{"id":2583,"date":"2015-02-16T18:47:17","date_gmt":"2015-02-16T17:47:17","guid":{"rendered":"http:\/\/preventista.sk\/info\/?p=2583"},"modified":"2015-02-16T18:48:52","modified_gmt":"2015-02-16T17:48:52","slug":"bezpecne-hranice-cast-1-co-je-to-penetracny-test","status":"publish","type":"post","link":"https:\/\/preventista.sk\/info\/bezpecne-hranice-cast-1-co-je-to-penetracny-test\/","title":{"rendered":"Bezpe\u010dn\u00e9 hranice  \u010cas\u0165 1: \u010co je to penetra\u010dn\u00fd test"},"content":{"rendered":"<p><em>V\u00fdraz \u201eperimeter\u201c v\u00a0matematike znamen\u00e1 celkov\u00fa d\u013a\u017eku vonkaj\u0161ieho obvodu dvojrozmern\u00e9ho objektu. V\u00a0prenesenom zmysle sa tento v\u00fdraz pou\u017e\u00edva ako \u201ehranica\u201c, teda priestor, ktor\u00fd sa nach\u00e1dza na vonkaj\u0161ej strane hranice vymedzen\u00e9ho objektu.<\/em><\/p>\n<p><em>V\u00a0informa\u010dnej bezpe\u010dnosti sa pod pojmom \u201eperimeter\u201c rozumie vonkaj\u0161\u00ed, cudz\u00ed priestor, mimo predmetn\u00e9ho virtu\u00e1lneho prostredia. Naj\u010dastej\u0161ie sa v\u00a0tomto kontexte jedn\u00e1 o\u00a0sie\u0165ov\u00fd perimeter, teda hranicu po\u010d\u00edta\u010dovej siete. Av\u0161ak virtu\u00e1lnym prostred\u00edm m\u00f4\u017ee by\u0165 aj po\u010d\u00edta\u010d, aplik\u00e1cia, alebo datab\u00e1zov\u00fd syst\u00e9m. Mimochodom \u2013 pre oblas\u0165 fyzickej bezpe\u010dnosti sa pou\u017e\u00edva toto\u017en\u00fd v\u00fdraz pre ur\u010denie vonkaj\u0161ej hranice ochrany objektu mechanick\u00fdmi z\u00e1brann\u00fdmi prostriedkami.\u00a0<\/em><\/p>\n<p><em>Overovanie \u00farovne odolnosti sie\u0165ov\u00e9ho perimetra organiz\u00e1cie vo\u010di potenci\u00e1lnym prienikom, patr\u00ed k\u00a0najefekt\u00edvnej\u0161\u00edm akt\u00edvnym met\u00f3dam overovania \u00farovne odolnosti virtu\u00e1lnych prostred\u00ed, nepriamo teda aj overovania \u00farovne informa\u010dnej bezpe\u010dnosti.<\/em><\/p>\n<p><a href=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/dom.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2567\" data-permalink=\"https:\/\/preventista.sk\/info\/dom\/\" data-orig-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/dom.png?fit=312%2C162&amp;ssl=1\" data-orig-size=\"312,162\" data-comments-opened=\"1\" data-image-title=\"dom\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/dom.png?fit=312%2C162&amp;ssl=1\" class=\"aligncenter size-full wp-image-2567\" src=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/dom.png?resize=312%2C162&#038;ssl=1\" alt=\"dom\" width=\"312\" height=\"162\" \/><\/a><\/p>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791277\"><\/a>D\u00f4veruj ale preveruj<\/h1>\n<p>Overovanie \u00farovne informa\u010dnej bezpe\u010dnosti je proces, ktor\u00fd umo\u017en\u00ed determinova\u0165 IT rizik\u00e1 p\u00f4sobiace na z\u00fa\u010dastnen\u00e9 entity, t.j. na servery, na koncov\u00e9 pracovn\u00e9 stanice, na po\u010d\u00edta\u010dov\u00fa sie\u0165, na procesy, na pou\u017e\u00edvate\u013eov, na klientov at\u010f., v\u00a0snahe dosiahnu\u0165 \u0161pecifick\u00e9 bezpe\u010dnostn\u00e9 ciele. Tieto entity\u00a0 s\u00fa v\u00a0procese overovania \u00farovne informa\u010dnej bezpe\u010dnosti v\u0161eobecne naz\u00fdvan\u00e9 ako \u201eobjekty overenia\u201c (assessment objects).<\/p>\n<p>Existuj\u00fa tri z\u00e1kladn\u00e9 pr\u00edstupy ku overeniu \u00farovne informa\u010dnej bezpe\u010dnosti: testovanie, presk\u00famanie a\u00a0auditn\u00fd pohovor.<\/p>\n<p><strong>Testovanie<\/strong> je proces, v\u00a0ktorom je jeden alebo viac objektov overenia vystaven\u00fdch ur\u010dit\u00fdm podmienkam, s\u00a0cie\u013eom porovna\u0165 aktu\u00e1lne a\u00a0o\u010dak\u00e1van\u00e9 spr\u00e1vanie sa objektov.<\/p>\n<p><strong>Presk\u00famanie<\/strong> je proces kontroly, in\u0161pekcie, rev\u00edzie, pozorovania, \u0161t\u00fadia, alebo anal\u00fdzy jedn\u00e9ho alebo viacer\u00fdch objektov overenia, \u010do m\u00f4\u017ee napom\u00f4c\u0165 pochopi\u0165, dok\u00e1za\u0165, potvrdi\u0165 alebo z\u00edska\u0165 d\u00f4kaz o\u00a0spr\u00e1van\u00ed sa objektov.<\/p>\n<p><strong>Auditn\u00fd pohovor<\/strong> je proces, v\u00a0ktorom s\u00fa veden\u00e9 diskusie s\u00a0jednotlivcami, alebo skupinami v\u00a0r\u00e1mci organiz\u00e1cie, \u010do m\u00f4\u017ee napom\u00f4c\u0165 pochopi\u0165, dok\u00e1za\u0165, potvrdi\u0165, z\u00edska\u0165 d\u00f4kaz o\u00a0spr\u00e1van\u00ed sa objektov, alebo z\u00edska\u0165 inform\u00e1cie o\u00a0umiestnen\u00ed\u00a0 d\u00f4kazov.