2. Tren Keamanan 2012
• Menurut riset Trend Micro—vendor keamanan asal Taiwan—akan ada banyak hal
menarik yang menjadi perhatian para pekerja keamanan TI di tahun 2012 nanti.
• Tren smartphone, tablet dan ultrabook, serta cloud di tahun 2011 diprediksi akan tetap
menjadi fokus utama keamanan data di 2012. Sistem dan teknologi yang ada akan
semakin canggih, tapi penjahat cyber pun tak kalah canggih. Berikut ini prediksi
keamanan yang dilakukan oleh Raimund Ganes (CTO Trend Micro):
1. Bersiap untuk era BYOD
– Meskipun masih banyak perusahaan yang merasa tidak nyaman dengan “konsumerisasi TI”,
keamanan dan insiden pelanggaran data di 2012 akan memaksa perusahaan untuk
menghadapi era Bring-Your-Own-Device (BYOD). Era BYOD tidak bisa dihindarkan
seiring dengan berkembangnya peranti mulai dari ultrabook hingga tablet, hingga data yang
disimpan tak bisa lagi sepenuhnya dikontrol oleh admistrator TI. Kemungkinan hilangnya
data melalui penggunaan peranti pribadi ini pun akan meningkat.
2. Amankan data center
– Tantangan nyata yang akan dihadapi pemilik data center di tahun depan adalah semakin
kompleksnya keamanan untuk sistem virtual, fisik dan cloud. Serangan ditargetkan pada
mesin virtual dan layanan pada komputasi cloud. Platform virtual dan cloud tetap ada celah
untuk diserang. Hal ini tentunya akan menjadi beban bagi tenaga IT untuk mengamankan
data mereka, selama mereka mengadopsi teknologi ini. Mengamankan server virtualisasi
adalah hal utama, dimana kejahatan pencurian data bisa terjadi melalui sistem yang rentan.
3. Tren Keamanan
3. Serangan di smartphone dan tablet
– Pertumbuhan pesat dari smartphone, melalui Android, dan hadirnya tablet, diperkirakan
juga tak luput dari serangan di 2012. Dengan angka pertumbuhan dari contoh-contoh
malware yang baru saat ini, Trend Micro memprediksi akan melihat lebih dari 100 ribu
trojan jahat yang muncul di Android hingga Desember 2012 apabila angka pertumbuhan
tersebut terus melaju.
4. Celah di aplikasi mobile
– Munculnya banyak pasar aplikasi di beberapa sistem operasi smartphone, membuat
penjahat cyber bisa memanfaatkan jalur ini. Saat ini, penjahat menggunakannya sebagai
aplikasi malicious. Bisa jadi karena developer mengalami salah pengkodean sehingga
celah ini dimanfaatkan penjahat. Atau, si penjahat sengaja membuat aplikasi yang setelah
diunduh dan diinstal merugikan pengguna.
5. Botnet masih ada
– Meskipun botnet akan menjadi lebih kecil skalanya, tapi mereka akan tumbuh dalam
jumlah yang lebih banyak. Botnet, alat kejatahan cyber tradisional, akan berkembang
sebagai respon terhadap tindakan yang diambil oleh industri keamanan. Botnet menjadi
lebih kecil, tapi akan lebih mudah dikelola sebagai media penyebaran malware ke
komputer visitor, pencurian password (scam), mass-email ke ratusan ribu alamat (spam),
mencuri data website anda (theft), penipuan pay-per-click (abuse) dan membuat IP server
anda di-blacklist oleh berbagai layanan.
4. Tren Keamanan
6. Serangan yang tidak biasa
– Target serangan hackers akan ditujukan pada target yang tidak biasa, seperti pada
produsen sistem kontrol industri, dan peralatan medis untuk mengambil data intelijen dan
aset dari beberapa perusahaan. Threat seperti STUXNET atau Duqu, yang sempat
menyusup ke dalam reaktor nuklir Iran, akan kembali muncul dengan target serangan
yang tidak diduga.
