Upload
akungbgl4475
View
218
Download
0
Embed Size (px)
Citation preview
8/14/2019 Security System 1 - 01
1/38
#1
8/14/2019 Security System 1 - 01
2/38
AGENDA
Class Agreements
Aspects of Computer Security
Aspects of Security Threat
Security Methods
8/14/2019 Security System 1 - 01
3/38
CLASS AGREEMENTS
LECTURER:
IR. HARRY T.Y ACHSAN, M.KOM
(021) 7150 8843
0818 0854 0094
mailto:[email protected]:[email protected]8/14/2019 Security System 1 - 01
4/38
CLASS AGREEMENTS
ASSESMENT
Activity in class 40%
Home works/Quizzes 20%
Mid Term 15%
Final Exam 25%
REFERENCE
8/14/2019 Security System 1 - 01
5/38
CLASS AGREEMENTS
OPEN BOOK (selalu & always)
so, you have to have the reference book
CHEATING
Mencontek/dicontek sama-sama
mendapat penghargaan nilai 10 !!!
8/14/2019 Security System 1 - 01
6/38
Why is the computer security
important? *) Computer security is the process of
preventing and detecting unauthorized useof a computer.
Prevention measures help us to stopunauthorized users (also known as"intruders") from accessing any part of ourcomputer system. Detection helps us todetermine whether or not someoneattempted to break into our system, if theywere successful, and what they may havedone.
* htt ://www.armor2net.com/knowled e/com uter securit .htm
8/14/2019 Security System 1 - 01
7/38
Why is the computer security
important? We use computers for everything from
banking and investing to shopping andcommunicating with others through emailor chat programs. Although we may notconsider our communications "top secret,"we probably do not want strangers readingour email, using our computer to attackother systems, sending forged email from
our computers, or examining personalinformation stored on your computer (suchas financial statements).
8/14/2019 Security System 1 - 01
8/38
Why is the computer security
important?
Intruders (also referred to as hackers,
attackers, or crackers) may not care
about your identity. Often they want to
gain control of your computer so theycan use it to launch attacks on other
computer systems.
8/14/2019 Security System 1 - 01
9/38
Why is the computer security
important?
Having control of your computer gives
them the ability to hide their true location
as they launch attacks, often against
high-profile computer systems such asgovernment or financial systems. Even if
you have a computer connected to the
Internet only to play the latest games orto send email to friends and family, your
computer may be a target.
8/14/2019 Security System 1 - 01
10/38
Why is the computer security
important?
Intruders may be able to watch all your
actions on the computer, or cause
damage to your computer by
reformatting your hard drive or changingyour data.
8/14/2019 Security System 1 - 01
11/38
Why is the computer security
important?
Unfortunately, intruders are always
discovering new vulnerabilities
(informally called "holes") to exploit in
computer software. The complexity ofsoftware makes it increasingly difficult to
thoroughly test the security of computer
systems.
8/14/2019 Security System 1 - 01
12/38
Why is the computer security
important?
Also, some software applications havedefault settings that allow other users toaccess your computer unless you
change the settings to be more secure.Examples include chat programs that letoutsiders execute commands on yourcomputer or web browsers that could
allow someone to place harmfulprograms on your computer that runwhen you click on them.
8/14/2019 Security System 1 - 01
13/38
Aspects of Computer Security
Authentication
Authentication is the process of
determining whether someone or
something is, in fact, who or what it isdeclared to be.
In private and public computer networks
(including the Internet), authentication iscommonly done through the use of
logon passwords.
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211621,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212499,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212499,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211621,00.html8/14/2019 Security System 1 - 01
14/38
Aspects of Computer Security
Authentication
Knowledge of the password is assumed toguarantee that the user is authentic. Eachuser registers initially (or is registered by
someone else), using an assigned or self-declared password. On each subsequentuse, the user must know and use thepreviously declared password. Theweakness in this system for transactionsthat are significant (such as the exchangeof money) is that passwords can often bestolen, accidentally revealed, or forgotten.
8/14/2019 Security System 1 - 01
15/38
Aspects of Computer Security
Authentication
For this reason, Internet business andmany other transactions require a morestringent authentication process. The use
ofdigital certificates issued and verified bya Certificate Authority (CA) as part of apublic key infrastructure is considered likelyto become the standard way to performauthentication on the Internet.
Logically, authentication precedesauthorization (although they may oftenseem to be combined).
