Your search keyword '"Bernik, Igor"' showing total 51 results

1. Ensuring the security of information by understanding user behaviour on a mobile device

Author

Bernik, Igor and Markelj, Blaž

Subjects

grožnje, varnost, mobilne naprave, študenti, udc:004.056:621.395.721.5

Abstract

Namen prispevka: Uporabniki različnih demografskih skupin vsakodnevno uporabljajo mobilne naprave v osebne in poslovne namene. Pri uporabi mobilnih naprav s pomočjo nameščene programske opreme in pri dostopanju do omrežij zanemarjajo varovanje informacij in večinoma ne delujejo v skladu s principi informacijske varnosti. Ob nevestni rabi mobilnih naprav je tveganje veliko. Ker so študenti velika skupina uporabnikov mobilnih naprav, ki vstopa v poslovni svet, smo izvedli raziskavo, kako le-ti uporabljajo mobilne naprave, koliko poznajo grožnje in uporabo možnih varnostnih zaščit. S tem znanjem organizacije lahko pripravimo na trenutne in prihajajoče informacijskovarnostne izzive. Metode: Predstavljene ugotovitve temeljijo na deskriptivnih dognanjih, izhajajočih iz pregleda virov in izvedene raziskave med študentsko populacijo ter analizirane s pomočjo statističnih metod. Ugotovitve: Študenti slabo poznajo načela varne uporabe mobilnih naprav, programske opreme zanje ter groženj in varnostnih rešitev. Glavne ugotovitve raziskave, izvedene 2012, pokažejo nizko stopnjo zavedanja in poznavanja groženj, ki pretijo uporabnikom mobilnih naprav ter nizko stopnjo uporabe varnostnih rešitev. Mobilne naprave postajajo mesto, kjer se shranjujejo in obdelujejo osebni in poslovni podatki. Pri mobilnih napravah je meja med osebnimi in poslovnimi podatki popolnoma izginila. Zato je pri uporabi mobilnih naprav priporočljivo spoštovati informacijskovarnostna priporočila in s tem zagotoviti ustrezno zaščito podatkov, do katerih imamo dostop. Omejitve/uporabnost raziskave Znanstvene objave na temo, ki jo obravnavamo v prispevku, so redke. Navedb primerov širših razsežnosti zlorab iz prakse, preiskovanja kriminalitete in dejanskih sodnih obravnav pa je malo. Praktična uporabnost: Skozi izsledke ugotavljamo načine uporabe mobilne naprave, zavedanje groženj in uporabo varnostnih rešitev. Izvirnost/pomembnost prispevka: Menimo, da je delo na področju uporabe mobilnih naprav originalno in na izviren način obravnava predstavljeno problematiko. Purpose: Mobile devices are used every day by users from various demographic groups, both for personal and business purposes. Users neglect information security and generally do not operate according to the principles of information security while using the mobile devices by using the installed software and accessing networks. When using the mobile devices in unconscious manner the risk is high. Since the students are a very large group of users of mobile devices, we conducted a survey among them on how they use their mobile devices, and how much do they know of the threats and the use of possible security features. Design/Methods/Approach: The presented results are based on descriptive findings resulting from the review of resources and on the research conducted among the student population and subsequently analysed by statistical methods. Findings: Students have poor knowledge of the safe use of mobile devices, the software for them, threats and security solutions. The main findings of the survey, conducted in 2012, show low level of awareness and knowledge of threats to mobile security of smart phones and low level of utilization of security solutions. Mobile devices are becoming a place to store and process personal and business data. In the case of mobile devices the boundary between personal and business data is disappearing completely. Therefore, when using mobile devices it is advisable to observe safety information and recommendations in order to ensure adequate protection of the data to which we have access. Research Limitations / Implications: Scientific publications on the topic under discussion in this paper are rare. Allegations of abuse cases from practice, investigation of crime and the actual court case law is limited. Practical Implications: Through the results of the descriptive analysis and done research ways to use mobile devices are found, as well as the awareness of the threat and use of security solutions. Originality/Value: There is no access to comparative research, so the work on the use of mobile devices is original, since it addresses the issue presented in an original way.

Published

2020

2. Informacijska varnost ob rabi mobilnih naprav v slovenskih podjetjih

Author

Markelj, Blaž and Bernik, Igor

Subjects

grožnje, varnost, mobilne naprave, organizacije, podjetja, Slovenija, udc:004.056:[004.382.75+621.395.721.5]

Abstract

Purpose: In the business world, mobile devices represent an important tool for carrying out one‘s work. By providing the possibility to have constant access to different types of data and information, such devices are an important element in the decision-making process. The access to necessary data at any given moment in the decision-making process represents a competitive edge in the business environment. However, despite all of the advantages provided by mobile devices, their users fail to consider the issue of information security, since the access to and transfer of information via mobile devices makes them vulnerable to security risks. The media report on numerous new threats that put mobile devices at risk on a daily basis. The realisation of such threats to information security becomes more likely when users use mobile devices carelessly and simultaneously fail to use adequate security protection. It is therefore important for organisations and experts responsible for the safe use of mobile devices to introduce appropriate technical and organisational solutions and measures for the safe use of such devices. Design/Methods/Approach: Conclusions are based on descriptive findings and results of a study conducted among the staff of different Slovene organisations, who are responsible for the safe use of mobile devices by employees. Findings: Users of mobile devices in different organisations use their devices both for private as well as for business purposes, and the use of such devices gives them a competitive edge in the business world. Results of a study conducted in 34 Slovene organisations demonstrate that these organisations are currently in the initial stages of introducing both technical and organisational solutions, and measures for the provision of information security related to the use of mobile devices among their employees. According to the findings, the use of regulations and standards, which would define the safe use of mobile devices in relevant organisations, is rare. In mobile devices, the boundary between personal and business data has disappeared completely. The use of mobile devices must, therefore, follow the information security recommendations and provide adequate protection of data accessible to users. Research Limitations / Implications: The topic discussed in this paper remains a sensitive issue for different organisations, which is why conducting the study was rather challenging. The number of existing research efforts in this field is limited, and consequently, there are very few grounds that could serve as the basis for the performance of the aforementioned research. Practical Implications: Results show the manners in which mobile devices are used and protected against threats. On the basis of these results, organisations could seek ways to improve their methods for the protection of mobile devices and increase the level of protection awarded to their information systems. Originality/Value: Work conducted in the field of mobile devices is original and deals with the issues presented hereby in an innovative manner. Namen prispevka: Mobilne naprave so v poslovnem svetu pomemben delovni pripomoček. Z možnostjo neprestane povezave do podatkov tovrstne naprave predstavljajo pomemben element v procesu odločanja. Dostop do potrebnih podatkov v trenutku odločanja v poslovnem svetu pomeni konkurenčno prednost. Poleg vseh prednosti, ki jih mobilne naprave ponujajo, pa uporabnik malo razmišlja o informacijski varnosti, saj z dostopanjem in prenosom informacij z mobilnimi napravami le-te izpostavljamo varnostnim tveganjem. V medijih vsakodnevno beremo o številnih novih grožnjah, ki pretijo omenjenim napravam, kar pa ob uporabnikovi nevestni rabi in hkratni neuporabi varnostnih zaščit predstavlja verjetnost za uresničitev groženj informacijski varnosti posameznika in/ali organizacije. Zato je pomembno, da organizacije in strokovnjaki, ki so zadolženi za varno rabo mobilnih naprav, vpeljejo ustrezne tehnične in organizacijske rešitve in ukrepe za varno rabo mobilnih naprav. Metode: Ugotovitve temeljijo na deskriptivnih dognanjih in izvedenih raziskavah med strokovnjaki v slovenskih organizacijah, ki so odgovorni za varno rabo mobilnih naprav med zaposlenimi. Ugotovitve: Uporabniki mobilnih naprav v različnih organizacijah uporabljajo mobilne naprave tako v zasebne kot v poslovne namene, njihova raba pa predstavlja kokurenčno prednost v poslovnem okolju. Rezultati raziskave, izvedene v 34 slovenskih organizacijah, kažejo, da so organizacije v začetnih fazah uvajanja tako tehničnih kot organizacijskih rešitev in ukrepov za vzpostavitev informacijske varnosti ob rabi mobilnih naprav med zaposlenimi. Uporaba pravilnikov in standardov, ki bi opredeljevali varno rabo mobilnih naprav v organizacijah je redkost. Pri tem pa je meja med osebnimi in poslovnimi podatki na mobilnih napravah popolnoma izginila, zato je pri njihovi rabi nujno slediti informacijskovarnostnim priporočilom in zagotoviti ustrezno zaščito podatkov, do katerih imamo dostop. Omejitve/uporabnost raziskave Tematika, obravnavana v prispevku, je za organizacije občutljive narave, zato je bila izvedba raziskave zahtevna. Tovrstnih raziskav je malo, zato ni veliko osnov, na katere bi se oprli pri izvedbi predstavljene raziskave. Praktična uporabnost: Rezultati raziskave kažejo načine rabe mobilnih naprav in zavarovanja le-teh pred grožnjami. Na podlagi rezultatov organizacije lahko pristopijo k izboljšanju načina varovanja mobilnih naprav in dvigu zaščite informacijskih sistemov. Izvirnost/pomembnost prispevka: Predstavljeno delo na področju rabe mobilnih naprav je originalno in na izviren način obravnava predstavljeno problematiko.

Published

2020

3. Information Security Related to the Use of Mobile devices in Slovene Enterprises.

Author

Markelj, Blaž and Bernik, Igor

Subjects

INFORMATION technology security, MOBILE apps, BUSINESS enterprises, DECISION making in business, KNOWLEDGE transfer

Abstract

Copyright of Varstvoslovje: Journal of Criminal Justice & Security is the property of University of Maribor, Faculty of Criminal Justice & Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

4. Zagotavljanje varnosti informacij z razumevanjem uporabnikovega ravnanja z mobilno napravo.

Author

Bernik, Igor and Markelj, Blaž

Subjects

DATA security, MOBILE apps, SURVEYS, STUDENTS, CELL phones

Abstract

Copyright of Varstvoslovje: Journal of Criminal Justice & Security is the property of University of Maribor, Faculty of Criminal Justice & Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

5. Drone cyber security

Author

Štampfel, Andrej and Bernik, Igor

Subjects

unmanned aircraft, threats, vulnerabilities, brezpilotni letalniki, cyber security, UAV, kibernetska varnost, network connections, defense, varnost, attacks, diplomske naloge, droni, dron, udc:004.056:623.746-519(043.2), kibernetska kriminaliteta

Abstract

Poznavanje kibernetske varnosti je ključnega pomena pri varovanju informacij in informacijskih sistemov. V to skupino štejemo tudi brezpilotne letalnike, ki jih z drugo besedo imenujemo dron-i. So nosilci informacij in so vključeni v kibernetski prostor. Tehnologija in priljubljenost teh naprav predstavljata vstopno točko za potencialne napadalce. Drone delimo na vojaške in civilne. Podatki iz zgodovine kažejo, da so bili droni sprva razviti kot vojaška tehnologija in posledično so bili prvi kibernetski napadi izvedeni na vojaških dronih. Zaradi preproste uporabe in možnosti uporabe tudi na drugih področjih, zdaj število civilnih dronov krepko presega število vojaških. Trend kibernetskih napadov je tako dobil nove razsežnosti. Na vojaškem področju se odraža kot nova oblika vojskovanja, na civilnem področju pa v novih oblikah socialnega inženiringa. Tako razširjena uporaba dronov predstavlja določena tveganja. Najpogostejši napadi pri dronih so prevzem nadzora, zajemanje podatkov, sabotaža in vohunjenje. Droni lahko nosijo in obdelujejo kritične podatke o vojaških misijah ali osebne podatke, kar pa bi ob razkritju pomenilo resno grožnjo za oškodovano stranko. Ker so droni opremljeni z številnimi senzorji in so vodeni preko brezžičnih povezav, jih te naredijo ranljive in dojemljive za kibernetske napade. Kibernetski napadi niso novost. Iz zgodovine je razvidno, da so prisotni že od nekdaj. Že poznane obrambe za odvračanje kibernetskih napadov pri dronih niso dovolj. Droni predstavljajo t.i. sistem sistemov, katerega lahko uspešno zaščitimo samo s kombinacijo zaščitnih ukrepov, ki vključujejo zaščito za vse sisteme. Navsezadnje gre za specifične leteče predmete z določeno mero avtonomnosti. Pri zaščiti dronov je pomembno poudariti tudi pomen človeškega faktorja. Potrebno je osveščanje pilotov o varnostnih tveganjih in potencialnih grožnjah, ki jim grozijo. Na ta način lahko piloti aktivno sodelujejo pri zagotavljanju preventivne varnosti in tako prispevajo svoj del k sistemski obrambi. Če prepoznamo določeno grožnjo, lahko začnemo z izvajanjem protiukrepov. Knowing cyber security is crucial in protecting information and information systems. This group also includes unmanned aerial vehicles, which, in other words, are called drones. They are information carriers and are involved in cyberspace. The technology and popularity of these devices represent an entry point for potential attackers. Drones are divided in military and civil area. Historical data show that drones were initially developed as military technology and consequently the first cyber attacks were carried out on military drones. Due to the simple use and the possibility of use in other areas, the number of civil drones now exceed the number of military drones. The trend of cyber attacks has thus gained new dimensions. It is reflected in the military field as a new form of warfare and in the civilian field as a new forms of social engineering. Such a widespread use of drones represent certain risks. The most common attacks in the dron are control takeover, data capturing, sabotage and espionage. Drones can carry and process critical data on military missions or personal data, which if compromised, would pose a serious threat to the injured party. Since drones are equipped with many sensors and are guided over wireless connections, which make them vulnerable and susceptible to cyber attacks. Cyber attacks are not a novelty. From history it is evident that they have been present for quite some time. Already known defenses to detect cyber attacks in drones are not enough. Drones represent the so-called system of systems, that can be successfully protected only by a combination of protection measures that cover protection for all systems. After all, they are specific flying objects with a certain degree of autonomy. In protecting drones, it is also important to emphasize the importance of the human factor. It is necessary to raise awareness among pilots about safety risks and potential threats to them. In this way, pilots can actively participate in the provision of preventive safety and thus contribute their part to systemic defense. If we recognize a particular threat, we can begin to implement countermeasures.

