Computer networks are used in much wider extent than 20 years ago. People use the computer mainly for communication, entertainment and data storage. Information is often stored only in electronic devices and that is why the security of the data is so important. The objective of my thesis is to describe network security problems and their solutions. First chapter deals with the network security, security checks and attacks. It describes procedures used in practise. First part deals with traffic scanning and filtering at various layers of the TCP/IP model. Second part presents the types of proxy and its pros and cons. Network Address Translation (NAT) is a favourite technique of managing IP addresses of inside and outside network which helps to improve the security and lower the costs paid for IP addresses. NAT description, IPSec, VPN and basic attacks are described in this section. The second chapter of the thesis presents set of Perl scripts for network security checking. The purpose of the project is not to check the whole network security. It is designed for contemporary needs of IBM Global Services Delivery Centrum Brno. The first script checks running applications on target object. The aim is to detect services that are not necessary to run or that are not updated. The second one checks the security of the Cisco device configuration. There is a list of rules that has to be kept. The third script inspects the Nokia firewall configuration which is on the border of IBM network. If some of the rule is broken, it shows the command that has to be proceeded at the particular device. The output of the first and the second script is an HTML file. The third script uses the command line for the final report. The last part of this chapter gives advice to configure Cisco devices. It is a list of security recommendations that can be used by configuring e.g. routers. The appendix presents two laboratory exercises. The aim is to give students an opportunity to learn something about programs and technologies which are used in practise by IT experts to check the weaknesses of their networks.
Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:217444 |
Date | January 2008 |
Creators | Maloušek, Zdeněk |
Contributors | Polívka, Michal, Novotný, Vít |
Publisher | Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií |
Source Sets | Czech ETDs |
Language | Czech |
Detected Language | English |
Type | info:eu-repo/semantics/masterThesis |
Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0014 seconds