Audit and Monitoring
(Cont.)
Slide ke-17 Mata Kuliah: Keamanan Jaringan
Monitoring Tools and Technique
• The actual tools and techniques used to perform monitoring Vary Greatly between environments and system platforms.
– Warning Banner. – Keystroke Monitor.
Warning Banner
• Warning Banners
Serve to Inform
Keystroke Monitor
• Keystroke monitoring is the act of
recording the key presses a user performs on a physical keyboard.
– The act of recording can be visual (such as with a video recorder) or logical/technical
Keystroke Monitor
• In most cases, Keystroke monitoring is used for malicious purposes.
– Only in Extreme Circumstances and Highly Restricted Environments is keystroke
monitoring actually employed as a means to audit and analyze.
– The software or hardware devices used to
Traffic and Trend Analysis
• Traffic and Trend Analysis can be used to infer a lot of information, such as
– Primary communication routes, sources of encrypted traffic, location of primary servers, primary and backup communication
Other Monitoring Tools
• A common example of a tool for
monitoring physical access is the use of
CCTV (Close Circuit Television).
– CCTV can be configured to automatically record the viewed events onto tape for later review, and personnel who watch for
Penetration-Testing Technique
• In security terms, a Penetration Occurs
when an attack is successful and an intruder is able to breach the perimeter of your
environment.
Penetration-Testing Technique
• On the other hand, a White Box is a device whose internal structure or processing is
known and understood.
• This distinction is important in penetration
Penetration-Testing Technique:
Planning Penetration Testing • It is just another name for launching
intrusion attempts and re-creating attacks against a network or entities on that
network.
– The activity in either a real intrusion or a simulated intrusion is the same.
• Formal Penetration testing is performed with prior approval and advance
Penetration-Testing Technique:
Penetration-Testing Technique:
Penetration Testing Team
• Penetration testing teams may have
Varying Levels Of Knowledge about the environment to be evaluated. Three
commonly recognized knowledge levels are zero, partial, and full. Here are brief descriptions:
Penetration-Testing Technique:
Penetration Testing Team
• Zero Knowledge Team, knows nothing
about the site except for basic information, such as domain name and company
address.
• Closely resembles a real external attack because all information about the
Penetration-Testing Technique:
Penetration Testing Team
• Partial Knowledge Team, is given an
inventory of hardware and software used at the site and possibly network design
and configuration details.
• The team is then able to focus its efforts on attacks and vulnerabilities specific to
Penetration-Testing Technique:
Penetration Testing Team
• Full Knowledge Team, are completely aware
of every aspect of the environment, down to
patch and upgrades installed and exact security configurations.
• Full-knowledge team conducts white-box penetration testing.
– Partial-knowledge teams are sometimes said to conduct gray-box testing because they operate between the extremes of black (zero
Penetration-Testing Technique:
Penetration-Testing Technique:
Ethical Hacking
• Ethical Hacking is a security assessment
process whereby hacking techniques and tools are employed.
• When an ethical hacker is engaged as part of your assessment team, it is important to ensure that the person does not have a conflict of
interest.
– This could be a person who also is a provider,
Penetration-Testing Technique:
Ethical Hacking
• An Ethical Hacker should not exploit discovered vulnerabilities.
• Writing to, altering, or damaging a target of evaluation is a violation of the concept of ethical hacking and bleeds into the realm of unethical.
Penetration-Testing Technique:
Sniffing and Eavesdropping
• Sniffing often involves capture or duplication of network traffic for examination,
re-creation, and extraction.
• Effective tool for capturing or extracting data from unencrypted network traffic streams:
Penetration-Testing Technique:
Sniffing and Eavesdropping
• Eavesdropping is just another term for sniffing. However, eavesdropping can include more than just capturing and recording network traffic.
Penetration-Testing Technique:
Radiation Monitoring
• Radiation Monitoring is a specific form of sniffing or eavesdropping that involves the detection, capture, and recording of radio frequency signals and other radiated
communication methods, including sound and light.
Penetration-Testing Technique:
Dumpster Diving
• Dumpster Diving is the act of digging through the refuse, remains, or leftovers from an organization or operation in order to discover or infer confidential
Penetration-Testing Technique:
Dumpster Diving
• Researching an organization for its useful details, or information gathering, includes :
– Searching, investigating, and
reverse-engineering an organization’s website and commercial products and obtaining publicly accessible literature (such as financial
Penetration-Testing Technique:
Dumpster Diving
• Scavenging is a form of information gathering performed electronically.
Penetration-Testing Technique:
Social Engineering
• Social Engineering is a skill by which an unknown person gains the trust of
someone inside your organization.
• An individuals can persuade employees that they are associated with upper
Penetration-Testing Technique:
Social Engineering
• Three Well-known Forms of social engineering attack:
– Phishing is the process of attempting to obtain sensitive information such as
usernames, passwords, credit card details, or other personally identifiable information by
Penetration-Testing Technique:
Penetration-Testing Technique:
Social Engineering
• Three well-known forms of social engineering attack:
– Spearphishing is more targeted form of phishing. Attackers may gather personal
Penetration-Testing Technique:
Social Engineering
• Three well-known forms of social engineering attack:
– Whaling
Indistinct Threat and
Countermeasure
• Not All problems that an IT infrastructure will face have definitive countermeasures or are even recognizable threats.
• Many of these vulnerabilities lack direct effect countermeasures, or the
Indistinct Threat:
Error and Omission
• Errors and omissions occur because
humans interact with, program, control, and provide data for IT.
• There are no direct countermeasures to prevent all errors and omissions.
• Some safeguards against errors and
Indistinct Threat:
Collusion
• Collusion is an agreement among multiple people to perform an unauthorized or
End of Slides
• Available at