MODUL 5

NETWORK VULNERABILITY

Prepared by
Syahmuddin Alfaritsi
CONTENTS

 Introduction
 Type, Classification of Vulnerability
 Top 10 Vulnerabilty on The Network

02
Introduction

03
Introduction

04
Introduction
Dalam sistem keamanan jaringan , istilah Vulnerability
merupakan suatu kelemahan yang memungkinkan seseorang
untuk masuk dan mendapatkan hak akses kedalam jaringan
yang dituju (target). Biasanya vulnerability adalah kelemahan
yang dikarenakan kesalahan setting ataupun ketidaktahuan
administrator.

Vulnerability dapat ditemukan dengan metode exploit, yaitu

sebuah kode yang menyerang keamanan komputer secara
spesifik. Exploit banyak digunakan untuk penentrasi baik
secara legal ataupun ilegal untuk mencari kelemahan
(Vulnerability) pada suatu perangkat atau jaringan.

05
Introduction

Ada banyak definisi seputar apa itu Vulnerability. Salah

satunya adalah menurut pengertian ISO 27005 (Standar
tentang information security risk management), Vulnerability
adalah : “ A weakness of an asset or group of assets that can
be exploited by one or more threats “ .

Definisi lain adalah dari IETF RFC 2828 (Internet Engineering

Task Force tentang Internet Security), yaitu “A flaw or
weakness in a system’s design, implementation, or operation
and management that could be exploited to violate the
system’s security policy”.

06
Introduction

Adanya vulnerability kemudian memunculkan upaya-upaya

untuk melakuan ekploitasi bagaimana mengetahui
vulnerabilitas sebuah sistem jaringan.

Untuk itu lah ada yang disebut dengan Exploit. Dalam hal ini
Exploit adalah sebuah kode untuk menyerang keamanan
komputer secara spesifik.

Exploit banyak digunakan untuk penetrasi baik secara legal

ataupun ilegal untuk mencari kelemahan (Vulnerability) pada
komputer.

06
Introduction

Sangatlah dianjurkan admin dari sistem jaringan melakukan

self checking atas vulnerability sistem yang dikelolanya, hal
ini akan menjadi feedback untuk melakukan perbaikan
keamanan sistem sebelum orang lain mengetahui dan
memanfaatkan untuk hal-hal yang tidak diinginkan.

Dalam hal ini salah satu tantangan terbesar adalah

menangani vulnerabilitas yang tersembunyi, yaitu adanya
kelemahan-kelemahan sistem keamanan jaringan dari faktor-
faktor yang tidak terduga sebelumnya., misalnya yang sering
terjadi adalah keterlambatan untuk melakukan upgrade
sistem.

06
Type, Classification Of
Vulnerability

07
Type Of Vulnerability

Berbagai macam tipe vulnerability

1. Physical Vulnerability
Kerentanan secara fisik, misalnya lokasi penyimpanan,
bangunan dan lain-lain dari perangkat dan jaringan

2. Natural Vulnerability
Kerentanan disebabkan faktor alam dan lingkungan misalnya,
kebakaran,banjir,gempa bumi , temperatur,debu,masalah
listrik dan lain-lain

08
Type Of Vulnerability

3. Hardware Dan Software Vulnerability

jenis hardware dan software tertentu dapat menimbulkan
lubang sekuriti pada sistem

4. Media Vulnerability
media back-up seperti disket,cdrom dapat dicuri, dapat rusak
karena debu dan arus listrik yang tidak sesuai

08
Classification Of Vulnerability

08
Classification Of Vulnerability
1. Misconfirgurations

Kesalahan mengkonfirgurasi parameter perangkat atau

jaringan yang disengaja atau pun tidak disengaja dapat
memberikan celah keamanan yang dapat dimanfaatkan oleh
pihak lain yang tidak bertanggung jawab untuk masuk ke
perangkat atau jaringan.

08
Classification Of Vulnerability
2. Default Installations

Kebanyakan orang melakukan installasi sebuah

software/aplikasi pada laptop/computer/server atau
perangkat lain agar cepat dan tidak ingin menemui kesulitan
maka digunakan default saja. Padahal setiap perangkat
mempunyai karakter /respon yang berbeda kepada suatu
aplikasi yang diinstall.

08
Classification Of Vulnerability
3. Buffer Overflows

Kelemahan Buffer overflow adalah salah satu dari banyak

kelemahan dari keamanan jaringan. Kelemahan jenis ini
dapat digunakan pada remote access atau local access,
karena ini dapat memberikan si Attacker kesempatan untuk
melanjarkan jurus-jurus dengan koding dikomputer target.

