• Tidak ada hasil yang ditemukan

Network Security: Attacks and Monitoring Slide ke-3 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2018

Membagikan "Network Security: Attacks and Monitoring Slide ke-3 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki"

Copied!
40
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 40 Halaman )

Teks penuh

(1)

Network Security:

Attacks and Monitoring

Slide ke-3 Mata Kuliah: Keamanan Jaringan

(2)

Course Objectives

• Network Monitoring

• Intrusion Detection System (IDS) • Penetration Testing

(3)

Network Monitoring

• Subject are held accountable for their actions

while authenticated on a system.

• It is also, the process to detect unauthorized or abnormal activities on the system.

• The audit trails created by recording system to log can be used to evaluate a system’s health and performance.

(4)

Network Monitoring (Cont.)

• Log Event provide an audit trails for recreating a step by step history of an event, intrusion, and system failure.

(5)

Intrusion Detection

• Intrusion Detection System (IDS) is

primarily used to detect intrusion attempts, also, can be employed to detect system

failure and overall performance.

• IDS alert can be sent with an on screen

(6)
(7)

IDSs Response

• A response from ADS can be classified into three types:

Active: Directly affects malicious activity in the network traffic.

Passive: Doesn’t affects malicious activity, but

record the information about the issue and notifies the administrator.

(8)

IDSs Response

• Typical IDS responses for several actions, including blocking port, blocking protocol, blocking source address, and disabling all communication over some specific cable segment.

(9)

Host- and Network-based IDS

Host-based IDS watches for questionable activity on a single computer system.

• Host-based IDS look at audit trails, event log, and application log.

Network-based IDS watches for:

(10)
(11)

Knowledge- and

Behavior-based Detection

• IDS can detect malicious behavior with 2 common types:

– Knowledge-based detection (also known as signature-based or pattern matching).

(12)

Knowledge-based Detection

• Here, IDS use signature database and

attempts to match all monitored event to its content.

• If a match is made, the IDS assumes that an attacks are taking place.

• This method is only effective for known attack method or behavior.

(13)

Knowledge-based Detection

(Cont.)

• Knowledge-based IDS lacks a learning model, that is, it is unable to recognize new attack pattern as they occur.

• Therefore, the administrator should consider an up-to-date and correct signature.

– As mentioned before, it is like an antivirus

(14)

Behavior-based Detection

• Basically, behavior-based detection learns about the normal activities and events on your system by watching and tracking

what it sees.

• Once it has accumulated enough data about normal activity, it can detect

(15)

Behavior-based Detection

• A behavior-based IDS can be labeled an expert system or artificial intelligence

system because it can learn and make assumptions about events.

• In other words, the IDS can act like a

(16)

IDS Related Tools

• These IDS-related tools expand the

usefulness and capabilities of IDSs and make them more efficient and less prone to false positives.

• These tools include – honeypots,

– padded cells, and

(17)

Understanding Honeypots

• Individual computers or entire networks created to serve as a trap for intruders.

– Look and act like legitimate network, but they are totally fake.

• Honeypots tempt intruders by presenting un-patched and unprotected security

vulnerabilities.

(18)

Typical Honeypots

Deployment

(19)

Understanding Honeypots

(Cont.)

• Honeypots performing malicious activities long enough for the automated IDS to

detect the intrusion and gather as much information about the intruder as possible.

– Legitimated users never enter the Honeypots.

(20)

Understanding Honeypots

(Cont.)

• The use of honeypots raises the issue of

enticement vs. entrapment.

• A honeypot can be legally used as an

enticement device if the intruder discovers it through no outward efforts of the

honeypot owner.

(21)

Understanding Honeypots

(Cont.)

Entrapment, which is illegal, occurs when the honeypot owner actively solicits

visitors to access the site and then

charges them with unauthorized intrusion. • In other words, it is considered to be

entrapment when you trick or encourage a perpetrator into performing an illegal or

(22)

Understanding Padded Cells

• A padded cell system is similar to a honeypot, but it performs intrusion isolation using a different approach.

– When an IDS detects an intruder, that intruder is automatically transferred to a padded cell. – Within the padded cell the intruder can neither

(23)

Understanding

Vulnerabilities Scanner

• Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses.

– May recommend applying patches or making specific configuration or security setting

changes to improve or impose security.

• An extension to the concept of the IDS is the intrusion prevention system (IPS),

(24)

Understanding

Vulnerabilities Scanner (Cont.)

• An IPS seeks to actively block

unauthorized connection attempts or illicit traffic patterns as they occur.

(25)

Penetration Testing

• A penetration occurs when an attack is

successful and an intruder is able to breach the perimeter around your environment.

– It is common for organizations to hire external consultants to perform penetration testing.

– So testers are not informed to confidential elements of the environment’s security

(26)

Penetration Testing (Cont.)

• There are open-source and commercial tools such as Metasploit and Core

IMPACT.

• To evaluate your system, benchmarking and testing tools are available for

(27)

Penetration Testing (Cont.)

• Keeping up with the latest attacks,

vulnerabilities, exploits, and demands that careful, attentive security professionals

keep up with security bulletins.

