• Tidak ada hasil yang ditemukan

Audit and Monitoring (Cont.) Slide ke-17 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2018

Membagikan "Audit and Monitoring (Cont.) Slide ke-17 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki"

Copied!
36
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 36 Halaman )

Teks penuh

(1)

Audit and Monitoring

(Cont.)

Slide ke-17 Mata Kuliah: Keamanan Jaringan

(2)

Monitoring Tools and Technique

• The actual tools and techniques used to perform monitoring Vary Greatly between environments and system platforms.

– Warning Banner. – Keystroke Monitor.

(3)

Warning Banner

• Warning Banners

Serve to Inform

(4)

Keystroke Monitor

Keystroke monitoring is the act of

recording the key presses a user performs on a physical keyboard.

– The act of recording can be visual (such as with a video recorder) or logical/technical

(5)

Keystroke Monitor

• In most cases, Keystroke monitoring is used for malicious purposes.

– Only in Extreme Circumstances and Highly Restricted Environments is keystroke

monitoring actually employed as a means to audit and analyze.

– The software or hardware devices used to

(6)
(7)

Traffic and Trend Analysis

Traffic and Trend Analysis can be used to infer a lot of information, such as

– Primary communication routes, sources of encrypted traffic, location of primary servers, primary and backup communication

(8)
(9)

Other Monitoring Tools

• A common example of a tool for

monitoring physical access is the use of

CCTV (Close Circuit Television).

– CCTV can be configured to automatically record the viewed events onto tape for later review, and personnel who watch for

(10)
(11)

Penetration-Testing Technique

• In security terms, a Penetration Occurs

when an attack is successful and an intruder is able to breach the perimeter of your

environment.

(12)

Penetration-Testing Technique

• On the other hand, a White Box is a device whose internal structure or processing is

known and understood.

• This distinction is important in penetration

(13)

Penetration-Testing Technique:

Planning Penetration Testing • It is just another name for launching

intrusion attempts and re-creating attacks against a network or entities on that

network.

– The activity in either a real intrusion or a simulated intrusion is the same.

Formal Penetration testing is performed with prior approval and advance

(14)

Penetration-Testing Technique:

(15)

Penetration-Testing Technique:

Penetration Testing Team

• Penetration testing teams may have

Varying Levels Of Knowledge about the environment to be evaluated. Three

commonly recognized knowledge levels are zero, partial, and full. Here are brief descriptions:

(16)

Penetration-Testing Technique:

Penetration Testing Team

Zero Knowledge Team, knows nothing

about the site except for basic information, such as domain name and company

address.

• Closely resembles a real external attack because all information about the

(17)

Penetration-Testing Technique:

Penetration Testing Team

Partial Knowledge Team, is given an

inventory of hardware and software used at the site and possibly network design

and configuration details.

• The team is then able to focus its efforts on attacks and vulnerabilities specific to

(18)

Penetration-Testing Technique:

Penetration Testing Team

Full Knowledge Team, are completely aware

of every aspect of the environment, down to

patch and upgrades installed and exact security configurations.

• Full-knowledge team conducts white-box penetration testing.

– Partial-knowledge teams are sometimes said to conduct gray-box testing because they operate between the extremes of black (zero

(19)

Penetration-Testing Technique:

(20)

Penetration-Testing Technique:

Ethical Hacking

Ethical Hacking is a security assessment

process whereby hacking techniques and tools are employed.

• When an ethical hacker is engaged as part of your assessment team, it is important to ensure that the person does not have a conflict of

interest.

– This could be a person who also is a provider,

(21)

Penetration-Testing Technique:

Ethical Hacking

• An Ethical Hacker should not exploit discovered vulnerabilities.

• Writing to, altering, or damaging a target of evaluation is a violation of the concept of ethical hacking and bleeds into the realm of unethical.

(22)

Penetration-Testing Technique:

Sniffing and Eavesdropping

Sniffing often involves capture or duplication of network traffic for examination,

re-creation, and extraction.

• Effective tool for capturing or extracting data from unencrypted network traffic streams:

(23)

Penetration-Testing Technique:

Sniffing and Eavesdropping

Eavesdropping is just another term for sniffing. However, eavesdropping can include more than just capturing and recording network traffic.

(24)

Penetration-Testing Technique:

Radiation Monitoring

Radiation Monitoring is a specific form of sniffing or eavesdropping that involves the detection, capture, and recording of radio frequency signals and other radiated

communication methods, including sound and light.

