sosdarkam smkn 1 cibinong 13 april 2016

ü Gaya Hidupü Dunia Pendidikanü Dunia Kerjaü Komunikasi Massaü Ekonomi

Kegiatan yang dilakukan ketika menggunakan internet

Sumber : Profil Pengguna Internet Indonesia 2014

Jejaring Sosial Sosial MediaDefinisi Membangun hubungan

dgn masyarakatMenyajikan informasi kepada masyarakat luas

Gaya Berkomunikasi

Ada dialog / komuniasi dua arah (two-way)

Informasi hanya dari penyaji (one-way)

v Situs-situs sosial media;- detik.com- kompas.com- youtube.com- wiki- blog, dllsumber: wikipedia

v Situs-situs jejaring sosial;- facebook.com- twitter.com- friendster.com- plurk.com dllsumber: wikipedia

Jejaring sosial adalah suatu struktur sosial yang dibentuk dari simpul-simpul (yang

umumnya adalah individu atau organisasi) yang diikat dengan satu atau lebih tipe relasi

spesifik seperti nilai, visi, ide, teman, keturunan, dll. Sumber wikipedia

1. Facebook2. Google3. Blogspot4. Youtube5. Yahoo!6. Kaskus7. WordPress8. Twitter9. Detik10.Blogger.com� Sumber : Alexa� (13 September 2012)

� Peraturan/perundang-undangan yang mengatur tentang kegiatan dunia maya (cyberspace) di Indonesia adalah UU NOMOR 11 TAHUN 2008tentang ITE dan UU NOMOR 14 TAHUN 2008 tentang KIP

� UU NOMOR 11 TAHUN 2008 tentang ITE mengatur tentang isi/konten dan penyelenggara jasa layanan informasi elektronik

� UU NOMOR 14 TAHUN 2008 tentang KIP mengatur mengenai transparansi dan keterbukaan informasi bagi publik

KerawananPenggunaan Internet

Informasi yang bisa dimanfaatkan

q User name & password account situs tertentu

q Data pribadi

q Foto pribadi

q Isi percakapan

q Dll

Software Hardware

� Contoh kasus: carding, pencurian rekening/account bank

� Contoh kasus: pemalsuan identitas, "I'm Serious Guys", Penipuan Baru di Facebook

http://www.metrotvnews.com/read/newsvideo/2011/04/02/125486/Lima-Bulan-Menikah-Sang-Istri-Ternyata-Waria

contoh kasus: penculikan via Facebook yang dialami siswi SMP 28

Bandung

http://www.solopos.com/2010/channel/nasional/korban-penculikan-lewat-facebook-trauma-akibat-diculik-64551

1. Perilaku Sehat berinternet:• Berbagi informasi yang bermanfaat• Mengunggah isi/konten yang bersifat membangun dan positif• Saat ber-”sosial networking” tidak asal dalam menerima/

menambah teman• Memisahkan account pribadi dan account untuk game

2. Penggunaan password yang aman:• Menggunakan kombinasi karakter• Mengganti password secara periodik• Jangan gunakan password yang sama untuk account yang

berbeda• Jangan melakukan sharing password• Gunakan password manager untuk memudahkan mengingat

banyak password (hanya digunakan di komputer pribadi !)3. Mengatur account di dunia maya dengan baik dan benar

v Aktivitasinternetdikalanganremaja:

q Mengunjungi situs socialnetworking (facebook,myspace,twitter,dll)

q Komunikasi viainstantmessaging (yahoomessenger, gtalk,icq,dll)

q Bermain gameonline (PointBreak,dotA,webbasedgames,dll)

q Komunikasi viae-mail(yahoomail,google mail,hotmail,dll)

q Mencari informasi mengenai pelajaran sekolah.

v Informasiyangbisadimanfaatkan :

q Username&passwordaccountsitus tertentu

q Datapribadi

q Foto pribadi

q Isipercakapan

q Dll

identitytheft(pencurian identitas)

[facebook,path,twitter…socialnetworksdoyoutrustyour“friends”?]

22

What we should do ?

23

CyberLawCyberspace.Cyberthreat.Cyberattack.Cybercrime

STRATEGIES FOR PROTECTION

24

Protecting Information

Protecting Infrastructure

Protecting InteractionsSecurityAwareness

Kriptografi/Persandian

NetworkSecurity

Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

19

What to Secure?Hardware Software

Information Communications

Laptops, Desktop PCs, CPU, hard disk, storage devices, cables, etc.

