15 research outputs found
SSL Virtual Private Networks
Import 05/08/2014Táto diplomová práca sa zaoberá virtuálnymi privátnymi sieťami (VPN) typu
SSL(Secure Socket Layer). Vysvetľuje ich princíp, popisuje technológiu využívanú pri
tvorbe tohto typu VPN. Predstavuje vybrané návrhy a realizácie SSL VPN
s implementáciou asymetrického smerovania a zrovnáva výhody a nevýhody ich použitia.
Konfigurácie sú realizované na platformách Open source(Linux), MikroTik typu Site-to-
Site a Remote Client postavené na protokole SSTP, ktorý je zapuzdrený s SSL/TLS
vrstve. V ďalšej použitej platforme Cisco je konfigurácia prevedená pomocou grafického
rozhrania SDM 2.5(Security Device Manager), ktorý konfiguráciu zjednodušuje a značne
urýchľuje. Na platforme Cisco je realizácia prevedená v troch spôsoboch. A to typu
Clientless, Thin-Client a Tunnel mode.This thesis talks about virtual private networks (VPN) type SSL (Secure Socket Layer).
The paper explains its principle, describes the technology used for creation of such VPN
type. Also it presents chosen drafts and realization of SSL VPN featuring the
implementation of asymmetric routing together with comparison of its pros and cons. The
configurations are done on platforms like Open source (Linux), MikroTik type Site-to-
site and Remote Client which are all based on SSTP protocol that is encapsulated in
SSL/TLS layer. In the next used Cisco platform, the configuration is done by the graphic
interface SDM 2.5 (Security Device Manager), that makes the configuration more simple
and faster. On Cisco platform the realization is done in three ways. Namely the type
Clientless, Thin-Client and Tunnel mode.460 - Katedra informatikydobř
Open Source Solution of SSL Virtual Private Networks
Import 21/10/2013Bakalářská práce se zabývá bezplatným řešením SSL virtuálních privátních sítí a jejich realizaci pomocí softwaru spadající pod licenci open source. Zájemcům o výše uvedené téma nabízí informace o softwaru OpenVPN, historii, vývoji a možnostech jeho konfigurací s využitím různých metod zabezpečení přenášených dat. Součásti práce je uveden postup pro konfiguraci softwaru OpenVPN verze 2.2 se sílenými klíči a OpenVPN verze 2.2 s využitím SSL certifikátů. Uveden je také postup konfigurace mobilních zařízení fungující na operačních systémech Apple iOS 5.0 nebo vyšší a Android 4.0 nebo vyšší.The bachelors thesis deals with solution of SSL private virtual networks which is free of charge and its realization on software which goes to open source licence. The goal of this thesis is to offer an information about history, developement and possibilities of configuration OpenVPN system and possibilities of using different methods for protection of transmitted data, mainly for clients who are interested in this subject.
The second part of the thesis is a proper process of configuration of OpenVPN version 2.2 software with pre-shared keys and OpenVPN verison 2.2 with SSL certificates. There is also a manual for mobile devices working on Apple iOS 5.0 or higher and Android 4.0 or higher.440 - Katedra telekomunikační technikyvelmi dobř
Examining security in mobile communication networks
Due to advanced technological developments, mobile phone and other wireless device
usage is increasing rapidly. The contents of the multimedia messages may be very important and
confidential. Such confidentiality needs to be protected. Any interference and/or interceptions in
the communication process would bring reduced system usage and disgruntled stakeholders. This
paper discusses the several aspects of security of The Global System for Mobile communication or
Group Special Mobile (GSM). In addition it examines how GSM protects the data from
interception by authentication, encryption, and ciphering. It furthermore considers some likely
flaws in these security methods and suggests possible measures to curb the flaws
Investigating Issues in Mobile Network (In)Security
The provision of adaptive content to mobile wireless devices has increasingly become very pertinent. Mobile smart
phones and other wireless device usage is increasing daily with ground breaking technological developments – in
design, style, content and micro-chips performance. Transmission of data in such environments requires absolute
security to protect the individual and content. Any interference and interceptions in the communication process would
bring about reduce system usage and development benefits. And with the rapid development in global communication
networks, the threat of security and in particular that of cellular telecommunication systems is real and highly dangerous.
