SlideShare a Scribd company logo

Mobile Tech Security Threats and Mitigation Strategies

Download as PPT, PDF
A
Ayu Anita

Materi ini berisi tentang sistem keamanan teknologi informasi.

Technology
1 of 26
Trend Keamanan Komputer 2012 Dhian Sweetania
Tren Keamanan 2012 • Menurut riset Trend Micro—vendor keamanan asal Taiwan—akan ada banyak hal menarik yang menjadi perhatian para pekerja keamanan TI di tahun 2012 nanti. • Tren smartphone, tablet dan ultrabook, serta cloud di tahun 2011 diprediksi akan tetap menjadi fokus utama keamanan data di 2012. Sistem dan teknologi yang ada akan semakin canggih, tapi penjahat cyber pun tak kalah canggih. Berikut ini prediksi keamanan yang dilakukan oleh Raimund Ganes (CTO Trend Micro): 1.     Bersiap untuk era BYOD – Meskipun masih banyak perusahaan yang merasa tidak nyaman dengan “konsumerisasi TI”, keamanan dan insiden pelanggaran data di 2012 akan memaksa perusahaan untuk menghadapi era Bring-Your-Own-Device (BYOD). Era BYOD tidak bisa dihindarkan seiring dengan berkembangnya peranti mulai dari ultrabook hingga tablet, hingga data yang disimpan tak bisa lagi sepenuhnya dikontrol oleh admistrator TI. Kemungkinan hilangnya data melalui penggunaan peranti pribadi ini pun akan meningkat. 2.      Amankan data center – Tantangan nyata yang akan dihadapi pemilik data center di tahun depan adalah semakin kompleksnya keamanan untuk sistem virtual, fisik dan cloud. Serangan ditargetkan pada mesin virtual dan layanan pada komputasi cloud. Platform virtual dan cloud tetap ada celah untuk diserang. Hal ini tentunya akan menjadi beban bagi tenaga IT untuk mengamankan data mereka, selama mereka mengadopsi teknologi ini. Mengamankan server virtualisasi adalah hal utama, dimana kejahatan pencurian data bisa terjadi melalui sistem yang rentan.
Tren Keamanan 3.      Serangan di smartphone dan tablet – Pertumbuhan pesat dari smartphone, melalui Android, dan hadirnya tablet, diperkirakan juga tak luput dari serangan di 2012. Dengan angka pertumbuhan dari contoh-contoh malware yang baru saat ini, Trend Micro memprediksi akan melihat lebih dari 100 ribu trojan jahat yang muncul di Android hingga Desember 2012 apabila angka pertumbuhan tersebut terus melaju. 4.      Celah di aplikasi mobile – Munculnya banyak pasar aplikasi di beberapa sistem operasi smartphone, membuat penjahat cyber bisa memanfaatkan jalur ini. Saat ini, penjahat menggunakannya sebagai aplikasi malicious. Bisa jadi karena developer mengalami salah pengkodean sehingga celah ini dimanfaatkan penjahat. Atau, si penjahat sengaja membuat aplikasi yang setelah diunduh dan diinstal merugikan pengguna. 5.     Botnet masih ada – Meskipun botnet akan menjadi lebih kecil skalanya, tapi mereka akan tumbuh dalam jumlah yang lebih banyak. Botnet, alat kejatahan cyber tradisional, akan berkembang sebagai respon terhadap tindakan yang diambil oleh industri keamanan. Botnet menjadi lebih kecil, tapi akan lebih mudah dikelola sebagai media penyebaran malware ke komputer visitor, pencurian password (scam), mass-email ke ratusan ribu alamat (spam), mencuri data website anda (theft), penipuan pay-per-click (abuse) dan membuat IP server anda di-blacklist oleh berbagai layanan.
Tren Keamanan 6.     Serangan yang tidak biasa – Target serangan hackers akan ditujukan pada target yang tidak biasa, seperti pada produsen sistem kontrol industri, dan peralatan medis untuk mengambil data intelijen dan aset dari beberapa perusahaan. Threat seperti STUXNET atau Duqu, yang sempat menyusup ke dalam reaktor nuklir Iran, akan kembali muncul dengan target serangan yang tidak diduga. 7.     Kejahatan cyber makin kreatif – Penjahat dunia maya kedepannya akan menemukan cara yang lebih kreatif bukan saja dalam hal melakukan pencurian data, tapi juga untuk bersembunyi dari penegakan hukum. 8.     Awas serangan dari kelompok Hacker – Tahun 2011 ini ditandai dengan kehadiran kelompok hacker Anonymous dan Lulzsec, yang berhasil mengacak dan menghancurkan data dunia maya. Sony Playstation Network sempat merasakan serangan mereka. Biarpun sebagian kelompok ini telah ditangkap, mereka yang masih bebas tetap melancarkan kampanye serangan terhadap institusi tertentu. Contoh lain : LulzSec, Antisec 9.     Informasi pribadi tak lagi rahasia – Tahun depan seiring dengan banyaknya pengguna social media dari anak-anak muda, kini data-data yang dulu bersifat rahasia seperti alamat email, alamat rumah, dan nomor telepon pribadi pun, kini bisa dengan mudah diumumkan melalui akun social media mereka. Dan ini tentunya, tanpa mereka sadari akan menjadi prospek ideal bagi kejahatan cyber.
Tren Keamanan 10.  Serangan social engineering ditargetkan ke UKM – 2012 diperkirakan teknik social engineering untuk mendapatkan data-data pribadi semakin beragam, dan menyusup juga sektor UKM. Dimana sektor ini pun terkadang luput dari pengawasan, tentunya dengan memanfaatkan kelemahan manusia, bukan alat dan sistemnya. 11.  Alat cybercime makin canggih – Kini alat untuk melakukan cybercrime akan semakin canggih, termasuk dari aktor intelektual dan penyandang dana dari serangan. Kegiatan dari Advanced persistent threat (APT) agents: Sebuah organisasi dengan pemasok dana yang bertujuan untuk mencuri kekayaan intektual perusahaan atau bahasa awamnya data-data perusahaan akan bertambah. 12.  Lonjakan malware – Kehilangan data yang disebabkan karena infeksi malware akan meningkat tahun depan. Pada 2011 ini saja per Januari hingga Juli 2011 saja kenaikan malware Android dibanding 2010 adalah 1410%, serta tiap detiknya terbentuk 3,5 threat baru. http://www.infokomputer.com/fitur/41-sekuriti/4711-12-ramalan-keamanan-ti-di-tahun-2012
Ancaman terhadap Mobile Tech • Jumlah ancaman keamanan Android meningkat sebanyak tiga kali lipat di kuartal kedua tahun ini. • Pada kuartal pertama 2012, Kaspersky Lab mencatat kemunculan 5,441 malware baru yang menyasar platform mobile open source tersebut. Kuartal berikutnya, angka tersebut naik tajam menjadi 14,923 malware baru. • Malware Android yang ditemukan Kaspersky di perempat tahun kedua 2012 ini terdiri dari : – Trojan SMS yang dipakai untuk mencuri uang dari pengguna. Caranya adalah dengan mengirim SMS bertarif premium tanpa sepengetahuan si empunya perangkat. (25 persen) – Jenis backdoor yang memungkinkan penciptanya mengontrol perangkat Android korban. (18 persen ) – Jenis Trojan Spy, yang paling berbahaya karena bisa memberi akses ke rekening bank korban. http://tekno.kompas.com/read/2012/08/21/11480130/Android.Kini.Tiga.Kali.Lebih.Berbahaya
Ancaman celah keamanan dan bagaimana cara meminimalisir Contoh Celah keamanan internet yang mengincar user : • Kegiatan transaksi banking yang dilakukan di public area (public wifi, warnet,) tentu saja sangat rentan Celah yang dimanfaatkan untuk mendapatkan akun banking anda : Ancaman seperti Man In The Middle Attack, DNS Spoofing, Session Hijacking, dll bisa dengan cepat membajak akun anda • Contoh kasus lainnya yg marak adalah phishing. Phishing ini di di ambil dari kata fishing yang artinya memancing. Tujuan phishing ini ada mencoba menjebak user untuk melakukan tindakan tertentu, dan tentunya pada akhirnya akan merugikan user tersebut – Misalnya anda menerima email yang mengatasnamakan tim IT Security bank tertentu, dan meminta anda mengupdate password, dan dia memberikan link – Biasanya anda terkecoh dan percaya krn pd email sender tsb jelas pengirimnya (cth administrator@bni.co.id) – Padahal sebenarnya pengirim email phishing tsb mengirim dgn fake email address, coba anda klik detail email tsb (Opsi Show original pd Gmail) – Hal tersebut dilakukan untuk melihat apakah benar sender nya dari user yg legitimate? – Biasanya pada email tersebut di sertakan link URL, attachmenet html, atau file2 seperti document, anda harus waspada sebelum membukanya! – Jangan pernah percaya pada URL Shortener! Check terlebih dahulu link tsb, misalnya menggunakan layanan ini - http://mcaf.ee/ – Jika link URL yang di berikan pada email phishing tadi mencurigakan, cek kembali, misalnya URL nya apakah benar URL yg original?