(25)

Penetration-Testing Technique:

Dumpster Diving

Dumpster Diving is the act of digging through the refuse, remains, or leftovers from an organization or operation in order to discover or infer confidential

(26)

Penetration-Testing Technique:

Dumpster Diving

• Researching an organization for its useful details, or information gathering, includes :

– Searching, investigating, and

reverse-engineering an organization’s website and commercial products and obtaining publicly accessible literature (such as financial

(27)

Penetration-Testing Technique:

Dumpster Diving

Scavenging is a form of information gathering performed electronically.

(28)

Penetration-Testing Technique:

Social Engineering

Social Engineering is a skill by which an unknown person gains the trust of

someone inside your organization.

• An individuals can persuade employees that they are associated with upper

(29)

Penetration-Testing Technique:

Social Engineering

• Three Well-known Forms of social engineering attack:

Phishing is the process of attempting to obtain sensitive information such as

usernames, passwords, credit card details, or other personally identifiable information by

(30)

Penetration-Testing Technique:

(31)

Penetration-Testing Technique:

Social Engineering

• Three well-known forms of social engineering attack:

Spearphishing is more targeted form of phishing. Attackers may gather personal

(32)

Penetration-Testing Technique:

Social Engineering

• Three well-known forms of social engineering attack:

Whaling

(33)

Indistinct Threat and

Countermeasure

Not All problems that an IT infrastructure will face have definitive countermeasures or are even recognizable threats.

• Many of these vulnerabilities lack direct effect countermeasures, or the

(34)

Indistinct Threat:

Error and Omission

• Errors and omissions occur because

humans interact with, program, control, and provide data for IT.

• There are no direct countermeasures to prevent all errors and omissions.

• Some safeguards against errors and

(35)

Indistinct Threat:

Collusion

• Collusion is an agreement among multiple people to perform an unauthorized or

(36)

End of Slides

• Available at

Referensi

Unduh sekarang ( PPT - 36 Halaman - 858.00 KB )

Dokumen terkait

IPBA Skala Tata Surya dan Ukuran Alam Se

Kita tinjau sebagian kecilnya saja dari alam semesta, seperti tata surya yang memiliki satu buah bintang yaitu matahari dan delapan buah planet termasuk bumi yang

BAB II GAMBARAN UMUM KPP PRATAMA MEDAN BELAWAN A. Sejarah Singkat Kantor Pelayanan Pajak Pratama (KPP) Medan Belawan - Penerapan Sistem Administrasi Perpajakan Modern pada Proses Pemberian Surat Keterangan Bebas Pajak Pertambahan Nilai (PPN) Impor yang Be

Wilayah kerja Kantor Pelayanan Pajak Pratama Medan Belawan terdiri dari 4.. kecamatan

BAB II GAMBARAN UMUM OBJEK DAN LOKASI PKLM A. Gambaran Umum Kantor Pelayanan Pajak (KPP) Pratama Medan Polonia 1. Sejarah Umum Kantor Pelayanan Pajak (KPP) Pratama Medan Polonia - Tata Cara Penagihan Pajak Dengan Surat Paksa Pada Kantor Pelayanan Pajak Pr

Pada tahun 1976, Kantor Pelayanan Pajak masih disebut Kantor Inspeksi Pajak. Pada saat itu masih ada dua Kantor Inspeksi Pajak yaitu Kantor Inspeksi Pajak Medan Selatan dan

ISLAM DAN KEARIFAN TEMPATAN DI ALAM MELA

Pendekatan ini secara langsung bertentangan dengan paradigma Barat yang berteraskan Materialistik-Mekanisme menganggap alam sebagai sumber utama yang berupa material-

Materi Sejarah Kelas XI IPA

Berdasarkan bangunan candi yang ada, baik yang bercorak Hindu maupun Budha jumlah cukup banyak dan tempat atau lokasinyapun ada yang berdampingan, maka hal

Isolasi dan Identifikasi Senyawa Bahan (1)

Telah dilakukan penelitian isolasi dan identifikasi senyawa metabolit sekunder dari lamun Enhalus acoroides (Linn. f.) Royle serta uji aktivitasnya terhadap bakteri

Pengaruh Desain Pekerjaan dan Kompensasi terhadap Kinerja Staf Puskesmas Kabupaten Simalungun

Apakah anda bertanggung jawab melaksanakan kegiatan Promkes meliputi Penyuluhan Kesehatan, Pembinaan PSM / UKBM, Pembinaan PHBS dan koordinasi lintas program sesuai dengan

42 Tahun yang lalu Timor Leste memprokla

(Siapa tahu) kalau kalau tentara Indonesia datang menyerbu.” Demikian Francisco Xavier do Amaral berkisah kepada Radio Nederland (1995) ketika menceritakan momen-momen saat