INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I

Slides:

Advertisements

Presentasi serupa

INTRO (TO BPOS). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah layanan online Microsoft,

Advertisements

Developing Knowledge Management dalam perusahaan Week 10 – Pert 19 & 20 (Off Class Session)

INTRO TO BPOS ( Coffey’s Project Portal). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All.

PEMOGRAMAN BERBASIS JARINGAN

QUESTION- RESPONSE QUESTION- RESPONSE. Adaptif Hal.: 2 Isi dengan Judul Halaman Terkait Judul Halaman Pada bagian question-response, pertanyaan-pertanyaan.

SOCIAL MEDIA Widianto Nugroho, S.Sn. |

PERUBAHAN VS PERBAIKAN Center for Continuous Improvement, Today is better than yesterday, tomorrow is better than today

Perancangan Web dan Internet. Introduction ? •What is a web site ? •What Is Internet ?

INTERNET & E-COMMERCE Internet Marketing & eMarketing

Hadi Syahrial (Health IT Security Forum)

Materi Analisa Perancangan System.

Administrasi Basis Data

IT SEBAGAI ALAT UNTUK MENCIPTAKAN KEUNGGULAN KOMPETISI

Chapter Nine The Conditional.

Antivirus Tools Backup Tools Multimedia Tools Network Tools Password Tools.

Slide 3-1 Elmasri and Navathe, Fundamentals of Database Systems, Fourth Edition Revised by IB & SAM, Fasilkom UI, 2005 Exercises Apa saja komponen utama.

Teknologi Open Source (pertemuan 3) Open Source vs Free Software oleh Razief Perucha F.A D3-Manajemen Informatika Jurusan Matematika – FMIPA Universitas.

Taken From William Stallings Chapter 2 TCP/IP Models.

Review IS & Software System Concept Diah Priharsari PTIIK – Universitas Brawijaya Source: 1.Obrien & Marakas, Management Information.

Introduction to The Design & Analysis of Algorithms

IF-ITB/SAS/25Aug2003 IF7074 – Bagian Pertama Page 1 IF 7047 Kewirausahaan Teknologi Informasi Bagian Pertama: 1.1. Entrepreneurship, entrepreneur, dan.

IT , Jaringan,Internet,E-commerce

PROSES PADA WINDOWS Pratikum SO. Introduksi Proses 1.Program yang sedang dalam keadaan dieksekusi. 2.Unit kerja terkecil yang secara individu memiliki.

M. Suwarso Kegiatan Lembaga Standarisasi Internasional Dalam Hal Telepon Internet Telepon Internet.

KIMIA ORGANIK II ELFI SUSANTI VH.

Review Operasi Matriks

Pengantar/pengenalan (Introduction)

Could not load an object because it is not avaliable on this machine. Tidak dapat memuat sebuah benda karena tidak tersedia pada mesin ini.

Risk Management.

KULIAH X FIREWALL KOM Keamanan Jaringan 2012/2013 KOM Keamanan Jaringan 2012/2013.

Ruang Lingkup Bisnis Dr. Mohammad Abdul Mukhyi. SE., MM

Implementing an REA Model in a Relational Database

KULIAH I INTRODUCTION TO NETWORK SECURITY Imam Bukhari, S.Kom KOM Keamanan Jaringan 2012/2013 KOM Keamanan Jaringan 2012/2013.

MEMORY Bhakti Yudho Suprapto,MT. berfungsi untuk memuat program dan juga sebagai tempat untuk menampung hasil proses bersifat volatile yang berarti bahwa.

Ancamanan Keamanan Informasi Pada Industri Finansial Universitas Bina Darma Palembang – 20 Juni 2014 Digit Oktavianto digit.

Slide 1 QUIS Langkah pertama caranya Buat di slide pertama judul Slide kedua soal Slide ketiga waktu habis Slide keempat jawaban yang benar Slide kelima.

Roundtable discussion on citizen engagement for good governance in East Indonesia diskusi keterlibatan penduduk untuk tata pemerintahan yang baik di Indonesia.

LOGO Manajemen Data Berdasarkan Komputer dengan Sistem Database.

Definisi VLAN Pemisahan jaringan secara logis yang dilakukan pada switch Pada tradisional switch, dalam satu switch menunjukkan satu segmentasi LAN.

MODELS OF PR SYIFA SA. Grunig's Four models of Public Relations Model Name Type of Communica tion Model Characteristics Press agentry/ publicity model.

Metodologi Penelitian dalam Bidang Informatika

PEMERINTAH KOTA PONTIANAK DINAS PENDIDIKAN PEMERINTAH KOTA PONTIANAK DINAS PENDIDIKAN Jl. Letjen. Sutoyo Pontianak, Telp. (0561) , Website:

Pemrograman Sistem Basis Data Chapter II Database Sistem (Lanjutan)

Diagnose device problems that connected to the Wide Area Network Identify problems Through the Symptoms that arise HOME.

