konsep keamanan jaringan
DESCRIPTION
Saya menemukannya di internet, tanpa ada pengarangnya di dalamnya. Cukup membantu untuk anda seorang pelajar teknik komputerTRANSCRIPT
![Page 1: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/1.jpg)
KONSEPKONSEPKONSEPKONSEPKEAMANAN JARINGANKEAMANAN JARINGAN
![Page 2: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/2.jpg)
Klasifikasi KeamananKlasifikasi Keamanan(Menurut David Icove)(Menurut David Icove)
![Page 3: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/3.jpg)
Klasifikasi Berdasarkan ElemenKlasifikasi Berdasarkan ElemenSistemSistem• Network security
– fokus kepada saluran (media) pembawa informasi
• Application security– fokus kepada aplikasinya sendiri, termasuk di
dalamnya adalah database
• Computer security– fokus kepada keamanan dari komputer (end system),
termasuk operating system (OS)
• Network security– fokus kepada saluran (media) pembawa informasi
• Application security– fokus kepada aplikasinya sendiri, termasuk di
dalamnya adalah database
• Computer security– fokus kepada keamanan dari komputer (end system),
termasuk operating system (OS)
![Page 4: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/4.jpg)
Letak Potensi Lubang KemananLetak Potensi Lubang Kemanan
![Page 5: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/5.jpg)
Komponen KeamananKomponen Keamanan
![Page 6: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/6.jpg)
Confidentiality / PrivacyConfidentiality / Privacy• Proteksi data [hak pribadi] yang sensitif
– Nama, tempat tanggal lahir, agama, hobby, penyakit yang pernahdiderita, status perkawinan, nama anggota, keluarga, nama orang tua
– Data pelanggan. Customer Protection harus diperhatikan– Sangat sensitif dalam e-commerce, healthcare
• Serangan: sniffer (penyadap), keylogger (penyadap kunci), socialengineering, kebijakan yang tidak jelas
• Proteksi: firewall, kriptografi / enkripsi, policy
• Electronic Privacy Information Center http://www.epic.org• Electronic Frontier Foundartion http://www.eff.org
• Proteksi data [hak pribadi] yang sensitif– Nama, tempat tanggal lahir, agama, hobby, penyakit yang pernah
diderita, status perkawinan, nama anggota, keluarga, nama orang tua– Data pelanggan. Customer Protection harus diperhatikan– Sangat sensitif dalam e-commerce, healthcare
• Serangan: sniffer (penyadap), keylogger (penyadap kunci), socialengineering, kebijakan yang tidak jelas
• Proteksi: firewall, kriptografi / enkripsi, policy
• Electronic Privacy Information Center http://www.epic.org• Electronic Frontier Foundartion http://www.eff.org
![Page 7: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/7.jpg)
IntegrityIntegrity• Informasi tidak berubah tanpa ijin (tampered,
altered, modified)
• Serangan:– spoof (pemalsuan), virus (mengubah berkas), trojan
horse, man-in-the-middle attack
• Proteksi:– message authentication code (MAC), (digital)– signature, (digital) certificate, hash function
• Informasi tidak berubah tanpa ijin (tampered,altered, modified)
• Serangan:– spoof (pemalsuan), virus (mengubah berkas), trojan
horse, man-in-the-middle attack
• Proteksi:– message authentication code (MAC), (digital)– signature, (digital) certificate, hash function
![Page 8: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/8.jpg)
AuthenticationAuthentication• Meyakinkan keaslian data, sumber data, orang yang
mengakses data, server yang digunakan– Bagaimana mengenali nasabah bank pada servis Internet
Banking? Lack of physical contact– Menggunakan:
1. what you have (identity card)2. what you know (password, PIN)3. what you are (biometric identity)4. Claimant is at a particular place (and time)5. Authentication is established by a trusted third party
• Serangan: identitas palsu, password palsu, terminalpalsu, situs web gadungan
• Proteksi: digital certificates