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.htmlhttp://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci211622,00.htmlhttp://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci211622,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.html8/14/2019 Security System 1 - 01
16/38
Aspects of Computer Security
Integrity
Assurance that the data being accessed
or read has neither been tampered with,
nor been altered or damaged through asystemerror, since the time of the last
authorized access.
http://www.infogix.com/information_integrity_defined
http://www.businessdictionary.com/definition/assurance.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/system.htmlhttp://www.businessdictionary.com/definition/error.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/access.htmlhttp://www.businessdictionary.com/definition/error.htmlhttp://www.businessdictionary.com/definition/system.htmlhttp://www.businessdictionary.com/definition/data.htmlhttp://www.businessdictionary.com/definition/assurance.htmlhttp://www.businessdictionary.com/definition/assurance.html8/14/2019 Security System 1 - 01
17/38
8/14/2019 Security System 1 - 01
18/38
Aspects of Computer Security
Integrity
Information Integrity is a prerequisite for
many other information management
initiatives. If the underlying informationisnt of a sufficient level of integrity, the
success of business activities relying on
the information will be limited.
Example: Threats to information integrity
http://www.thehindubusinessline.com/businessline/iw/2001/07/08/stories/0808h01v.htmhttp://www.thehindubusinessline.com/businessline/iw/2001/07/08/stories/0808h01v.htm8/14/2019 Security System 1 - 01
19/38
Aspects of Computer Security
Nonrepudiation
In reference to digital security,nonrepudiation means to ensure that a
transferred message has been sent andreceived by the parties claiming to havesent and received the message.Nonrepudiation is a way to guarantee thatthe sender of a message cannot later denyhaving sent the message and that therecipient cannot deny having received themessage.
http://www.webopedia.com/TERM/N/nonrepudiation.html
8/14/2019 Security System 1 - 01
20/38
Aspects of Computer Security
Nonrepudiation
Nonrepudiation can be obtained throughthe use of: digital signatures (digital certificates, a form of
public key infrastructure) -- function as a uniqueidentifier for an individual, much like a writtensignature.
confirmation services -- the message transferagent can create digital receipts to indicated that
messages were sent and/or received. timestamps -- timestamps contain the date and
time a document was composed and proves thata document existed at a certain time.
http://www.webopedia.com/TERM/N/digital_signature.htmlhttp://en.wikipedia.org/wiki/Digital_certificateshttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://www.webopedia.com/TERM/N/MTA.htmlhttp://www.webopedia.com/TERM/N/MTA.htmlhttp://www.webopedia.com/TERM/N/MTA.htmlhttp://www.webopedia.com/TERM/N/MTA.htmlhttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Digital_certificateshttp://www.webopedia.com/TERM/N/digital_signature.html8/14/2019 Security System 1 - 01
21/38
Aspects of Computer Security
Authority
An unauthorized user can not altered/
modified information reside in the
computer network.
8/14/2019 Security System 1 - 01
22/38
Aspects of Computer Security
Confidentiality
Confidentiality has been defined by theInternational Organization for
Standardization (ISO) as "ensuring thatinformation is accessible only to thoseauthorized to have access" and is one ofthe cornerstones ofinformation security.Confidentiality is one of the design goalsfor many cryptosystems, made possible inpractice by the techniques of moderncryptography.
http://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cryptosystemhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/International_Organization_for_Standardizationhttp://en.wikipedia.org/wiki/International_Organization_for_Standardization8/14/2019 Security System 1 - 01
23/38
Aspects of Computer Security
Privacy
Privacy is the ability of an individual orgroup to seclude themselves or information
about themselves and thereby revealthemselves selectively.
The boundaries and content of what isconsidered private differ among cultures
and individuals, but share basic commonthemes. Privacy is sometimes related toanonymity, the wish to remain unnoticed orunidentified in the public realm.
http://en.wikipedia.org/wiki/Anonymityhttp://en.wikipedia.org/wiki/Anonymity8/14/2019 Security System 1 - 01
24/38
Aspects of Computer Security
Privacy
When something is private to aperson, itusually means there is something within themthat is considered inherently special or
personally sensitive. The degree to whichprivate information is exposed thereforedepends on how the public will receive thisinformation, which differs between places and
over time. Privacy can be seen as an aspect ofsecurity one in which trade-offs betweenthe interests of one group and another canbecome particularly clear.
http://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Security8/14/2019 Security System 1 - 01
25/38
Aspects of Computer Security
Privacy
The right against unsanctioned invasion of privacy bythe government, corporations orindividuals is part ofmany countries' privacy laws, and in some cases,constitutions. Almost all countries have laws which in
some way limit privacy; an example of this would belaw concerning taxation, which normally require thesharing of information about personal income orearnings. In some countries individual privacy mayconflict with freedom of speech laws and some lawsmay require public disclosure of information whichwould be considered private in other countries andcultures.