Operating system and software applications

Personal identification such as Social Security Number (SSN), passwords, credit card numbers, etc.

Emails, instant messengers, and browsing activites

Securing Interaction


17

Layers of Security

Layer 1

Layer 2

Layer 3

Layer 4

Layer 5

Physical Security

Safeguards the personnel, hardware, programs, networks, and data from physical threats

Network Security

Protects the networks and their services from unauthorized modification, destruction, or disclosure

System Security

Protects the system and its information from theft, corruption, unauthorized access, or misuse

Application Security

Covers the use of software, hardware, and procedural methods to protect applications from external threats

User Security

Ensures that a valid user is logged in and that the logged‐in user is allowed to use an application/ program

Securing Infrastructure


14

Elements of Security

Authenticity is “the identification and assurance of the origin of information”

Confidentiality is “ensuring that information is accessible only to those authorized to have access” (ISO‐17799)

Availability is “ensuring that the information is accessible to authorized persons when required without delay”

Integrity is “ensuring that the information is accurate, complete, reliable, and is in its original form”

Non‐repudiation is “ensuring that a party to a contract or a communication cannot deny the authenticity of their signature on a document”

Non‐RepudiationAvailabilityIntegrityAuthenticityConfidentiality

Securing Information : elements

Peran Sandi dalamKeamanan Informasi

you can’t discuss information security without discussing cryptography

SANDI

- Rahasia- Merahasiakan berita/informasi

PERSANDIAN

- Segala sesuatu tentang rahasia- Segala sesuatu tentang cara merahasiakan

berita/informasi- Sandi = Kriptografi (Cryptography)

Peran SANDI

SANDI apaan sih?Pengenalan terhadap Sandi

Sandi = Kriptografi

Cryptography (sandi) dapat pula diartikan sebagai ilmu dan seni untuk menjaga

kerahasiaan informasi

Sistem Sandi Caesar

� Salah satu sistem sandi tertua didunia, skemasandi sederhana dimana huruf digeser / disubstitusi dengan huruf ke 3 huruf ke kanan( A jadi D atau Ts = Tt + 3 )

� Dipakai oleh Julius Caesar untukberkomunikasi dengan tentaranya

Sistem Sandi Caesar

� Caesar Shift Code

Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher : DEFGHIJKLMNOPQRSTUVWXYZABC

Contoh ENKRIPSI DEKRIPSI

Teks Terang Teks Sandi

� P� E� S� A� N

� P + 3 = S� E + 3 = H� S + 3 = V� A + 3 = D� N + 3 = Q

Sistem Sandi ROT13

• Menggeser huruf sebanyak 13 huruf• Karena jumlah huruf ada 26, maka

algoritma (geser13) bisa digunakanuntuk enkripsi dan dekripsi

• Lihat situs http://www.rot13.com• Dapat digunakan untuk tebak-tebakan

Contoh ROT13Apa bedanya handphonedan monyet?Jawaban:

Xnynh unaqcubar, abxvn. Xnynh zbalr, ah xvrh

Confidentiality = kerahasiaan

� Sandi/Kriptografi membuat pesan hanyadapat dimengerti oleh pihak-pihak yang berwenang saja.

� Dengan sandi penyadapan masih dapatdilakukan, namun pesan tidak dapatdimengerti oleh penyadap.

Kerahasiaan Pesan : tidak disandi

To Bob : Halo Say..

Jiah..dia lagiPacaran

…

Kerahasiaan Pesan disandi

….xprsv sroqc miez….

WalahPusing…

To Bob :Hallo Say..

From Alice :

Hallo Say..

Integritas Pesan

� Sandi memastikan agar pesan yang diterimasama dengan pesan yang dikirim.

� Teknik sandi yang digunakan biasanya hash function

� Contoh Md5

Integritas Pesan : modifikasi

Pergi yuk Say..

Gwkerjainloe…

To Bob :Pergi yuk

Say..

From Alice :

Putus yukSay..

Putus yuk Say..

Integritas Pesan : verifikasi

Pergi yuk Say.. (xxy)

Gwkerjainloe…

To Bob :Pergi yuk say..

(xxy)

From Alice :

Putus yukSay..

Putus yuk Say..

Ga ada(xxy)..Ini mahbukandari

Alice..

Otentikasi

� Sandi menghambat pihak tidak berwenanguntuk mengakses pesan/informasi.

� Password untuk proteksi data biasanyadisimpan dalam bentuk tersandi.

Otentikasi : contoh passwordtidak disandi yang disadap..