Published

2018

6. Response to Cybercrime and Guidelines for Greater Security Against Threats: A comparison between the Republic of Slovenia and Republic of Croatia

Author

Purnat, Jure and Bernik, Igor

Subjects

understanding, udc:343.3/.7:004(497.4)(497.5)(043.2), kibernetski prostor, grožnje, threats, information security, Croatia, Slovenia, primerjave, magistrska dela, varnost, Hrvaška, cybercrime, Slovenija, kibernetska kriminaliteta

Abstract

Informacijsko-komunikacijska tehnologija postaja danes vse bolj dostopna in preprosta za uporabo v vsakdanjem življenju. Prav tako je informacijsko-komunikacijska tehnologija danes pomembna pri vsakdanjih opravilih, ki jih opravljamo doma in v službi. S povečanjem uporabe informacijske tehnologije so se pojavile tudi vse večje grožnje v kibernetskem prostoru. Kibernetska kriminaliteta je vedno bolj prisotna v kibernetskem prostoru, zato je potrebno, da razumemo kaj sploh je kibernetska kriminaliteta. Slovenija in Hrvaška sta sosednji državi, prav tako sta članici Evropske unije. Vendar kljub temu nas je zanimalo ali imajo prebivalci držav podobno razmišljanje in razumevanje o kibernetski kriminaliteti. V magistrski nalogi smo pojem kibernetska kriminaliteta, grožnje kibernetske kriminalitete ter zakonodajo, ki ureja kibernetsko kriminaliteto v Sloveniji in na Hrvaškem, tudi razložili. V nalogi smo obravnavali slovensko in hrvaško perspektivo poznavanja kibernetskih groženj, kibernetske kriminalitete in zakonodajo, ki ureja kibernetsko kriminaliteto z vidika razumevanja, dojemanja in strahu uporabnika. Ker se število uporabnikov interneta povečuje, se povečuje tudi število zlorab. Uporabniki se premalo zavedajo nevarnosti, ki pretijo v kibernetskem prostoru. Državi se proti kibernetskemu kriminalu borita tudi z nacionalnima strategijama za kibernetsko varnost. Pri obeh strategijah smo razložili tudi glavne cilje. S pomočjo rezultatov spletne ankete smo v nalogi predstavili vpogled v razumevanje kibernetske kriminalitete. Rezultati spletne ankete nam na podlagi statistične analize pokažejo, kako uporabniki razumejo kibernetsko kriminaliteto. Rezultate, ki smo pridobili, smo predstavili, tudi glavne smernice za boljše zavedanje o nevarnosti in vir napotkov za varnejšo rabo kibernetskega prostora. Z boljšim razumevanjem groženj in poznavanje ukrepov proti njim bo zmanjšalo tudi strah pred kibernetsko kriminaliteto. Analiza nam je pokazala, da ljudje ne razumejo najbolje problematike, ki je prisotna v kibernetskem prostoru. Zato je potrebno boljše osveščanje ljudi. S tem je treba pristopiti že v izobraževanju, da se seznanijo z grožnjami, ki pretijo na spletu. Information and communication technology is becoming ever more accessible and easy to use in everyday life. Information and communication technology today is also important in everyday activities that we do at home and at work. With the increasing use of information technology, more and more threats have emerged in cyberspace. Cybercrime is increasingly present in cyberspace, so it is necessary to understand what constitutes cybercrime. Slovenia and Croatia are a neighbouring countries, as well as members of the European Union. Nevertheless, we were interested in whether the residents have similar thinking and understanding of cybercrime. This master thesis explains cybercrime, the threat of cybercrime and the laws governing cybercrime in Slovenia and Croatia. In this thesis, we discussed the Slovenian and Croatian perspective of knowledge of cyber threats, cybercrime and laws governing cybercrime in terms of understanding, perception and fear of the user. As the number of Internet users increases, so does the number of abuses. The users are not sufficiently aware of the dangers posed in cyberspace. The countries are fighting against cybercrime with their national strategy for cybersecurity. The main objectives of both strategies are explained in this thesis. Using the results of the online survey, the insight into the understanding of cybercrime was presented. The results of an online survey on the basis of statistical analysis show how users understand cybercrime. The results that we have obtained are presented alongside with the main guidelines for better awareness of the threats and source of guidance for the safe use of cyberspace. With a better understanding of the threats and knowledge of action against them the fear of cybercrime will also be reduced. Analysis has shown us that most people do not understand the problem, which is present in cyberspace. Therefore, better awareness of people needs to be increased. It is necessary to educate them already in training to become familiar with the threats posed online.

Published

2017

7. Safety Communications System

Author

Ornig, Dejan and Bernik, Igor

Subjects

varnost, telekomunikacije, telekomunikacijski sistemi, information security, udc:621.39(043.2), diplomske naloge, TETRA, information & telecommunication system, security analyze, kriptografija, security vulnerabilities

Abstract

Živimo v času informacijske družbe, v kateri postaja vse pomembnejša tudi informacijska varnosti, še posebno ko gre za kritično, nacionalno, informacijsko-telekomunikacijsko infrastrukturo. Prav s tem namenom je nastalo diplomsko delo, v katerem se uvodoma seznanimo z informacijsko-telekomunikacijskimi sistemi, dotaknemo se sistemov za varno komunikacijo in osredotočimo na informacijsko-telekomunikacijski sistem TETRA, ki je bil zasnovan prav zaradi potrebe po varni komunikaciji vladnih in nevladnih služb. Želeli smo preveriti ali je bila uporabnikom zagotovljena takšna stopnja informacijske varnosti, kot je bila že predhodno določena z javnimi naročili o nakupu informacijsko-telekomunikacijske infrastrukture, zato smo v letu 2012 pričeli izvajati tehnično varnostno analizo, slovenskega, informacijsko-telekomunikacijskega omrežja. Ugotovimo, da je mogoče s preprosto in cenovno dostopno napravo, namenjeno sprejemanju radijskih signalov iz vakuuma, ter ustrezno programsko opremo, TETRA signal demodulirati, prometne podatke pa analizirati. Nadalje, s podrobnejšim in sistematičnim pregledom prometnih podatkov ugotovimo številne varnostne ranljivosti in z njimi seznanimo pristojne. Zaradi možnosti ogrožanja informacijske varnosti in s tem tudi ogrožanja nacionalne varnosti države, smo pristojnim predlagali, da varnostne ranljivosti, čim hitreje tudi odpravijo. Po javni objavi so varnostne ranljivosti le odpravili in s tem vsem uporabnikom omogočili ustrezno stopnjo informacijske varnosti. Sklenemo lahko, da informacijsko-telekomunikacijski sistem TETRA uporabljajo službe, ki zagotavljajo nacionalno varnost države, zato je še toliko bolj pomembno, da je za komunikacijo uporabnikov, na voljo ustrezna stopnja informacijske varnosti. Tovrstnih, neodvisnih in entuziastično naravnih, varnostnih analiz informacijskih sistemov, v slovenskem prostoru ni prav veliko, zato je diplomsko delo, s katerim želimo spodbuditi pristojne, da bi se v prihodnje bolje zavedali pomena informacijske varnosti, dobra priložnost, da se tudi na tem področju, spremeni nekaj v pozitivno smer. We live in a time of the information society, where the need for IT security is becoming increasingly important, especially when we speak about critical, national information-telecommunication infrastructure. It is for that purpose in particular that I chose to write this diploma paper. The introduction outlines the basics of information-telecommunication systems, we touch upon the topic of secure communication systems and focus on the TETRA information-telecommunication system, which was designed specifically to fulfill the need for secure communications in government and non-government organizations. We wanted to verify whether this type of IT security indeed provided the level of IT security defined in public procurement process involving the purchase of information-telecommunication infrastructure, and so in 2012 we began performing a technical security analysis of the Slovenian information and telecommunication network. We found that the TETRA signal can be demodulated using a simple and inexpensive device, whose purpose is to receive radio signals from a vacuum, and suitable software, making it possible to analyze transmitted data. Furthermore, we have identified numerous security vulnerabilities through a detailed and systematic analysis of transmitted data, and informed the competent authorities accordingly. Due to the identified possibility of compromising the security of information and due to the fact that this presented a threat to national security, we proposed to the competent authorities to address these vulnerabilities as soon as possible. After the matter was disclosed to the public, these vulnerabilities were finally fixed, allowing the suitable information safety for all users. We can conclude that the TETRA information-telecommunication system is used by national security agencies and it is therefore all the more important to ensure a suitable level of information security in communications between these users. Since few independent and enthusiast-originated security analyses of Slovenian information systems exist in Slovenia, the present paper is a good opportunity for promoting positive change in this field and to increase awareness about the importance of information security.

Published

2016

8. CREDIT CARD PAYMENT SECURITY AND ONLINE SHOPPING

Author

Cebe, Danijela and Bernik, Igor

Subjects

online trading, non-cash payment, zlorabe, spletno nakupovanje, plačilne kartice, security, online shopping, brezgotovinsko plačevanje, payment instruments, abuses, varnost, diplomske naloge, preprečevanje, informacijska varnost, udc:004.056:[336.717.13+004.738.5](043.2)

Abstract

Z razvojem interneta se je razmahnilo elektronsko poslovanje, ki med drugim zajema tudi elektronsko trgovanje in nakupovanje v spletnih trgovinah. Pri tovrstnem nakupu je mogoče izvesti plačilo z različnimi plačilnimi instrumenti, ki smo jih v nalogi tudi podrobno opredelili. Posebej smo izpostavili varnost plačevanja preko spleta ter prednosti in slabosti pri takšnem načinu plačevanja. S pomočjo anketnega vprašalnika smo izvedli raziskavo in analizirali pridobljene rezultate. Rezultate anketnega vprašalnika in teoretičnih ugotovitev smo uporabili pri preverjanju predhodno zastavljenih hipotez. Ugotovili smo, da je glede na raziskavo ciljna skupina nakupovalcev v spletnih trgovinah najvišja v starostni skupini od 41 do 50 let. Pri spletnem nakupovanju prevladuje ženski spol rezultati tudi kažejo, da je nekoliko več nakupovalcev v domačih spletnih trgovinah, kot plačilno sredstvo prevladuje brezgotovinsko plačilo, ki mu kupci v večini zaupajo. Največ zlorab je pri plačilu s plačilnimi karticami, vendar nihče od anketirancev še nima izkušenj z zlorabo, so pa z njo v glavnem vsi seznanjeni. The content of this thesis focuses on the safety of none-cash payment at online shopping. The development of the Internet has also resulted in the development of the electronic commerce, which includes e-commerce and in this thesis exposed shopping in online stores. With that kind of purchase you can pay using various payment instruments, which we are more specified on it. We are focusing on security of payment at online shopping and the advantages and disadvantages in such a mode of payment. Theoretical findings we verified in the empirical part, where we use a questionnaire and analyze the results that we acquire. The results of the questionnaire and theoretical considerations we also used for checking the previous set hypotheses, through which we determined that: according to a study target group of online shoppers is highest in the group of age from 41 to 50 years according to the results online shopping is most common at the female the results show that slightly more shoppers buy online at home shops most common isnone-cash paymentand the customers trust in this kind of payment the results show that most of them use credit cards, which is consequently the most abuse, but in the case of the respondents, no one has experienced none-cash payment abuse, but almost everyone is familiar with them.

Published

2016

9. USE AND RISK OF SOCIAL NETWORKING SITES AMONG CHILDREN

Author

Brečko, Lili and Bernik, Igor

Subjects

udc:004.738.5:004.056(043.2), online friendship, sexting, internet safety, otroci, vrstniki, security, magistrska dela, socialna omrežja, raba, supervision, varnost, access, children, internet, spletna omrežja, tveganje, social networking site

Abstract

Spletna socialna omrežja imajo vsak dan več uporabnikov, ki niso zanimivi le za starejše in mlade, temveč tudi za otroke. Dandanes ni nič nenavadnega, da otroci, stari devet do dvanajst let, že uporabljajo spletna socialna omrežja, čeprav predpisi določenih spletnih socialnih omrežij zahtevajo starost vsaj trinajst let. Priljubljenost spletnih socialnih omrežij zadnje čase presega vsa pričakovanja. Portali, kjer si uporabniki izmenjujejo informacije, mnenja, fotografije, se povezujejo, prijateljujejo, so nov komunikacijski fenomen in so del vsakdana mnogih ljudi. »Če nisi na Facebooku, ne obstajaš,« je rek, ki postaja resničnost. Magistrsko delo je razdeljeno na dva dela. V teoretičnem delu so predstavljene značilnosti spletnih socialnih omrežij ter definicija otrok, opisana so aktualna spletna socialna omrežja, kot so Facebook, Google Plus, Tweeter, in sicer glede na pogostost uporabe. Delo obsega tudi opis različnih možnosti dostopa do spletnih socialnih omrežij ter varnega načina uporabe spleta in spletnih socialnih omrežij. Opisane so tudi nevarnosti in tveganja, kot so kraja identitete, zloraba osebnih podatkov, spletno in mobilno ustrahovanje, neprimerne vsebine, sovražni govor na spletnih socialnih omrežjih, spodbujanje rasizma, spolna zloraba otrok na spletnih socialnih omrežjih, kibernetsko zalezovanje, otroška pornografija in med mladimi vedno bolj priljubljen seksting. Drugi del magistrskega dela predstavlja empirična raziskava, v kateri smo si zastavili cilj, da raziščemo rabo spletnih socialnih omrežij med otroki in nevarnosti, ki pretijo na njih. V empiričnem delu smo ugotavljali, ali in katera ter kako pogosto uporabljajo določena spletna socialna omrežja otroci, stari deset do trinajst let. Ugotavljali smo tudi, preko katerih naprav dostopajo do spletnih socialnih omrežij, katere podatke objavljajo na profilu spletnega socialnega omrežja, kakšne vrste fotografij objavljajo, kdo vse lahko vidi objavljene podatke, kako se zaščitijo pred nevarnostmi in tveganji, s kakšnim namenom uporabljajo spletna socialna omrežja, kolikšna sta okvirno število in starost njihovih spletnih prijateljev, ali so se že soočili z določenimi tveganji na spletnih socialnih omrežjih ter kako pogosto se s starši pogovarjajo o aktivnostih, vsebinah, tveganjih in ukrepih v primeru tveganja pri rabi spletnih socialnih omrežij. Za zaključek raziskave pa nas je tudi zanimalo, če se otroci, stari deset do trinajst let, že srečujejo s sekstingom. More and more people are joining social networking sites every day they are not interesting just for the (young) adults and older people, but also for children. Nowadays, it is not unusual that children aged between nine and twelve are already users of social networks, despite the fact that the regulations on certain social networks require their users to be at least thirteen years of age. Lately, the popularity of social networks has been exceeding all expectations. Websites, where users exchange information, opinions, photographs, make connections and forge new friendships have become a communication phenomenon and are a part of an everyday of many people. "If you're not on Facebook, you do not exist", is a saying that contains more than just a grain of truth. The Master's thesis is divided into two parts. The theoretical parts brings a presentation of the characteristics of social sites, definition of children, as well as the presentation of popular web sites, such as Facebook, Google Plus, Tweeter based on the frequency of use. The thesis contains various possibilities of how to access social networks and how to use web and social networks safely. Additionally, dangers and risks of using social networks are presented, such as identity theft, misuse of personal data, cyberbullying, inappropriate content, hate speech on social networks, promotion of racism, sexual abuse of children on social networks, cyberstalking, child pornography and amongst the young ever more popular sexting. The second part of the Master's thesis consists of an empirical research, the goal of which was to investigate the use of social networks amongst children and the dangers they face. In the empirical part of the thesis we established if children aged between ten to thirteen use certain social networks, which and how often. We investigated which devices they use to access social networks, what sort of data and photographs they publish, who can see their published posts, how they protect themselves from risks and threats, what is their purpose for using social networks, what are the average number and age of their online friends, have they ever faced any of the above-mentioned risks of social networks, do they discuss their online activities, contents, risks and measures that need to be carried out in case of risky use of social networks with their parents. In the end of the research, we were interested whether children aged between ten to thirteen have been encountered with sexting.

