{"id":2593,"date":"2015-02-17T08:30:15","date_gmt":"2015-02-17T07:30:15","guid":{"rendered":"http:\/\/preventista.sk\/info\/?p=2593"},"modified":"2015-03-23T21:23:15","modified_gmt":"2015-03-23T20:23:15","slug":"bezpecne-hranice-cast-2-penetracne-testy-v-praxi","status":"publish","type":"post","link":"https:\/\/preventista.sk\/info\/bezpecne-hranice-cast-2-penetracne-testy-v-praxi\/","title":{"rendered":"Bezpe\u010dn\u00e9 hranice  \u010cas\u0165 2: Penetra\u010dn\u00e9 testy v praxi"},"content":{"rendered":"<p><em>V\u00a0prvej \u010dasti \u010dl\u00e1nku som op\u00edsal z\u00e1kladn\u00fd pr\u00edstup ku penetra\u010dn\u00e9mu testovaniu a\u00a0rozdelenie typov penetra\u010dn\u00fdch testov. Ako je v\u0161ak penetra\u010dn\u00e9 testovanie vykon\u00e1van\u00e9 v\u00a0praxi? Je jasn\u00e9, \u017ee ak m\u00e1 by\u0165 po\u010d\u00edta\u010dov\u00fa sie\u0165 podroben\u00e1 simul\u00e1cii re\u00e1lneho bezpe\u010dnostn\u00e9ho \u00fatoku, je bezpodmiene\u010dne nutn\u00e9 zapodieva\u0165 sa podrobnou pr\u00edpravou a pl\u00e1novan\u00edm \u010dinnost\u00ed. A\u00a0ak m\u00e1 poctiv\u00fd pentest posl\u00fa\u017ei\u0165 dobrej veci, potom je na z\u00e1ver pravda\u017ee o\u010dak\u00e1van\u00fd aj n\u00e1vrh protiopatren\u00ed.<\/em><\/p>\n<h1><a name=\"_Toc411791293\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791293\"><\/a>Koordin\u00e1cia penetra\u010dn\u00e9ho testovania<\/h1>\n<p>Penetra\u010dn\u00e9 testovanie je vzh\u013eadom na svoju kritickos\u0165 obzvl\u00e1\u0161\u0165 citliv\u00e9 na vz\u00e1jomn\u00fa koordin\u00e1ciu viacer\u00fdch ent\u00edt v\u00a0r\u00e1mci organiz\u00e1cie. Koordin\u00e1cia by mala by\u0165 s\u00fa\u010das\u0165ou pl\u00e1nu testovania.<\/p>\n<p>N\u00e1le\u017eit\u00e1 koordin\u00e1cia testovania zaru\u010d\u00ed \u017ee:<\/p>\n<ul>\n<li>v\u0161etky zainteresovan\u00e9 strany si bud\u00fa vedom\u00e9 rozvrhu testovania, s\u00favisiacich aktiv\u00edt, po\u017eiadaviek na zdroje a\u00a0potenci\u00e1lneho dopadu na cie\u013eov\u00e9 syst\u00e9my,<\/li>\n<li>testovanie nebude vykon\u00e1van\u00e9 po\u010das in\u00fdch kritick\u00fdch \u010dinnost\u00ed, napr. po\u010das v\u00fdkonu upgrade, implement\u00e1cie, integr\u00e1cie, alebo z\u00e1sadn\u00fdch zmien technol\u00f3gi\u00ed alebo v in\u00fdch \u010dasoch, ke\u010f je nevhodn\u00e9 vy\u0165a\u017eova\u0165 syst\u00e9my testovan\u00edm, napr\u00edklad v term\u00ednoch \u00fa\u010dtovn\u00fdch uz\u00e1vierok, v \u010dase pravidelne vysok\u00e9ho vy\u0165a\u017eenia, at\u010f.,<\/li>\n<li>testeri bud\u00fa vybaven\u00ed po\u017eadovan\u00fdmi \u00farov\u0148ami pr\u00edstupu do priestorov aj do syst\u00e9mov,<\/li>\n<li>pr\u00edslu\u0161n\u00ed riadiaci zamestnanci bud\u00fa okam\u017eite informovan\u00ed o v\u0161etk\u00fdch kritick\u00fdch zranite\u013enostiach ihne\u010f, ako bud\u00fa zisten\u00e9,<\/li>\n<li>pr\u00edslu\u0161n\u00ed zamestnanci a dod\u00e1vatelia bud\u00fa informovan\u00ed o pl\u00e1novanom v\u00fdkone testov a pr\u00edpadnom incidente alebo v\u00fdpadku slu\u017eieb sp\u00f4sobenom testami (najm\u00e4 testeri, aud\u00edtori, t\u00edm reakcie na bezpe\u010dnostn\u00e9 po\u010d\u00edta\u010dov\u00e9 incidenty, vedenie organiz\u00e1cie a v\u0161etci zainteresovan\u00ed \u010dlenovia vy\u0161\u0161ieho mana\u017ementu),<\/li>\n<li>v pr\u00edpade incidentu alebo v\u00fdpadku slu\u017eieb sp\u00f4sobenom testami, bude penetra\u010dn\u00e9 testovanie preru\u0161en\u00e9 a op\u00e4tovne bude spusten\u00e9 a\u017e na z\u00e1klade vopred dohodnut\u00e9ho potvrdenia zo strany zodpovedn\u00e9ho riadiaceho zamestnanca.<\/li>\n<\/ul>\n<h1><a name=\"_Toc350725187\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc350725187\"><\/a><a name=\"_Toc411791294\"><\/a><a name=\"_Toc351063924\"><\/a>Logistika testovania<\/h1>\n<p>Koordin\u00e1cia, zos\u00faladenie, prepojenie a optimaliz\u00e1cia toku procesov s\u00favisiacich s\u00a0v\u00fdkonom testovania zah\u0155\u0148a identifik\u00e1ciu a\u00a0vyhradenie v\u0161etk\u00fdch zdrojov potrebn\u00fdch na v\u00fdkon penetra\u010dn\u00e9ho testovania, zaistenie prostredia, z\u00a0ktor\u00e9ho bude vykon\u00e1van\u00e9 testovanie a\u00a0zadov\u00e1\u017eenie po\u017eadovan\u00fdch technick\u00fdch prostriedkov a\u00a0softv\u00e9ru.<\/p>\n<p>Je d\u00f4le\u017eit\u00e9 si uvedomi\u0165, \u017ee logistick\u00e9 po\u017eiadavky sa l\u00ed\u0161ia pod\u013ea testovac\u00edch f\u00e1z. Napr\u00edklad v\u00a0z\u00e1vislosti na rozsahu testovania m\u00f4\u017eu jednotliv\u00e9 testy vytvori\u0165 n\u00e1roky na dodato\u010dn\u00e9 zdroje, prostriedky alebo logistick\u00e9 po\u017eiadavky, ako napr.