Upload presentasi
Presentasi sedang didownload. Silahkan tunggu
1
KULIAH X FIREWALL KOM 15008 Keamanan Jaringan 2012/2013 KOM 15008 Keamanan Jaringan 2012/2013
4
Firewall Firewall adalah komponen yang berada di antara dua jaringan. Firewall menyeleksi paket-paket yang boleh masuk ke dalam suatu jaringan. A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave the protected private network
5
Firewall Sebuah paket dapat diseleksi berdasarkan: Source IP Destination IP Source Port Destination Port Protokol (TCP/UDP/ICMP) TCP Flag (Syn / ACK)
6
Introduction6 Filtering Rules - Examples Policy Firewall Setting No outside Web access. Drop all outgoing packets to any IP address, port 80 External connections to public Web server only. Drop all incoming TCP SYN packets to any IP except 222.22.44.203, port 80 Prevent IPTV from eating up the available bandwidth. Drop all incoming UDP packets - except DNS and router broadcasts. Prevent your network from being used for a Smurf DoS attack. Drop all ICMP packets going to a “broadcast” address (eg 222.22.255.255). Prevent your network from being tracerouted Drop all outgoing ICMP
7
Introduction7 Access control lists action source address dest address protocol source port dest port flag bit allow 222.22/16 outside of 222.22/16 TCP > 102380 any allow outside of 222.22/16 TCP80 > 1023ACK allow 222.22/16 outside of 222.22/16 UDP > 102353--- allow outside of 222.22/16 UDP53 > 1023---- denyall
8
Demilitarized zone (DMZ)
9
Demilitarized Zone Sekumpulan server/komputer yang tetap dapat diakses dari luar meskipun terdapat firewall di dalam jaringan
10
Introduction10 Demilitarized Zone (DMZ) Web server FTP server DNS server application gateway Internet Demilitarized zone Internal network firewall
11
DMZ Networks Demilitarized zone (DMZ)
12
Tugas: Setting IP Table di Linux Matikan dan Nyalakan port 80 dan 21 Blokir akses dari IP tertentu Screenshot buktinya
13
Terima Kasih
Presentasi serupa
