Computer
Network
Security
(General)
(Specific)
Internetwork
Posisi Security
Owner
Service
Server
Security
Not Owner
Request
Client
Convenience
(More specific)
Mungkinkah aman?
Sangat sulit mencapai 100% aman
Ada timbal balik antara keamanan vs. kenyamanan (security vs
convenience)
Definisi computer security:
A computer is secure if you can depend on it and its software to behave as you expect
(Garfinkel & Spafford)
Keamanan
Keamanan
Keamanan
Keamanan
Application security
fokus kepada aplikasinya sendiri
PC security
Privacy / confidentiality
Integrity
Authentication
Availability
Non-repudiation
Access control
Privacy / confidentiality
Serangan: sniffer
Integrity
Authentication
Availability
Non-repudiation
Access Control
Jenis Ancaman
(Konsep)
Interruption
Interception
Modification
Fabrication
Sumber
Informasi
tujuan
NORMAL
INTERCEPTION
MODIFICATION
INTERRUPTION
FABRICATION
Jenis Serangan
(Teknis)
a. Physical Access Attacks, yaitu :
serangan yang mencoba mendapatkan
akses melalui jalur fisik, contoh :
- Wiretapping, yaitu : usaha untuk dapat
mengakses data melalui media
transmisi (kabel)
- Server hacking, usaha untuk
mengakses resource server langsung
secara fisik
- Vandalism, serangan dengan tujuan
rusaknya sistem secara fisik
b. Dialog Attacks, yaitu serangan yang
dilakukan saat pihak pengirim dan
penerima men-transmisi-kan datanya,
contoh :
- Eavesdropping, yaitu menguping dan
mengintip data yang sedang
ditransmisikan
- Impersonation, yaitu serangan dengan
cara berpura-pura (menipu) mengaku
sebagai orang lain
- Message Alteration, yaitu serangan
dengan cara mengubah data yang
dikirim pihak lain sebelum sampai ke
tujuannya
c. Penetration Attacks, yaitu serangan
yang mencoba menembus pertahanan
Penanganan keamanan :
Prosedur kerja
Fisik/lokasi
Teknis
SSL
SSH
IDS
AntiVirus tools
Backup
Recovery
Hardening Host
Komputer :
Letak Fasilitas Keamanan pada Sistem
Format file : ASCII (text), biner, terkompress, terenkripsi, FAT, NTFS, EXT,
Presentasion Layer :
Session Layer :
Transport Layer :
Network Layer :
Data Link Layer :
Physical Layer :
Security Management
Security is a primarily a Management Issue, not a
Technologi Issue
Top to Buttom Commitment
Comprehensive Security :
o Closing All avenues of attack
o Asymetrical warfare : attacker only has to find one
opening
o Defense in depth : attecker must get past several
defenses to succeed
A security policy is a formal statement of the rules by which people who are given
access to an organization's technology and information assets must abide.
The main purpose of a security policy is to inform users, staff and managers of their
obligatory requirements for protecting technology and information assets. The policy
should specify the mechanisms through which these requirements can be met. Another
purpose is to provide a baseline from which to acquire, configure and audit computer
systems and networks for compliance with the policy. Therefore an attempt to use a set
of security tools in the absence of at least an implied security policy is meaningless.
List of individuals who should be involved in the creation and review of
security policy documents:
1) Site security administrator
2) Information technology technical staff (e.g., staff from computing center)
3) Administrators of large user groups within the organization (e.g., business
divisions, computer science department within a university, etc.)
4) Security incident response team
5) Representatives of the user groups affected by the security policy
6) Rresponsible management
7) Legal counsel (if appropriate)
Istilah-istilah umum :
Access Control
Attack
Passive
Active
Authentication
Authorization
Availability
Back-up
Biometric-Authentication
Brute-force
Chipertext
Confidentiality
Cracking
Cryptography
Decryption
Digital Signature
Encryption
Exploit
Hacking
Hardening Host/Server
Integrity
Intruder
Non-repudiation
Patch
Penetration
Plaintext
Policy
Port
Privacy
Privilege
Recovery
Service
Socket
Trojan horse
Trusted System
Trustee assigment
Vulnerability