\u00a0 po\u017eiadavku na obhliadku\u00a0 na mieste, pre extern\u00fd testovac\u00ed t\u00edm, doru\u010denie \u010fal\u0161\u00edch zariaden\u00ed do priestorov klienta a\u00a0ich in\u0161tal\u00e1ciu za \u00fa\u010delom roz\u0161\u00edrenia, resp. upresnenia testovac\u00edch predpokladov, pl\u00e1novanie pracovn\u00fdch ciest at\u010f.<\/p>\n<p>Jednou z\u00a0najbe\u017enej\u0161\u00edch po\u017eiadaviek testerov b\u00fdva po\u017eiadavka na poskytnutie s\u00fa\u010dinnosti jednotliv\u00fdch pracovn\u00fdch rol\u00ed na strane organiz\u00e1cie. \u0160pecificky s\u00fa to predov\u0161etk\u00fdm:<\/p>\n<ul>\n<li>spr\u00e1vcovia aplik\u00e1ci\u00ed,<\/li>\n<li>spr\u00e1vcovia po\u010d\u00edta\u010dovej siete,<\/li>\n<li>spr\u00e1vcovia datab\u00e1z,<\/li>\n<li>spr\u00e1vcovia opera\u010dn\u00fdch syst\u00e9mov,<\/li>\n<li>\u0161pecialisti informa\u010dnej bezpe\u010dnosti.<\/li>\n<\/ul>\n<h1><a name=\"_Toc411791295\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791295\"><\/a><a name=\"_Toc351063925\"><\/a>Testovacie f\u00e1zy<\/h1>\n<p>Na nasleduj\u00facom obr\u00e1zku \u010d. 1\u00a0 s\u00fa schematicky zobrazen\u00e9 tri z\u00e1kladn\u00e9 f\u00e1zy penetra\u010dn\u00e9ho testu a\u00a0f\u00e1za aktiv\u00edt po skon\u010den\u00ed testovania, ktor\u00fa pre zjednodu\u0161enie mo\u017eno nazva\u0165 reporting.<\/p>\n<div id=\"attachment_2573\" style=\"width: 540px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-2573\" data-attachment-id=\"2573\" data-permalink=\"https:\/\/preventista.sk\/info\/fazy\/\" data-orig-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?fit=530%2C257&amp;ssl=1\" data-orig-size=\"530,257\" data-comments-opened=\"1\" data-image-title=\"fazy\" data-image-description=\"&lt;p&gt;Obr\u00e1zok \u010d.1 F\u00e1zy penetra\u010dn\u00e9ho testu&lt;\/p&gt;\n\" data-image-caption=\"&lt;p&gt;Obr\u00e1zok \u010d.1. F\u00e1zy penetra\u010dn\u00e9ho testu&lt;\/p&gt;\n\" data-large-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?fit=530%2C257&amp;ssl=1\" class=\"size-full wp-image-2573\" src=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?resize=530%2C257&#038;ssl=1\" alt=\"Obr\u00e1zok \u010d.1. F\u00e1zy penetra\u010dn\u00e9ho testu\" width=\"530\" height=\"257\" srcset=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?w=530&amp;ssl=1 530w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?resize=320%2C155&amp;ssl=1 320w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/fazy.jpg?resize=450%2C218&amp;ssl=1 450w\" sizes=\"auto, (max-width: 530px) 100vw, 530px\" \/><\/a><p id=\"caption-attachment-2573\" class=\"wp-caption-text\">Obr\u00e1zok \u010d.1. F\u00e1zy penetra\u010dn\u00e9ho testu<\/p><\/div>\n<p>&nbsp;<\/p>\n<h2><a name=\"_Toc411791296\"><\/a><a name=\"_Toc351063926\"><\/a><a name=\"_Toc350725188\"><\/a>F\u00e1za pl\u00e1novania<\/h2>\n<p>Vo f\u00e1ze pl\u00e1novania s\u00fa definovan\u00e9 pravidl\u00e1, zabezpe\u010duje sa schv\u00e1lenie zo strany \u0161tatut\u00e1rnych z\u00e1stupcov organiz\u00e1cie a\u00a0s\u00fa stanoven\u00e9 ciele testu. V\u00a0r\u00e1mci pl\u00e1novacej f\u00e1zy\u00a0 s\u00fa vybudovan\u00e9 z\u00e1klady pre \u00faspe\u0161n\u00fd penetra\u010dn\u00fd test. V\u00a0tejto f\u00e1ze nie s\u00fa vykon\u00e1van\u00e9 \u017eiadne konkr\u00e9tne testy.<\/p>\n<h2><a name=\"_Toc411791297\"><\/a><a name=\"_Toc351063927\"><\/a><a name=\"_Toc350725189\"><\/a>F\u00e1za prieskumu<\/h2>\n<p>F\u00e1za prieskumu sa sklad\u00e1 z\u00a0dvoch \u010dast\u00ed. Prvou je spustenie re\u00e1lneho testu, av\u0161ak iba so zameran\u00edm na pas\u00edvne z\u00edskanie inform\u00e1ci\u00ed. Tester predov\u0161etk\u00fdm potrebuje oscannova\u0165 otvoren\u00e9 sie\u0165ov\u00e9 porty, identifikova\u0165 dostupn\u00e9 sie\u0165ov\u00e9 protokoly a identifikova\u0165 spusten\u00e9 slu\u017eby &#8211; to v\u0161etko za \u00fa\u010delom identifik\u00e1cie potenci\u00e1lnych cie\u013eov. Na prieskum s\u00fa pou\u017eit\u00e9 r\u00f4zne techniky, ako napr.:<\/p>\n<ul>\n<li>z\u00edskanie n\u00e1zvov serverov a pracovn\u00fdch stan\u00edc a z\u00edskanie IP adries pomocou mnoh\u00fdch met\u00f3d, vr\u00e1tane dotazov na DNS, WHOIS dotazov, sniffovania siete at\u010f.,<\/li>\n<li>z\u00edskanie mien zamestnancov organiz\u00e1cie, kontaktn\u00fdch inform\u00e1ci\u00ed, inform\u00e1ci\u00ed o\u00a0identit\u00e1ch, napr. prostredn\u00edctvom web serverov alebo adres\u00e1rov\u00fdch slu\u017eieb,<\/li>\n<li>z\u00edskanie syst\u00e9mov\u00fdch inform\u00e1ci\u00ed, ako napr\u00edklad n\u00e1zvov zdie\u013ean\u00fdch zdrojov -tieto m\u00f4\u017eu by\u0165 vyh\u013eadan\u00e9 napr. pomocou v\u00fdpisov NetBIOS a NIS (Network Information System),<\/li>\n<li>\u00fadaje o aplik\u00e1ci\u00e1ch a\u00a0slu\u017eb\u00e1ch, ako napr. n\u00e1zvov verzi\u00ed, napr. pomocou banner grabbing-u.