Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I

Diterbitkan olehRiswan Sableng Telah diubah "9 tahun yang lalu

Presentasi serupa

Presentasi berjudul: "INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I"— Transcript presentasi:

1 INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I bambangwarsuta@gmail.com

2 Profile Potential Cyber User in Indonesia Sumber : Kompas, Triennal Review, Comscore Pengguna Twitter di Indonesia sebesar 9.9 juta (per 2011) merupakan pengguna terbesar keempat di dunia setelah Belanda, Jepang, & Brasil Penduduk Indonesia merupakan penduduk terbesar keempat di dunia (250 juta) setelah China, India dan USA Pengguna Facebook di Indonesia sebesar 35 juta per 2011 merupakan pengguna terbesar kedua di dunia setelah AS (152 juta)

3 Threats  Unauthorized Access = Akses oleh pihak yg tidak berhak  Mobile Device Attack = Serangan keamanan pada perangkat handphone, tablet computer  System Compromise = Kelemahan internal dari sistem/ bolong keamanan aplikasi  Cyber Espionage = Mata-mata sistem informasi  Social Engineering = Pencurian data penting melalui jejaring sosial  SPAM = Email yg tidak diperlukan  Malware = Virus program  Insider = Kegiatan orang dalam  Denial of Service = Kegagalan sistem akibat kesengajaan  Data Leakage = Kebocoran data  Phishing = Pencurian informasi melalui email  Identity Theft = Pencurian informasi identitas seseorang  Web Deface = sistem eksploitasi dengan tujuan mengganti tampilan halaman muka suatu situs.

4 Sumber : id-CERT (Cyber Emergency Response Team) 4 Besar Threat Abuse

5 Laporan Abuse dari ID-CERT  Posisi keempat tertinggi adalah MALWARE.Posisi ini turun dibandingkan tahun sebelumnya kecuali pada bulan April.  Bila dibandingkan dengan bulan Desember 2010, jumlah laporan juga turun (Posisi pada bulan Des 2010 adalah: 9.417 laporan)  Sedangkan bila dibandingkan dengan bulan yang sama ditahun 2010, maka tren yang terjadi adalahterjadi kemiripan dibanding periode yang sama tahun lalu.  Berdasarkan data Messagelabs, malware secara global memiliki kecenderungan menurun.

6 Malware  Malware = Malicious Software (perangkat lunak jahat) Kawin silang antara virus, worm, trojan horse, backdoor, keylogger, screen logger, dll  Fungsi-fungsi yang digunakan  Packer (is a program that has been packed/protected with a protection system typically designed by malware authors to bypass anti-virus protection and to hide malware contents.)  Polymorphic (memilik banyak bentuk)  Trojan, Worm, spyware.  Enkripsi  Exploit (fungsi menyerang kelemahan komputer)  Instant Messenger (chatting)  Mematikan Anti Virus yang terpasang  dll

7 Laporan Abuse dari ID-CERT (1)  Posisi ketiga tertinggi pada tahun ini adalah dengan kategori LAIN-LAIN. Dimana yang masuk dalam kategori ini adalah semuanya terkait dengan pelanggaran HaKI (Hak Atas Kekayaan Intelektual) baik itu untuk Piranti Lunak maupun Film.

8 Laporan Abuse dari ID-CERT (2)  SPAM, Dari total laporan yang masuk, SPAM menduduki peringkat kedua dari total laporan yang diterima diawal tahun 2011 ini, namun pada bulan Maret hingga Juni terdapat kecenderungan menurun.

9 Laporan Abuse dari ID-CERT (3)  Insiden jaringan (Network Incident) yang mencakup: DoS Attack, Open Relay, Open Proxy, Hacking, Port Scanning, Port Probe (HTTP/HTTPS, FTP, TELNET, TCP, SSH Brute, CGI, RPC, Netbios, VNC Portscan), TCP Sweep dan SQL Injection pada tahun ini menduduki peringkat pertama dalam riset Abuse kali ini. Hal ini merupakan rekor tertinggi semenjak awal tahun ini.

10 Secure eCommerce environment  A secure e-commerce environment requires:  Access control, usually managed by a firewall, which regulates the data flow  Authentication, which binds the identity of an individual to a specific message or transaction  Data privacy and integrity, which ensures that communications and transactions remain confidential, accurate and have not been modified.

11 First line Defense  This is the first line of defense for any website. Some methods for accomplishing this are:  Firewalls. PORT  User account security. User Credential, Password, Access Rules  Software security. Antivirus, AntiMalware, AntiSpam, etc.  Additional protection for sensitive data. Secure password management, Data Encryption, etc.

12 Successful people ask better questions, and as a result, they get better answers. Tony Robbins Silakan Bertanya???

13 COMMON WEBSITE SECURITY MEASURES (1)  Routers  Be sure that your router is appropriately configured.  A router is designed to route packets efficiently and reliably, but not securely, thus although it is a layer in your security package, a router should not be used alone as a method for implementing a security policy.  One of the most common types of security attack is what is called a “denial-of-service” attack, i.e. an attacker or attackers use various means to prevent legitimate website users from accessing a site.

14 Denial Of Services

15 FIREWALLS

16 COMMON WEBSITE SECURITY MEASURES (2)  Firewalls  A firewall is a device that controls the flow of communication between internal networks and external networks, such as the Internet.  It controls “port-level” access to a network and a website. A “port” is like a doorway into a server.  Here are some examples of firewall configurations you might want to implement. Close off the possibility of unnecessary or unauthorized traffic accessing your servers. Configure the firewall so that only wanted traffic gets through. Encrypt most or all traffic between servers. Limit the points of access.

