Prof.  Richardus  Eko  Indrajit  

indrajit@post.harvard.edu  

KEAMANAN  INFORMASI  DAN  INTERNET  

Konsep  –  Prinsip  –  Strategi  –  Implementasi  –  Tata  Kelola  

Fenomena  LAMA,  Perilaku  BARU  



Anak  pertama  lahir  



Anak  gadis  dimarahin  orang  tua  



Suami  bertengkar  dengan  istri  

 

Komputer  dan  telpon  rusak  



Pegawai  naik  pangkat  



Pergi  ke  toilet  di  tempat  publik  



Silaturahmi  keluarga  saat  hari  raya  

Fungsi  Strategis  TI  

FUNGSI HORISONTAL: transaksi

FUNGSI VERTIKAL

Prinsip  Pemanfaatan  Teknologi  Informasi  #1  

 TI  sebagai  penunjang  kegiatan  operasional  atau   transaksional  

–  Mengirimkan  uang  antar  bank  

–  Memesan  karcis  pesawat  

–  Mengambil  mata  kuliah  per  semester  

–  Membeli  pulsa  telepon  

–  Mengak��an  peralatan  elektronik  

Prinsip  Pemanfaatan  Teknologi  Informasi  #2  

 TI  sebagai  penunjang  proses  pengambilan  keputusan  

–  Menyimpan  dan  mengorganisasikan  data  

–  Mengolah  dan  merepresentasikan  data  

–  Membuat  laporan  berkala  maupun  ad-­‐hoc  

–  Menjalankan  skenario  dan  simulasi  kompleks  

–  Mengelola  informasi  dan  pengetahuan  

Prinsip  Pemanfaatan  Teknologi  Informasi  #3  

 TI  sebagai  penunjang  ak�vitas  komunikasi  dan   kolaborasi  

–  Mengirimkan  dokumen  dan  berkas  digital  

–  Melakukan  pembicaraan  lintas  batas  

–  Menjalankan  ak�vitas  kooperasi  virtual  

–  Mengunduh  data  dari  beragam  sumber  

–  Mengunggah  informasi  ke  berbagai  tempat  

Kenyataan  Tak  Terabaikan  

  Dunia  nyata  dan  dunia  cyber  telah  saling  berkonvergensi  

saling  melengkapi  

 Ak�vitas  kegiatan  sehari-­‐hari  terjadi  di  kedua  dunia  tersebut  

  Jumlah  interaksi  antar  individu  dan  ins�tusi/organisasi  

meningkat  secara  signifikan  

  Jenis  teknologi  semakin  beragam  dan  manusiawi  

 

è  Potensi  melakukan  kegiatan  intelijen  berbasis  digital  semakin  

1

 Cyberspace.  

  A  reality  community  between   PHYSICAL  WORLD  and  

ABSTRACTION  WORLD  

 1.4  billion  of  real  human   popula�on  (internet  users)  

Informa�on  Roles  

 Why  informa�on?  

–  It  consists  of  important  data  and  facts  (news,  reports,  

sta�s�cs,  transac�on,  logs,  etc.)  

–  It  can  create  percep�on  to  the  public  (market,  poli�cs,  

image,  marke�ng,  etc.)  

–  It  represents  valuable  assets  (money,  documents,  

password,  secret  code,  etc.)  

–  It  is  a  raw  material  of  knowledge  (strategy,  plan,  

What  is  Internet  ?  

  A  giant  network  of  networks  where  people  exchange  

informa�on  through  various  different  digital-­‐based  ways:  

Email   Mailing  List   Website  

Cha�ng   Newsgroup   Blogging  

E-­‐commerce   E-­‐marke�ng   E-­‐government  

2

 Cyberthreat.  

n  The trend has increased in an exponential rate mode

n  Motives are vary from recreational to criminal purposes

n  Can caused significant economic losses and political suffers

n  Difficult to mitigate

Interna�onal  Issues  

  What  Does  FBI  Say  About  Companies:  

–  91%  have  detected  employee  abuse  

–  70%  indicate  the  Internet  as  a  frequent  a�ack  point   –  64%  have  suffered  financial  losses  

–  40%  have  detected  a�acks  from  outside   –  36%  have  reported  security  incidents  

   

 

Source:  FBI  Computer  Crime  and  Security  

Growing  Vulnerabili�es  

*  Gartner  “_{CIO  Alert:  Follow  Gartner}’_{s  Guidelines  for  Upda�ng  Security  on  Internet  Servers,  Reduce  Risks.}”  _{J.  Pescatore,  February  2003}  

**  As  of    2004,  CERT/CC  no  longer  tracks  Security  Incident  sta�s�cs.  

Incidents and Vulnerabilities Reported to CERT/CC

0

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

To

Vulnerabilities Security Incidents

“

“Through 2008, 90 percent of successful hacker attacks will exploit well-known software

vulnerabilities.””

Poten�al  Threats  

Unstructured  Threats  

w   Insiders  

w   Recrea�onal  Hackers  

w   Ins�tu�onal  Hackers  

Structured  Threats  

w  Organized  Crime  

w  Industrial  Espionage  

w  Hack�vists  

Na�onal  Security  Threats  

w  _Terrorists  

w  _{Intelligence  Agencies}    

3

 Cybera�ack.  

  Too  many  a�acks  have  been  

performed  within  the  cyberspace.  

  Most  are  triggered  by  the  cases  in  the   real  world.  

 The  eternal  wars  and  ba�les  have   been  in  towns  lately.  

  Estonia  notorious  case  has  opened  the   eyes  of  all  people  in  the  world.  