<\/li>\n<\/ul>\n<p>V\u00a0niektor\u00fdch pr\u00edpadoch s\u00fa pou\u017eit\u00e9 doplnkov\u00e9 met\u00f3dy, ako napr\u00edklad aj vyh\u013ead\u00e1vanie pozostatkov inform\u00e1ci\u00ed v\u00a0tla\u010denej forme v\u00a0odpadkov\u00fdch ko\u0161och a\u00a0v\u00a0separovanom zbere (tzv. \u201edumpster diving\u201c) alebo fyzick\u00e1 obhliadka priestorov, ktor\u00e1 m\u00f4\u017ee by\u0165 \u00fa\u010delne vyu\u017eit\u00e1 na zozbieranie dodato\u010dn\u00fdch inform\u00e1ci\u00ed o\u00a0cie\u013eovej po\u010d\u00edta\u010dovej sieti, alebo na rozkrytie dodato\u010dn\u00fdch inform\u00e1ci\u00ed,\u00a0 ktor\u00e9 nie je mo\u017en\u00e9 z\u00edska\u0165 prostredn\u00edctvom penetra\u010dn\u00e9ho testu (napr. hesl\u00e1 zap\u00edsan\u00e9 na papieri, at\u010f.).<\/p>\n<p>Druhou \u010das\u0165ou prieskumnej f\u00e1zy je anal\u00fdza zranite\u013enost\u00ed, \u010do zah\u0155\u0148a porovn\u00e1vanie spusten\u00fdch slu\u017eieb, aplik\u00e1ci\u00ed a\u00a0opera\u010dn\u00fdch syst\u00e9mov, ako aj n\u00e1zvov scannovan\u00fdch hostite\u013eov oproti zn\u00e1mym datab\u00e1zam zranite\u013enost\u00ed.<\/p>\n<p>Proces porovn\u00e1vania oproti zn\u00e1mym datab\u00e1zam zranite\u013enost\u00ed je v\u00a0scannovac\u00edch n\u00e1strojoch zvy\u010dajne zabudovan\u00fd a\u00a0teda automatick\u00fd, no v\u00a0neposlednom rade s\u00fa to tie\u017e testerove vlastn\u00e9 znalosti o\u00a0zranite\u013enostiach, ktor\u00e9 prispej\u00fa ku \u00faspe\u0161n\u00e9mu penetra\u010dn\u00e9mu testu. Manu\u00e1lny postup identifik\u00e1cie zranite\u013enost\u00ed m\u00f4\u017ee pom\u00f4c\u0165 identifik\u00e1cii nov\u00fdch nezn\u00e1mych zranite\u013enost\u00ed, av\u0161ak je v\u00fdrazne zd\u013ahavej\u0161\u00ed, ne\u017e automatick\u00fd scan.<\/p>\n<h2><a name=\"_Toc411791298\"><\/a><a name=\"_Toc351063928\"><\/a><a name=\"_Toc350725190\"><\/a>F\u00e1za \u00fatoku<\/h2>\n<p>Vykonanie \u00fatoku je hlavn\u00fdm zmyslom ka\u017ed\u00e9ho penetra\u010dn\u00e9ho testovania. Na nasleduj\u00facom obr\u00e1zku \u010d. 2 s\u00fa zobrazen\u00e9 parci\u00e1lne kroky vykon\u00e1van\u00e9 testerom vo f\u00e1ze \u00fatoku.\u00a0 Prim\u00e1rne sa jedn\u00e1 o\u00a0proces overenia zranite\u013enost\u00ed identifikovan\u00fdch v\u00a0predch\u00e1dzaj\u00facej f\u00e1ze a\u00a0snaha o\u00a0ich vyu\u017eitie. Ak je \u00fatok \u00faspe\u0161n\u00fd, zranite\u013enosti s\u00fa verifikovan\u00e9, \u010d\u00edm je identifikovan\u00fd sp\u00f4sob ich zabezpe\u010denia a\u00a0mo\u017en\u00e9 protiopatrenia asociovan\u00e9 k\u00a0jednotliv\u00fdm bezpe\u010dnostn\u00fdm rizik\u00e1m.<\/p>\n<div id=\"attachment_2574\" style=\"width: 541px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-2574\" data-attachment-id=\"2574\" data-permalink=\"https:\/\/preventista.sk\/info\/faza-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?fit=531%2C245&amp;ssl=1\" data-orig-size=\"531,245\" data-comments-opened=\"1\" data-image-title=\"f\u00e1za 2\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;Obr\u00e1zok \u010d.2. \tJednotliv\u00e9 kroky vo f\u00e1ze \u00fatoku &lt;\/p&gt;\n\" data-large-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?fit=531%2C245&amp;ssl=1\" class=\"size-full wp-image-2574\" src=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?resize=531%2C245&#038;ssl=1\" alt=\"Obr\u00e1zok \u010d.2. Jednotliv\u00e9 kroky vo f\u00e1ze \u00fatoku \" width=\"531\" height=\"245\" srcset=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?w=531&amp;ssl=1 531w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?resize=320%2C148&amp;ssl=1 320w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/f%C3%A1za-2.jpg?resize=450%2C208&amp;ssl=1 450w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><\/a><p id=\"caption-attachment-2574\" class=\"wp-caption-text\">Obr\u00e1zok \u010d.2. Jednotliv\u00e9 kroky vo f\u00e1ze \u00fatoku<\/p><\/div>\n<p>&nbsp;<\/p>\n<h1><a name=\"_Toc411791299\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791299\"><\/a><a name=\"_Toc351063929\"><\/a><a name=\"_Toc350725192\"><\/a>Po skon\u010den\u00ed testovania&#8230;<\/h1>\n<p>Po ukon\u010den\u00ed f\u00e1zy \u00fatoku maj\u00fa testeri k\u00a0dispoz\u00edcii zistenia o\u00a0zranite\u013enostiach cie\u013eov\u00fdch syst\u00e9mov a\u00a0po\u010d\u00edta\u010dovej siete. Organiz\u00e1cia by mala vyu\u017ei tieto zistenia na spustenie aktiv\u00edt, ktor\u00e9 poved\u00fa ku zv\u00fd\u0161eniu \u00farovne bezpe\u010dnosti, t.j. prist\u00fapi\u0165 k\u00a0ur\u00fdchlen\u00e9mu n\u00e1vrhu protiopatren\u00ed na identifikovan\u00e9 rizik\u00e1.