Serangan Buffer overflow terjadi ketika si Attacker

memberikan input yang berlebihan pada program yang di
jalankan, sehingga program mengalami kelebihan muatan
dan memory tidak dapat mengalokasikannya.

08
Classification Of Vulnerability

Ini memberikan kesempatan kepada Attacker untuk

menindih data pada program dan men-takeover kontroll
program yang dieksekusi attacker. Buffer overflow hasil dari
kelemahan bahasa pemrograman c, c++, fortran, dan
assembly, yang tidak secara otomatis melakukan pengecekan
batas input ketika program dieksekusi.

Akibat dari Buffer overflow dapat menyebatkan crash pada

program, atau mempersilahkan si Attacker untuk
mengeksekusi perintah atau koding jahatnya untuk
menguasai sistem target, seperti tujuan mengambil alih akun
root menggunakan metode Buffer overflow.

08
Classification Of Vulnerability
4. Unpatched Servers

Umumnya serangan diarahkan ke server-server karena di

perangkat tersebut menyimpan banyak informasi/data yang
dapat digunakan untuk mengexploit lebih jauh atau
mengontrol perangkat lain.

Sebuah server yang tidak dipatched artinya sejak didevelope

pertama kali tidak pernah dilakukan penyempurnaan
aplikasi. Biasanya sebuah aplikasi setelah diperkenalkan
maka akan banyak dilakukan pengetesan pengetesan untuk
melihat seberapa lama/jauh kehandalan aplikasi tersebut
bisa bertahan.
08
Classification Of Vulnerability
5. Default Password

Default password adalah hal yang sering dilakukan oleh

beberapa vendor pada saat mengimplementasikan suatu
perangkat dengan alas an jumlah node yang di
implementasikan bisa mencapai puluhan bahkan ratusan
node sehingga untuk merubah default password yang
biasanya adalah untuk admin atau root membuat
pekerjaan tambahan untuk mereka. Padahal dengan kondisi
default password tersebut maka semua node yang
diimplementasikan mempunyai celah yang sangat berbahaya
dikarenakan default password tersebu dapat mengontrol
penuh fungsi node tersebut.
08
Classification Of Vulnerability
6. Open Services

Layanan dari sebuah aplikasi yang bisa interaksi dengan

aplikasi lain walaupun berbeda pengembangnya sehingga
memudahkan terjadinya integrasi dari beberapa aplikasi
pada suatu sistem. Namun disisi lain membuka celah
terjadinya ancaman/serangan terhadap aplikasi tersebut.

08
Classification Of Vulnerability
7. Application Flaws

Sebuah aplikasi dikembangkan dari sebuah riset atau

kebutuhan, saat ini banyak sekali aplikasi yang setelah di
launch beberapa lama kemudian muncul lagi versi terbaru.
Hal ini bisa diakibatkan dari hasil evaluasi dari developer itu
sendiri atau pengguna aplikasi tersebut atau mungkin versi
yang lama sudah bisa di reverse engineer atau dijadikan
media untuk mengancam atau menyerang aplikasi/perangkat
lain. Bisa dikatakan bahwa aplikasi tersebut mempunyai
‘flaws’ dalam bahasa Indonesia ‘cacat’.

08
Classification Of Vulnerability
8. Operating System Flaws

Operating System Flaws, adanya cacat di suatu OS sangat

berbahaya karena seperti diketahui OS adalah sistem yang
menjalankan suatu perangkat komputer bias berupa PC,
Laptop, Server, Router dll. Jika OS ada cacat itu menjadi celah
ancaman dan serangan yang sangat penting.

08
Classification Of Vulnerability
9. Design Flaws

Setelah Aplikasi Flaws, OS Flaws maka Design Flaws menjadi

salah satu celah keamanan lain yang bisa
meretas/menyerang sistem jaringan karena kesalahan desain
sangat mendasar bisa membuka pintu secara keseluruhan
terhadap keamanan dan kehandalan sistem jaringan.

08
Classification Of Vulnerability
9. Design Flaws

Setelah Aplikasi Flaws, OS Flaws maka Design Flaws menjadi

salah satu celah keamanan lain yang bisa
meretas/menyerang sistem jaringan karena kesalahan desain
sangat mendasar bisa membuka pintu secara keseluruhan
terhadap keamanan dan kehandalan sistem jaringan.

