Download Kuliah II – Keamanan Jaringan

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
Document related concepts

Computer security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Hypertext Transfer Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
KULIAH II
THREAT AND ATTACK (1)
Aswin Suharsono
KOM 15008
Keamanan Jaringan
2012/2013
Overview
•
•
•
•
•
•
•
Threat
Vulnerability
Attack
Fase-fase serangan terhadap keamanan
Phase 1: Reconaissance
Phase 2: Scanning
Phase 3: Gaining Access Using Application & OS Attack
Threat1)
• Threat (ancaman) dalam keamanan jaringan adalah semua hal
yang dapat mengganggu operasi, fungsi, confidentiality,
integrity, availability dari jaringan atau sistem.
• Terdapat ancaman alamiah seperti banjir, gempa dan gunung
meletus.
• Terdapat ancaman sebagai akibat dari kecelakaan dan
kebodohan salah satu pihak yang terkait dengan sistem.
• Terdapat ancaman akibat pihak lain diluar sistem yang berniat
jahat terhadap sistem.
• Setiap ancaman dapat berbahaya terhadap sistem.
1) John
E. Canavan, Fundamentals of Network Security, Artech House
Threat
Threat
• Dalam kuliah ini kita fokus kepada ancaman akibat
kecerobohan orang dalam, dan ancaman yang berasal dari
pihak luar yang bermaksud jahat.
• Tidak banyak yang dapat dilakukan untuk mencegah ancaman
akibat bencana alam. Upaya yang dapat dilakukan antara lain,
menyediakan backup data dan server di tempat lain. Banyak
berdo’a mungkin solusi terbaik. :D
Vulnerability
• Vulnerabilities adalah kelemahan dalam desain, konfigurasi,
implementasi atau manajemen jaringan atau sistem yang
membuat sistem rentan terhadap ancaman. Setiap sistem dan
jaringan pasti memiliki kelemahan. 1)
1) John
E. Canavan, Fundamentals of Network Security, Artech House
Attack
• Serangan (Attack) adalah upaya untuk mengeksploitasi
kelemahan sistem. Mengakibatkan gangguan yang berkaitan
dengan Confidentiality, Integrity dan Availability.
• Serangan terhadap confidentiality misalnya upaya untuk
mengetahui data rahasia seseorang dengan menyadap
(sniffing) percakapan pada jaringan.
• Serangan terhadap Integrity misalnya upaya untuk
memalsukan pesan dari atasan ke bawahan.
• Serangan terhadap Availability misalnya upaya untuk
membuat sistem mati.
1) John
E. Canavan, Fundamentals of Network Security, Artech House
Attack
• Dua tipe serangan, Aktif dan Pasif.
• Serangan Aktif merupakan serangan yang menyebabkan
akibat aktif dan memiliki efek yang terlihat nyata. Contoh:
membuat sistem mati (down)
• Serangan Pasif merupakan serangan yang diam-diam, tidak
terdapat aktivitas atau akibat yang kasat mata. Contoh
serangan pasif adalah penyadapan (sniffing).
• Serangan Pasif lebih sulit untuk dideteksi.
• Serangan Aktif lebih mudah dideteksi. Tetapi saat terdeteksi
biasanya akibatnya sudah fatal.
1) John
E. Canavan, Fundamentals of Network Security, Artech House
Fase-fase serangan serangan2)
2) Certified
Ethical Hacker (CEH) module v6.0
1. Reconnaissance
• Finding as much information about the target as possible
before launching the first attack packet
• Reconnaissance techniques
–
–
–
–
3) Ed
Low tech methods
General web searches
Whois databases
DNS
Skoudis, Counter Hack Reloaded, Prentice Hall
Low-Technology Reconnaissance
• Social Engineering
• Physical Break-In
• Dumpster Diving
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Reconnaissance via Searching the Web
• Searching an organization’s own web site
• Using search engines
• Listen in at the virtual watering hole: USENET
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Searching an Organization’s Own Web Site
•
•
•
•
•
3) Ed
Employees’ contact information and phone numbers
Clues about the corporate culture and language
Business partners
Recent mergers and acquisitions
Server and application platforms in use
Skoudis, Counter Hack Reloaded, Prentice Hall
Searching the Web
Searching the web
Searching the web
Whois Databases
• Contain information regarding assignment of Internet addresses,
domain names, and individual contacts
• Internet Corporation for Assigned Names and Numbers (ICANN)
• InterNIC’s whois database available at www.internic.net/whois.html
• Whois database for organizations outside the United States
available at ALLwhois web site
• Whois database for U.S. military organizations available at
whois.nic.mil
• Whois database for U.S. government agencies available at
whois.nic.gov
• Network Solutions whois database
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Whois search
2. Scanning
After the reconnaissance phase, the attacker is armed with some
vital information about the target infrastructure: a handful of
telephone numbers, domain names, IP addresses, and technical
contact information—a very good starting point. Most attackers
then use this knowledge to scan target systems looking for
openings. This scanning phase is akin to a burglar turning
doorknobs and trying to open windows to find a way into a
victim's house.