• Meyakinkan keaslian data, sumber data, orang yangmengakses data, server yang digunakan– Bagaimana mengenali nasabah bank pada servis Internet
Banking? Lack of physical contact– Menggunakan:
1. what you have (identity card)2. what you know (password, PIN)3. what you are (biometric identity)4. Claimant is at a particular place (and time)5. Authentication is established by a trusted third party
• Serangan: identitas palsu, password palsu, terminalpalsu, situs web gadungan
• Proteksi: digital certificates
![Page 9: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/9.jpg)
![Page 10: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/10.jpg)
Authentication TerpaduAuthentication Terpadu
![Page 11: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/11.jpg)
AvailabilityAvailability• Informasi harus dapat tersedia ketika dibutuhkan
– Serangan terhadap server: dibuat hang, down, crash,lambat
– Biaya jika server web (transaction) down di Indonesia– Menghidupkan kembali: Rp 25 juta– Kerugian (tangible) yang ditimbulkan: Rp 300 juta
• Serangan: Denial of Service (DoS) attack• Proteksi: backup, redundancy, DRC, BCP, IDS,
filtering router, firewall untuk proteksi serangan
• Informasi harus dapat tersedia ketika dibutuhkan– Serangan terhadap server: dibuat hang, down, crash,
lambat– Biaya jika server web (transaction) down di Indonesia– Menghidupkan kembali: Rp 25 juta– Kerugian (tangible) yang ditimbulkan: Rp 300 juta
• Serangan: Denial of Service (DoS) attack• Proteksi: backup, redundancy, DRC, BCP, IDS,
filtering router, firewall untuk proteksi serangan
![Page 12: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/12.jpg)
NonNon--RepudiationRepudiation
• Tidak dapat menyangkal (telah melakukantransaksi)– menggunakan digital signature / certificates– perlu pengaturan masalah hukum (bahwa
digital signature sama seperti tanda tangankonvensional)
• Tidak dapat menyangkal (telah melakukantransaksi)– menggunakan digital signature / certificates– perlu pengaturan masalah hukum (bahwa
digital signature sama seperti tanda tangankonvensional)
![Page 13: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/13.jpg)
Access ControlAccess Control
• Mekanisme untuk mengatur siapa bolehmelakukan apa– biasanya menggunakan password, token– adanya kelas / klasifikasi pengguna dan data,– misalnya:
• Publik• Private• Confidential• Top Secret
• Mekanisme untuk mengatur siapa bolehmelakukan apa– biasanya menggunakan password, token– adanya kelas / klasifikasi pengguna dan data,– misalnya:
• Publik• Private• Confidential• Top Secret
![Page 14: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/14.jpg)
JenisJenis--jenis Seranganjenis SeranganMenurut W. Stalling:• Interruption
– DoS attack, network flooding
• Interception– Password sniffing
• Modification– Virus, trojan horse
• Fabrication– spoffed packets
Menurut W. Stalling:• Interruption
– DoS attack, network flooding
• Interception– Password sniffing
• Modification– Virus, trojan horse
• Fabrication– spoffed packets
![Page 15: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/15.jpg)
Interruption AttackInterruption Attack• Denial of Service (DoS) attack
– Menghabiskan bandwith, network flooding– Memungkinkan untuk spoofed originating address
• Tools: ping broadcast, smurf, synk4, macof,various flood utilities
• Proteksi:– Sukar jika kita sudah diserang– Filter at router for outgoing packet, filter attack– orginiating from our site
• Denial of Service (DoS) attack– Menghabiskan bandwith, network flooding– Memungkinkan untuk spoofed originating address
• Tools: ping broadcast, smurf, synk4, macof,various flood utilities
• Proteksi:– Sukar jika kita sudah diserang– Filter at router for outgoing packet, filter attack– orginiating from our site
![Page 16: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/16.jpg)
Interception AttackInterception Attack
• Sniffer to capture password and othersensitive information
