sosdarkam smkn 1 cibinong 13 april 2016
TRANSCRIPT
ü Gaya Hidupü Dunia Pendidikanü Dunia Kerjaü Komunikasi Massaü Ekonomi
Kegiatan yang dilakukan ketika menggunakan internet
Sumber : Profil Pengguna Internet Indonesia 2014
Jejaring Sosial Sosial MediaDefinisi Membangun hubungan
dgn masyarakatMenyajikan informasi kepada masyarakat luas
Gaya Berkomunikasi
Ada dialog / komuniasi dua arah (two-way)
Informasi hanya dari penyaji (one-way)
v Situs-situs sosial media;- detik.com- kompas.com- youtube.com- wiki- blog, dllsumber: wikipedia
v Situs-situs jejaring sosial;- facebook.com- twitter.com- friendster.com- plurk.com dllsumber: wikipedia
Jejaring sosial adalah suatu struktur sosial yang dibentuk dari simpul-simpul (yang
umumnya adalah individu atau organisasi) yang diikat dengan satu atau lebih tipe relasi
spesifik seperti nilai, visi, ide, teman, keturunan, dll. Sumber wikipedia
1. Facebook2. Google3. Blogspot4. Youtube5. Yahoo!6. Kaskus7. WordPress8. Twitter9. Detik10.Blogger.com� Sumber : Alexa� (13 September 2012)
� Peraturan/perundang-undangan yang mengatur tentang kegiatan dunia maya (cyberspace) di Indonesia adalah UU NOMOR 11 TAHUN 2008tentang ITE dan UU NOMOR 14 TAHUN 2008 tentang KIP
� UU NOMOR 11 TAHUN 2008 tentang ITE mengatur tentang isi/konten dan penyelenggara jasa layanan informasi elektronik
� UU NOMOR 14 TAHUN 2008 tentang KIP mengatur mengenai transparansi dan keterbukaan informasi bagi publik
KerawananPenggunaan Internet
Informasi yang bisa dimanfaatkan
q User name & password account situs tertentu
q Data pribadi
q Foto pribadi
q Isi percakapan
q Dll
Software Hardware
� Contoh kasus: carding, pencurian rekening/account bank
� Contoh kasus: pemalsuan identitas, "I'm Serious Guys", Penipuan Baru di Facebook
http://www.metrotvnews.com/read/newsvideo/2011/04/02/125486/Lima-Bulan-Menikah-Sang-Istri-Ternyata-Waria
contoh kasus: penculikan via Facebook yang dialami siswi SMP 28
Bandung
http://www.solopos.com/2010/channel/nasional/korban-penculikan-lewat-facebook-trauma-akibat-diculik-64551
1. Perilaku Sehat berinternet:• Berbagi informasi yang bermanfaat• Mengunggah isi/konten yang bersifat membangun dan positif• Saat ber-”sosial networking” tidak asal dalam menerima/
menambah teman• Memisahkan account pribadi dan account untuk game
2. Penggunaan password yang aman:• Menggunakan kombinasi karakter• Mengganti password secara periodik• Jangan gunakan password yang sama untuk account yang
berbeda• Jangan melakukan sharing password• Gunakan password manager untuk memudahkan mengingat
banyak password (hanya digunakan di komputer pribadi !)3. Mengatur account di dunia maya dengan baik dan benar
v Aktivitasinternetdikalanganremaja:
q Mengunjungi situs socialnetworking (facebook,myspace,twitter,dll)
q Komunikasi viainstantmessaging (yahoomessenger, gtalk,icq,dll)
q Bermain gameonline (PointBreak,dotA,webbasedgames,dll)
q Komunikasi viae-mail(yahoomail,google mail,hotmail,dll)
q Mencari informasi mengenai pelajaran sekolah.
v Informasiyangbisadimanfaatkan :
q Username&passwordaccountsitus tertentu
q Datapribadi
q Foto pribadi
q Isipercakapan
q Dll
identitytheft(pencurian identitas)
[facebook,path,twitter…socialnetworksdoyoutrustyour“friends”?]
22
What we should do ?
23
CyberLawCyberspace.Cyberthreat.Cyberattack.Cybercrime
STRATEGIES FOR PROTECTION
24
Protecting Information
Protecting Infrastructure
Protecting InteractionsSecurityAwareness
Kriptografi/Persandian
NetworkSecurity
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
19
What to Secure?Hardware Software
Information Communications
Laptops, Desktop PCs, CPU, hard disk, storage devices, cables, etc.
