diplomsko delo
Urban Suhadolnik (Author), Mojca Ciglarič (Mentor), Miha Grohar (Co-mentor)

Abstract

Na področju računalniške varnosti se iz leta v leto soočamo z novimi izzivi in tveganji. V omrežje vključujemo podedovane naprave in naprave interneta stvari, ki so pogosto varnostno ranljive. Zaradi nenehnega naraščanja števila naprav in kompleksnosti internih omrežij moramo iskati nove rešitve za zagotavljanje računalniške varnosti. Pristop programsko določljivega omrežja ponuja nove možnost. V diplomski nalogi raziščemo izzive segmentacije omrežja in oddaljenega dostopa. Pregledamo koncept programsko določljivega roba, predlagamo nadgradnjo s pomočjo tunelov WireGuard in razvijemo svojo implementacijo T-SDP. Novo implementacijo SDP smo implementirali v topologiji odjemalec-krmilnik-prehod. Kontrolna komunikacija poteka v obliki HTTP REST klicev med odjemalcem in krmilnikom ter med krmilnikom in prehodom. Podatkovna povezava poteka neposredno med odjemalci in prehodi preko protokola za tuneliranje WireGuard. Končni rezultat diplome je funkcionalna specifikacija in prototipni sistem T-SDP, ki izboljša varnost in bi lahko nadomestila omrežja VPN.

Keywords

programsko določljiv rob omrežja;SDP;programsko določljivo omrežje;SDN;požarni zid;modeliranje napadalca;Tunel;WireGuard;oddaljen dostop;VPN;varnost;IoT;kibernetska varnost;računalništvo in informatika;univerzitetni študij;diplomske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UL FRI - Faculty of Computer and Information Science
Publisher: [U. Suhadolnik]
UDC: 004.7:004.056(043.2)
COBISS: 76056067 Link will open in a new window
Views: 298
Downloads: 59
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Software defined perimeter implementation with WireGuard tunnels
Secondary abstract: In the field of computer security, we face new challenges and risks year after year. Modern networks include Legacy devices and Internet of Things devices that are often vulnerable to exploitation. Due to the ever-increasing complexity of internal networks, we need to explore new approaches to ensure network security. Software defined networks offer such new possibilities. In this thesis, we explore the challenges of network segmentation and remote access. We review the concept of software defined network, propose an improvement to SDP using WireGuard tunnels, and develop our own SDP implementation. We have made T-SDP in the client-controller-gateway topology. Control communication takes place in the form of HTTP REST calls between client and controller and between controller and gateway. Data connection takes place directly between clients and gateways via the WireGuard tunnels. The result of this thesis is a functional specification and SDP prototype T-SDP which is more secure and could replace VPNs in the future.
Secondary keywords: software defined perimeter;SDP;software defined network;firewall;tunnel;WireGuard;remote access;VPN;security;IoT;cybersecurity;computer and information science;diploma;Varnost računalniških sistemov;Računalniška omrežja;Računalništvo;Univerzitetna in visokošolska dela;
Type (COBISS): Bachelor thesis/paper
Study programme: 1000468
Embargo end date (OpenAIRE): 1970-01-01
Thesis comment: Univ. v Ljubljani, Fak. za računalništvo in informatiko
Pages: 65 str.
ID: 13331886