<\/p>\n<p>V\u00a0tomto \u010dl\u00e1nku sa pok\u00fasim s\u00fastredi\u0165 \u0161pecificky len na testovanie sie\u0165ov\u00e9ho perimetra tzv. \u201epenetra\u010dn\u00fdm testom\u201c.<\/p>\n<p><strong>Penetra\u010dn\u00fd test je simul\u00e1cia re\u00e1lneho bezpe\u010dnostn\u00e9ho \u00fatoku, ktor\u00fdm je mo\u017en\u00e9 odhali\u0165 mnoh\u00e9 zjavn\u00e9 formy pokusov o neopr\u00e1vnen\u00fd prienik<\/strong> do syst\u00e9mov, zisti\u0165 mo\u017en\u00e9 cesty kompromit\u00e1cie klasifikovan\u00fdch informa\u010dn\u00fdch akt\u00edv, slabiny a mieru zranite\u013enosti organiz\u00e1cie.<\/p>\n<h1><a name=\"_Toc411791278\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791278\"><\/a><a name=\"_Toc351063902\"><\/a><a name=\"_Toc350725175\"><\/a>Legislat\u00edvny r\u00e1mec penetra\u010dn\u00fdch testov<\/h1>\n<p>V\u00fdkon penetra\u010dn\u00e9ho testovania nie je explicitne o\u0161etren\u00fd \u017eiadnou pr\u00e1vnou normou.\u00a0 Nepriamo je mo\u017en\u00e9 pre leg\u00e1lny v\u00fdkon penetra\u010dn\u00e9ho testu aplikova\u0165 ustanovenia Z\u00e1kona 502\/2001 Z. z. o finan\u010dnej kontrole a vn\u00fatornom audite, resp. niektor\u00fdch osobitn\u00fdch z\u00e1konov, ktor\u00fdmi je o\u0161etren\u00e1 povinnos\u0165 alebo pr\u00e1vo organiz\u00e1cie (zvy\u010dajne pravidelne) vykon\u00e1va\u0165 penetra\u010dn\u00e9 testy, napr. v\u00a0zmysle Z\u00e1kona \u010d. 483\/2001 Z. z. o\u00a0bank\u00e1ch.<\/p>\n<p>Objednan\u00e9 penetra\u010dn\u00e9 testy s\u00fa \u0161tandardnou slu\u017ebou ktor\u00e1 je vykonan\u00e1 na z\u00e1klade zmluvy a\u00a0objedn\u00e1vky. Je dobrou praxou, \u017ee pre tento typ slu\u017eby je o\u0161etren\u00e1 povinnos\u0165 zachovania ml\u010danlivosti a\u00a0d\u00f4vernosti z\u00edskan\u00fdch inform\u00e1ci\u00ed.<\/p>\n<p>Pri nevy\u017eiadan\u00fdch penetra\u010dn\u00fdch testoch je z trestno-pr\u00e1vneho h\u013eadiska v\u017edy nutn\u00e9 posudzova\u0165 \u00fa\u010del tak\u00e9hoto testu. Konanie mus\u00ed nap\u013a\u0148a\u0165 skutkov\u00fa podstatu trestn\u00e9ho \u010dinu a nebezpe\u010dnos\u0165 tak\u00e9hoto jednania, potom mus\u00ed dosahova\u0165 po\u017eadovan\u00fd stupe\u0148 nebezpe\u010denstva pre spolo\u010dnos\u0165, pr\u00edpadne pre subjekt. Predmetom posudzovania je tie\u017e dokazovanie, \u010di z danej \u010dinnosti vznik\u00e1 \u0161koda. V\u00a0ka\u017edom pr\u00edpade v\u0161ak <strong>nevy\u017eiadan\u00e9 penetra\u010dn\u00e9 testy sa pohybuj\u00fa na tenkej hranici medzi leg\u00e1lnou a neleg\u00e1lnou \u010dinnos\u0165ou<\/strong> so v\u0161etk\u00fdmi d\u00f4sledkami.<\/p>\n<p>Do neleg\u00e1lnej oblasti nepochybne spadaj\u00fa tak\u00e9 penetra\u010dn\u00e9 testy, ktor\u00e9 maj\u00fa za cie\u013e po\u0161kodi\u0165 testovan\u00fd subjekt, testy objednan\u00e9 pre \u00fa\u010dely nekalej hospod\u00e1rskej s\u00fa\u0165a\u017ee (napr. po\u0161kodenie konkurencie kompromit\u00e1ciou d\u00e1t, odcudzen\u00edm alebo zni\u010den\u00edm d\u00e1t, alebo sp\u00f4soben\u00edm nedostupnosti slu\u017eieb), testy vykonan\u00e9 za \u00fa\u010delom vydierania, testy vykonan\u00e9 s\u00a0\u00famyslom po\u0161kodi\u0165 dobr\u00e9 meno os\u00f4b a pr\u00e1vnych subjektov, at\u010f.\u00a0 Pre tak\u00e9to konanie sa zvy\u010dajne uplat\u0148uj\u00fa ustanovenia Trestn\u00e9ho z\u00e1kona s\u00favisiace s\u00a0elektronickou komunik\u00e1ciou, ochranou tajomstva, ochranou pr\u00e1v a ekonomickou kriminalitou ako napr\u00edklad:<\/p>\n<ul>\n<li>196 a \u00a7 197 TZ o poru\u0161ovan\u00ed tajomstva prepravovan\u00fdch spr\u00e1v,<\/li>\n<li>247 TZ o po\u0161koden\u00ed a zneu\u017eit\u00ed z\u00e1znamu na nosi\u010di inform\u00e1ci\u00ed,<\/li>\n<li>226 TZ o neopr\u00e1vnenom obohaten\u00ed,<\/li>\n<li>219 TZ o neopr\u00e1vnenom vyroben\u00ed a pou\u017e\u00edvan\u00ed elektronick\u00e9ho platobn\u00e9ho prostriedku a inej platobnej karty,<\/li>\n<li>264 TZ o ohrozen\u00ed obchodn\u00e9ho, bankov\u00e9ho, po\u0161tov\u00e9ho, telekomunika\u010dn\u00e9ho a da\u0148ov\u00e9ho tajomstva,<\/li>\n<li>282 TZ o poru\u0161ovan\u00ed priemyseln\u00fdch pr\u00e1v,<\/li>\n<li>283 TZ o poru\u0161ovan\u00ed autorsk\u00e9ho pr\u00e1va,<\/li>\n<li>361 TZ o \u0161\u00edren\u00ed popla\u0161nej spr\u00e1vy.<\/li>\n<\/ul>\n<p>Zvy\u010dajne sa pou\u017e\u00edva v\u00fdklad pod\u013ea met\u00f3dy \u201cargumentum e contrario\u201c, t.j. vyvr\u00e1tenie tvrdenia dokazovan\u00edm, \u017ee penetra\u010dn\u00fd test nutne povedie ku sporu alebo k neprijate\u013en\u00fdm d\u00f4sledkom. (tie\u017e tzv. \u201ed\u00f4kaz sporom\u201c).