Upload
valerie-kelly
View
251
Download
1
Embed Size (px)
Citation preview
Network Security
Onno W. [email protected]
Buku Keamanan Jaringan Internet Toko Buku Gramedia
http://www.sans.org
http://www.rootshell.com
Overview Roadmap SANS Integrating Security Into Your Site How to Get the Work Done Where to Find the Right
Information Pitfalls and Vulnerabilities
Integrating Security Into Your Site
Integrating Security Into Your Site How do you justify the security
infrastructure investment? How do you determine your site's security
mission statement? What are the key elements of a successful
security awareness training program? What are the key elements of a good
security infrastructure? What are some common security problems
which continue to plague many sites?
How to Get the Work Done
How to Get the Work Done duties of security support personnel? ensure or document security infrastructure? types of security tools and the most popular
tools in use today? Where can you find some consolidated
information security vulnerabilities? find vendor-specific security patches? find many of the public domain security tools? seven items when responding to incident? five low-cost security improvements?
7 items to remember? Follow your organization’s policies and
procedures. Contact incident response agencies. Communication via out-of-band (e.g., a phone
call). Document your actions. Make copies of files the intruders may have
left or touched & store them off-line. If you are unsure of what actions to take, seek
additional help and guidance. Contact law enforcement officials.
5 low-cost improvements Document and publish what you expect. Configure your routers to deny all
unnecessary incoming traffic. Keep sendmail properly configured and
updated. Use freeware vulnerability assessment
tools. Publish the results. Install freeware host and network based
auditing and traffic analysis tools on critical hosts.
Where to Find the Right Information
Where to Find the Right Information What are some incident response
centers? Where can you find vendor-specific
security information? What are some of the good security web
sites? What are some good security books? What are some good security mailing
lists?
Good security web sites? ftp://ciac.llnl.gov/pub/ciac/
sectools/unix/ ftp://ftp.cerias.purdue.edu ftp://ftp.cert.org/pub/tools/ ftp://ftp.win.tue.nl/pub/security/ ftp://ftp.funet.fi/pub/unix/security/
Pitfalls and Vulnerabilities
Pitfalls and Vulnerabilities What are some of the frequently
targeted system binaries and directories?
What are some common Internet attack methods in use today?
What are some common problems with security perimeter implementations?
targeted system binaries & directories? /bin/login /usr/etc/in.telnetd /usr/etc/in.ftpd /usr/etc/in.tftpd /usr/ucb/netstat /bin/ps /bin/ls /usr/sbin/ifconfig /bin/df /usr/lib/libc.a /usr/ucb/cc
/.rhosts /etc/hosts.equiv /bin/.rhosts /etc/passwd /etc/group /var/yp/* (nis maps) root environment
files (.login, .cshrc, .profile, .forward)
Common Internet attack? Exploitation vulnerabilities in vendor
programs. Exploitation of cgi-bin vulnerabilities. Email bombing, spamming & relaying. Exploitation anon-FTP & web servers. Exploitation of named/BIND vulnerabilities. Exploitation of MTA & mail readers. Denial of Services (DoS) attacks. Sending hostile code & attack programs as
mail attachments.
Security perimeter implementations? Further security checks & controls are
needed on internal network. Members can request analog lines at
workspace & bypassing the security perimeter.
Some network services (e.g., ftp, tftp, http, sendmail) destined for internal hosts are passed through the security perimeter control points unscreened.
Security perimeter implementations? The firewall hosts or routers accept
connections from multiple hosts on the internal network and from hosts on the DMZ network
Access lists are often configured incorrectly, allowing unknown and dangerous services to pass through freely.
Security perimeter implementations? Logging of connections through the
security perimeter is either insufficient or not reviewed on a regular basis.
People frequently implement encrypted tunnels through their security perimeter without fully considering the security of the endpoints of the tunnel.