Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI"— Presentation transcript:

1 Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI
Matakuliah : H0242 / Keamanan Jaringan Tahun : 2006 Versi : 1 Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI

2 Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :
Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menggunakan Aspek dasar keamanan jaringan dan ketentuan baku OSI untuk keamanan jaringan

3 Outline Materi Latar Belakang Network Security Trend Definisi
Arsitektur OSI untuk Network Security

4 Why Is Security Important
Computers and networks are the nerves of the basic services and critical infrastructures in our society Financial services and commerce Transportation Power grids Etc. Computers and networks are targets of attacks by our adversaries

5 Why Is Security Hard The complexity of computers and networks
User expectation User ignorance Social engineering Defense is inherently more expensive Offense only needs the weakest link

6 Vulnerability Trends Flaws can be found without source code
common: system call trace new: subroutine call trace protocols can be examined for vulnerabilities program instabilities (buffer overflow, etc.) Good news — the public & vendors becoming more security conscious Patches now being released via Internet Still untested — product liability

7 What is Security Security is concerned with preventing undesired behavior An enemy/opponent/hacker/adversary may be actively and maliciously trying to circumvent any protective measures you put in place

8 Goal Security is always a trade-off
The goal should never be “to make the system as secure as possible”… …but instead, “to make the system as secure as possible within certain constraints” (cost, usability, convenience)

9 Concerns Detection and response
How do you know when you are being attacked? How quickly can you stop the attack? Can you prevent the attack from recurring? Recovery Can be much more important than prevention Legal issues?

10 Definitions Computer Security
generic name for the collection of tools designed to protect data and to thwart hackers Network Security (Includes Internet Security) measures to protect data during their transmission measures to protect data during their transmission over a collection of interconnected networks consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information

11 OSI Security Architecture
ITU-T X.800 Security Architecture for OSI Defines a systematic way of defining and providing security requirements International Standard 5 Categories 14 Services

12 Service Categories Authentication Peer-entity, Data-origin
Assurance that the communicating entity is the one claimed Access Control Prevention of the unauthorized use of a resource Data Confidentiality Connection, connectionless, selective-field, traffic-flow) Protection of data from unauthorized disclosure

13 Service Categories Data Integrity
Connection recovery, no-recovery, selective-field Connectionless no-recovery,selective-field assurance that data received is as sent by an authorized entity Non Repudiation origin, destination protection against denial by one of the parties in a communication See Table 1.4 for details of the 5 Security Service categories and the 14 specific services.

14 Security Service Something that enhances the security of the data processing systems and the information transfers of an organization Intended to counter security attacks Make use of one or more security mechanisms to provide the service Replicate functions normally associated with physical documents eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed

15 Security Mechanism A mechanism that is designed to detect, prevent, or recover from a security attack No single mechanism that will support all functions required One particular element underlies many of the security mechanisms in use: cryptographic techniques

16 Security Attack Any action that compromises the security of information owned by an organization Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems Have a wide range of attacks Can focus of generic types of attacks note: often threat & attack mean same cf. Table 1.2 for examples of security attacks, and Table 1.3 for definitions of threat and attack

17 Network Security Model
In considering the place of encryption, its useful to use the following two models. The first models information flowing over an insecure communications channel, in the presence of possible opponents. Hence an appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party.

18 Network Access Security
The second model is concerned with controlled access to information or resources on a computer system, in the presence of possible opponents. Here appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also.

19 Security Policies A security policy is a statement that partitions the state of the system into a set of authorized (or secure) states, and a set of unauthorized (or nonsecure) states A secure system is a system that starts in an authorized state and cannot enter an unauthorized state A breach of security occurs when a system enters an unauthorized state

Download ppt "Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI"

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Arsitektur Jaringan Pertemuan 09 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Arsitektur Jaringan Pertemuan 09 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Pertemuan 10 Arsitektur Jaringan Model OSI Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 10 Arsitektur Jaringan Model OSI Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.

Manajemen Jaringan dan Network Security Pertemuan 26 Matakuliah: H0484/Jaringan Komputer Tahun: 2007.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Computer and Information Security

Computer and Information Security
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Computer and Information Security Jen-Chang Liu, 2004

Computer and Information Security Jen-Chang Liu, 2004
Applied Cryptography for Network Security

Applied Cryptography for Network Security
1 Pertemuan 09 Model Fungsional Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.

1 Pertemuan 09 Model Fungsional Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google