<\/p>\n<p>F\u00e1za \u00fatoku m\u00e1 by\u0165 ukon\u010den\u00e1 nasledovn\u00fdmi aktivitami:<\/p>\n<ul>\n<li>v\u00fdkon fin\u00e1lnej anal\u00fdzy a\u00a0 n\u00e1vrh aktiv\u00edt ved\u00facich k o\u0161etreniu zisten\u00fdch riz\u00edk,<\/li>\n<li>spracovanie z\u00e1vere\u010dnej spr\u00e1vy (tzv. Follow-up report) a jej prezentovanie na pr\u00edslu\u0161nom f\u00f3re,<\/li>\n<li>pomoc s pr\u00edpravou pl\u00e1nu implement\u00e1cie protiopatren\u00ed.<\/li>\n<\/ul>\n<p>Mnoh\u00e9 z\u00a0vy\u0161\u0161ie spomenut\u00fdch aktiv\u00edt u\u017e s\u00edce nie s\u00fa priamou s\u00fa\u010das\u0165ou penetra\u010dn\u00e9ho testovania, av\u0161ak predstavuj\u00fa hlavn\u00fa pridan\u00fa hodnotu cel\u00e9ho v\u00fdkonu testovania. V\u00fdstupy penetra\u010dn\u00e9ho testovania m\u00f4\u017eu a\u00a0mali by by\u0165 \u010falej rozpracovan\u00e9 v\u00a0anal\u00fdze riz\u00edk, \u010do je v\u0161ak u\u017e \u00falohou zamestnancov podniku, nie testerov.<\/p>\n<h2><a name=\"_Toc411791300\"><\/a><a name=\"_Toc351063930\"><\/a><a name=\"_Toc350725193\"><\/a>Reporting<\/h2>\n<p>Report pod\u013ea synonymick\u00e9ho slovn\u00edka znamen\u00e1 spr\u00e1vu, ozn\u00e1menie, hl\u00e1senie, v\u00fdkaz. Zjednodu\u0161ene je teda mo\u017en\u00e9 poveda\u0165, \u017ee cie\u013eom reportov z\u00a0penetra\u010dn\u00fdch testov je\u00a0 ozn\u00e1mi\u0165 organiz\u00e1cii zisten\u00e9 zranite\u013enosti a\u00a0navrhn\u00fa\u0165 sp\u00f4sob ich o\u0161etrenia.<\/p>\n<p>V\u00fdsledky penetra\u010dn\u00fdch testov m\u00f4\u017eu by\u0165 pou\u017eit\u00e9 nasleduj\u00facimi sp\u00f4sobmi:<\/p>\n<ul>\n<li>ako referen\u010dn\u00fd bod pre zapo\u010datie n\u00e1pravn\u00fdch aktiv\u00edt,<\/li>\n<li>v mitiga\u010dn\u00fdch opatreniach smerovan\u00fdch na rie\u0161enie identifikovan\u00fdch zranite\u013enost\u00ed,<\/li>\n<li>ako metrika pre sledovanie dosahovania bezpe\u010dnostn\u00fdch po\u017eiadaviek,<\/li>\n<li>na vyhodnocovanie stavu implement\u00e1cie syst\u00e9mov\u00fdch bezpe\u010dnostn\u00fdch po\u017eiadaviek,<\/li>\n<li>na vyhodnocovanie efektivity opatren\u00ed prijat\u00fdch na zlep\u0161enie syst\u00e9movej bezpe\u010dnosti.<\/li>\n<\/ul>\n<p>V\u00fdsledky testovania by mali by\u0165 zdokumentovan\u00e9 a\u00a0spr\u00edstupnen\u00e9 pr\u00edslu\u0161n\u00fdm zodpovedn\u00fdm zamestnancom a\u00a0taktie\u017e vlastn\u00edkom dotknut\u00fdch procesov a syst\u00e9mov. Ke\u010f\u017ee report m\u00f4\u017ee ma\u0165 viacer\u00fdch pr\u00edjemcov, je nutn\u00e9 report pripravi\u0165 vo viacer\u00fdch verzi\u00e1ch, \u010do zabezpe\u010d\u00ed, \u017ee v\u0161etky inform\u00e1cie s\u00fa n\u00e1le\u017eite adresovan\u00e9.<\/p>\n<p>Po\u010das pr\u00edpravy testovania a\u00a0pr\u00edprave zmluvy je potrebn\u00e9 zv\u00e1\u017ei\u0165, \u010di bud\u00fa sprac\u00favan\u00e9 aj predbe\u017en\u00e9 reporty, spr\u00e1vy a z\u00e1pisy, napr\u00edklad:<\/p>\n<ul>\n<li>reporty vykon\u00e1van\u00e9 po\u010das \u0161tandardn\u00e9ho stavu testovania:<\/li>\n<li>denn\u00fd s\u00fahrn,<\/li>\n<li>priebe\u017en\u00fd s\u00fahrn,<\/li>\n<li>z\u00e1vere\u010dn\u00fd rozbor testu resp. testovacej met\u00f3dy.<\/li>\n<li>Reporty vykon\u00e1van\u00e9 pri v\u00fdskyte mimoriadneho stavu:<\/li>\n<li>spr\u00e1va o identifik\u00e1cii kritickej zranite\u013enosti \/ exploitu,<\/li>\n<li>spr\u00e1va o identifik\u00e1cii predch\u00e1dzaj\u00faceho, doteraz nezisten\u00e9ho prieniku,<\/li>\n<li>spr\u00e1va o podozren\u00ed o sp\u00e1chan\u00ed trestn\u00e9ho \u010dinu, resp. spr\u00e1va o identifik\u00e1cii zjavn\u00e9ho naplnenia skutkovej podstaty trestn\u00e9ho \u010dinu (napr. odhalen\u00e1 detsk\u00e1 pornografia, odhalen\u00e9 znaky propag\u00e1cie fa\u0161izmu, alebo in\u00e9ho extr\u00e9mizmu, at\u010f.).