Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security: Pentingnya Keamanan Komputer

Published byShinta Gunawan Modified over 7 years ago

Similar presentations

Presentation on theme: "Network Security: Pentingnya Keamanan Komputer"— Presentation transcript:

1 Network Security: Pentingnya Keamanan Komputer
Source from :Computer Network Research Group ITB

2 Perspective ... less then 200 security incident in 1989.
about 400 in 1989. about 1400 in 1993. estimated more than 2241 in 1994. Nobody knows the correct statistics on how many attacks are actually detected by the sites broken into.

3 Survey Dan Farmer (Dec96)
1700 web sites: 60% vurnelable. 9-24%terancam jika satu bug dari service daemon (ftpd, httpd / sendmail) ditemukan. Serangan pada % sites di netralisir menggunakan denial-of-service

4 Statistik Serangan

5 Resiko Serangan

6 Sumber Serangan

7 Aktifitas Serangan

8 Serangan di Internet Approx hosts are connected to Internet (end1996) US DoD serangan / tahun. Serangan pada Rome Laboratory.

9 Network Security usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’

10 Layout Firewall

11 What are you trying to protect?
Your Data. Your Resources. Your Reputation.

12 What Are You Trying To Protect Against?
Type of attacks Intrusion. Denial of Service. Information Theft.

13 Type of Attackers Joyriders. Vandals. Score Keepers.
Spies (Industrial & Otherwise). Stupidity & Accidents.

14 Security Policy ‘satu keputusan yang menentukan batasan-batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’

15 Objectives Secrecy Data Integrity Availability

16 Step Security Policy Apa yang boleh / tidak boleh.
Prediksi resiko & biaya (start dengan bug). Tentukan objek yang di lindungi. Tentukan bentuk ancaman & serangan: unauthorized access. Disclosure information. Denial of service.

17 Step ... Perhatikan kelemahan system: Optimasi Cost / Performance.
authentication. Password sharing. Penggunaan password yang mudah di tebak. Software bug. Optimasi Cost / Performance.

18 Manusia ... Tanggung Jawab. Komitmen.

19 Design Security Policy
Kerahasiaan (Secrecy) Integritas Data Availability Konsistensi Kontrol Identifikasi & Authentikasi Monitoring & Logging

20 Prinsip ... Hak minimum Kurangi jumlah komponen

21 How Can You Protect Your Site
No Security. Security Through Obscurity. Host Security. Network Security. No Security Model Can Do It All.

22 What Can A Firewall Do? A firewall is a focus for security decisions.
A firewall can enforce security policy. A firewall can log Internet activity efficiently. A firewall limits your exposure.

23 What Can’t A Firewall Do?
A firewall can’t protect you against malicious insiders. A firewall can’t protect you against connections that don’t go through it. A firewall can’t protect against completely new threats. A firewall can’t protect against viruses.

24 List of A Must Secure Internet Services
Electronic mail (SMTP). File Transfer (FTP). Usenet News (NNTP). Remote Terminal Access (Telnet). World Wide Web Access (HTTP). Hostname / Address lookup (DNS).

25 Security Strategies. Least Privilege.
Defense in Depth (multiple security mechanism). Choke Point forces attackers to use a narrow channel. Weakest Link. Fail-Safe Stance. Diversity of Defense. Simplicity.

26 Building Firewalls

27 Some Firewall Definitions
A component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. Host A computer system attached to a network.

28 Firewall Def’s Cont’ .. Bastion Host Dual-homed host
A computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. Dual-homed host A general-purpose computer system that has at least two network interfaces (or homes).

29 Firewall Def’s Cont ... Packet. Packet filtering. Perimeter network.
The fundamental unit of communication on the Internet. Packet filtering. The action a device takes to selectively control the flow of data to and from a network. Perimeter network. a network added between a protected network and external network, to provide additional layer of security.

30 Firewall Def’s Cont ... Proxy Server
A program that deals with external servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.

31 Packet Filtering

32 Proxy Services

33 Screened Host Architecture

34 De-Militarized Zone Architecture

35 DMZ With Two Bastion Hosts

36 It’s OK Merge Interior & Exterior Router
Merge Bastion Host & Exterior Router Use Mutiple Exterior Router Have Multiple Perimeter Network Use Dual -Homed Hosts & Screened Subnets

37 It’s Dangerous Use Multiple Interior Router
Merge Bastion Host and Interior Router

38 Private IP Address Use within Internal Network Reference RFC 1597
IP address alocation: Class A: 10.x.x.x Class B: x.x x.x Class C: x x

39 Bastion Host It is our presence in Internet. Keep it simple.
Be prepared for the bastion host to be compromised.

40 Special Kinds of Bastion Hosts
Nonrouting Dual-Homed Hosts. Victim Machine. Internal Bastion Hosts.

41 Choosing A Bastion Host
What Operating System? Unix How Fast a Machine? 386-based UNIX. MicroVAX II Sun-3

42 Proxy Systems Why Proxying?
Proxy systems deal with the insecurity problems by avoiding user logins on the dual-homed host and by forcing connections through controlled software. It’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.

43 Proxy - Reality & Illusion

44 Advantages of Proxying
Proxy services allow users to access Internet services “directly” Proxy services are good at logging.

45 Disadvantages of Proxying
Proxy services lag behind non-proxied services. Proxy services may require different servers for each service. Proxy services usually require modifications to clients, procedures, or both. Proxy services aren’t workable for some services. Proxy services don’t protect you from all protocol weaknesses.

46 Proxying without a Proxy Server
Store-and-Forward services naturally support proxying. Examples: (SMTP). News (NNTP). Time (NTP).

47 Internet Resources on Security Issues

48 WWW Pages http://www.telstra.com.au/info/security.html

49 Mailing Lists firewalls@greatcircle.com fwall-users@tis.com
ftp://ftp.greatcircle.com/pub/firewalls/ ftp://net.tamu.edu/pub/security/lists/academic-firewalls

50 Newsgroups comp.security.announce. comp.security.unix.
comp.security.misc. comp.security.firewalls. alt.security. comp.admin.policy. comp.protocols.tcp-ip. comp.unix.admin. comp.unix.wizards

51 Summary In these dangerous times, firewalls are the best way to keep your site secure. Although you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.

Download ppt "Network Security: Pentingnya Keamanan Komputer"

Similar presentations

Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB.

Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB.
Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, 2006. 2.Robert Zalenski, Firewall Technologies,

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Survey of Information Assurance FIREWALLS. The term firewall originally meant a wall to confine a fire or potential fire within a building. Later uses.

Survey of Information Assurance FIREWALLS. The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Firewall Configuration Strategies

Firewall Configuration Strategies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google