1 / 137

With Harry Chan Putra. SP. MTCNA

Mengoptimalkan Keamanan Jaringan Kecil Internet Services. With Harry Chan Putra. SP. MTCNA. harrychanputra.sp@gmail.com. http://harrychanputra.web.id. Introduction. . Name : Harry Chan Putra. SP. MTCNA . Country : Indonesia --- Graduate at Agronomi 2005

keona
Download Presentation

With Harry Chan Putra. SP. MTCNA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mengoptimalkan Keamanan Jaringan Kecil Internet Services With Harry Chan Putra. SP. MTCNA harrychanputra.sp@gmail.com http://harrychanputra.web.id

  2. Introduction . Name : Harry Chan Putra. SP. MTCNA . Country : Indonesia --- Graduate at Agronomi 2005 --- Work : Engginering On Site PT. Telkom. Tbk --- Administrator ofhttp://www.harrychanputra.web.id --- Aktivis : a. Kelompok Pengguna Linux Indonesia Padang b. MinangCrew --- Advisor : -- Telkom Security Report -- Bug Report to securitytracker.com with MinangCrew --- Certificate : -- Basic and Advance Linux Training Apkomindo -- Mikrotik Fundamental With Citraweb -- Fundamental Cisco Inixindo

  3. Materi • Konsep • Konfigurasi • Security • Membangun router

  4. KONSEP

  5. Timbulnya masalah keamanan • Kerahasiaan • Integritas • Ketersediaan

  6. Pelakunya • Eksternal • Hackers & Crackers • White Hat Hackers • Scripts Kiddies • Cyber terrorists • Black Hat Hackers • Internal • Pengguna Layanan • Accidents

  7. Tipe Serangan • Denial of Services (DoS)‏ • Network flooding • Buffer overflows • Software error • Malware • Virus, worm, trojan horse • Social Engineering • Brute force

  8. Langkah rutin cracking… • Information gathering • Port scanner • Network enumeration • Gaining & keeping root / administrator access • Using access and/or information gained • Leaving backdoor • Covering his tracks

  9. Cara management proses keamanan • Support dari owner usaha • Bicara dengan Pemodal Usaha • Sewa white hat hackers ( Admin Network )‏ • Pengalaman dari kejadian yang sudah2 • Baca2 di internet masalah kemanan

  10. Bagaimanan Cara Mengamankan

  11. Membuat aturan keamanan • Komitmen dari Manajemen dan Staf • Konsep jaringan dan terapan secara teknis dan non teknis • Kontrak kerja dengan staf yang jelas

  12. KONFIGURASI

  13. Konsep Disain Jaringan

  14. Secure Network Layouts

  15. Secure Network Layouts (2)‏

  16. Secure Network Layouts (3)‏

  17. Security

  18. Mengapa ?

  19. Resiko tak terduga

  20. Aktivitas yang berlebihan

  21. Apa yang dilakuan

  22. Keamanan Secara Fisik • Amakan komputer dari penguntil hardware dan data • Monitoring with cameras • Amankan masalah pelistrikan

  23. Firewall • Packet filter • Stateful • Application proxy firewalls • Implementation: • Iptables dengan linux • Ipfw dan pf dari BSD • Antivirus + Firewall server dari windows

  24. Firewall rules

  25. Contoh Packet filter menggunakan IPTABLES linux di jaringan

  26. Contoh Packet filter menggunakan firewall filter mikrotik di jaringan Lan

  27. File & Dir permissions • Chown • Chmod • Chgrp

  28. Amankan Information gathering

  29. Bagaimana • Social Engineering • Apa username dan passwordnya ? • Electronic Social engineering: phising

  30. Menggunakan Informasi Umum • Dig • Host • whois

  31. Port scanning • Nmap • Which application running

  32. Network Mapping • Icmp • Ping • traceroute

  33. Limiting Published Information • Disable unnecessary services and closing port • netstat –nlptu • Xinetd • Opening ports on the perimeter and proxy serving • edge + personal firewall

