Kuliah Pengaman Jaringan

Presentasi berjudul: "Kuliah Pengaman Jaringan"— Transcript presentasi:

1 Kuliah Pengaman Jaringan
Pertemuan #14 Firewall Kuliah Pengaman Jaringan

2 Elemen Dari Keamanan Jaringan
INTEGRITY Condition existing when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. AVAILABILITY Timely, reliable access to data and information services for authorized users. Integrity Availability INFORMATION NON-REPUDIATION Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of origin, so neither can later deny having processed the data. Non-repudiation Authentication AUTHENTICATION Security measure designed to establish the validity of a transmission, message, user, or system or a means of verifying an individual's authorization to receive specific categories of information. Confidentiality CONFIDENTIALITY Assurance that information is not disclosed to unauthorized persons, processes, or devices.

3 Firewalls Internet Rule Base on Firewall
Allow internal employees to access the Internet Hacker attempting LAN access No access from Internet to internal server Internet Firewall Internal Network Firewall – pintu keamanan elektronik yang mengecek data traffic dan menolak (yang melanggar aturan) data dari dua sisi Firewall melindungi jaringan dan data dari hackers Firewall disusun berdasarkan satu rule-base yang mengatur bentuk pesan yang diijinkan untuk keluar-masuk jaringan.

4 Firewalls Bekerja pada Network Layer dan atasnya Internet Firewall
Private Network Physical Data Link Transport Session Presentation Application Firewall

5 DeMilitarized Zones (DMZ)
Rule Base on the Firewall Allow SMTP from LAN Hacker denied server access Reject SMTP from Internet Firewall Employee Connecting to Company Authenticate from Internet Internet Allow SMTP from Internet Internal Network Authentication Server DMZ Server DeMilitarized Zone (DMZ) – adalah firewall yang bekerja pada sub-network that mengijinkan akses terbatas pada server dan jaringan Mampu melindungi server internal dan membatasi akses dari internet kedalam jaringan internal dan server.

6 The DMZ (Screened Subnet)
Internet Screening Router Bastion Host DMZ Inside Network External Network The DMZ Inside Public Information Web Server FTP Server Private Databases Propriatary Info

7 Firewall Rule Base Contoh dari Check Point FireWall-1 Rule Base dengan menggunakan encryption

8 Gambaran Content Security: URL Screening
Web Surfer Corporate Network Denied Hello! ISP ISP Internet ISP ISP ISP ISP

9 Gambaran Content Security
Recipient Corporate Network ISP ISP Internet ISP ISP Anti-Virus Server & Server ISP ISP Sender

10 Intrusion Detection Teknologi yang memonitor jaringan dan menyediakan feedback tentang status dari pertahanan, mengenali attacks dan miuse dan merespon dengan rekonfigurasi dan countermeasures.

11 Gambaran Intrusion Detection
Corporate Network Attack! Alert Intrusion Detection Server Intrusion Detection Server Intrusion Detection Server Block Hacker IP Address ISP ISP Internet ISP ISP Web Server Pool ISP ISP Hacker

12 Content Filters Dapat berada pada host atau network Based
Melakukan scanning pada isi dari traffic yang berasal dari dalam jaringan data atau yang akan memasuki jaringan atau host. Virus protection untuk mendeteksi virus dan Trojans, sebelum mereka memasuki jaringan internal. Malicious code protection untuk mendeteksi script Visual Basic, Java dan Active X sebelum mencapai browser dan dieksekusi filtering untuk mengontrol spam, berkas attachment yang terlalu besar atau bocornya rahasia perusahaan. Web filtering untuk menghalangi akses ke URL yang sepantasnya Web bandwidth management memonitor Internet Traffic dan melacak surfing/download patterns.

13 Security In Depth through Perimeters of Defense
Outer Perimeter Packet Filter Network IDS 2nd Perimeter Stateful Filter 3rd Perimeter Content Filter 4th Perimeter VLAN/VPN Final Defense Host Based IDS Host Firewall OS Hardening Security In Depth through Perimeters of Defense

14 10 Kesalahan yang sering dilakukan
Connecting systems to the Internet before hardening them. Connecting test systems to the Internet with default accounts/passwords Failing to update systems when security holes are found. Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.

15 10 Worst Security Mistakes IT Professional Make (cont)
Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated. Failing to maintain and test backups. Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices Implementing firewalls with rules that don't stop malicious or dangerous traffic-incoming or outgoing.

16 10 Worst Security Mistakes IT Professional Make (cont)
Failing to implement or update virus detection software Failing to educate users on what to look for and what to do when they see a potential security problem. And a bonus, number 11: Allowing untrained, uncertified people to take responsibility for securing important systems.