7. Kejahatan cyber makin kreatif
– Penjahat dunia maya kedepannya akan menemukan cara yang lebih kreatif bukan saja
dalam hal melakukan pencurian data, tapi juga untuk bersembunyi dari penegakan
hukum.
8. Awas serangan dari kelompok Hacker
– Tahun 2011 ini ditandai dengan kehadiran kelompok hacker Anonymous dan Lulzsec,
yang berhasil mengacak dan menghancurkan data dunia maya. Sony Playstation Network
sempat merasakan serangan mereka. Biarpun sebagian kelompok ini telah ditangkap,
mereka yang masih bebas tetap melancarkan kampanye serangan terhadap institusi
tertentu. Contoh lain : LulzSec, Antisec
9. Informasi pribadi tak lagi rahasia
– Tahun depan seiring dengan banyaknya pengguna social media dari anak-anak muda, kini
data-data yang dulu bersifat rahasia seperti alamat email, alamat rumah, dan nomor
telepon pribadi pun, kini bisa dengan mudah diumumkan melalui akun social media
mereka. Dan ini tentunya, tanpa mereka sadari akan menjadi prospek ideal bagi kejahatan
cyber.
5. Tren Keamanan
10. Serangan social engineering ditargetkan ke UKM
– 2012 diperkirakan teknik social engineering untuk mendapatkan data-data
pribadi semakin beragam, dan menyusup juga sektor UKM. Dimana sektor ini
pun terkadang luput dari pengawasan, tentunya dengan memanfaatkan
kelemahan manusia, bukan alat dan sistemnya.
11. Alat cybercime makin canggih
– Kini alat untuk melakukan cybercrime akan semakin canggih, termasuk dari
aktor intelektual dan penyandang dana dari serangan. Kegiatan dari Advanced
persistent threat (APT) agents: Sebuah organisasi dengan pemasok dana yang
bertujuan untuk mencuri kekayaan intektual perusahaan atau bahasa awamnya
data-data perusahaan akan bertambah.
12. Lonjakan malware
– Kehilangan data yang disebabkan karena infeksi malware akan meningkat
tahun depan. Pada 2011 ini saja per Januari hingga Juli 2011 saja kenaikan
malware Android dibanding 2010 adalah 1410%, serta tiap detiknya terbentuk
3,5 threat baru.
http://www.infokomputer.com/fitur/41-sekuriti/4711-12-ramalan-keamanan-ti-di-tahun-2012
6. Ancaman terhadap Mobile Tech
• Jumlah ancaman keamanan Android
meningkat sebanyak tiga kali lipat di
kuartal kedua tahun ini.
• Pada kuartal pertama 2012, Kaspersky
Lab mencatat kemunculan 5,441
malware baru yang menyasar platform
mobile open source tersebut. Kuartal
berikutnya, angka tersebut naik tajam
menjadi 14,923 malware baru.
• Malware Android yang ditemukan
Kaspersky di perempat tahun kedua
2012 ini terdiri dari :
– Trojan SMS yang dipakai untuk mencuri
uang dari pengguna. Caranya adalah
dengan mengirim SMS bertarif premium
tanpa sepengetahuan si empunya
perangkat. (25 persen)
– Jenis backdoor yang memungkinkan
penciptanya mengontrol perangkat
Android korban. (18 persen )
– Jenis Trojan Spy, yang paling berbahaya
karena bisa memberi akses ke rekening
bank korban.