<\/p>\n<p>S\u00a0trochou zveli\u010denia je mo\u017en\u00e9 t\u00fato \u010das\u0165 \u010dl\u00e1nku uzatvori\u0165 tvrden\u00edm, \u017ee i neobjednan\u00fd penetra\u010dn\u00fd test m\u00f4\u017ee pom\u00f4c\u0165 k zlep\u0161eniu stavu informa\u010dnej bezpe\u010dnosti, ak s\u00fa jeho v\u00fdsledky prezentovan\u00e9 seri\u00f3zne a s \u010destn\u00fdm \u00famyslom. J<\/p>\n<h1><a name=\"_Toc411791279\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791279\"><\/a><a name=\"_Toc351063904\"><\/a><a name=\"_Toc350725176\"><\/a>Rozsah a\u00a0ciele testovania<\/h1>\n<p>V \u010fal\u0161om texte u\u017e vych\u00e1dzam z\u00a0predpokladu, \u017ee diskutujeme o objednanom, teda leg\u00e1lnom \u00a0penetra\u010dnom teste.<\/p>\n<p>Pred zapo\u010dat\u00edm samotn\u00e9ho testu je nutn\u00e9 stanovi\u0165 sp\u00f4sob, ak\u00fdm bude vykonan\u00fd penetra\u010dn\u00fd test, dohodn\u00fa\u0165 so \u0161tatut\u00e1rnymi z\u00e1stupcami organiz\u00e1cie podmienky testovania, technick\u00e9, prev\u00e1dzkov\u00e9 a\u00a0pr\u00e1vne obmedzenia pre v\u00fdkon testu a\u00a0najm\u00e4 sp\u00f4sob, ak\u00fdm bude organiz\u00e1cia obozn\u00e1men\u00e1 s\u00a0priebehom a\u00a0v\u00fdsledkami testovania.<\/p>\n<p>Z\u00e1rove\u0148 je nutn\u00e9 z\u00edska\u0165 p\u00edsomn\u00fa autoriz\u00e1ciu na vykonanie penetra\u010dn\u00fdch testov a uzatvori\u0165 dohodu o\u00a0ml\u010danlivosti, v\u00a0ktorej sa obe strany vz\u00e1jomne ubezpe\u010dia, \u017ee hlavn\u00fdm cie\u013eom, ktor\u00fd m\u00e1 by\u0165 testovan\u00edm dosiahnut\u00fd, je z\u00edskanie znalost\u00ed o\u00a0zranite\u013enostiach, bez toho, aby testovan\u00edm do\u0161lo ku po\u0161kodeniu alebo kompromit\u00e1cii informa\u010dn\u00fdch akt\u00edv organiz\u00e1cie a\u00a0 n\u00e1sledne zv\u00fd\u0161enie odolnosti sie\u0165ov\u00e9ho perimetra na z\u00e1klade z\u00edskan\u00fdch v\u00fdsledkov testu.<\/p>\n<p>Penetra\u010dn\u00fd test je<strong> overenie, \u010di aktu\u00e1lny stav bezpe\u010dnosti syst\u00e9mu alebo siete je v\u00a0s\u00falade s\u00a0po\u017eadovan\u00fdm stavom<\/strong>. Z\u00e1rove\u0148 je to v\u0161ak <strong>overenie pravdepodobnosti, \u017ee syst\u00e9my a\u00a0siete bud\u00fa n\u00e1chyln\u00e9 \u00faspe\u0161n\u00e9mu \u00fatoku<\/strong> zo strany zlomyse\u013en\u00e9ho vonkaj\u0161ieho \u00fato\u010dn\u00edka alebo podl\u00e9ho vn\u00fatorn\u00e9ho pou\u017e\u00edvate\u013ea.<\/p>\n<p>Proces penetra\u010dn\u00e9ho testovania zah\u0155\u0148a n\u00e1jdenie a vymenovanie v\u0161etk\u00fdch technick\u00fdch nedostatkov alebo zranite\u013enost\u00ed. Pokia\u013e s\u00fa n\u00e1jden\u00e9 ak\u00e9ko\u013evek zranite\u013enosti, nasleduje pokus o\u00a0prienik dovn\u00fatra siete, z\u00edskanie a vyu\u017eitie d\u00f4veryhodn\u00e9ho kan\u00e1la na pr\u00edstup a\u00a0z\u00edskanie zdrojov pre \u010fal\u0161\u00ed pohyb v dom\u00e9ne. Tento pr\u00edstup si \u010dasto vy\u017eaduje spustenie re\u00e1lneho \u00fatoku na re\u00e1lne syst\u00e9my a\u00a0d\u00e1ta rovnak\u00fdmi technikami, ak\u00e9 s\u00fa pou\u017e\u00edvan\u00e9 skuto\u010dn\u00fdmi \u00fato\u010dn\u00edkmi.<\/p>\n<p>V\u00e4\u010d\u0161ina penetra\u010dn\u00fdch testerov sa sna\u017e\u00ed zre\u0165azi\u0165 zranite\u013enosti r\u00f4znych syst\u00e9mov v\u00a0r\u00f4znych kombin\u00e1ci\u00e1ch. Tento pr\u00edstup zvy\u010dajne zabezpe\u010d\u00ed z\u00edskanie vy\u0161\u0161\u00edch opr\u00e1vnen\u00ed v\u00a0cie\u013eovom syst\u00e9me, ne\u017e m\u00f4\u017eu by\u0165 dosiahnut\u00e9 prostredn\u00edctvom jedinej zranite\u013enosti.<\/p>\n<p>Penetra\u010dn\u00e9 testy s\u00fa z\u00e1rove\u0148 vhodn\u00e9 na:<\/p>\n<ul>\n<li>ur\u010denie, ako efekt\u00edvne dok\u00e1\u017ee cie\u013eov\u00fd syst\u00e9m odol\u00e1va\u0165 re\u00e1lnym \u00fatokom,<\/li>\n<li>ur\u010denie miery pravdepodobnosti, akou sofistikovan\u00fd \u00fato\u010dn\u00edk dok\u00e1\u017ee \u00faspe\u0161ne kompromitova\u0165 syst\u00e9m,<\/li>\n<li>identifik\u00e1ciu mo\u017en\u00fdch dodato\u010dn\u00fdch protiopatren\u00ed, ktor\u00e9 m\u00f4\u017eu prispie\u0165 ku zn\u00ed\u017eeniu hrozieb,<\/li>\n<li>overenie schopnosti organiz\u00e1cie v\u010das detegova\u0165 \u00fatok a vhodn\u00fdm sp\u00f4sobom reagova\u0165.