Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Electronic Engineering Polytechnic Institut of Surabaya – ITS Kampus ITS Sukolilo Surabaya 60111 Portsentry.

Presentasi serupa


Presentasi berjudul: "Electronic Engineering Polytechnic Institut of Surabaya – ITS Kampus ITS Sukolilo Surabaya 60111 Portsentry."— Transcript presentasi:

1 Electronic Engineering Polytechnic Institut of Surabaya – ITS Kampus ITS Sukolilo Surabaya 60111 Portsentry

2 Pendahuluan ► Port scan adalah proses scanning berbagai aplikasi servis yang dijalankan di server Internet. Port scan adalah langkah paling awal sebelum sebuah serangan di lakukan.

3 PortSentry http://www.psionic.com/products/ portsentry.html. http://www.psionic.com/products/ portsentry.html http://www.psionic.com/products/ portsentry.html

4 Apa itu Port Sentry ► Port : Pelabuhan ► Sentry : Penjaga ► PortSentry adalah sebuah perangkat lunak yang di rancang untuk mendeteksi adanya port scanning & meresponds secara aktif jika ada port scanning secara real time

5 Platform Port Sentry ► FreeBSD ► Open BSD ► Linux

6 Keuntungan Port Sentry

7 Kekurangan Port Sentry ► Portsentry bind to port, therefore countermeasure is necessary ► Cannot detect spoofing

8 Dimana Port Sentry Diletakkan ► Dibelakang Firewall ► Dibelakang tiap host yang dilindungi

9 Fiture PortSentry ► Mendeteksi scan ► Melakukan aksi terhadap host yg melakukan pelanggaran ► Mengemail admin system bila di integrasikan dengan Logcheck/LogSentry

10 Jenis-Jenis Scan ► Connect scans - ► SYN Scans -. ► FIN Scans - ► NULL Scans - ► XMAS Scans -. ► FULL-XMAS Scan - ► UDP Scan

11 Aksi yang dilakukan Port Sentry ► Stealth setting ???? ► Melogging pelanggaran akses di /var/log/messages ► Menambahkan entry untuk penyerang di /etc/hosts.deny ► Menambahkan non-permanent route dari penyerang ke "black-hole" ► Mengeblok akses ke sistem

12 File Konfigurasi PortSentry ► file /etc/portsentry/portsentry.conf ► file /etc/portsentry.modes ► file /etc/portsentry/portsentry.ignore

13 Menjalankan portsentry ► /usr/sbin/portsentry ► /etc/rc.d/init.d/portsentry start ► portsentry -udp ► portsentry -tcp ► portsentry -audp ► portsentry -sudp ► portsentry -atcp ► portsentry -stcp

14 Konfigurasi Port Sentry ► Un-comment these if you are really anal: #TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,13 9,143,512,513,514,515,540,635,1080,1524,2000,2001,[..] #UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,5 13,517,518,635,640,641,666,700,2049,31335,27444,34555,[..] ► # # Use these if you just want to be aware: TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,20 00,5742,6667,12345,12346,20034,27665,31337,32771,32772,[..] UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444, 34555,31335,32770,32771,32772,32773,32774,31337,54321 “ ► # # Use these for just bare-bones #TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,200 0,12345,12346,20034,32771,32772,32773,32774,49724,5432 0" #UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,3 2772,32773,32774,31337,54321"

15 ► KILL_ROUTE="/usr/local/sbin/iptables -I INPUT -s $TARGET$ -j DROP“ ► KILL_HOSTS_DENY="ALL: $TARGET$ # Portsentry blocked"

16 Daftar Log Serangan ► /etc/hosts.deny – ► /etc/portsentry/portsentry.blocked.atcp – ► /etc/portsentry/portsentry.blocked.audp – ► /etc/portsentry/portsentry.history –.

17 Output PortSentry ► Sep 19 01:50:19 striker portsentry[129]: attackalert: \ Host 192.168.0.1 has been blocked via dropped route using command: \ "/sbin/ipfw add 1 deny all from 192.168.0.1:255.255.255.255 to any" ► Sep 19 01:50:19 striker portsentry[129]: attackalert: \ Connect from host: 192.168.0.1/192.168.0.1 to TCP port: 9 Sep 19 01:50:19 striker portsentry[129]: attackalert: \ Host: 192.168.0.1 is already blocked. Ignoring

18 Tool – Tools lain ► scanlogd - Attack detection. scanlogd ► InterSect Alliance - Intrusiuon analysis. Identifies malicious or unauthorized access attempts. InterSect Alliance InterSect Alliance ► snort - Instead of monitoring a single server with portsentry, snort monitors the network, performing real-time traffic analysis and packet logging on IP networks for the detection of an attack or probe. snort


Download ppt "Electronic Engineering Polytechnic Institut of Surabaya – ITS Kampus ITS Sukolilo Surabaya 60111 Portsentry."

Presentasi serupa


Iklan oleh Google