http://tekno.kompas.com/read/2012/08/21/11480130/Android.Kini.Tiga.Kali.Lebih.Berbahaya
7. Ancaman celah keamanan dan
bagaimana cara meminimalisir
Contoh Celah keamanan internet yang mengincar user :
• Kegiatan transaksi banking yang dilakukan di public area (public wifi, warnet,) tentu
saja sangat rentan Celah yang dimanfaatkan untuk mendapatkan akun banking anda :
Ancaman seperti Man In The Middle Attack, DNS Spoofing, Session
Hijacking, dll bisa dengan cepat membajak akun anda
• Contoh kasus lainnya yg marak adalah phishing. Phishing ini di di ambil dari kata
fishing yang artinya memancing. Tujuan phishing ini ada mencoba menjebak user
untuk melakukan tindakan tertentu, dan tentunya pada akhirnya akan merugikan user
tersebut
– Misalnya anda menerima email yang mengatasnamakan tim IT Security bank tertentu, dan
meminta anda mengupdate password, dan dia memberikan link
– Biasanya anda terkecoh dan percaya krn pd email sender tsb jelas pengirimnya (cth
administrator@bni.co.id)
– Padahal sebenarnya pengirim email phishing tsb mengirim dgn fake email address, coba
anda klik detail email tsb (Opsi Show original pd Gmail)
– Hal tersebut dilakukan untuk melihat apakah benar sender nya dari user yg legitimate?
– Biasanya pada email tersebut di sertakan link URL, attachmenet html, atau file2 seperti
document, anda harus waspada sebelum membukanya!
– Jangan pernah percaya pada URL Shortener! Check terlebih dahulu link tsb, misalnya
menggunakan layanan ini - http://mcaf.ee/
– Jika link URL yang di berikan pada email phishing tadi mencurigakan, cek kembali, misalnya
URL nya apakah benar URL yg original?
8. Ancaman celah keamanan dan
bagaimana cara meminimalisir
• Pastikan anda selalu menggunakan https jika menggunakan account penting spt
banking, socmed, email, Cari plugin browser yg mengharuskan membuka web2
tersebut menggunakan https, seperti https everywhere
• Walaupun tidak menjamin keamanan secara penuh jika menggunakan https,
setidaknya ini mencegah anda agar tidak terjadi eavesdropping
• Celah keamanan yang lain yg sedang marak adalah malware pada smartphone.
Aplikasi fake yang disusupi malware banyak menjangkiti android,dan tren malware di
android ini sedang sangat marak misalnya banyak fake antivirus yang beredera di
googleplay, ketika user mendownloadnya, alih-alih untuk mengamankan smartphone,
apps tersebut malah merugikan kita, Mengirimkan data sensitif mengenai informasi
kita misalnya, atau ada juga yg tiba2 mengirimkan SMS premium yg men-charge
pulsa kita, atau muncul pop-up yg annoying. Untuk menghindari hal tersebut, jangan
mendownload aplikasi di luar dari market application (Googleplay, BB App World,
APpstore). Walaupun tidak menjamin juga jika download dari market store akan lebih
aman Cari review terlebih dahulu mengenai aplikasi yg anda ingin download, cari
kontak support,alamat website nya, dan siapa author nya. Jangan mendownload
aplikasi bajakan, karena kita tidak tahu apakah aplikasi tersebut sudah di backdoor,
mengandung trojan, spyware,dll
9. Ancaman celah keamanan dan
bagaimana cara meminimalisir
• Celah keamanan lain yang juga marak di socmed adalah clickjacking. Ada yang
tahu apa itu clickjacking? Clickjacking secara sederhana di artikan sebagai salah
satu malicious tehcnic yang memanfaatkan user yang biasanya sembarang main klik.
Pernah lihat wall temen kamu di facebook tiba2 spread video2 berbau porn? atau
misalnya pernah liat temen2 kamu tiba2 ngirim Spam DM di twitter? Atau contoh
lainnya tiba2 kamu dpt email dr tmn kmu yg isinya link2 ga jelas gitu?
• Nah, itu contoh dari clickjacking. Klo ad tmn yg spreading hal2 ky gt,jgn asal klik :D,
krn kmu jg bs kena kayak dia, tanpa disadari kmu akan nyebarin link2 tsb
http://digitoktavianto.web.id/kultwit-tren-ancaman-dan-celah-keamanan-di-internet.html
10. Simulasi Software Keamanan
Komputer
Background
• OMNeT++ is a discrete event simulation environment. Its primary application area is the
simulation of communication networks, but because of its generic and flexible architecture, is
successfully used in other areas like the simulation of complex IT systems, queueing networks or
hardware architectures as well.
