Security Awareness
Incident di LPSE
• Sulit Melakukan Upload
• Password berubah
• FiPenyalahgunaan user LPSE
• le Upload diganti
• File corrupt
• OS Corrupt
• HDD rusak
• Aplikasi Tidak Bisa Di Akses
Side Effect
• LPSE kehilangan kepercayaan termasuk oleh LKPP
• Audit oleh eksternal mulai inspektorat, BPKP, Kejaksaan, Kepolisian, BPK atau KPK
• Review pegawai oleh Atasan
Review Fungsi IT di LPSE
• Administratif
• Fisik
– Akses Ruang server (finger print,kunci & gembok)
– CCTV
• Orang
Review Fungsi IT di LPSE
• Teknik
– Fungsi redundancy environment
• Power Source (Listrik PLN dan Genset)
• Temporary Power Source (UPS)
• Cooling (Primary and Backup)
– Fungsi Redundancy data
• Backup Data file dan DB (COLD atau HOT)
• Mirroring System
– Fungsi Monitoring
• Monitoring ketersediaan
• Monitoring capacity
Common Security Threat LPSE
• Remote ssh steal password
• Ransomware Database
• HTTP Header Modification
• Defaced
• SQL Injection
• SSH Without Password
• Slowloris DDOS (Flooding)
• Brute Force
Remote steal password
• Add source code into openssh
Ransomware Database
Send 0.5 BTC to this address and go to this site http://ann2hzqgedo3plvu.onion/ to recover your database! SQL dump will be available after
payment! |
SQL Injection
• 112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET
/eproc/faqpage?q=%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34 %39%38%37%29%20%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A HTTP/1.1" 403 234 "-" "sqlmap/1.0-dev (http://sqlmap.org) »
• bl0wsshd 6.71p (/usr/bin/ssh, /usr/sbin/sshd)
• Perl IRC bot
• rainroot, file ./u (privilege gainer, permission: suid)
• MiG log cleaner
• php-reverse-shell
What to do ???
• Separate security for each entity in the Infrastructure
• Manage User Access Control
Password Policy
Different User Access
• Hardening Remote System
• Hardening Kernel OS
• Manage Log System
• Secure Communication Channel
Password Policy :
• Used cracklib PAM Library : libpam-cracklib
• Edit file PAM configuration
– /etc/pam.d/system-auth on Centos
– /etc/pam.d/common-password on Debian
• Set Complexity Configuration
“...
password requisite pam_cracklib.so try_first_pass retry=3 minlength=12 lcredit=3 ucredit=2 dcredit=3 ocredit=2 difok=4
…....”
Different User Access :
• allow root / admin login from spesific console
• Create Different User
• Assign user to spesific group
• Limit User Remote
• Use non Standart Port
• Disable non-usable fitur
– TCP Forward
– Tunnel
– X11 Forward
• Using rsyslog
• Using Adiscon Log Analyzer for Web UI
Secure Communication Channel
• Type VPN :
– Site to Site VPN
– Remote Access Site VPN
• Jenis VPN :
– VPN Software (OpenVPN , Softether VPN)