– U.S. Computer Emergency Readiness Team at www.us-cert.gov/cas/bulletins or those from the Common Vulnerabilities and Exposures

(28)

Method of Attacks

(List. 1)

• The following are the most common or well-known access control attacks or

attack methodologies (these are listed in alphabetical order):

– Brute force and dictionary attack – Denial of Services

(29)

Method of Attacks

(List. 2)

• The following are the most common or well-known access control attacks or

attack methodologies (these are listed in alphabetical order):

– Sniffing – Spamming

(30)

Brute Force and Dictionary

Attacks

• We discuss brute-force and dictionary

attacks together because they are waged against the same entity: passwords.

• A brute-force attack is an attempt to

discover passwords for user accounts by systematically attempting all possible

(31)

Denial of Services

Attacks

• Denial-of-service (DoS) attacks are attacks that prevent a system from processing or responding to legitimate traffic or requests for resources and objects.

– The most common form of DoS is transmitting so many data packets to a server that it cannot process them all.

– DoS can result in system crashes, system

(32)

Denial of Services Attacks

Types

Single attacking system flooding a single victim with a steady stream of packets.

– This simple form of DoS is easy to terminate just by blocking packets from the source IP address.

A distributed denial of service (DDoS) occurs when the attacker compromises several

(33)

Spoofing Attacks

• Spoofing attacks consist of replacing a valid source and/or destination IP address and

node numbers with false ones.

– Art of pretending to be something you’re not.

• Spoofing is employed when:

– Uses a stolen username and password.

– An attacker changes the source address in a malicious packet.

(34)

Man in The Middle Attacks

• A man-in-the-middle attack occurs when a malicious user is able to gain a position between the two endpoints of an ongoing communication.

– Sniffing the traffic between two parties; this is basically a sniffer attack.

– The other involves attackers positioning

(35)

Man in The Middle Attacks

(Cont. 2)

• A form of this attack, called hijack attack, a malicious user is positioned between a

(36)

Man in The Middle Attacks

(Cont. 3)

• Another type, a reply attack (playback attack).

– A malicious user records traffic between a client and server; then packets sent from the client to the server are played back or

retransmitted to that server with slight

(37)

Sniffing Attacks

• A sniffer attack (also known as a

snooping attack) is any activity that results in a malicious user obtaining information about a network or the traffic over that network.

• A sniffer is some kind of packet-capturing program that dumps the contents of

(38)

Spamming Attacks

• Spam: the term that describes unsolicited email, newsgroup, or discussion forum

messages.

– Spam can be as innocuous as an advertisement from a well-meaning vendor or as malignant as floods of unrequested messages with viruses or Trojan horses attached.

– Spamming attacks are directed floods of

(39)

Access Control Compensation

• Access control is used to regulate or specify which objects a subject can

access and what type of access is allowed or denied.

• To specify countermeasures for each of these attacks, you can use certain

(40)

Access Control Compensation

(Cont. 1)

• Backups are the best means of

compensation against access control violations.

• Having backup communication routes, mirrored servers, clustered systems,

failover systems, and so on can provide instant automatic or quick manual

Referensi

Unduh sekarang ( PPT - 40 Halaman - 610.50 KB )

Dokumen terkait

LPSE Kabupaten Sitaro A. REVISI HPS

Sehubungan dengan adanya kesalahan dalam penginputan data pada Pengumuman Lelang non e-proc yang telah ditayangkan khususnya untuk POKJA KONSTRUKSI, maka bersama

Jenis jenis metode penelitian deskriptif

antara variabel-variabel yang diteliti hipotesis eksperimental Prediksi mengenai efek dari antecendent terhadap perilaku..

S SMS 1202257 Chapter1

sesuai temponya dengan iringan yang sedang di putar, lalu pada saat R ingin memainkan karya yang berjudul ”Sweet and Low” dari buku John Thomson II, guru

ANALISIS KINERJA KEUANGAN MENGENAI TINGK (2)

berada diantara peringkat 1 dan 2, pada aspek aktiva rasio KAP pada tahun 2006. dan 2007 berada diantara peringkat 1 dan 2, sedangkan pada tahun

Pengelolaan Air Berbasis Masyarakat. ppt

Pilihan yang diinformasikan sebagai pendekatan tanggap kebutuhan Masyarakat Masyarakat sebagai penentu sebagai penentu keputusan keputusan Pemerintah Pemerintah

BAB 2 LANDASAN TEORI 2.1 Masalah Kependudukan - Keadaan Demografi Penduduk Kota Pematangsiantar Tahun 2015 Berdasarkan Data Tahun 2004 - 2009

Proyeksi penduduk ini secara periodic perlu direvisi, karena sering terjadi bahwa asumsi tentang kecenderungan tingkat kelahiran, kematian dan perpindahan penduduk

BAB I PENDAHULUAN - Analisis Stock Selection Skills dan Market Timing Abiliites Manajer Investasi Terhadap Reksa Dana Saham Periode 2010-2013

tidak memiliki stock selection skills yang baik, sedangkan untuk market timing. abilities walaupun ada namun masih sangat kecil dan

ANALISIS PEKERJAAN DAN JABATAN serta

Tahap analisis jabatan yaitu: tahap 1 menetapkan tujuan jabatan, tahap II yaitu menetapkan apa yang akan dianalisis, tahap III mengumpulkan informasi tentang

Image