|
|
Centralised web-based personal data management system
Mazur, Kornel ; Kacálek, Jan (referee) ; Malý, Jan (advisor)
This diploma thesis deals with a central user identification and personal data management on the Internet. The first part analyzes questions of a identification process and discusses the requirements for implementation, security and user-friendliness. Subsequently, the process is designed with respect to the defined requirements. A detailed overview of possible attacks to the system and means of protection against them is also included in the thesis. The described methods are as follows: Phishing, Man in the middle, hardware modification and acoustic keypress emissions. A practical design of a identification system is discussed in the second part of the thesis. It consists of two parts: a library implementable to individual Internet services requiring a user identification and a server centrally identificating the users and storing their personal data and passwords. An implementation in Joomla content management system is also described.
|
|
|
Phishing and suitable protection against it
Trepáčová, Veronika ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This bachelor thesis covers the issue of phishing and suitable protection against it. In the theoretical part are firstly explained the basic characteristics, development, types and techniques of phishing and also the concept of social engineering. Phishing emails are further divided into categories and according to their major features is possible to observe the differences of each individual group of e-mails and their increasing perfection. The last theoretical chapter focuses on the Internet banking in the Czech Republic. The aim of this section is to point out the ability and the means of informing banks' clients about security and potential dangers when working with Internet banking. The banks with the largest number of clients were selected and were evaluated through analysis of security webportals based on the specified criteria. The main objective, which is met by the practical part of the thesis, is to create a handbook for a user of the Internet and Internet banking. User can find in this handbook necessary advice, recommendations and procedures to be followed when receiving a suspicious email and identifying potential threat.
|
|
|
Socio-technical attacks
Urbanová, Anna ; Pavlíček, Luboš (advisor) ; Palovský, Radomír (referee)
The main objective of this work is to identify how students from the University of Economics, in Prague, looks at their results in two different socio-technical surveys. First, survey no. 1, focuses on the security of password and the second survey, no. 2, looks at how phishing e-mails are detected. In both cases to obtain the results of the surveys, questionnaires were used. After the surveys were completed, we promised that we would inform the students of their results from their questionnaires. The whole thesis is divided into six chapters. The first four chapters are based on theoretical information about social engineering. The last two chapters contain the practical part of the thesis, survey no. 1 and 2. The main benefits of this thesis are the results from the two surveys, which focused on the way that social engineering is attacked. Each survey was completed with the help of questionnaires and highlight the potential risks that social engineering poses to society.
|
|
|
Techniques and security in cases of fraud of selected types of Electronic banking
Abu Dayeh, Christián ; Půlpánová, Stanislava (advisor) ; Šafařík, Miroslav (referee)
The main topic of the thesis are different methods of Electronic banking fraud and options of Electronic banking security. The history of Electronic banking and current legal regulations including definition of some ambigious terms are described in the first part. In this part there are also described means of remote access to Electronic banking, which also outlines present options of online communication with the bank. Analysis of different methods and practical forms of fraud of different kinds of Electronic banking are described in the next part. The fraud of payment cards and internet banking are those that are mostly specified. Various types of security and fraud prevention including solutions of problems that may arise are outlined in the last part. Responsibility for fraud is portrayed in the very last part of the thesis.
|
|
|
The Problematics of Phishing
Kemr, Jakub ; Klíma, Tomáš (advisor) ; Pavlíček, Luboš (referee)
Bachelor thesis focuses on still current and specific type of cybercrime called phishing. The goal of the thesis is to introduce an ordinary internet user to the phishing issue by describing the functionality of different techniques of attack and appropriate ways of prevention and defence against these types of cyber-attacks. The thesis is divided into three parts. Theoretical part deals with the introduction to the phishing issue and historical development of this fraudulent technology since the early 90s of the 20th century. Furthermore, the theoretical part describes the functionality of different types of phishing techniques from the most famous to the less well-known. The end of the theoretical part describes the prevention and defence possibilities at user, software and organizational level. The second part of the work focuses on the analysis of phishing attacks. First the thesis analyses some of the recent attacks on Czech clients, in particular their structure, progress and the real purpose. The following parts show the preparation and process of one classic and one modern attack with examples of detection and possibilities of appropriate defence against these specific techniques. Final part of the thesis shows the results of the survey and phishing quiz, focused on ordinary internet users and their awareness of this issue.