08
Top 10 Vulnerabilty on
The Network

14
Top 10 Vulnerabilty on The Network

1. USB thumb drives:

Believe it or not, USB drives are actually one of, if not the
most, common ways you can infect a network from inside a
firewall. There are several reasons for this; they're
inexpensive, small, hold a lot of data and can be used
between multiple computer types. The ubiquity of thumb
drives has driven hackers to develop targeted malware, such
as the notorious Conficker worm, that can automatically
execute upon connecting with a live USB port.

08
Top 10 Vulnerabilty on The Network

1. USB thumb drives : cont’d

What's worse is that default operating system configurations

typically allow most programs (including malicious ones) to
run automatically. That's the equivalent of everyone in your
neighborhood having an electric garage door opener and
being able to use it to open everyone else's garage doors.

What to do:
Change the computer's default autorun policies. You can find
information on how do that within Windows environments

08
Top 10 Vulnerabilty on The Network

2. Laptop and netbooks:

Laptops are discreet, portable, include full operating systems,

can operate using an internal battery and come with a handy
Ethernet port for tapping directly into a network. What's
more, a notebook may already have malicious code running
in the background that is tasked to scour the network and
find additional systems to infect. This notebook could belong
to an internal employee or guest who's visiting and working
from an open cube or office.Beyond infected laptops
compromising an internal network, it's important to think
about the laptops themselves.

08
Top 10 Vulnerabilty on The Network

2. Laptop and netbooks: cont’d

All companies have some forms of sensitive information that

absolutely cannot leave the walls of the building (salary
information, medical records, home addresses, phone
numbers and Social Security numbers are just a few obvious
examples). It becomes very dangerous when that
information is stored on an unsecured portable computer, as
they are easy to walk off with. We've seen numerous,
publicly disclosed instances of notebooks with sensitive data
that have "gone missing." Unless the laptop employs a tough
encryption algorithm, data is often easy to recover from any
given file system.
08
Top 10 Vulnerabilty on The Network

2. Laptop and netbooks: cont’d

What to do: Implement an encrypted file system for sensitive

data. There are a number of off-the-shelf solutions out there
to choose from, along with open source ones such as
TrueCrypt. Control over endpoints that enter and exit the
internal system is also important. Sensitive information, such
as VPN, DV and Wi-Fi access should not be stored
persistently on devices such as laptops or netbooks.

08
Top 10 Vulnerabilty on The Network

3. Wireless access points:

Wireless APs provide immediate connectivity to any user

within proximity of the network. Wireless attacks by
wardrivers (people in vehicles searching for unsecured Wi-Fi
networks) are common and have caused significant damage
in the past. TJ Stores, owners of Marshalls and TJMaxx, was
attacked using this method, and intruders penetrated the
company's computer systems that process and store
customer transactions including credit card, debit card, check
and merchandise return transactions.

08
Top 10 Vulnerabilty on The Network

3. Wireless access points: cont’d

It's been reported that this intrusion has cost TJ Stores more
than $500 million dollars to date. Wireless APs are naturally
insecure, regardless if encryption is used or not. Protocols
such as wireless encryption protocol contain known
vulnerabilities that are easily compromised with attack
frameworks, such as Aircrack. More robust protocols such as
wireless protected access (WPA) and WPA2 are still prone to
dictionary attacks if strong keys are not used.

08
Top 10 Vulnerabilty on The Network

3. Wireless access points: cont’d

What to do:
WPA2 Enterprise using RADIUS is recommended along with
an AP that is capable of performing authentication and
enforcing security measures. Strong, mixed passwords should
be used and changed on a fairly frequent basis. Generally,
wireless APs are connected for convenience, so it is usually
not necessary to have them connected to a working
environment.

08
Top 10 Vulnerabilty on The Network

4. Miscellaneous USB devices:

Thumb drives aren't the only USB-connected devices IT

needs to be wary of. Many devices are also capable of
storing data on common file systems that can be read and
written to through a USB or similar connection. Since it isn't
the primary function of these devices, they are often
forgotten as a potential threat. The fact is, if an endpoint can
read and execute data from the device, it can pose just as
much of a threat as a thumb drive. These devices include
digital cameras, MP3 players, printers, scanners, fax
machines and even digital picture frames.

08
Top 10 Vulnerabilty on The Network

4. Miscellaneous USB devices: cont’d

In 2008, Best Buy reported that they found a virus in the

Insignia picture frames they were selling at Christmas that
came directly from the manufacturer.
What to do:
Implement and enforce asset control and policies around
what devices can enter the environment and when. And then
follow that up with frequent policy reminders. In 2008, the
Department of Defense developed policies and banned USB
and other removable media from entering/exiting their
environments.

