NATO i Zapadni Balkan

nem

Attacks on computer systems

Computer systems are a critical component of the human society in the 21st century. Economic sector, defense, security, energy, telecommunications, industrial production, finance and other vital infrastructure depend on computer systems that operate at local, national or global scales. A particular problem is that, due to the rapid development of ICT and the unstoppable growth of its application in all spheres of the human society, their vulnerability and exposure to very serious potential dangers increase. This paper analyzes some typical attacks on computer systems

The use of cyberspace in the context of hybrid warfare

Multipolarity and the change of the geopolitical map of the world, as well as the strengthening of the military capabilities of individual states, have influenced the limitation of the implementation of the military factor in carrying out the set goals of foreign policy by states as subjects of international relations. Such a situation in the international community has led to the fact that achieving interests is not primarily carried out by the use of armed force. In the modern world, the military option of solving a problem becomes 'less and less attractive', and sometimes too risky. Certain states use other, unconventional ways (such as hybrid warfare) to achieve their own objectives and interests. Activities in cyberspace in the context of hybrid warfare are important

Psihološka dimenzija hibridnog ratovanja

nem

Guidelines for the development of strategy for securing the cyberspace

The strategy for securing the cyberspace, created as a result of the challenges of a modern information society, is a proactive instrument intended to protect organizations and citizens against various forms of threats in the cyberspace. The paper analyzes the strategies and policies for securing the cyberspace of certain countries in the international community, which have reached a high degree of development of the information society and are exposed to numerous risks in the cyberspace. The final part of the paper offers suggestions that should help the Republic of Serbia to develop a national strategy for securing the cyberspace

Realization of TCP Syn Flood Attacks using the Kali Linux / Реализация TCP Syn Flood Атак с использованием Kali Linux / Realizacija TCP Syn Flood napada upotrebom Kali Linuksa

Denial-of-Service (DoS) is a type of attack that attempts to prevent legitimate users from accessing network services. This is accomplished by overloading network services or by excessive connectivity, causing a drop in a connection or a service. DoS tools are designed to send large numbers of requests to the targeted server (usually web, FTP, e-mail server), in order to overwhelm server resources and make it unusable. There are various ways in which attackers achieve this. One of the usual ways is simply overwhelming the server by sending too many requests. This will disable the normal functioning of the server (and the web pages will open more slowly), and in some cases it can lead to a situation that the server ceases to operate. This paper shows some effects of TCP Syn Flood Attacks (using Kali Linux) through the change of processor utilization and the unavailability of the target computer (executing ping command). / Хакерская атака «отказ в обслуживании» (Denial-of-Service - DoS) – это вид взлома вычислительной системы с целью довести её до отказа, то есть создание таких условий, при которых добросовестные пользователи системы не могут получить доступ к предоставляемым системным ресурсам (серверам), либо этот доступ становится значительно затруднённым. DoS инструменты отсылают большое количество запросов целевому серверу (как правило web, FTP, электронная почта), перезагружая его ресурсы, что в итоге приводит к отказу в обслуживании. Хакерами разработано несколько методов для достижения своей цели. Один из них – это чрезмерная перезагрузка сервера огромным количеством запросов. Данные действия мешают нормальной работе сервера (вследствие чего web-страницы намного медленнее открываются), а в некоторых случаях это может привести к полному отказу в обслуживании. В данной статье были представлены отдельные эффекты TCP Syn Flood Attacks (с использованием Kali Linux), отражаемые в изменениях загруженности процессора и недоступности целевого компьютера (для ping команды). / Napad odbijanja usluga (Denial-of-Service – DoS) vrsta je napada kojim se sprečava da ovlašćeni korisnici pristupe odgovarajućim mrežnim uslugama. To se postiže preopterećenjem mrežnih usluga ili prekobrojnim konekcijama, što dovodi do prekida (otežane) konekcije ili usluge. DoS alati šalju veliki broj zahteva ciljanom serveru (obično web, FTP, e-mail server) radi preopterećenja njegovih resursa, čineći ga na taj način neupotrebljivim. Jedan od čestih načina na koje napadači to postižu jeste preopterećenje servera slanjem velikog broja zahteva. Takva aktivnost onemogućiće normalno funkcionisanje servera (i web stranice će se otvarati mnogo sporije), pa će u nekim slučajevima prestati i da funkcioniše. U članku su prikazani određeni efekti TCP Syn Flood Attacks (upotrebom Kali Linux-a) kroz promenu iskorišćenosti procesora i nedostupnosti ciljanog računara (izvršavanjem ping komande)

