Presentation is loading. Please wait.

Presentation is loading. Please wait.

RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Rudi Lumanto / Mochamad Wahyudi Computer Networking & Security Program Pascasarjana Magister Ilmu Komputer.

Similar presentations


Presentation on theme: "RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Rudi Lumanto / Mochamad Wahyudi Computer Networking & Security Program Pascasarjana Magister Ilmu Komputer."— Presentation transcript:

1 RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Rudi Lumanto / Mochamad Wahyudi Computer Networking & Security Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

2 RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Computer Networking & Security STMIK Nusa Mandiri Operating System Security Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

3 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Outline F OS Structure (Linux, Windows, MAC) F Password F Access Control F Data Redudancy (Information Availibility) F Usefull Tools Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

4 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 A chain is only as strong as its weakest link Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

5 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 OS Structure A kernel connects the application software to the hardware of a computer. It is the central component of most computer operating systems (OS)operating systems UNIX OS (1969) Ms. Windows OS (1985) MAC OS (1975) Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

6 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 F Multics project in a joint effort of Bell Labs, MIT and GE to develop a general computer operating system. F 1969 AT&T Bell Laboratory by Ken Thompson F 1973 recoded in C(UNIX Kernel) by Dennis Ritchie and Ken Thompson F 1978 BSD by Bill Joy(UCB) F 1983 System V 4.2BSD released F 1988 BSD Networking release 1 F 1989 System V release 4 (SVR4) ◆ History of UNIX Bill Joy Designer of berkeley version of UNIX, BSD=Berkeley Software Distribution Creator of vi editor. “edison of the internet” Denis Ritchie Harvard univ create C language Ken Thompson UC of Berkeley Create B lang. Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

7 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 System III(1982) System V(1983) SVR2(1984) SVR3(1987) SVR4(1989) SVR4.2(1992) SVR4.2MP(1993) UNIX95 UNIX98 BSD 4.2BSD(1984) 4.3BSD(1986) 4.4BSD(1993) 4.4BSD-Lite 386BSD Free BSD Net BSD Open BSD UNIX(1969) V1(1971) V7(1979) SunOS Solaris2 Solaris7 SYSTEM V BSD Linux(1991) ◆ History of Unix Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

8 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 ◆ History of Linux F 1984, The concept of open source, --its roots stem from GNU. Mr. Richard Stallman a researcher at MIT started project called GNU, to develop a complete Unix like OS which is free software. (GNU is a recursive acronym for "GNU's Not Unix"; it is pronounced "guh-NEW".) F 1987, Prof. Andrew S Tanenbaum invents Minix, an open source OS that’s a clone of Unix F 1991, Linus Torvalds, 21 year old students at university of Helsinki, began develop a Linux. Richard Stallman Linus torvalds Andrew S Tanenbaum, BSc-MIT, PhD-UC Barkeley principal designer of three operating systems: TSS-11, Amoeba, and MINIX. TSS-11 was an early system for the PDP-11. Amoeba is a distributed operating systems for SUN, VAX, and similar workstation computers. MINIX is a system for the IBM PC, Atari, Macintosh, Amiga, and SPARC, providing a system as simple as real UNIX (i.e. Version 7) for educational use. Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

9 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 ◆ Unix/Linux Configuration The UNIX system is functionally organized at three levels: The kernel, which schedules tasks and manages storage; The shell, which connects and interprets users' commands, calls programs from memory, and executes them; and The tools and applications that offer additional functionality to the operating system Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

10 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Kernel Shell ◆ Shells and Kernel KERNEL : The heart of the operating system, the kernel controls the hardware and turns part of the system on and off at the programer's command. SHELL: Intermediater between the user and the operating system kernel. It also called a command interpreter or Command Analyzer. There are several type of shell Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

11 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Power onPower off Session login logout ◆ Starting and Terminating Linux Login: Process of initiating a Linux operating system session Logout: Process of terminating a Linux operating system session Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