Published

2016

10. Electronic data security on Police tablets

Author

Vrezek, Franci and Bernik, Igor

Subjects

tablični računalniki, zaščita, varnost, udc:004.056+351.741(043.2), information security, diplomske naloge, policija, podatki, informacijska varnost, electronic data, protection, tablet computers, Police

Abstract

Z razvojem informacijske tehnologije so se mobilne naprave razvile do te mere, da so praktično nepogrešljive za vsakega posameznika. Večina izmed novejših mobilnih naprav z uporabo namenskih aplikacij omogoča dostop do virov informacijskega sistema podjetja, zaradi česar je mobilne naprave, ki se uporabljajo za službene namene, potrebno dodatno zavarovati pred potencialnimi grožnjami in jih obvladovati z ustreznimi varnostnimi ukrepi. Prav tako je potrebno ustrezno zavarovati elektronske podatke na napravi tako pred zunanjimi kot notranjimi grožnjami. Policija je leta 2013 pristopila k novem načinu dela. Za potrebe mobilne aplikacije ePolicist je policija pričela uporabljati tablične računalnike, kar je za policijo novost, kljub temu, da se v policiji že nekaj časa uporabljajo različne mobilne naprave, ki omogočajo oddaljen dostop do Informacijsko telekomunikacijskega sistema policije. Ker so tablice mobilne naprave, ki jih policisti uporabljajo na terenu in omogočajo povezovanje v Informacijsko telekomunikacijski sistem policije, je bilo potrebno elektronske podatke na tablicah ustrezno zaščititi, saj so izpostavljene več potencialnim grožnjam, kot naprave, ki se nahajajo v varovanih prostorih policije. V diplomskem delu smo preverili zaščito tabličnih računalnikov, ki jih uporablja Policija RS. Predvsem nas je zanimalo, če varnostni mehanizmi na tablici izpolnjujejo pogoje iz predpisov o zaščiti podatkov in informacijsko varnostni politiki policije. Opravili smo analizo varnostnih mehanizmov na tablicah z nameščenim operacijskim sistemom Windows 8.1 Enterprise, ter predlagali dodatne varnostne rešitve, ki bodo pripomogle k zagotavljanju višjega nivoja varnosti. With the development of information technology the mobile devices have developed to the extent that they are virtually indispensable for each individual. Most of newer mobile devices, with the use of designated applications, provide users to have access to company information system and it’s resources. Mobile devices that are used for business purposes require additional guard from potential threats threw mobile device management and safety applications. It's also necessary to adequately protect electronic data on the devices, both from external and internal threats. Slovenian police has started to use new kind of mobile devices in year 2013 that were needed to run new mobile application ePolicist. Police have already used many mobile devices that were able to remotely access to police information telecommunication system, but new mobile devices had to be bought for the implementation of new application. Since tablets, used by police officers allow access to Information telecommunication system of Police, it was necessary to secure electronic data on tablets, as they are more exposed to more potential threats, such as devices that are located in police facilities. In this thesis, we examined security of the tablets used by the Police. Above all, we wanted to know if the safety mechanisms on the tablets satisfy the conditions laid down in the rules of data protection and information security policy of the Police. We carried out a analysis of the safety mechanisms on the mobile devices running on systems Windows 8.1 Enterprise. We also proposed additional security solutions that will contribute to ensure a higher level of security.

Published

2016

11. The use of social engineering in social networks

Author

Jelen, Vesna and Bernik, Igor

Subjects

socialna omrežja, Social network, varnost, grožnje, threats, računalniška kriminaliteta, socialni inženiring, diplomske naloge, social engineering, internet, security, udc:343.3/.7:004(043.2)

Abstract

S spletom, do katerega ima tudi v Sloveniji dostop že praktično vsak, se nas večina danes srečuje vsakodnevno, tako poslovno kakor tudi zasebno. Med uporabniki spleta je vse več tistih, ki za komunikacijo, deljenje vsebin, navezovanje stikov, izobraževanje itd. na svojih napravah uporabljajo različna spletna socialna omrežja. Z večjim številom uporabnikov teh omrežij pa raste tudi kibernetska kriminaliteta in število tistih, ki spletna omrežja in njihove uporabnike zlorabljajo s pomočjo tehnik socialnega inženiringa. Največjo nevarnost predstavljajo predvsem uporabnikom spletnih socialnih omrežij, ki ne uporabljajo ali ne posodabljajo protivirusnih programov, ne uporabljajo požarnega zidu in ne posodabljajo spletnih brskalnikov, ter tistim, ki z ostalimi na spletu nepremišljeno delijo svoje osebne podatke in odpirajo različne povezave, ki so jim bile posredovane s strani nepoznanih oseb, in ki hkrati s spletnimi socialnimi omrežji na svoji napravi dostopajo še do spletnega bančništva, opravljajo spletne nakupe in na svojih napravah hranijo pomembne osebne, bančne in druge občutljive podatke. Uporabnike spletnih socialnih omrežij je potrebno konstantno opozarjati na nevarnosti in jih seznanjati z novimi načini zlorab ter z možnostmi zaščite pred njimi. Nevarnosti zlorab se uporabniki večinoma sicer zavedajo, vendar nepoznavanje tehnik napada in možnosti zaščite, vodi do lahkomiselnega ravnanja uporabnika na spletnih socialnih omrežjih in s tem do uspešne manipulacije s strani socialnega inženirja in zlorabe uporabnika. Vsekakor je pri uporabi spletnih socialnih omrežij priporočljiva previdnost, premišljenost in skeptičnost, tako pri deljenju svojih osebnih podatkov, fotografij, itd. kakor tudi pri prejemanju teh. S takšnim ravnanjem pa zmanjšamo tudi možnosti, da postanemo žrtev katere izmed zlorab. Practically every one of us is nowadays facing the internet on a daily basis, both for business as well as private reasons. Among internet users a number of those using different social networking websites for communication, sharing contents, to make new social connections, to educate, etc. is increasing. By increasing the number of users of social networks, the amount of cybercrime and the number of attacks with techniques of social engineering is increasing as well. The greatest danger for the most of users of social networking sites is that they do not use or do not update their antivirus programs, do not use a firewall and do not update their web browsers while sharing their personal information and opening and following different links which were sent to them by unknown persons. And the greatest danger is that on their devices they use social network pages and online banking pages, online shopping pages, and that on their devices they keep important personal, banking or other sensitive information. It is necessary that users of social networks are constantly warned about the risks that they are informed about new ways of abuses with social engineering and that they know the possibilities of protection against these frauds. Users are mostly aware of the risk of abuse, but the lack of knowledge of the techniques of attack and security options lead to reckless behavior of user which leads to a successful manipulation by social engineer and misuse by the user. By the use of social networking sites caution, prudence and scepticism is recommended, both while sharing personal data, photographs, etc., as well as in receiving them. Such behavior can reduce the chances of becoming a victim of abuse with techniques of social engineering.

Published

2016

12. Security in mobile systems Android and iOS, software for forensics and practical case with analysis of mobile forensics on both platforms

Author

Pešić, Miloš and Bernik, Igor

Subjects

udc:004.056:621.395.721.5(043.2), varnost, iOS, Mobile security, Android, diplomske naloge, programske opreme, informacijska varnost, digitalna forenzika, mobile forensics, mobilni sistemi, forenzika

Abstract

Mobilne naprave omogočajo veliko funkcij, od osnovnih, kot so telefonski klici in sporočila, do zelo naprednih, kot je brskanje po spletu ali nakupovanje preko bančne mobilne aplikacije. Vsak razvoj v tehnologiji prinese poleg prednosti tudi slabosti, zato se je treba zavedati groženj, ki pretijo mobilnim napravam. Varnostni ukrepi so predstavljeni in primerjani na platformah Android in iOS, da bi se povečali zavedanje in izobraževanje uporabnikov mobilnih pametnih naprav. Zasebni in javni preiskovalci tako v Sloveniji kot drugje po svetu imajo veliko dela s skritimi ali izgubljenimi podatki. Povrnitev slednjih je mogoče uvrstiti v področje mobilne forenzike, zato so opisani nekateri mobilni forenzični programi ter pregledan del zakonodaje o digitalni forenziki. Predstavljena so mnenja strokovnjakov s tega področja in skupne ugotovitve za nadaljnje izobraževanje, povečanje mobilne varnosti in uporabo mobilne forenzike. S pomočjo opravljene lastne raziskave je predstavljeno, kako se anketirani uporabniki zavedajo mobilne varnosti. Prikazano je, ali uporabljajo ponujene vgrajene varnostne ukrepe, ki so na voljo za obe platformi. S praktičnim primerom je z uporabo mobilne forenzike nazorno prikazano, da je izgubljene podatke mogoče povrniti, vendar je uspeh odvisen od več dejavnikov, tudi od finančnega vložka glede na količino pridobljenih podatkov. It is hard to envisage everyday tasks being achieved without the use of a mobile device, as we can do simple tasks like making a regular call or an advanced function like surfing the web and using mobile bank app online. Technology development has its benefits and pitfalls, and in this piece, we will introduce some of the mobile vulnerabilities and mobile security steps prevalent to Android or iOS platforms. These platforms are utilised on a day to day basis, harbouring users related data which are exceptionally vulnerable to attack within mobile security. Private and public research projects conducted on mobile forensics in Slovenia and across the world struggle with the consequences of hidden or lost data. We will attempt to analyse the forensic programme pipeline in order to identify the source of these data leaks and compile a comprehensive report on the matter. The results from our own survey will be analysed and will enable us to comprehend the depth to which users understand mobile security and permit us to develop guidelines for the future. By studying mobile forensic related legislation and conducting personal interviews with researchers in the field, we will accrue primary research on the significant limitations and opinions as to the greatest barriers within the field. Methods and types of mobile forensics will be introduced, which are being used for a research on Android and iOS platforms.

Published

2015

13. Bitcoin Safety and Security

Author

Berlot, Nejc and Bernik, Igor

Subjects

Bitcoin mining, digital wallet, bitcoin, plačilni sistemi, transakcije, kriminaliteta, kriptovalute, udc:004.056:336.74-021.131(043.2), varnost, criminal activity, valute, rudarjenje, diplomske naloge, preprečevanje, internet, informacijska varnost, block chain, wallet/system protection

Abstract

Spletni plačilni sistem bitcoin ponuja številne prednosti pred konvencionalnimi plačilnimi metodami. Ker pa je sistem še vedno v razvoju, se sooča z nekaterimi varnostnimi težavami, za odpravo katerih je potreben čas, predvsem pa rast uporabniške baze. Poznavanje delovanja sistema bitcoin je tako prvi pogoj za zaščito elektronske denarnice uporabnika ter premoženja, investiranega v to kriptovaluto. Vprašanje varnosti lahko razdelimo na dva problema in sicer: • varnost omrežja bitcoin, • varnost uporabnikove elektronske denarnice/sistema Snovalci sistema bitcoin so upoštevali številne, tako realne kot tudi teoretične potencialne napade na omrežje, zato protokol bitcoin vključuje nemalo varnostnih funkcij, ki ga varujejo pred tovrstnimi napadi. Druge vrste napadov ciljajo na uporabnika samega, natančneje na njegovo elektronsko denarnico. Pred tovrstnimi napadi se lahko zaščitimo z varnostno ozaveščenostjo in uporabo zaščitnih mehanizmov, predvsem pa s primerno mero skepticizma in pazljivosti, saj so se klasični tipi finančnih goljufij izkazali za prevladujoče. Sistem bitcoin je priljubljen med kriminalci v kibernetskem prostoru, saj napadalcem omogoča delno anonimnost, vse transakcije v omrežju bitcoin pa so končne, kar pomeni, da v primeru izgube sredstev teh ni mogoče povrniti. Nedavne aretacije in zaprtje številnih ilegalnih spletnih tržnic globokega spleta pa le nakazujejo izboljšanje razmer na področju odkrivanja izvora tovrstnih omrežij ter njihovih upravljavcev. Bitcoin online payment system has many advantages over conventional payment methods, but since it is still developing, it presents some safety issues the elimination of which requires time and, more importantly, a growth of the user base. Knowing how the bitcoin system works is a precondition for an efficient protection of a user’s digital wallet and of the funds invested into this cryptocurrency. The safety and security issue comprises the following two problems: • safety of the Bitcoin network • security of the user’s digital wallet/system As the designers of the Bitcoin system anticipated a multitude of real and theoretical potential threats to the network, the Bitcoin protocol contains various security features that protect it from such attacks. Other types of attack target the very user and, more specifically, their digital wallet/system. The most efficient protection against such attacks is safety awareness and use of protective mechanisms, but even more so, a proper measure of scepticism and caution, for classic types of financial fraud still appear to be the prevailing method of swindling the users. The Bitcoin system is popular among criminals in cyberspace, for it provides anonymity to the attacker, while all transaction in the Bitcoin network are final and irreversible, which means that in the case of loss of funds these cannot be retrieved. Nevertheless, recent arrests and shutting down of numerous illegal deep web markets indicate that tracking such networks and their administrators has been improving.

