Ancamanan Keamanan Informasi Pada Industri Finansial Universitas Bina Darma Palembang – 20 Juni 2014 Digit Oktavianto digit.

Slides:



Advertisements
Presentasi serupa
INTRO (TO BPOS). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah layanan online Microsoft,
Advertisements

Developing Knowledge Management dalam perusahaan Week 10 – Pert 19 & 20 (Off Class Session)
WE-2010 Web Engineering Husni husni.trunojoyo.ac.id
An ERP for Travel Company
Presented at “Indonesia MS Access Community Gathering 2012” By Haer Talib, Access MVPHaer Talib Auditorium PT Microsoft Indonesia, 19 April 2012.
INTRO TO BPOS ( Coffey’s Project Portal). What is BPOS? Apakah BPOS itu? •BPOS = (Microsoft) Business Productivity Online Suite (Service) •adalah sebuah.
An ERP for Travel Company Strategy Implementasi
Aplikasi Komputer dalam MRK batagem.com. Aplikasi Komputer dalam MK2 Komputer dan Konstruksi? Normative cost per unit value Construction Automobiles.
Mata Kuliah : ALGORITMA dan STRUKTUR DATA 1.
PEMOGRAMAN BERBASIS JARINGAN
QUESTION- RESPONSE QUESTION- RESPONSE. Adaptif Hal.: 2 Isi dengan Judul Halaman Terkait Judul Halaman Pada bagian question-response, pertanyaan-pertanyaan.
Teknologi Informasi. Materi 1.History of Computer 2.History of Telecommunication + Mobile 3.Operating System + Software & Story of Sillicon Valley 4.Video:
Introduction to Lego Mindstrom Education EV3
SOCIAL MEDIA Widianto Nugroho, S.Sn. |
MELAKUKAN INSTALASI SISTEM OPERASI WINDOWS XP
PERUBAHAN VS PERBAIKAN Center for Continuous Improvement, Today is better than yesterday, tomorrow is better than today
Perancangan Web dan Internet. Introduction ? •What is a web site ? •What Is Internet ?
INTERNET & E-COMMERCE Internet Marketing & eMarketing
Hadi Syahrial (Health IT Security Forum)
Copyright © 2007 – Badan Meteorologi dan Geofisika.
Program Keahlian I – SI By Antonius Rachmat C, S.Kom
Materi Analisa Perancangan System.
Administrasi Basis Data
IT SEBAGAI ALAT UNTUK MENCIPTAKAN KEUNGGULAN KOMPETISI
Arsitektur Teknologi Informasi
1.1 VISUAL STUDIO 2008 / VISUAL BASIC.NET By Wan hendra M
Slide 3-1 Elmasri and Navathe, Fundamentals of Database Systems, Fourth Edition Revised by IB & SAM, Fasilkom UI, 2005 Exercises Apa saja komponen utama.
Teknologi Open Source (pertemuan 3) Open Source vs Free Software oleh Razief Perucha F.A D3-Manajemen Informatika Jurusan Matematika – FMIPA Universitas.
Review IS & Software System Concept Diah Priharsari PTIIK – Universitas Brawijaya Source: 1.Obrien & Marakas, Management Information.
Introduction to The Design & Analysis of Algorithms
Principles of Marketing Fifth Canadian Edition Philip Kotler, Gary Armstrong, Peggy H. Cunningham.
Teaching Plan Business & Management MM Unsoed 2013.
IT , Jaringan,Internet,E-commerce
PROSES PADA WINDOWS Pratikum SO. Introduksi Proses 1.Program yang sedang dalam keadaan dieksekusi. 2.Unit kerja terkecil yang secara individu memiliki.
PELUANG KARIR BAGI LULUSAN ILMU KOMPUTER DI DUNIA KERJA
WORKSHOP ANDROID “Jago Pemrograman dalam 6 Jam” ImagineIT Education Center.
Restricting and Sorting Data
Pengantar/pengenalan (Introduction)
Could not load an object because it is not avaliable on this machine. Tidak dapat memuat sebuah benda karena tidak tersedia pada mesin ini.