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Vulnerability Scanning Tools
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Network Mapping
• Finding live hosts
– ICMP pings
– TCP/UDP packets
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Traceroute
• Traceroute utility on most Unix platforms sends out UDP
packets with incremental TTL values to trigger ICMP Time
Exceeded messages
• Tracert utility on Microsoft platform sends out ICMP packets
with incremental TTL values to trigger ICMP Time Exceeded
replies
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Traceroute
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Traceroute
Traceroute
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Cheops
•
•
•
•
A nifty network mapper tool
Available at http://www.marko.net/cheops
Runs on Linux
Generates network topology by using ping sweeps and
traceroute
• Supports remote operating system identification using TCP
Stack Fingerprinting
Figure 6.5 The Cheops display
Defenses against Network Mapping
• Block incoming ICMP messages at Internet gateway to make
ping ineffective
• Filter ICMP Time Exceeded messages leaving your network to
make traceroute ineffective
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Port Scanning
• Used to find open ports
• Free port scanning tools
– Nmap available at www.insecure.org/Nmap
– Strobe at http://packetstorm.securify.com/UNIX/scanners
– Ultrascan for NT available at
http://packetstorm.securify.com/Unix/scanners
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Nmap
• Full-featured port scanning tool
• Unix version available at http://www.insecure.org/Nmap
• Windows NT version available at
http://www.eeye.com/html/Databases/Software/Nmapnt.ht
ml
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Scan Types supported by Nmap
• TCP Connect (-sT)
–
–
–
–
Attempts to completes 3-way handshake with each scanned port
Sends SYN and waits for ACK before sending ACK
Tears down connection using FIN packets
If target port is closed, sender will received either no response, a
RESET packet , or an ICMP Port Unreachable packet.
– Not stealthy
Defenses against Port Scanning
• Unix systems
– remove all unneeded services in /etc/inetd.conf
– Remove unneeded services in /etc/rc*.d
• Windows systems
– uninstall unneeded services or shut them off in the
services control panel
• Scan your own systems before the attackers do
• Use stateful packet filter or proxy-based firewall
– blocks ACK scans
– Blocks FTP data source port scans
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
3. Gaining Access
3.1 Gaining Access using OS and Application Attacks
At this stage of the siege, the attacker has finished scanning the
target network, developing an inventory of target systems and
potential vulnerabilities on those machines. Next, the attacker
wants to gain access on the target systems. The particular
approach to gaining access depends heavily on the skill level of
the attacker, with simple script kiddies trolling for exploits and
more sophisticated attackers using highly pragmatic approaches.
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Script Kiddie Exploit Trolling
Password Guessing Attacks
• Users often choose passwords that are easy to remember, but
are also easily guessed
• default passwords used by vendors left unchanged
• Database of vendor default passwords
http://security.nerdnet.com
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
An online database of default passwords
Password Guessing through
Login Scripting
• THC-Login Hacker tool http://thc.inferno.tusculum.edu
• Authforce http://kapheine.hypa.net/authforce/index.php
• brute_ssl and brute_web
http://packetstrom.security.com/Exploit_Code_archive/brute_ssl.c
http://packetstrom.security.com/Exploit_Code_archive/brute_web.c
• Windows NT password guessing
http://packetstorm.securify.com/NT/audit/nt.remotely.crack.nt.pass
words.zip
• Xavier http://www.btinernet.com/~lithiumsoft/
• Guessing email passwords using POP3 protocol: Hypnopaedia
http://packetstorm.securify.com/Crackers/hypno.zip
• Other password guessing tools
http://packetstorm.securify.com/Crackers
Password Cracking
• More sophisticated and faster than password guessing
through login script
• Requires access to a file containing user names and encrypted
passwords
• Dictionary attacks
• Brute force attacks
• Hybrid dictionary and brute force attacks
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Password Cracking Tools
• L0phtCrack, a Windows NT/2000 password cracker
http://www.l0pht.com/l0phtcrack
• John the Ripper, a Unix password cracker
http://www.openwall.com/john
• Crack, a Unix password cracker
http://www.users.diron.co.uk/~crypto/
• Pandora, a password cracker for Novell
http://www.nmrc.org/pandora
• PalmCrack, a Windows NT and Unix password cracker
that runs on the Palm OS PDA platform
http://www.noncon.org/noncon/download.html
Web Application Attacks
• Can be conducted even if the Web server uses
Secure Sockets Layer (SSL)
– SSL used to authenticate the Web server to the browser
– SSL used to prevent an attacker from intercepting traffic
– SSL can be used to authenticate the client with client-side
certificates
• Web attacks can occur over SSL-encrypted
connection
– Account harvesting
– Undermining session tracking
– SQL Piggybacking
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Account Harvesting
• Technique used to determine legitimate userIDs and even
passwords of a vulnerable application
• Targets the authentication process when application requests
a userID and password
• Works against applications that have a different error
message for users who type in an incorrect userID
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
Account Harvesting Defenses
• Make sure that error message is the same when a user types
in an incorrect userID or password
3) Ed
Skoudis, Counter Hack Reloaded, Prentice Hall
To Be Continued ....
Related documents
presentation source
presentation source
3460:426/526 Operating Systems
3460:426/526 Operating Systems
Intenational Marketing
Intenational Marketing
Computers: Tools for an Information Age
Computers: Tools for an Information Age
capron_8_ppt_app
capron_8_ppt_app
CSC 1210 Programming Methodology I
CSC 1210 Programming Methodology I
Power Point Template (Large Size)
Power Point Template (Large Size)
THE CHANGE IN MARKETING
THE CHANGE IN MARKETING
Chapter 17: Direct and Online Marketing
Chapter 17: Direct and Online Marketing
capron_8_ppt_13
capron_8_ppt_13
No Slide Title - UMM Directory
No Slide Title - UMM Directory