Published

2015

14. Kibernetsko nadlegovanje in zalezovanje otrok

Author

Janežič, Tina and Bernik, Igor

Subjects

kibernetski prostor, varnost, nadlegovanje, otroci, internet, zalezovanje, kibernetska kriminaliteta, udc:343.3/.7:004(043.2), magistrska dela

Abstract

Računalnik, mobilni telefon, internet, … besede, ki jih danes uporabljamo in slišimo skoraj na vsakem koraku. Dejstvo je, da je internet postal del našega vsakdanjika in brez njega si veliko ljudi več ne predstavlja življenja, saj nam je prinesel veliko koristi, nam omogočil neomejeni dostop do vseh informacij na vseh koncih sveta, prav tako pa je s seboj prinesel razne nevarnosti, katerim so najbolj izpostavljeni otroci. Pri uporabi spleta se namreč ne zavedajo, oziroma bolje rečeno pozabijo, na možne nevarnosti, ki so jim izpostavljeni, česar pa se dobro zavedajo storilci, ki te nevarnosti s pridom izkoriščajo. Internet je vsekakor olajšal mnogo stvari, a mu gre po drugi strani pripisati tudi nove oblike izvajanja kriminala, kot sta kibernetsko zalezovanje in nadlegovanje, ki sta za Slovenijo in za marsikatero drugo državo dokaj nov in s tem še ne dobro raziskan pojav. Veliko ljudi se namreč ne zaveda, da kibernetski prostor prinaša popolnoma enake grožnje, kot jih prinaša vsakdanje življenje, zato bomo v magistrski nalogi pisali o kibernetskem nadlegovanju in zalezovanju med otroki, odkrivanju načinov in obliki zalezovanj in nadlegovanja na spletu ter odkrivanju storilcev in otrocih kot žrtvah, prav tako pa smo preučili posledice ter delovanje državnih organov in institucij za preprečevanje in zatiranje kibernetskega nadlegovanja in zalezovanja. S pomočjo ankete je bila izvedena raziskava med 105 otroki, starimi od 9 do 14 let, s katero se je ugotavljalo stanje rabe informacijsko komunikacijske tehnologije (IKT). Vprašanja so se nanašala predvsem na rabo IKT, na morebitne zlorabe, ki so jih doživljali otroci ali jih izvajali sami v časovnem obdobju zadnjih 12 mesecev ter na njihovo odzivanje, ukrepanje in strah, ki so ga začutili ob nadlegovanju ali zalezovanju na spletu. Prav tako smo ugotavljali, kako so uporabniki spleta, v našem primeru otroci, seznanjeni z varno uporabo interneta, ali jih s tem seznanjajo starši oz. šola ter ali vedo, na katere organizacije se lahko obrnejo po pomoč v primeru zalezovanja ali nadlegovanja v kibernetskem prostoru. Na podlagi njihovih odgovorov lahko sklepamo, da se zavedajo internetnih pasti, vendar ob uporabi svetovnega spleta nanje dokaj hitro pozabijo, zato smo na podlagi ugotovitev oblikovali korake za varno rabo interneta. Computer, mobile phone, internet… The words that we nowadays hear on almost every step. The factis that the Internet has become a part of our every day life, without which many people could not imagine their life, because it offers a lot of benefits that provide us with unlimited access to all information in every end of the world.However, the Internet also presents various risks, to which children are the most exposed to, because they are not aware or in other words, they forget about the possible dangers that they are exposed to, and the perpetrators are well aware of this and they exploit this very fact. The Internet has certainly facilitated many things, but on the other side, it has also presented new forms of implementation of crime, such as cyberstalking and harassment, which are fairly new phenomena, that have not yet been well researched. Many people are not aware of the fact that they cyberspace bring exactly the same threats as everyday life. That is why we wrote a master's thesison cyberharassment and stalking among children, on finding way sand forms of stalking and harassmenton the Internet and on discovering the perpetrators and children as victims. We also studied the consequences, as well as the functioning of statebodies and institutionsto prevent and combat cyberharassment and stalking. We used the method of questionnaire survey, which was conducted among 105 children aged 9 to 14, in which we examined the state of the use of information and communication technology(ICT). The questions are mainly related to the use of ICT, to any abuse children experience do they inflicted on other sover a period of 12 months, to the irresponse and to the fear that they felt due to online harassment or stalking. We also observed how web users, in our case the childrens, are familiar with the safe use of Internet and whather their parents or school edicate them about it, and whether they know which organization to turn to for help in case of online stalking or harassment. Based on their answers we can conclude that they are aware of the traps of the Internet, however,when using the Internet they easily forget about them. That is why wepresented the steps, which are necessaryfor the safe use of the Internet.

Published

2015

15. Državni notranji revizorji in varnost informacijskih sistemov

Author

Berkopec, Janez and Bernik, Igor

Subjects

revizije, varnost, udc:004.056(043.2), revizorji, informacijski sistemi, informacijska varnost, magistrska dela

Abstract

Na področju informacijske tehnologije je edina stalnica to, da se vse stalno spreminja. Ni več organizacije, posebej pa ne v okviru državne uprave, ki ne uporablja informacijske tehnologije pri svojem poslovanju. Ker se stalno posodabljajo stari informacijski sistemi oziroma uvajajo novi, je treba posvetiti posebno pozornost delovanju notranjih kontrol na tem področju, saj le vzpostavljene in pravilno delujoče notranje kontrole na vseh področjih zagotavljajo, da so podatki pravilni in zanesljivi. Za pridobitev naziva preizkušen revizor informacijskih sistemov (v nadaljevanju: PRIS) pa je potrebno veliko predhodnega znanja in izkušenj na področju informacijskih sistemov, poleg tega je potrebno opraviti mednarodni izpit in izpit na Slovenskem inštitutu za revizijo. Državni notranji revizorji pri izobraževanju za pridobitev naziva državni notranji revizor (v nadaljevanju: DNR) ne pridobijo potrebnih znanj na področju informacijske tehnologije, ampak je izobraževanje bolj usmerjeno v nadzor notranjih kontrol na ostalih področjih poslovanja. V nalogi bodo podane glavne značilnosti pri izobraževanju za pridobitev naziva PRIS, to je katera področja je treba obvladovati pri opravljanju izpita, v nadaljevanju pa bo predstavljenih nekaj glavnih orodij za izvajanje revizij na področju informacijske tehnologije (v nadaljevanju: IT). V nadaljevanju bodo predstavljena področja izobraževanja za pridobitev DNR, iz katerih bo razvidno, da se področja IT zgolj dotakne v dveh poglavjih, sicer pa je dan večji poudarek na notranjih kontrolah ostalih področji poslovanja. S to nalogo bo prikazano, kako velike so razlike med izobraževanjem za pridobitev naziva PRIS in DNR, nato pa, da je znanje za revidiranje IS, ki ga pridobijo DNR z upoštevanjem smernic, ki jih objavlja združenje notranjih revizorjev, zadostno za izvajanje splošnih IT revizij. Za izvajanje bolj poglobljenih IT revizij oziroma za revidiranje posameznih področij znotraj informacijskih sistemov pa je to znanje premajhno, zato je priporočljivo, da se vključi v to revizijo revizorja informacijskih sistemov, v ekipo ki bo izvajala revizijo. V drugem delu bosta bolj podrobno predstavljeni dve smernici, ki bosta uporabljeni tudi kot podlaga za pripravo načrta notranje revizije na področju IT. On the field of information technology, only one thing is certain that everything is constantly changing. All organizations especially in the public sector is using information technology in day-to-day business. Old systems are constantly updating and new ones are taking in place, so working internal controls must be one of the priorities, because only properly working internal controls on all levels gives assurance that data are correct and reliable. To get a title tested information system auditor you need a lot of knowledge and experience in the field of information systems, successfully finished international exam and take additional exams at Slovenian audit institute. When employees are preparing to get a title state internal auditor, they do not get knowledge in the field of information technology, because education is focused more on how to audit internal controls in all other fields of business. In this paper will be laid out main feature of education for tested information system auditor, which fields must be understood when taking the exam an present some main tools for conducting audits of information systems. Next will be presented fields of education for state internal auditor from which will be clear that except in two topics, the field of information technology is not mentioned and the main emphasis is on all other fields of business. This paper will show how big is the difference between both mentioned educations and that the knowledge, the state internal auditor acquire by using guidelines published by institute of internal auditors, is adequate to perform general audits of information systems. For special audits of information systems or auditing special fields of information systems, that knowledge is no enough, so it is recommended to include auditor of information systems as a part of an audit team. In the second part, two guidelines will be presented more detailed and present how can be used as a template for a plan to conduct internal audit in a field of information systems.

Published

2015

16. Sodobne hekerske skupine in njihov vpliv na uporabnike interneta

Author

Gorinšek, Jernej and Bernik, Igor

Subjects

varnost, kazniva dejanja, udc:004.738.5(043.2), uporabniki, diplomske naloge, hekerji, internet, hekerske skupine

Abstract

V sodobnem svetu je internet postal nujna dobrina vsakega posameznika. Moderni človek si življenja brez njega skoraj ne predstavlja več. Tudi zato so se ljudje z enakim prepričanjem pričeli združevati v skupine in protesti iz ulic so se preselili v virtualni svet. Ugotovili so, da lahko s tem, ko svoja dejanja preselijo na splet dosežejo več. Hekerji so za dosego svojih ciljev pripravljeni storiti različna kazniva dejanja. Njihov glavni cilj je, da nase opozorijo čim večje število ljudi in izrazijo svoje nestrinjanje z dejanji oblast. Na svetovnem spletu ti akterji lažje skrivajo svojo pravo identiteto, kar je tudi eden od razlogov za prehod med fizičnimi protesti in dejanji na spletu. Hekerstvo se širi z isto hitrostjo kot uporaba informacijske tehnologije v svetu. Pomeni, da bomo v prihodnje videvali vedno več takšnih oblik protesta. V diplomski nalogi bomo opisali razvoj hekerskih skupin skozi čas. Ugotovili pomen besede hektivizem, ter predstavili sodobne hekerske skupine, ki s svojimi dejanji povzročajo škodo žrtvam in iščejo nove podpornike v sodobni družbi. Nekaj dejavnosti in odmevnejših dejanj skupin bomo podrobneje opisali. Ugotavljali bomo kakšne ukrepe in katere dejavnosti imamo v Sloveniji in Evropi proti tem skupinam.Predvsem nas bo zanimalo mnenje uporabnikov interneta do skupin, ki so v zadnjem času bile zelo aktivne in so dogovorne za odmevnejše napade tudi v slovenskem prostoru. Izvedli bomo raziskavo med uporabniki interneta, kjer nas bo med drugim zanimalo ali so sami že občutili kakšne neprijetnosti zaradi dejavnosti teh skupin. In modern world, internet has become a necessity. Without internet, we modern people don't even know how to live anymore. And this is one of the reasons, why some have started to form groups of people that have the same belief. The protests of the streets have started to find their way in the virtual world. They have found that this way, they can do more. For their goals, hackers are prepared to do different offenses. Their main goal is to get noted by internet users and to express their disagreement with the actions of the authorities. On the World Wide Web these players easier conceal their true identity, which is also one of the reasons for the transition between physical protests and acts of cyber crime. Hacking is expanding at the same rate as the use of information technology in the world. It means that in the future we will see more protests of this kind. In this thesis, we describe the development of hacker groups over time. We will find the meaning of the word hacktivism, and will present the modern hacker groups whose actions cause damage to their victims and are looking for new supporters in contemporary society. Some activities, the most acclaimed actions of these groups will be discussed. We will establish what measures and what activities we have in Slovenia and Europe, against these groups. In particular, we will be interested in what is the opinion of internet users to groups that have recently been very active, and they are responsible for the attacks even more remarkable ones in the Slovenian area. We will carry out a survey among users of the Internet, where we will be interested in whether they have experienced any inconvenience due to the activities of these groups.

Published

2015

17. Utrjevanje HTTP sej z odtisom brskalnika

Author

Urbanc, Jan and Bernik, Igor

Subjects

varnost, spletne aplikacije, udc:004.738.5(043.2), diplomske naloge, internet

Abstract

HTTP predstavlja osnovni gradnik sodobnega interneta. Je protokol, preko katerega dostopamo do vsebin, ki so sestavni del našega vsakdana. Zavedati se moramo, da je bil sam protokol zastavljen na zelo preprostih predpostavkah. Iz potrebe po identifikaciji uporabnika napram spletnim aplikacijam, je bil v HTTP vpeljan koncept stanja v obliki HTTP sej. Vpeljava stanja je edini način, da spletne aplikacije uporabniku lahko nudijo prilagojene vsebine glede na to, kdo vsebine zahteva. Od samega začetka te vpeljave se pojavljajo težave, katere imajo velikokrat za posledico varnostne ranljivosti, s katerimi lahko napadalec, z nekaj relativno preprostimi prijemi, prevzame sejo nekoga drugega. Posledično lahko tak napadalec dostopa do vsebin namenjenih nekomu drugemu. Tehnike za pridobitev odtisa brskalnika so znane nekaj let. Temeljijo na zamisli, da lahko od sodobnega brskalnika na ne-interaktiven način pridobimo zadostno količino informacij in podatkov, da ga lahko identificiramo med velikim številom drugih brskalnikov. Tehnike se vestno poslužujejo spletni oglaševalci in ostala spletna mesta, ki želijo brskalnikom, torej dejansko uporabnikom, slediti, ne da bi se posluževali očitnih metod sledenja, kot je raba piškotkov. V nalogi predstavljamo implementacijo, s katero lahko tehnike za pridobitev odtisa brskalnika uporabimo v prid varnosti spletnih aplikacij. To dosežemo tako, da HTTP seje z odtisom brskalnika utrdimo, ter preprečimo njihovo zlorabo z do zdaj znanimi tehnikami zlorabe tudi takrat, kadar ima napadalec dostop do podatkov o sami seji. HTTP is one of the basic building blocks of today's internet. As a protocol, it is responsible for streaming numerous types of content into our everyday. However, it was concieved and implemented on rather simple assumptions. The notion of state, the ability to identify users, was introducted into the protocol at a later stage, in the form of HTTP sessions. The introduction of state was the only mechanism that enabled web applications to serve customized content to users, depending on their identities. This change has been plagued with problems ever since. In many cases, these problems lead to security vulnerabilities, which could be exploited in ways that allow attackers to hijack user sessions and access others' content. Browser fingerprinting has been a well-known concept for a few years. It is based on the notion, that it is possible to gather enough distinct information from a specific browser, to be able to identifiy it among a large number of peers. The technique is widely used among web advertisers and web sites, who want to track their visitors without resorting to obvious and noisy tracking methods, such as using cookies. In this thesis, we will introduce the idea of using browser fingerprinting methods to harden sessions in web applications. If implemented, our technique will prevent the hijacking and misuse of sessions even in the event of an attacker knowing a session's details.

