Network Security:Pentingnya Keamanan Komputer

Computer Network Research GroupITB

Perspective ...

less then 200 security incident in 1989.about 400 in 1989.about 1400 in 1993.estimated more than 2241 in 1994.Nobody knows the correct statistics on

how many attacks are actually detected by the sites broken into.

Survey Dan Farmer (Dec96)1700 web sites:

60% vurnelable. 9-24%terancam jika satu bug dari

service daemon (ftpd, httpd / sendmail) ditemukan.

Serangan pada 10-20 % sites di netralisir menggunakan denial-of-service

Statistik Serangan

Jenis Scan Tembus% Kuning% Merah%Banks 660 68.33 32.73 35.61Credit U 274 51.09 30.66 20.44US Fed 47 61.70 23.40 38.30Newspaper 312 69.55 30.77 38.78Sex 451 66.08 40.58 25.50Totals 1734 64.94 33.85 31.08

Resiko Serangan24

3

0

5

10

15

20

25

W/ Internet W/O Internet

Sumber Serangan

0

20

40

60

80Dari luar

Virus keJ aringanVirus ke PC

Dari Dalam

Aktifitas SeranganManipulasi Data 6.8%Backdoor Software 6.6%Password 5.6%Scanning 14.6%Trojan Horse 5.8%IP Spoofing 4.8%Virus 10.6%

Serangan di InternetApprox. 19.540.000 hosts are

connected to Internet (end1996)US DoD 250.000 serangan / tahun.Serangan pada Rome Laboratory.

Network Security

usaha untuk mencegah seseorang melakukan tindakan-tindakan yang tidak kita inginkan pada komputer, perangkat lunak, dan piranti yang ada di dalamnya sehingga semuanya tetap dalam keadaan ideal yang kita inginkan’

Layout Firewall

InterNet

InternalNetwork

Firewall

What are you trying to protect?Your Data.Your Resources.Your Reputation.

What Are You Trying To Protect Against?Type of attacks

Intrusion.Denial of Service.Information Theft.

Type of Attackers

Joyriders.Vandals.Score Keepers.Spies (Industrial & Otherwise).Stupidity & Accidents.

Security Policy

‘satu keputusan yang menentukan batasan-batasan tindakan-tindakan yang bisa dilakukan dan balasan apabila terjadi pelanggaran batasan-batasan yang ada untuk mencapai satu tujuan tertentu’

ObjectivesSecrecyData IntegrityAvailability

Step Security PolicyApa yang boleh / tidak boleh.Prediksi resiko & biaya (start dengan

bug).Tentukan objek yang di lindungi.Tentukan bentuk ancaman & serangan:

unauthorized access. Disclosure information. Denial of service.

Step ...Perhatikan kelemahan system:

authentication. Password sharing. Penggunaan password yang mudah di

tebak. Software bug.

Optimasi Cost / Performance.

Manusia ...Tanggung Jawab.Komitmen.

Design Security PolicyKerahasiaan (Secrecy)Integritas DataAvailabilityKonsistensiKontrol Identifikasi & AuthentikasiMonitoring & Logging

Prinsip ...Hak minimumKurangi jumlah komponen

How Can You Protect Your SiteNo Security.Security Through Obscurity.Host Security.Network Security.No Security Model Can Do It All.

What Can A Firewall Do?

A firewall is a focus for security decisions.

A firewall can enforce security policy.A firewall can log Internet activity

efficiently.A firewall limits your exposure.

What Can’t A Firewall Do?

A firewall can’t protect you against malicious insiders.

A firewall can’t protect you against connections that don’t go through it.

A firewall can’t protect against completely new threats.

A firewall can’t protect against viruses.

List of A Must Secure Internet ServicesElectronic mail (SMTP).File Transfer (FTP).Usenet News (NNTP).Remote Terminal Access (Telnet).World Wide Web Access (HTTP).Hostname / Address lookup (DNS).

Security Strategies.Least Privilege.Defense in Depth (multiple security

mechanism).Choke Point forces attackers to use a

narrow channel.Weakest Link.Fail-Safe Stance.Diversity of Defense.Simplicity.

Building Firewalls

Some Firewall Definitions

Firewall A component or set of components that

restricts access between a protected network and the Internet, or between other sets of networks.