Otentikasi dengan password disandi

� Kaskus.co.idmenggunakan md5 untuk menyandipassword gan! J

Kriptografi Asimetrik (Kunci Publik)

Certificate Authority (CA)

Private key

PlaintextPlaintext Ciphertext

L)8*@Hgx uqnrpGtZ My phone

555-1234My phone555-1234

Encryption Decryption

Public key repository Public key

Hyper Text Transfer Protocol (http://)HTTPSecure (https://)

you want more security ?

50

lSteganografi (steganography)àilmu dan seni menyembunyikan pesan rahasia (hiding message)

lBerasal dari Bahasa Yunani yang berarti“tulisan tersembunyi” (covered writing).

lSteganografi membutuhkan dua properti: wadah penampungdata rahasia yang akan disembunyikan.

lSteganografi dapat dipandang sebagai kelanjutan kriptografi

Sejarah

lYunani à Herodatus,Rambut prajurit dibotaki, lalu pesan rahasia ditulis pada kulit kepala prajurit tsb.

lBangsa Romawi menggunakan tinta tak-tampak (invisible ink). Tinta tersebut dibuat dari campuran saribuah, susu, dan cuka.

jika aku menangisselalu aku teringat upayamumemang akan lebih afdol melihatmubolehkah orang mengetahui?mengapa embun luluh, embun di atas kota

apa pesantersembunyinya?

Pemetaan produk persandian ke dalamdomain keamanan informasi

1. Kerahasiaan

2. Integritas Data

3. Otentikasi User

4. Anti penyangkalan

MD5

RSA

Simetrik

AES

RC4

IDEAEncryption

Digital Signature Asimetrik

Hash Function

Sandi PraktisPasang password pada file dokumen anda! (Microsoft atau OpenOffice)

Pasang Password pada file Zip/RarTruCrypt (http://www.trucrypt.org)

Trucrypt

� Aplikasi yang dapat menyandi file, folder, flash disk atau bahkan sebuah partisi.

� Menggunakan algoritma-algoritma sanditerkini.

� Free Open Source Software� Terintegrasi kedalam windows explorer� Berguna untuk amankan file pribadi

Aplikasi Sandi Email

� OpenPGP dengan Thunder Bird + Enigmail(http://enigmail.mozdev.org)

File tersandi dengan OpenPGP

Free Encryption Softwaren Symmetric

a. BitLockerb. AxCryptc. VeraCryptd. AES Crypte. DiskCryptor

n Asymmetrica. Thunderbird + add-on “Enigmail”b. Gpg4Win

“Kekuatan sebuah rantai terletak pada anakrantai yang paling lemah”

� Secanggih apapun sistem anda..� Sesulit apapun kriptografi anda..

� Akan percuma apabila…Passwordnya mudah ditebak!

Tips memilih password yang kuat!

� Jangan memilih password dari kata yang adadi Kamus!

� Jangan pilih password dari Hari Ultah, NamaPacar/Ortu, dlsb.

� Campurlah Huruf dan Abjad, dan apabilamemungkinkan karakter khusus (contoh * & ^ ! @ )

� Gunakan campuran huruf besar dan hurufkecil

� Semakin panjang semakin baik!

Tips membuat Password Kuat tapimudah diingat

Contoh :JoW121J03S à Jono Wibowo, Lahir 21 Januari,

Nikah 03 Sept.

Tips Berinternet AmanKesadaran keamanan informasi ketika berinternet

Paranoid di dunia maya

21 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

Spam Email

Instant Chat

Messenger

Chain Letters

Hoax Letters

Pop‐up Windows

Windows that suddenly pop up while surfing the Internet and ask for users’ information to login or sign‐in

Hoax letters are emails that issue warnings to the user on new viruses, Trojans, or worms that may harm the user’s system

Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons

Gathering personal informationby chatting with a selected online user to get information such as birth dates and maiden names

Irrelevant, unwanted, and unsolicited email to collect the financial information, social security numbers, and network information

Computer-Based Social EngineeringHati-hati upaya kejahatan berikut!!



1

2

3

4

Choosing a Secure Online Payment Service

Make sure that the payment service is legitimate/registered

Check the reviews of these services at websites such as Epinions.com or BizRate.com

Look at the payment service's website for seals of approval from TRUSTe, VeriSign, or Better Business Bureau Online (BBBOnline)

Ensure that the website uses encryption technology to help protect your information



Identifying a Trustworthy WebsiteClicking the Padlock symbol reveals the website information

Click View Certificate to view the authenticityof the certificate

Certification authority

Pastikan website online payment anda aman!!