<\/li>\n<\/ul>\n<p>Penetra\u010dn\u00e9 testy m\u00f4\u017eu by\u0165 ve\u013emi u\u017eito\u010dn\u00fdm n\u00e1strojom na zv\u00fd\u0161enie \u00farovne informa\u010dnej bezpe\u010dnosti, av\u0161ak s\u00fa mimoriadne n\u00e1ro\u010dn\u00e9 na \u013eudsk\u00e9 zdroje a\u00a0to z\u00a0h\u013eadiska pr\u00e1cnosti, ako i z\u00a0poh\u013eadu nutn\u00fdch expertn\u00fdch znalost\u00ed testerov. \u0160peci\u00e1lne znalosti a\u00a0zru\u010dnosti\u00a0 s\u00fa nutn\u00e9 najm\u00e4 z\u00a0toho d\u00f4vodu, \u017ee po\u010das penetra\u010dn\u00e9ho testovania m\u00f4\u017eu by\u0165 syst\u00e9my\u00a0 vystaven\u00e9 riziku zni\u010denia, alebo nedostupnosti po\u010das riadnej prev\u00e1dzky, v\u00a0rozpore s\u00a0p\u00f4vodne mienen\u00fdmi benefitmi penetra\u010dn\u00e9ho testovania. I\u00a0ke\u010f sk\u00fasen\u00fd tester dok\u00e1\u017ee o\u0161etri\u0165 hlavn\u00e9 rizik\u00e1, bolo by nere\u00e1lne o\u010dak\u00e1va\u0165, \u017ee tieto bud\u00fa eliminovan\u00e9 \u00faplne. V\u00a0ka\u017edom pr\u00edpade \u2013 penetra\u010dn\u00e9 testy by mali by\u0165 vykonan\u00e9 a\u017e po opatrnom zv\u00e1\u017een\u00ed, a\u00a0pl\u00e1novan\u00ed.<\/p>\n<h1><a name=\"_Toc411791280\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791280\"><\/a><a name=\"_Toc351063909\"><\/a><a name=\"_Toc350725181\"><\/a>Kategoriz\u00e1cia penetra\u010dn\u00fdch testov<\/h1>\n<p><a name=\"_Toc350725182\"><\/a>Jestvuj\u00fa r\u00f4zne typy penetra\u010dn\u00fdch testov. Testy s\u00fa kategorizovan\u00e9 r\u00f4znym sp\u00f4sobom, v\u00a0z\u00e1vislosti na tom, odkia\u013e, s\u00a0akou znalos\u0165ou cie\u013eov\u00e9ho prostredia a\u00a0v\u00a0akej miere agresivity je veden\u00fd pokusn\u00fd \u201e\u00fatok\u201c. A\u00a0v\u00a0neposlednom rade aj pod\u013ea legitimity testu.<\/p>\n<p>Pozrime sa teda na ich rozdelenie.<\/p>\n<h2><a name=\"_Toc411791281\"><\/a><a name=\"_Toc351063910\"><\/a>A: Vysok\u00e1 vs. n\u00edzka znalos\u0165 cie\u013eov\u00e9ho prostredia<\/h2>\n<h3><a name=\"_Toc411791282\"><\/a><a name=\"_Toc351063911\"><\/a>White-Box<\/h3>\n<p>Testovac\u00ed t\u00edm m\u00e1 \u201evo\u013en\u00e9 ruky\u201c na pr\u00edstup do ktorejko\u013evek \u010dasti siete. T\u00edmu je poskytnut\u00e1 kompletn\u00e1 dokument\u00e1cia technickej infra\u0161trukt\u00fary ako aj detaily o\u00a0architekt\u00fare syst\u00e9mov a topol\u00f3gie siete sk\u00f4r, ne\u017e zapo\u010dne samotn\u00e9 testovanie.<\/p>\n<p>Tento postoj k testovaniu samozrejme nie je porovnate\u013en\u00fd s\u00a0testovan\u00edm \u201enaslepo\u201c, av\u0161ak m\u00f4\u017ee z\u00e1sadn\u00fdm sp\u00f4sobom prispie\u0165 k\u00a0 zr\u00fdchleniu procesu, dosiahnutiu v\u00fdrazn\u00fdch v\u00fdsledkov s\u00a0ove\u013ea presnej\u0161\u00edmi hodnotami.<\/p>\n<p>Objem potrebn\u00fdch znalost\u00ed je smerovan\u00fd na testovanie konkr\u00e9tnych cie\u013eov\u00fdch opera\u010dn\u00fdch syst\u00e9mov, aplik\u00e1ci\u00ed a\u00a0sie\u0165ov\u00fdch zariaden\u00ed, ktor\u00e9 prin\u00e1le\u017eia konkr\u00e9tnej a\u00a0zn\u00e1mej sieti. To je efekt\u00edvnej\u0161ie, ne\u017e nutn\u00e9 tr\u00e1venie \u010dasu na predch\u00e1dzaj\u00facej pr\u00edprave, overovan\u00ed dostupnosti a\u00a0odhadovan\u00ed mo\u017enej architekt\u00fary.<\/p>\n<p>Tento typ testu zodpoved\u00e1 situ\u00e1cii, ke\u010f m\u00e1 \u00fato\u010dn\u00edk kompletn\u00e9 znalosti o\u00a0vn\u00fatornej sieti V\u00e4\u010d\u0161inou sa jedn\u00e1 o\u00a0odhodlan\u00e9ho vn\u00fatorn\u00e9ho \u00fato\u010dn\u00edka, zamestnanca, alebo b\u00fdval\u00e9ho zamestnanca (tzv. \u201einsider-a\u201c).<\/p>\n<h3><a name=\"_Toc411791283\"><\/a><a name=\"_Toc351063912\"><\/a>Black-Box<\/h3>\n<p>Testovac\u00ed t\u00edm nem\u00e1 \u017eiadne predch\u00e1dzaj\u00face vedomosti o\u00a0po\u010d\u00edta\u010dovej sieti organiz\u00e1cie.<\/p>\n<p>Ako pr\u00edklad tejto situ\u00e1cie mo\u017eno uvies\u0165 stav, ke\u010f s\u00fa testovan\u00e9 iba web servery publikovan\u00e9 do extern\u00e9ho prostredia a\u00a0testovac\u00ed t\u00edm m\u00e1 k\u00a0dispoz\u00edcii iba zoznam IP adries a\u00a0zoznam URL.<\/p>\n<p>Tento typ testu zodpoved\u00e1 situ\u00e1cii, ke\u010f \u00fato\u010dn\u00edk nem\u00e1 presn\u00e9 znalosti o\u00a0vn\u00fatornej sieti a\u00a0m\u00e1 tendenciu do tejto siete prenikn\u00fa\u0165 (\u0161pecificky sa jedn\u00e1 o\u00a0odhodlan\u00e9ho vonkaj\u0161ieho odhodlan\u00e9ho \u00fato\u010dn\u00edka, tzv. \u201ehacker-a\u201c).<\/p>\n<h3><a name=\"_Toc411791284\"><\/a><a name=\"_Toc351063913\"><\/a>Grey-Box<\/h3>\n<p>Testovac\u00ed t\u00edm simuluje \u00fatok, ktor\u00fd by mohol by\u0165 vykonan\u00fd zo strany neloj\u00e1lneho, resp. nespokojn\u00e9ho zamestnanca alebo dod\u00e1vate\u013ea, ktor\u00fd m\u00e1 aspo\u0148 \u010diasto\u010dn\u00fd pr\u00edstup ku kritick\u00fdm syst\u00e9mom.