Host A computer system attached to a

network.

Firewall Def’s Cont’ ..

Bastion Host A computer system that must be highly

secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks.

Dual-homed host A general-purpose computer system that has

at least two network interfaces (or homes).

Firewall Def’s Cont ...Packet.

The fundamental unit of communication on the Internet.

Packet filtering. The action a device takes to selectively control

the flow of data to and from a network.Perimeter network.

a network added between a protected network and external network, to provide additional layer of security.

Firewall Def’s Cont ...

Proxy Server A program that deals with external

servers on behalf of internal clients. Proxy client talk to proxy servers, which relay approved client requests on to real servers,and relay answer back to clients.

Packet Filtering

InterNet

InternalNetwork

Routes or blocks packets,as determined by site's

security policy.

ScreeningRouter

Proxy Services

InterNet

InternalNetwork

Proxy ServerDual homed HostFirewall

Internal HostProxy Client

External HostReal Server

Screened Host Architecture

InterNet

InternalNetwork

ScreeningRouter

Bastion Host

Firewall

De-Militarized Zone Architecture

InterNet

InternalNetwork

PerimeterNetwork

Interior RouterChoke Router

Exterior Router

Bastion Host

Firewall

DMZ With Two Bastion Hosts

InterNet

InternalNetwork

PerimeterNetwork

Interior RouterChoke Router

Exterior Router

Firewall

SMTP / DNS Host

FTP/WWW Host

It’s OK

Merge Interior & Exterior RouterMerge Bastion Host & Exterior

RouterUse Mutiple Exterior RouterHave Multiple Perimeter NetworkUse Dual -Homed Hosts & Screened

Subnets

It’s Dangerous

Use Multiple Interior RouterMerge Bastion Host and Interior

Router

Private IP Address

Use within Internal NetworkReference RFC 1597IP address alocation:

Class A: 10.x.x.x Class B: 172.16.x.x - 172.31.x.x Class C: 192.168.0.x -

192.168.255.x

Bastion Host

It is our presence in Internet.

Keep it simple.Be prepared for the bastion host to

be compromised.

Special Kinds of Bastion HostsNonrouting Dual-Homed Hosts.Victim Machine.Internal Bastion Hosts.

Choosing A Bastion Host

What Operating System? Unix

How Fast a Machine? 386-based UNIX. MicroVAX II Sun-3

Proxy Systems

Why Proxying? Proxy systems deal with the insecurity

problems by avoiding user logins on the dual-homed host and by forcing connections through controlled software.

It’s also impossible for anybody to install uncontrolled software to reach Internet; the proxy acts as a control point.

Proxy - Reality & Illusion

User's Illusion

Percieved Connection

Actual Connection

Client

ServerProxy Server

Advantages of Proxying

Proxy services allow users to access Internet services “directly”

Proxy services are good at logging.

Disadvantages of ProxyingProxy services lag behind non-proxied

services.Proxy services may require different servers

for each service.Proxy services usually require modifications to

clients, procedures, or both.Proxy services aren’t workable for some

services.Proxy services don’t protect you from all

protocol weaknesses.

Proxying without a Proxy ServerStore-and-Forward services naturally

support proxying.Examples:

E-mail (SMTP). News (NNTP). Time (NTP).

Internet Resources on Security Issues

WWW Pages

http://www.telstra.com.au/info/security.html

http://www.cs.purdue.edu/coast/coast.html

Mailing Lists

firewalls@greatcircle.com ftp://ftp.greatcircle.com/pub/firewalls/ http://www.greatcircle.com/firewalls/

fwall-users@tis.comacademic-firewalls@net.tamu.edu

ftp://net.tamu.edu/pub/security/lists/academic-firewalls

bugtraq@fc.net

Newsgroupscomp.security.announce.comp.security.unix.comp.security.misc.comp.security.firewalls.alt.security.comp.admin.policy.comp.protocols.tcp-ip.comp.unix.admin.comp.unix.wizards

Summary

In these dangerous times, firewalls are the best way to keep your site secure.

Although you’ve got to include other tipes of security in the mix, if you’re serious about connecting to the Internet, firewall should be at the very center of your security plans.