<\/li>\n<\/ul>\n<h2><a name=\"_Toc411791301\"><\/a><a name=\"_Toc351063931\"><\/a><a name=\"_Toc350725194\"><\/a>Odpor\u00fa\u010dania na implement\u00e1ciu protiopatren\u00ed<\/h2>\n<p>V\u00e4\u010d\u0161ia \u010das\u0165 anal\u00fdz je vykon\u00e1van\u00e1 u\u017e po\u010das priebehu testovania. Z\u00e1vere\u010dn\u00e1 anal\u00fdza by v\u0161ak u\u017e mala zah\u0155\u0148a\u0165 aj n\u00e1vrh mitiga\u010dn\u00fdch opatren\u00ed. Tak, ako je d\u00f4le\u017eit\u00e1 spr\u00e1vna identifik\u00e1cia zranite\u013enost\u00ed, penetra\u010dn\u00fd test m\u00e1 vy\u0161\u0161iu pridan\u00fa hodnotu ak v\u00a0z\u00e1vere pon\u00faka aj n\u00e1vrh opatren\u00ed na o\u0161etrenie zisten\u00fdch zranite\u013enost\u00ed a\u00a0riz\u00edk.<\/p>\n<p>Odpor\u00fa\u010danie, vr\u00e1tane \u201eroot cause\u201c anal\u00fdzy, by mali by\u0165 spracovan\u00e9 pre v\u0161etky zistenia. Opatrenia m\u00f4\u017eu by\u0165 technick\u00e9ho charakteru (napr. n\u00e1vrh na nasadenie konkr\u00e9tnej syst\u00e9movej z\u00e1platy) alebo procesn\u00e9ho charakteru (napr. n\u00e1vrh na zmenu postupu v\u00a0nasadzovan\u00ed syst\u00e9mov\u00fdch z\u00e1plat).<\/p>\n<p>Pr\u00edkladmi mitiga\u010dn\u00fdch opatren\u00ed s\u00fa n\u00e1vrhy na zmeny polit\u00edk, procesov, n\u00e1vrhy na modifik\u00e1ciu proced\u00far, n\u00e1vrhy na zmenu bezpe\u010dnostnej architekt\u00fary, nasadenie nov\u00fdch bezpe\u010dnostn\u00fdch technol\u00f3gi\u00ed, alebo nasadenie z\u00e1plat opera\u010dn\u00fdch syst\u00e9mov alebo aplik\u00e1ci\u00ed.<\/p>\n<h1><a name=\"_Toc351063932\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc351063932\"><\/a><a name=\"_Toc350725195\"><\/a><a name=\"_Toc411791302\"><\/a>Testovacie n\u00e1stroje<\/h1>\n<p>Je potrebn\u00e9 uvies\u0165, \u017ee nejestvuj\u00fa komer\u010dne vyv\u00edjan\u00e9 \u0161peci\u00e1lne softv\u00e9rov\u00e9 n\u00e1stroje ur\u010den\u00e9 na penetra\u010dn\u00e9 testovanie. Je to z\u00a0toho d\u00f4vodu, \u017ee trh tak\u00fdchto n\u00e1strojov je vysoko \u0161pecifick\u00fd a\u00a0teda cie\u013eov\u00e1 skupina z\u00e1ujemcov o\u00a0tak\u00fdto SW je pr\u00edli\u0161 mal\u00e1, oproti \u010domu je mo\u017en\u00e9 o\u010dak\u00e1va\u0165, \u017ee n\u00e1klady na v\u00fdvoj komplexn\u00e9ho a\u00a0univerz\u00e1lneho SW bal\u00edka,\u00a0 ur\u010den\u00e9ho na penetra\u010dn\u00e9 testovanie, by boli vysok\u00e9 a\u00a0teda zrejme vynalo\u017een\u00e9 neefekt\u00edvne.<\/p>\n<p>Na druhej strane jestvuje dostato\u010dn\u00e9 mno\u017estvo exploitov a\u00a0 n\u00e1strojov pou\u017eite\u013en\u00fdch pre \u00fatok a\u00a0napriek tomu, \u017ee s\u00fa v\u00e4\u010d\u0161inou zalo\u017een\u00e9 na vo\u013ene \u0161\u00edrite\u013en\u00fdch licenci\u00e1ch, ich podpora je \u0161tandardn\u00e1 a\u00a0dlhodobo stabilne dostupn\u00e1. V\u00e4\u010d\u0161inou sa jedn\u00e1 o\u00a0kompaktn\u00e9 Linux distrib\u00facie, zameran\u00e9 na penetra\u010dn\u00e9 testovanie, obsahuj\u00face sadu \u0161pecializovan\u00fdch n\u00e1strojov.<\/p>\n<p>Z\u00a0mnoh\u00fdch je mo\u017en\u00e9 vymenova\u0165 napr\u00edklad:<\/p>\n<ul>\n<li>Blackbuntu: <a href=\"http:\/\/www.blackbuntu.com\/\">http:\/\/www.blackbuntu.com\/<\/a><\/li>\n<li>Backtrack: <a href=\"http:\/\/www.backtrack-linux.org\/\">http:\/\/www.backtrack-linux.org\/<\/a>\n<ul>\n<li>(pozn. redakcie: aktu\u00e1lne sa v\u00fdvoj Backtrack-u zmenil na v\u00fdvoj OS Kali Linux\u00a0https:\/\/www.offensive-security.com\/community-projects\/kali-linux\/)<\/li>\n<\/ul>\n<\/li>\n<li>Knoppix Security Tool Distribution (STD) <a href=\"http:\/\/s-t-d.org\/\">http:\/\/s-t-d.org\/<\/a><\/li>\n<\/ul>\n<p>\u017div\u00e9 distrib\u00facie t\u00fdchto syst\u00e9mov s\u00fa \u00fazko zameran\u00e9 na penetra\u010dn\u00e9 testovanie a s\u00fa verejne dostupn\u00e9. \u017div\u00fdmi sa tieto distrib\u00facie naz\u00fdvaj\u00fa preto, \u017ee ich je mo\u017en\u00e9 zav\u00e1dza\u0165 priamo z\u00a0CD m\u00e9dia, z\u00a0externej\u00a0 USB pam\u00e4te alebo externej diskovej jednotky, pri\u010dom nie s\u00fa in\u0161talovan\u00e9 na ak\u00fako\u013evek \u017eiv\u00fa part\u00edciu po\u010d\u00edta\u010da, ani nezanech\u00e1vaj\u00fa na po\u010d\u00edta\u010di stopy (napr. vo forme z\u00e1znamov v\u00a0registri).<\/p>\n<h2><a name=\"_Toc411791303\"><\/a>Pr\u00edklad testovacieho n\u00e1stroja<\/h2>\n<p>Rozoberme si trochu podrobnej\u0161ie obsahu distrib\u00facie Backtrack.<\/p>\n<p>BackTrack je odvoden\u00fd z\u00a0dvoch samostatn\u00fdch \u017eiv\u00fdch bezpe\u010dnostn\u00fdch Linuxov\u00fdch distrib\u00faci\u00ed, WHAX a Auditor Security Collection.