Ancaman celah keamanan dan bagaimana cara meminimalisir • Pastikan anda selalu menggunakan https jika menggunakan account penting spt banking, socmed, email, Cari plugin browser yg mengharuskan membuka web2 tersebut menggunakan https, seperti https everywhere • Walaupun tidak menjamin keamanan secara penuh jika menggunakan https, setidaknya ini mencegah anda agar tidak terjadi eavesdropping • Celah keamanan yang lain yg sedang marak adalah malware pada smartphone. Aplikasi fake yang disusupi malware banyak menjangkiti android,dan tren malware di android ini sedang sangat marak misalnya banyak fake antivirus yang beredera di googleplay, ketika user mendownloadnya, alih-alih untuk mengamankan smartphone, apps tersebut malah merugikan kita, Mengirimkan data sensitif mengenai informasi kita misalnya, atau ada juga yg tiba2 mengirimkan SMS premium yg men-charge pulsa kita, atau muncul pop-up yg annoying. Untuk menghindari hal tersebut, jangan mendownload aplikasi di luar dari market application (Googleplay, BB App World, APpstore). Walaupun tidak menjamin juga jika download dari market store akan lebih aman Cari review terlebih dahulu mengenai aplikasi yg anda ingin download, cari kontak support,alamat website nya, dan siapa author nya. Jangan mendownload aplikasi bajakan, karena kita tidak tahu apakah aplikasi tersebut sudah di backdoor, mengandung trojan, spyware,dll
Ancaman celah keamanan dan bagaimana cara meminimalisir • Celah keamanan lain yang juga marak di socmed adalah clickjacking. Ada yang tahu apa itu clickjacking? Clickjacking secara sederhana di artikan sebagai salah satu malicious tehcnic yang memanfaatkan user yang biasanya sembarang main klik. Pernah lihat wall temen kamu di facebook tiba2 spread video2 berbau porn? atau misalnya pernah liat temen2 kamu tiba2 ngirim Spam DM di twitter? Atau contoh lainnya tiba2 kamu dpt email dr tmn kmu yg isinya link2 ga jelas gitu? • Nah, itu contoh dari clickjacking. Klo ad tmn yg spreading hal2 ky gt,jgn asal klik :D, krn kmu jg bs kena kayak dia, tanpa disadari kmu akan nyebarin link2 tsb http://digitoktavianto.web.id/kultwit-tren-ancaman-dan-celah-keamanan-di-internet.html
Simulasi Software Keamanan Komputer Background • OMNeT++ is a discrete event simulation environment. Its primary application area is the simulation of communication networks, but because of its generic and flexible architecture, is successfully used in other areas like the simulation of complex IT systems, queueing networks or hardware architectures as well. • OMNeT++ provides a component architecture for models. Components (modules) are programmed in C++, then assembled into larger components and models using a high-level language (NED). Reusability of models comes for free. OMNeT++ has extensive GUI support, and due to its modular architecture, the simulation kernel (and models) can be embedded easily into your applications. • Although OMNeT++ is not a network simulator itself, it is currently gaining widespread popularity as a network simulation platform in the scientific community as well as in industrial settings, and building up a large user community. Components • simulation kernel library • compiler for the NED topology description language • OMNeT++ IDE based on the Eclipse platform • GUI for simulation execution, links into simulation executable (Tkenv) • command-line user interface for simulation execution (Cmdenv) • utilities (makefile creation tool, etc.) • documentation, sample simulations, etc.
Simulasi Software Keamanan Komputer Platforms 1. OMNeT++ runs on Linux, Mac OS X, other Unix-like systems and on Windows (XP, Win2K, Vista, 7). 2. The OMNeT++ IDE requires Linux32/64, Mac OS X 10.5 or Windows XP
Simulasi Software Keamanan Komputer Background • NeSSi² is an open source project developed at the DAI-Labor and sponsored by Deutsche Telekom Laboratories. • NeSSi (Network Security Simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for the detection algorithm plugins allow it to be used for security research and evaluation purposes. • NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis, and developingoverlay security frameworks.
Simulasi Software Keamanan Komputer
Software Audit Keamanan Komputer • Secure Windows Auditor™ (SWA) is a windows security software solution which provides windows security auditing and assessment software which empower network administrators & IT security auditors to conduct in-depth security assessments of network based windows systems. • This Windows security software can run from a centralized location on the network during windows security assessments. It identifies vulnerabilities and categorizes them according to their respective risk levels and provides step by step solutions to eliminate them; thus simplifying the enormous task of windows security audit. This windows security software searches for vulnerabilities in Account Policies, Password Policy, Audit Policy, Weak Passwords, Missing Patches, Misconfigurations, System Vulnerabilities, Trojans Spyware, Files and Folder Permissions, Registry Settings, User Rights and System Services. It then presents them in form of a comprehensive report and provides solutions, which if properly implemented will result in securing windows based systems. http://www.secure-bytes.com/swa.php
Software Audit Keamanan Komputer Security Tools Windows Security Tools Windows Password Auditor Windows Event Log Analyzer Windows Asset Inventory Viewer Windows Remote Control FTP Brute Force Tester MySQL Brute Force Tester Windows PCI Compliance Check Windows HIPAA Compliance Check Oracle Security Tools Oracle SID Tester Oracle Default Password Tester Oracle TNS Password Tester Oracle Password Auditor Oracle Access Rights Auditor Oracle Brute Force Tester Oracle Event Log Analyzer Oracle PCI Compliance Check Ora HIPAA Compliance Check Oracle Query Browser SQL Security Tools SQL Default Password Tester SQL Server Password Auditor SQL Server Access Right Auditor SQL Server Event Log Analyzer SQL Server Brute Force Tester SQL Server Query Browser SQL PCI Compliance Check SQL HIPAA Compliance Check Cisco Security Tools Cisco Configuration Manager Cisco Type7 Password Decryptor Cisco MD5 Password Auditor Cisco Firewall Password Auditor IP Calculator Cisco SNMP Brute Force Tester Cisco VPN Password Auditor Cisco Switch Port Mapper Cisco Configuration Backup Tool General Security Tools Traceroute Port Scanner SNMP Browser SNMP Scanner Whois DNS Auditor Mac Detector DNS Lookup HTTP Brute Force Tester SSH Brute Force Tester http://www.secure-bytes.com/swa.php