Internet  and  Crimes  

A�acks  Sophis�ca�on  

Cross site scripting

password guessing

self-replicating code password cracking

exploiting known vulnerabilities disabling audits

back doors

hijacking sessions sweepers

sniffers packet spoofing

GUI automated probes/scans

denial of service

www attacks

Tools “

“stealth”” / advanced

scanning techniques

burglaries

network mgmt. diagnostics

distributed attack tools

Staged Auto

Vulnerabili�es  Exploit  Cycle  

Advanced Intruders Discover New Vulnerability

Crude Exploit Tools Distributed

Novice Intruders Use Crude Exploit Tools

Automated

Scanning/Exploit Tools Developed

Widespread Use of Automated Scanning/Exploit Tools

Intruders Begin Using New Types of Exploits

Highest Exposure

Time   #  Of  

File  Management  

URL  Management  

Directory  Traversal  Management  

Mailing  List  Management  

Live  Camera  Management  

Surveillance  Camera  Management  

Security  Camera  Management  

Mul�ple  Camera  Management  

Strategies  for  Protec�on  

Protecting Information

Mandatory  Requirements  

Informa�on  Security  Disciplines  

 Physical  security  

 Procedural  security  

 Personnel  security  

 Compromising  emana�ons  security  

 Opera�ng  system  security  

 Communica�ons  security  

  

  a  failure  in  any  of  these  areas  can  undermine  the  

Best  Prac�ce  Standard   Information

Security Policy Communication

& Operations Mgmt System

Development & Maint. Bus. Continuity

Planning

Compliance

Informa�on  

Integrity   Confiden�ality  

Availability  

These  Two  Guys  …..  

5

 Cybercrime.  

n  Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION

n  Virtually involving inter national boundaries and multi resources

n  Intentionally targeting to fulfill special objective(s)

n  Convergence in nature with intelligence efforts.

Mo�ves  of  Ac�vi�es  

1.  Thrill  Seekers    

2.  Organized  Crime    

3.  Terrorist  Groups  

6

 Cyberlaw.  

n  Difficult to keep updated as technology trend moves

n  Different stories between the rules and enforcement efforts

n  Require various infrastructure, superstructure, and resources

n  Can be easily “out-tracked” by law practitioners

The  Crime  Scenes  

IT as a Tool

First  Cyber  Law  in  Indonesia.  

Range of penalty:

  Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)

  6 to 12 years in prison (jail)

starting from

25 March 2008

Main  Challenge.  

ILLEGAL

“… the distribution of

illegal materials within

the internet …”

ILLEGAL

“… the existence of

source with illegal materials that can be accessed through

Two  Way  Rela�onship  

Cyber   Space  

Real   World  

“

Two  Way  Rela�onship  

real interaction real transaction

real resources real people

flow of information flow of product/services

Two  Way  Rela�onship  

Rule of Conduct Mechanism

Cyber Law

“

Classic  Defini�on  of  War  

WAR is here to stay…

““Can Cyber Law alone

become the weapon for modern defense

against 21st _century

Cyber Warfare & Cyber

impact  

Two  Way  Rela�onship  

Cyber   Space  

impact  

Two  Way  Rela�onship   Incidents  

 

Interna�onal   Events   Published  

Books   Materials  

  Interests  

Two  Way  Rela�onship   Journalism  

 

Anonymous   Interac�on  

  Provoca�on  

 

The  Paradox  of  Increasing  Internet  Value  

internet    

users   transac�on  value   interac�on  frequency   communi�es  spectrum   usage  objec�ves  

+   +   +   +   =  

The  Internet  Value  

threats  

it  means…  

Internet  Security  Issues  Domain   through  connec�ng   a  set  of  digital-­‐ protocols  

   All  technical   components   (hardware  and   so�ware)  interact   to  each  other   within  a  complex   dependent…  

   It  is  a  part  of   business  system  as   transac�ons  and   interac�ons  are   being  conducted   accordingly  

Technical  Trend  Perspec�ve  

malicious  

code   vulnerabili�es   spam  and  spyware   phishing  and  iden�fy  the�   �me  to  exploita�on  

the  phenomena…  

the  efforts…  

Firewalls  

An�spyware  

An�Virus  

So�ware  Patches  

Web  and  Email  Security  

Malware  Blocking  

Network  Access  Control  

Intrusion  Preven�on  

Applica�on  and  Device  Control  

Business  Trend  Perspec�ve   Regulatory   Compliance  

         

Governance   Requirements  

  Management  

  Enforcement  

the  strategy…  

IT  Audit    

Technology  Compliance  

Disaster  Recovery  Center  

Security  Management  

Backup  and  Recovery  

ISO  Compliance  

Storage  and  Backup  Management   Business  Con�ngency  Plan  

Applica�on  and  Device  Control  

Archiving  and  Reten�on  Management  

Chief  Security  Officer  

Social  Trend  Perspec�ve  

the  characteris�cs…  

the  choices…   Everywhere  

  Borderless   Geography  

The  Core  Rela�onships  

People   (Social  Aspects)  

Technology   (Technical  Aspects)  

Converging  Trend  

T

ECHNICAL  

ISSUES  

B

USINESS  ISSUES  

S

OCIAL  

Internetworking  Dependency  

Since  the  strength  of  a  chain    

   depends  on  the  weakest  link,  

 

Things  to  Do  

Work  Philosophy  

Why does a car have BRAKES ???

The car have BRAKES so that it can go FAST … !!!

Prof.  Richardus  Eko  Indrajit  

Chairman  of  ID-­‐SIRTII  and  APTIKOM  

 

indrajit@post.harvard.edu     www.eko-­‐indrajit.com