Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

Enabling Secure Internet Access with ISA Server
DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)
Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
IUT– Network Security Course 1 Network Security Firewalls.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Survey of Information Assurance FIREWALLS. The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses.
Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies
Firewall COSC 513 By Lerraj Khommeteeyuthakan. Introduction to Firewall zA method for keeping a network secure zFirewall is an approach to security zHelps.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
1 Sonia FahmyPurdue University Firewalls and Firewall Testing Techniques Sonia Fahmy Department of Computer Sciences Purdue University
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Circuit & Application Level Gateways CS-431 Dick Steflik.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Internet and Intranet Fundamentals Class 8 Session A.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
CONTENTS  INTRODUCTION.  KEYWORDS  WHAT IS FIREWALL ?  WHY WE NEED FIREWALL ?  WHY NOT OTHER SECURITY MECHANISM ?  HOW FIREWALL WORKS ?  WHAT IT.
Internet and Intranet Fundamentals Class 9 Session A.
Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.
Firewalls and Info Services Prevent unathorized access between nets Most of the protection is based upon examination of the IP packets There is always.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Module 11: Designing Security for Network Perimeters.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Security fundamentals Topic 10 Securing the network perimeter.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
1 An Introduction to Internet Firewalls Dr. Rocky K. C. Chang 12 April 2007.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 26: Network Security Dr. Wayne Summers Department of Computer Science Columbus State University
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Security fundamentals
Network Security: Pentingnya Keamanan Komputer
CompTIA Security+ Study Guide (SY0-401)
CONNECTING TO THE INTERNET
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
CompTIA Security+ Study Guide (SY0-401)
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Chapter 26: Network Security
Firewalls Purpose of a Firewall Characteristic of a firewall
FIREWALL By Abhishar Baloni I.D
Firewalls Jiang Long Spring 2002.
دیواره ی آتش.
Implementing Firewalls
Presentation transcript:

Network Security: Pentingnya Keamanan Komputer Computer Network Research Group ITB

Perspective... zless then 200 security incident in zabout 400 in zabout 1400 in zestimated more than 2241 in zNobody knows the correct statistics on how many attacks are actually detected by the sites broken into.

Survey Dan Farmer (Dec96) z1700 web sites: y60% vurnelable. y9-24%terancam jika satu bug dari service daemon (ftpd, httpd / sendmail) ditemukan. ySerangan pada % sites di netralisir menggunakan denial-of-service

Statistik Serangan

Resiko Serangan

Sumber Serangan

Aktifitas Serangan

Serangan di Internet zApprox hosts are connected to Internet (end1996) zUS DoD serangan / tahun. zSerangan pada Rome Laboratory.

Network Security usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’

Layout Firewall

What are you trying to protect? zYour Data. zYour Resources. zYour Reputation.

What Are You Trying To Protect Against? zType of attacks zIntrusion. zDenial of Service. zInformation Theft.

Type of Attackers zJoyriders. zVandals. zScore Keepers. zSpies (Industrial & Otherwise). zStupidity & Accidents.

Security Policy ‘satu keputusan yang menentukan batasan- batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’

Objectives zSecrecy zData Integrity zAvailability

Step Security Policy zApa yang boleh / tidak boleh. zPrediksi resiko & biaya (start dengan bug). zTentukan objek yang di lindungi. zTentukan bentuk ancaman & serangan: yunauthorized access. yDisclosure information. yDenial of service.

Step... zPerhatikan kelemahan system: yauthentication. yPassword sharing. yPenggunaan password yang mudah di tebak. ySoftware bug. zOptimasi Cost / Performance.

Manusia... zTanggung Jawab. zKomitmen.

Design Security Policy zKerahasiaan (Secrecy) zIntegritas Data zAvailability zKonsistensi zKontrol Identifikasi & Authentikasi zMonitoring & Logging

Prinsip... zHak minimum zKurangi jumlah komponen

How Can You Protect Your Site zNo Security. zSecurity Through Obscurity. zHost Security. zNetwork Security. zNo Security Model Can Do It All.