Software Audit Keamanan Komputer General Security Tools Traceroute http://www.secure-bytes.com/swa.php Port Scanner is a basic tool required to secure a network from intrusion. Viruses probe for open ports on the weak systems of the network that can compromise entire network security measures. Continuous monitoring of open ports will identify all sort of changes even they are minute in nature. utility allows tracking the path of a packet from its origination to destination address. It allows the user to trace the track of a particular transmission on the network.
Software Audit Keamanan Komputer General Security Tools SNMP Browser SNMP Browser discover network using SNMP MIB, SNMP traps and community name it also helps in monitor network devices(router monitor) using windows SNMP. http://www.secure-bytes.com/swa.php SNMP Scanner Simple Network Management Protocol (SNMP) is a UDP- based an application layer network protocol which was developed to manage devices on an IP network. SNMP scanner uses SNMP MIB and SNMP traps for monitoring routers in a network.
Software Audit Keamanan Komputer General Security Tools Whois WHOIS is a search tool that can check domain names, ICANN and personal contact information of the registrar from WHOIS databases. http://www.secure-bytes.com/swa.php DNS Auditor provides facility to resolved domain names and their respective IP addresses. DNS Auditor is critical tool because various security weaknesses are associated with IP Address, Domain Name and DNS name. It is extremely important to have accurate DNS information in order to have smooth IP based communication.
Software Audit Keamanan Komputer General Security Tools Mac Detector http://www.secure-bytes.com/swa.php DNS Lookup is a tool to detect MAC addresses of computers over the network from their IP addresses.MAC address is an important component for network security, control and infrastructure management because it is a unique code identifier of networking equipment. DNS Lookup is effective tool to resolve domain names into the corresponding IP address and to retrieve particular information from the target domains (for example, MX record, A record etc.). Hackers use this type of tools for Foot printing a network
Software Audit Keamanan Komputer Security Tools HTTP Brute Force Tester http://www.secure-bytes.com/swa.php SSH Brute Force Tester is a method of obtaining the user's authentication credentials of a web based application, such as the username and password to login to HTTP and HTTPs sites. Password based tests are a common methods of breaking into web sites. is a method of obtaining the user's authentication credentials of an SSH connection, such as the username and password to login. Password based tests are a common methods of breaking into web sites.
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem Tiger • http://www.tigerscheme.org • Tiger Scheme is a commercial certification scheme for technical security specialists, backed by University standards and covering a wide range of expertise. The Tiger Scheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company. OWASP • https://www.owasp.org • The Open Web Application Security Project (OWASP) is an Open Source community project developing software tools and knowledge based documentation that helps people secure web applications and web services. It is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in designing, developing, deploying and testing the security of web applications and Web Services. http://www.penetration-testing.com/home.html
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem PCI • https://www.pcisecuritystandards.org • The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification. ISACA • https://www.isaca.org • ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement. http://www.penetration-testing.com/home.html
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CHECK • http://www.cesg.gov.uk • The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. OSSTMM • http://www.osstmm.org • The aim of The Open Source Security Testing Methodology Manual (OSSTMM) is to set forth a standard for Internet security testing. It is intended to form a comprehensive baseline for testing that, if followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment independently of other organisation concerns, such as the corporate profile of the penetration- testing provider. http://www.penetration-testing.com/home.html
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CREST • http://www.crest-approved.org • The Council for Registered Ethical Security Testers (CREST) exists to serve the needs of a global information security marketplace that increasingly requires the services of a regulated and professional security testing capability. It provides globally recognised, up to date certifications for organisations and individuals providing penetration testing services. CSA • https://cloudsecurityalliance.org/ • To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. http://www.penetration-testing.com/home.html
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem EC Council’s http://iclass.eccouncil.org/ • Security Awareness Take an online course in Security Awareness, EC Council’s Security 5 certification. This course is great for busy professionals who what to learn the basics of IT Security, from securing their home network using best practices, to establishing fundamental security measures in a small business where the full time IT Security staff is not present. • Security Fundamentals • EC Council’s Network Security Administrator (ENSA) is a premier certification for the Network Security Administrator. • Ethical Hacking • Certified Ethical Hacker through iClass is EC Council’s official CEH Class preparing students to challenge the Certified Ethical Hacker Certification Exam 312-50. • Computer Forensics • EC Council’s Computer Hacking Forensic Investigator CHFI is also available online through iClass. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. http://www.penetration-testing.com/home.html • Advanced Penetration Testing • The EC Council Certified Security Analyst ECSA is the Second Course following the Certified Ethical Hacker. CEH teaches the student methods and tools used by hackers while the ECSA prepares students to conduct security assessments and complete Vulnerability Assessments & Penetration Tests using industry leading methods, techniques, and tools. • Disaster Recovery • EC Council’s Disaster Recovery Professional Training online through iClass prepares students for the EDRP certification exam 312-76. The EDRP course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. • Application Security • EC Council's Secure Coding Professional ECSP is a cutting edge program delivered online through iClass teaching the fundamentals of Application Security and Secure Coding practices.
Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CWSP Certification • http://www.globalknowledge.com/tr aining/certification_listing.asp? pageid=12&certid=448&country=U nited+States • CWSP certification is a professional-level wireless LAN certification. Achieving CWSP certification confirms that you have the skills to successfully secure enterprise Wi-Fi networks from hackers, no matter which brand of Wi-Fi gear your organization deploys. http://www.penetration-testing.com/home.html

