{"id":4426,"date":"2023-03-24T06:00:03","date_gmt":"2023-03-24T05:00:03","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4426"},"modified":"2024-02-10T15:13:33","modified_gmt":"2024-02-10T14:13:33","slug":"povrsina-napada-uvod-epizoda-1","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/","title":{"rendered":"Povr\u0161ina napada: Uvod (Epizoda 1)"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">U kiberneti\u010dkom prostoru, povr\u0161ina napada je termin koji se koristi u rje\u0161avanju problema informacione bezbjednosti ra\u010dunarskih sistema i ozna\u010dava ukupan broj moguc\u0301ih ranjivosti. Drugim rije\u010dima, povr\u0161ina napada je skup svih ure\u0111aja, softvera, servisa i svih ranjivosti koje napada\u010d mo\u017ee iskoristiti u sistemu neke organizacije. Sa aspekta <a href=\"https:\/\/sajberinfo.com\/en\/2018\/12\/23\/sajber-bezbjednost\/\" target=\"_blank\" rel=\"nofollow noopener\">sajber bezbjednosti<\/a>, ova povr\u0161ina bi trebalo da bude \u0161to manja kako bi se smanjio rizik od neovla\u0161tenog pristupa \u0161ti\u0107enim resursima.<\/span><\/p>\n<div id=\"attachment_4428\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4428\" class=\"size-full wp-image-4428\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/attack-surface.jpg\" alt=\"Povr\u0161ina napada_Uvod \" width=\"1024\" height=\"652\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/attack-surface.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/attack-surface-300x191.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/attack-surface-768x489.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/attack-surface-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4428\" class=\"wp-caption-text\"><em>Povr\u0161ina napada: Uvod; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<p><span style=\"font-size: 12pt;\"><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/#POVRSINA_NAPADA\" >POVR\u0160INA NAPADA<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/#Digitalna_povrsina_napada\" >Digitalna povr\u0161ina napada.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/#Fizicka_povrsina_napada\" >Fizi\u010dka povr\u0161ina napada.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/24\/povrsina-napada-uvod-epizoda-1\/#Drustveni_inzinjering\" >Dru\u0161tveni in\u017einjering<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"POVRSINA_NAPADA\"><\/span><strong><span style=\"font-size: 14pt;\">POVR\u0160INA NAPADA<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Povr\u0161ina napada se mo\u017ee podijeliti u tri kategorije: digitalnu, fizi\u010dku i dru\u0161tveni in\u017einjering.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Digitalna_povrsina_napada\"><\/span><span style=\"font-size: 14pt;\"><strong>Digitalna povr\u0161ina napada.<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Samo ime sugeri\u0161e da se radi o digitalnim dodirnim ta\u010dkama koje se mogu iskoristiti kao pristupna ta\u010dka za neovla\u0161teni ulazak u sistem ili mre\u017eu neke organizacije. To podrazumijeva:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><strong>Aplikacije \u2013 <\/strong>Ranjivosti u aplikacijama su \u010desta pojava i veoma lako mogu napada\u010dima omogu\u0107iti ulaz u sistem organizacije na koju se vr\u0161i napad.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>K\u00f4d \u2013 <\/strong>Kada se govori o programskom k\u00f4du, tu najve\u0107u opasnost predstavlja kori\u0161tenje k\u00f4da tre\u0107ih strana koji mo\u017ee sadr\u017eavati ranjivost ili zlonamjerni softver.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Portovi \u2013 <\/strong>Napada\u010di su konstantno u potrazi za otvorenim portovima na mre\u017ei, a posebnu pa\u017enju obra\u0107aju na \u010desto kori\u0161tene portove. Ako je servis koji koristi odre\u0111en port pogre\u0161no pode\u0161en ili ima ranjivost, to je prilika za napada\u010de da u\u0111u u sistem.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Serveri \u2013<\/strong> Oni su \u010deste mete napada iskori\u0161tavanjem ranjivosti ili kori\u0161tenjem <a href=\"https:\/\/sajberinfoleksikon.blogspot.com\/2022\/04\/ddos.html\" target=\"_blank\" rel=\"noopener\"><em>DDoS<\/em> napada<\/a>.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Internet stranice \u2013<\/strong> Ovo je dio digitalne povr\u0161ine napada koji je izlo\u017een razli\u010ditim vrstama napada koji izme\u0111u ostalog podrazumijevaju gre\u0161ke u k\u00f4du i nepravilna pode\u0161avanja.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Certifikati \u2013<\/strong> \u010cesto vi\u0111ena situacija je da organizacije dopuste da certifikat istekne, \u0161to otvara mogu\u0107nost koju napada\u010di mogu iskoristi.