<\/p>\n<p>Obe boli ve\u013emi popul\u00e1rne pre po\u010detnos\u0165 obsiahnut\u00fdch bezpe\u010dnostn\u00fdch n\u00e1strojov s\u00a0jednoduch\u00fdm pou\u017eit\u00edm. Kr\u00e1tko po svojom vzniku, obe distrib\u00facie za\u010dali spolupracova\u0165,\u00a0 \u010doho v\u00fdsledkom bola v\u00a0m\u00e1ji 2006 prv\u00e1 non-beta verzia, premenovan\u00e1 na BackTrack. BackTrack sa ve\u013emi r\u00fdchlo stal a\u00a0st\u00e1le zost\u00e1va favoritom pre mnoh\u00fdch bezpe\u010dnostn\u00fdch profesion\u00e1lov.<\/p>\n<p>Syst\u00e9m obsahuje kolekciu viac ne\u017e 300 n\u00e1strojov na prieskum siete, scannovanie, sniffing, l\u00e1manie hesiel, testovanie kan\u00e1lov vzdialen\u00e9ho pr\u00edstupu, testovanie Bluetooth technol\u00f3gie, forenzn\u00fa anal\u00fdzu a\u00a0penetra\u010dn\u00e9 testovanie. Umo\u017e\u0148uje pou\u017e\u00edvate\u013esk\u00fa modularitu, \u010do znamen\u00e1, \u017ee pou\u017e\u00edvate\u013e si m\u00f4\u017ee distrib\u00faciu prisp\u00f4sobi\u0165 pomocou prilo\u017een\u00fdch skriptov.<\/p>\n<p>BackTrack taktie\u017e obsahuje n\u00e1stroje na anal\u00fdzu Voice over Internet (VoIP) protokolov, Session Initiation Protokolu (SIP); n\u00e1stroje ako Cisco Global Exploiter (CGE) a Cisco Torch, ktor\u00e9 sa zameriavaj\u00fa pr\u00e1ve na Cisco syst\u00e9my a\u00a0taktie\u017e Metasploit n\u00e1stroj na anal\u00fdzu zranite\u013enost\u00ed. Ber\u00fac do \u00favahy zvy\u0161uj\u00facu sa d\u00f4le\u017eitos\u0165 testovania bezpe\u010dnosti aplik\u00e1ci\u00ed taktie\u017e obsahuj\u00fa n\u00e1stroje ako Peach, Fuzzer, Paros Proxy.<\/p>\n<p>V\u00a0nasleduj\u00facej tabu\u013eke s\u00fa uveden\u00e9 pr\u00edklady n\u00e1strojov dostupn\u00fdch v\u00a0distrib\u00facii BackTrack.<\/p>\n<p>&nbsp;<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"302\"><strong>Testovacia technika <\/strong><\/td>\n<td width=\"302\"><strong>Testovac\u00ed n\u00e1stroj<\/strong><\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"302\"><strong>Rev\u00edzia <\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Sniffovanie siete<\/td>\n<td width=\"302\">Dsniff, Ettercap, Kismet, Mailsnarf, Msgsnarf, Ntop, Phoss, SinFP, SMB Sniffer, Wireshark<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Kontrola integrity s\u00faborov<\/td>\n<td width=\"302\">Autopsy, Foremost, RootkitHunter, Sleuthkit<\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"302\"><strong>Anal\u00fdza a identifik\u00e1cia cie\u013ea<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Testovanie bezpe\u010dnosti aplik\u00e1ci\u00ed<\/td>\n<td width=\"302\">CIRT Fuzzer, Fuzzer 1.2, NetSed, Paros Proxy, Peach<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Prieskum\u00a0 siete<\/td>\n<td width=\"302\">Autonomous System Scanner, Ettercap, Firewalk, Netdiscover, Netenum, Netmask, Nmap, P0f, Tctrace, Umit<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Identifik\u00e1cia sie\u0165ov\u00fdch portov a\u00a0slu\u017eieb<\/td>\n<td width=\"302\">Amap, AutoScan, Netdiscover, Nmap, P0f, Umit, UnicornScan<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Sncannovanie zranite\u013enost\u00ed<\/td>\n<td width=\"302\">Firewalk, GFI LANguard, Hydra, Metasploit, Nmap, Paros Proxy, Snort, SuperScan<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Scannovanie bezdr\u00f4tov\u00fdch siet\u00ed<\/td>\n<td width=\"302\">Airsnarf, Airsnort, BdAddr, Bluesnarfer, Btscanner, FakeAP, GFI LANguard, Kismet, WifiTAP<\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"302\"><strong>Overenie zranite\u013enosti cie\u013ea <\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Password Cracking<\/td>\n<td width=\"302\">Hydra, John the Ripper, RainbowCrack, Rcrack, SIPcrack, SIPdump, TFTP-Brute, THC PPTP, VNCrack, WebCrack<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Testovanie vzdialen\u00e9ho Pr\u00edstupu<\/td>\n<td width=\"302\">IKEProbe, IKE-Scan, PSK-Crack, VNC_bypauth<\/td>\n<\/tr>\n<tr>\n<td width=\"302\">Penetra\u010dn\u00e9 testovanie<\/td>\n<td width=\"302\">Driftnet, Dsniff, Ettercap, Kismet, Metasploit, Nmap, Ntop, SinFP, SMB Sniffer, Wireshark<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h1><a name=\"_Toc411791304\"><\/a><\/h1>\n<hr class=\"poradna\" \/>\n<h1><a name=\"_Toc411791304\"><\/a><a name=\"_Toc351063933\"><\/a>Z\u00e1ver<\/h1>\n<p>Informa\u010dn\u00e1 bezpe\u010dnos\u0165 sa definuje ako &#8222;schopnos\u0165 siete alebo informa\u010dn\u00e9ho syst\u00e9mu ako celku odola\u0165 s ur\u010ditou \u00farov\u0148ou spo\u013eahlivosti n\u00e1hodn\u00fdm udalostiam alebo nez\u00e1konn\u00e9mu, alebo z\u00e1kern\u00e9mu konaniu, ktor\u00e9 ohrozuje dostupnos\u0165, pravos\u0165, integritu a d\u00f4vernos\u0165 uchov\u00e1van\u00fdch alebo pren\u00e1\u0161an\u00fdch \u00fadajov a s\u00favisiacich slu\u017eieb poskytovan\u00fdch, alebo pr\u00edstupn\u00fdch prostredn\u00edctvom t\u00fdchto siet\u00ed a\u00a0syst\u00e9mov\u201c.