• OMNeT++ provides a component architecture for models. Components (modules) are
programmed in C++, then assembled into larger components and models using a high-level
language (NED). Reusability of models comes for free. OMNeT++ has extensive GUI support,
and due to its modular architecture, the simulation kernel (and models) can be embedded easily
into your applications.
• Although OMNeT++ is not a network simulator itself, it is currently gaining widespread popularity
as a network simulation platform in the scientific community as well as in industrial settings, and
building up a large user community.
Components
• simulation kernel library
• compiler for the NED topology description language
• OMNeT++ IDE based on the Eclipse platform
• GUI for simulation execution, links into simulation executable (Tkenv)
• command-line user interface for simulation execution (Cmdenv)
• utilities (makefile creation tool, etc.)
• documentation, sample simulations, etc.
11. Simulasi Software Keamanan
Komputer
Platforms
1. OMNeT++ runs on Linux, Mac OS X, other Unix-like systems and on
Windows (XP, Win2K, Vista, 7).
2. The OMNeT++ IDE requires Linux32/64, Mac OS X 10.5 or Windows
XP
12. Simulasi Software Keamanan
Komputer
Background
• NeSSi² is an open source project developed at the
DAI-Labor and sponsored by
Deutsche Telekom Laboratories.
• NeSSi (Network Security Simulator) is a novel network
simulation tool which incorporates a variety of features
relevant to network security distinguishing it from
general-purpose network simulators. Its capabilities such
as profile-based automated attack generation, traffic
analysis and support for the detection algorithm plugins
allow it to be used for security research and evaluation
purposes.
• NeSSi has been successfully used for testing intrusion
detection algorithms, conducting network security
analysis, and developingoverlay security frameworks.
14. Software Audit Keamanan Komputer
• Secure Windows Auditor™ (SWA) is a windows
security software solution which provides windows
security auditing and assessment software which
empower network administrators & IT security
auditors to conduct in-depth security assessments of
network based windows systems.
• This Windows security software can run from a
centralized location on the network during windows
security assessments. It identifies vulnerabilities and
categorizes them according to their respective risk
levels and provides step by step solutions to
eliminate them; thus simplifying the enormous task
of windows security audit.
This windows security software searches for
vulnerabilities in Account Policies, Password
Policy, Audit Policy, Weak Passwords, Missing
Patches, Misconfigurations, System Vulnerabilities,
Trojans Spyware, Files and Folder Permissions,
Registry Settings, User Rights and System Services.
It then presents them in form of a comprehensive
report and provides solutions, which if properly
implemented will result in securing windows based
systems.
http://www.secure-bytes.com/swa.php
15. Software Audit Keamanan Komputer
Security Tools
Windows Security Tools Windows Password Auditor
Windows Event Log Analyzer Windows Asset Inventory Viewer
Windows Remote Control FTP Brute Force Tester MySQL Brute Force Tester
Windows PCI Compliance Check Windows HIPAA Compliance Check
Oracle Security Tools Oracle SID Tester Oracle Default Password Tester
Oracle TNS Password Tester Oracle Password Auditor
Oracle Access Rights Auditor Oracle Brute Force Tester
Oracle Event Log Analyzer Oracle PCI Compliance Check
Ora HIPAA Compliance Check Oracle Query Browser
SQL Security Tools SQL Default Password Tester SQL Server Password Auditor
SQL Server Access Right Auditor SQL Server Event Log Analyzer
SQL Server Brute Force Tester SQL Server Query Browser
SQL PCI Compliance Check SQL HIPAA Compliance Check
Cisco Security Tools Cisco Configuration Manager
Cisco Type7 Password Decryptor Cisco MD5 Password Auditor
Cisco Firewall Password Auditor IP Calculator Cisco SNMP Brute Force Tester
Cisco VPN Password Auditor Cisco Switch Port Mapper
Cisco Configuration Backup Tool
General Security Tools Traceroute Port Scanner SNMP Browser SNMP Scanner
Whois DNS Auditor Mac Detector DNS Lookup HTTP Brute Force Tester
SSH Brute Force Tester
http://www.secure-bytes.com/swa.php
16. Software Audit Keamanan Komputer
General Security Tools
Traceroute
http://www.secure-bytes.com/swa.php
Port Scanner
is a basic tool required to secure a network
from intrusion. Viruses probe for open
ports on the weak systems of the network
that can compromise entire network
security measures. Continuous monitoring
of open ports will identify all sort of
changes even they are minute in nature.