Operating system and software applications
Personal identification such as Social Security Number (SSN), passwords, credit card numbers, etc.
Emails, instant messengers, and browsing activites
Securing Interaction
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
17
Layers of Security
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5
Physical Security
Safeguards the personnel, hardware, programs, networks, and data from physical threats
Network Security
Protects the networks and their services from unauthorized modification, destruction, or disclosure
System Security
Protects the system and its information from theft, corruption, unauthorized access, or misuse
Application Security
Covers the use of software, hardware, and procedural methods to protect applications from external threats
User Security
Ensures that a valid user is logged in and that the logged‐in user is allowed to use an application/ program
Securing Infrastructure
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
14
Elements of Security
Authenticity is “the identification and assurance of the origin of information”
Confidentiality is “ensuring that information is accessible only to those authorized to have access” (ISO‐17799)
Availability is “ensuring that the information is accessible to authorized persons when required without delay”
Integrity is “ensuring that the information is accurate, complete, reliable, and is in its original form”
Non‐repudiation is “ensuring that a party to a contract or a communication cannot deny the authenticity of their signature on a document”
Non‐RepudiationAvailabilityIntegrityAuthenticityConfidentiality
Securing Information : elements
Peran Sandi dalamKeamanan Informasi
you can’t discuss information security without discussing cryptography
SANDI
- Rahasia- Merahasiakan berita/informasi
PERSANDIAN
- Segala sesuatu tentang rahasia- Segala sesuatu tentang cara merahasiakan
berita/informasi- Sandi = Kriptografi (Cryptography)
Peran SANDI
SANDI apaan sih?Pengenalan terhadap Sandi
Sandi = Kriptografi
Cryptography (sandi) dapat pula diartikan sebagai ilmu dan seni untuk menjaga
kerahasiaan informasi
Sistem Sandi Caesar
� Salah satu sistem sandi tertua didunia, skemasandi sederhana dimana huruf digeser / disubstitusi dengan huruf ke 3 huruf ke kanan( A jadi D atau Ts = Tt + 3 )
� Dipakai oleh Julius Caesar untukberkomunikasi dengan tentaranya
Sistem Sandi Caesar
� Caesar Shift Code
Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher : DEFGHIJKLMNOPQRSTUVWXYZABC
Contoh ENKRIPSI DEKRIPSI
Teks Terang Teks Sandi
� P� E� S� A� N
� P + 3 = S� E + 3 = H� S + 3 = V� A + 3 = D� N + 3 = Q
Sistem Sandi ROT13
• Menggeser huruf sebanyak 13 huruf• Karena jumlah huruf ada 26, maka
algoritma (geser13) bisa digunakanuntuk enkripsi dan dekripsi
• Lihat situs http://www.rot13.com• Dapat digunakan untuk tebak-tebakan
Contoh ROT13Apa bedanya handphonedan monyet?Jawaban:
Xnynh unaqcubar, abxvn. Xnynh zbalr, ah xvrh
38
Confidentiality = kerahasiaan
� Sandi/Kriptografi membuat pesan hanyadapat dimengerti oleh pihak-pihak yang berwenang saja.
� Dengan sandi penyadapan masih dapatdilakukan, namun pesan tidak dapatdimengerti oleh penyadap.
Kerahasiaan Pesan : tidak disandi
To Bob : Halo Say..
Jiah..dia lagiPacaran
…
Kerahasiaan Pesan disandi
….xprsv sroqc miez….
WalahPusing…
To Bob :Hallo Say..
From Alice :
Hallo Say..
Integritas Pesan
� Sandi memastikan agar pesan yang diterimasama dengan pesan yang dikirim.
� Teknik sandi yang digunakan biasanya hash function
� Contoh Md5
Integritas Pesan : modifikasi
Pergi yuk Say..
Gwkerjainloe…
To Bob :Pergi yuk
Say..
From Alice :
Putus yukSay..
Putus yuk Say..
Integritas Pesan : verifikasi
Pergi yuk Say.. (xxy)
Gwkerjainloe…
To Bob :Pergi yuk say..
(xxy)
From Alice :
Putus yukSay..
Putus yuk Say..
Ga ada(xxy)..Ini mahbukandari
Alice..
Otentikasi
� Sandi menghambat pihak tidak berwenanguntuk mengakses pesan/informasi.
� Password untuk proteksi data biasanyadisimpan dalam bentuk tersandi.
Otentikasi : contoh passwordtidak disandi yang disadap..