Recommended

Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Rahul Boga
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksLondon School of Cyber Security
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014Truong Minh Yen
 

Recommended

Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Rahul Boga
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksLondon School of Cyber Security
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014Truong Minh Yen
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
2018 sans security awareness report
2018 sans security awareness report2018 sans security awareness report
2018 sans security awareness reportJohn Martens
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Advanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAdvanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAvinash Sinha
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z Cheng Olayvar
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT SecurityLondon School of Cyber Security
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)NAFCU Services Corporation
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
Why managed detection and response is more important now than ever
Why managed detection and response is more important now than everWhy managed detection and response is more important now than ever
Why managed detection and response is more important now than everG’SECURE LABS
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 
Final Presentation.pptx
Final Presentation.pptxFinal Presentation.pptx
Final Presentation.pptxBetaBeta9
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 

More Related Content

What's hot

Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
2018 sans security awareness report
2018 sans security awareness report2018 sans security awareness report
2018 sans security awareness reportJohn Martens
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Advanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAdvanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAvinash Sinha
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
Why managed detection and response is more important now than ever
Why managed detection and response is more important now than everWhy managed detection and response is more important now than ever
Why managed detection and response is more important now than everG’SECURE LABS
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 

What's hot (19)

Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
2018 sans security awareness report
2018 sans security awareness report2018 sans security awareness report
2018 sans security awareness report
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Advanced Phishing The Art of Stealing
Advanced Phishing The Art of StealingAdvanced Phishing The Art of Stealing
Advanced Phishing The Art of Stealing
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdf
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)Dna
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
 
Why managed detection and response is more important now than ever
Why managed detection and response is more important now than everWhy managed detection and response is more important now than ever
Why managed detection and response is more important now than ever
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Similar to Mobile Tech Security Threats and Mitigation Strategies

Final Presentation.pptx
Final Presentation.pptxFinal Presentation.pptx
Final Presentation.pptxBetaBeta9
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013Karim Shaikh
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
The evolution and growth of cybersecurity.docx
The evolution and growth of cybersecurity.docxThe evolution and growth of cybersecurity.docx
The evolution and growth of cybersecurity.docxNigussMehari4
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessFibonalabs
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 

Similar to Mobile Tech Security Threats and Mitigation Strategies (20)

Final Presentation.pptx
Final Presentation.pptxFinal Presentation.pptx
Final Presentation.pptx
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
The evolution and growth of cybersecurity.docx
The evolution and growth of cybersecurity.docxThe evolution and growth of cybersecurity.docx
The evolution and growth of cybersecurity.docx
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdf
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful Business
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
techalpha07
techalpha07techalpha07
techalpha07
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Mobile Tech Security Threats and Mitigation Strategies