What Can A Firewall Do? zA firewall is a focus for security decisions. zA firewall can enforce security policy. zA firewall can log Internet activity efficiently. zA firewall limits your exposure.

What Can’t A Firewall Do? zA firewall can’t protect you against malicious insiders. zA firewall can’t protect you against connections that don’t go through it. zA firewall can’t protect against completely new threats. zA firewall can’t protect against viruses.

List of A Must Secure Internet Services zElectronic mail (SMTP). zFile Transfer (FTP). zUsenet News (NNTP). zRemote Terminal Access (Telnet). zWorld Wide Web Access (HTTP). zHostname / Address lookup (DNS).

Security Strategies. zLeast Privilege. zDefense in Depth (multiple security mechanism). zChoke Point forces attackers to use a narrow channel. zWeakest Link. zFail-Safe Stance. zDiversity of Defense. zSimplicity.

Building Firewalls

Some Firewall Definitions zFirewall yA component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. zHost yA computer system attached to a network.

Firewall Def’s Cont’.. zBastion Host yA computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. zDual-homed host yA general-purpose computer system that has at least two network interfaces (or homes).

Firewall Def’s Cont... zPacket. yThe fundamental unit of communication on the Internet. zPacket filtering. yThe action a device takes to selectively control the flow of data to and from a network. zPerimeter network. ya network added between a protected network and external network, to provide additional layer of security.

Firewall Def’s Cont... zProxy Server yA program that deals with external servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.

Packet Filtering

Proxy Services

Screened Host Architecture

De-Militarized Zone Architecture

DMZ With Two Bastion Hosts

It’s OK zMerge Interior & Exterior Router zMerge Bastion Host & Exterior Router zUse Mutiple Exterior Router zHave Multiple Perimeter Network zUse Dual -Homed Hosts & Screened Subnets

It’s Dangerous zUse Multiple Interior Router zMerge Bastion Host and Interior Router

Private IP Address zUse within Internal Network zReference RFC 1597 zIP address alocation: yClass A:10.x.x.x yClass B: x.x x.x yClass C: x x

Bastion Host zIt is our presence in Internet. zKeep it simple. zBe prepared for the bastion host to be compromised.

Special Kinds of Bastion Hosts zNonrouting Dual-Homed Hosts. zVictim Machine. zInternal Bastion Hosts.

Choosing A Bastion Host zWhat Operating System? yUnix zHow Fast a Machine? y386-based UNIX. yMicroVAX II ySun-3

Proxy Systems zWhy Proxying? yProxy systems deal with the insecurity problems by avoiding user logins on the dual- homed host and by forcing connections through controlled software. yIt’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.

Proxy - Reality & Illusion

Advantages of Proxying zProxy services allow users to access Internet services “directly” zProxy services are good at logging.

Disadvantages of Proxying zProxy services lag behind non-proxied services. zProxy services may require different servers for each service. zProxy services usually require modifications to clients, procedures, or both. zProxy services aren’t workable for some services. zProxy services don’t protect you from all protocol weaknesses.

Proxying without a Proxy Server zStore-and-Forward services naturally support proxying. zExamples: y (SMTP). yNews (NNTP). yTime (NTP).

Internet Resources on Security Issues

WWW Pages zhttp:// tml zhttp:// ml

Mailing Lists yftp://ftp.greatcircle.com/pub/firewalls/ yhttp:// yftp://net.tamu.edu/pub/security/lists/academ ic-firewalls

Newsgroups zcomp.security.announce. zcomp.security.unix. zcomp.security.misc. zcomp.security.firewalls. zalt.security. zcomp.admin.policy. zcomp.protocols.tcp-ip. zcomp.unix.admin. zcomp.unix.wizards

Summary zIn these dangerous times, firewalls are the best way to keep your site secure. zAlthough you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.