Neprihlásený používateľ
Cesta: Menu > Štúdium > Stránky predmetov > Bezpečnosť IT infraštruktúry

Bezpečnosť IT infraštruktúry [Security of IT Infrastructure]

Rozsah: 2h
Skúška: písomná + projekt
Prednášajúci:

Témy:

Slides in 2024:

Projekty:

Výstupom projektu bude dokument, popisujúci riešenie projektu
(vo formáte pdf). Výsledky projektov budú prezentované na záverečných prednáškach. Projekty budú na základe dokumentu a prezentácie hodnotené na škále:

Hodnotenie projektu predstavuje 50% celkového hodnotenia predmetu.

Tabuľka hodnotenia testu:

minimum známka
0 E
3 D
8 C
14 B
18 A

Tabuľka výsledného hodnotenia:

test \ projekt 0 1 2
FX FX FX E
E FX E C
D FX D B
C FX D B
B FX C A
A E C A

Na projekt sa prihláste mailom u konkrétneho prednášajúceho.

     

  1. Application Sandboxing (Stanek) - Hlaváč
    • describe, experiment, and compare various methods to application sandboxing (e.g., Windows Sandbox, Firejail + AppArmor, containers)
    • use at least three solutions and focus on this use case: running potentially untrusted application or application accessing untrusted data in an isolated environment
    • describe how they work, show them in practice, compare them with respect to the security provided and user experience
  2. Email security in .sk TLD (Stanek) - Jurčák
    • statistically evaluate SPF, DKIM, DMARC, and STARTTLS (for SMTP) in .sk TLD (% of domains, types of policies, key lengths etc.)
    • list of .sk domains is available here: https://sk-nic.sk/subory/domains.txt
    • describe how are these technologies work, and what security problems they try to solve
    • compare results with available statistics
  3. Greenbone Community Edition (Stanek) - Revúcky
    • install Greenbone OpenVAS vulnerability scanner
    • prepare at least two different VM (Linux and Windows, both with some software packages installed) containing known vulnerabilities
    • configure and run unauthenticated and authenticated scans and evaluate findings (true positives, false positives, missing detections etc.)
    • summarize your experience (pros and cons) with scanning, feed updates etc.
  4. Web Application Firewalls (Ostertág) - Husárová
    • overview of actual WAFs (free, open-source, commercial, with AI, ...)
    • install, explore and compare their capabilities
      • try at least ModSecurity, Naxsi, Signal Sciences Next-Gen WAF
    • does any information leaves to provider of the service
    • compare their phylosophy like:
      • deny everything by default
      • how rules are updated
      • learning modes
    • test some known attacks against web application protected by selected WAF
    • your opinion
  5. WireGuard vs. OpenVPN (Janáček) - Novota
    • Setup OpenVPN (the open-source edition) and WireGuard on several platforms (at lease on Linux, Windows, Android)
    • Compare them in terms of ease of setup, ease of use, scalability, security and suitability for the following scenarios:
      • a VPN server with multiple clients (consider also large number of clients)
      • a site to site VPN
  6. Check Interoperability of IPsec Implementations in Different OS's (Janáček) - Koseček
    • Configure IPsec in different operating systems (Windows, Linux, ...) and explore interoperability issues of various configurations.
  7. UEFI and Secure Boot (Stanek) - Vita
    • what is it, how it works
    • what threats it tries to address, and what is outside the scope of the secure boot
    • real live example (configuration, "attack" detection)
    • personal opinion
  8. Suricata (Stanek) - Martínez
    • what is it, how it works
    • install, explore and demonstrate its capabilities
    • choose at least 3 different attack types and show how they are detected
    • construct 1 custom rule and show it works as intended
    • personal opinion
  9. Full disk encryption in Linux (Stanek) - Gavlák
    • what options are available for full disk encryption (FDE)
    • what threats does FDE address
    • choose a major Linux distribution and configure FDE with TPM
    • compare disk operation performance with and without FDE
    • your opinion on user experience
  10. Physical Access Control Systems security (Ostertág) - Pasichnyk
  11. IoT device security (Janáček) - Kabátová
    • perform active reconnaisance on a set of IoT devices:
      • network scans, identify running services
      • capture and analyze network traffic during normal operation and initial configuration
    • search for vulnerabilities and attack vectors
    • assess adherence to best practices
  12. BadUSB attacks (Janáček) - Grochal
    • Explain how such attacks work
    • Demo an attack on a major operating system (Windows / Linux)
      • execute a malicious application
      • explore reverse host to BadUSB communication
    • Opinion on the difficulty of attack execution and possible countermeasures.
  13. File Integrity Monitoring (FIM) (Stanek) - Priner
    • What is it, what security problems and threats does FIM address.
    • Explain how it works in AIDE and Wazuh.
    • Install and configure both solutions, show they work as intended, and that they detect modification of files.
    • Compare AIDE and Wazuh FIM (ease of use, administration, detection speed, scalability, etc.).
  14. Authenticity of applications (Stanek) - Jóža
    • describe and compare how the authenticity of applications is ensured in Windows and iOS
    • installation vs. running binary applications
    • digital signatures - when required, default policies, risks, trust, key distribution
    • configuration options, installation and usage of custom SW
    • showcase these security controls
    • your opinion
  15. ... Ďalšie projekty je možné navrhnúť a konzultovať s niektorým prednášajúcim. Po schválení je možné projekt realizovať.
Kontakt Hlavná stránka © 2012