<\/p>\n<p>Ak m\u00e1 by\u0165 hodnotenie miery a\u00a0spr\u00e1vnosti protiopatren\u00ed implementovan\u00fdch s\u00a0cie\u013eom o\u0161etri\u0165 identifikovan\u00e9 rizik\u00e1 efekt\u00edvne, malo by okrem in\u00fdch metod\u00edk pozost\u00e1va\u0165 aj z\u00a0testovania odolnosti siete pomocou simulovan\u00e9ho pokusu o prienik, t.j. formou penetra\u010dn\u00e9ho testu.<\/p>\n<p>Ivan Makat\u00fara<\/p>\n","protected":false},"excerpt":{"rendered":"<p>V\u00a0prvej \u010dasti \u010dl\u00e1nku som op\u00edsal z\u00e1kladn\u00fd pr\u00edstup ku penetra\u010dn\u00e9mu testovaniu a\u00a0rozdelenie typov penetra\u010dn\u00fdch testov. Ako je v\u0161ak penetra\u010dn\u00e9 testovanie vykon\u00e1van\u00e9 v\u00a0praxi? Je jasn\u00e9, \u017ee ak m\u00e1 by\u0165 po\u010d\u00edta\u010dov\u00fa sie\u0165 podroben\u00e1 simul\u00e1cii re\u00e1lneho bezpe\u010dnostn\u00e9ho \u00fatoku, je bezpodmiene\u010dne nutn\u00e9 zapodieva\u0165 sa podrobnou pr\u00edpravou a pl\u00e1novan\u00edm \u010dinnost\u00ed. A\u00a0ak m\u00e1 poctiv\u00fd pentest posl\u00fa\u017ei\u0165 dobrej veci, potom je na z\u00e1ver [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":2596,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[4],"tags":[],"class_list":["post-2593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-itbezp"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice2.jpg?fit=700%2C400&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2583,"url":"https:\/\/preventista.sk\/info\/bezpecne-hranice-cast-1-co-je-to-penetracny-test\/","url_meta":{"origin":2593,"position":0},"title":"Bezpe\u010dn\u00e9 hranice  \u010cas\u0165 1: \u010co je to penetra\u010dn\u00fd test","author":"I. Makatura","date":"16. febru\u00e1ra 2015","format":false,"excerpt":"V\u00fdraz \u201eperimeter\u201c v\u00a0matematike znamen\u00e1 celkov\u00fa d\u013a\u017eku vonkaj\u0161ieho obvodu dvojrozmern\u00e9ho objektu. V\u00a0prenesenom zmysle sa tento v\u00fdraz pou\u017e\u00edva ako \u201ehranica\u201c, teda priestor, ktor\u00fd sa nach\u00e1dza na vonkaj\u0161ej strane hranice vymedzen\u00e9ho objektu. V\u00a0informa\u010dnej bezpe\u010dnosti sa pod pojmom \u201eperimeter\u201c rozumie vonkaj\u0161\u00ed, cudz\u00ed priestor, mimo predmetn\u00e9ho virtu\u00e1lneho prostredia. Naj\u010dastej\u0161ie sa v\u00a0tomto kontexte jedn\u00e1 o\u00a0sie\u0165ov\u00fd perimeter,\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2768,"url":"https:\/\/preventista.sk\/info\/outsourcing-informacnych-technologii-a-bezpecnost\/","url_meta":{"origin":2593,"position":1},"title":"Outsourcing informa\u010dn\u00fdch technol\u00f3gi\u00ed a bezpe\u010dnos\u0165","author":"Redakcia","date":"5. augusta 2015","format":false,"excerpt":"In\u0161tit\u00facie verejnej spr\u00e1vy podobne ako firmy a organiz\u00e1cie zo s\u00fakromn\u00e9ho sektora vyu\u017e\u00edvaj\u00fa outsourcing ako jednu zo strat\u00e9gi\u00ed boja s ch\u00fdbaj\u00facimi profesion\u00e1lmi a\u00a0nedostatkom finan\u010dn\u00fdch prostriedkov pre\u00a0oblas\u0165 informa\u010dn\u00fdch a\u00a0komunika\u010dn\u00fdch technol\u00f3gi\u00ed. Je ale n\u00e1kup IT slu\u017eieb pre zabezpe\u010denie kritick\u00fdch procesov a\u00a0bezpe\u010dnosti organiz\u00e1cie u\u00a0dod\u00e1vate\u013ea v\u017edy spr\u00e1vnou vo\u013ebou? Outsourcing je v\u00a0s\u00fa\u010dasnosti ob\u013e\u00faben\u00fdm sp\u00f4sobom optimaliz\u00e1cie n\u00e1kladov\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/08\/cover.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/08\/cover.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/08\/cover.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/08\/cover.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4791,"url":"https:\/\/preventista.sk\/info\/rizika-sucast-cloud-sveta\/","url_meta":{"origin":2593,"position":2},"title":"Rizik\u00e1 \u2013 s\u00fa\u010das\u0165 Cloud sveta (5.