Paketový filtr v prostředí Linux

Abstract

This diploma thesis aims at creating a stateful packet filter using iptables, which is one of the tools used to filter network traffic and improve network security in a Linux environment. The first thesis part describes the basic characteristics of TCP/IP protocol, together with a description of the chosen distribution of the operating system and virtualization tool. It is also introduced a generational division description of the devices that filter network traffic, including the problematics of framework Netfilter and iptables tool. The second thesis part is relating to the basic settings of the default security policy using iptables, including a description of the individual parts. Further characteristic meaning of ethical hacking, choice of penetration tool and use the Cacti tool for a purpose to monitor certain parameters in the network. In this section will also carried out by the testing of created security policy, including a description of the related results. The third thesis part focuses on the simulation of three selected types of network attacks on unsecured and secured network. Recognizing their characteristics and the subsequent suppression or limitation of the attack using the proposed security rules. This part also includes a detailed analysis of the information recorded during the test. The end of the thesis summarizes achieved goals.