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">Ovo su samo najpoznatiji dijelovi digitalne povr\u0161ine napada, kona\u010dna lista je mnogo du\u017ea. U su\u0161tini, sve \u0161to se nalazi van <em>firewall<\/em>-a organizacije i dostupno je na Internetu je dio digitalne povr\u0161ine napada. Sva sredstava digitalne povr\u0161ine napada mo\u017eemo posmatrati kao:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><strong>Nepoznata sredstva. <\/strong>Ovdje se \u010desto radi o zaboravljenim sredstvima ili sredstvima koja nemaju odobrenje sigurnosnog tima organizacije (eng. <em>shadow IT<\/em>).<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>Poznata sredstva.<\/strong> Ovdje se podrazumijevaju sva sredstva kojima se upravlja i koja su evidentira i odobrena za upotrebu u organizaciji od strane sigurnosnog tima.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><strong>La\u017ena sredstva.<\/strong> Ovdje je rije\u010d o zlonamjernoj infrastrukturi podignutoj od stane napada\u010da, \u010dija je svrha da opona\u0161a prava sredstva organizacije, to mo\u017ee biti opona\u0161anje domene, la\u017ena Internet stranica, aplikacija i sli\u010dno.<\/span><\/li>\n<\/ul>\n<div id=\"attachment_4499\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4499\" class=\"size-full wp-image-4499\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/piqsels.com-id-svypr.webp\" alt=\"Nepoznata sredstva\" width=\"1024\" height=\"698\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/piqsels.com-id-svypr.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/piqsels.com-id-svypr-300x204.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/piqsels.com-id-svypr-768x524.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/piqsels.com-id-svypr-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4499\" class=\"wp-caption-text\"><em>Nepoznata sredstva; Source: <a href=\"https:\/\/www.piqsels.com\/en\/public-domain-photo-svypr\/download\" target=\"_blank\" rel=\"noopener\">Piqsels.com<\/a><\/em><\/p><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Fizicka_povrsina_napada\"><\/span><span style=\"font-size: 14pt;\"><strong>Fizi\u010dka povr\u0161ina napada.<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Kao suprotnost digitalnoj povr\u0161ini napada, fizi\u010dka povr\u0161ina napada obuhvata sve krajnje fizi\u010dke ure\u0111aje kao \u0161to su desktop ra\u010dunari, laptopovi, tableti, \u0161tampa\u010di, svi\u010devi, ruteri, nadzorne kamere, USB portovi, mobilni telefoni i sli\u010dno. Jednom rije\u010dju, svi ure\u0111aji u organizaciji fizi\u010dki dostupni napada\u010du sa kojih mo\u017ee pokrenuti napad i dobiti pristup unutar organizacije. Za razliku od digitalne povr\u0161ine napada, fizi\u010dka povr\u0161ina napada mo\u017ee biti iskori\u0161tena \u010dak i kada ure\u0111aji nisu povezani na lokalnu mre\u017eu organizacije ili Internet. To se obi\u010dno radi o insajderskim prijetnjama, kada su napada\u010di preru\u0161eni u servisne radnike, neprovjereni ure\u0111aji na lokalnoj mre\u017ei ili la\u017eni zaposleni radnici.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Drustveni_inzinjering\"><\/span><span style=\"font-size: 14pt;\"><strong>Dru\u0161tveni in\u017einjering<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ova povr\u0161ina se odnosni na iskori\u0161tavanje ranjivosti ljudske prirode. Naj\u010de\u0161\u0107e se koristi <a href=\"https:\/\/sajberinfo.blogspot.com\/2022\/01\/phishing-meta-su-ljudi-ne-tehnologija.html\" target=\"_blank\" rel=\"noopener\">pecanje ili mre\u017ena kra\u0111a identiteta<\/a> (eng. <em>phishing<\/em>), odnosno <a href=\"https:\/\/sajberinfoleksikon.blogspot.com\/2022\/02\/spear-phishing.html\" target=\"_blank\" rel=\"noopener\">ciljano pecanje<\/a> (eng. <em>spear phishing<\/em>), kao i druge manipulativne metode kako bi se korisnici prevarili i omogu\u0107ili neovla\u0161teni pristup napada\u010dima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Organizacije godinama grade svoje <em>IT<\/em> okru\u017eenje koje je se stalno mijenja sa zahtjevima poslovanja i rastom organizacije. \u0160iroka upotreba virtualnih ma\u0161ina, mikroservisa, stalni odlazak i dolazak radnika, kao i pojava novog hardvera i softvera zna\u010de da razumijevanje i upravljanje povr\u0161inom napada mora biti konstantno i fleksibilno. Glavni moto ka postizanju tog cilja bi trebalo a bude: vidljivost i kontrola.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>U kiberneti\u010dkom prostoru, povr\u0161ina napada je termin koji se koristi u rje\u0161avanju problema informacione bezbjednosti ra\u010dunarskih sistema i ozna\u010dava ukupan broj moguc\u0301ih ranjivosti. Drugim rije\u010dima, povr\u0161ina napada je skup svih ure\u0111aja, softvera, servisa i&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4428,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[114,61,280,281,83],"class_list":["post-4426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-info","tag-ddos","tag-phishing","tag-povrsina-napada","tag-shadow-it","tag-spear-phishing"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4426"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4426\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4428"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}