12 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Windows OS Structure : Simplified System support processes Service processes User applications Environment subsystems Subsystem DLLs Executive KernelDevice drivers Hardware Abstraction Layer (HAL) Windowing and graphics User Mode Kernel Mode Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest inMS-DOS graphical user interfacesgraphical user interfaces (GUIs) Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

13 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Software Management Operating System Functions Hardware Management Memory Management Data Management Operating System Microsoft ® Windows ® Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

14 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Features of Windows ServerMultitasking Memory Support SMP Scalability Plug and Play Clustering File Systems NTFSQoS Remote Installation Services Multitasking Memory Support SMP Scalability Plug and Play Clustering File SystemsQoS Terminal Services Multitasking Memory Support SMP Scalability Plug and Play Clustering File Systems NTFS Terminal Services QoS Operating System Microsoft ® Windows ® Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

15 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Roles of Computers in a Network Mail Server Database Server Database Fax Server File and Print Server Directory Services Server Client Computer File and Print Server Database Server Mail Server Fax Server Mail Server Database Server Database Fax Server File and Print Server Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

16 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Kernel - Mode Components : Core OS F Executive – Base operating system services, – Memory management, process and thread management, –Security, I/O, interprocess communication. F Kernel –Low-level operating system functions, –Thread scheduling, interrupt and exception dispatching, –Multiprocessor synchronization. –Provides a set of routines and basic objects that the rest of the executive uses to implement higher-level constructs. F Both contained in file Ntoskrnl.exe Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

17 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 F Device drivers (*.sys) –Hardware device drivers translate user I/O function calls into specific hardware device I/O requests –virtual devices - system volumes and network protocols F Windowing and Graphics Driver (Win32k.sys) –Graphical user interface (GUI) functions (USER and GDI) –windows, user interface controls, and drawing F Hardware Abstraction Layer (Hal.dll) –Isolates the kernel, device drivers, and executive from hardware –Hides platform-specific hardware differences (motherboards) Kernel - Mode Components : Drivers Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

18 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Key to a defense in depth of OS F Monitoring login, failed login and all network activity UNIX OS : - sulog : Record failed attempts and switch to another user with su command - wtmp log : Record information for every account that logs in and out of a system, and also the time and duration of a system WINDOWS OS (Event Viewer ) - System log - Application log - Security log Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

19 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Password Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

20 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 The first measure of a system’s security is how effective it is in Authenticating and Identifying. Password are used by most system as the first and usually only means of identification and authentication. System Password Attacks type : - Brute Force - Dictionary Based - Password Sniffing - Social Engineering Three Basic Schemes for Identification & authentication : 1.Something you know, example : Password, PIN 2.Something you have, example : ID card, Security Token, Cell Phone 3.Something you are, example : Fingerprint, Signature Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

21 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 F Breach systems by trying every possible combination of letter and number till a match is found that provides access to the system F Take a long time and full of memory because of exhaustive trial and error Brute Force Attack Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

22 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 How to Prevent Brute Force Attack 1) Restricting the amount of login attempts that a user can perform 2) Banning a users IP after multiple failed login attempts 3) Keep a close eye on your log files for suspicious login attempts Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

23 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Dictionary Based Attack F Utilize a program that compare the encrypted password in the password file to encrypted words in a dictionary file  Try different passwords from a list  Succeeds only with poor password  Very fast Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

24 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Preventing Dictionary Attack F Use SALT. SALT in cryptography is random stuff you add to plaintext before encrypting. Now in the password file we store: username, rrrr, h (password + rrrr). Here rrrr is the salt. Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

25 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Password Sniffing F Monitoring the network packets to obtain passwords or IP Address Target machine Target machine Target machine Network Hub Sniffer machine Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

26 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007

27 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 F Use a network switch instead of network hubs F Employ VPN (Virtual Private Network) F Use an encryption program like SSH (Secure Shell) F Use one time passwords (OTP) Password Sniffing Countermeasuse Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