http://en.wikipedia.org/wiki/Governmenthttp://en.wikipedia.org/wiki/Corporationhttp://en.wikipedia.org/wiki/Individualhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Constitutionhttp://en.wikipedia.org/wiki/Taxationhttp://en.wikipedia.org/wiki/Earningshttp://en.wikipedia.org/wiki/Freedom_of_speechhttp://en.wikipedia.org/wiki/Freedom_of_speechhttp://en.wikipedia.org/wiki/Earningshttp://en.wikipedia.org/wiki/Taxationhttp://en.wikipedia.org/wiki/Constitutionhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Individualhttp://en.wikipedia.org/wiki/Corporationhttp://en.wikipedia.org/wiki/Government8/14/2019 Security System 1 - 01
26/38
Aspects of Computer Security
Privacy Privacy may be voluntarily sacrificed, normally inexchange for perceived benefits and very often withspecific dangers and losses, although this is a verystrategic view of human relationships. Academics
who are economists, evolutionary theorists, andresearch psychologists describe revealing privacy asa 'voluntary sacrifice', where sweepstakes orcompetitions are involved. In the business world, aperson may give personal details (often foradvertising purposes) in order to enter a gamble of
winning a prize. Information which is voluntarilyshared and is later stolen or misused can lead toidentity theft.
http://en.wikipedia.org/wiki/Advertisinghttp://en.wikipedia.org/wiki/Identity_thefthttp://en.wikipedia.org/wiki/Identity_thefthttp://en.wikipedia.org/wiki/Advertising8/14/2019 Security System 1 - 01
27/38
Aspects of Computer Security
Availability
Information availability is alwaysvulnerable to the unexpected, such as
human error, severe weather, naturaldisasters, disruptions to electrical orcommunications networks, as well asman-made disasters. Even a minor
disruption to business operations can bedevastating, which is why developing aninformation availability plan is essential.
8/14/2019 Security System 1 - 01
28/38
Aspects of Computer Security
Access CotrolAccess control is the ability to permit or denythe use of a particular resource by a particularentity.
Access control mechanisms can be used inmanaging physical resources (such as amovie theater, to which only ticketholdersshould be admitted), logical resources (a bankaccount, with a limited number of people
authorized to make a withdrawal), or digitalresources (for example, a private textdocument on a computer, which only certainusers should be able to read).
http://en.wikipedia.org/wiki/Access_control#Computer_security
http://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_control8/14/2019 Security System 1 - 01
29/38
Aspects of Computer Security
Access Cotrol
In computer security, access control
includes authentication, authorization
and audit. It also includes measuressuch as physical devices, including
biometric scans and metal locks, hidden
paths, digital signatures, encryption,social barriers, and monitoring by
humans and automated systems.
http://en.wikipedia.org/wiki/Access_control#Computer_security
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Lock_(device)http://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Lock_(device)http://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Computer_security8/14/2019 Security System 1 - 01
30/38
8/14/2019 Security System 1 - 01
31/38
Aspects of Computer Security
Access Cotrol
Subjects and objects should both be
considered as software entities, rather
than as human users: any human usercan only have an effect on the system
via the software entities that they
control.
http://en.wikipedia.org/wiki/Access_control#Computer_security
http://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_control8/14/2019 Security System 1 - 01
32/38
Aspects of Computer Security
Access Cotrol
Although some systems equate subjectswith user IDs, so that all processes
started by a user by default have thesame authority, this level of control is notfine-grained enough to satisfy thePrinciple of least privilege, and arguably
is responsible for the prevalence ofmalware in such systems (see computerinsecurity).
http://en.wikipedia.org/wiki/Access_control#Computer_security
http://en.wikipedia.org/wiki/Principle_of_least_privilegehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Principle_of_least_privilege8/14/2019 Security System 1 - 01
33/38
8/14/2019 Security System 1 - 01
34/38
INTERUPTION
8/14/2019 Security System 1 - 01
35/38
INTERCEPTION
Hackers are constantly working
to update their attack tools,techniques and methods to find
new ways to break into
databases, networks and PCs.
Track their progress and the work
of cybercrime investigators with
hacking groups, hacker sites and
the hacker underground.
8/14/2019 Security System 1 - 01
36/38
8/14/2019 Security System 1 - 01
37/38
FABRICATION
These days, a phishing attack is almost
indistinguishable from the real thing.The result: unwitting employees disclosing
confidential information, from passwords to
financial data, to ill-intentioned intruders.
Unable to identify fraudulent websites and
counterfeit email messages, these internal
workers are essentially opening a
companys closed doors to criminals.
No wonder spear phishing attempts
are exploding in number. The
Symantec Probe Network detected a
total of 166,248 unique phishingmessages, a six percent increase
over the first six months of 2006.
And Symantec blocked over 1.5
billion phishing messages, an
increase of 19 percent over the first
half of 2006.
8/14/2019 Security System 1 - 01
38/38