08
Top 10 Vulnerabilty on The Network

5. Inside connections:

Internal company employees can also inadvertently or

intentionally access areas of the network that they wouldn't
or shouldn't otherwise have access to and compromise
endpoints using any of the means outlined in this article.
Maybe the employee "borrows" a co-worker's machine while
he's away at lunch. Maybe the employee asks a fellow
worker for help accessing an area of the network that he
doesn't have access to.

08
Top 10 Vulnerabilty on The Network

5. Inside connections: cont’d

What to do:
Passwords should be changed regularly. Authentication and
access levels are a must for any employee -- he should only
have access to systems, file shares, etc. that are needed to
fulfill his duties. Any special requests should always be
escalated to a team (not a single user with authority) who
can authorize the request.

08
Top 10 Vulnerabilty on The Network

6. The Trojan human:

Like the Trojan horse, the Trojan human comes into a

business in some type of disguise. He could be in business
attire or dressed like legitimate repairman (appliance,
telecom, HVAC). These types of tricksters have been known
to penetrate some pretty secure environments, including
server rooms. Through our own social conditioning, we have
the tendency to not stop and question an appropriately
attired person we don't recognize in our office environment.

08
Top 10 Vulnerabilty on The Network

6. The Trojan human: cont’d

An employee may not think twice about swiping their access

card to allow a uniformed worker into their environment for
servicing. It can take less than a minute for an unsupervised
person in a server room to infect the network.
What to do:
Reminders should be sent to employees about authorizing
third parties. Identify the source by asking questions, not
making assumptions.

08
Top 10 Vulnerabilty on The Network

7. Optical media:

In June 2010, an Army intelligence analyst was arrested after

being charged with stealing and leaking confidential data to
public networks. Sources claim the analyst did so by bringing
in music CDs labeled with popular recording artists, using this
medium only as a guise. Once he had access to a networked
workstation, he would access the classified information he
had authorized credentials for and store the data on the
"music" CDs in encrypted archives. To help cover his tracks,
the analyst would lip sync to the music that was supposedly
stored on the CDs while at his workstation.

08
Top 10 Vulnerabilty on The Network

7. Optical media: cont’d

Recordable media that appear to be legitimate can and has

been used to piggyback data in and out of networks. And,
like the thumb drives mentioned above, they can be used as
a source for network infection.
What to do:
As with the USB tip, it's important to implement and enforce
asset control and policies around what devices can enter the
environment and when. And then follow that up with
frequent policy reminders.

08
Top 10 Vulnerabilty on The Network

8. Hindsight is 20/20:

While much of this list focuses on mitigating threats that

capitalize on digital technology, we shouldn't forget that the
human mind is also very effective at storing information.
Who is watching you when you log into your desktop? Where
are your hard copies stored? What confidential documents
are you reading on your laptop at the coffee shop, airplane.
What to do:
The best safeguard is being conscious and alert about this
threat whenever working on sensitive material -- even if it
means stopping what you're doing momentarily to observe
your surroundings.
08
Top 10 Vulnerabilty on The Network

9. Smartphones and other digital devices:

Today, phones do more than just allow you to call anyone in

the world from anywhere; they're full-functioning
computers, complete with Wi-Fi connectivity, multithreaded
operating systems, high storage capacity, high-resolution
cameras and vast application support. And they, along with
other portable tablet-like devices, are starting to be given the
green light in business environments. These new devices
have the potential to pose the same threats we've seen with
notebooks and thumb drives.

08
Top 10 Vulnerabilty on The Network

9. Smartphones and other digital devices: cont’d

What's more, these devices also have the potential to elude

traditional data-leak prevention solutions. What's to stop a
user from taking a high-resolution picture of a computer
screen, and then e-mailing it over a phone's 3G/4G network?
What to do:
The same rules for USB devices and optical media apply here.
Implement and enforce asset control and policies around
what devices can enter the environment and when.

08
Top 10 Vulnerabilty on The Network

10. E-mail:

E-mail is frequently used within businesses to send and

receive data; however, it's often misused. Messages with
confidential information can easily be forwarded to any
external target. In addition, the e-mails themselves can carry
nasty viruses. One targeted e-mail could phish for access
credentials from an employee. These stolen credentials
would then be leveraged in a second-stage attack.

08
Top 10 Vulnerabilty on The Network

10. E-mail: cont’d

What to do:
With e-mail security, source identification is key. Identify the
sender using technology such as PGP, or a simple array of
questions before sending sensitive information. Access
control to broad alias-based e-mail addresses should be
enforced. And policy and reminders should be sent out to
employees.

08
Next to Scanning

34