<\/p>\n<p>Testovaciemu t\u00edmu m\u00f4\u017eu by\u0165 poskytnut\u00e9 zodpovedaj\u00face pr\u00edstupov\u00e9 pr\u00e1va na \u00farovni pr\u00edslu\u0161n\u00e9ho pou\u017e\u00edvate\u013ea a \u010diasto\u010dn\u00e1 dokument\u00e1cia o technickej infra\u0161trukt\u00fare.<\/p>\n<h2><\/h2>\n<h2><a name=\"_Toc411791285\"><\/a><a name=\"_Toc351063914\"><\/a><a name=\"_Toc350725183\"><\/a>B: Extern\u00e9 vs. intern\u00e9 testovanie<\/h2>\n<h3><a name=\"_Toc411791286\"><\/a><a name=\"_Toc351063915\"><\/a>Extern\u00e9 testovanie<\/h3>\n<p>Testovanie je veden\u00e9 z\u00a0vonkaj\u0161ej strany sie\u0165ov\u00e9ho perimetra. Tento pr\u00edstup umo\u017e\u0148uje vn\u00edma\u0165 stav bezpe\u010dnosti sk\u00faman\u00e9ho prostredia tak, ako sa jav\u00ed z\u00a0internetu, s\u00a0cie\u013eom odhali\u0165 tak\u00e9 zranite\u013enosti, ktor\u00e9 m\u00f4\u017eu by\u0165 zneu\u017eit\u00e9 pr\u00e1ve zo strany vonkaj\u0161ieho \u00fato\u010dn\u00edka.<\/p>\n<p>Pri externom testovan\u00ed sa tester zvy\u010dajne s\u00fastred\u00ed na verejne publikovan\u00e9 slu\u017eby, resp. vyhraden\u00e9 slu\u017eby publikovan\u00e9 alebo prep\u00e1jan\u00e9 prostredn\u00edctvom verejn\u00fdch siet\u00ed. Testovanie je tie\u017e zameran\u00e9 na odhalenie zranite\u013enost\u00ed pr\u00edstupov\u00fdch met\u00f3d, ako napr\u00edklad bezdr\u00f4tov\u00fdch pr\u00edstupov\u00fdch bodov, modemov a\u00a0port\u00e1lov vn\u00fatorn\u00fdch serverov.<\/p>\n<h3><a name=\"_Toc411791287\"><\/a><a name=\"_Toc351063916\"><\/a>Intern\u00e9 testovanie<\/h3>\n<p>Pri internom testovan\u00ed pracuj\u00fa testeri vo vn\u00fatri siete a preberaj\u00fa na seba identitu d\u00f4veryhodn\u00e9ho vn\u00fatorn\u00e9ho pou\u017e\u00edvate\u013ea, pr\u00edpadne \u00fato\u010dn\u00edka, ktor\u00fd prenikol ochranou sie\u0165ov\u00e9ho perimetra. Tento typ testovania napom\u00e1ha demon\u0161trova\u0165 potenci\u00e1lnych dopady ktor\u00e9 m\u00f4\u017eu by\u0165 sp\u00f4soben\u00e9 pr\u00e1ve zo strany vn\u00fatorn\u00e9ho \u00fato\u010dn\u00edka.<\/p>\n<p>Intern\u00e9 testovanie sa s\u00fastre\u010fuje na \u00farove\u0148 bezpe\u010dnosti syst\u00e9mov umiestnen\u00fdch v\u00a0LAN a VLAN a\u00a0ich konfigur\u00e1ciu , vr\u00e1tane konfigur\u00e1cie aplik\u00e1ci\u00ed a\u00a0slu\u017eieb, bezpe\u010dnosti autentifika\u010dn\u00fdch met\u00f3d, adres\u00e1rov\u00fdch slu\u017eieb, riadenia pr\u00edstupov a\u00a0hardeningu serverov.<\/p>\n<p>Intern\u00e9 testovanie nem\u00e1 tie limit\u00e1cie, ako extern\u00e9 testovanie, ke\u010f\u017ee prebieha zvn\u00fatra ochrany perimetra, napriek tomu, \u017ee aj vo vn\u00fatri siete existuj\u00fa ist\u00e9 obrann\u00e9 mechanizmy.<\/p>\n<h3><a name=\"_Toc411791288\"><\/a><a name=\"_Toc351063917\"><\/a>Zmie\u0161an\u00fd pr\u00edstup<\/h3>\n<p>Ak s\u00fa vykon\u00e1van\u00e9 naraz extern\u00e9 aj intern\u00e9 penetra\u010dn\u00e9 testy, extern\u00e9 by mali by\u0165 vykonan\u00e9 ako prv\u00e9. Toto je obzvl\u00e1\u0161\u0165 potrebn\u00e9, pokia\u013e testy vykon\u00e1va jeden a\u00a0ten ist\u00fd tester. Ak by tento z\u00edskal inform\u00e1cie z\u00a0intern\u00e9ho penetra\u010dn\u00e9ho testovania ako prv\u00e9, mohlo by to ma\u0165 negat\u00edvny vplyv na d\u00f4veryhodnos\u0165 \u00fadajov z\u00edskan\u00fdch z\u00a0n\u00e1sledn\u00e9ho extern\u00e9ho penetra\u010dn\u00e9ho testu.<\/p>\n<h2><\/h2>\n<h2><a name=\"_Toc411791289\"><\/a><a name=\"_Toc351063918\"><\/a><a name=\"_Toc350725184\"><\/a>C: Transparentn\u00e9 vs. utajen\u00e9 testovanie<\/h2>\n<h3><a name=\"_Toc411791290\"><\/a><a name=\"_Toc351063919\"><\/a>Transparentn\u00e9 testovanie<\/h3>\n<p>Transparentn\u00e9 (otvoren\u00e9, neskr\u00fdvan\u00e9) testovanie zn\u00e1me tie\u017e pod n\u00e1zvom \u201ewhite hat\u201c testovanie, znamen\u00e1 v\u00fdkon extern\u00e9ho alebo intern\u00e9ho testovania s\u00a0vedom\u00edm a\u00a0s\u00fahlasom tej organiza\u010dnej jednotky, ktorej zodpovednos\u0165ou je prev\u00e1dzka IKT, umo\u017eniac tak komplexn\u00e9 zhodnotenie \u00farovne bezpe\u010dnosti siete.<\/p>\n<p>Ke\u010f\u017ee IT \u00fatvar organiz\u00e1cie je zainteresovan\u00fd do testovania, mal by by\u0165 schopn\u00fd poskytn\u00fa\u0165 podporu smeruj\u00facu k\u00a0minimaliz\u00e1cii potenci\u00e1lnych negat\u00edvnych dopadov testovania. Testovanie m\u00f4\u017ee tie\u017e poskytn\u00fa\u0165 pr\u00edle\u017eitos\u0165 na z\u00edskanie neocenite\u013enej sk\u00fasenosti s\u00a0profesion\u00e1lnymi met\u00f3dami overenia \u00farovne bezpe\u010dnosti.