1. SYAIFUL AHDAN, M.T.
Fakultas Teknik dan Ilmu Komputer
Universitas Teknokrat Indonesia
2017
Introduction of Security
BudiRaharjo, “Keamanan Sistem Informasi Berbasis Internet” versi 5.1, PT Insan Infonesia –
Bandung & PT INDOCISC-Jakarta, 1998, 1999, 2000, 2002
Janner Simarmata, “ Pengamanan Sistem Komputer”CV Andi Offset 2005
Dony Ariyus, “ Kriptografi, Keamanan data dan Komunikasi”, Graha Ilmu 2005
2. 2Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Tujuan Pembelajaran
1. Mengenalkan pada mahasiswa tentang konsep
Scanner dan Probing
2. Mahasiswa memahami konsep layanan jaringan
dan port numbering
3. Mahasiswa mampu menganalisa kelemahan
jaringan menggunakan software scanning yang
ada
3. 3Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Introduction of Security
●
Security is an Important Aspect of a system.
●
Less attention by the system owner
●
Security issues are second or last, in the list of things that are
considered important.
4. 4Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Security, in information technology (IT), is the defense of digital information
and IT assets against internal and external, malicious and accidental
threats. This defense includes detection, prevention and response to
threats through the use of security policies, software tools and IT services
http://searchsecurity.techtarget.com/definition/security
Security . .. ?
The Quality or state of being secure : such as “freedom from danger”, freedom from
fear or anxiety, “freedom from the prospect of being laid off (job security) merriam
https://www.merriam-webster.com/dictionary/security
5. 5Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Lawrie Brown suggest using "Risk Management
Model" to deal with threats (managing threats).
three components that contribute to risk :
●
Asset,
●
Vulnerabilities
●
Threats.
https://www.unsw.adfa.edu.au/our-people/dr-lawrie-brown
Risk Management
7. 7Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
●
Reduce Threat
●
Reduce Vulnerability
●
Reduce Impact
●
Detection of Event
●
Recovery
countermeasures
Risk Management
8. 8Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Computer crimes can be classified to the most dangerous to the
annoying. According to David Icove based security holes, security
can be classified into four, namely:
1. Physical (physical security)
2. Related to person (personel)
3. Security of data, media, communication techniques
(communications).
4. Security in operation.
http://www.eecs.utk.edu/people/faculty/icove/
Classification of cyber crime
9. 9Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Physical security is often a second thought when it comes to
information security. Since physical security has technical and
administrative elements, it is often overlooked because most
organizations focus on “technology-oriented security
countermeasures” (Harris, 2013) to prevent
hacking attacks
Physical Security
https://www.sans.org/reading-room/whitepapers/physical/physical-security-important-37120
Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events that could cause
serious loss or damage to an enterprise, agency or institution. This
includes protection from fire, flood, natural disasters, burglary, theft,
vandalism and terrorism.
http://searchsecurity.techtarget.com/definition/physical-security
10. 10Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Physical Security
10 of the most essential security measures you should implement now, if you
haven't already done so. (About Deb Shinder, 2007)
#1: Lock up the server room
#2: Set up surveillance
#3: Make sure the most vulnerable devices are in that locked room
#4: Use rack mount servers
#5: Don't forget the workstations
#6: Keep intruders from opening the case
#7: Protect the portables
#8: Pack up the backups
#9: Disable the drives
#10: Protect your printers
http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/
12. 12Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Personal Security
#1: Social Engineering
#2: Approaches to the System
#3: Approaches to the System Manager
14. 14Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Operation Security
# the procedures used to organize and manage the security system
# Post Attack Recovery
15. 15Universitas Teknokrat Indonesia - Fakultas Teknik dan Ilmu Komputer
Computer Security Aspects
1. Privacy
2. Confidentiality
3. Integrity
4. Authentication
5. Availability
6. Access Control
7. Non Repudiaton
8. Authority
https://en.wikipedia.org/wiki/Simson_Garfinkel
computer security consists of 6 aspects. Garfinkel