf: 3166033 bytes, checksum: 043d546bf3a8212c07798369bfcc2f7f (MD5) / Made available in DSpace on 2017-02-01T13:15:39Z (GMT). No. of bitstreams: 1 LUIS PAULO GONCALVES PIRES.pdf: 3166033 bytes, checksum: 043d546bf3a8212c07798369bfcc2f7f (MD5) Previous issue date: 2016-12-15 / Pontif?cia Universidade Cat?lica de Campinas ? PUC Campinas / While there is considerable enthusiasm for the migration of on-premise data centers to cloud computing services, there is still some concern about the availability of these same services. This is due, for example, to historical incidents such as that in 2011, when a crash on Amazon's servers caused sites of several of its customers to go down for almost 36 hours. In view of this, it becomes necessary to develop strategies to guarantee the availability offered by the providers. In the present work, a solution is proposed, which implements high availability in Multi-Cloud environments, through the distribution of DNS access and the use of reverse proxy. A financial analysis was also carried out, taking into account market values in Cloud Computing services, which showed that the proposed solution may even be advantageous with respect to the traditional one. Specifically, a Multi-Cloud system, consisting of two Clouds with 99.90% availability each, provides total availability of 99.999%, and it costs 34% less than a single Cloud with 99.95% availability. The simulation results, obtained in a virtualized environment, using two Clouds, with availability of 99.49% and 99.43%, showed a system availability of 99.9971%. In this way, using Multi-Cloud systems it is possible to obtain high availability systems, from lower availability Clouds, according to user?s needs, besides saving with provider services costs. / A despeito de haver consider?vel entusiasmo quanto ? migra??o de data-centers on-primese para servi?os de Cloud Computing, ainda existe certo receio no que se refere ? disponibilidade destes mesmos servi?os. Isso se deve, por exemplo, a incidentes hist?ricos como o ocorrido em 2011, quando uma falha nos servidores da Amazon fez com que sites de v?rios de seus clientes ficassem fora do ar por quase 36 horas. Em vista disso, torna-se necess?rio desenvolver estrat?gias para garantir a disponibilidade oferecida pelos provedores. No presente trabalho, descreve-se uma solu??o que implementa alta disponibilidade em ambientes Multi-Cloud, mediante a distribui??o de acesso por DNS e a utiliza??o de proxy reverso. Realizou-se tamb?m uma an?lise financeira, levando-se em conta valores de mercado em servi?os de Cloud Computing, o que mostrou que a solu??o proposta pode ser mesmo vantajosa com a rela??o ? solu??o tradicional. Especificamente, um sistema Multi-Cloud, composto por duas Clouds com disponibilidade de 99,90%, que prov? disponibilidade total de 99,999%, custa 34% menos do que uma ?nica Cloud com disponibilidade de 99,95%. Os resultados de simula??o, obtidos em ambiente virtualizado, utilizando-se duas Clouds, com disponibilidades de 99,49% e 99,43%, alcan?aram disponibilidade 99,9971%. Desta forma, utilizando-se sistemas Multi-Cloud ? poss?vel se obter sistemas de alta disponibilidade, de acordo necessidade do usu?rio, a partir de Clouds de mais baixa disponibilidade, al?m de ser poss?vel economizar com os custos dos servi?os do provedor.

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA

Dostupná řešení pro clustrování serverů / Available Solutions for Server Clustering

Bílek, Václav

January 2008

The goal of this master thesis is to analyze Open Source resources for loadbalancing and high availability, with aim on areas of its typical usage. These areas are particularly solutions of network infrastructure (routers, loadbalancers), generally network and internet services and parallel filesystems. Next part of this thesis is analysis of design, implementation and plans of subsequent advancement of an fast growing Internet project. The effect of this growth is necessity of solving scalability on all levels. The last part is performance analysis of individual loadbalancing methods in the Linux Virtual Server project.