Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system.

Presentasi serupa

Presentasi berjudul: "3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system."— Transcript presentasi:

1 3/28/20151 Data Security

2 Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system 2

3 3/28/20153

4 4 Penyalinan data (data copying) Pengaksesan data terlarang (aunauthorized access) Penyalahan guna data (abuse) Jenis Kerawanan Data ( Types of Data Vulnerability )

5 3/28/20155 Serangan Keamanan Pasif –Snooping: berusaha mencuri informasi berharga dari suatu dokumen –Eavesdropping: mendengarkan sebuah percakapan orang lain untuk mencuri informasi Snooping Eavesdropping 5

6 3/28/20156 Serangan Keamanan (lanjutan …) Aktif –Interception: menghentikan informasi dan mengambilnya untuk mendapatkan informasi berharga, selanjutnya diteruskan kembali (bisa jadi telah diubah) –Denial of Service (DoS): melumpuhkan target (hang, crash) sehingga sistem tidak dapat memberikan layanan –Repudiation: memberikan informasi palsu kepada target atau bertindak sebagai orang lain untuk mendapatkan informasi yang diinginkan pelaku.

7 3/28/20157 Praktek Pencurian PIN di Indonesia Kasus Bank BCA –Typosquatting  membuat domain “plesetan” –Nama domain Asli: –Beli kombinasi domain –Harga Rp. 100rb @ nama domain.COM dsb Pelaku mendapatkan: kode akses (pin), nomor rekening, Password dari puluhan bahkan ratusan nasabah Akibatnya:

8 3/28/20158 Pencurian PIN via Kamera Mikro Pencurian PIN dengan Kamera Wireless Sumber: [Budi Rahardjo, 2005] 8

9 Information Privacy What is information privacy? Legal for employers to use monitoring software programs Difficult to maintain today because data is stored online Employee monitoring is using computers to observe employee computer use Right of individuals and companies to deny or restrict collection and use of information about them 9

10 Information Privacy What are spyware, adware, and spam?  Spyware is program placed on computer without user’s knowledge  Adware is a program that displays online advertisements  Spam is unsolicited e-mail message sent to many recipients 10

11 Information Privacy How can you control spam? Collects spam in central location that you can view any time Service that blocks e-mail messages from designated sources E-mail filtering Sometimes removes valid e-mail messages Attempts to remove spam Anti-spam program 11

12 Information Privacy What is phishing? Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information 12

13 3/28/201513 SCOPE OF SECURITY Electronically safe ( computer and network systems ) Physically safe ( rooms, channels, spaces, environment ) Procedurally safe ( policies, laws, merit systems )

14 3/28/201514 Scope of Electronic Security

15 3/28/201515 Scope of Pysical Security

16 3/28/201516 Scope of Procedural Security

17 3/28/201517 Methods of Data Security Access Right Assignment Authentication Virus prevention, detection & removal Network Protection & Security Data Encryption Periodical Data Backup Recovery System Monitoring System Establishment of SOP & Training nobody knows you’re dog

18 3/28/201518 Access Right Assignment Domain User Domain Operasi Domain Obyek Siapa? Dapat melakukan apa? Terhadap obyek apa?

19 3/28/201519 Example of Access Right Assignment

20 3/28/201520 Methods of Data Security: Authentication To ensure the identity, legality and authorithy of a user/ agroup of users to enter and utilize a system that store data. In general, authentication uses the combination of protected login ID and password The use of bio-password (biometrics) are highly recommended nowadays.

21 Unauthorized Access and Use How can you make your password more secure?  Longer passwords provide greater security

22 Unauthorized Access and Use What is a biometric device?  Authenticates person’s identity using personal characteristic  Fingerprint, hand geometry, voice, signature, and iris 22

23 3/28/201523

24 3/28/201524

25 Internet and Network Attacks How can a virus spread through an e-mail message? Step 1. Unscrupulous programmers create a virus program that deletes all files. They hide the virus in a picture and attach the picture to an e-mail message. Step 2. They use the Internet to send the e-mail message to thousands of users around the world. Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message - instead they delete the e-mail message. These users’ computers are not infected with the virus. Step 3a. Some users open the attachment and their computers become infected with the virus. 25

26 Internet and Network Attacks What is a firewall?  Security system consisting of hardware and/or software that prevents unauthorized intrusion 26

27 Internet and Network Attacks What is a personal firewall?  Program that protects personal computer and its data from unauthorized intrusions  Monitors transmissions to and from computer  Informs you of attempted intrusion 27

28 3/28/201528 otspots.pdf 28

29 3/28/201529 Solution for Systems Architecture: Internet Data Center 29

30 3/28/201530 a process which transforms a message to conceal its information is encrypted text is non-encrypted (original) text 30

31 3/28/201531 Data Encryption

32 Secure site Secure site is Web site that uses encryption to secure data Information Theft How do Web browsers provide secure data transmission? Digital certificate Digital certificate is notice that guarantees Web site is legitimate Many Web browsers use encryption 32

33 Information Theft What is a certificate authority (CA)?  Authorized person or company that issues and verifies digital certificates  Users apply for digital certificate from CA 33

34 Information Theft What is Secure Sockets Layer (SSL)?  Provides encryption of all data that passes between client and Internet server  Web addresses beginning with “https” indicate secure connections 34

35 3/28/201535 Periodical Data Backup Bakcup data adalah proses penyalinan data ke media penyimpanan sekunder/tersier (seperti CD-ROM, External hardisk, tape, optical disk, drum disk) yang terpisah dari data master (asli)nya sehingga peluang terjadi kerusakan secara simultan dari seluruh data master dan backupnya semakin kecil

36 Backup Procedures What are the five types of backups? 36

37 Backup Procedures What is a backup procedure?  Regular plan of copying and storing data and program files  Can use combination of full backups and differential or incremental backups 37

38 Backup Procedures What is a disaster recovery plan?  Written plan for restoring computer operations in event of disaster Recovery plan actions to be taken to restore full information processing operations Test plan simulates various levels of disasters and records ability to recover Emergency plan steps to be taken immediately after disaster Backup plan how backup files and equipment would be used to resume information processing 38

39 3/28/201539 MONITORING SYSTEM 39

40 Information Privacy What is computer forensics? p. 587  Also called digital forensics, network forensics, or cyberforensics  Discovery, collection, and analysis of evidence found on computers and networks  Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn 40

41 3/28/201541 Establishment of SOP & Training S O P for Data Security

42 3/28/201542

Download ppt "3/28/20151 Data Security. Computer Security Risks What is a computer security risk?  Event or action that causes loss of or damage to computer system."

Presentasi serupa

Iklan oleh Google