IT ASSESSMENTS Albert Fleming Lukito Agusdianto Bayu Astha Linda W Patrick Prawira Rinaldo Stepan Sidabutar William.
KULIAH X FIREWALL KOM Keamanan Jaringan 2012/2013 KOM Keamanan Jaringan 2012/2013.
Sistem Teknologi Informasi Perbankan Materi setelah UTS
Implementing an REA Model in a Relational Database
KULIAH I INTRODUCTION TO NETWORK SECURITY Imam Bukhari, S.Kom KOM Keamanan Jaringan 2012/2013 KOM Keamanan Jaringan 2012/2013.
MEMORY Bhakti Yudho Suprapto,MT. berfungsi untuk memuat program dan juga sebagai tempat untuk menampung hasil proses bersifat volatile yang berarti bahwa.
SBS (Sushi Bar System) _Andrian R.H _Dwi F _Naldo S.L.
Manajemen Sistem Informasi
Basisdata Pertanian. After completing this lesson, you should be able to do the following Identify the available group functions Describe the use of group.
1 Magister Teknik Perencanaan Universitas Tarumanagara General View On Graduate Program Urban & Real Estate Development (February 2009) Dr.-Ing. Jo Santoso.
2nd MEETING Assignment 4A “Exploring Grids” Assignment 4 B “Redesign Grids” Create several alternatives grid sysytem using the provided elements: (min.
BENTUK ING VERB + ING. Bentuk ING juga biasa disebut dengan ING form Meskipun pembentukannya sangat se- derhana tetapi penggunaannya mem- punyai aturan.
Slide 1 QUIS Langkah pertama caranya Buat di slide pertama judul Slide kedua soal Slide ketiga waktu habis Slide keempat jawaban yang benar Slide kelima.
Features Full Duplex Operation (Independent Serial Receive and Transmit Registers) Asynchronous or Synchronous Operation Master or Slave Clocked Synchronous.
Selamat Datang Peserta Workshop
We are in search of passionate and driven individual to become one of the few Management Associates who will be developed to become bright leaders in the.
Definisi VLAN Pemisahan jaringan secara logis yang dilakukan pada switch Pada tradisional switch, dalam satu switch menunjukkan satu segmentasi LAN.
Pemrograman Sistem Basis Data Chapter II Database Sistem (Lanjutan)
3.1 © 2007 by Prentice Hall OVERVIEW Information Systems, Organizations, and Strategy.
SMPN 2 DEMAK GRADE 7 SEMESTER 2
1. 2 Work is defined to be the product of the magnitude of the displacement times the component of the force parallel to the displacement W = F ║ d F.
Via Octaria Malau Transfer (Internal Transfers) Transfer (Transfers Internal) Select the account from which funds are to be transferred FROM and then select.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Pengalamatan Jaringan – IPv4 Dosen Pengampu: Resi Utami Putri, S.Kom.,
Mengapa Strategi Gagal Diterapkan?
Menu Standard Competence Based Competence.
Retrosintetik dan Strategi Sintesis
AUSTRALIA INDONESIA PARTNERSHIP FOR EMERGING INFECTIOUS DISEASES PELATIHAN EXCEL DASAR.
Slide 1 Chapter 1: Introduction to Systems Analysis and Design Alan Dennis, Barbara Wixom, and David Tegarden John Wiley & Sons, Inc.
How do I Add or Remove a delegate to my Gmail account? Google launched delegation service 9 years ago for Gmail that allows you to give permission to access.
Dendiadi Rahadi Ramlan Tuti Feryanti Vivi Meilaendri English For Communication Anggita, S.Pd, M.Pd.
Rank Your Ideas The next step is to rank and compare your three high- potential ideas. Rank each one on the three qualities of feasibility, persuasion,
Transcript presentasi:

