1 / 40

Tutun Juhana Telecommunication engineering School of electrical engineering & informatics

ET4085/ET5085 Keamanan Jaringan Telekomunikasi ET4085/ET5085 Telecommunication Network Security . Tutun Juhana Telecommunication engineering School of electrical engineering & informatics Institut teknologi bandung. Security Principles.

lorne
Download Presentation

Tutun Juhana Telecommunication engineering School of electrical engineering & informatics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ET4085/ET5085 KeamananJaringan TelekomunikasiET4085/ET5085 Telecommunication Network Security Tutun Juhana Telecommunication engineering School of electrical engineering & informatics Institut teknologi bandung

  2. Security Principles http://wp.me/P29YQz-k

  3. Security is the sum of all measures taken to prevent loss of any kind • Loss can occur because of : • user error • defects in code • malicious acts • hardware failure, and • acts of nature http://www.clipartof.com http://wp.me/P29YQz-k

  4. User Errors • Deleting file(s) unintentionally • Shared folderswithout password • Using weak passwords Username: tutun Password: tutun • Etc. http://wp.me/P29YQz-k

  5. Code Flaws http://wp.me/P29YQz-k

  6. Spyware www.comphandyman.com Virus Carding SIM Cloning Malicious Acts http://wp.me/P29YQz-k

  7. Hardware failure Denial of Service (DoS) http://wp.me/P29YQz-k

  8. Acts of nature Denial of Service (DoS) http://wp.me/P29YQz-k

  9. Security is the antithesis of convenience The more securesomething is, the lessconvenient it is http://wp.me/P29YQz-k

  10. Why Computers Aren’t Secure http://wp.me/P29YQz-k

  11. Administrators often fail to implement security features in operating systems because doing so causes problems for users Users also circumvent security choosing easy-to-use (easy-to-guess) passwords never changing passwords disclosing those passwords to co-workers, or sharing user accounts. Vendors ship software so that it will install in the most feature-filled configuration with its security features disabled so that unskilled users won’t run into roadblocks and don’t have to understand and configure it correctly before they use it The vast majority of installations are never properly secured. Security is an annoyance http://wp.me/P29YQz-k

  12. Features are rushed to market • Vendors concentrate their efforts on adding features that make their software more useful, with little thought to security • A perfect example of this is the addition of scripting language support to Microsoft Outlook and Outlook Express. • Spreading e-mail viruses http://wp.me/P29YQz-k

  13. Vendors who spend time on security are eclipsed by the competition Customers don’t truly value security. If they did, they would use older, well-tested, security-proven software that doesn’t have all the bells and whistles of the latest versions. Companies like Microsoft that retrofitted their existing products to work on the Internet decimated their competition. Had they waited to do it securely, they would have been beaten to market by someone who didn’t. The end result? The least-secure products always get to market first and become standards. http://wp.me/P29YQz-k

  14. Moore’s law : computer hardwarewill double in power every two years Computers and softwareevolve very quickly Protocols that were not developed to be secure were adapted to purposes that they were never intended for and then grew in popularity to a far wider audience than the original creators could have imagined http://wp.me/P29YQz-k

  15. Programmers can’t accurately predict flaws The programmers who createda project could never come up with the complete set of attacks that themillion hackers who attempt to exploit it will http://wp.me/P29YQz-k

  16. There is little diversity in the software market OSes Apps IIS Narrowing hackers targets http://wp.me/P29YQz-k

  17. Vendors are not motivated to reveal potential flaws They hide their product’s problem It discourage discussion of their flaws http://wp.me/P29YQz-k

  18. Patches are not widely deployed and can cause problems when they areinstalled Not everyone gets thenotice or installs the patch In fact, the majority of users never install securitypatches for software unless they actually get hacked http://wp.me/P29YQz-k

  19. Key Principles of Network Security http://wp.me/P29YQz-k

  20. (C-I-A) confidentiality, integrity, and availability Depending upon the application and context, one of these principles might be more important than the others. http://wp.me/P29YQz-k