|
|
|
Phishing
Rácz, Pavel ; Sova, Martin (advisor) ; Luc, Ladislav (referee)
The aim of my bachelor thesis is to analyze the phishing issue. Theoretical part of the thesis familiarizes readers with the term phishing and its types and red flags as well as the legislative in the Czech and Slovak republic. Practical part covers the statistical analysis of the selected indicators, like the number of the phishing domains, phishing attacks, or the number of reported phishing suspects or its targets in sectors in 2011, 2012, and 2013. Statistical analysis covers the development of the selected indicators worldwide, as well as in terms of Czech and Slovak national domains. The last chapter is dedicated to identify trends of the selected indicators based on the findings that help future forecast of the development of the selected indicators. The end of the thesis itself concludes individual studies which I derived the data from.
|
|
|
Security elements of e-banking
Mohamed, Radouan ; Albrecht, Jakub (advisor) ; Voříšek, Jiří (referee)
This bachelor thesis provides a summary of currently used security elements in services of electronic banking. There is a description of the electronic banking of two Czech banks - Fio and Era, and those are also compared. In the last chapter there is a description of a theoretical attack on an e-banking service based on the findings of this thesis. The re-sult of the thesis is an evaluation of weaknesses of e-banking services and the description of the theoretical attack.
|
|
|
Phishing and the human factor
Kalinová, Diana ; Sigmund, Tomáš (advisor) ; Pavlíček, Luboš (referee)
The main aim of the diploma thesis is to underline the importance of human factor for the success of phishing attacks and to identify the reasons, why the Czech and Slovak users are vulnerable to phishing. The thesis focuses on the user as the weakest part in the system which phishers exploit. Social and technical tricks that are cheating users are in the second chapter. The third chapter focuses on social engineering and sociological methods of attack. The fourth chapter is devoted to the delivery of phishing and fifth chapter explores the various types of phishing attacks. The sixth chapter presents the reasons for the operation of phishing, the aspects of credibility and authenticity of e-mails and web sites, that users follow and the implications of using the context in phishing. The victims of phishing have specific reactions which are mentioned in the seventh chapter. The eighth chapter explores the various measures against phishing, not just technology. Mentioned eight chapters present a theoretical basis for the following chapters of the diploma thesis. In the ninth chapter is performed analysis of the global situation of phishing. Through analysis are identified current and historical trends in phishing. Finally, the chapter shows the implications for the user. The tenth chapter is devoted to the phishing attacks in the Czech and Slovak Republic which are interesting in terms of the importance of human factor. We determine whether users are able to defend attacks only with their carefulness, mindfulness and awareness of phishing. Within the last chapter is taken empirical research through the questionnaire survey. The research verifies the awareness of the Czech and Slovak users about phishing, their personal experiences with phishing, their security habits and the aspects of credibility and authenticity that they consider in emails and websites. Based on all findings are drawn conclusions and recommendations.
|
|
| |
|
|
Electronic payments on the Internet
Králíčková, Lenka ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This Bachelor thesis deals with issues of card payment on the Web. It deals with current state of the electronic means of payment. The aim is to familiarize readers with these issues. The first part describes the history of credit cards in the world and the Czech Republic. Furthermore, it analyzes the characteristics of credit card and its types. There is described in detail the security system 3-D Secure, which is now the international standard in the field of card payments over the Web. In this Bachelor thesis there is mentioned the ISO/OSI model and SSL and HTTPS, through which payment is processed through the 3-D Secure and, to make it complete, there is described a digital certificate authority. Then the example of implementation of this standard in online shops and the description of current options for payments over the Web follows. There are listed the security risks of this payment. There are the results of the survey in conclusion, whose aim was to analyze the Czech public awareness of the payment card and to determine level of use of card payments on the web in the country. The reader of this work obtains a comprehensive view on the issues of card payment over the Web. The work would give an idea of how the payments work and what alternatives payments over the web there are. Furthermore, it should point out ways of obtaining sensitive information to his credit card or account.
|
guest ::