  • 2. Tren Keamanan 2012 • Menurut riset Trend Micro—vendor keamanan asal Taiwan—akan ada banyak hal menarik yang menjadi perhatian para pekerja keamanan TI di tahun 2012 nanti. • Tren smartphone, tablet dan ultrabook, serta cloud di tahun 2011 diprediksi akan tetap menjadi fokus utama keamanan data di 2012. Sistem dan teknologi yang ada akan semakin canggih, tapi penjahat cyber pun tak kalah canggih. Berikut ini prediksi keamanan yang dilakukan oleh Raimund Ganes (CTO Trend Micro): 1.     Bersiap untuk era BYOD – Meskipun masih banyak perusahaan yang merasa tidak nyaman dengan “konsumerisasi TI”, keamanan dan insiden pelanggaran data di 2012 akan memaksa perusahaan untuk menghadapi era Bring-Your-Own-Device (BYOD). Era BYOD tidak bisa dihindarkan seiring dengan berkembangnya peranti mulai dari ultrabook hingga tablet, hingga data yang disimpan tak bisa lagi sepenuhnya dikontrol oleh admistrator TI. Kemungkinan hilangnya data melalui penggunaan peranti pribadi ini pun akan meningkat. 2.      Amankan data center – Tantangan nyata yang akan dihadapi pemilik data center di tahun depan adalah semakin kompleksnya keamanan untuk sistem virtual, fisik dan cloud. Serangan ditargetkan pada mesin virtual dan layanan pada komputasi cloud. Platform virtual dan cloud tetap ada celah untuk diserang. Hal ini tentunya akan menjadi beban bagi tenaga IT untuk mengamankan data mereka, selama mereka mengadopsi teknologi ini. Mengamankan server virtualisasi adalah hal utama, dimana kejahatan pencurian data bisa terjadi melalui sistem yang rentan.
  • 3. Tren Keamanan 3.      Serangan di smartphone dan tablet – Pertumbuhan pesat dari smartphone, melalui Android, dan hadirnya tablet, diperkirakan juga tak luput dari serangan di 2012. Dengan angka pertumbuhan dari contoh-contoh malware yang baru saat ini, Trend Micro memprediksi akan melihat lebih dari 100 ribu trojan jahat yang muncul di Android hingga Desember 2012 apabila angka pertumbuhan tersebut terus melaju. 4.      Celah di aplikasi mobile – Munculnya banyak pasar aplikasi di beberapa sistem operasi smartphone, membuat penjahat cyber bisa memanfaatkan jalur ini. Saat ini, penjahat menggunakannya sebagai aplikasi malicious. Bisa jadi karena developer mengalami salah pengkodean sehingga celah ini dimanfaatkan penjahat. Atau, si penjahat sengaja membuat aplikasi yang setelah diunduh dan diinstal merugikan pengguna. 5.     Botnet masih ada – Meskipun botnet akan menjadi lebih kecil skalanya, tapi mereka akan tumbuh dalam jumlah yang lebih banyak. Botnet, alat kejatahan cyber tradisional, akan berkembang sebagai respon terhadap tindakan yang diambil oleh industri keamanan. Botnet menjadi lebih kecil, tapi akan lebih mudah dikelola sebagai media penyebaran malware ke komputer visitor, pencurian password (scam), mass-email ke ratusan ribu alamat (spam), mencuri data website anda (theft), penipuan pay-per-click (abuse) dan membuat IP server anda di-blacklist oleh berbagai layanan.
  • 4. Tren Keamanan 6.     Serangan yang tidak biasa – Target serangan hackers akan ditujukan pada target yang tidak biasa, seperti pada produsen sistem kontrol industri, dan peralatan medis untuk mengambil data intelijen dan aset dari beberapa perusahaan. Threat seperti STUXNET atau Duqu, yang sempat menyusup ke dalam reaktor nuklir Iran, akan kembali muncul dengan target serangan yang tidak diduga. 7.     Kejahatan cyber makin kreatif – Penjahat dunia maya kedepannya akan menemukan cara yang lebih kreatif bukan saja dalam hal melakukan pencurian data, tapi juga untuk bersembunyi dari penegakan hukum. 8.     Awas serangan dari kelompok Hacker – Tahun 2011 ini ditandai dengan kehadiran kelompok hacker Anonymous dan Lulzsec, yang berhasil mengacak dan menghancurkan data dunia maya. Sony Playstation Network sempat merasakan serangan mereka. Biarpun sebagian kelompok ini telah ditangkap, mereka yang masih bebas tetap melancarkan kampanye serangan terhadap institusi tertentu. Contoh lain : LulzSec, Antisec 9.     Informasi pribadi tak lagi rahasia – Tahun depan seiring dengan banyaknya pengguna social media dari anak-anak muda, kini data-data yang dulu bersifat rahasia seperti alamat email, alamat rumah, dan nomor telepon pribadi pun, kini bisa dengan mudah diumumkan melalui akun social media mereka. Dan ini tentunya, tanpa mereka sadari akan menjadi prospek ideal bagi kejahatan cyber.
  • 5. Tren Keamanan 10.  Serangan social engineering ditargetkan ke UKM – 2012 diperkirakan teknik social engineering untuk mendapatkan data-data pribadi semakin beragam, dan menyusup juga sektor UKM. Dimana sektor ini pun terkadang luput dari pengawasan, tentunya dengan memanfaatkan kelemahan manusia, bukan alat dan sistemnya. 11.  Alat cybercime makin canggih – Kini alat untuk melakukan cybercrime akan semakin canggih, termasuk dari aktor intelektual dan penyandang dana dari serangan. Kegiatan dari Advanced persistent threat (APT) agents: Sebuah organisasi dengan pemasok dana yang bertujuan untuk mencuri kekayaan intektual perusahaan atau bahasa awamnya data-data perusahaan akan bertambah. 12.  Lonjakan malware – Kehilangan data yang disebabkan karena infeksi malware akan meningkat tahun depan. Pada 2011 ini saja per Januari hingga Juli 2011 saja kenaikan malware Android dibanding 2010 adalah 1410%, serta tiap detiknya terbentuk 3,5 threat baru. http://www.infokomputer.com/fitur/41-sekuriti/4711-12-ramalan-keamanan-ti-di-tahun-2012
