ppt network security pentingnya keamanan internet
DESCRIPTION
InternetTRANSCRIPT
![Page 1: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/1.jpg)
Network Security:Pentingnya Keamanan Komputer
Computer Network Research GroupITB
![Page 2: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/2.jpg)
Perspective ...
less then 200 security incident in 1989.
about 400 in 1989.about 1400 in 1993.estimated more than 2241 in 1994.Nobody knows the correct statistics
on how many attacks are actually detected by the sites broken into.
![Page 3: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/3.jpg)
Survey Dan Farmer (Dec96)
1700 web sites:
60% vurnelable.
9-24%terancam jika satu bug dari service daemon (ftpd, httpd / sendmail) ditemukan.
Serangan pada 10-20 % sites di netralisir menggunakan denial-of-service
![Page 4: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/4.jpg)
Statistik Serangan
Jenis Scan Tembus% Kuning% Merah%Banks 660 68.33 32.73 35.61Credit U 274 51.09 30.66 20.44US Fed 47 61.70 23.40 38.30Newspaper 312 69.55 30.77 38.78Sex 451 66.08 40.58 25.50Totals 1734 64.94 33.85 31.08
![Page 5: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/5.jpg)
Resiko Serangan
24
3
0
5
10
15
20
25
W/ Internet W/O Internet
![Page 6: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/6.jpg)
Sumber Serangan
0
20
40
60
80Dari luar
Virus keJ aringan
Virus ke PC
Dari Dalam
![Page 7: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/7.jpg)
Aktifitas Serangan
Manipulasi Data 6.8%Backdoor Software 6.6%Password 5.6%Scanning 14.6%Trojan Horse 5.8%IP Spoofing 4.8%Virus 10.6%
![Page 8: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/8.jpg)
Serangan di Internet
Approx. 19.540.000 hosts are connected to Internet (end1996)
US DoD 250.000 serangan / tahun.Serangan pada Rome Laboratory.
![Page 9: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/9.jpg)
Network Security
usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’
![Page 10: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/10.jpg)
Layout Firewall
InterNet
InternalNetwork
Firewall
![Page 11: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/11.jpg)
What are you trying to protect?
Your Data.Your Resources.Your Reputation.
![Page 12: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/12.jpg)
What Are You Trying To Protect Against?
Type of attacks
Intrusion.Denial of Service.Information Theft.
![Page 13: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/13.jpg)
Type of Attackers
Joyriders.Vandals.Score Keepers.Spies (Industrial & Otherwise).Stupidity & Accidents.
![Page 14: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/14.jpg)
Security Policy
‘satu keputusan yang menentukan batasan-batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’
![Page 15: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/15.jpg)
Objectives
SecrecyData IntegrityAvailability
![Page 16: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/16.jpg)
Step Security Policy
Apa yang boleh / tidak boleh.Prediksi resiko & biaya (start dengan
bug).Tentukan objek yang di lindungi.Tentukan bentuk ancaman & serangan:
unauthorized access. Disclosure information. Denial of service.
![Page 17: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/17.jpg)
Step ...
Perhatikan kelemahan system: authentication. Password sharing. Penggunaan password yang mudah di
tebak. Software bug.
Optimasi Cost / Performance.
![Page 18: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/18.jpg)
Manusia ...
Tanggung Jawab.Komitmen.
![Page 19: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/19.jpg)
Design Security Policy
Kerahasiaan (Secrecy)Integritas DataAvailabilityKonsistensiKontrol Identifikasi & AuthentikasiMonitoring & Logging
![Page 20: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/20.jpg)
Prinsip ...
Hak minimumKurangi jumlah komponen
![Page 21: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/21.jpg)
How Can You Protect Your Site
No Security.Security Through Obscurity.Host Security.Network Security.No Security Model Can Do It All.
![Page 22: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/22.jpg)
What Can A Firewall Do?
A firewall is a focus for security decisions.
A firewall can enforce security policy.A firewall can log Internet activity
efficiently.A firewall limits your exposure.
![Page 23: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/23.jpg)
What Can’t A Firewall Do?
A firewall can’t protect you against malicious insiders.
A firewall can’t protect you against connections that don’t go through it.
A firewall can’t protect against completely new threats.
A firewall can’t protect against viruses.
![Page 24: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/24.jpg)
List of A Must Secure Internet Services
Electronic mail (SMTP).File Transfer (FTP).Usenet News (NNTP).Remote Terminal Access (Telnet).World Wide Web Access (HTTP).Hostname / Address lookup (DNS).
![Page 25: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/25.jpg)
Security Strategies.Least Privilege.Defense in Depth (multiple security
mechanism).Choke Point forces attackers to use a
narrow channel.Weakest Link.Fail-Safe Stance.Diversity of Defense.Simplicity.
![Page 26: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/26.jpg)
Building Firewalls
![Page 27: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/27.jpg)
Some Firewall Definitions
Firewall A component or set of components that
restricts access between a protected network and the Internet, or between other sets of networks.