This paper presents Investigating Issues to evaluate the data security protection accorded by the global
telecommunication systems against interception, using encryption, authentication, and ciphering. It will also attempt to
discuss several issues of mobile wireless (in)security. In so doing, some security flaws in these approaches will be
examined and some suggestions made
An agent-based framework for secure and privacy-preserving personalized information services
Los proveedores de servicios ubicuos de próxima generación se enfrentan a una competencia cada vez mayor. En
Para atraer y satisfacer a los clientes, estos servicios deben ofrecer un valor añadido, p. por
entregando información personalizada de una manera fluida y multimodal. Personalizado
Sin embargo, los servicios generan requisitos adicionales relacionados con la privacidad y la seguridad,
que deben abordarse para que los servicios sean ampliamente aceptados. La habilidad
diseñar, implementar y desplegar servicios de información personalizados de forma segura,
La forma respetuosa con la privacidad y, al mismo tiempo, altamente eficiente se está convirtiendo en un éxito clave
factor para los proveedores de servicios. Sin embargo, las arquitecturas actuales de desarrollo de servicios
por lo general no cubren todos los aspectos relevantes del proceso de desarrollo del servicio, lo que resulta
en una sobrecarga de desarrollo innecesaria por parte del proveedor de servicios.
Presentamos un Framework de Serviceware basado en agentes que ayuda a los proveedores de servicios a
desarrollar servicios de información personalizados, mejorando así la aceptación de los usuarios y
reduciendo el tiempo de comercialización de las aplicaciones resultantes. Describimos la utilización de
diferentes módulos del marco, que ofrecen funcionalidad para contexto consciente
servicios en general, centrándose en el módulo de personalización, incluida la privacidad
tecnologías de mejora. Además, presentamos el Smart Event Assistant, un
aplicación prototípica para la planificación personalizada, fluida y ubicua de
actividades de entretenimiento, que hemos implementado en base a este Serviceware
Estructura.Providers of next-generation ubiquitous services are facing increasing competition. In
order to attract and satisfy customers, these services must offer added value e.g. by
delivering personalized information in a seamless and multi-modal way. Personalized
services, however, bring about additional requirements related to privacy and security,
which have to be addressed if the services are to become widely accepted. The ability
to design, implement and deploy personalized information services in a secure,
privacy-friendly and at the same time highly efficient way is becoming a key success
factor for service providers. Nevertheless, current service development architectures
usually fail to cover all relevant aspects of the service development process, resulting
in an unnecessary development overhead on the side of the service provider.
We introduce an agent-based Serviceware Framework assisting service providers in
developing personalized information services, thus improving user acceptance and
reducing the time-to-market of the resulting applications. We describe the utilization of
different modules of the framework, which offer functionality for context-aware
services at large, focusing on the module for personalization including privacy
enhancing technologies. In addition, we present the Smart Event Assistant, a
prototypical application for personalized, seamless and ubiquitous planning of
entertainment activities, which we have implemented based on this Serviceware
Framework
Security access to networks
Import 29/09/2010Cílem diplomové práce je teoretické shrnutí bezpečnostních mechanismů při přístupu do IT infrastruktury se zaměřením na stávající trend mobility pracovníků a jejich potřeby mít přístupná podniková data na služebních cestách i doma vzhledem k vzrůstajícímu významu tzv. práce z domu a dále se zaměřením na podnikové partnery vzhledem k zpřístupnění některých podnikových dat svým zákazníkům. V práci jsou popsány konkrétní systémy spojené se vzdáleným přístupem RAS (Remote Access Service) a také je zde věnována pozornost problematice hesel. Praktická část se zabývá konkrétní konfigurací SSL VPN na zařízení Juniper Network SA6500 a jeho ověření v praxi.Diploma work is focused mainly on theoretical describing of security mechanisms for accessing into IT infrastructure considering new trends in mobility of employees and on their need to use company datacenters remotely on business trips or from home offices. Regarding on-line business activities customers or trading partners require access to some company’s data and efficient security mechanisms are necessary to be employed.