  • 6. Ancaman terhadap Mobile Tech • Jumlah ancaman keamanan Android meningkat sebanyak tiga kali lipat di kuartal kedua tahun ini. • Pada kuartal pertama 2012, Kaspersky Lab mencatat kemunculan 5,441 malware baru yang menyasar platform mobile open source tersebut. Kuartal berikutnya, angka tersebut naik tajam menjadi 14,923 malware baru. • Malware Android yang ditemukan Kaspersky di perempat tahun kedua 2012 ini terdiri dari : – Trojan SMS yang dipakai untuk mencuri uang dari pengguna. Caranya adalah dengan mengirim SMS bertarif premium tanpa sepengetahuan si empunya perangkat. (25 persen) – Jenis backdoor yang memungkinkan penciptanya mengontrol perangkat Android korban. (18 persen ) – Jenis Trojan Spy, yang paling berbahaya karena bisa memberi akses ke rekening bank korban. http://tekno.kompas.com/read/2012/08/21/11480130/Android.Kini.Tiga.Kali.Lebih.Berbahaya
  • 7. Ancaman celah keamanan dan bagaimana cara meminimalisir Contoh Celah keamanan internet yang mengincar user : • Kegiatan transaksi banking yang dilakukan di public area (public wifi, warnet,) tentu saja sangat rentan Celah yang dimanfaatkan untuk mendapatkan akun banking anda : Ancaman seperti Man In The Middle Attack, DNS Spoofing, Session Hijacking, dll bisa dengan cepat membajak akun anda • Contoh kasus lainnya yg marak adalah phishing. Phishing ini di di ambil dari kata fishing yang artinya memancing. Tujuan phishing ini ada mencoba menjebak user untuk melakukan tindakan tertentu, dan tentunya pada akhirnya akan merugikan user tersebut – Misalnya anda menerima email yang mengatasnamakan tim IT Security bank tertentu, dan meminta anda mengupdate password, dan dia memberikan link – Biasanya anda terkecoh dan percaya krn pd email sender tsb jelas pengirimnya (cth administrator@bni.co.id) – Padahal sebenarnya pengirim email phishing tsb mengirim dgn fake email address, coba anda klik detail email tsb (Opsi Show original pd Gmail) – Hal tersebut dilakukan untuk melihat apakah benar sender nya dari user yg legitimate? – Biasanya pada email tersebut di sertakan link URL, attachmenet html, atau file2 seperti document, anda harus waspada sebelum membukanya! – Jangan pernah percaya pada URL Shortener! Check terlebih dahulu link tsb, misalnya menggunakan layanan ini - http://mcaf.ee/ – Jika link URL yang di berikan pada email phishing tadi mencurigakan, cek kembali, misalnya URL nya apakah benar URL yg original?
  • 8. Ancaman celah keamanan dan bagaimana cara meminimalisir • Pastikan anda selalu menggunakan https jika menggunakan account penting spt banking, socmed, email, Cari plugin browser yg mengharuskan membuka web2 tersebut menggunakan https, seperti https everywhere • Walaupun tidak menjamin keamanan secara penuh jika menggunakan https, setidaknya ini mencegah anda agar tidak terjadi eavesdropping • Celah keamanan yang lain yg sedang marak adalah malware pada smartphone. Aplikasi fake yang disusupi malware banyak menjangkiti android,dan tren malware di android ini sedang sangat marak misalnya banyak fake antivirus yang beredera di googleplay, ketika user mendownloadnya, alih-alih untuk mengamankan smartphone, apps tersebut malah merugikan kita, Mengirimkan data sensitif mengenai informasi kita misalnya, atau ada juga yg tiba2 mengirimkan SMS premium yg men-charge pulsa kita, atau muncul pop-up yg annoying. Untuk menghindari hal tersebut, jangan mendownload aplikasi di luar dari market application (Googleplay, BB App World, APpstore). Walaupun tidak menjamin juga jika download dari market store akan lebih aman Cari review terlebih dahulu mengenai aplikasi yg anda ingin download, cari kontak support,alamat website nya, dan siapa author nya. Jangan mendownload aplikasi bajakan, karena kita tidak tahu apakah aplikasi tersebut sudah di backdoor, mengandung trojan, spyware,dll
  • 9. Ancaman celah keamanan dan bagaimana cara meminimalisir • Celah keamanan lain yang juga marak di socmed adalah clickjacking. Ada yang tahu apa itu clickjacking? Clickjacking secara sederhana di artikan sebagai salah satu malicious tehcnic yang memanfaatkan user yang biasanya sembarang main klik. Pernah lihat wall temen kamu di facebook tiba2 spread video2 berbau porn? atau misalnya pernah liat temen2 kamu tiba2 ngirim Spam DM di twitter? Atau contoh lainnya tiba2 kamu dpt email dr tmn kmu yg isinya link2 ga jelas gitu? • Nah, itu contoh dari clickjacking. Klo ad tmn yg spreading hal2 ky gt,jgn asal klik :D, krn kmu jg bs kena kayak dia, tanpa disadari kmu akan nyebarin link2 tsb http://digitoktavianto.web.id/kultwit-tren-ancaman-dan-celah-keamanan-di-internet.html
  • 10. Simulasi Software Keamanan Komputer Background • OMNeT++ is a discrete event simulation environment. Its primary application area is the simulation of communication networks, but because of its generic and flexible architecture, is successfully used in other areas like the simulation of complex IT systems, queueing networks or hardware architectures as well. • OMNeT++ provides a component architecture for models. Components (modules) are programmed in C++, then assembled into larger components and models using a high-level language (NED). Reusability of models comes for free. OMNeT++ has extensive GUI support, and due to its modular architecture, the simulation kernel (and models) can be embedded easily into your applications. • Although OMNeT++ is not a network simulator itself, it is currently gaining widespread popularity as a network simulation platform in the scientific community as well as in industrial settings, and building up a large user community. Components • simulation kernel library • compiler for the NED topology description language • OMNeT++ IDE based on the Eclipse platform • GUI for simulation execution, links into simulation executable (Tkenv) • command-line user interface for simulation execution (Cmdenv) • utilities (makefile creation tool, etc.) • documentation, sample simulations, etc.
