Data Security 4/8/2017
Computer Security Risks What is a computer security risk? Event or action that causes loss of or damage to computer system
4/8/2017
Jenis Kerawanan Data (Types of Data Vulnerability) Penyalinan data (data copying) Pengaksesan data terlarang (aunauthorized access) Penyalahan guna data (abuse) 4/8/2017
Serangan Keamanan Pasif Snooping: berusaha mencuri informasi berharga dari suatu dokumen Eavesdropping: mendengarkan sebuah percakapan orang lain untuk mencuri informasi Eavesdropping Snooping 4/8/2017 5
Serangan Keamanan (lanjutan …) Aktif Interception: menghentikan informasi dan mengambilnya untuk mendapatkan informasi berharga, selanjutnya diteruskan kembali (bisa jadi telah diubah) Denial of Service (DoS): melumpuhkan target (hang, crash) sehingga sistem tidak dapat memberikan layanan Repudiation: memberikan informasi palsu kepada target atau bertindak sebagai orang lain untuk mendapatkan informasi yang diinginkan pelaku. 4/8/2017
Praktek Pencurian PIN di Indonesia Kasus Bank BCA Typosquatting membuat domain “plesetan” Nama domain Asli: http://www.klikbca.com Beli kombinasi domain klikbca.com Harga Rp. 100rb @ nama domain .COM www.clickbca.com www.bcaclick.com www.kilkbca.com www.bcakilk.com www.cilckbca.com www.bcacilck.com dsb Akibatnya: Pelaku mendapatkan: kode akses (pin), nomor rekening, Password dari puluhan bahkan ratusan nasabah 4/8/2017
Pencurian PIN via Kamera Mikro Pencurian PIN dengan Kamera Wireless Sumber: [Budi Rahardjo, 2005] 4/8/2017 8
Legal for employers to use monitoring software programs Information Privacy What is information privacy? Right of individuals and companies to deny or restrict collection and use of information about them Difficult to maintain today because data is stored online Employee monitoring is using computers to observe employee computer use Legal for employers to use monitoring software programs
Information Privacy What are spyware, adware, and spam? Spyware is program placed on computer without user’s knowledge Adware is a program that displays online advertisements Spam is unsolicited e-mail message sent to many recipients
Information Privacy How can you control spam? E-mail filtering Service that blocks e-mail messages from designated sources Collects spam in central location that you can view any time Anti-spam program Attempts to remove spam Sometimes removes valid e-mail messages
Information Privacy What is phishing? Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information
SCOPE OF SECURITY Electronically safe (computer and network systems) Physically safe (rooms, channels, spaces, environment) Procedurally safe (policies, laws, merit systems ) 4/8/2017
Scope of Electronic Security 4/8/2017
Scope of Pysical Security 4/8/2017
Scope of Procedural Security 4/8/2017
Methods of Data Security Access Right Assignment Authentication Virus prevention, detection & removal Network Protection & Security Data Encryption Periodical Data Backup Recovery System Monitoring System Establishment of SOP & Training nobody knows you’re dog 4/8/2017
Access Right Assignment Domain User Domain Operasi Domain Obyek Siapa? Dapat melakukan apa? Terhadap obyek apa? 4/8/2017
Example of Access Right Assignment 4/8/2017
Methods of Data Security: Authentication To ensure the identity, legality and authorithy of a user/ agroup of users to enter and utilize a system that store data. In general, authentication uses the combination of protected login ID and password The use of bio-password (biometrics) are highly recommended nowadays. 4/8/2017
Unauthorized Access and Use How can you make your password more secure? Longer passwords provide greater security
Unauthorized Access and Use What is a biometric device? Authenticates person’s identity using personal characteristic Fingerprint, hand geometry, voice, signature, and iris 22
4/8/2017 23
4/8/2017 24
Internet and Network Attacks How can a virus spread through an e-mail message? Step 1. Unscrupulous programmers create a virus program that deletes all files. They hide the virus in a picture and attach the picture to an e-mail message. Step 2. They use the Internet to send the e-mail message to thousands of users around the world. Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message - instead they delete the e-mail message. These users’ computers are not infected with the virus. Step 3a. Some users open the attachment and their computers become infected with the virus.
Internet and Network Attacks What is a firewall? Security system consisting of hardware and/or software that prevents unauthorized intrusion
Internet and Network Attacks What is a personal firewall? Program that protects personal computer and its data from unauthorized intrusions Monitors transmissions to and from computer Informs you of attempted intrusion
http://img.cmpnet.com/nc/815/graphics/hotspots.pdf 4/8/2017 28
Solution for Systems Architecture: Internet Data Center 4/8/2017 29
a process which transforms a message to conceal its information is non-encrypted (original) text is encrypted text 4/8/2017 30
Data Encryption 4/8/2017
Digital certificate is notice that guarantees Web site is legitimate Information Theft How do Web browsers provide secure data transmission? Many Web browsers use encryption Secure site is Web site that uses encryption to secure data Digital certificate is notice that guarantees Web site is legitimate
Information Theft What is a certificate authority (CA)? Authorized person or company that issues and verifies digital certificates Users apply for digital certificate from CA
Information Theft What is Secure Sockets Layer (SSL)? Provides encryption of all data that passes between client and Internet server Web addresses beginning with “https” indicate secure connections
Periodical Data Backup Bakcup data adalah proses penyalinan data ke media penyimpanan sekunder/tersier (seperti CD-ROM, External hardisk, tape, optical disk, drum disk) yang terpisah dari data master (asli)nya sehingga peluang terjadi kerusakan secara simultan dari seluruh data master dan backupnya semakin kecil 4/8/2017
Backup Procedures What are the five types of backups?
Backup Procedures What is a backup procedure? Regular plan of copying and storing data and program files Can use combination of full backups and differential or incremental backups
Emergency plan steps to be taken immediately after disaster Backup Procedures What is a disaster recovery plan? Written plan for restoring computer operations in event of disaster Emergency plan steps to be taken immediately after disaster Backup plan how backup files and equipment would be used to resume information processing Recovery plan actions to be taken to restore full information processing operations Test plan simulates various levels of disasters and records ability to recover
MONITORING SYSTEM 4/8/2017 39
Information Privacy What is computer forensics? Also called digital forensics, network forensics, or cyberforensics Discovery, collection, and analysis of evidence found on computers and networks Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn p. 587
Establishment of SOP & Training S O P for Data Security 4/8/2017
Thank You 4/8/2017