Published

2015

18. Požarni zidovi nove generacije : diplomsko delo univerzitetnega študija Varstvoslovje

Author

Kotnik, Nejc and Bernik, Igor

Subjects

varnost, računalniška omrežja, diplomske naloge, požarni zid, udc:004.056.52 (043.2)

Abstract

Požarni zid je naprava, ki stoji na ključnem mestu v omrežnem sistemu in ločuje zunanje nezavarovano in notranje zavarovano omrežje. Standardni požarni zidovi so bili več kot dva desetletja sposobni opravljati nalogo varuhov nadzora dohodnega in izhodnega prometa. S prihodom novih spletnih aplikacij in njihovih alternativnih načinov povezovanja, pa je nadzor postal čedalje bolj zahteven. Požarni zid se ravna po predpripravljenih pravilih, ki jih vnese administrator. Zato morajo požarni zidovi prepoznati, katere aplikacije se povezujejo v svetovni splet in kdo z njimi upravlja. Ker tradicionalne požarne pregrade te naloge ne izpolnjujejo več, je potrebno transparentnost toka omrežnih podatkov zagotoviti z dodatnimi sistemi odkrivanja. Požarni zidovi naslednje generacije zagotavljajo boljšo stopnjo zaščite kot njihovi predhodniki. So enako stabilni in zanesljivi ter omogočajo velik pretok podatkov. Poleg tega imajo integriranih še vrsto drugih sistemov zaščite in možnosti nadzora, kar administratorjem omogoča bolj celovito kontrolo nad uporabniki omrežja. Ker je požarni zid zmožen zaznati vse aplikacije v prometu, prav tako pa tudi njihovega uporabnika, organizacijam omogoča ustvarjanje uporabniških skupin, ki imajo različne varnostne politike. Požarni zidovi nove generacije so se začeli razvijati šele v začetku tega desetletja, zato tovrstni sistemi še niso dobro standardizirani. Ponudniki zagovarjajo svoje produkte in različno poimenujejo sisteme, ki opravljajo isto nalogo, zato smo v diplomskem delu naredili primerjavo različnih kriterijev med vodilnimi ponudniki požarnih zidov nove generacije. Rezultate testov smo primerjali in jih združili v pregledno tabelo. Pred odločitvijo o nakupu novega varnostnega sistema je nujno analizirati svoje potrebe, pričakovanja in finančne zmožnosti ter se na podlagi nabora funkcij posameznega sistema odločiti o optimalni izbiri za svoje podjetje. Firewall is a hardware device, located at a critical point in the network system. It separates unprotected outer network and secured inside or home network. Traditional firewalls were capable of guarding and controlling inbound and outbound traffic for more than two decades. With the arrival of new web based applications and their advanced connection capabilities, controlling traffic has become more demanding. Firewall relies on pre-prepared rules, which are inputted by administrator. Therefore, firewall must recognize all the applications, which want to connect to the network and also who is controlling them. Because traditional firewalls are no longer capable of doing the job, the transparency of data flow had to be ensured using additional system of detection. Next generation firewalls provide better level of protection as their predecessors. They are equally stable and reliable and they offer high data throughput. Additionally they have many other systems of protection integrated, which allows administrators better control over the users of the secured network. Because of Next Generation Firewall (NGFW) capabilities to identify applications and users, it is possible to create user groups, with different security policies. NGFW have appeared only in the beginning of the decade, which is why these systems are not yet standardized. Vendors advocate their products and call systems with the same function with different name, therefore we have compared tested results from different criteria and joined it all together in a transparent table. Before purchase of the new security system it is vital, that a thorough analysis of company needs, expectations and financial capabilities is done. Based on that experts analyse NGFW functions and recommend the most appropriate product for specific company.

Published

2014

19. Sodobne metode ribarjenja : diplomsko delo visokošolskega strokovnega študija Varnost in notranje zadeve

Author

Kreslin, Aleš and Bernik, Igor

Subjects

varnost, mobilne naprave, ogroženost, računalniška kriminaliteta, ribarjenje, diplomske naloge, internet, kibernetska kriminaliteta, udc:343.3/.7:004(043.2)

Abstract

Informacije lahko imajo visoko vrednost, še posebej če so zaupne narave in vsebujejo pomembne poslovne skrivnosti. Ravno zaradi te visoke vrednosti pa so velika tarča spletnih napadalcev, ki lahko s prodajo le teh na črnem trgu veliko zaslužijo. Institucije in podjetja obdelujejo ogromne količine podatkov, kjer so elektronski mediji in predvsem svetovni splet izredno uporabno orodje za hranjenje ter izmenjavo. Vendar toliko kolikor je uporaben internet legitimnim organizacijam, toliko je to tudi odlično sredstvo za osebe ali kriminalne združbe, ki se poskušajo teh informacij polastiti na nezakonit način. Ribarjenje je ravno eden izmed najbolj učinkovitih načinov za izvajanje tovrstnih deliktov dandanes. V diplomskem delu bomo navedli in podrobno razčlenili pet najbolj aktualnih metod, s katerimi kibernetski kriminalci izvajajo uspešne napade ter povzročajo organizacijam in podjetjem po celem svetu, ogromno finančno škodo. Za vsako metodo bomo uporabnikom svetovali, katere ukrepe sprejeti, da se zmanjšajo ali celo odpravijo morebitne škodljive posledice. Opredelili bomo ogrožanje, ki ga uporabnikom predstavlja ribarjenje, upoštevajoč razlike med starostjo, spolom in izpostavljenostjo Anti-Phishing treningom. Navedli bomo prednosti in slabosti, ki jih imajo mobilne naprave v zvezi s tovrstnimi napadi. Ribarjenje je kaznivo ravnanje, zato bomo predstavili pravno podlago za pregon v Sloveniji ter opisali povezavo, ki jo ima ribarjenje z drugimi kaznivimi dejanji. Na koncu bomo predstavili razlike, ki obstajajo med mladimi in odraslimi z vidika varnosti uporabe interneta, ter opisali zakaj do njih sploh pride. Information can be of high value, especially if they are confidential and contain trade secrets. And it is because of this high value that they are a big target for online attackers, who can earn a lot of money when selling these on the underground market. Institutions and companies process huge amounts of data, where the electronic media and World Wide Web are extremly useful tools for storing and sharing. However, as much as it is useful for the legitimate organizations, it is also an excellent tool for persons or criminal organizations, that are trying to get acces to these information in an unlawful manner. Phishing is indeed one of the most effective ways to commit these sorts of offenses. In our degree we will state and analyze in detail, five of the most current used methods, which are used by cyber attackers to carry out successful attacks and causing enormous financial loss to organizations and corporations worldwide. For every method we will also advise what safety measures a user should take, to reduce or even eliminate any potential negative consequences. We are going to define the user risk, caused by phishing, considering the differences between age, gender and exposure to Anti-Phishing education. We will point out the pros and cons, that are present with the use of mobile devices in relation to these kind of attacks. Phishing is a criminal act, so we are going to introduce you the legal standing used for criminal prosecution in Slovenia and describe its connection with other crimes. In the end we will show you the differences, that exist between youth and adults in safety of internet usage and explain why these occur.

Published

2014

20. Varnost mobilnih naprav z operacijskim sistemom Android : diplomsko delo visokošolskega strokovnega študija Varnost in policijsko delo

Author

Korošec, Alen and Bernik, Igor

Subjects

varnost, mobilne naprave, Android, udc:004.056(043.2), diplomske naloge, operacijiski sistemi, informacijska varnost, raziskave

Abstract

V teoretičnem delu diplomskega dela je podrobno opisan mobilni operacijski sistem Android in ukrepi za varno uporabo naprav s tem priljubljenim operacijskim sistemom. Predstavljene so najpogostejše varnostne grožnje informacijski varnosti, s katerimi se uporabniki lahko srečajo in kako se pred njimi zaščititi. Na mobilnih napravah je shranjenih veliko občutljivih podatkov, kot so gesla, dokumenti, elektronska pošta, osebne fotografije, podatki za prijavo v razne spletne portale, zgodovino brskanja in celo digitalna potrdila. Ti podatki lahko v napačnih rokah nepazljivemu uporabniku povzročijo precej škode. Delež zlonamerne programske opreme za Android zaradi razširjenosti sistema v zadnjem času strmo narašča, kar pa storilci kaznivih dejanj v kibernetskem prostoru s pridom izkoriščajo. Predvsem zaradi velikega števila zlonamerne programske opreme in pomanjkanja znanja o varni uporabi med uporabniki, OS Android ne spada med najvarnejše operacijske sisteme. V raziskovalnem delu diplomskega dela najdemo interpretacijo rezultatov raziskave o varni uporabi mobilnih naprav z operacijskim sistemom Android. Z izvedbo raziskave smo ugotavljali, ali se vsakdanji uporabniki zavedajo varnostnih groženj in poznajo varnostne rešitve. In the theoretical part of my thesis there is a detailed description of Android operating system and the correct measures for safe usage of the system itself. Described are the most common security threats that users encounter and measures to prevent them. Mobile phones tend to store information like passwords, documents, e-mails, personal photos, usernames for internet sites, search history and even digital certificates. The abuse of this information can cause a lot of damage. Android is growing fast and the consequence is a large number of malware that cyber criminals are taking advantage of. A large number of malware and the lack of knowledge of its users make Android an unsecure operating system. In the research part of the thesis there is a description of results of safe usage of Android on mobile devices. In this research we were trying to find out if users are aware of the threats and if they know how to prevent them.

Published

2014

21. Kibernetsko nadlegovanje in zalezovanje mladostnikov : diplomsko delo visokošolskega strokovnega študija Varnost in policijsko delo

Author

Kojić, Danijel and Bernik, Igor

Subjects

varnost, kibernetski prostor, diplomske naloge, preprečevanje, nadlegovanje, internet, zalezovanje, kibernetska kriminaliteta, udc:343.3/.7:004(043.2)

Abstract

Napredek v komunikacijski tehnologiji je prinesel veliko koristi, saj omogoča skorajda neomejen dostop do vseh koncev sveta in do neštetih informacij. Posebej radi jo uporabljajo mladostniki, saj jim širi obzorje in omogoča skorajda neomejeno število prijateljstev. Oboje mladim veliko pomeni v obdobju osamosvajanja in jim dviga samozavest. Tega se vsi zavedamo, zato temu v nalogi ne dajemo poseben poudarek, temveč smo se osredotočili na nevarnosti, ki prežijo na mlade. V nalogi smo opozorili na kibernetsko nadlegovanje in zalezovanje na vseh spletnih socialnih omrežjih in opisali vse vrste nadlegovanja in zalezovanja. V diplomski nalogi smo izpostavili vse vrste zaščite, ki jo imajo na voljo mladostniki in na katere jih je potrebno sprotno opozarjati. Pri tem bi vsekakor morala imeti večjo vlogo šola, oziroma sam koncept šolskega izobraževanja. Enakega mišljenja so bili tudi anketirani srednješolci, stari med 15 in 16 let. Iz njihovih odgovorov je sicer razvidno, da se zavedajo kibernetskih pasti, vendar v praksi to hitro zanemarijo. Bolj pozorni so tisti mladostniki, ki so kibernetsko nadlegovanje in zalezovanje doživeli sami. Taka izkušnja vsakega posameznika na določen način zaznamuje in o tem nerad govori. To je razvidno tudi iz odgovorov na anketni vprašalnik. Mladostniki, ki so tako izkušnjo doživeli, so v večini primerov odreagirali sami, brez pomoči staršev, šole ali prijateljev. Progress in communication technology brought a lot of benefits, as it provides for almost unlimited access to all places in the world and countless pieces of information. It is used especially among young people, as it expands their horizons and enables an almost unlimited number of friendships. Both of these features mean a great deal to young people in their time of coming into their own and lift their self-esteem. We are all aware of the above stated fact, which is why we did not put any special emphasis on it in this diploma, but we rather concentrated on the dangers that young people are facing. In the diploma, we pointed out cybernetic harassment and stalking on all social networks and described all types of harassment and stalking. We also highlighted all types of protection that are available to young people and of which young people must be continuously reminded. School, and the concept of school education itself, should definitely play a bigger part in this aspect. High school students, aged between 15 and 16, who took part in the survey, also shared this opinion. It is evident from their answers that they are aware of the traps of the cybernetic world, however, they tend to neglect them quickly in practice. Young people who experienced cybernetic harassment and stalking themselves are more aware of it. Such an experience leaves a certain mark on each individual and the ones that experienced it are reluctant to talk about it. This can be seen from the answers to the survey questionnaire. Young people who experienced such an ordeal mostly reacted themselves, with no help from their parents, school or friends.

Published

2014

22. Zagotavljanje varnosti pri uporabi računalništva v oblaku : diplomsko delo visokošolskega strokovnega študija Varnost in policijsko delo

Author

Mišigoj, Nina and Bernik, Igor

Subjects

udc:004(043.2), računalništvo, varnost, računalništvo v oblaku, primerjava, varna uporaba, diplomske naloge

Abstract

V diplomskem delu je predstavljeno računalništvo v oblaku. Bistveni del se nanaša na področje, kako zagotoviti večjo varnost pri uporabi omenjene storitve. V teoretičnem delu so s pomočjo literature predstavljeni bistveni elementi računalništva v oblaku in temeljni koraki pri zagotavljanja varnosti. Računalništvo v oblaku predstavlja uporabnikom relativno novo uporabniško izkušnjo. Ta omogoča, da do podatkov in številnih aplikacij dostopamo od kjerkoli in kadarkoli. Deluje podobno kot e-pošta, saj so vsi podatki shranjeni v oddaljenih podatkovnih centrih. Bistveni razlog za tako hiter razvoj računalništva v oblaku odigrata predvsem cenejša ponudba in enostavna uporaba omenjene storitve. Kljub vsem potencialom, ki jih prinaša računalništvo v oblaku, se velikokrat pozabi na bistveni element – varnost. Podatke, ki smo jih imeli shranjene pod lastnim okriljem, sedaj prenašamo v tuje območje, kjer se nahaja še kopica drugih podatkov. Torej, računalništvo v oblaku prinaša številna nova tveganja, ki se jih uporabniki premalo zavedajo. Poznavanje tveganj, varna in previdna uporaba storitve ter naprave so bistvenega pomena za zagotavljanje varnosti oz. za preprečevanje vdorov in kraj. Naslednje področje, ki predstavlja bistveni element računalništva v oblaku, je zakonodaja. Ker ponudniki večinoma prihajajo iz tujine, je potrebno zagotavljati ustrezen nivo varovanja osebnih podatkov. Uporabniki morajo poznati svoje pravice in zahtevati, da se jih upošteva. Kljub temu, institucije, kot je Informacijski pooblaščenec, ozaveščajo uporabnike o nevarnostih na internetu, se številni uporabniki še vedno ne zavedajo nevarnosti in svojih pravic, ki so lahko ogrožene. Tako mora v prvi vrsti uporabnik sam poskrbeti za varnost, ter si tako zaščiti svojo zasebnost. Metodološki del prinaša primerjalno analiza med tremi najpopularnejšimi ponudniki računalništva v oblaku – Google Drive, Dropbox in Appleov iCloud. Vsi ponudniki, predstavljajo javne storitve računalništva v oblaku, vendar je ponudba med njimi različna. Pred uporabo je dobro vedeti, v kakšne namene bomo uporabljali storitev in se seznaniti s pravilniki in postopki za zagotavljanje varnosti. S tem si uporabnik zagotovi varnost, zasebnost in varno uporabo storitve. In this thesis work presented a cloud computing. An essential part of thesis is refer to the area, how ensuring safety, when using a cloud computing. In the theoretical part, with the help of literature, are presented the essential parts of cloud computing and step how to providing security. Cloud computing represent to the users a relatively new experience. It makes access to personal data and other application at anytime from anywhere. Cloud computing works like email, all data are stored in remote data canters. The main reason for such rapid development of cloud computing is low cost and ease use of service. Despite all the potential of cloud computing, users often forget an essential element – security. The information’s that we had stored in our own location, we are now transporting in a foreign unknown location, where are stored other users information. So we can say, that cloud computing brings a number of new risks, which users aren´t aware of. Knowing the risks, safe and careful use of service and device are essential to ensure the safety or for the prevention from threats. The next step that represent an principal element of cloud computing is the law. Most of the providers are coming from other states, it is necessary to ensure an appropriate level of protection of personal data. For this reason users must be aware of their rights and demand that they are considered. Despite the fact that institutions such as Information commissioner, raise public awareness among consumers about the risk from the internet, many users still are unaware of the risks and of their rights. So in the first place users must take care for their safety and protect their privacy. A methodological part bring a comparative analysis of three most popular provider of cloud computing – Google drive, Dropbox and iCloud. All the providers represent a public cloud computing, but their offer is very different between them. So it is main prior before use, to know for which reason are we going to use the service and learn about their policies and procedures for ensuring safety. Whit this users can ensure themselves a security, privacy, and safe use of cloud computing.