Particular systems associated with security of RAS (Remote Access Service) and login problems are defined as well. Practical part of this work describes configuration of SSL VPN on device Juniper Network SA6500 and its testing in praxis.Prezenční454 - Katedra telekomunikační technikyvelmi dobř
Towards the Development of Network Service Cost Modeling-An ISP Perspective
Accurate network costing provides insightful information to any ISP for better network planning, profits, and decision making. Developing precise cost models for communication network services has always been a challenge for Internet Service Providers (ISP) due to the complex nature of today’s advanced shared cloud and network infrastructure. Currently, developing and maintaining such cost models require significant effort and time for the network planners in an ISP. The proposed novel methodology reduces the development cycle time significantly for the cost model, which leads to the ISP’s operational cost savings. We also experimented with K-means clustering for grouping router costs in the study, which provided similar unit cost results. To prove the operational savings, we evaluated a quantitative example considering the current practice as well as our proposed methods. We considered three network services: IPVPN service, Transport Lease service, and High-Speed Internet service for the experiments. We conducted simulations, and estimated service unit costs to validate the accuracy and effectiveness of our proposed approaches. We have compared results from proposed strategies with the existing cost mechanism and computed the performance improvement cost gap for different network sizes. This cost gap (delta) exhibited that the difference between the service cost values is significantly negligible, which proved the efficiency of our cost model
Practical Encryption Gateways to Integrate Legacy Industrial Machinery
Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks.
The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic.
The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably.
As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work.
Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways
Establishing security and privacy policies for an on-line auction
The current Enterprise Resource Planning (ERP) project is a proposal to use business-to-business electronic commerce to provide a means of developing markets for end-of-life products and their components. The objective is to develop a science and technology base for a scalable and secure hub for reverse logistics e-commerce in which users can buy and sell used or surplus products, components, and materials as well as provide a service for disposing of them responsibly. A critical part of the project is the design of security architecture, as well as security and privacy policies for the project\u27s on-line electronic marketplace. Security for the auction website should focus on three concerns: prevention, detection, and response. Prevention consists of four basic characteristics of computer security: authentication, confidentiality, integrity, and availability. We will also analyze some of the vulnerabilities and common attacks of sites on the web, and ways to defend against them. Detection involves several approaches to monitor traffic on the internal network and log the activities of users. This is important to provide forensic evidence when a site is compromised. Detection, however, is useless without some type of response, either through patching new-found security holes, contacting vendors to report security weaknesses and new viruses, or contacting local and federal agencies to assist in closing those holes or bringing violators to justice. We will look at these issues, as well as trust in auctions - allowing buyers and sellers to determine if a user if trustworthy or not - and automatic schemes for preventing a fraudulent user from exploiting that trust
Tietoturvalliset tietoliikenneyhteydet yritysympäristössä
Diplomityössä käsitellään tietoliikenneverkkojen ja yhteyksien tietoturvallisuutta yritysympäristössä. Aihealuetta tarkastellaan esimerkkiyrityksenä olevan ABB Oy:n näkökulmasta.
Tutkimuksen tavoitteena on luoda yleinen konsepti tietoturvallisten tietoliikenneyhteyksien luomiseen ABB Oy:n ja kolmansien osapuolien tietojärjestelmien välille. Konsepti kattaa liiketoimintayksiköiden merkittävimmät käyttötarpeet sekä noudattaa ABB:n yhtymänlaajuisia tietoturvavaatimuksia.
Tutkimuksessa käytettävä aineisto koostuu yhtymän tietoturvavaatimuksista, aihealueesta aiemmin tehdyistä selvityksistä ja tutkimuksista sekä yrityksessä tehtävästä tarvekartoituksesta. Tarvekartoitus toteutetaan haastattelututkimuksena ja sen tavoitteena on tunnistaa liiketoimintayksiköiden olemassa olevat käyttötarpeet.
Työn lopputuloksena laadittiin asetetut tavoitteet täyttänyt yleinen malli tietoliikenneyhteyksien muodostamiseen yhtiön ja kolmansien osapuolien välille. Luodun mallin ja siinä määriteltyjen palvelukonseptien avulla voidaan saavuttaa merkittäviä resurssisäästöjä ja parannuksia tietoliikenneverkon tietoturvaan.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format