28 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Social Engineering F Countermeasure –Modifying people’s behavior by training and education Most people are trusting by nature and are not on-guard for this type of maneuver. It is not amazing how easy it is to get someone to divulge a password over the telephone Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

29 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Good Password Guideline F At least 8 alphanumeric and special symbol characters in length. Avoid all number and all letters F The maximum number of times any single character can be repeated in a password should be restricted to three F Avoid using personal data such as birthday, telephone number, numberplate F System controls should be configured to limit a time of a password (ex.36 week) and also cannot re-use old password unless after 8 to 10 new password be used F Should be selected by the end user and easy to remember Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

30 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Comparative Analysis for Password Breaking (Assumption : Software can calculate Words/Sec) Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

31 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Access Control Once the user is logged into the system, the user is given authorization to access system resources, such as files. The authorization can be thought of as access privileges. The discretionary privileges can be defined by an Access Control List (ACL) ACL is the mechanism that restricts or grants access to a system’s resources (Example : Read, Write or Delete Access ) An organization should use some method that controls employee access to Its systems and networks, The Concepts of Permission Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

32 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Permissions Most computers and NOS employ the concept of permissions for Controlling access. Most system at least have 3-4 level of permissions 1.Read 2.Write 3.Execute 4.Delete And have 3 user level : 1.Owner 2.Group 3.Public or Everybody Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

33 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Some Operating System use more than 4 level of access permissions. Novel, for instance, uses 8 different levels Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

34 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Group A Group B Owner Others Group A B C D E ◆ Unix Access Controlling Three types of users Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

35 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Permits the user to read the file. Permits the user to write the file. Permits the user to execute the file. Disable the r w x permissions. rwx-rwx- For File For Directory Permits the user to search for files/directory in the directory. Permits the user to create/delete the file. Permits the user to search the directory. Disable the r w x permissions. rwx-rwx- ◆ Unix OS File Access : Types of protections Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

36 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Owner rwx rwx rwx Format of the protection mode GroupOthers Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

37 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

38 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

39 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Data Redundancy F One of the best way to ensure availability is data redundancy. Availabilty means not only the data be accessible but it must also be timely and accurate. Data Redundancy can be achieved in different ways. Each Method provides a varying degree of redundancy and backup. - Disk Mirroring - RAID (Redundancy Array of Independent Disks) - Data Streaming - Hot Backup Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

40 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Disk Mirroring F The process of duplicating data from one hard disk to another hard disk F Provides two sets of identical files on separate disks Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

41 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 RAID F A category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers but aren't generally necessary for personal computers.disk drivesfault toleranceserverspersonal computers Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

42 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Streaming F A technique for transferring data such that it can be processed as a steady and continuous stream. F It is the process of writing transaction to another media at the same time the transaction update the data files. One common implementation is to write the transaction to tape. F Streaming process creates a lot of overhead in terms of CPU and I/O on a system Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

43 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Hot Backup F A Technique used to provide for the ongoing operation of a LAN should a file server fail. In this technique, two file servers operate in tandem. Data is duplicated on the hard disks of the two servers. This is like disk mirroring but across two servers instead of one server. Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

44 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 Useful Tools F Useful tools available in tightening Operating System security : –COPS (Computer Oracle and Password System) –SATAN (Security Administrator’s Tool for Analyzing Network) –SAINT (Security Administrators Integrated Network Tool) –TITAN –TIGER –TCPWrapper –Tripwire Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

45 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 COPS, SATAN & SAINT Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

46 RUDI LUMANTOUNIVERSITAS BUDILUHUR, Semester 2 / 2007 TITAN, TIGER & TCPWrapper Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri

47 RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Rudi Lumanto / Mochamad Wahyudi Computer Networking & Security Program Pascasarjana Magister Ilmu Komputer STMIK Nusa Mandiri


Download ppt "RUDI LUMANTOUNIVERSITAS BUDILUHUR Semester 2 / 2007 Rudi Lumanto / Mochamad Wahyudi Computer Networking & Security Program Pascasarjana Magister Ilmu Komputer."

Similar presentations


Ads by Google