Published

2013

23. Standardi v lokalnih brezžičnih omrežjih in zaščita v praksi : diplomsko delo visokošolskega strokovnega študija Varnost in policijsko delo

Author

Jurič, Gregor and Bernik, Igor

Subjects

zaščita, varnost, lokalna brezžična omrežja, udc:004.7(043.2), brezžična omrežja, diplomske naloge, standardi

Abstract

Zaradi vse več naprav, katere se v omrežje oziroma internet povezujejo brezžično, so tudi brezžična omrežja v porastu. Vsak, ki se želi s takšno napravo povezovati v splet preko domačega internetnega priključka, si mora omisliti brezžično dostopno točko ali usmerjevalnik (Router). Osnovna vzpostavitev brezžične dostopne točke je enostavna, problem nastane, kadar želimo imeti omrežje varno pred nepooblaščenimi dostopi, ki nam lahko povzročijo veliko preglavic in težav. Za to je potrebno znanje o samem brezžičnem omrežju, o protokolih, ki jih uporablja, in o možnih zaščitah. V diplomskem delu smo tako predstavili lokalno brezžično omrežje, kako deluje in kakšne so možne zaščite v teh omrežjih. Raziskali in predstavili smo tudi kako je z zaščito lokalnih brezžičnih omrežjih v praksi. Koliko brezžičnih omrežji je na določenih krajih v mestu Maribor in okolici ter kako so zaščitena. V ta namen, smo se s prenosnim računalnikom, GPS anteno in mobilnim telefonom z vozilom odpravili na zaznavanje lokalnih brezžičnih dostopnih točk. Pridobljene podatke smo nato analizirali in jih med sabo primerjali. Ugotovili smo, da je v mestu Maribor manj nezaščitenih brezžičnih dostopnih točk kot na podeželju, in hkrati jih je več, katere imajo nameščeno najmočnejšo zaščito. Wireless networks are on the rise due to more and more devices, which can wirelessly connect to the network or internet. Any one, who wants to connect such a device to the Internet via a home internet connection, needs a wireless access point or router. It is simple to set up a wireless access point with basic settings. The problem arises when we want to have a network that is secured from unauthorized access, which can cause a lot of trouble and difficulties. This requires knowledge about the wireless network protocols that are used, and about possible protections. So in this thesis we have presented the local wireless network, how it works and what are the possible protections of these networks. We have researched and presented how protected are local wireless networks in practice. How many wireless networks are present in certain places in the city of Maribor and its surroundings, and what kind of protection are they using. To accomplish this task, we have used a laptop computer, GPS antenna and a mobile phone in a vehicle and went for a scanning ride of local wireless access points. Acquired data was analyzed and compared with each other. We found out that in the city of Maribor there are less unprotected wireless access points than in the rural areas, also, in the city there are more networks, which are protected with the strongest protection.

Published

2013

24. Zlorabe plačilnih kartic v Sloveniji s poudarkom na skimmingu : magistrsko delo

Author

Gracer, David and Bernik, Igor

Subjects

udc:343.3/.7(043.2), varnost, zlorabe, skimming naprave, plačilne kartice, bankomati, varnostni ukrepi, plačilna sredstva, magistrska dela

Abstract

Namen uvedbe novih tehnologij v svetu je uporabnikom le-teh olajšati delo, zabavo, počitek itd. Vendar pri uvedbi lahko obstaja slaba stran. Kadar gre za tehnologije, ki uporabnike povezujejo s svetom na način, da jih uporablja za namene plačevanja, postanejo zanimive za nepridiprave. Kriminalci, ki se ukvarjajo s tovrstnimi kaznivimi ravnanji, poskušajo na vsak način priti do uporabnikovega denarja. Tako za vsa možna plačilna sredstva najdejo način zlorabe. Da pa dejansko pride do zlorabe, je odvisno od različnih dejavnikov. V tem delu je varnost bolj kot ne odvisna od ravnanja vsakega posameznika. Magistrska naloga je razdeljena na teoretični in empirični del. V teoretičnem delu so predstavljeni možni načini zlorab plačilnih kartic, pridobivanja podatkov o plačilnih karticah s poudarkom na nameščanju skimming-naprav, ponarejanja plačilnih kartic, anti-skimming in druge zaščite pred tovrstnimi dejanji, preiskovanju in zakonodaji v Sloveniji. V empiričnem delu je bila izvedena raziskava s pomočjo anketnega vprašalnika. S tem smo poskušali ugotoviti kaj vpliva na to, da uporabniki določenih plačilnih sredstev prepoznajo nameščeno skimming-napravo, kateri varnostni ukrepi pripomorejo k izboljšanju varnosti in najvarnejši način uporabe. Rezultati raziskave kažejo na to, da v veliki meri na zaznavo tovrstnih naprav vpliva pogostost uporabe, varnostni ukrepi se ujemajo s priporočili iz teorije, najvarnejši način pa je odvisen od različnih dejavnikov. The introduction of new technologies in the world is to help the users by their work, fun, rest,.. etc.. However there may be bad side. When it comes to technology users connect with the world in a way that they are used for the purpose of payment, it becomes interesting for criminals. Criminals dealing with such criminal practices are trying every way to get the user's money. For all possible ways of payment they are trying to find a way of abuse. If it comes to abuse depends on various factors. In this part the security is dependent on the behavior of each individual user. This master work is divided into theoretical and empirical part. The theoretical part presents the possible misuse of payment cards, to obtain information on payment cards with an focus on installing skimming devices, counterfeiting credit cards, anti-skimming and other protection against such acts, investigation and law in Slovenia. In the empirical part the research was conducted using a questionnaire. In this way we try to figure out what impact that users of certain means of payment, identify installed skimming device which security measures to help improve the safety and find the safest way of usage. The research results show that to a large extent on the perception of such devices affect the frequency of use, security measures are in line with the recommendations of the theory, the safest way is dependent on various factors.

Published

2013

25. Zagotavljanje zasebnosti in varnosti mladostnikov na internetu : diplomsko delo visokošolskega strokovnega študija Varnost in policijsko delo

Author

Oštir, Katja and Bernik, Igor

Subjects

varnost, mladostniki, udc:004.738.5(043.2), zasebnost, diplomske naloge, internet

Abstract

V današnji družbi je internet kot sodoben medij postal del našega vsakdana, ki nam poleg poslovnih možnosti in iskanja raznovrstnih informacij nudi obilo zabave in možnosti komuniciranja. Za mlade generacije je internet pomembno sredstvo, saj jim ponuja veliko možnosti za izobraževanje, raziskovanje in izpopolnjevanje. Ob vseh pozitivnih lastnostih uporabe interneta moramo izpostaviti številne potencialne nevarnosti in tveganja, ki so jim ob nepazljivi rabi interneta najbolj izpostavljeni mladi. Zaradi neizkušenosti, neznanja in pomanjkanja kritične presoje lahko postanejo tarča storilcev na internetu, spletnih nadlegovalcev in v najhujših primerih celo žrtve organiziranih pedofilskih mrež. Za zagotavljanje zasebnosti in večje varnosti mladostnikov na internetu bomo v diplomski nalogi osrednjo pozornost namenili najpogostejšim nevarnostim in tveganjem, s katerimi se mladostniki lahko soočajo, in predstavili nekaj ukrepov z vidika tehnične zaščite, ki določene nevarnosti zmanjšajo ali celo odpravijo. Izpostavili bomo tudi ključne pravne akte in obravnavali nekatere posamezne člene. Poudarili bomo ključno vlogo staršev, učiteljev ter organizacij in projektov, ki aktivno sodelujejo pri osveščanju in izobraževanju mladih, ter organizacij in združenj, ki na mednarodni ravni sodelujejo pri odkrivanju in preprečevanju internetne kriminalitete, predvsem v boju proti spolnim zlorabam otrok in mladostnikov na internetu. V empiričnem delu bomo z anketiranjem mladostnikov ugotavljali, ali internet uporabljajo na odgovoren in varen način. In today`s society the Internet as a contemporary media has become a part of our everyday lives, which beside business opportunities and search for various information also offers a lot of fun and ways to communicate. For young generations the Internet is an important tool, offering enormous possibilities for education, research and advancement. With all the positive characteristics of using the Internet we have to emphasise many of the potential threats and risks to which young people are the most exposed to with careless use. Because of their inexperience, insufficient knowledge and lack of critical judgement they can easily become targets of perpetrators, Internet molesters and in worst cases even victims of organised paedophilic networks. In order to ensure privacy and stronger security for young people using the Internet we are going to concentrate on the most common dangers and risks, which young people may encounter, and also present a few measures from technical security`s point of view, which lowers certain dangers or even eliminates them. We will also stress some of key legal acts and discuss certain articles. We will emphasize the key role of parents, teachers, organizations and projects, which actively cooperate in raising awareness and educating young people, and also organizations and groups, which cooperate on international level in exposing and preventing Internet crime, especially in the fight against sexual abuse of children and young people on the Internet. In the empirical part we will find out by interviewing young people whether they use the Internet in a responsible and safe way.

Published

2013

26. Varnostni vidiki spletnega bančništva : diplomsko delo univerzitetnega študija

Author

Prodanović, Stanislav and Bernik, Igor

Subjects

zaščita, elektronsko bančništvo, varnost, zlorabe, udc:004.056(043.2), diplomske naloge, varnostni mehanizmi, kibernetska kriminaliteta

Abstract

Banke imajo, kot osrednje finančne institucije, veliko zaslug za hiter razvoj informacijske tehnologije. Če je bila še pred približno 15 leti tehnologija bank skrita pred očmi javnosti, je danes preko elektronskega bančništva povezana s komitenti bank, saj se je v zadnjem desetletju elektronsko bančništvo izkazalo za eno najbolj dobičkonosnih spletnih storitev. Spletno bančništvo je del elektronskega bančništva in omogoča opravljanje bančnih poslov preko interneta ob vseh urah dneva, hkrati pa je zaradi svoje enostavnosti in praktičnosti postalo del vsakdanjega življenja, kar potrjujejo različne raziskave, ki kažejo na povečanje uporabnikov spletnega bančništva iz leta v leto. Z večanjem števila uporabnikov povezujemo tudi povečanje groženj uperjenih proti spletnemu bančništvu. S širitvijo ponudbe bank in uvajanjem novih storitev se kriminalcem odpirajo nove poti in možnosti za njihovo zlorabo. V ta namen bo evropska komisija za boj proti kibernetski kriminaliteti v januarju 2013 ustanovila Evropski center za kibernetsko kriminaliteto. Finančne institucije in varnostne agencije z raznimi priporočili in ukrepi proti zlorabam spletnega bančništva obveščajo uporabnike o nevarnostih, saj je varnost eden glavnih razlogov, zakaj spletno bančništvo ne uporabljamo v večji meri. Varnostni mehanizmi spletnih bank se razlikujejo, razlikuje pa se tudi nivo zaščite. Pri zagotavljanju varnosti ni dovolj samo uporaba in ponudba različnih produktov oz. varnostnih rešitev, banke morale večjo pozornost nameniti izobraževanju uporabnikov, saj je prav uporabnik najšibkejši člen v verigi zagotavljanja varnosti. Uporabniki bi se morali zavedati, da popolne varnosti ni. Banks are main financial institutions, and as such they have a lot of credit for the rapid development of information technology. If a banks technology was about 15 years ago hidden from the public eye, than today they are linked to customers through electronic banking and in the last decade electronic banking has emerged as one of the most profitable online services. Online banking is a part of electronic banking and allows performing banking transactions via the internet at any hours of the day, but due to its simplicity and practicality has become part of everyday life, which is confirmed by various studies that show an increase in users' online banking from year to year. Increasing number of users is associated with the increase of threats directed against online banking. With the expansion of offers from banks and introducing new services to customers opens criminals’ new avenues and possibilities for abuse. To this end, the European Commission against cybercrime will in January 2013 establish a European cybercrime center. Financial institutions and security agencies are with various recommendations and actions against the abuses of online banking informing users about the dangers, as safety is one of the main reasons why online banking is not used to a greater extent. Online banking security mechanisms differ, but there are also differences in a level of protection they are offering. In providing security is not enough to use and offer a variety of products or constantly new security solutions, the banks should pay more attention to user education, as it is user weakest link in the chain of safety. Users should be aware that absolute security doesn’t exists.

Published

2013

27. SECURITY ASPECTS OF ELECTRONIC PAYMENT

Author

Vesel, Miha and Bernik, Igor

Subjects

udc:343.3/.7, elektronsko plačevanje, varnost, zlorabe, diplomske naloge, kartično plačevanje

Abstract

Elektronsko plačevanje predstavlja velik del plačevanja v vsakdanjem življenju. Gotovinsko plačevanje izgublja na popularnosti, pojavljajo pa se novi načini plačevanja po elektronski poti. Ti nam omogočajo hitrejše plačevanje, kjerkoli in kadarkoli, obenem pa nam nekateri načini omogočajo, da lažje spremljamo bilanco našega bančnega računa. Z razvojem tehnologij nismo več omejeni na fizične trgovine, ampak s pomočjo elektronskega plačevanja, čedalje bolj nakupujemo na spletu oziroma na daljavo. Tovrstno plačevanje nam je močno olajšalo vsakdanje življenje, vendar pa se pri elektronskem plačevanju pojavlja velik problem, in sicer možnost zlorab. Pri gotovinskem plačevanju je največja skrb fizična kraja denarja, pri elektronskem plačevanju pa so bolj sofisticirani načini zlorabe. V diplomski nalogi smo pregledali načine elektronskega plačevanja in najpogostejše vrste zlorab. Ugotovili smo, da lahko velik del zlorab preprečimo z lastnim odgovornim ravnanjem, saj lahko z ozaveščenostjo o tej tematiki prepoznamo sumljive stvari in se izognemo zlorabi, še preden bi se ta zgodila. Ob tem smo ugotovili, da je elektronsko plačevanje razmeroma varno, saj so varnostni mehanizmi elektronskega plačevanja na tako visokem nivoju, da se storilci kaznivega dejanja raje osredotočajo na napake in nepozornosti uporabnika, kot na samo zlorabo sistemov elektronskega plačevanja. Ključno pri elektronskem plačevanju je torej dobro poznavanje možnosti zlorab in pazljiva raba instrumentov elektronskega plačevanja, ki se nato skupaj z varnostnimi mehanizmi elektronskega plačevanja uspešno borijo proti storilcem kaznivih dejanj. Electronic payment represents major part of payment in everyday life. Cash payment is losing in popularity and new electronic payment methods are emerging. These enable us to pay faster, anytime and anywhere, and at the same time some methods even allow us to monitor our bank balance. With the development of technologies, we are no longer limited to the physical stores, but with the help of electronic payments, we are increasingly shopping online or at the distance. Such payments made everyday life much easier, however one major concern arises in using electronic payments and that is the possibilty of fraud. For cash payments, the biggest concern was physical theft, but in using electronic payment we are subjected to more sophisticated methods of fraud. In diploma work, we have examined electronic payment methods and most common types of fraud. We have found out that a large proportion of fraud can be prevented with self-responsible behaviour. With awareness we can identify suspicious things and avoid fraud before it happens. With this in mind, we have found out that electronic payments are relatively safe way of payment, because the security mechanisms are on such high level that perpetrators focus on the mistakes and carelessness of the users, rather than to abuse electronic payment systems. The key to electronic payments safety is therefore a good knowledge of possibilites of fraud and the careful use of electronic payment instruments. These two combined with electronic payment security mechanisms are then successfuly fighting against perpetrators.