10

Attacks on a Social Networking Sites

Security Risks Involved in Social Networking Sites

Cyberbullying

Identity Theft

Phishing Scams

Malware Attacks

Site Flaws

Objectionable Content

Overexposure

Contact with Predators

Contact Inappropriate Adults and Businesses

Resiko dalam ber jejaring sosial!!


20

Profile SettingsSet the profile settings as “Only my friends”‐By default, Facebook allows all of your networks and all of your friends to be able to view your profile

The users reveal personal information to potential identity thieves if they leave this option to default settings

Therefore, it is advised to allow your profile to be viewed by only friends


32

Read the privacy policy and terms of service carefully

Do not post anything personal on the social networking site

Set appropriate privacy and security defaults to make your profile private

Choose a complex/unique password for the account

Be careful about what is posted on the Internet

Be careful installing third‐party applications

Only accept friend requests from people you know

Only share limited personal information

Social Networking Security Checklist


Threats to Bluetooth DevicesBluetooth is an open standard wireless technology for exchanging data over short‐range radio frequencies from fixed to mobile devices by creating Wireless Personal Area Networks (WPANs)

Bluejacking refers to anonymously sending an electronic business card or photo to another Bluetooth user

Bluejacking

A Bluesnarfing attack is launched using the Bluejacking technique

It allows an attacker to access the address book, contact information, email, and text messages on another user's mobile phone

Bluesnarfing

Bluesniping uses a highly directional antenna and laptop to establish connections with Bluetooth‐enabled devices from more than half a mile away

Bluesniping

War nibbling refers to finding unsecured or unpatched Bluetooth connections and cruising for open 802.11 networks

War Nibbling


Mobile Phone Anti-Virus Tools

ESET Mobile Antivirushttp://www.eset.com

Trend Micro Mobile Security http://us.trendmicro.com

Symantec Antivirus for Handheldshttp://www.symantec.com

Kaspersky Antivirus Mobilehttp://www.kaspersky.com

BitDefender Mobile Securityhttp://www.bitdefender.com

Avast! PDA Editionhttp://www.avast.com

Avira AntiVir Mobilehttp://www.avira.com

Norton Mobile Securityhttp://us.norton.com


14

Deleting Browsing History1. Choose Internet options

from the Toolsmenu on the browser

2. Go to the Browsing historysection

3. Check the desired options in the Delete Browsing History dialog box

4. Click Delete to delete the browsing history


15

Do Not Allow the Browser to Remember any Password

Internet Explorer Autocomplete Password prompt

Firefox Remember Password prompt


32

Instant Messaging Security Measures

Do not reveal personal information on IMs

Do not accept links received from unknown people on IM

Sign out of the IM application after using it

Always use strong passwords

Block the users who send unsolicited web‐links

Do not check the Remember password option


36

Interactions with potential fraudsters who may trick the gamer to reveal personal/financial information

Computer intruders exploiting security vulnerabilities

Online and real‐world predators

Malware such as viruses, Trojan horses (Trojans), computer worms, and spyware

Online Gaming Risks


46

Play the Game, Only at the Game Site

Play the games at the game site and save the Internet browsing for later

Once done with playing the game, switch to the user account to browse the Internet

This reduces the risk of visiting a malicious websitewhen playing a game

Karir di BidangKeamanan Informasi

Pengenalan terhadap profesi keamanan informasi

79

Sumber : Hogan Kusnadi (2010)

Situasi saat ini..

• Kebutuhan mendesak thd profesinal dibidang ITSecurity

• Sumber daya manusia yangada belum mencukupi

Peluang karir..• Industry

– Banking,Telecommunication,e-Commerce,companiesingeneral

• Government– Policymakers,Certificate

Authority• Academics

– Researchers,inventors,Lecturers,Teachers

• Military– CyberTroops– CyberWarfare

• Law– CyberLawyer– ExpertOpinioninatrial

ToDo:petakan sesuai bidangminatanda !

Certificationvs.FormalEducation

Certification• Terlalu banyak sertifikasi

(CISSP,CISA,CEH,etc)• Cakupan ilmu yangluas dan

tersebar• (belum)ada standar• Mahal

FormalEducation• Bidang minat baru• Belum banyak yangbuka• (Belum)diakui oleh industri• Relatif lebihmurah (beasiswa,

tugas belajar,berlakupermanen)

RPL+Security

Jaringan Komputer +Security

86

Industri Otomotif +Security

87

https://stsn-nci.ac.id2016

UFSJNBLBTJI

hide your data, protect your information