Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Pertemuan 03 Ancaman dan Serangan Matakuliah : H0242 / Keamanan Jaringan

advertisement 
Matakuliah
Tahun
Versi
: H0242 / Keamanan Jaringan
: 2006
:1
Pertemuan 03
Ancaman dan Serangan
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan
mahasiswa akan mampu :
• Mahasiswa dapat memperhitungkan
ancaman dan serangan terhadap jaringan
2
Outline Materi
• Mekanisme Terjadinya Serangan
• Metode Pencegahan Serangan
3
Security Goals
Confidentiality
Integrity
Avaliability
4
Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and
operation.
• An attack is any action that violates security.
– Active adversary.
• Common threats:
– Snooping/eavesdropping, alteration, spoofing,
repudiation of origin, denial of receipt, delay
and denial of service.
5
Types of Attacks
Passive Threads
Release of
Message Contents
Traffic
Analysis
Active Threads
Masquerade
Replay
Modification of
Message Contents
Denial of
Service
6
Attacks, Services and Mechanisms
• Security Attack:
– Any action that compromises the security of
information.
• Security Mechanism:
– A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service:
– A service that enhances the security of data
processing systems and information transfers. A
security service makes use of one or more security
mechanisms.
7
Security Attacks
8
IPv4 Infrastructure
• No authentication for the source
• Various approaches exist to address
the problem:
– Router/firewall filtering
– TCP handshake
9
Vulnerability
• A vulnerability (or security flaw) is a specific failure of
the security controls.
• Using the failure to violate the site security: exploiting
the vulnerability; the person who does this: an attacker.
• It can be due to:
– Lapses in design, implementation, and operation
procedures.
– Even security algorithms/systems are not immune!
• We will go over some examples in this course.
10
IP Protocol Vulnerabilities
• Authentication based on IP source address
– But no effective mechanisms against IP
spoofing
• Consequences (possible exploits)
– Denial of Service attacks on
infrastructures
• IP Spoofing and SYN Flood
• Smurf and Fraggle attacks
• OSPF Max Sequence
11
Methods of Defence
• Encryption
• Software Controls (access limitations in a
data base, in operating system protect each
user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
12
Impact of Attacks
– Theft of confidential information
– Unauthorized use of
• Network bandwidth
• Computing resource
– Spread of false information
– Disruption of legitimate services
All attacks can be related and are
dangerous!
13
The Security Life Cycle
• The iterations of
– Threats
– Policy
– Specification
– Design
– Implementation
– Operation and maintenance
14
Related documents
– Security JDiBrief Scenario based risk assessment for critical infrastructures:
– Security JDiBrief Scenario based risk assessment for critical infrastructures:
Marking Time Discussion Questions When did the planning for the September 11
Marking Time Discussion Questions When did the planning for the September 11
Network Security
Network Security
Introductions IDA765
Introductions IDA765
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
Revenge-Seeking Behaviors
Revenge-Seeking Behaviors
IP Spoofing
IP Spoofing
Download
advertisement