  • 11. Simulasi Software Keamanan Komputer Platforms 1. OMNeT++ runs on Linux, Mac OS X, other Unix-like systems and on Windows (XP, Win2K, Vista, 7). 2. The OMNeT++ IDE requires Linux32/64, Mac OS X 10.5 or Windows XP
  • 12. Simulasi Software Keamanan Komputer Background • NeSSi² is an open source project developed at the DAI-Labor and sponsored by Deutsche Telekom Laboratories. • NeSSi (Network Security Simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for the detection algorithm plugins allow it to be used for security research and evaluation purposes. • NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis, and developingoverlay security frameworks.
  • 14. Software Audit Keamanan Komputer • Secure Windows Auditor™ (SWA) is a windows security software solution which provides windows security auditing and assessment software which empower network administrators & IT security auditors to conduct in-depth security assessments of network based windows systems. • This Windows security software can run from a centralized location on the network during windows security assessments. It identifies vulnerabilities and categorizes them according to their respective risk levels and provides step by step solutions to eliminate them; thus simplifying the enormous task of windows security audit. This windows security software searches for vulnerabilities in Account Policies, Password Policy, Audit Policy, Weak Passwords, Missing Patches, Misconfigurations, System Vulnerabilities, Trojans Spyware, Files and Folder Permissions, Registry Settings, User Rights and System Services. It then presents them in form of a comprehensive report and provides solutions, which if properly implemented will result in securing windows based systems. http://www.secure-bytes.com/swa.php
  • 15. Software Audit Keamanan Komputer Security Tools Windows Security Tools Windows Password Auditor Windows Event Log Analyzer Windows Asset Inventory Viewer Windows Remote Control FTP Brute Force Tester MySQL Brute Force Tester Windows PCI Compliance Check Windows HIPAA Compliance Check Oracle Security Tools Oracle SID Tester Oracle Default Password Tester Oracle TNS Password Tester Oracle Password Auditor Oracle Access Rights Auditor Oracle Brute Force Tester Oracle Event Log Analyzer Oracle PCI Compliance Check Ora HIPAA Compliance Check Oracle Query Browser SQL Security Tools SQL Default Password Tester SQL Server Password Auditor SQL Server Access Right Auditor SQL Server Event Log Analyzer SQL Server Brute Force Tester SQL Server Query Browser SQL PCI Compliance Check SQL HIPAA Compliance Check Cisco Security Tools Cisco Configuration Manager Cisco Type7 Password Decryptor Cisco MD5 Password Auditor Cisco Firewall Password Auditor IP Calculator Cisco SNMP Brute Force Tester Cisco VPN Password Auditor Cisco Switch Port Mapper Cisco Configuration Backup Tool General Security Tools Traceroute Port Scanner SNMP Browser SNMP Scanner Whois DNS Auditor Mac Detector DNS Lookup HTTP Brute Force Tester SSH Brute Force Tester http://www.secure-bytes.com/swa.php
  • 16. Software Audit Keamanan Komputer General Security Tools Traceroute http://www.secure-bytes.com/swa.php Port Scanner is a basic tool required to secure a network from intrusion. Viruses probe for open ports on the weak systems of the network that can compromise entire network security measures. Continuous monitoring of open ports will identify all sort of changes even they are minute in nature. utility allows tracking the path of a packet from its origination to destination address. It allows the user to trace the track of a particular transmission on the network.
  • 17. Software Audit Keamanan Komputer General Security Tools SNMP Browser SNMP Browser discover network using SNMP MIB, SNMP traps and community name it also helps in monitor network devices(router monitor) using windows SNMP. http://www.secure-bytes.com/swa.php SNMP Scanner Simple Network Management Protocol (SNMP) is a UDP- based an application layer network protocol which was developed to manage devices on an IP network. SNMP scanner uses SNMP MIB and SNMP traps for monitoring routers in a network.
  • 18. Software Audit Keamanan Komputer General Security Tools Whois WHOIS is a search tool that can check domain names, ICANN and personal contact information of the registrar from WHOIS databases. http://www.secure-bytes.com/swa.php DNS Auditor provides facility to resolved domain names and their respective IP addresses. DNS Auditor is critical tool because various security weaknesses are associated with IP Address, Domain Name and DNS name. It is extremely important to have accurate DNS information in order to have smooth IP based communication.
  • 19. Software Audit Keamanan Komputer General Security Tools Mac Detector http://www.secure-bytes.com/swa.php DNS Lookup is a tool to detect MAC addresses of computers over the network from their IP addresses.MAC address is an important component for network security, control and infrastructure management because it is a unique code identifier of networking equipment. DNS Lookup is effective tool to resolve domain names into the corresponding IP address and to retrieve particular information from the target domains (for example, MX record, A record etc.). Hackers use this type of tools for Foot printing a network
