Matakuliah
Tahun
Versi
: H0242 / Keamanan Jaringan
: 2006
: 1
1

Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :
• Mahasiswa dapat menggunakan Aspek dasar keamanan jaringan dan ketentuan baku OSI untuk keamanan jaringan
2

• Latar Belakang Network Security
• Trend
• Definisi
• Arsitektur OSI untuk Network Security
3

• Computers and networks are the nerves of the basic services and critical infrastructures in our society
– Financial services and commerce
– Transportation
– Power grids
– Etc.
• Computers and networks are targets of attacks by our adversaries
4

• The complexity of computers and networks
• User expectation
• User ignorance
– Social engineering
• Defense is inherently more expensive
– Offense only needs the weakest link
5

• Flaws can be found without source code
– common: system call trace
– new: subroutine call trace
– protocols can be examined for vulnerabilities
– program instabilities (buffer overflow, etc.)
• Good news — the public & vendors becoming more security conscious
• Patches now being released via Internet
• Still untested — product liability
6

• Security is concerned with preventing undesired behavior
– An enemy/opponent/hacker/adversary may be actively and maliciously trying to circumvent any protective measures you put in place
7

• Security is always a trade-off
• The goal should never be “to make the system as secure as possible”…
• …but instead, “to make the system as secure as possible within certain constraints” (cost, usability, convenience)
8

• Detection and response
– How do you know when you are being attacked?
– How quickly can you stop the attack?
– Can you prevent the attack from recurring?
• Recovery
– Can be much more important than prevention
• Legal issues?
9

• Computer Security
– generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security (Includes Internet Security)
– measures to protect data during their transmission
– measures to protect data during their transmission over a collection of interconnected networks
– consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information
10

• ITU-T X.800 Security Architecture for
OSI
• Defines a systematic way of defining and providing security requirements
• International Standard
• 5 Categories
• 14 Services
11

1. Authentication
• Peer-entity, Data-origin
• Assurance that the communicating entity is the one claimed
2. Access Control
• Prevention of the unauthorized use of a resource
3. Data Confidentiality
• Connection, connectionless, selective-field, traffic-flow)
• Protection of data from unauthorized disclosure
12

4. Data Integrity
• Connection recovery, no-recovery, selective-field
• Connectionless no-recovery,selective-field
• assurance that data received is as sent by an authorized entity
5. Non Repudiation
• origin, destination
• protection against denial by one of the parties in a communication
13

– Something that enhances the security of the data processing systems and the information transfers of an organization
– Intended to counter security attacks
– Make use of one or more security mechanisms to provide the service
– Replicate functions normally associated with physical documents
• eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
14

• A mechanism that is designed to detect, prevent, or recover from a security attack
• No single mechanism that will support all functions required
• One particular element underlies many of the security mechanisms in use: cryptographic techniques
15

• Any action that compromises the security of information owned by an organization
• Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
• Have a wide range of attacks
• Can focus of generic types of attacks
• note: often threat & attack mean same
16

17

18

• A security policy is a statement that partitions the state of the system into a set of authorized (or secure) states, and a set of unauthorized (or nonsecure) states
• A secure system is a system that starts in an authorized state and cannot enter an unauthorized state
– A breach of security occurs when a system enters an unauthorized state
19