Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB.

Published byMarkus Weathersby Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB."— Presentation transcript:

1 Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB

2 Perspective... zless then 200 security incident in 1989. zabout 400 in 1989. zabout 1400 in 1993. zestimated more than 2241 in 1994. zNobody knows the correct statistics on how many attacks are actually detected by the sites broken into.

3 Survey Dan Farmer (Dec96) z1700 web sites: y60% vurnelable. y9-24%terancam jika satu bug dari service daemon (ftpd, httpd / sendmail) ditemukan. ySerangan pada 10-20 % sites di netralisir menggunakan denial-of-service

4 Statistik Serangan

5 Resiko Serangan

6 Sumber Serangan

7 Aktifitas Serangan

8 Serangan di Internet zApprox. 19.540.000 hosts are connected to Internet (end1996) zUS DoD 250.000 serangan / tahun. zSerangan pada Rome Laboratory.

9 Network Security usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’

10 Layout Firewall

11 What are you trying to protect? zYour Data. zYour Resources. zYour Reputation.

12 What Are You Trying To Protect Against? zType of attacks zIntrusion. zDenial of Service. zInformation Theft.

13 Type of Attackers zJoyriders. zVandals. zScore Keepers. zSpies (Industrial & Otherwise). zStupidity & Accidents.

14 Security Policy ‘satu keputusan yang menentukan batasan- batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’

15 Objectives zSecrecy zData Integrity zAvailability

16 Step Security Policy zApa yang boleh / tidak boleh. zPrediksi resiko & biaya (start dengan bug). zTentukan objek yang di lindungi. zTentukan bentuk ancaman & serangan: yunauthorized access. yDisclosure information. yDenial of service.

17 Step... zPerhatikan kelemahan system: yauthentication. yPassword sharing. yPenggunaan password yang mudah di tebak. ySoftware bug. zOptimasi Cost / Performance.

18 Manusia... zTanggung Jawab. zKomitmen.

19 Design Security Policy zKerahasiaan (Secrecy) zIntegritas Data zAvailability zKonsistensi zKontrol Identifikasi & Authentikasi zMonitoring & Logging

20 Prinsip... zHak minimum zKurangi jumlah komponen

21 How Can You Protect Your Site zNo Security. zSecurity Through Obscurity. zHost Security. zNetwork Security. zNo Security Model Can Do It All.

22 What Can A Firewall Do? zA firewall is a focus for security decisions. zA firewall can enforce security policy. zA firewall can log Internet activity efficiently. zA firewall limits your exposure.

23 What Can’t A Firewall Do? zA firewall can’t protect you against malicious insiders. zA firewall can’t protect you against connections that don’t go through it. zA firewall can’t protect against completely new threats. zA firewall can’t protect against viruses.

24 List of A Must Secure Internet Services zElectronic mail (SMTP). zFile Transfer (FTP). zUsenet News (NNTP). zRemote Terminal Access (Telnet). zWorld Wide Web Access (HTTP). zHostname / Address lookup (DNS).

25 Security Strategies. zLeast Privilege. zDefense in Depth (multiple security mechanism). zChoke Point forces attackers to use a narrow channel. zWeakest Link. zFail-Safe Stance. zDiversity of Defense. zSimplicity.

26 Building Firewalls

27 Some Firewall Definitions zFirewall yA component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. zHost yA computer system attached to a network.

28 Firewall Def’s Cont’.. zBastion Host yA computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. zDual-homed host yA general-purpose computer system that has at least two network interfaces (or homes).

29 Firewall Def’s Cont... zPacket. yThe fundamental unit of communication on the Internet. zPacket filtering. yThe action a device takes to selectively control the flow of data to and from a network. zPerimeter network. ya network added between a protected network and external network, to provide additional layer of security.

30 Firewall Def’s Cont... zProxy Server yA program that deals with external servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.

31 Packet Filtering

32 Proxy Services

33 Screened Host Architecture

34 De-Militarized Zone Architecture

35 DMZ With Two Bastion Hosts

36 It’s OK zMerge Interior & Exterior Router zMerge Bastion Host & Exterior Router zUse Mutiple Exterior Router zHave Multiple Perimeter Network zUse Dual -Homed Hosts & Screened Subnets

37 It’s Dangerous zUse Multiple Interior Router zMerge Bastion Host and Interior Router

38 Private IP Address zUse within Internal Network zReference RFC 1597 zIP address alocation: yClass A:10.x.x.x yClass B:172.16.x.x- 172.31.x.x yClass C:192.168.0.x- 192.168.255.x

39 Bastion Host zIt is our presence in Internet. zKeep it simple. zBe prepared for the bastion host to be compromised.

40 Special Kinds of Bastion Hosts zNonrouting Dual-Homed Hosts. zVictim Machine. zInternal Bastion Hosts.

41 Choosing A Bastion Host zWhat Operating System? yUnix zHow Fast a Machine? y386-based UNIX. yMicroVAX II ySun-3

42 Proxy Systems zWhy Proxying? yProxy systems deal with the insecurity problems by avoiding user logins on the dual- homed host and by forcing connections through controlled software. yIt’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.

43 Proxy - Reality & Illusion

44 Advantages of Proxying zProxy services allow users to access Internet services “directly” zProxy services are good at logging.

45 Disadvantages of Proxying zProxy services lag behind non-proxied services. zProxy services may require different servers for each service. zProxy services usually require modifications to clients, procedures, or both. zProxy services aren’t workable for some services. zProxy services don’t protect you from all protocol weaknesses.

46 Proxying without a Proxy Server zStore-and-Forward services naturally support proxying. zExamples: yE-mail (SMTP). yNews (NNTP). yTime (NTP).

47 Internet Resources on Security Issues

48 WWW Pages zhttp://www.telstra.com.au/info/security.h tml zhttp://www.cs.purdue.edu/coast/coast.ht ml

49 Mailing Lists zfirewalls@greatcircle.com yftp://ftp.greatcircle.com/pub/firewalls/ yhttp://www.greatcircle.com/firewalls/ zfwall-users@tis.com zacademic-firewalls@net.tamu.edu yftp://net.tamu.edu/pub/security/lists/academ ic-firewalls zbugtraq@fc.net

50 Newsgroups zcomp.security.announce. zcomp.security.unix. zcomp.security.misc. zcomp.security.firewalls. zalt.security. zcomp.admin.policy. zcomp.protocols.tcp-ip. zcomp.unix.admin. zcomp.unix.wizards

51 Summary zIn these dangerous times, firewalls are the best way to keep your site secure. zAlthough you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.

Download ppt "Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, 2006. 2.Robert Zalenski, Firewall Technologies,

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Survey of Information Assurance FIREWALLS. The term firewall originally meant a wall to confine a fire or potential fire within a building. Later uses.

Survey of Information Assurance FIREWALLS. The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
Firewall COSC 513 By Lerraj Khommeteeyuthakan. Introduction to Firewall zA method for keeping a network secure zFirewall is an approach to security zHelps.

Firewall COSC 513 By Lerraj Khommeteeyuthakan. Introduction to Firewall zA method for keeping a network secure zFirewall is an approach to security zHelps.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Similar presentations

Ads by Google