diplomsko delo
Abstract
V diplomski nalogi smo se ukvarjali s problemom varnostnih lukenj in odkrivanjem le-teh v računalniških sistemih s pomočjo penetracijskega testiranja. Preučili smo najpogostejše varnostne luknje, pri čemer smo poseben poudarek posvetili tistim, ki se pojavljajo zaradi površnosti administratorjev računalniških sistemov. Poseben poudarek smo namenili slovarskemu napadu, ki smo ga skupaj z orodjem za pridobivanje gesel tudi implementirali v orodje za slovarski napad na spletne vmesnike. Penetracijsko testiranje smo izvedli na realnem računalniškem sistemu osnovne šole, lastno aplikacijo pa smo zaradi pravno-formalnih omejitev testirali v simuliranem okolju. Testiranje smo izvedli v skladu s priporočili najdenimi v literaturi. Med testiranjem smo odkrili množico pričakovanih varnostnih lukenj, pri čemer so nekatere predstavljale tudi znatno grožnjo brezhibnemu delovanju sistema. Na osnovi najdenih varnostnih lukenj smo izdelali priporočila za njihovo odpravo in jih predali administratorju računalniškega sistema. Preizkušanje lastnega orodja za slovarski napad pa je pokazalo, da so spletni vmesniki lahka tarča za vdor v sistem, saj je avtomatski napad enostavno izvedljiv. Vendar pa za hiter in uspešen napad potrebujemo učinkovito orodje, ki je prilagodljivo sistemu in napadalčevim zahtevam.
Keywords
penetracijsko testiranje;računalniška varnost;računalniški sistemi;varnostne luknje;slovarski napad;
Data
Language: |
Slovenian |
Year of publishing: |
2013 |
Typology: |
2.11 - Undergraduate Thesis |
Organization: |
UM FERI - Faculty of Electrical Engineering and Computer Science |
Publisher: |
[M. Puncer] |
UDC: |
004.2:004.94(043.2) |
COBISS: |
17486614
|
Views: |
1584 |
Downloads: |
188 |
Average score: |
0 (0 votes) |
Metadata: |
|
Other data
Secondary language: |
English |
Secondary title: |
PENETRATION TESTING OF COMPUTER SYSTEMS SECURITY |
Secondary abstract: |
In thesis we dealt with the issue of security vulnerabilities and how to discover them in computer systems with the aid of penetration testing. We studied most common security vulnerabilities especially those which occur due to carelessness of computer system administrators. We devoted special attention to the dictionary attack which, together with the parsing tool, we implemented into a web interface dictionary attack tool. We carried out the penetration testing on a live computer system of a local primary school, while the testing of own tool was performed in a simulated environment due to legal concerns. The testing was performed in accordance with the guidelines found in literature. During the testing we discovered a number of expected security vulnerabilities, some of which were presenting a considerable threat to the flawless operation of the systems. Based on those findings we elaborated guidelines for their resolution and presented them to the computer system administrator. The testing of own tools for dictionary attack showed that the web sign-in interface is an easy target as the automated attack is quite uncomplicated. However, for a fast and successful attack an attacker needs an efficient tool that is adaptable to the system and attacker’s requirements. |
Secondary keywords: |
penetration testing;computer security;computer systems;security vulnerability;dictionary attack; |
URN: |
URN:SI:UM: |
Type (COBISS): |
Bachelor thesis/paper |
Thesis comment: |
Univ. v Mariboru, Fak. za elektrotehniko, računalništvo in informatiko |
Pages: |
XI, 34 str. |
ID: |
8727785 |