  21. Confidentiality • Confidentiality is concerned with preventing the unauthorized disclosure of sensitive information. • Confidentiality involves the protection of data • providing access for those who are allowed to see it, while • disallowing others from learning anything about its content • The disclosure could be intentional • breaking a cipher • reading the information, etc. • or it could be unintentional • carelessness or incompetence of individuals handling the information. http://wp.me/P29YQz-k

  22. Tools for Confidentiality • Encryption • Access Control • rules and policies that limit access to confidential information to those people and/or systems with a “need to know.” • Authentication • the determination of the identity or role that someone has. • Authorization • the determination if a person or system is allowed access to resources, based on an access control policy • Physical Security http://wp.me/P29YQz-k

  23. Integrity • Integrity: the property that information has not be altered in an unauthorized way • The goals of integrity: • Prevention of the modification of information by unauthorized users • Prevention of the unauthorized or unintentional modification of information by authorized users http://wp.me/P29YQz-k

  24. Tools for integrity • Backups: the periodic archiving of data. • Checksums: the computation of a function that maps the contents of a file to a numerical value. • A checksum function depends on the entire contents of a file and is designed in a way that even a small change to the input file (such as flipping a single bit) is highly likely to result in a different output value. • Data correcting codes: methods for storing data in such a way that small changes can be easily detected and automatically corrected. http://wp.me/P29YQz-k

  25. Availability • Availability: the property that information is accessible and modifiable in a timely fashion by those authorized to do so. • Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network. • Tools: • Physical protections: infrastructure meant to keep information available even in the event of physical challenges. • Computational redundancies: computers and storage devices that serve as fallbacks in the case of failures. http://wp.me/P29YQz-k

  26. Threats and Attacks http://wp.me/P29YQz-k

  27. Eavesdropping: the interception of information intended for someone else during its transmission over a communication channel. Trudy http://wp.me/P29YQz-k

  28. Alteration: unauthorized modification of information. • Example: the man-in-the-middle attack, where a network stream is intercepted, modified, and retransmitted. http://wp.me/P29YQz-k

  29. Denial-of-service: the interruption or degradation of a data service or information access. • Example: email spam, to the degree that it is meant to simply fill up a mail queue and slow down an email server. http://wp.me/P29YQz-k

  30. Masquerading: the fabrication of information that is purported to be from someone who is not actually the author (really is from Trudy) http://wp.me/P29YQz-k

  31. Correlation and traceback: the integration of multiple data sources and information flows to determine the source of a particular data stream or piece of information. http://wp.me/P29YQz-k

  32. Repudiation: the denial of a commitment or data receipt. • This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received. http://wp.me/P29YQz-k

  33. Understanding Hacking http://wp.me/P29YQz-k

  34. What Is Hacking? Hacking is the attempt to gain access to a computer system without authorization. Originally, the term hacker simply referred to an adept computer user, and gurus still use the term to refer to themselves in that original sense. But when breaking into computer systems (technically known as cracking) became popular, the media used the hacker to refer only to computer criminals, thus popularizing only the negative connotation. http://wp.me/P29YQz-k

  35. Types of Hackers • There are only two serious types of hackers • the underemployed and • those hackers being paid by someone to hack. • Hackers fall quite specifically into these categories, in order of increasing threat: • Security experts • Script kiddies • Underemployed adults • Ideological hackers • Criminal hackers • Corporate spies • Disgruntled employees http://wp.me/P29YQz-k

  36. Phreak Phreaks are hackers with an interest in telephones and telephone systems Phreak is short for phone phreak http://wp.me/P29YQz-k

  37. Vectors That Hackers Exploit Connecting over the Internet By dialing in via a Remote Access Service (RAS) server By connecting via a nonsecure wireless network http://wp.me/P29YQz-k By using a computer on your network directly

  38. Black or White? http://wp.me/P29YQz-k

  39. Kevin Mitnick was "America's Most Wanted Computer Outlaw“ served five years in prison (four years of it pre-trial), 8 months of that in solitary confinement, and was released on January 21, 2000 He says: the solitary confinement was very difficult. Now founder of Mitnick Security Consulting, a security firm that offers corporations and agencies, services to better protect themselves against intrusions and attackers. http://wp.me/P29YQz-k

  40. Kristina Svechinskaya If convicted, she could be imprisoned for up to 40 years http://wp.me/P29YQz-k

More Related