17 COMMON WEBSITE SECURITY MEASURES (3)  Disable Nonessential Services  Some of the services you should disable on your website’s servers include, but are not limited to: Mail (SMTP). Finger  Network Protocol Netstat, systat. Chargen, echo.  Character generator Protocol FTP. Telnet. Berkeley UNIX”r” commands such as rlogin,rsh, rdist etc. SNMP.  Simple Network Management Protocol

18 COMMON WEBSITE SECURITY MEASURES (4)  User Account Security  A common method hackers use to gain access to a web server is to steal an authorized user’s account.  Restricting a user’s access to only the needed resources limits the amount of damage hackers can do to your website. Authentication and authorization are the two best general ways to restrict access. Authentication. This verifies that you are who you claim to be. Authorization. This defines what a user is allowed to do.

19 COMMON WEBSITE SECURITY MEASURES (5)  Data Confidentiality  Confidentiality ensures that only authorized people can view data transferred in networks or stored in databases.  Protecting sensitive data like credit card numbers, inventory, etc. is a difficult problem for web-based businesses

20 COMMON WEBSITE SECURITY MEASURES (6)  Monitoring Your Website  Finally, monitor your website’s usage and take a proactive stance on security holes. To ensure a high level of security, you should: Monitor for break-ins. Institute a user account change report or install a sophisticated network monitoring system. Monitor your logs after an attack, they can tell you how the attack occurred and might even provide a clue as to the identity of the attacker. Run a security analysis program that can take a snapshot of your site and then analyze for potential weaknesses in your site. Perform security audits with outside auditors to check for potential security holes that you might have missed. Back up your website on a scheduled basis so that, if needed, you can recover damaged data and programs.

21 Silakan bertanya???

22 The only source of knowledge is experience. Albert Einstein Thank You… Have a nice weekend…

Download ppt "INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I"

Presentasi serupa

INTRO (TO BPOS). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah layanan online Microsoft,

INTRO (TO BPOS). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah layanan online Microsoft,
Developing Knowledge Management dalam perusahaan Week 10 – Pert 19 & 20 (Off Class Session)

Developing Knowledge Management dalam perusahaan Week 10 – Pert 19 & 20 (Off Class Session)
INTRO TO BPOS ( Coffey’s Project Portal). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah.

INTRO TO BPOS ( Coffey’s Project Portal). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All.
PEMOGRAMAN BERBASIS JARINGAN

PEMOGRAMAN BERBASIS JARINGAN
QUESTION- RESPONSE QUESTION- RESPONSE. Adaptif Hal.: 2 Isi dengan Judul Halaman Terkait Judul Halaman Pada bagian question-response, pertanyaan-pertanyaan.

QUESTION- RESPONSE QUESTION- RESPONSE. Adaptif Hal.: 2 Isi dengan Judul Halaman Terkait Judul Halaman Pada bagian question-response, pertanyaan-pertanyaan.
SOCIAL MEDIA Widianto Nugroho, S.Sn. |

SOCIAL MEDIA Widianto Nugroho, S.Sn. |
PERUBAHAN VS PERBAIKAN Center for Continuous Improvement, Today is better than yesterday, tomorrow is better than today

PERUBAHAN VS PERBAIKAN Center for Continuous Improvement, Today is better than yesterday, tomorrow is better than today
Perancangan Web dan Internet. Introduction ? •What is a web site ? •What Is Internet ?

Perancangan Web dan Internet. Introduction ? •What is a web site ? •What Is Internet ?
INTERNET & E-COMMERCE Internet Marketing & eMarketing

INTERNET & E-COMMERCE Internet Marketing & eMarketing
Hadi Syahrial (Health IT Security Forum)

Hadi Syahrial (Health IT Security Forum)
Materi Analisa Perancangan System.

Materi Analisa Perancangan System.
Administrasi Basis Data

Administrasi Basis Data
IT SEBAGAI ALAT UNTUK MENCIPTAKAN KEUNGGULAN KOMPETISI

IT SEBAGAI ALAT UNTUK MENCIPTAKAN KEUNGGULAN KOMPETISI
Chapter Nine The Conditional.

Chapter Nine The Conditional.
Antivirus Tools Backup Tools Multimedia Tools Network Tools Password Tools.

Antivirus Tools Backup Tools Multimedia Tools Network Tools Password Tools.
Slide 3-1 Elmasri and Navathe, Fundamentals of Database Systems, Fourth Edition Revised by IB & SAM, Fasilkom UI, 2005 Exercises Apa saja komponen utama.

Slide 3-1 Elmasri and Navathe, Fundamentals of Database Systems, Fourth Edition Revised by IB & SAM, Fasilkom UI, 2005 Exercises Apa saja komponen utama.
Teknologi Open Source (pertemuan 3) Open Source vs Free Software oleh Razief Perucha F.A D3-Manajemen Informatika Jurusan Matematika – FMIPA Universitas.

Teknologi Open Source (pertemuan 3) Open Source vs Free Software oleh Razief Perucha F.A D3-Manajemen Informatika Jurusan Matematika – FMIPA Universitas.
Taken From William Stallings Chapter 2 TCP/IP Models.

Taken From William Stallings Chapter 2 TCP/IP Models.
Review IS & Software System Concept Diah Priharsari PTIIK – Universitas Brawijaya Source: 1.Obrien & Marakas, Management Information.

Review IS & Software System Concept Diah Priharsari PTIIK – Universitas Brawijaya Source: 1.Obrien & Marakas, Management Information.

Presentasi serupa

Iklan oleh Google