Ancamanan Keamanan Informasi Pada Industri Finansial Universitas Bina Darma Palembang – 20 Juni 2014 Digit Oktavianto digit dot oktavianto at gmail dot com

 IT Security Enthusiast (Opreker)  Member of Indonesian Honeynet Chapter  Member OWASP Indonesian Chapter  Linux Activist (KPLI Jakarta)  IT Security Consultant

Who?  Commercial Banking Service  Investment Service  Foreign Exchange Service  Insurance  Leasing Service  Stock Exchange

Worldwide Issue :  Phishing  Malware Banking (PC, Mobile)  ATM Hacking  ATM Skimming  Attack on Infrastructure (Server, Application)  Attack on third party service (Merchant, Payment Gateway)

Local Issue :  Phishing  ATM Skimming  Malware Banking (Recent Issue)  Insider Threat (Disgruntle Employee)

 Account Takeover › Phishing › Malware  End Point Infrastructure Attack › ATM Skimming › ATM Hacking  Third Party Payment Process Breach › EDC Vendor › Payment Gateway › Disgruntle Employee  Mobile Banking Exploitation › Fake Mobile Apps › Malware in Mobile Device  Attack in Infrastructure Server › Attacking Ibanking Server › DDoS

 Who is attacking you and why?

 Phishing › Selalu bermula dari › Biasanya memberitahukan adanya perubahan sistem, atau perbaikan, dan meminta mengklik link yg di sertakan pada › Biasanya juga menyertakan attachment › Link referal pada body atau attachment biasanya merupakan fake URL Bank ybs, namun ketika di klik tampilannya persis sama dengan Bank ybs

 How it Works?

How it works?  Capture your data from your card  Capture your PIN Information

 How it works? › Operating System Vulnerability › Malware › Insider Threat

What are they doing?  Keylogging  Form data capture  Screen captures and video recording  Injection of fraudulent form fields  Injection of fraudulent websites  Redirecting of banking websites  Man-in-the-middle technique (Man In The Browser)

How it works?  You are infected by Exploit Kit  Exploit Kit bring Botnet / Banking Trojan to your computer  Banking Trojan monitor everything you do on the Internet, including your online banking and credit card transactions  Banking Trojan records everything you type in, including userIDs, passwords, bank-account numbers, credit-card and PIN numbers and sends them back to the cyber- criminal’s computer where the information is stored in a sophisticated database  Banking Trojan steal your one time password from hardware token, two factor authentication SMS.

Skenario : 1. Anda login ke halaman Website Ibanking. MITB Malware bisa mendeteksi apa saja jenis Bank yang anda gunakan (case study targeted customer di Indonesia) 2. Ketika browser memproses Ibanking website anda, Trojan akan melakukan intercept, dan menyisipkan javascript ke browser anda (Man In The Browser) dan meng-intercept username + password anda

Skenario Transaksi :  Prosedur transaksi menggunakan layanan internet banking pada sebagian besar bank menggunakan Hardware Token 1. Customer A ingin melakukan transfer ke Customer B. 2. Cust A memasukkan nomor rekening tujuan, dan jumlah transaksi 3. Pada proses dimana Bank meminta Cust A memasukkan challenge key yang diberikan pada website, maka Cust A akan memasukkan challenge key tsb pada token hardware. Output response dari token hardware tsb di masukkan pada kolom PIN transaksi.

 Pada proses tahap ke-3 tadi malware akan melakukan intercept data pada browser. Dimana seharusnya challenge key yang dikeluarkan 4 digit terakhir adalah 4 digit terkahir rekening penerima, namun karena nomor rekening tujuan sudah di rubah, yang awalnya ke B, maka di rubah tujuannya ke si C. Rekening C ini merupakan rekening the bad guy.  Customer harus aware dimana ada challenge code yang diberikan bada website Ibanking, 4 digit terakhir harus sama dengan 4 digit terakhir rekening si penerima yang seharusnya  4 digit pertama merupakan angka random, jadi yang harus diperhatikan adalah 4 digit terakhir pada challenge code yang diberikan

For End User / Customer :  Keep your operating system and application fully patched  Make sure your anti-virus definitions, which the software uses to detect new strains of malware, is always up to date.  Use Web content filters that block ads. Many anti-virus suites now incorporate this feature.  The most important : Information Security Awareness

For Financial Industry :  Protect end point infrastructure › Update / patch OS and application in ATM Machine › Add new technology to prevent ATM Skimming › Enhance physical security protection  Create policy to strengthen security feature in Internet Banking transaction  Implement fraud management to detect anomaly behavior from customer transaction  Assess / Audit third party partner to make sure there is no “hole” in their infrastructure

For Financial Industry :  Perform Audit and Assessment to the infrastructure and application  Enhance security perimeter to detect and prevent the “bad guy”  Perform Security Monitoring Threat to the infrastructure  Educate User / Customer about information security awareness

Q & A