  34. Amankan dari Rootkit, Spoofing, DoS

  35. Rootkit Bebahaya karena : • Orang bisa masuk kapan saja • Server jadi terbuka untuk serangan • Semua yang berbau kegiatan hacking dikerjakan oleh rootkit :

  36. Spoofprotect Linux untuk protek spoofing • /etc/network/options • Spoofprotect=yes • /etc/init.d/networking restart

  37. Tindakan Pengatisipasian DDOS • IDS • IPS • Honeypots • firewall

  38. Akibat DDOS

  39. Intrusion Detection Software (IDS)‏ • Examining system logs (host based)‏ • Examining network traffic (network based)‏ • A Combination of the two • Implementation: • Snort

  40. Modem ADSL IDS • Date/Time Facility Severity Message • Jan 1 04:07:23 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=122.116.17.144 DST=125.162.87.79 • LEN=40 TOS=0×00 PREC=0×00 TTL=113 ID=336 PROTO=TCP SPT=10391 DPT=1080 WINDOW=32 RES=0×00 SYN URGP=0 • Jan 1 04:17:35 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.62.229 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=2257 DF PROTO=TCP SPT=3072 DPT=139 WINDOW=64800 RES=0×00 SYN URGP=0 • Jan 1 04:25:33 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=195.5.116.234 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=114 ID=54968 PROTO=TCP SPT=48832 DPT=1080 WINDOW=65535 RES=0×00 SYN URGP=0 • Jan 1 04:36:02 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.232.145.249 DST=125.162.87.79 • LEN=52 TOS=0×00 PREC=0×00 TTL=50 ID=23868 DF PROTO=TCP SPT=12513 DPT=139 WINDOW=60352 RES=0×00 SYN URGP=0 • Jan 1 04:46:22 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.58.133.210 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=111 ID=21235 DF PROTO=TCP SPT=2084 DPT=1433 WINDOW=65535 RES=0×00 SYN URGP=0 • Jan 1 04:55:22 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.100.157 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=125 ID=50280 DF PROTO=TCP SPT=2456 DPT=445 WINDOW=64800 RES=0×00 SYN URGP=0 • Jan 1 05:05:26 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.58.77 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=46298 DF PROTO=TCP SPT=1545 DPT=135 WINDOW=64800 RES=0×00 SYN URGP=0 • Jan 1 05:16:50 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.58.104 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=21198 DF PROTO=TCP SPT=3555 DPT=135 WINDOW=64800 RES=0×00 SYN URGP=0 • Jan 1 05:28:43 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.62.51 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=126 ID=11916 DF PROTO=TCP SPT=2536 DPT=135 WINDOW=16384 RES=0×00 SYN URGP=0 • Jan 1 05:36:32 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.92.191 DST=125.162.87.79 • LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=61656 DF PROTO=TCP SPT=3036 DPT=445 WINDOW=64800 RES=0×00 SYN URGP=0 • Jan 1 05:47:49 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=195.5.116.234 DST=125.162.87.79

  41. Mikrotik IDS

  42. Intrusion Preventions Software (IPS)‏ • Upgrade application • Active reaction (IDS = passive)‏ • Implementation: • Portsentry • hostsentry

  43. Honeypots (http://www.honeynet.org)‏

  44. Amankan dari Malware

  45. Malware • Virus • Worm • Trojan horse • Spyware • On email server : • Spamassassin, ClamAV, Amavis • On Proxy server • Content filter using squidguard

  46. Monitoring network

  47. Firewall Check

  48. Tips mengantisipasi masalah viruses & worms: • Tidak membuka attachment e-mail yang diragukan isinya, dikirimkan oleh pihak yang tidak dikenal, atau tidak mengharapkan mendapatkan e-mail tersebut • Menghapus “junk mails” (SPAM), kecuali Anda memang mengharapkannya • Tidak mendownload file dari orang yang tidak Anda kenal • Selalu meng-update anti-virus dan gunakan antivirus network untuk komputer yang terhubung kejaringan • Melakukan backup & restore secara berkala terhadap data penting yang Anda miliki • Jangan pernah membuka web site yang tidak penting • Gunakan deepfrezee dan deepfree semua partisi dan gunakan passwordnya lebih dari 6 karakter

More Related