wireless lan security
DESCRIPTION
explaining everything related to wireless LAN security, a course material at IMTelkom (http://www.imtelkom.ac.id)TRANSCRIPT
![Page 1: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/1.jpg)
Keamanan di Jaringan wireless LAN
Lustrum10 September 2005
![Page 2: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/2.jpg)
Nyoman Bogi Aditya Karna
Personal InformationJakarta, 23 Oktober [email protected]://bogi.blog.imtelkom.ac.id
![Page 3: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/3.jpg)
jaringan intranet
(wireline)
jaringan wLAN (HotSpot)
Access Point
Jaringan wLAN
![Page 4: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/4.jpg)
jaringan intranet
(wireline)
jaringan wLAN (HotSpot)
Apa yg diamankan ?
portable user ?
intranet ?
radio ?mobile user ?
![Page 5: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/5.jpg)
jaringan intranet
(wireline)
jaringan wLAN (HotSpot)
Sampai seberapa aman ?
keamanan akses ?
ketersediaan akses ?
![Page 6: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/6.jpg)
Tipe IntruderMasqueradernon-authorized user yg menggunakan account dari authorized user
Misfeasorauthorized user yg melakukan un-authorized action
Clandestine Useruser yg mendapatkan level supervisor dan menggunakannya untuk merusak
sistem
mana yg paling mungkin terjadi ?
√
√
X
![Page 7: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/7.jpg)
4 Aspek Kehandalan Sistem
ConfidentialitySistem hanya dapat diakses oleh “authorized user” melalui Filtering dan Enkripsi
IntegrityMengubah sistem hanya dapat dilakukan oleh “authorized user” melalui Filtering
dan VPN
AvailabilitySistem dapat selalu digunakan oleh “authorized user” 24/7
AuthenticitySistem dapat menentukan identitas user melalui Filtering dan VPN
![Page 8: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/8.jpg)
3 Cara Mengamankan Sistem
Filteringmemisahkan authorized dengan non-authorized user dengan melihat identitasnya. Identitas yg dilihat adalah :- Port address (identitas aplikasi)- IP address (identitas software)- MAC address (identitas hardware)
Enkripsimengacak informasi yang dikirim dengan suatu kunci agar tidak ada yg bisa membaca kecuali yg memiliki kunci pembuka-nya. Enkripsi simetris kunci pengacak = kunci pembukaEnkripsi asimetris kunci pengacak != kunci pembuka
VPN (Virtual Private Network)sebelum dapat menggunakan sistem, user harus login terlebih dahulu ke “pintu gerbang” dari sistem
membatasi aplikasi yg boleh digunakanmudah diduplikasi
standar fitur dari Access Point
standar fitur dari Access Point
optional fitur dari Access Point
![Page 9: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/9.jpg)
Level Proteksi SistemNo protection
Isolationpemisahan setiap process/access, ex. HTTP and SMTP only (using firewall)
Share All/Share Nothingmenentukan suatu layanan “public” atau “private”, ex. Public vs. Private Access
HotSpot
Share via access limitationsmembatasi jenis akses, ex. VPN depended (using Proxy)
Share via dynamic capabilitiespengaturan hak secara dinamis, ex. VPN depended (using Proxy)
Limit use of an objectmembatasi penggunaan layanan (GET vs. POST), ex. VPN depended (using Proxy)
![Page 10: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/10.jpg)
jaringan intranet
(wireline)
jaringan Public wLAN- Outdoor HotSpot- Unlimited Area- Enkripsi- Filtering
VPN + DNS + Proxy Server
with Firewall (HTTP & SMTP)
jaringan Private wLAN- Indoor HotSpot- Limited Area
Jaringan wLAN + Security
![Page 11: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/11.jpg)
Thank You
![Page 12: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/12.jpg)
Why Using DNS + Proxy Server ?
- To block malicious program- DNS flooding- Authentication- Accounting- Bandwidth Management
![Page 13: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/13.jpg)
What is Filtering ?Authorized User
non-Authorized User
MAC IP PORT DATA
![Page 14: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/14.jpg)
Key
encryptionprogram Internet
User A
Key
decryptionprogram
User B
digitally signed and encrypted
What is Encryption ?
non-Authorized User??
?
![Page 15: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/15.jpg)
VPN Gateway VPN GatewayWorkstation Workstation
PUBLICNETWORK
Clear Text Clear TextCipher Text
What is VPN ?
![Page 16: Wireless LAN Security](https://reader035.vdocuments.net/reader035/viewer/2022062707/5583d792d8b42ace2f8b4e6d/html5/thumbnails/16.jpg)
http://www.imtelkom.ac.id