<\/p>\n<h3><a name=\"_Toc411791291\"><\/a><a name=\"_Toc351063920\"><\/a>Utajen\u00e9 testovanie<\/h3>\n<p>Utajen\u00e9 (skryt\u00e9) testovanie zn\u00e1me tie\u017e ako \u201eblack hat\u201c testovanie oproti predch\u00e1dzaj\u00facemu sp\u00f4sobu pou\u017e\u00edva pr\u00edstup, pri ktorom\u00a0 je testovanie vykon\u00e1van\u00e9 bez predch\u00e1dzaj\u00faceho upovedomenia organiza\u010dnej jednotky, ktorej zodpovednos\u0165ou je prev\u00e1dzka IKT. Testovanie vopred ods\u00fahlas\u00ed len najvy\u0161\u0161ie vedenie organiz\u00e1cie a\u00a0obozn\u00e1men\u00e9 s\u00fa len \u00fatvary zodpovedn\u00e9 za informa\u010dn\u00fa bezpe\u010dnos\u0165, resp. za intern\u00fd audit. Skryt\u00e9 testovanie m\u00f4\u017ee by\u0165 n\u00e1sledne spusten\u00e9 s\u00a0predch\u00e1dzaj\u00facim upozornen\u00edm, alebo aj bez ak\u00e9hoko\u013evek upozornenia.<\/p>\n<p>\u00da\u010delom skryt\u00e9ho testovania je presk\u00fama\u0165 mo\u017enosti zni\u010denia informa\u010dn\u00fdch akt\u00edv, alebo sp\u00f4sobenia dopadu na informa\u010dn\u00e9 akt\u00edva. Tento test nie je zameran\u00fd na identifik\u00e1ciu zranite\u013enost\u00ed, ale m\u00e1 za cie\u013e testova\u0165 \u00farove\u0148 zabezpe\u010denia z\u00a0poh\u013eadu potenci\u00e1lneho nepriate\u013ea. Skryt\u00fd test m\u00e1 vopred ur\u010den\u00e9 iba hranice, ktor\u00e9 pokia\u013e s\u00fa testermi dosiahnut\u00e9, pova\u017euje sa test za \u00faspe\u0161ne ukon\u010den\u00fd (napr. dok\u00e1zate\u013en\u00e9 z\u00edskanie pr\u00edslu\u0161n\u00fdch pr\u00edstupov\u00fdch pr\u00e1v alebo dok\u00e1zate\u013ene kompromitovan\u00e9 vopred ur\u010den\u00e9 cie\u013eov\u00e9 informa\u010dn\u00e9 akt\u00edva).<\/p>\n<p>Transparentn\u00e9 testovanie je menej n\u00e1kladn\u00e9, generuje ni\u017e\u0161ie rizik\u00e1 a\u00a0je pou\u017e\u00edvan\u00e9 \u010dastej\u0161ie. Oproti tomu utajen\u00e9 testovanie poskytuje kvalitnej\u0161iu indik\u00e1ciu o\u00a0potenci\u00e1lnych rizik\u00e1ch, preto\u017ee spr\u00e1vcovia syst\u00e9mov nie s\u00fa vopred upozornen\u00ed na potrebu zv\u00fd\u0161enej pozornosti a\u00a0teda nemaj\u00fa tendenciu \u201eoklama\u0165\u201c testovanie bezprostrednou reakciou po\u010das prebiehaj\u00facich testov.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/testy.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2571\" data-permalink=\"https:\/\/preventista.sk\/info\/testy\/\" data-orig-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/testy.jpg?fit=998%2C286&amp;ssl=1\" data-orig-size=\"998,286\" data-comments-opened=\"1\" data-image-title=\"testy\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/testy.jpg?fit=700%2C201&amp;ssl=1\" class=\"aligncenter  wp-image-2571\" src=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/testy.jpg?resize=616%2C170&#038;ssl=1\" alt=\"testy\" width=\"616\" height=\"170\" \/><\/a><\/p>\n<h1><a name=\"_Toc411791292\"><\/a><a name=\"_Toc351063921\"><\/a><\/h1>\n<hr \/>\n<h1>V\u00fdnimky z\u00a0penetra\u010dn\u00e9ho testovania<\/h1>\n<p>Z r\u00e1mca penetra\u010dn\u00fdch testov s\u00fa zvy\u010dajne vopred zmluvne vyl\u00fa\u010den\u00e9 testovacie postupy, ktor\u00fdch z\u00e1kladom s\u00fa met\u00f3dy soci\u00e1lneho in\u017einierstva, ke\u010f\u017ee tak\u00e9to testovanie je nasmerovan\u00e9 na zneu\u017eitie zranite\u013enosti vypl\u00fdvaj\u00facej z\u00a0n\u00edzkeho bezpe\u010dnostn\u00e9ho povedomia pou\u017e\u00edvate\u013eov a\u00a0nie na zis\u0165ovanie \u00farovne bezpe\u010dnosti siet\u00ed a\u00a0syst\u00e9mov.<\/p>\n<p>Rovnako tak by mali by\u0165 vopred automaticky zmluvne vyl\u00fa\u010den\u00e9 testovacie postupy, ktor\u00e9 smeruj\u00fa na odopretie slu\u017eby napr. zahlten\u00edm komunika\u010dn\u00e9ho kan\u00e1la (DoS, DDoS), pre\u0165a\u017een\u00edm zdrojov, alebo odstaven\u00edm slu\u017eieb na strane poskytovate\u013eov z\u00e1kladn\u00fdch m\u00e9di\u00ed (napr. odstavenie dod\u00e1vky elektrickej energie, chladenia, d\u00e1tov\u00e9ho pripojenia, at\u010f.), alebo ru\u0161en\u00edm r\u00e1diofrekven\u010dn\u00e9ho p\u00e1sma (v pr\u00edpade slu\u017eieb zalo\u017een\u00fdch na bezdr\u00f4tov\u00fdch technol\u00f3gi\u00e1ch).