Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

10 tk3193-firewall 2

2,842 views

Published on

Slide Firewall

Published in: Education
  • Be the first to comment

10 tk3193-firewall 2

  1. 1. SETIA JULI IRZAL ISMAIL, jul@tass.telkomuniversity.ac.id TK 3193-KEAMANAN JARINGAN Semester Ganjil 2015/2016 FIREWALLFIREWALL Hanya dipergunakan untuk kepentingan pengajaran di lingkungan  Telkom University
  2. 2. Tembok ApiTembok Api
  3. 3. AncamanAncaman ●Virus ●Worm ●DOS ●Cracker
  4. 4. Internal Vs ExternalInternal Vs External
  5. 5. Contoh RulesContoh Rules ● Blok paket masuk dari alamat pengirim/ penerima tertentu ●Blok paket keluar dari alamat pengirim/ penerima tertentu ●Blok paket berdasarkan isi paket ●Membuka akses ke internal resource tertentu ●Membuka koneksi ke jaringan internal ●Melaporkan semua aktifitas jaringan
  6. 6. UkuranUkuran ●Firewall personal ●Firewall unit ●Firewall perusahaan
  7. 7. IPTablesIPTables
  8. 8. IPTables (2)IPTables (2)
  9. 9. Contoh RulesContoh Rules ●Allow semua akses ke semua Website ●Allow outgoing email dari internal mail server ●Drop semua akses outgoing kecuali ke email dan website ●Drop semua incoming akses kecuali ke public web server ●Log semua akses ke website luar ●Log semua koneksi yang diblok Firewall
  10. 10. Contoh Rules (2)Contoh Rules (2)
  11. 11. ARSITEKTUR FIREWALL
  12. 12. SCREENING ROUTERSCREENING ROUTER Row 1 Row 2 Row 3 Row 4 0 2 4 6 8 10 12 Column 1 Column 2 Column 3 •Paketfilter •Allow Outgoing •Filter Incoming •2 Interface •ACL •Kekurangan Single Point of Error (SPoE)
  13. 13. SCREENING ROUTER (2)SCREENING ROUTER (2)
  14. 14. Screened HostScreened Host
  15. 15. DMZ (De-Militerized Zone)DMZ (De-Militerized Zone) •Zona Khusus •Layanan Publik (Web Server, Mail Server , DNS, FTP, VOIP) •Melindungi Jaringan Internal •DMZ – Internal dibatasi •DMZ – Internet
  16. 16. DMZ (2)DMZ (2) •Konfigurasi security ancaman Eksternal •Ancaman Internal (Sniffing & Spoofing) •Proxy Server
  17. 17. DMZ – 1 FirewallDMZ – 1 Firewall •3 Zone •Single Point of Error
  18. 18. DMZ – SubnetDMZ – Subnet
  19. 19. DMZ – 2 FirewallDMZ – 2 Firewall ● Front –End ● Allow Traffic to DMZ ● Back End ● DMZ – Internal ● Lebih aman ● Multi Vendor ● Biaya
  20. 20. DMZ – MultipleDMZ – Multiple
  21. 21. DMZ – Multiple (2)DMZ – Multiple (2)
  22. 22. 2 Firewall – 2 DMZ2 Firewall – 2 DMZ
  23. 23. ANCAMANANCAMAN ● DOS ● IP Spoofing ›Tabel ● ARP Spoofing ›Statik ● Session Hijacking ● Buffer Overflow ● SQL Injection
  24. 24. REFERENSIREFERENSI Buku Bacaan Wajib (BW) 1 Engebretson, P. (2011). The Basic of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Syngress. 2 Stallings, W. (2010). Network Security Essentials:Applications and Standards 4th Edition. Prentice Hall.   Buku Bacaan Anjuran (BA) 3 Beale, J. (2007). Snort IDS and IPS Toolkit. Syngress. 4 Rash, M. (2007). Linux Firewalls: Attack Detection and Response with Iptables, psad and fwsnort. No Starch.

×