  • 20. Software Audit Keamanan Komputer Security Tools HTTP Brute Force Tester http://www.secure-bytes.com/swa.php SSH Brute Force Tester is a method of obtaining the user's authentication credentials of a web based application, such as the username and password to login to HTTP and HTTPs sites. Password based tests are a common methods of breaking into web sites. is a method of obtaining the user's authentication credentials of an SSH connection, such as the username and password to login. Password based tests are a common methods of breaking into web sites.
  • 21. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem Tiger • http://www.tigerscheme.org • Tiger Scheme is a commercial certification scheme for technical security specialists, backed by University standards and covering a wide range of expertise. The Tiger Scheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company. OWASP • https://www.owasp.org • The Open Web Application Security Project (OWASP) is an Open Source community project developing software tools and knowledge based documentation that helps people secure web applications and web services. It is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in designing, developing, deploying and testing the security of web applications and Web Services. http://www.penetration-testing.com/home.html
  • 22. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem PCI • https://www.pcisecuritystandards.org • The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification. ISACA • https://www.isaca.org • ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement. http://www.penetration-testing.com/home.html
  • 23. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CHECK • http://www.cesg.gov.uk • The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. OSSTMM • http://www.osstmm.org • The aim of The Open Source Security Testing Methodology Manual (OSSTMM) is to set forth a standard for Internet security testing. It is intended to form a comprehensive baseline for testing that, if followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment independently of other organisation concerns, such as the corporate profile of the penetration- testing provider. http://www.penetration-testing.com/home.html
  • 24. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CREST • http://www.crest-approved.org • The Council for Registered Ethical Security Testers (CREST) exists to serve the needs of a global information security marketplace that increasingly requires the services of a regulated and professional security testing capability. It provides globally recognised, up to date certifications for organisations and individuals providing penetration testing services. CSA • https://cloudsecurityalliance.org/ • To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. http://www.penetration-testing.com/home.html
  • 25. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem EC Council’s http://iclass.eccouncil.org/ • Security Awareness Take an online course in Security Awareness, EC Council’s Security 5 certification. This course is great for busy professionals who what to learn the basics of IT Security, from securing their home network using best practices, to establishing fundamental security measures in a small business where the full time IT Security staff is not present. • Security Fundamentals • EC Council’s Network Security Administrator (ENSA) is a premier certification for the Network Security Administrator. • Ethical Hacking • Certified Ethical Hacker through iClass is EC Council’s official CEH Class preparing students to challenge the Certified Ethical Hacker Certification Exam 312-50. • Computer Forensics • EC Council’s Computer Hacking Forensic Investigator CHFI is also available online through iClass. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. http://www.penetration-testing.com/home.html • Advanced Penetration Testing • The EC Council Certified Security Analyst ECSA is the Second Course following the Certified Ethical Hacker. CEH teaches the student methods and tools used by hackers while the ECSA prepares students to conduct security assessments and complete Vulnerability Assessments & Penetration Tests using industry leading methods, techniques, and tools. • Disaster Recovery • EC Council’s Disaster Recovery Professional Training online through iClass prepares students for the EDRP certification exam 312-76. The EDRP course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. • Application Security • EC Council's Secure Coding Professional ECSP is a cutting edge program delivered online through iClass teaching the fundamentals of Application Security and Secure Coding practices.
  • 26. Organisasi Penentu standar dan Sertifikasi untuk Keamanan data dan Sistem CWSP Certification • http://www.globalknowledge.com/tr aining/certification_listing.asp? pageid=12&certid=448&country=U nited+States • CWSP certification is a professional-level wireless LAN certification. Achieving CWSP certification confirms that you have the skills to successfully secure enterprise Wi-Fi networks from hackers, no matter which brand of Wi-Fi gear your organization deploys. http://www.penetration-testing.com/home.html