Published

2012

28. DANGERS AND ABUSES OF INTERNET SHOPPERS

Author

Lukenda, Josip and Bernik, Igor

Subjects

varnost, zasebnost, diplomske naloge, osebni podatki, spletne trgovine, udc:004.738.5:339.13, svetovni splet

Abstract

Diplomsko delo obravnava spletno nakupovanje in opredeljuje nevarnost in zlorabe, ki lahko nastanejo med nakupovanjem na spletu. Teoretični del predstavlja teoretična izhodišča, ki so vezana na spletno nakupovanje, na pojem varnosti in zasebnosti ter na nevarnosti, ki nastanejo med nakupovanjem na internetu. V empiričnem delu je predstavljena raziskava, ki temelji na pridobljenih podatkih iz anketnega vprašalnika in katere namen je bil ugotoviti, ali spletni kupci dojemajo spletno nakupovanje kot nevarno. Rezultati kažejo, da se uporabniki interneta, ki tudi kupujejo preko spleta, med nakupovanjem počutijo varne in niti ne razmišljajo o možnih nevarnostih. This thesis presents online shopping and defines the dangers and abuses, which can occur with online shopping. The theoretical part gives theoretical starting points on online shopping, security, privacy, and dangers, which can occur while shopping online. The empirical part uses data, acquired through the questionnaire to research weather online shoppers find online shopping dangerous. Results show that internet users feel safe while shopping online, and do not even think about possible dangers.

Published

2012

29. Security and privacy in Social Network

Author

Jakše, Tina and Bernik, Igor

Subjects

socialna omrežja, varnost, Facebook, zasebnost, diplomske naloge, internet, udc:004.738.5:342.721

Abstract

Social networks have become part of our everyday lives as far as personal and business usage is concerned. We use them to keep in touch with friends, family and business partners and also for our self-promotion or promotion of our products. Openness and unlimited extent make social networks interesting not only to their users, but also to cyber criminals. The latter exploit lack of knowledge, recklessness and gullibility of the social networks users who are very likely to become their victims. Warning of the dangers and education about protection in social networks are therefore of great importance. The way and extent of our protection depend mostly on ourselves. The market offers a lot of applications for protection against such dangers. Social networks also present general requirements and instructions which lead us to their safe usega. Legal acts deal with our protectio in certain cases. The dangers that lie in wait for the users of socia networks may be viruses, breaking into our computers and stealing our identity, »phishing« or »pharming«. Usege of social networks often turns into addiction. One of the most popular social networks is Facebook. It has been on the market since 2004, but its popularity and the number of users increase every day. Numerous attacks on Facebook have been witnessed since its establishment, therefore I advise its users to be mistrustful when using it despite its popularity and usefulness. This is the best way to protect themselves as well as their Facebook friends. Spletna socialna omrežja so postala del našega vsakdanjika, tako z vidika osebne, kakor tudi poslovne rabe. Uporabljamo jih zato, da ostanemo v stikih s prijatelji, družino, poslovnimi partnerji, za samo-promocijo ali promocijo svojih produktov. Zaradi odprtosti in brezmejne razsežnosti pa spletna socialna omrežja niso zanimiva samo za uporabnike, temveč tudi za kibernetske kriminalce. Ti izkoriščajo nepoznavanje, lahkomiselnost in naivnost uporabnikov spletnih socialnih omrežij, ki lahko hitro postanemo žrtve tovrstnih storilcev. Zato je pomembno opozarjanje na nevarnosti in izobraževanje o zaščiti v spletnih socialnih omrežjih. Kako in v kolikšni meri se bomo zaščitili, je največ odvisno predvsem od nas samih. Na trgu je veliko programov za zaščito pred nevarnostmi, prav tako nam spletna socialna omrežja predstavljajo splošne pogoje ter navodila, v katerih nas usmerjajo v varno uporabo spletnih socialnih omrežij. Za našo zaščito v težjih primerih pa skrbijo tudi pravni akti. Nevarnosti, ki v spletnih socialnih omrežjih prežijo na nas, so bodisi v obliki virusov, lahko pomenijo vdor v naš račun ter krajo identitete, ribarjenje ali »phishing«, »pharming«, velikokrat pa se uporaba spletnih socialnih omrežij sprevrže v zasvojenost. Eno izmed najbolj priljubljenih spletnih socialnih omrežij se imenuje Facebook, ki je na trgu šele od leta 2004, njegova priljubljenost in število uporabnikov pa iz dneva v dan narašča. V tem času smo bili priča številnim napadom na omenjeno spletno socialno omrežje, zato kljub priljubljenosti in uporabnosti tovrstnega omrežja uporabnikom svetujemo, da se v omrežju obnašamo nekoliko nezaupljivo, saj bomo le tako najbolje zavarovali sebe in tudi svoje Facebook prijatelje.

Published

2012

30. MECHANISMS OF PROTECTION AGAINST INFORMATION SECURITY THREATS

Author

Primc, Simon and Bernik, Igor

Subjects

zaščita, varnost, diplomske naloge, udc:004.056, računalniški sistemi, informacijska varnost

Abstract

Informacijska varnost in z njo povezani mehanizmi zaščite imajo ključno vlogo tudi v našem vsakdanjem življenju. Z nesmotrnim ravnanjem pri uporabi informacijske tehnologije pa je kaj hitro lahko ogrožena naša zasebnost in varnost. Svetovni splet nam danes zaradi svojih številnih prednosti, kot sta anonimnost in enostavna uporaba, predstavlja virtualni prostor, znotraj katerega se odvijajo najrazličnejše aktivnosti, med njimi tudi vrsta kriminalnih dejanj, kamor sodijo vdori v informacijske sisteme, pošiljanje zlonamerne programske kode ter druge goljufije in potegavščine. Vsa ta dejanja, ki so lahko storjena naklepno ali iz malomarnosti, pa so za nas lahko življenjskega pomena. Kibernetski prostor v kombinaciji z neustavljivim napredkom tehnologije omogoča vedno nove oblike kriminalnih dejanj, ki jih je včasih nemogoče predvideti, storilce pa težko odkriti. Ta prostor pa nudi tudi idealne pogoje za izvajanje asimetričnih groženj, ki bi se jih morala zavedati vsaka družba in temu primerno sodelovati na mednarodni ravni. Zunanje grožnje, na katere smo se omejili v diplomskem delu, predstavljajo najpogostejšo obliko napadov na informacijsko varnost, ker pa nam te grožnje ne smejo postati ovira, je potrebno dati poudarek na osveščenost vsakega posameznika, preden vstopi v ta navidezni svet globalnih razsežnosti. Vedeti moramo, katere mehanizme zaščite imamo možnost uporabljati, da se lahko v določeni meri zaščitimo pred krutim, mračnim delom kibernetskega »podzemlja«. Zavedati se moramo, da kibernetska kriminaliteta postaja kriminaliteta prihodnosti, ki ne pozna nobenih fizičnih omejitev. Tudi najsodobnejša tehnologija dopušča varnostne vrzeli, ki jih s pridom izkoriščajo prevaranti sveta. Nujno potrebno je vlagati v kader, ki se zavzema za prijaznejši virtualni svet in si priznati, da smo še vedno ljudje najnevarnejša grožnja samim sebi. Information security and the related protection mechanisms have a key role in our everyday lives as well. Furthermore, with careless behaviour in the use of the information technology our privacy and safety can quickly be put at risk. Nowadays the World Wide Web enables us, thanks to its numerous advantages such as anonymity and ease of use, to enter a virtual space where most varied activities take place and among them also a series of criminal offences, including hacking, sending abusive program codes, as well as other frauds and hoaxes. All such actions, which may be committed intentionally or out of negligence, can be of vital importance to us. The cyberspace, in combination with the incessant development of technology, enables new and new forms of criminal offences which are sometimes impossible to predict and their perpetrators hard to disclose. This space also offers ideal conditions for implementing asymmetric threats that every society should be aware of and cooperate accordingly on the international level. External threats, to which our examination was confined in the thesis, constitute the most frequent form of attacks on information security. As it cannot be permitted to these threats to become an obstacle, it is necessary to focus upon the awareness of individuals before their entering this virtual world of global proportions. We have to know what protection mechanisms are available for our use in order to protect ourselves to some extent against this cruel and dark part of the cyber »underground«. We should be aware that cyber crime is the criminality of the future and does not tolerate any physical limitations. Even the most advanced technology is open to security gaps and the rogues all over the world make the best of it. It is urgent to make investments in the staff committed to a friendlier virtual world and to admit that we, the human beings, are still the most dangerous threat to our own selves.

Published

2012

31. WIRELESS HOME NETWORK SECURITY

Author

Marinč, Aleksander and Bernik, Igor

Subjects

zaščita, brezžično omrežje, varnost, grožnje, diplomske naloge, udc:004.056.53, internet

Abstract

Uporaba povezljivih naprav omogoča lažje in hitrejše dostopanje do svetovnega spleta. Uporabniki pa do teh novih tehnologij postavljajo vedno višje zahteve po funkcionalnosti. Ena izmed njih je tudi povezovanje z internetom kjerkoli in kadarkoli, kar jim lahko zagotovi le brezžično omrežje. Tudi v zasebni rabi se vedno bolj kažejo tendence k vzpostavitvi brezžičnim omrežij doma, predvsem v zadnjem času, v času t. i. generacije I, ki ob gledanju televizije, uporablja računalnik, medtem ko išče informacije na svoji tablici in se pogovarja po pametnem telefonu. Z razmahom uporabe pa se je povečala količina informacij, zaupnih kot nezaupnih, ki jih uporabniki delijo po medmrežju ali pa jih hranijo na lokalnih diskih. Predvsem zaupne informacije so tiste, ki so zanimive za nepooblaščene uporabnike in jih je potrebno primerno zaščitit pred potencialnimi zlorabami. Med potencialne zlorabe uvrščamo predvsem krajo osebnih podatkov, uporabniških imen, gesel, transakcijskih računov in uporabo domačega omrežja za nadaljnji prikriti način napadalca za nadaljnje napade na bančne računalniške sisteme, pošiljanja oglasnih sporočil, DoS napade in vdore v ostale za napadalca zanimive strežnike. Torej za ustrezno zaščito pa je odgovoren predvsem uporabnik sam, ki s primerno uporabo varnostnih mehanizmov, ki mu jih ponuja strojna in programska mrežna oprema, ustrezno zaščiti svoje domače omrežje pred prej omenjenimi potencialnimi zlorabami. The use of connected devices enables user easier and faster access to the Internet. Users requests to these new technologies are increasing. Users have higher demands for functionality. One of them is connecting to the Internet anywhere and anytime, which can provide them a wireless network. Even in private use tendency to establish a wireless network at home is increasingly showing. Especially in recent times, during the Generation I, who is watching television, using computer while looking for information on his tablet PC, and is talking on a smartphone. With the expansion of connected devices and their use, increased amount of confidential and non confidential information that users shares over the network or just have it stored on the local disk. Confidential information are especially interesting for non authorized users for potential abuse, so this information must have adequately protection. Among potential abuse we classify phishing user personal data, usernames and passwords, bank account numbers and a further use of users home network for hiding attackers identity so he can secretly perform attack on bank systems, to spread junk mail and spam, to perform DoS attack and breaking into others interesting servers. So for adequate protection, responsibility is primarily of the user to ensure the proper use of safety devices. With the security mechanisms of hardware and software, user can properly protect his home network from the aforementioned potential abuses.

