Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system.

Presentasi serupa

Presentasi berjudul: "3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system."— Transcript presentasi:

1 3/28/20151 Data Security

2 Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system 2

3 3/28/20153

4 4 Penyalinan data (data copying) Pengaksesan data terlarang (aunauthorized access) Penyalahan guna data (abuse) Jenis Kerawanan Data ( Types of Data Vulnerability )

5 3/28/20155 Serangan Keamanan Pasif –Snooping: berusaha mencuri informasi berharga dari suatu dokumen –Eavesdropping: mendengarkan sebuah percakapan orang lain untuk mencuri informasi Snooping Eavesdropping 5

6 3/28/20156 Serangan Keamanan (lanjutan …) Aktif –Interception: menghentikan informasi dan mengambilnya untuk mendapatkan informasi berharga, selanjutnya diteruskan kembali (bisa jadi telah diubah) –Denial of Service (DoS): melumpuhkan target (hang, crash) sehingga sistem tidak dapat memberikan layanan –Repudiation: memberikan informasi palsu kepada target atau bertindak sebagai orang lain untuk mendapatkan informasi yang diinginkan pelaku.

7 3/28/20157 Praktek Pencurian PIN di Indonesia Kasus Bank BCA –Typosquatting  membuat domain “plesetan” –Nama domain Asli: –Beli kombinasi domain –Harga Rp. nama domain.COM dsb Pelaku mendapatkan: kode akses (pin), nomor rekening, Password dari puluhan bahkan ratusan nasabah Akibatnya:

8 3/28/20158 Pencurian PIN via Kamera Mikro Pencurian PIN dengan Kamera Wireless Sumber: [Budi Rahardjo, 2005] 8

9 Information Privacy What is information privacy? Legal for employers to use monitoring software programs Difficult to maintain today because data is stored online Employee monitoring is using computers to observe employee computer use Right of individuals and companies to deny or restrict collection and use of information about them 9

10 Information Privacy What are spyware, adware, and spam?  Spyware is program placed on computer without user’s knowledge  Adware is a program that displays online advertisements  Spam is unsolicited message sent to many recipients 10

11 Information Privacy How can you control spam? Collects spam in central location that you can view any time Service that blocks messages from designated sources filtering Sometimes removes valid messages Attempts to remove spam Anti-spam program 11

12 Information Privacy What is phishing? Scam in which a perpetrator sends an official looking that attempts to obtain your personal and financial information 12

13 3/28/ SCOPE OF SECURITY Electronically safe ( computer and network systems ) Physically safe ( rooms, channels, spaces, environment ) Procedurally safe ( policies, laws, merit systems )

14 3/28/ Scope of Electronic Security

15 3/28/ Scope of Pysical Security

16 3/28/ Scope of Procedural Security

17 3/28/ Methods of Data Security Access Right Assignment Authentication Virus prevention, detection & removal Network Protection & Security Data Encryption Periodical Data Backup Recovery System Monitoring System Establishment of SOP & Training nobody knows you’re dog

18 3/28/ Access Right Assignment Domain User Domain Operasi Domain Obyek Siapa? Dapat melakukan apa? Terhadap obyek apa?

19 3/28/ Example of Access Right Assignment

20 3/28/ Methods of Data Security: Authentication To ensure the identity, legality and authorithy of a user/ agroup of users to enter and utilize a system that store data. In general, authentication uses the combination of protected login ID and password The use of bio-password (biometrics) are highly recommended nowadays.

21 Unauthorized Access and Use How can you make your password more secure?  Longer passwords provide greater security

22 Unauthorized Access and Use What is a biometric device?  Authenticates person’s identity using personal characteristic  Fingerprint, hand geometry, voice, signature, and iris 22

23 3/28/201523

24 3/28/201524

25 Internet and Network Attacks How can a virus spread through an message? Step 1. Unscrupulous programmers create a virus program that deletes all files. They hide the virus in a picture and attach the picture to an message. Step 2. They use the Internet to send the message to thousands of users around the world. Step 3b. Other users do not recognize the name of the sender of the message. These users do not open the message - instead they delete the message. These users’ computers are not infected with the virus. Step 3a. Some users open the attachment and their computers become infected with the virus. 25

26 Internet and Network Attacks What is a firewall?  Security system consisting of hardware and/or software that prevents unauthorized intrusion 26

27 Internet and Network Attacks What is a personal firewall?  Program that protects personal computer and its data from unauthorized intrusions  Monitors transmissions to and from computer  Informs you of attempted intrusion 27

28 3/28/ otspots.pdf 28

29 3/28/ Solution for Systems Architecture: Internet Data Center 29

30 3/28/ a process which transforms a message to conceal its information is encrypted text is non-encrypted (original) text 30

31 3/28/ Data Encryption

32 Secure site Secure site is Web site that uses encryption to secure data Information Theft How do Web browsers provide secure data transmission? Digital certificate Digital certificate is notice that guarantees Web site is legitimate Many Web browsers use encryption 32

33 Information Theft What is a certificate authority (CA)?  Authorized person or company that issues and verifies digital certificates  Users apply for digital certificate from CA 33

34 Information Theft What is Secure Sockets Layer (SSL)?  Provides encryption of all data that passes between client and Internet server  Web addresses beginning with “https” indicate secure connections 34

35 3/28/ Periodical Data Backup Bakcup data adalah proses penyalinan data ke media penyimpanan sekunder/tersier (seperti CD-ROM, External hardisk, tape, optical disk, drum disk) yang terpisah dari data master (asli)nya sehingga peluang terjadi kerusakan secara simultan dari seluruh data master dan backupnya semakin kecil

36 Backup Procedures What are the five types of backups? 36

37 Backup Procedures What is a backup procedure?  Regular plan of copying and storing data and program files  Can use combination of full backups and differential or incremental backups 37

38 Backup Procedures What is a disaster recovery plan?  Written plan for restoring computer operations in event of disaster Recovery plan actions to be taken to restore full information processing operations Test plan simulates various levels of disasters and records ability to recover Emergency plan steps to be taken immediately after disaster Backup plan how backup files and equipment would be used to resume information processing 38


40 Information Privacy What is computer forensics? p. 587  Also called digital forensics, network forensics, or cyberforensics  Discovery, collection, and analysis of evidence found on computers and networks  Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn 40

41 3/28/ Establishment of SOP & Training S O P for Data Security

42 3/28/201542

Download ppt "3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system."

Presentasi serupa

Iklan oleh Google