Matakuliah Tahun Versi :A0334/Pengendalian Lingkungan Online : 2005 : 1/1 Pertemuan 6 Points of Exposure 1 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : • Mahasiswa dapat menjelaskan Points of Exposure 2 Outline Materi • Web Security – History – The Threat • Infection • Install A Spreading Mechanism – Optional: Install or Modify Other Services • Search for New Systems – Optional: Attack Other Systems – Business Implications – The Solutions 3 • Network Vulnerabilities – Better Ways to Resolve Network Vulnerabilities – Protecting The ‘Trusted’ Network • Key Security Vocabulary Explained 4 Web Security • History • The Threat – Infection – Install A Spreading Mechanism • Optional: Install or Modify Other Services – Search for New Systems • Optional: Attack Other Systems • Business Implications • The Solutions 5 History • Security holes in business-critical software are a significant threat to organisations. However, vulnerabilities in Internet-related software can be disastrous. • Ironically, Internet software was generally designed with security as a afterthought. Networks were largely considered to be either private and therefore physically secure or public and therefore inherently open. 6 • The amount of private information transmitted across the Internet increases daily. It is now an integral part of most people’s lives, ranging from buying books at Amazon on a credit card through to making money transfers and payments via an online bank. 7 • Potentially there are numerous reasons for the growth in security attacks; but one trend that in undeniable is the growth in the number and sophistication of hacking tools. Historically attackers required detailed understanding of the systems that they were attempting to compromise and performing an attack could be a time-consuming operation. • There also was no source code available to read to find security vulnerabilities. 8 The Threat • Today security is a bigger problem than ever before. • The most dangerous forms of Internet worm are those that attack web servers. • Unlike the average Internet connection, these systems have network connections with large amounts of bandwidth. • After an infection, a worm can use the bandwidth to spread itself to other web servers. 9 • Equally, the organisations operating the web server may base a large percentage of its revenue on traffic from its website and the site outage could cause a largescale financial impact – not to mention the impact on customer confidence. 10 Infection • Infection involves the worm sending a malicious request to a web server, trying to exploit a known security vulnerability. If the web server is vulnerable, the worm infects the machine, executes its payload and then continues to spread to other machines. 11 Install A Spreading Mechanism • Once a Microsoft IIS server has been infected with a worm, the worm’s code can make use of software available on the system and, furthermore, even download additional software from other systems. 12 Optional: Install or Modify Other Services • Some worms install backdoor services to give hackers access to machines. They are then able to control the system remotely and use it for future exploits, such as distributed denial of service attacks. 13 Search for New Systems • In order to able to infect other systems every worm needs some form of reproduction mechanism. It needs to find new servers to which it can spread by investigating the addresses of potential targets. 14 Optional: Attack Other Systems • Many worms have built-in attack routines. 15 Business Implications • The web is a vital components of an organisation’s infrastructure. 16 The Solutions • As with the security for your business premises, an intruder will always look for the easiest way in; if you can make it sufficiently secure then they will go elsewhere. Internet security is not a matter of installing one system but of looking at all the components in hour systems to see if they offer any holes. Installing systems that are secure in the first place obviously means less work than installing insecure ones and then trying to secure them. 17 Network Vulnerabilities • Basic security tenets have changed very little over the past decade. Protecting the confidentiality of corporate information, preventing unauthorised access and defending against malicious or fraudulent attacks from external sources: these continue to be the major concerns of IT professionals today. • To compound the threat posed by these developments, networks are also operating at much higher speeds. 18 Better Ways to Resolve Network Vulnerabilities • The fundamental key to an effective security solution is a properly deployed network security device that increases security without jeopardising performance. To meet the many and varied threats already outlined, multi-functionslity within a single platform can ease network design and maximise effectiveness. Solid interoperability with other security products, such as user authentication and anti-virus applications, will also prove invaluable. 19 Protecting The ‘Trusted’ Network • Once a network security solution that addresses the fundamentals of performance and reliability is identified, it then has to be evaluated for its ability to provide pervasive internal protection. 20 • A ‘virtual’ approach to establishing security zones is required to efficiently enable segmentation. Selecting security devices with virtual system capabilities can reduce the overall number of devices in a network and thereby streamline security management, reducing the total cost of ownership. With certain virtual system-enabled devices, different policies can be applied to different zones, depending on each department’s need for access to sensitive information, the type and number of employees, etc. 21 Key Security Vocabulary Explained • • • • • • • • VPNs Denial of service Firewall Intrusion prevention Trojan Horse Backdoor or U-turn attacks WLANs Virus 22 The End 23