<\/p>\n<p><a name=\"_Toc350725201\"><\/a>S\u00a0\u00famyslom zv\u00fd\u0161enia efektivity penetra\u010dn\u00e9ho testovania by z predmetu testovania mali by\u0165 taktie\u017e vy\u0148at\u00e9:<\/p>\n<ul>\n<li>v\u00fdvojov\u00e9 a testovacie verzie softv\u00e9ru,<\/li>\n<li>spolo\u010dne vlastnen\u00e9 a zdie\u013ean\u00e9 zdroje a zariadenia (ve\u013emi \u0161pecificky je to probl\u00e9m na otvoren\u00fa diskusiu, napr. v pr\u00edpade, \u017ee organiz\u00e1cia pou\u017e\u00edva architekt\u00faru zvan\u00fa \u201cCloud computing\u201d),<\/li>\n<li>notebooky a prenosn\u00e9 zariadenia, resp. iba po predch\u00e1dzaj\u00facej dohode,<\/li>\n<li>sk\u00fa\u0161obn\u00e9 verzie komer\u010dn\u00e9ho softv\u00e9ru,<\/li>\n<li>nestabiln\u00ed hostitelia,<\/li>\n<li>sie\u0165ov\u00e1 infra\u0161trukt\u00fara dodan\u00e1 len na testovacie \u00fa\u010dely.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Ivan Makat\u00fara<\/p>\n","protected":false},"excerpt":{"rendered":"<p>V\u00fdraz \u201eperimeter\u201c v\u00a0matematike znamen\u00e1 celkov\u00fa d\u013a\u017eku vonkaj\u0161ieho obvodu dvojrozmern\u00e9ho objektu. V\u00a0prenesenom zmysle sa tento v\u00fdraz pou\u017e\u00edva ako \u201ehranica\u201c, teda priestor, ktor\u00fd sa nach\u00e1dza na vonkaj\u0161ej strane hranice vymedzen\u00e9ho objektu. V\u00a0informa\u010dnej bezpe\u010dnosti sa pod pojmom \u201eperimeter\u201c rozumie vonkaj\u0161\u00ed, cudz\u00ed priestor, mimo predmetn\u00e9ho virtu\u00e1lneho prostredia. Naj\u010dastej\u0161ie sa v\u00a0tomto kontexte jedn\u00e1 o\u00a0sie\u0165ov\u00fd perimeter, teda hranicu po\u010d\u00edta\u010dovej siete. Av\u0161ak [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":2592,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[4],"tags":[],"class_list":["post-2583","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-itbezp"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":3406,"url":"https:\/\/preventista.sk\/info\/co-je-to-kyberneticka-bezpecnost\/","url_meta":{"origin":2583,"position":0},"title":"\u010co je to kybernetick\u00e1 bezpe\u010dnos\u0165?","author":"I. Makatura","date":"3. marca 2017","format":false,"excerpt":"\u00a0 Dnes u\u017e zrejme nikto nepochybuje o\u00a0tom, \u017ee \u013eudia s\u00fa na inform\u00e1ci\u00e1ch z\u00e1visl\u00ed. A\u00a0nie je to len z\u00e1vislos\u0165 v\u00a0zmysle poh\u013eadov, neust\u00e1le sklonen\u00fdch ku mobiln\u00fdm telef\u00f3nom. Ve\u010f z\u00e1vislos\u0165 na inform\u00e1ci\u00e1ch sa t\u00fdka u\u017e aj mnoh\u00fdch hospod\u00e1rskych odvetv\u00ed a\u00a0spr\u00e1vy vec\u00ed verejn\u00fdch. Inform\u00e1ci\u00ed je viac, ne\u017e kedyko\u013evek predt\u00fdm, inform\u00e1cie s\u00fa sprac\u00favan\u00e9 r\u00fdchlej\u0161ie a\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"\u010co je to kybernetick\u00e1 bezpe\u010dnos\u0165?","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2017\/03\/clanok.png?fit=800%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2017\/03\/clanok.png?fit=800%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2017\/03\/clanok.png?fit=800%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2017\/03\/clanok.png?fit=800%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1540,"url":"https:\/\/preventista.sk\/info\/kyber-nieco\/","url_meta":{"origin":2583,"position":1},"title":"Kyber-nie\u010do","author":"I. Makatura","date":"17. okt\u00f3bra 2013","format":false,"excerpt":"\u201ePanta rhei\u201c\u00a0 je Plat\u00f3nova skr\u00e1ten\u00e1 interpret\u00e1cia tvrdenia antick\u00e9ho filozofa Herakleita o\u00a0tom, \u017ee v\u0161etko sa neust\u00e1le men\u00ed. Slovami \u201eEverything counts\u201c nie\u010do podobn\u00e9 kon\u0161tatuje i synthpopov\u00e1 skupina Depeche Mode, na ktorej hudbe sme mnoh\u00ed vyrastali.\u00a0 Ka\u017ed\u00fd odbor postupne prech\u00e1dza zmenami, \u010d\u00edm sa upres\u0148uje aj pou\u017e\u00edvan\u00e9 n\u00e1zvoslovie.\u00a0 A v\u00a0ka\u017edom odvetv\u00ed sa n\u00e1jdu odborn\u00e9\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"cyberlock","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":851,"url":"https:\/\/preventista.sk\/info\/it-kriminalita-v-pracovnom-prostredi\/","url_meta":{"origin":2583,"position":2},"title":"IT kriminalita v pracovnom prostred\u00ed","author":"J. Oster","date":"1. augusta 2013","format":false,"excerpt":"Informa\u010dn\u00e9 technol\u00f3gie a\u00a0kriminalita. T\u00e9ma, ktor\u00e1 sa dnes rad\u00ed medzi nesporne najdiskutovanej\u0161ie t\u00e9my v\u00a0oblasti IT. Je opraden\u00e1\u00a0 \u010dasto r\u00fa\u0161kom ak\u00e9hosi tajomstva, podfarben\u00e1 medi\u00e1lnymi senz\u00e1ciami \u2013 na strane jednej \u010dasto mystifikovan\u00e1 \u2013 na strane druhej podce\u0148ovan\u00e1 a\u00a0t\u00fdm p\u00e1dom rizikov\u00e1. A\u00a0pr\u00e1ve jej podce\u0148ovanie, neakceptovanie hrozieb, ktor\u00e9 so sebou prin\u00e1\u0161a je d\u00f4vodom na to,\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/spolocne.