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"30. marca 2022","format":false,"excerpt":"Prin\u00e1\u0161ame v\u00e1m \u010fal\u0161\u00ed \u010dl\u00e1nok, ktor\u00fd sa venuje bezpe\u010dnosti cloudov. V\u00a0predch\u00e1dzaj\u00facich \u010dl\u00e1nkoch sme hovorili o tom, \u017ee faktor zdie\u013eania zdrojov poskytovan\u00fdch a\u00a0vyu\u017e\u00edvan\u00fdch vo forme cloud slu\u017eieb m\u00f4\u017ee ma\u0165 ekonomick\u00fd pr\u00ednos (Economy of the Scale). Z\u00e1rove\u0148 v\u0161ak prin\u00e1\u0161a zdie\u013eanie zodpovednosti za spr\u00e1vne a\u00a0bezpe\u010dn\u00e9 pou\u017e\u00edvanie cloud slu\u017eieb. Nielen poskytovate\u013e cloud slu\u017eby je zodpovedn\u00fd\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4852,"url":"https:\/\/preventista.sk\/info\/odchod-exit-z-cloudu-6-cast-miniserialu\/","url_meta":{"origin":2593,"position":3},"title":"Odchod (EXIT) z Cloudu (6.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"10. m\u00e1ja 2022","format":false,"excerpt":"Povestn\u00e9 \u201eumenie od\u00eds\u0165\u201c, ke\u010f nastane \u010das je pre \u013eud\u00ed \u010dasto \u0165a\u017ek\u00e9. Pre prostredie cloudu patr\u00ed toto umenie medzi strategick\u00e9 schopnosti. V\u00a0\u010dl\u00e1nku o\u00a0rizik\u00e1ch pou\u017e\u00edvania cloud rie\u0161en\u00ed, aplik\u00e1ci\u00ed a slu\u017eieb (vi\u010f Rizik\u00e1 \u2013 s\u00fa\u010das\u0165 Cloud sveta) bolo spomenut\u00e9, \u017ee zmeny v\u00a0cloude sa realizuj\u00fa dod\u00e1vate\u013eom cloud rie\u0161enia s vysokou frekvenciou, av\u0161ak nie v\u0161etky\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1770,"url":"https:\/\/preventista.sk\/info\/dvanastoro-bezpecneho-spravania\/","url_meta":{"origin":2593,"position":4},"title":"Dvan\u00e1storo bezpe\u010dn\u00e9ho spr\u00e1vania","author":"I. Makatura","date":"8. janu\u00e1ra 2014","format":false,"excerpt":"Informa\u010dn\u00e9 akt\u00edva. Zdanlivo zlo\u017eit\u00fd v\u00fdraz, zjednodu\u0161ene povedan\u00e9, v\u0161etky d\u00e1ta, ktor\u00e9 maj\u00fa pre \u010dloveka aktu\u00e1lnu, potenci\u00e1lnu alebo historick\u00fa hodnotu. Ke\u010f\u017ee \u00a0zabezpe\u010denie d\u00e1t prostriedkami informa\u010dn\u00fdch technol\u00f3gi\u00ed, bolo predmetom minul\u00fdch \u00favah, t\u00fdmto \u010dl\u00e1nkom nadvia\u017eem na Desatoro bezpe\u010dn\u00e9ho po\u010d\u00edta\u010da\u00a0. Nie z\u00a0poh\u013eadu stroja a\u00a0jeho zabezpe\u010denia, ale z\u00a0poh\u013eadu \u010dloveka a\u00a0jeho konania. Ak\u00e9ho spr\u00e1vania by sa mal\u2026","rel":"","context":"V &quot;N\u00e1vody&quot;","block_context":{"text":"N\u00e1vody","link":"https:\/\/preventista.sk\/info\/category\/navody\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2014\/01\/rules.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2014\/01\/rules.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2014\/01\/rules.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2014\/01\/rules.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2901,"url":"https:\/\/preventista.sk\/info\/riadenie-rizik-v-informacnej-bezpecnosti\/","url_meta":{"origin":2593,"position":5},"title":"Riadenie riz\u00edk v informa\u010dnej bezpe\u010dnosti","author":"I. Makatura","date":"21. okt\u00f3bra 2015","format":false,"excerpt":"IT riziko ako t\u00e9ma d\u0148a Informa\u010dn\u00e9 technol\u00f3gie s\u00fa dnes integr\u00e1lnou s\u00fa\u010das\u0165ou v\u00e4\u010d\u0161iny podporn\u00fdch, ale aj obchodn\u00fdch podnikov\u00fdch procesov. Rast\u00faca z\u00e1vislos\u0165 na IT aplik\u00e1ci\u00e1ch v\u0161ak v s\u00fa\u010dasnosti znamen\u00e1 aj dramatick\u00fd n\u00e1rast riz\u00edk a potrebami ich nepretr\u017eitej a systematickej ochrany. Rie\u0161en\u00edm probl\u00e9mov ochrany informa\u010dn\u00fdch akt\u00edv organiz\u00e1cie pred rizikami vypl\u00fdvaj\u00facimi z prev\u00e1dzky IT\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/rizika.png?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/rizika.png?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/rizika.png?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/rizika.png?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/comments?post=2593"}],"version-history":[{"count":5,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2593\/revisions"}],"predecessor-version":[{"id":2606,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2593\/revisions\/2606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media\/2596"}],"wp:attachment":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media?parent=2593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/categories?post=2593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/tags?post=2593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}