Contentment Philippians 4: Contentment What does it mean to be content? What does it mean to be content? Are you a content person? Are you a content.

SMPN 2 DEMAK GRADE 7 SEMESTER 2

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Fungsi dan Protokol Layer Aplikasi Network Fundamentals – Chapter 3.

THE EFFICIENT MARKETS HYPOTHESIS AND CAPITAL ASSET PRICING MODEL

1. 2 Work is defined to be the product of the magnitude of the displacement times the component of the force parallel to the displacement W = F ║ d F.

MAINTENANCE AND REPAIR OF RADIO RECEIVER Competency : Repairing of Radio Receiver.

© 2009 Fakultas Teknologi Informasi Universitas Budi Luhur Jl. Ciledug Raya Petukangan Utara Jakarta Selatan Website:

Via Octaria Malau Transfer (Internal Transfers) Transfer (Transfers Internal) Select the account from which funds are to be transferred FROM and then select.

TCP, THREE-WAY HANDSHAKE, WINDOW

Web Teknologi I (MKB511C) Minggu 12 Page 1 MINGGU 12 Web Teknologi I (MKB511C) Pokok Bahasan: – Text processing perl-compatible regular expression/PCRE.

Lecture 2 Introduction to C# - Object Oriented Sandy Ardianto & Erick Pranata © Sekolah Tinggi Teknik Surabaya 1.

The following short quiz consists of 4 questions and tells whether you are qualified to be a "professional". The questions are not that difficult, so.

AJAX (Asynchronous Javascript And XML)

How to Set Up AT&T on MS Outlook ATT is a multinational company headquartered in Texas. ATT services are used by many people widely across.

How Can I Be A Driver of The Month as I Am Working for Uber?

HughesNet was founded in 1971 and it is headquartered in Germantown, Maryland. It is a provider of satellite-based communications services. Hughesnet.

Do you want to check your Zoho mail incoming or outgoing logs and unable to check, go through with this article and access Zoho mail incoming or outgoing.

 Zoho Mail offers easy options to migrate data from G Suite or Gmail accounts. All s, contacts, and calendar or other important data can be imported.

If you are an user, then you know how spam affects your account. In this article, we tell you how you can control spam’s in your ZOHO.

How do I Add or Remove a delegate to my Gmail account? Google launched delegation service 9 years ago for Gmail that allows you to give permission to access.

In this article, you can learn about how to synchronize AOL Mail with third-party applications like Gmail, Outlook, and Window Live Mail, Thunderbird.

What is Kerberos? Network Security.

ForumPass Familiarization

Content Marketing Template

Transcript presentasi:

INTERNET & E-COMMERCE SECURITY S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta Lecturer : Bambang Warsuta, S.Kom, M.T.I

Profile Potential Cyber User in Indonesia Sumber : Kompas, Triennal Review, Comscore Pengguna Twitter di Indonesia sebesar 9.9 juta (per 2011) merupakan pengguna terbesar keempat di dunia setelah Belanda, Jepang, & Brasil Penduduk Indonesia merupakan penduduk terbesar keempat di dunia (250 juta) setelah China, India dan USA Pengguna Facebook di Indonesia sebesar 35 juta per 2011 merupakan pengguna terbesar kedua di dunia setelah AS (152 juta)

Threats  Unauthorized Access = Akses oleh pihak yg tidak berhak  Mobile Device Attack = Serangan keamanan pada perangkat handphone, tablet computer  System Compromise = Kelemahan internal dari sistem/ bolong keamanan aplikasi  Cyber Espionage = Mata-mata sistem informasi  Social Engineering = Pencurian data penting melalui jejaring sosial  SPAM = yg tidak diperlukan  Malware = Virus program  Insider = Kegiatan orang dalam  Denial of Service = Kegagalan sistem akibat kesengajaan  Data Leakage = Kebocoran data  Phishing = Pencurian informasi melalui  Identity Theft = Pencurian informasi identitas seseorang  Web Deface = sistem eksploitasi dengan tujuan mengganti tampilan halaman muka suatu situs.

Sumber : id-CERT (Cyber Emergency Response Team) 4 Besar Threat Abuse

Laporan Abuse dari ID-CERT  Posisi keempat tertinggi adalah MALWARE.Posisi ini turun dibandingkan tahun sebelumnya kecuali pada bulan April.  Bila dibandingkan dengan bulan Desember 2010, jumlah laporan juga turun (Posisi pada bulan Des 2010 adalah: laporan)  Sedangkan bila dibandingkan dengan bulan yang sama ditahun 2010, maka tren yang terjadi adalahterjadi kemiripan dibanding periode yang sama tahun lalu.  Berdasarkan data Messagelabs, malware secara global memiliki kecenderungan menurun.