Published

2012

32. HOW TO PROTECT YOUR IDENTITY IN THE NETWORK

Author

Kozole, Aleš and Bernik, Igor

Subjects

grožnje, kraja identitete, varnost, diplomske naloge, udc:004.056, internet, varovalni ukrepi

Abstract

V današnjem, modernem in hitro rastočem svetu, je zelo pomembno, da se informacije širijo čim hitreje. Pred razvojem informacijsko-komunikacijskih tehnologij se je veliko uporabljalo poštne storitve, časopise in razne objave na oglasnih deskah. Danes pa, zaradi hitrega tempa življenja in razvoja interneta ter svetovnega spleta, ostajajo te storitve rahlo v ozadju. Uporaba storitev preko spleta je preprosta in hitra, saj omogoča dostop do informacij kjerkoli in kadarkoli. Z razvojem spleta pa se je tudi posameznikova identiteta prenesla iz družbenega okolja v spletno okolje, kjer posameznik oblikuje identiteto v spletu. Identiteto v spletu tako predstavljajo osebni in občutljivi podatki, kot so EMŠO in davčna številka, varnostna gesla, PIN številke in tudi številka bančnega računa. Ker pa je dostop do spleta mogoč kjerkoli in kadarkoli, so ti podatki oziroma identiteta v spletu izpostavljeni varnostnim grožnjam, kot je kraja identitete, socialni inženiring, zlonamerni programi in razne prevare preko elektronske pošte. Zato je pomembno, da uporabnik spleta te podatke ustrezno zaščiti pred nepooblaščeno uporabo in se zavaruje pred krajo identitete. V ta namen so določena podjetja razvila varnostne elemente, ki pomagajo uporabniku pri zaščiti podatkov. A vendar sama uporaba teh elementov ni dovolj, da bi preprečili krajo identitete, kajti predvsem pri socialnem inženiringu gre za uporabo socialnih in tehnoloških veščin, kjer napadalci pridobijo osebne podatke s pomočjo uporabnikovega zaupanje, in se s tem izognejo delovanju varnostnih elementov. Da bi preprečili te zlorabe, je potrebno dvigniti raven ozaveščenosti med spletnimi uporabniki in jih podučiti o varnostnih grožnjah. To nalogo so danes prevzele varnostne agencije, ena takšnih je Evropska agencija za omrežno in informacijsko varnost ENISA, v Sloveniji pa na tem področju delujejo Informacijski pooblaščenec, Agencija za pošto in elektronske komunikacije ter centra za obveščanje SI-CERT in SAFE.SI. Ozaveščenost je še toliko bolj pomembna, ker je zaradi brezmejne razsežnosti svetovnega spleta težko uporabiti nacionalne pravne akte v boju proti kibernetski kriminaliteti. Today, in modern and fast growing world, is very important that information is disseminated as quickly as possible. Prior to the development of ICT has been used by many postal services, newspapers and various posts on the billboards. Today, the pace of life and development of the internet and world wide web, these services remain slightly behind. Use of online services is simple and quick, allowing access to information anywhere, anytime. With the development of the world wide web an individual's identity is transferred from the social environment to the online environment, where individuals create online identity. The identity of the web also represents personal and sensitive informations, such as personal identification number and tax number, security passwords, PIN numbers and bank account number. However, since access to the web is possible wherever and whenever, such informations and the identity is exposed to the web security threats such as identity theft, social engineering, malicious programs and various scams by e-mail. It is therefore important that the web user uses to protect data against unauthorized use and against identity theft. To this end, the various companies has developed certain security features which help users to protect data. But use of these elements alone is not enough to prevent identity theft, especially because of social engineering is the application of social and technological skills, where the attackers obtain personal information through the user's trust, and avoid the operation of safety features. To prevent this abuse, it is necessary to raise security awareness among web users and educate them about security threats. This task is now taken over security agencies, one of them is the European Agency for Network and Information Security Agency ENISA, while in Slovenia in this area operate the Information Commissioner, the Agency for Post and Electronic Communications, and information centers SI-CERT and SAFE.SI. Awareness is even more important because of the immense scale of the world wide web is difficult to apply national legal acts in the fight against cyber crime.

Published

2012

33. THE SECURITY MECHANISMS OF ELECTRONIC COMMERCE

Author

Verbič, Andreja and Bernik, Igor

Subjects

varnost, diplomske naloge, elektronsko poslovanje, preprečevanje, udc:004.056, kibernetska kriminaliteta

Abstract

Diplomska naloga se najprej osredotoči na pojem elektronskega poslovanja in njegove vrste. V nadaljevanju so navedeni razlogi za uvedbo elektronskega poslovanja, saj le-ta prinaša podjetjem in drugim udeležencem poslovanja mnogo večjo učinkovitost, hitreje opravljene naloge, delo z manj napora in manj stroški. V naslednjem poglavju je opisana kibernetska kriminaliteta, ki ne bo nikoli izkoreninjena, saj se pojavljajo vedno nove oblike groženj in nevarnosti. Kibernetski storilci so že tako izurjeni in izkušeni, da jih bo težko zaustaviti pri njihovem delovanju. Med ogrožanje elektronskega poslovanja se uvrščajo tudi zloraba podatkov, napake uporabnikov, ranljivost računalniške opreme ter napake v programih in podatkih. Nadalje so opisane grožnje in rešitve za varno elektronsko poslovanje. Z razširjenostjo elektronskega poslovanja je kibernetski prostor postal prava tarča za kibernetske storilce. Informacijski sistemi in omrežja postajajo vse bolj povezani, kar še povečuje možnosti zlorab podatkov in drugih kibernetskih kaznivih dejanj. Največ zlorab in vdorov v računalniške sisteme se zgodi zaradi človeške napake, ki je lahko posledica malomarnosti, neznanja ali neprevidnosti pri poslovanju s pomembnimi podatki. V zadnjem poglavju so povzeti zakoni s področja elektronskega poslovanja in kibernetske kriminalitete, ki pomagajo organom pregona lažje izslediti in preganjati kibernetske storilce. The thesis is first to focus on the very concept of electronic commerce and its types. In the following the reasons for the introduction of electronic commerce are stated, as it brings to companies and other participants in business much more efficiency, quicker tasks performed, work with less effort and less costs. Next chapter is focused on cyber crime, which will never be eradicated, since it brings with it new forms of threats and dangers. Cyber criminals are already so trained and experienced that it will be difficult to stop them in their work. Among the threats to electronic commerce there are also included the misuse of data, user errors, the vulnerability of computer equipment and errors in the programs and data. Further on, the threats and solutions for safe electronic commerce are described. With the expansion of electronic commerce, the cyberspace has become the real target for cyber criminals. Information systems and networks are becoming more connected, adding to potential abuse of data and other cyber crimes. Most attacks and intrusion into computer systems occurs due to human error, which may result from negligence, ignorance or carelessness in dealing with important data. In the last chapter the law on electronic commerce and cyber-crime is summarized, helping law enforcement agencies to track and to easier prosecute cyber criminals.

Published

2012

34. Prenos podatkov po protokolu BitTorrent : diplomsko delo visokošolskega strokovnega študija

Author

Serajnik, Matic and Bernik, Igor

Subjects

udc:004.738.5, varnost, prenos, internet

Published

2012

35. Grožnje varnosti in zasebnosti na svetovnem spletu : diplomsko delo

Author

Dokleja, Kristina and Bernik, Igor

Subjects

varnost, grožnje, zasebnost, diplomske naloge, internet, udc:343.3/.7:004.738.5, kibernetska kriminaliteta

Published

2012

36. Videonadzor na javnih mestih : diplomsko delo

Author

Osmič, Emil and Bernik, Igor

Subjects

varovanje, varnost, udc:342.7:004, diplomske naloge, nadzorni sistemi, video nadzor, človekove pravice, pravica do zasebnosti

Published

2011

37. Varnost in zagotavljanje zasebnosti bolnišničnih podatkov o pacientih : diplomsko delo

Author

Marcelan, Nina and Bernik, Igor

Subjects

varnost, zasebnost, zdravstvene ustanove, diplomske naloge, pacienti, osebni podatki, informacijski sistemi, varstvo osebnih podatkov, udc:659.2:614.2

Published

2011

38. Zagotavljanje varnosti informacij in osebnih podatkov pred potencialnimi vdori v informacijske sisteme : diplomsko delo

Author

Krneta, Milijanka and Bernik, Igor

Subjects

varnost, vdori, informacije, diplomske naloge, udc:004.056, osebni podatki, informacijski sistemi, informacijska varnost

Published

2011

39. Celovita zaščita informacijskega sistema : diplomsko delo

Author

Saje, Rok and Bernik, Igor

Subjects

zaščita, varnost, udc:004:659.2, diplomske naloge, informacijski sistemi, tveganje

Published

2011

40. Varovanje zasebnosti v internetu : diplomsko delo

Author

Hlastec, Sara and Bernik, Igor

Subjects

udc:004.738.5, zaščita, varnost, zasebnost, diplomske naloge, internet

Published

2011

41. Varnost v socialnih omrežjih : diplomsko delo

Author

Kalič, Marko and Bernik, Igor

Subjects

udc:004.738.5, socialna omrežja, zaščita, varnost, zasebnost, diplomske naloge, internet

Published

2011

42. Zlonamerna koda kot grožnja informacijski varnosti posameznika : diplomsko delo

Author

Tekavec, Pavel and Bernik, Igor

Subjects

socialna omrežja, varnost, grožnje, diplomske naloge, udc:004, preprečevanje, zlonamerna koda, internet, informacijska varnost, elektronska pošta

Published

2011

43. Varnost in zasebnost v socialnih omrežjih : diplomsko delo

Author

Zver, Denis and Bernik, Igor

Subjects

socialna omrežja, varnost, Facebook, zasebnost, Myspace, diplomske naloge, internet, udc:004:342.721

Published

2011

44. Elektronski dokumenti in varnost njihove hrambe : diplomsko delo

Author

Švara, Karmen and Bernik, Igor

Subjects

zaščita, varnost, dokumentarno gradivo, diplomske naloge, elektronski arhiv, arhivsko gradivo, udc:004:930.25, varnostne kopije, hramba, elektronski dokumenti

Published

2011

45. ANALYSIS OF CLIENT SIDE ATTACK

Author

Erhatič, Žiga and Bernik, Igor

Subjects

WLAN, varnost, attack, security, napad, odjemalec, client

Abstract

Glavni namen naloge je bil prikazati nevarnosti, ki prežijo na odjemalca brezžičnih tehnologij. Velik problem brezžične tehnologije je ravno zagotavljanje varnosti. Uporabnika ni mogoče fizično zavarovati pred napadalci in dostikrat je brezžično omrežje primarna tarča napada. Predstavili smo varnostne ukrepe in standarde, uveljavljene v sistemih za brezžično povezavo, ter kako in s kakšnimi orodji lahko napadalec le-te zaobide. Na podlagi prikaza napada smo raziskali možnosti implementacije varnosti za določen sistem. Predvsem se je treba zavedati, da varnost ni izdelek oziroma nekaj, kar lahko kupimo, pač pa proces, ki ga je treba razvijati in neprestano gojiti. The main purpose of this thesis was to demonstrate the dangers that lurk on the client using wireless technologies. The biggest problem of wireless technology is providing security. The user can not be physically protected from hackers and wireless network is often the primary target of attack. We presented security measures and standards established in the systems for wireless connection, how and with what tools can attacker bypass them. Based on demonstration of attack, we looked at the implementation of a security system. Above all we have to be aware that the security is not a product or something we can buy, but a process that has to be evolved and continually nourished.

Published

2011

46. Zoperstavljanje sodobnim varnostnim grožnjam v informacijski varnosti : diplomsko delo

Author

Prislan, Kaja and Bernik, Igor

Subjects

varnost, grožnje, udc:343.3/.7:004, diplomske naloge, informacijski sistemi, kibernetični terorizem, informacijska varnost

Published

2011

47. Vpliv varnostne politike na ekonomiko poslovnih procesov : diplomsko delo

Author

Mrzdovnik, Nataša and Bernik, Igor

Subjects

varnost, varnostne politika, informacije, konkurenčna prednost, diplomske naloge, udc:004.056, informacijski sistemi, standardi, informacijska varnost, elektronska pošta

Published

2011

48. DANGER OF SOCIAL ENGINEERING FOR ORGANIZATIONS

Author

Vučenović, Mira and Bernik, Igor

Subjects

varnost, manipulacija, socialni inženiring, manipulation, social engineering, security

Abstract

V današnjem času organizacije razpolagajo z velikim številom informacij in podatkov, zato morajo z njimi ravnati skrbno in učinkovito. Ustrezno varovanje podatkov zmanjšuje poslovna tveganja in prispeva k uspešnosti podjetja. V tem diplomskem delu je predstavljen socialni inženiring, katerega namen je pridobitev določenih informacij, običajno zaupnih. Predstavljene so metode, ki se v praksi najpogosteje uporabljajo in so se izkazale kot uspešne. Problem, obravnavan v diplomskem delu, je pomanjkanje osveščenosti zaposlenih, kako hitro lahko postanejo žrtve napadov in kako je le-te možno preprečiti. Rezultat naloge so priporočila za prakso, ki zmanjšujejo možnosti zlorabe sistema z metodami socialnega inženiringa z znanjem se lahko najbolje zavarujemo. Predstavljen je program, s pomočjo katerega se organizacije lahko uspešno izognejo socialnemu inženiringu in njegovim posledicam. Nowadays organizations dispose with large number of information and data, which must be handled carefully and efficiently. Adequate data protection reduces business risks and contributes to the success of a company. This thesis presents a social engineering, which purpose is to acquire certain information, usually confidential. Methods most commonly used in practice and have proven to be successful are presented. The problem addressed in this thesis is lack of awareness of employees, how quickly they can become victims of attacks and how attacks could be prevented. The result of thesis is recommendation to practice, which can reduce a potential for abuse of the system using methods of social engineering. Presented program can help organizations successfully escape social engineering and its consequences.

Published

2011

49. RISK ASSESSMENT FOR CONSTITUTIONAL COURT INFORMATION SYSTEM

Author

Repar, Gregor and Bernik, Igor

Subjects

varnost, information system, grožnja, informacijski sistem, ocena tveganj, risk assessment, security, threat, varnostni ukrepi, countermeasures

Abstract

Magistrsko delo obravnava področje varnosti informacijskega sistema s poudarkom na oceni tveganj Ustavnega sodišča RS. V prvem delu so podane teoretične osnove varovanja informacij. Opisana je družina standardov ISO/IEC 27000 in sistem upravljanja in varovanja informacij. V drugem delu je najprej opisana metodologija ocene tveganj in predstavitev organizacije. Sledi opis izvedbe ocene tveganj Ustavnega sodišča. Na podlagi rezultatov je predstavljena analiza, kateri so podana priporočila in predlogi nujnih izboljšav. V zaključku so prikazane še možnosti za nadaljevanje tega dela ter pogled v prihodnost. The dissertation discusses the security of an information system with emphasis on risk assessment of the Constitutional Court of Slovenia. First part presents the theoretical basics of information security. Describes ISO / IEC 27000 standards family and information security management system. In the second part first describes the methodology of risk assessment and presentation of the organization. Follows a description of risk assessment of the Constitutional Court. The results of the analysis is presented, which includes recommendations and proposals for urgent improvements. In conclusion, shows there is scope for continuing this work as well as looking ahead to the future.

Published

2010

50. DATA SECURITY IN WIRELESS LOCAL AREA NETWORK

Author

Levstik, Tadej and Bernik, Igor

Subjects

brezžično lokalno omrežje, IEEE 802.11, varnost, IEEE 802.1X, security, wireless local area networks

Abstract

Diplomska naloga obravnava sodobni način povezovanja računalnikov v brezžična lokalna računalniška omrežja. Podrobneje je opisana zgodovina in razvoj standarda IEEE 802.11. Posebna pozornost je posvečena načinom zagotavljanja varnosti v brezžičnih lokalnih omrežjih. Opisana so najpomembnejša tveganja, ki se pojavljajo pri brezžičnih povezavah. Osrednja tema moje diplomske naloge je predstavitev brezžičnega omrežja v podjetju. Opisane so tehnologije in pripomočki, ki jih uporabljajo v podjetju za zagotavljanje varnega prenosa podatkov v brezžičnem lokalnem omrežju. Bachelor thesis deals with the modern way of connecting computers in local wireless computer networks. History and development of standard IEEE 802.11 is detailed described. Special attention is devoted to providing security in local wireless networks. I described the most important hazards which occur at wireless connections. Main theme of my dissertation is presentation of wireless network in the company. I described the technology and products, which are used in company for providing safe transfer of data in local wireless network.

Published

2009