Audit and Monitoring (Cont.) Slide ke-17 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

(1)

Audit and Monitoring

(Cont.)

Slide ke-17 Mata Kuliah: Keamanan Jaringan

(2)

Monitoring Tools and Technique

• The actual tools and techniques used to perform monitoring Vary Greatly between environments and system platforms.

– Warning Banner. – Keystroke Monitor.

(3)

Warning Banner

• Warning Banners

Serve to Inform

(4)

Keystroke Monitor

• Keystroke monitoring is the act of

recording the key presses a user performs on a physical keyboard.

– The act of recording can be visual (such as with a video recorder) or logical/technical

(5)

Keystroke Monitor

• In most cases, Keystroke monitoring is used for malicious purposes.

– Only in Extreme Circumstances and Highly Restricted Environments is keystroke

monitoring actually employed as a means to audit and analyze.

– The software or hardware devices used to

(6)

(7)

Traffic and Trend Analysis

• Trafﬁc and Trend Analysis can be used to infer a lot of information, such as

– Primary communication routes, sources of encrypted trafﬁc, location of primary servers, primary and backup communication

(8)

(9)

Other Monitoring Tools

• A common example of a tool for

monitoring physical access is the use of

CCTV (Close Circuit Television).

– CCTV can be conﬁgured to automatically record the viewed events onto tape for later review, and personnel who watch for

(10)

(11)

Penetration-Testing Technique

• In security terms, a Penetration Occurs

when an attack is successful and an intruder is able to breach the perimeter of your

environment.

(12)

Penetration-Testing Technique

• On the other hand, a White Box is a device whose internal structure or processing is

known and understood.

• This distinction is important in penetration

(13)

Penetration-Testing Technique:

Planning Penetration Testing • It is just another name for launching

intrusion attempts and re-creating attacks against a network or entities on that

network.

– The activity in either a real intrusion or a simulated intrusion is the same.

• _{Formal Penetration}_{testing is performed} with prior approval and advance

(14)

Penetration-Testing Technique:

(15)

Penetration-Testing Technique:

Penetration Testing Team

• Penetration testing teams may have

Varying Levels Of Knowledge about the environment to be evaluated. Three

commonly recognized knowledge levels are zero, partial, and full. Here are brief descriptions:

(16)

Penetration-Testing Technique:

• Zero Knowledge Team, knows nothing

about the site except for basic information, such as domain name and company

address.

• Closely resembles a real external attack because all information about the

(17)

Penetration-Testing Technique:

• Partial Knowledge Team, is given an

inventory of hardware and software used at the site and possibly network design

and conﬁguration details.

• The team is then able to focus its efforts on attacks and vulnerabilities speciﬁc to

(18)

Penetration-Testing Technique:

• _{Full Knowledge Team}_{, are completely aware}

of every aspect of the environment, down to

patch and upgrades installed and exact security conﬁgurations.

• Full-knowledge team conducts white-box penetration testing.

– Partial-knowledge teams are sometimes said to conduct gray-box testing because they operate between the extremes of black (zero

(19)

Penetration-Testing Technique:

(20)

Penetration-Testing Technique:

Ethical Hacking

• _{Ethical Hacking}_{is a security assessment}

process whereby hacking techniques and tools are employed.

• When an ethical hacker is engaged as part of your assessment team, it is important to ensure that the person does not have a conﬂict of

interest.

– This could be a person who also is a provider,

(21)

Penetration-Testing Technique:

Ethical Hacking

• An Ethical Hacker should not exploit discovered vulnerabilities.

• Writing to, altering, or damaging a target of evaluation is a violation of the concept of ethical hacking and bleeds into the realm of unethical.

(22)

Penetration-Testing Technique:

Sniffing and Eavesdropping

• _Snifﬁng_{often involves capture or duplication} of network trafﬁc for examination,

re-creation, and extraction.

• Effective tool for capturing or extracting data from unencrypted network trafﬁc streams:

(23)

Penetration-Testing Technique:

Sniffing and Eavesdropping

• Eavesdropping is just another term for snifﬁng. However, eavesdropping can include more than just capturing and recording network trafﬁc.

(24)

Penetration-Testing Technique:

Radiation Monitoring

• _{Radiation Monitoring}_{is a speciﬁc form of} snifﬁng or eavesdropping that involves the detection, capture, and recording of radio frequency signals and other radiated

communication methods, including sound and light.

(25)

Penetration-Testing Technique:

Dumpster Diving

• Dumpster Diving is the act of digging through the refuse, remains, or leftovers from an organization or operation in order to discover or infer conﬁdential

(26)

Penetration-Testing Technique:

Dumpster Diving

• Researching an organization for its useful details, or information gathering, includes :

– Searching, investigating, and

reverse-engineering an organization’s website and commercial products and obtaining publicly accessible literature (such as ﬁnancial

(27)

Penetration-Testing Technique:

Dumpster Diving

• Scavenging is a form of information gathering performed electronically.

(28)

Penetration-Testing Technique:

Social Engineering

• Social Engineering is a skill by which an unknown person gains the trust of

someone inside your organization.

• An individuals can persuade employees that they are associated with upper

(29)

Penetration-Testing Technique:

• Three Well-known Forms of social engineering attack:

– _Phishingis the process of attempting to obtain sensitive information such as

usernames, passwords, credit card details, or other personally identiﬁable information by

(30)

Penetration-Testing Technique:

(31)

Penetration-Testing Technique:

• Three well-known forms of social engineering attack:

– _{Spearphishing} is more targeted form of phishing. Attackers may gather personal

(32)

Penetration-Testing Technique:

• Three well-known forms of social engineering attack:

– Whaling

(33)

Indistinct Threat and

Countermeasure

• Not All problems that an IT infrastructure will face have deﬁnitive countermeasures or are even recognizable threats.

• Many of these vulnerabilities lack direct effect countermeasures, or the

(34)

Indistinct Threat:

Error and Omission

• Errors and omissions occur because

humans interact with, program, control, and provide data for IT.

• There are no direct countermeasures to prevent all errors and omissions.

• Some safeguards against errors and

(35)

Indistinct Threat:

Collusion

• Collusion is an agreement among multiple people to perform an unauthorized or

(36)

End of Slides

• Available at