Abdullah A.

Koro
Bentala Piranti Global, Inc
koro@bentala.co.id

Introduction to computer security

Physical Security

Software/OS Security

Network Security

Software Attack: Virus, Worm, etc

Internet Attack: Attack to TCP, DNS, DDOS,
etc

The concepts, techniques, technical
measures, and administrative measures used
to protect information assets from deliberate
or inadvertent unauthorized acquisition,
damage, disclosure, manipulation,
modification,loss, or use

Computer networks have grown in both size
and importance in a very short time.

If the security of the network is
compromised, there could be serious
consequences, such as loss of privacy, theft of
information, and even legal liability.

To make the situation even more challenging,
the types of potential threats to network
security are always evolving.

It refers to any activities designed to protect
your network.

Specifically, these activities protect the
usability, reliability, integrity, and safety of
your network and data. Effective network
security targets a variety of threats and stops
them from entering or spreading on your
network.

Threat - an action or event that might compromise
security. It represents a potential risk to a computer or
system.

Vulnerability - the existence of a weakness in a
design or configuration that can lead to an
exploitation or some other unwanted and unexpected
event that can compromise the security of a system.

Target of Evaluation - this is the system that needs to
be tested, or evaluated to see if it has vulnerabilities.

Attack - An actual assault on a system.

Exploit - A way to compromise the security of a
system, usually a proof of concept about a
vulnerability.

Hacker – A general term that has historically
been used to describe a computer programming
expert. More recently, this term is often used in
a negative way to describe an individual that
attempts to gain unauthorized access to
network resources with malicious intent.

Cracker – A more accurate term to describe
someone who tries to gain unauthorized access
to network resources with malicious intent.

White hat – an individual who looks for vulnerabilities
in systems or networks and then reports these
vulnerabilities to the owners of the system so that
they can be fixed. They are ethically opposed to the
abuse of computer systems.

Black hat – Another term for individuals who use their
knowledge of computer systems to break into
systems or networks that they are not authorized to
use, usually for personal or financial gain. A cracker is
an example of a black hat.

Gray hat – individual who works both offensively and
defensively at various time

Integrity: guaranteeing that the data are
those that they are believed to be.

Confidentiality: ensuring that only
authorised individuals have access to the
resources being exchanged.

Availability: guaranteeing the information
system's proper operation.

Authentication: ensuring that only
authorized individuals have access to the
resources.

Denial of Service (DoS) Attacks

Website Defacement

Viruses and Worms

Data sniffing and Spoofing

Unauthorized Access

Malicious Code and Trojans

Port-scanning and Probing

Wireless Attacks

Tindakan atau cara yang dilakukan untuk
mencegah atau menanggulangi dan menjaga
hardware, program, jaringan dan data dari
bahaya fisik dan kejadian yang dapat
menyebabkan kehilangan yang besar atau
kehancuran. Keamanan fisik termasuk
perlindungan terhadap kebakaran, bencana
alam, pencurian, vandalism dan teroris

What do you need to protect:
- Building
- Computer Room
- Computer/Server
- Storage Media

Dilindungi terhadap apa?
- Lingkungan
- Kebakaran
- Iklim
- Gempa Bumi dan Getaran
- Air
- Listrik
- Petir
- Orang

Faktor Manusia

Sering kali eksploitasi dilakukan oleh orang dalam

Digunakan teknologi biometric

Biasanya digunakan sebagai otentikasi untuk masuk ke
ruangan khusus, seperti ruang server, ruang komputer
atau untuk mengakses suatu sistem

Biometrik

Dapat berupa:

sidik jari, telapak tangan, pola retina, pola suara, tanda
tangan dan pola mengetik.
 Face
Fingerprint

17
Iris Handwriting

Biasanya operating system seperti windows,
linux, mac os mudah diserang

Harus ada user authentication pada sistem
operasi tersebut

Struktur OS juga menentukan lemah
tidaknya suatu sistem dilihat dari segi
software

Cara menanggulanginya: Backup dan Harus
ada password

At least 8 alphanumeric and special symbol characters
in length. Avoid all number and all letters

The maximum number of times any single character
can be repeated in a password should be restricted to
three

Avoid using personal data such as birthday, telephone
number, numberplate

System controls should be configured to limit a time
of a password (ex.36 week) and also cannot re-use old
password unless after 8 to 10 new password be used

Should be selected by the end user and easy to
remember

Virus

Malware

Trojan

Biasanya mengandung logic-bomb yang
diprogram untuk beraksi waktu-waktu
tertentu

Biasanya tersembunyi

Virus: Hindari software bajakan. Karena virus
ini dapat menduplikasikan dan menularkan
lewat media bajakan

Lainnya: Hindari menggunakan USB
Flashdish

Pasang antivirus spt Mcafee, Norton AV, dll

There are so many things need to be read and
discuss

Wanna Discussion?