utility allows tracking the path of a
packet from its origination to
destination address. It allows the
user to trace the track of a
particular transmission on the
network.
17. Software Audit Keamanan Komputer
General Security Tools
SNMP Browser
SNMP Browser discover network
using SNMP MIB, SNMP traps and
community name it also helps in
monitor network devices(router
monitor) using windows SNMP.
http://www.secure-bytes.com/swa.php
SNMP Scanner
Simple Network Management
Protocol (SNMP) is a UDP-
based an application layer
network protocol which was
developed to manage devices
on an IP network. SNMP
scanner uses SNMP MIB and
SNMP traps for monitoring
routers in a network.
18. Software Audit Keamanan Komputer
General Security Tools
Whois
WHOIS is a search tool that
can check domain names,
ICANN and personal contact
information of the registrar
from WHOIS databases.
http://www.secure-bytes.com/swa.php
DNS Auditor
provides facility to resolved domain names and
their respective IP addresses. DNS Auditor is
critical tool because various security weaknesses
are associated with IP Address, Domain Name and
DNS name. It is extremely important to have
accurate DNS information in order to have smooth
IP based communication.
19. Software Audit Keamanan Komputer
General Security Tools
Mac Detector
http://www.secure-bytes.com/swa.php
DNS Lookup
is a tool to detect MAC addresses of
computers over the network from their IP
addresses.MAC address is an important
component for network security, control and
infrastructure management because it is a
unique code identifier of networking
equipment.
DNS Lookup is effective tool to resolve domain names into the
corresponding IP address and to retrieve particular information from
the target domains (for example, MX record, A record etc.). Hackers
use this type of tools for Foot printing a network
20. Software Audit Keamanan Komputer
Security Tools
HTTP Brute Force Tester
http://www.secure-bytes.com/swa.php
SSH Brute Force Tester
is a method of obtaining the user's authentication
credentials of a web based application, such as
the username and password to login to HTTP
and HTTPs sites. Password based tests are a
common methods of breaking into web sites.
is a method of obtaining the user's
authentication credentials of an SSH
connection, such as the username and
password to login. Password based tests are a
common methods of breaking into web sites.
21. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
Tiger
• http://www.tigerscheme.org
• Tiger Scheme is a commercial certification
scheme for technical security specialists,
backed by University standards and covering a
wide range of expertise. The Tiger Scheme was
founded in 2007, on the principle that a
commercial certification scheme run on
independent lines would give buyers of security
testing services confidence that they were hiring
in a recognised and reputable company.
OWASP
• https://www.owasp.org
• The Open Web Application Security Project
(OWASP) is an Open Source community project
developing software tools and knowledge based
documentation that helps people secure web
applications and web services. It is an open
source reference point for system architects,
developers, vendors, consumers and security
professionals involved in designing, developing,
deploying and testing the security of web
applications and Web Services.
http://www.penetration-testing.com/home.html
22. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
PCI
• https://www.pcisecuritystandards.org
• The Payment Card Industry (PCI) Data Security
Requirements were established in December
2004, and apply to all Members, merchants,
and service providers that store, process or
transmit cardholder data. As well as a
requirement to comply with this standard, there
is a requirement to independently prove
verification.
ISACA
• https://www.isaca.org
• ISACA was established in 1967 and has
become a pace-setting global organization for
information governance, control, security and
audit professionals. Its IS Auditing and IS
Control standards are followed by practitioners
worldwide and its research pinpoints
professional issues challenging its constituents.