Otentikasi dengan password disandi
� Kaskus.co.idmenggunakan md5 untuk menyandipassword gan! J
Kriptografi Asimetrik (Kunci Publik)
Certificate Authority (CA)
Private key
PlaintextPlaintext Ciphertext
L)8*@Hgx uqnrpGtZ My phone
555-1234My phone555-1234
Encryption Decryption
Public key repository Public key
Hyper Text Transfer Protocol (http://)HTTPSecure (https://)
you want more security ?
50
lSteganografi (steganography)àilmu dan seni menyembunyikan pesan rahasia (hiding message)
lBerasal dari Bahasa Yunani yang berarti“tulisan tersembunyi” (covered writing).
lSteganografi membutuhkan dua properti: wadah penampungdata rahasia yang akan disembunyikan.
lSteganografi dapat dipandang sebagai kelanjutan kriptografi
Sejarah
lYunani à Herodatus,Rambut prajurit dibotaki, lalu pesan rahasia ditulis pada kulit kepala prajurit tsb.
lBangsa Romawi menggunakan tinta tak-tampak (invisible ink). Tinta tersebut dibuat dari campuran saribuah, susu, dan cuka.
jika aku menangisselalu aku teringat upayamumemang akan lebih afdol melihatmubolehkah orang mengetahui?mengapa embun luluh, embun di atas kota
apa pesantersembunyinya?
Pemetaan produk persandian ke dalamdomain keamanan informasi
1. Kerahasiaan
2. Integritas Data
3. Otentikasi User
4. Anti penyangkalan
MD5
RSA
Simetrik
AES
RC4
IDEAEncryption
Digital Signature Asimetrik
Hash Function
Sandi PraktisPasang password pada file dokumen anda! (Microsoft atau OpenOffice)
Pasang Password pada file Zip/RarTruCrypt (http://www.trucrypt.org)
Trucrypt
� Aplikasi yang dapat menyandi file, folder, flash disk atau bahkan sebuah partisi.
� Menggunakan algoritma-algoritma sanditerkini.
� Free Open Source Software� Terintegrasi kedalam windows explorer� Berguna untuk amankan file pribadi
Aplikasi Sandi Email
� OpenPGP dengan Thunder Bird + Enigmail(http://enigmail.mozdev.org)
File tersandi dengan OpenPGP
Free Encryption Softwaren Symmetric
a. BitLockerb. AxCryptc. VeraCryptd. AES Crypte. DiskCryptor
n Asymmetrica. Thunderbird + add-on “Enigmail”b. Gpg4Win
“Kekuatan sebuah rantai terletak pada anakrantai yang paling lemah”
� Secanggih apapun sistem anda..� Sesulit apapun kriptografi anda..
� Akan percuma apabila…Passwordnya mudah ditebak!
Tips memilih password yang kuat!
� Jangan memilih password dari kata yang adadi Kamus!
� Jangan pilih password dari Hari Ultah, NamaPacar/Ortu, dlsb.
� Campurlah Huruf dan Abjad, dan apabilamemungkinkan karakter khusus (contoh * & ^ ! @ )
� Gunakan campuran huruf besar dan hurufkecil
� Semakin panjang semakin baik!
Tips membuat Password Kuat tapimudah diingat
Contoh :JoW121J03S à Jono Wibowo, Lahir 21 Januari,
Nikah 03 Sept.
Tips Berinternet AmanKesadaran keamanan informasi ketika berinternet
Paranoid di dunia maya
21 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Spam Email
Instant Chat
Messenger
Chain Letters
Hoax Letters
Pop‐up Windows
Windows that suddenly pop up while surfing the Internet and ask for users’ information to login or sign‐in
Hoax letters are emails that issue warnings to the user on new viruses, Trojans, or worms that may harm the user’s system
Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons
Gathering personal informationby chatting with a selected online user to get information such as birth dates and maiden names
Irrelevant, unwanted, and unsolicited email to collect the financial information, social security numbers, and network information
Computer-Based Social EngineeringHati-hati upaya kejahatan berikut!!
17 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
17 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
1
2
3
4
Choosing a Secure Online Payment Service
Make sure that the payment service is legitimate/registered
Check the reviews of these services at websites such as Epinions.com or BizRate.com
Look at the payment service's website for seals of approval from TRUSTe, VeriSign, or Better Business Bureau Online (BBBOnline)
Ensure that the website uses encryption technology to help protect your information
23 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
23 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Identifying a Trustworthy WebsiteClicking the Padlock symbol reveals the website information
Click View Certificate to view the authenticityof the certificate
Certification authority
Pastikan website online payment anda aman!!
