NETWORK VULNERABILITY
Prepared by
Syahmuddin Alfaritsi
CONTENTS
Introduction
Type, Classification of Vulnerability
Top 10 Vulnerabilty on The Network
02
Introduction
03
Introduction
04
Introduction
Dalam sistem keamanan jaringan , istilah Vulnerability
merupakan suatu kelemahan yang memungkinkan seseorang
untuk masuk dan mendapatkan hak akses kedalam jaringan
yang dituju (target). Biasanya vulnerability adalah kelemahan
yang dikarenakan kesalahan setting ataupun ketidaktahuan
administrator.
05
Introduction
06
Introduction
Untuk itu lah ada yang disebut dengan Exploit. Dalam hal ini
Exploit adalah sebuah kode untuk menyerang keamanan
komputer secara spesifik.
06
Introduction
06
Type, Classification Of
Vulnerability
07
Type Of Vulnerability
1. Physical Vulnerability
Kerentanan secara fisik, misalnya lokasi penyimpanan,
bangunan dan lain-lain dari perangkat dan jaringan
2. Natural Vulnerability
Kerentanan disebabkan faktor alam dan lingkungan misalnya,
kebakaran,banjir,gempa bumi , temperatur,debu,masalah
listrik dan lain-lain
08
Type Of Vulnerability
4. Media Vulnerability
media back-up seperti disket,cdrom dapat dicuri, dapat rusak
karena debu dan arus listrik yang tidak sesuai
08
Classification Of Vulnerability
08
Classification Of Vulnerability
1. Misconfirgurations
08
Classification Of Vulnerability
2. Default Installations
08
Classification Of Vulnerability
3. Buffer Overflows
08
Classification Of Vulnerability
08
Classification Of Vulnerability
4. Unpatched Servers
08
Classification Of Vulnerability
7. Application Flaws
08
Classification Of Vulnerability
8. Operating System Flaws
08
Classification Of Vulnerability
9. Design Flaws
08
Classification Of Vulnerability
9. Design Flaws
08
Top 10 Vulnerabilty on
The Network
14
Top 10 Vulnerabilty on The Network
Believe it or not, USB drives are actually one of, if not the
most, common ways you can infect a network from inside a
firewall. There are several reasons for this; they're
inexpensive, small, hold a lot of data and can be used
between multiple computer types. The ubiquity of thumb
drives has driven hackers to develop targeted malware, such
as the notorious Conficker worm, that can automatically
execute upon connecting with a live USB port.
08
Top 10 Vulnerabilty on The Network
What to do:
Change the computer's default autorun policies. You can find
information on how do that within Windows environments
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
It's been reported that this intrusion has cost TJ Stores more
than $500 million dollars to date. Wireless APs are naturally
insecure, regardless if encryption is used or not. Protocols
such as wireless encryption protocol contain known
vulnerabilities that are easily compromised with attack
frameworks, such as Aircrack. More robust protocols such as
wireless protected access (WPA) and WPA2 are still prone to
dictionary attacks if strong keys are not used.
08
Top 10 Vulnerabilty on The Network
What to do:
WPA2 Enterprise using RADIUS is recommended along with
an AP that is capable of performing authentication and
enforcing security measures. Strong, mixed passwords should
be used and changed on a fairly frequent basis. Generally,
wireless APs are connected for convenience, so it is usually
not necessary to have them connected to a working
environment.
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
5. Inside connections:
08
Top 10 Vulnerabilty on The Network
What to do:
Passwords should be changed regularly. Authentication and
access levels are a must for any employee -- he should only
have access to systems, file shares, etc. that are needed to
fulfill his duties. Any special requests should always be
escalated to a team (not a single user with authority) who
can authorize the request.
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
7. Optical media:
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
8. Hindsight is 20/20:
08
Top 10 Vulnerabilty on The Network
08
Top 10 Vulnerabilty on The Network
10. E-mail:
08
Top 10 Vulnerabilty on The Network
What to do:
With e-mail security, source identification is key. Identify the
sender using technology such as PGP, or a simple array of
questions before sending sensitive information. Access
control to broad alias-based e-mail addresses should be
enforced. And policy and reminders should be sent out to
employees.
08
Next to Scanning
34