CISA, the Certified Information Systems Auditor
is ISACA's cornerstone certification. Since
1978, the CISA exam has measured excellence
in the area of IS auditing, control and security
and has grown to be globally recognized and
adopted worldwide as a symbol of achievement.
http://www.penetration-testing.com/home.html
23. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
CHECK
• http://www.cesg.gov.uk
• The CESG IT Health Check scheme was
instigated to ensure that sensitive government
networks and those constituting the GSI
(Government Secure Intranet) and CNI (Critical
National Infrastructure) were secured and
tested to a consistent high level. The
methodology aims to identify known
vulnerabilities in IT systems and networks which
may compromise the confidentiality, integrity or
availability of information held on that IT system.
OSSTMM
• http://www.osstmm.org
• The aim of The Open Source Security Testing
Methodology Manual (OSSTMM) is to set forth
a standard for Internet security testing. It is
intended to form a comprehensive baseline for
testing that, if followed, ensures a thorough and
comprehensive penetration test has been
undertaken. This should enable a client to be
certain of the level of technical assessment
independently of other organisation concerns,
such as the corporate profile of the penetration-
testing provider.
http://www.penetration-testing.com/home.html
24. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
CREST
• http://www.crest-approved.org
• The Council for Registered Ethical
Security Testers (CREST) exists to
serve the needs of a global
information security marketplace
that increasingly requires the
services of a regulated and
professional security testing
capability. It provides globally
recognised, up to date certifications
for organisations and individuals
providing penetration testing
services.
CSA
• https://cloudsecurityalliance.org/
• To promote the use of best
practices for providing security
assurance within Cloud Computing,
and provide education on the uses
of Cloud Computing to help secure
all other forms of computing.
http://www.penetration-testing.com/home.html
25. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
EC Council’s
http://iclass.eccouncil.org/
• Security Awareness
Take an online course in Security Awareness, EC
Council’s Security 5 certification. This course is
great for busy professionals who what to learn
the basics of IT Security, from securing their
home network using best practices, to
establishing fundamental security measures in a
small business where the full time IT Security
staff is not present.
• Security Fundamentals
• EC Council’s Network Security Administrator
(ENSA) is a premier certification for the Network
Security Administrator.
• Ethical Hacking
• Certified Ethical Hacker through iClass is EC
Council’s official CEH Class preparing students
to challenge the Certified Ethical Hacker
Certification Exam 312-50.
• Computer Forensics
• EC Council’s Computer Hacking Forensic
Investigator CHFI is also available online through
iClass. CHFI investigators can draw on an array
of methods for discovering data that resides in a
computer system, or recovering deleted,
encrypted, or damaged file information.
http://www.penetration-testing.com/home.html
• Advanced Penetration Testing
• The EC Council Certified Security Analyst ECSA is the Second
Course following the Certified Ethical Hacker. CEH teaches the
student methods and tools used by hackers while the ECSA
prepares students to conduct security assessments and
complete Vulnerability Assessments & Penetration Tests using
industry leading methods, techniques, and tools.
• Disaster Recovery
• EC Council’s Disaster Recovery Professional Training online
through iClass prepares students for the EDRP certification
exam 312-76. The EDRP course teaches you the methods in
identifying vulnerabilities and takes appropriate
countermeasures to prevent and mitigate failure risks for an
organization.
• Application Security
• EC Council's Secure Coding Professional ECSP is a cutting
edge program delivered online through iClass teaching the
fundamentals of Application Security and Secure Coding
practices.
26. Organisasi Penentu standar dan Sertifikasi
untuk Keamanan data dan Sistem
CWSP Certification
• http://www.globalknowledge.com/tr
aining/certification_listing.asp?
pageid=12&certid=448&country=U
nited+States
• CWSP certification is a
professional-level wireless LAN
certification. Achieving CWSP
certification confirms that you have
the skills to successfully secure
enterprise Wi-Fi networks from
hackers, no matter which brand of
Wi-Fi gear your organization
deploys.
http://www.penetration-testing.com/home.html