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/spolocne.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/spolocne.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/spolocne.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4672,"url":"https:\/\/preventista.sk\/info\/cloud-stavebny-prvok-firiem-vysvetlenie-ponuky-sluzieb-2-cast-miniserialu\/","url_meta":{"origin":2583,"position":3},"title":"Cloud &#8211; stavebn\u00fd prvok firiem, vysvetlenie ponuky slu\u017eieb (2.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"24. janu\u00e1ra 2022","format":false,"excerpt":"Firmy v\u00a0r\u00e1mci svojich aktiv\u00edt sa potrebuj\u00fa orientova\u0165 v\u00fdlu\u010dne na svoj biznis, aby vedeli dobre a\u00a0spr\u00e1vne a\u00a0v\u010das reagova\u0165 na zmeny trhu. St\u00e1le menej a\u00a0menej sa chc\u00fa zaobera\u0165 spr\u00e1vou svojho IT. Pre firmy je jednoduch\u0161ie zdie\u013ea\u0165 v\u00fdpo\u010dtov\u00e9 a\u00a0d\u00e1tov\u00e9 zdroje a\u00a0prenies\u0165 zodpovednos\u0165 za riadenie na in\u00fa firmu. Cloud sa\u00a0 pomaly, ale isto st\u00e1va\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/image.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/image.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/image.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":4726,"url":"https:\/\/preventista.sk\/info\/preco-sa-cloud-podoba-olympijskemu-bazenu-4-cast-miniserialu\/","url_meta":{"origin":2583,"position":4},"title":"Pre\u010do sa cloud podob\u00e1 olympijsk\u00e9mu baz\u00e9nu? (4.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"17. febru\u00e1ra 2022","format":false,"excerpt":"Predch\u00e1dzaj\u00faci \u010dl\u00e1nok (Cloud \u2013 stavebn\u00e9 prvky a\u00a0hranice zodpovednosti) pribli\u017euje stavebn\u00e9 prvky cloudu, ktor\u00e9 je mo\u017en\u00e9 vyu\u017ei\u0165 v\u00a0s\u00falade s\u00a0na\u0161imi potrebami vyu\u017ei\u0165 slu\u017eby, ktor\u00e9 cloud prostredie poskytuje. Niekedy potrebujeme vyu\u017ei\u0165 len infra\u0161trukt\u00farne slu\u017eby, t.j. pam\u00e4\u0165ov\u00fd a\u00a0procesorov\u00fd v\u00fdkon, alebo \u00falo\u017eisko, inokedy je potrebn\u00e9 vyu\u017ei\u0165 sk\u00f4r komplexnej\u0161ie slu\u017eby. V\u00a0z\u00e1vislosti od typu zapojen\u00fdch\u00a0 slu\u017eieb sa\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":2593,"url":"https:\/\/preventista.sk\/info\/bezpecne-hranice-cast-2-penetracne-testy-v-praxi\/","url_meta":{"origin":2583,"position":5},"title":"Bezpe\u010dn\u00e9 hranice  \u010cas\u0165 2: Penetra\u010dn\u00e9 testy v praxi","author":"I. Makatura","date":"17. febru\u00e1ra 2015","format":false,"excerpt":"V\u00a0prvej \u010dasti \u010dl\u00e1nku som op\u00edsal z\u00e1kladn\u00fd pr\u00edstup ku penetra\u010dn\u00e9mu testovaniu a\u00a0rozdelenie typov penetra\u010dn\u00fdch testov. Ako je v\u0161ak penetra\u010dn\u00e9 testovanie vykon\u00e1van\u00e9 v\u00a0praxi? Je jasn\u00e9, \u017ee ak m\u00e1 by\u0165 po\u010d\u00edta\u010dov\u00fa sie\u0165 podroben\u00e1 simul\u00e1cii re\u00e1lneho bezpe\u010dnostn\u00e9ho \u00fatoku, je bezpodmiene\u010dne nutn\u00e9 zapodieva\u0165 sa podrobnou pr\u00edpravou a pl\u00e1novan\u00edm \u010dinnost\u00ed. A\u00a0ak m\u00e1 poctiv\u00fd pentest posl\u00fa\u017ei\u0165 dobrej\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"bezpe\u010dne hranice pic","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice2.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice2.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice2.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice2.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/comments?post=2583"}],"version-history":[{"count":8,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2583\/revisions"}],"predecessor-version":[{"id":2591,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2583\/revisions\/2591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media\/2592"}],"wp:attachment":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media?parent=2583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/categories?post=2583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/tags?post=2583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}