mte-netsec-1-2015-introduction to network security.pdf
TRANSCRIPT
-
MTE114 - Keamanan Jaringan
Dr. Teuku Yuliar Arif, ST., M.Kom
Magister Teknik Elektro Pasca Sarjana
Universitas Syiah Kuala
1
-
Instructor
Lecturer
Dr. Teuku Yuliar Arif, ST., M.Kom Mobile: 082160313880
E-mail: [email protected], [email protected]
Homepage: http://elektro.unsyiah.ac.id/staf/tyarif/
http://tyarif.wordpress.com
Office: Electrical Engineering Department, Faculty of Engineering, University of Syiah Kuala
2
-
Course Overview
Course: Network Security
Time: 14:00-16:30pm on Saturday
Classroom: JTE-1
Prerequisite: Computer Networks
Course webpage: http://tyarif.wordpress.com/teaching/
3
-
References Network Security Essentials: Applications and Standards, 4th
ed., by William Stallings, Pearson Education, Inc., 2011.
Cryptography and Network Security: Principles and Practice, Fifth Edition, by William Stallings, Prentice-Hall, 2011.
Kriptografi untuk Keamanan Jaringan, Rifki Sadikin, Andi-Offset, 2012.
Selected network security papers (ieeexplore, elsevier).
4
-
Grading Policy
(Tentative) grading policy
Attendance: 10%
Assignments: 30%
Midterm: 30%
Final exam: 30%
5
-
Course Description
Introduction to basic concepts in network security and their applications
Cryptography
Encryption, hash function, digital signature
Network security applications
HTTPS, Email security, wireless security
System security
Firewall, Intrusion, virus
6
-
Tentative Class Schedule
Week-1 : Introduction to Network Security
Week-2 : Sistem sandi klasik Tipe-tipe serangan keamanan jaringan
Algortima enkripsi klasik.
Week-3 : Data Encription Standard (DES) Boks permutasi, subsitusi, XOR, shift sirkular dan swap.
DES-Sederhana
DES
Week-4 : Advanced Encription Standard (AES) Unit data AES
Struktur Enkripsi/Dekripsi AES.
Transformasi AES
7
-
Tentative Class Schedule
Week-5 : Pembangkit Kunci AES Ekspansi kunci AES
Keamanan sandi AES
Contoh artikel DES dan AES
Week-6 : Mode operasi Mode operasi
Bilangan Acak
Sistem sandi stream
Sandi RC4
Week-7 : Sistem sandi kunci publik Kriptografi RSA
Algoritma pembangkit kunci RSA
Algoritma enkripsi/dekripsi RSA
8
-
Tentative Class Schedule
Week-8 : Midterm test/UTS
Week-9 : Fungsi hash Fungsi hash dan keutuhan data
Keamanan fungsi hash
Fungsi hash dengan iterasi
Week-10 : Digital Signature Keamanan digital signature
Skema-skema digital signature
Skema digital signature standar
Week-11 : Keamanan lapisan transport Secure Socket Layer (SSL)
Transport Layer Security (TLS)
HTTPS
9
-
Tentative Class Schedule
Week-12 : Keamanan jaringan wireless Keamanan WLAN IEEE 802.11i
Keamanan lapisan transport wireless
Keamanan WAP
Week-13 : Keamanan Email Pretty Good Privacy (PGP)
S/MIME
DKIM
Week-14 : Presentasi tugas kelompok
Week-15 : Presentasi tugas kelompok
Week-16 : Final test/UAS
10
-
Introduction to Network Security
Week-1, 7/2/2015
11
-
Key Security Concepts
12
-
Three Key Objectives
Confidentiality
Data confidentiality : Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
Privacy : Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
13
-
Three Key Objectives
Integrity
Data integrity : Assures that information and programs are changed only in a specified and authorized manner.
System integrity : Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Availability : Assures that systems work promptly and service is not denied to authorized users.
14
-
Examples of Security Requirements
confidentiality student grades
integrity patient information
availability authentication service
15
-
Computer Security Challenges
1. not simple 2. must consider potential attacks 3. procedures used counter-intuitive 4. having designed various security mechanisms 5. must decide where to deploy mechanisms 6. battle of wits between attacker / admin 7. not perceived on benefit until fails 8. requires regular monitoring 9. too often an after-thought 10. regarded as impediment to using system
16
-
Classifying Security Attacks
passive attacks : attempts to learn or make use of
information from the system but does not affect system resources.
active attacks attempts to alter system resources or
affect their operation.
17
-
Passive Attacks
Passive attacks do not affect system resources Eavesdropping, monitoring
Two types of passive attacks Release of message contents
Traffic analysis
Passive attacks are very difficult to detect Message transmission apparently normal
No alteration of the data
Emphasis on prevention rather than detection By means of encryption
18
-
Passive Attacks (1) Release of Message Contents
sensitive or confidential information - voip, email, file transfer, etc
prevent an opponent from
learning the contents 19
-
Passive Attacks (2) Traffic Analysis
masking the contents:
encryption
20
-
Active Attacks
Active attacks try to alter system resources or affect their operation Modification of data, or creation of false data
Four categories Masquerade Replay Modification of messages Denial of service: preventing normal use
A specific target or entire network
Difficult to prevent The goal is to detect and recover
21
-
Active Attacks (1) Masquerade
22
-
Active Attacks (2) Replay
23
-
Active Attacks (3) Modification of Messages
24
-
Active Attacks (4) Denial of Service
25
-
http://idsirtii.or.id
26
-
http://www.acad-csirt.or.id
27