• Tools: tcpdump, ngrep, linux sniffer, dsniff,trojan (BO, Netbus, Subseven)
• Protection: segmentation, switched hub,promiscuous detection (anti sniff)
• Sniffer to capture password and othersensitive information
• Tools: tcpdump, ngrep, linux sniffer, dsniff,trojan (BO, Netbus, Subseven)
• Protection: segmentation, switched hub,promiscuous detection (anti sniff)
![Page 17: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/17.jpg)
Modification AttackModification Attack
• Modify, change information/programs– Examples: Virus, Trojan, attached with email
or web sites
• Protection: anti virus, filter at mail server,integrity checker (eg. tripwire)
• Modify, change information/programs– Examples: Virus, Trojan, attached with email
or web sites
• Protection: anti virus, filter at mail server,integrity checker (eg. tripwire)
![Page 18: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/18.jpg)
Fabrication AttackFabrication Attack
• Spoofing address is easy– Examples: Fake mails: virus sends emails
from fake users (often combined with DoSattack)
– spoofed packets
• Tools: various packet construction kit• Protection: filter outgoing packets at router
• Spoofing address is easy– Examples: Fake mails: virus sends emails
from fake users (often combined with DoSattack)
– spoofed packets
• Tools: various packet construction kit• Protection: filter outgoing packets at router
![Page 19: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/19.jpg)
More On Interruption AttackMore On Interruption Attack• Distributed Denial of Service (DDoS) attack
– Flood your network with spoofed packets frommanysources
• Based on SubSeven trojan, “phone home”viaIRC once installed on a machine. Attackerknows how many agents ready to attack.
• Then, ready to exhaust your bandwidth• See Steve Gibson’s paper http://grc.com
• Distributed Denial of Service (DDoS) attack– Flood your network with spoofed packets frommany
sources
• Based on SubSeven trojan, “phone home”viaIRC once installed on a machine. Attackerknows how many agents ready to attack.
• Then, ready to exhaust your bandwidth• See Steve Gibson’s paper http://grc.com
![Page 20: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/20.jpg)
Teknologi KriptografiTeknologi Kriptografi
• Penggunaan enkripsi (kriptografi) untukmeningkatkan keamanan
• Private key vs public key– Contoh: DES, IDEA, RSA, ECC
• Lebih detail, akan dijelaskan pada bagianterpisah
• Penggunaan enkripsi (kriptografi) untukmeningkatkan keamanan
• Private key vs public key– Contoh: DES, IDEA, RSA, ECC
• Lebih detail, akan dijelaskan pada bagianterpisah
![Page 21: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/21.jpg)
Mempelajari Cracker
• Mempelajari:– Perilaku perusak– Siapakah mereka?– Apa motifnya?– Bagaimana cara masuk?– Apa yang dilakukan setelah masuk?
• Tools: honeypoy, honeynet
• Mempelajari:– Perilaku perusak– Siapakah mereka?– Apa motifnya?– Bagaimana cara masuk?– Apa yang dilakukan setelah masuk?
• Tools: honeypoy, honeynet
![Page 22: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/22.jpg)
Metodologi CrackerMetodologi CrackerDari “Hacking Exposed”:• Target acquisition and information
gathering• Initial access• Privilege escalation• Covering tracks• Install backdoor• Jika semua gagal, lakukan DoS attack
Dari “Hacking Exposed”:• Target acquisition and information
gathering• Initial access• Privilege escalation• Covering tracks• Install backdoor• Jika semua gagal, lakukan DoS attack
![Page 23: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/23.jpg)
Pengamanan MenyeluruhPengamanan Menyeluruh
![Page 24: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/24.jpg)
Pengamanan BerlapisPengamanan Berlapis
![Page 25: Konsep Keamanan Jaringan](https://reader034.vdocuments.site/reader034/viewer/2022050713/55cf9a05550346d033a02505/html5/thumbnails/25.jpg)
Contoh ImplementasiContoh Implementasi