prikaz prve stranice dokumenta Socijalni inženjering kao metoda otkrivanja povjerljivih informacija
  Download
PDF 2.31 MB
master's thesis
Socijalni inženjering kao metoda otkrivanja povjerljivih informacija
Split: University of Split, University Department for Forensic Sciences, 2018. urn:nbn:hr:227:562560
Kelam, Ivana
University of Split
University Department of Forensic Sciences

Institutional repository: Repository of University Department for Forensic Sciences

Cite this document

Kelam, I. (2018). Socijalni inženjering kao metoda otkrivanja povjerljivih informacija (Master's thesis). Split: University of Split, University Department of Forensic Sciences. Retrieved from https://urn.nsk.hr/urn:nbn:hr:227:562560

Kelam, Ivana. "Socijalni inženjering kao metoda otkrivanja povjerljivih informacija." Master's thesis, University of Split, University Department of Forensic Sciences, 2018. https://urn.nsk.hr/urn:nbn:hr:227:562560

Kelam, Ivana. "Socijalni inženjering kao metoda otkrivanja povjerljivih informacija." Master's thesis, University of Split, University Department of Forensic Sciences, 2018. https://urn.nsk.hr/urn:nbn:hr:227:562560

Kelam, I. (2018). 'Socijalni inženjering kao metoda otkrivanja povjerljivih informacija', Master's thesis, University of Split, University Department of Forensic Sciences, accessed 21 December 2024, https://urn.nsk.hr/urn:nbn:hr:227:562560

Kelam I. Socijalni inženjering kao metoda otkrivanja povjerljivih informacija [Master's thesis]. Split: University of Split, University Department of Forensic Sciences; 2018 [cited 2024 December 21] Available at: https://urn.nsk.hr/urn:nbn:hr:227:562560

I. Kelam, "Socijalni inženjering kao metoda otkrivanja povjerljivih informacija", Master's thesis, University of Split, University Department of Forensic Sciences, Split, 2018. Available at: https://urn.nsk.hr/urn:nbn:hr:227:562560

Metadata
TitleSocijalni inženjering kao metoda otkrivanja povjerljivih informacija
Title (english)Social engineering as a method for confidential information revelation
AuthorIvana Kelam
MentorToni Perković (mentor)
Committee memberDINKO BEGUŠIĆ (predsjednik povjerenstva)
Committee memberJosip Kasum (član povjerenstva)
Committee memberToni Perković (član povjerenstva)
GranterUniversity of Split
University Department of Forensic Sciences
Split
Defense date and country2018-09-17, Croatia
Scientific / art field,
discipline and subdiscipline		TECHNICAL SCIENCES
Computing
Abstract
Današnje prijetnje računalnoj sigurnosti su mnogobrojne i raznovrsne. Socijalni inženjering jest jedna vrsta napada na računalnu sigurnost. Riječ je o neautoriziranom pristupu informacijama ili cijelom računalnom sustavu manipuliranjem žrtvom. Povjerljive informacije se izvlače načinima psihološke manipulacije, upotrebe trikova, uvjeravanja, lažnog predstavljanja ili zloupotrebe povjerenja. Cilj ovoga rada bilo je detaljnije istražiti socijalni inženjering, njegove metode i načine napada, kao i mjere zaštite. Dodatni cilj je bio i pokušati izvesti napad u kontroliranom okruženju kako bi se pokazalo koliko je lako provesti takve napade, budući da su svi materijali sa uključenim detaljnim uputama dostupni na internetu. Provedeni napadi izvršeni su isključivo za potrebe ovoga rada, te se sve odvijalo u kontroliranom okruženju. Prvi program kojim se proveo napad obuhvaća otkrivanje lozinke Wi-Fi mreže, a riječ je o Fluxion programu. Fluxion je alat koji automatizira proces stvaranja lažne pristupne točke blizanca kako bi uhvatio WPA/WPA2 lozinke, mješavina je tehničkog dijela napada i socijalnog inženjeringa koji nasamaruje žrtvu da preda Wi-Fi lozinku. Drugi program je naziva WiFi-Pumpkin, a stvara vlastitu lažnu pristupnu točku, pruža uslugu bežičnog spajanja na internet te prisluškuje promet spojenog korisnika. Treći program stvara lažnu web-stranicu, a tim je prikazano na koji način napadač može uhvatiti lozinku žrtvine društvene mreže. Koristio se program Weeman, jednostavna Phython skripta koja stvara lažne web-stranice identične originalnima. Provedbom kontroliranih napada pokazalo se da se jednostavno i besplatno putem interneta može doći do softvera i alata koji su uspješni u otkrivanju povjerljivih informacija. Sve nam to upućuje da je potrebno biti što oprezniji prilikom korištenja interneta, odnosno spajanjem na otvorene Wi-Fi mreže, primitak sumnjivog emaila, paziti na sumnjive poveznice na koje mislimo kliknuti i ostalo, te da je potrebno podignuti svijest među običnim korisnicima interneta, putem reklama, educiranjem u školama i dr. Organizacije i tvrtke moraju shvatiti da je konstantno educiranje njihovih zaposlenika o opasnostima interneta i socijalnog inženjeringa bitno te da na taj način smanjuju rizik od napada na samu organizaciju.
Abstract (english)
Modern threats to computer security are many and varied. Social engineering is one kind of computer security threat. It's about unauthorized access to information or the entire computer system by manipulating the victim. Confidential information is extracted by psychological manipulation, the use of tricks, persuasion, false representation or abuse of trust. The aim of this paper was to investigate social engineering, its methods and ways of attack as well as the protection measures. An additional goal was to try run an attack in a controlled environment to show how easy it is to take such attacks, as all the materials with detailed instructions included are available on the Internet. The attacks were carried out solely for the purpose of this work, and everything was done in a controlled environment. The first program involves detecting a Wi-Fi password, which is a Fluxion program. Fluxion is a tool that automates the process of creating a fake twin access point to capture WPA / WPA2 passwords, a blend of a technical part of the attack and social engineering that tricks the victim to hand over the Wi-Fi password. The second program is WiFi-Pumpkin, and it creates its own fake access point, provides wireless connectivity to the Internet, and intercepts the traffic of the connected user. The third program creates a fake web page and that program shows us how the attacker can catch the password of the victim's social network. It is program called Weeman, a simple Phython script that creates fake web pages identical to the original. By implementing controlled attacks, it has been shown that software and tools that are successful in revealing confidential information can be accessed easily and free through the Internet. All this tells us that it is necessary to be extremely cautious when using the Internet, ie by connecting to an open Wi-Fi network, receiving suspicious emails, the suspicious links that we think click and the other, and raising awareness among ordinary Internet users, through advertising, education in schools, etc. Organizations and businesses need to realize that constantly educating their employees about the dangers of Internet and social engineering is important and thus reducing the risk of attacking the organization itself.
Keywords
Keywords (english)
Languagecroatian
URN:NBNurn:nbn:hr:227:562560
Study programmeTitle: Forensic Sciences
Study programme type: university
Study level: graduate
Academic / professional title: magistar/magistra forenzike (magistar/magistra forenzike)
Type of resourceText
File originBorn digital
Access conditionsOpen access
Terms of useLicence In copyright icon
Created on2018-12-06 07:53:31