Web application security analysis using the Kali Linux operating system / Анализ безопасности веб-приложений оперционной системой Kali Linux / Analiza bezbednosti web aplikacija operativnim sistemom Kali Linux

The Kali Linux operating system is described as well as its purpose and possibilities. There are listed groups of tools that Kali Linux has together with the methods of their functioning, as well as a possibility to install and use tools that are not an integral part of Kali. The final part shows a practical testing of web applications using the tools from the Kali Linux operating system. The paper thus shows a part of the possibilities of this operating system in analysing web applications security, which presents the goal of this work. / В статье дается описание операционной системы Kali Linux, включая цели и возможности ее использования. Приведен список инструментов системы Kali Linux, способ работы ее конкретных инструментов, а также возможность установки и использования инструментов, которые не являются частью операционной системы Kali Linux. В заключительной части статьи, наглядно представлено тестирование веб-приложений с применением инструментов операционной системы Linux Кали. Таким образом, представлена часть возможностей Кали Linux операционной системы, применяемой для анализа безопасности веб-приложений, что являлось целью данной работы. / U radu je opisan operativni sistem Kali Linux , njegove namene i mogućnosti. Navedene su grupe alata kojima Kali Linux raspolaže, način rada određenih alata koje ovaj sistem sadrži, kao i mogućnost instalacije i korišćenja alata koji nisu njegov sastavni deo. U završnom delu rada praktično je prikazano testiranje web aplikacija korišćenjem alata iz operativnog sistema Kali Linux. Time je prikazan deo mogućnosti ovog operativnog sistema u analizi bezbednosti web aplikacija, što predstavlja cilj ovog rada

Cyberspace as a domain of conflict: The case of the United States - Iran and North Korea

Modern society is critically dependent on information as a strategic resource and information and communications technology, which carries out its transmission, processing and exchange. Information and communications technology has created a new environment, cyberspace, in which tensions, disagreements and incidents are becoming more frequent. In recent years, the mentioned area has increasingly appeared as a domain of conflict between the leading world and regional powers. The paper gives a brief description of the concept of operations in several domains and elements of the new concept of joint warfare of the US Armed Forces. The importance of cyberspace for the US has been pointed out with a review of organizational changes and the adoption of certain strategic and doctrinal documents. The paper presents certain events and activities in cyberspace, in recent years, between the United States on the one hand, and Iran and North Korea on the other. The United States Cyber Command (USCYBERCOM) was created in 2009. USCYBERCOM was elevated to the status of a full and independent unified command in May 2018. It indicates the importance of cyberspace for the Pentagon. In many ways, the separation of USCYBERCOM from Strategic Commands, which oversees strategic rejection, is a symbol of the change in the US attitude in cyberspace from "defensive" to "persistent engagement." The United States is still the strongest force in cyberspace and shows ambition to carry out cyber operations at all levels of command. It is unlikely that Iran will provoke the United States into a large-scale military conflict and wage a direct war in cyberspace. Iran has rapidly improved its ability to operate in cyberspace, and it is estimated that this trend will continue. The imbalance can prevent Iran from a direct military conflict with the United States and its allies. Greater action is expected with an asymmetric arsenal such as e.g. cyber attacks. Iranian and North Korean operations are similar in target selection, planning and exploitation of attacks. Both countries undertake different variants of phishing attacks in an attempt to deceive their victims into downloading malicious software by presenting it as a legitimate link or file. Whereas Iran usually had a motive only to cause disruption to the functioning of financial institutions, North Korean motive was both financial and political retaliation. Certain discovered incidents indicate that North Korea devotes much more time to conducting invasive surveillance before carrying out attacks. Numerous examples show that some activities have been prepared over the years and with the support of certain state bodies. Regardless of the fact that an investigation has been launched against certain groups, most often sponsored by states, it is unlikely that this will deter countries such as North Korea and Iran from giving up further activities and will pose an increasing threat to the US security