Network Security: Pentingnya Keamanan Komputer

Slides:



Advertisements
Similar presentations
Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB.
Advertisements

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Survey of Information Assurance FIREWALLS. The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses.
Security Firewall Firewall design principle. Firewall Characteristics.
Firewall Configuration Strategies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.
Internet and Intranet Fundamentals Class 8 Session A.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Internet and Intranet Fundamentals Class 9 Session A.
Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Module 11: Designing Security for Network Perimeters.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security fundamentals Topic 10 Securing the network perimeter.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
1 An Introduction to Internet Firewalls Dr. Rocky K. C. Chang 12 April 2007.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
CONNECTING TO THE INTERNET
Firewall.
Chapter3 Security Strategies.
Secure Software Confidentiality Integrity Data Security Authentication
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Welcome To : Group 1 VC Presentation
CompTIA Security+ Study Guide (SY0-401)
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Firewalls.
Overview Jaringan Komputer
Firewalls Purpose of a Firewall Characteristic of a firewall
FIREWALL By Abhishar Baloni I.D
Lecture 6: TCP/IP Networking 1nd semester By: Adal ALashban.
Firewalls Jiang Long Spring 2002.
دیواره ی آتش.
How to Mitigate the Consequences What are the Countermeasures?
Lecture 3: Secure Network Architecture
Introduction to Network Security
Computer Networks Protocols
Implementing Firewalls
Presentation transcript:

Network Security: Pentingnya Keamanan Komputer Source from :Computer Network Research Group ITB

Perspective ... less then 200 security incident in 1989. about 400 in 1989. about 1400 in 1993. estimated more than 2241 in 1994. Nobody knows the correct statistics on how many attacks are actually detected by the sites broken into.

Survey Dan Farmer (Dec96) 1700 web sites: 60% vurnelable. 9-24%terancam jika satu bug dari service daemon (ftpd, httpd / sendmail) ditemukan. Serangan pada 10-20 % sites di netralisir menggunakan denial-of-service

Statistik Serangan

Resiko Serangan

Sumber Serangan

Aktifitas Serangan

Serangan di Internet Approx. 19.540.000 hosts are connected to Internet (end1996) US DoD 250.000 serangan / tahun. Serangan pada Rome Laboratory.

Network Security usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’

Layout Firewall

What are you trying to protect? Your Data. Your Resources. Your Reputation.

What Are You Trying To Protect Against? Type of attacks Intrusion. Denial of Service. Information Theft.

Type of Attackers Joyriders. Vandals. Score Keepers. Spies (Industrial & Otherwise). Stupidity & Accidents.

Security Policy ‘satu keputusan yang menentukan batasan-batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’

Objectives Secrecy Data Integrity Availability

Step Security Policy Apa yang boleh / tidak boleh. Prediksi resiko & biaya (start dengan bug). Tentukan objek yang di lindungi. Tentukan bentuk ancaman & serangan: unauthorized access. Disclosure information. Denial of service.

Step ... Perhatikan kelemahan system: Optimasi Cost / Performance. authentication. Password sharing. Penggunaan password yang mudah di tebak. Software bug. Optimasi Cost / Performance.

Manusia ... Tanggung Jawab. Komitmen.

Design Security Policy Kerahasiaan (Secrecy) Integritas Data Availability Konsistensi Kontrol Identifikasi & Authentikasi Monitoring & Logging

Prinsip ... Hak minimum Kurangi jumlah komponen

How Can You Protect Your Site No Security. Security Through Obscurity. Host Security. Network Security. No Security Model Can Do It All.

What Can A Firewall Do? A firewall is a focus for security decisions. A firewall can enforce security policy. A firewall can log Internet activity efficiently. A firewall limits your exposure.

What Can’t A Firewall Do? A firewall can’t protect you against malicious insiders. A firewall can’t protect you against connections that don’t go through it. A firewall can’t protect against completely new threats. A firewall can’t protect against viruses.

List of A Must Secure Internet Services Electronic mail (SMTP). File Transfer (FTP). Usenet News (NNTP). Remote Terminal Access (Telnet). World Wide Web Access (HTTP). Hostname / Address lookup (DNS).

Security Strategies. Least Privilege. Defense in Depth (multiple security mechanism). Choke Point forces attackers to use a narrow channel. Weakest Link. Fail-Safe Stance. Diversity of Defense. Simplicity.

Building Firewalls

Some Firewall Definitions A component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. Host A computer system attached to a network.

Firewall Def’s Cont’ .. Bastion Host Dual-homed host A computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. Dual-homed host A general-purpose computer system that has at least two network interfaces (or homes).

Firewall Def’s Cont ... Packet. Packet filtering. Perimeter network. The fundamental unit of communication on the Internet. Packet filtering. The action a device takes to selectively control the flow of data to and from a network. Perimeter network. a network added between a protected network and external network, to provide additional layer of security.

Firewall Def’s Cont ... Proxy Server A program that deals with external servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.

Packet Filtering

Proxy Services

Screened Host Architecture

De-Militarized Zone Architecture

DMZ With Two Bastion Hosts

It’s OK Merge Interior & Exterior Router Merge Bastion Host & Exterior Router Use Mutiple Exterior Router Have Multiple Perimeter Network Use Dual -Homed Hosts & Screened Subnets

It’s Dangerous Use Multiple Interior Router Merge Bastion Host and Interior Router

Private IP Address Use within Internal Network Reference RFC 1597 IP address alocation: Class A: 10.x.x.x Class B: 172.16.x.x - 172.31.x.x Class C: 192.168.0.x - 192.168.255.x

Bastion Host It is our presence in Internet. Keep it simple. Be prepared for the bastion host to be compromised.

Special Kinds of Bastion Hosts Nonrouting Dual-Homed Hosts. Victim Machine. Internal Bastion Hosts.

Choosing A Bastion Host What Operating System? Unix How Fast a Machine? 386-based UNIX. MicroVAX II Sun-3

Proxy Systems Why Proxying? Proxy systems deal with the insecurity problems by avoiding user logins on the dual-homed host and by forcing connections through controlled software. It’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.

Proxy - Reality & Illusion

Advantages of Proxying Proxy services allow users to access Internet services “directly” Proxy services are good at logging.

Disadvantages of Proxying Proxy services lag behind non-proxied services. Proxy services may require different servers for each service. Proxy services usually require modifications to clients, procedures, or both. Proxy services aren’t workable for some services. Proxy services don’t protect you from all protocol weaknesses.

Proxying without a Proxy Server Store-and-Forward services naturally support proxying. Examples: E-mail (SMTP). News (NNTP). Time (NTP).

Internet Resources on Security Issues

WWW Pages http://www.telstra.com.au/info/security.html http://www.cs.purdue.edu/coast/coast.html

Mailing Lists firewalls@greatcircle.com fwall-users@tis.com ftp://ftp.greatcircle.com/pub/firewalls/ http://www.greatcircle.com/firewalls/ fwall-users@tis.com academic-firewalls@net.tamu.edu ftp://net.tamu.edu/pub/security/lists/academic-firewalls bugtraq@fc.net

Newsgroups comp.security.announce. comp.security.unix. comp.security.misc. comp.security.firewalls. alt.security. comp.admin.policy. comp.protocols.tcp-ip. comp.unix.admin. comp.unix.wizards

Summary In these dangerous times, firewalls are the best way to keep your site secure. Although you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.