Malware  Malware = Malicious Software (perangkat lunak jahat) Kawin silang antara virus, worm, trojan horse, backdoor, keylogger, screen logger, dll  Fungsi-fungsi yang digunakan  Packer (is a program that has been packed/protected with a protection system typically designed by malware authors to bypass anti-virus protection and to hide malware contents.)  Polymorphic (memilik banyak bentuk)  Trojan, Worm, spyware.  Enkripsi  Exploit (fungsi menyerang kelemahan komputer)  Instant Messenger (chatting)  Mematikan Anti Virus yang terpasang  dll

Laporan Abuse dari ID-CERT (1)  Posisi ketiga tertinggi pada tahun ini adalah dengan kategori LAIN-LAIN. Dimana yang masuk dalam kategori ini adalah semuanya terkait dengan pelanggaran HaKI (Hak Atas Kekayaan Intelektual) baik itu untuk Piranti Lunak maupun Film.

Laporan Abuse dari ID-CERT (2)  SPAM, Dari total laporan yang masuk, SPAM menduduki peringkat kedua dari total laporan yang diterima diawal tahun 2011 ini, namun pada bulan Maret hingga Juni terdapat kecenderungan menurun.

Laporan Abuse dari ID-CERT (3)  Insiden jaringan (Network Incident) yang mencakup: DoS Attack, Open Relay, Open Proxy, Hacking, Port Scanning, Port Probe (HTTP/HTTPS, FTP, TELNET, TCP, SSH Brute, CGI, RPC, Netbios, VNC Portscan), TCP Sweep dan SQL Injection pada tahun ini menduduki peringkat pertama dalam riset Abuse kali ini. Hal ini merupakan rekor tertinggi semenjak awal tahun ini.

Secure eCommerce environment  A secure e-commerce environment requires:  Access control, usually managed by a firewall, which regulates the data flow  Authentication, which binds the identity of an individual to a specific message or transaction  Data privacy and integrity, which ensures that communications and transactions remain confidential, accurate and have not been modified.

First line Defense  This is the first line of defense for any website. Some methods for accomplishing this are:  Firewalls. PORT  User account security. User Credential, Password, Access Rules  Software security. Antivirus, AntiMalware, AntiSpam, etc.  Additional protection for sensitive data. Secure password management, Data Encryption, etc.

Successful people ask better questions, and as a result, they get better answers. Tony Robbins Silakan Bertanya???

COMMON WEBSITE SECURITY MEASURES (1)  Routers  Be sure that your router is appropriately configured.  A router is designed to route packets efficiently and reliably, but not securely, thus although it is a layer in your security package, a router should not be used alone as a method for implementing a security policy.  One of the most common types of security attack is what is called a “denial-of-service” attack, i.e. an attacker or attackers use various means to prevent legitimate website users from accessing a site.

Denial Of Services

FIREWALLS

COMMON WEBSITE SECURITY MEASURES (2)  Firewalls  A firewall is a device that controls the flow of communication between internal networks and external networks, such as the Internet.  It controls “port-level” access to a network and a website. A “port” is like a doorway into a server.  Here are some examples of firewall configurations you might want to implement. Close off the possibility of unnecessary or unauthorized traffic accessing your servers. Configure the firewall so that only wanted traffic gets through. Encrypt most or all traffic between servers. Limit the points of access.

COMMON WEBSITE SECURITY MEASURES (3)  Disable Nonessential Services  Some of the services you should disable on your website’s servers include, but are not limited to: Mail (SMTP). Finger  Network Protocol Netstat, systat. Chargen, echo.  Character generator Protocol FTP. Telnet. Berkeley UNIX”r” commands such as rlogin,rsh, rdist etc. SNMP.  Simple Network Management Protocol

COMMON WEBSITE SECURITY MEASURES (4)  User Account Security  A common method hackers use to gain access to a web server is to steal an authorized user’s account.  Restricting a user’s access to only the needed resources limits the amount of damage hackers can do to your website. Authentication and authorization are the two best general ways to restrict access. Authentication. This verifies that you are who you claim to be. Authorization. This defines what a user is allowed to do.

COMMON WEBSITE SECURITY MEASURES (5)  Data Confidentiality  Confidentiality ensures that only authorized people can view data transferred in networks or stored in databases.  Protecting sensitive data like credit card numbers, inventory, etc. is a difficult problem for web-based businesses

COMMON WEBSITE SECURITY MEASURES (6)  Monitoring Your Website  Finally, monitor your website’s usage and take a proactive stance on security holes. To ensure a high level of security, you should: Monitor for break-ins. Institute a user account change report or install a sophisticated network monitoring system. Monitor your logs after an attack, they can tell you how the attack occurred and might even provide a clue as to the identity of the attacker. Run a security analysis program that can take a snapshot of your site and then analyze for potential weaknesses in your site. Perform security audits with outside auditors to check for potential security holes that you might have missed. Back up your website on a scheduled basis so that, if needed, you can recover damaged data and programs.

Silakan bertanya???

The only source of knowledge is experience. Albert Einstein Thank You… Have a nice weekend…