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
10
Attacks on a Social Networking Sites
Security Risks Involved in Social Networking Sites
Cyberbullying
Identity Theft
Phishing Scams
Malware Attacks
Site Flaws
Objectionable Content
Overexposure
Contact with Predators
Contact Inappropriate Adults and Businesses
Resiko dalam ber jejaring sosial!!
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
20
Profile SettingsSet the profile settings as “Only my friends”‐By default, Facebook allows all of your networks and all of your friends to be able to view your profile
The users reveal personal information to potential identity thieves if they leave this option to default settings
Therefore, it is advised to allow your profile to be viewed by only friends
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
32
Read the privacy policy and terms of service carefully
Do not post anything personal on the social networking site
Set appropriate privacy and security defaults to make your profile private
Choose a complex/unique password for the account
Be careful about what is posted on the Internet
Be careful installing third‐party applications
Only accept friend requests from people you know
Only share limited personal information
Social Networking Security Checklist
14 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Threats to Bluetooth DevicesBluetooth is an open standard wireless technology for exchanging data over short‐range radio frequencies from fixed to mobile devices by creating Wireless Personal Area Networks (WPANs)
Bluejacking refers to anonymously sending an electronic business card or photo to another Bluetooth user
Bluejacking
A Bluesnarfing attack is launched using the Bluejacking technique
It allows an attacker to access the address book, contact information, email, and text messages on another user's mobile phone
Bluesnarfing
Bluesniping uses a highly directional antenna and laptop to establish connections with Bluetooth‐enabled devices from more than half a mile away
Bluesniping
War nibbling refers to finding unsecured or unpatched Bluetooth connections and cruising for open 802.11 networks
War Nibbling
26 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Phone Anti-Virus Tools
ESET Mobile Antivirushttp://www.eset.com
Trend Micro Mobile Security http://us.trendmicro.com
Symantec Antivirus for Handheldshttp://www.symantec.com
Kaspersky Antivirus Mobilehttp://www.kaspersky.com
BitDefender Mobile Securityhttp://www.bitdefender.com
Avast! PDA Editionhttp://www.avast.com
Avira AntiVir Mobilehttp://www.avira.com
Norton Mobile Securityhttp://us.norton.com
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
14
Deleting Browsing History1. Choose Internet options
from the Toolsmenu on the browser
2. Go to the Browsing historysection
3. Check the desired options in the Delete Browsing History dialog box
4. Click Delete to delete the browsing history
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
15
Do Not Allow the Browser to Remember any Password
Internet Explorer Autocomplete Password prompt
Firefox Remember Password prompt
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
32
Instant Messaging Security Measures
Do not reveal personal information on IMs
Do not accept links received from unknown people on IM
Sign out of the IM application after using it
Always use strong passwords
Block the users who send unsolicited web‐links
Do not check the Remember password option
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
36
Interactions with potential fraudsters who may trick the gamer to reveal personal/financial information
Computer intruders exploiting security vulnerabilities
Online and real‐world predators
Malware such as viruses, Trojan horses (Trojans), computer worms, and spyware
Online Gaming Risks
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
46
Play the Game, Only at the Game Site
Play the games at the game site and save the Internet browsing for later
Once done with playing the game, switch to the user account to browse the Internet
This reduces the risk of visiting a malicious websitewhen playing a game
Karir di BidangKeamanan Informasi
Pengenalan terhadap profesi keamanan informasi
79
Sumber : Hogan Kusnadi (2010)
80
Situasi saat ini..
• Kebutuhan mendesak thd profesinal dibidang ITSecurity
• Sumber daya manusia yangada belum mencukupi
Peluang karir..• Industry
– Banking,Telecommunication,e-Commerce,companiesingeneral
• Government– Policymakers,Certificate
Authority• Academics
– Researchers,inventors,Lecturers,Teachers
• Military– CyberTroops– CyberWarfare
• Law– CyberLawyer– ExpertOpinioninatrial
ToDo:petakan sesuai bidangminatanda !
Certificationvs.FormalEducation
Certification• Terlalu banyak sertifikasi
(CISSP,CISA,CEH,etc)• Cakupan ilmu yangluas dan
tersebar• (belum)ada standar• Mahal
FormalEducation• Bidang minat baru• Belum banyak yangbuka• (Belum)diakui oleh industri• Relatif lebihmurah (beasiswa,
tugas belajar,berlakupermanen)
84
RPL+Security
Jaringan Komputer +Security
86
Industri Otomotif +Security
87
88
https://stsn-nci.ac.id2016
UFSJNBLBTJI
hide your data, protect your information