Host A computer system attached to a
network.
![Page 28: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/28.jpg)
Firewall Def’s Cont’ ..
Bastion Host A computer system that must be highly
secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks.
Dual-homed host A general-purpose computer system that has
at least two network interfaces (or homes).
![Page 29: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/29.jpg)
Firewall Def’s Cont ...Packet.
The fundamental unit of communication on the Internet.
Packet filtering. The action a device takes to selectively control
the flow of data to and from a network.Perimeter network.
a network added between a protected network and external network, to provide additional layer of security.
![Page 30: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/30.jpg)
Firewall Def’s Cont ...
Proxy Server A program that deals with external
servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.
![Page 31: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/31.jpg)
Packet Filtering
InterNet
InternalNetwork
Routes or blocks packets,as determined by site's
security policy.
ScreeningRouter
![Page 32: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/32.jpg)
Proxy Services
InterNet
InternalNetwork
Proxy ServerDual homed HostFirewall
Internal HostProxy Client
External HostReal Server
![Page 33: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/33.jpg)
Screened Host Architecture
InterNet
InternalNetwork
ScreeningRouter
Bastion Host
Firewall
![Page 34: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/34.jpg)
De-Militarized Zone Architecture
InterNet
InternalNetwork
PerimeterNetwork
Interior RouterChoke Router
Exterior Router
Bastion Host
Firewall
![Page 35: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/35.jpg)
DMZ With Two Bastion Hosts
InterNet
InternalNetwork
PerimeterNetwork
Interior RouterChoke Router
Exterior Router
Firewall
SMTP / DNS Host
FTP/WWW Host
![Page 36: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/36.jpg)
It’s OK
Merge Interior & Exterior RouterMerge Bastion Host & Exterior
RouterUse Mutiple Exterior RouterHave Multiple Perimeter NetworkUse Dual -Homed Hosts & Screened
Subnets
![Page 37: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/37.jpg)
It’s Dangerous
Use Multiple Interior RouterMerge Bastion Host and Interior
Router
![Page 38: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/38.jpg)
Private IP Address
Use within Internal NetworkReference RFC 1597IP address alocation:
Class A: 10.x.x.x Class B: 172.16.x.x - 172.31.x.x Class C: 192.168.0.x -
192.168.255.x
![Page 39: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/39.jpg)
Bastion Host
It is our presence in Internet.
Keep it simple.Be prepared for the bastion host to
be compromised.
![Page 40: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/40.jpg)
Special Kinds of Bastion Hosts
Nonrouting Dual-Homed Hosts.Victim Machine.Internal Bastion Hosts.
![Page 41: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/41.jpg)
Choosing A Bastion Host
What Operating System? Unix
How Fast a Machine? 386-based UNIX. MicroVAX II Sun-3
![Page 42: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/42.jpg)
Proxy Systems
Why Proxying? Proxy systems deal with the insecurity
problems by avoiding user logins on the dual-homed host and by forcing connections through controlled software.
It’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.
![Page 43: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/43.jpg)
Proxy - Reality & Illusion
User's Illusion
Percieved Connection
Actual Connection
Client
ServerProxy Server
![Page 44: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/44.jpg)
Advantages of Proxying
Proxy services allow users to access Internet services “directly”
Proxy services are good at logging.
![Page 45: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/45.jpg)
Disadvantages of ProxyingProxy services lag behind non-proxied
services.Proxy services may require different servers
for each service.Proxy services usually require modifications to
clients, procedures, or both.Proxy services aren’t workable for some
services.Proxy services don’t protect you from all
protocol weaknesses.
![Page 46: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/46.jpg)
Proxying without a Proxy Server
Store-and-Forward services naturally support proxying.
Examples: E-mail (SMTP). News (NNTP). Time (NTP).
![Page 47: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/47.jpg)
Internet Resources on Security Issues
![Page 48: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/48.jpg)
WWW Pages
http://www.telstra.com.au/info/security.html
http://www.cs.purdue.edu/coast/coast.html
![Page 49: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/49.jpg)
Mailing Lists
[email protected] ftp://ftp.greatcircle.com/pub/firewalls/ http://www.greatcircle.com/firewalls/
[email protected]@net.tamu.edu
ftp://net.tamu.edu/pub/security/lists/academic-firewalls
![Page 50: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/50.jpg)
Newsgroupscomp.security.announce.comp.security.unix.comp.security.misc.comp.security.firewalls.alt.security.comp.admin.policy.comp.protocols.tcp-ip.comp.unix.admin.comp.unix.wizards
![Page 51: Ppt Network Security Pentingnya Keamanan Internet](https://reader030.vdocuments.net/reader030/viewer/2022020110/553e0d944a795968288b4837/html5/thumbnails/51.jpg)
Summary
In these dangerous times, firewalls are the best way to keep your site secure.
Although you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.