Security Awareness

Incident di LPSE

• Sulit Melakukan Upload

• Password berubah

• FiPenyalahgunaan user LPSE

• le Upload diganti

• File corrupt

• OS Corrupt

• HDD rusak

• Aplikasi Tidak Bisa Di Akses

Side Effect

• LPSE kehilangan kepercayaan termasuk oleh LKPP

• Audit oleh eksternal mulai inspektorat, BPKP, Kejaksaan, Kepolisian, BPK atau KPK

• Review pegawai oleh Atasan

Review Fungsi IT di LPSE

• Administratif

• Fisik

– Akses Ruang server (finger print,kunci & gembok)

– CCTV

• Orang

Review Fungsi IT di LPSE

• Teknik

– Fungsi redundancy environment

• Power Source (Listrik PLN dan Genset)

• Temporary Power Source (UPS)

• Cooling (Primary and Backup)

– Fungsi Redundancy data

• Backup Data file dan DB (COLD atau HOT)

• Mirroring System

– Fungsi Monitoring

• Monitoring ketersediaan

• Monitoring capacity

Common Security Threat LPSE

• Remote ssh steal password

• Ransomware Database

• HTTP Header Modification

• Defaced

• SQL Injection

• SSH Without Password

• Slowloris DDOS (Flooding)

• Brute Force

Remote steal password

• Add source code into openssh

Ransomware Database

Send 0.5 BTC to this address and go to this site http://ann2hzqgedo3plvu.onion/ to recover your database! SQL dump will be available after

payment! |

SQL Injection

• 112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET

/eproc/faqpage?q=%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34 %39%38%37%29%20%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A HTTP/1.1" 403 234 "-" "sqlmap/1.0-dev (http://sqlmap.org) »

• bl0wsshd 6.71p (/usr/bin/ssh, /usr/sbin/sshd)

• Perl IRC bot

• rainroot, file ./u (privilege gainer, permission: suid)

• MiG log cleaner

• php-reverse-shell

What to do ???

• Separate security for each entity in the Infrastructure

• Manage User Access Control

 Password Policy

 Different User Access

• Hardening Remote System

• Hardening Kernel OS

• Manage Log System

• Secure Communication Channel

Password Policy :

• Used cracklib PAM Library : libpam-cracklib

• Edit file PAM configuration

– /etc/pam.d/system-auth on Centos

– /etc/pam.d/common-password on Debian

• Set Complexity Configuration

“...

password requisite pam_cracklib.so try_first_pass retry=3 minlength=12 lcredit=3 ucredit=2 dcredit=3 ocredit=2 difok=4

…....”

Different User Access :

• allow root / admin login from spesific console

• Create Different User

• Assign user to spesific group

• Limit User Remote

• Use non Standart Port

• Disable non-usable fitur

– TCP Forward

– Tunnel

– X11 Forward

• Using rsyslog

• Using Adiscon Log Analyzer for Web UI

Secure Communication Channel

• Type VPN :

– Site to Site VPN

– Remote Access Site VPN

• Jenis VPN :

– VPN Software (OpenVPN , Softether VPN)