1 / 22

INTERNET & E-COMMERCE Security

Lecturer : Bambang Warsuta, S.Kom , M.T.I bambangwarsuta@gmail.com. INTERNET & E-COMMERCE Security. S1 Teknik Informatika Fakultas Ilmu Komputer UPN “Veteran” Jakarta. Profile Potential Cyber User in Indonesia Sumber : Kompas , Triennal Review, Comscore. Threats.

reece-lucas
Télécharger la présentation

INTERNET & E-COMMERCE Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecturer : Bambang Warsuta, S.Kom, M.T.I bambangwarsuta@gmail.com INTERNET & E-COMMERCESecurity S1 TeknikInformatikaFakultasIlmuKomputer UPN “Veteran” Jakarta

  2. Profile Potential Cyber User in IndonesiaSumber: Kompas, TriennalReview, Comscore

  3. Threats • Unauthorized Access = Aksesolehpihakygtidakberhak • Mobile Device Attack = Serangankeamananpadaperangkathandphone, tablet computer • System Compromise = Kelemahan internal darisistem/ bolongkeamananaplikasi • Cyber Espionage = Mata-matasisteminformasi • Social Engineering = Pencurian data pentingmelaluijejaringsosial • SPAM = Email ygtidakdiperlukan • Malware = Virus program • Insider = Kegiatan orang dalam • Denial of Service = Kegagalansistemakibatkesengajaan • Data Leakage = Kebocoran data • Phishing = Pencurianinformasimelalui email • Identity Theft = Pencurianinformasiidentitasseseorang • Web Deface = sistemeksploitasidengantujuanmenggantitampilanhalamanmukasuatusitus.

  4. 4Besar Threat Abuse Sumber : id-CERT (Cyber Emergency Response Team)

  5. Laporan Abuse dari ID-CERT • PosisikeempattertinggiadalahMALWARE.Posisiiniturundibandingkantahunsebelumnyakecualipadabulan April. • BiladibandingkandenganbulanDesember 2010, jumlahlaporanjugaturun(Posisipadabulan Des 2010 adalah: 9.417 laporan) • Sedangkanbiladibandingkandenganbulan yang samaditahun 2010, makatren yang terjadiadalahterjadikemiripandibandingperiode yang samatahunlalu. • Berdasarkandata Messagelabs, malware secara global memilikikecenderunganmenurun.

  6. Malware • Malware = Malicious Software (perangkatlunakjahat) Kawinsilangantara virus, worm, trojan horse, backdoor, keylogger, screen logger, dll • Fungsi-fungsi yang digunakan • Packer (is a program that has been packed/protected with a protection system typically designed by malware authors to bypass anti-virus protection and to hide malware contents.) • Polymorphic (memilikbanyakbentuk)  Trojan, Worm, spyware. • Enkripsi • Exploit (fungsimenyerangkelemahankomputer) • Instant Messenger (chatting) • Mematikan Anti Virus yang terpasang • dll

  7. Laporan Abuse dari ID-CERT (1) • Posisiketigatertinggipadatahuniniadalahdengankategori LAIN-LAIN. Dimanayang masukdalamkategoriiniadalahsemuanyaterkaitdenganpelanggaranHaKI (HakAtasKekayaanIntelektual) baikituuntukPirantiLunakmaupun Film.

  8. Laporan Abuse dari ID-CERT (2) • SPAM, Dari total laporan yang masuk, SPAM mendudukiperingkatkeduadaritotal laporan yang diterimadiawaltahun 2011 ini, namunpadabulanMarethinggaJuniterdapatkecenderunganmenurun.

  9. Laporan Abuse dari ID-CERT (3) • Insidenjaringan (Network Incident) yang mencakup: DoS Attack, Open Relay, Open Proxy, Hacking, Port Scanning, Port Probe (HTTP/HTTPS, FTP, TELNET, TCP, SSH Brute, CGI, RPC, Netbios, VNC Portscan), TCP Sweep dan SQL Injection padatahuninimendudukiperingkatpertamadalamriset Abuse kali ini. Hal inimerupakanrekortertinggisemenjakawaltahunini.

  10. Secure eCommerce environment • A secure e-commerce environment requires: • Access control, usually managed by a firewall, which regulates the data flow • Authentication, which binds the identity of an individual to a specific message or transaction • Data privacy and integrity, which ensures that communications and transactions remain confidential, accurate and have not been modified.

  11. First line Defense • This is the first line of defense for any website. Some methods for accomplishing this are: • Firewalls. • PORT • User account security. • User Credential, Password, Access Rules • Software security. • Antivirus, AntiMalware, AntiSpam, etc. • Additional protection for sensitive data. • Secure password management, Data Encryption, etc.

  12. SilakanBertanya??? Successful people ask better questions, and as a result, they get better answers. Tony Robbins 

  13. COMMON WEBSITE SECURITY MEASURES (1) • Routers • Be sure that your router is appropriately configured. • A router is designed to route packets efficiently and reliably, but not securely, thus although it is a layer in your security package, a router should not be used alone as a method for implementing a security policy. • One of the most common types of security attack is what is called a “denial-of-service” attack, i.e. an attacker or attackers use various means to prevent legitimate website users from accessing a site.

  14. Denial Of Services

  15. FIREWALLS

  16. COMMON WEBSITE SECURITY MEASURES (2) • Firewalls • A firewall is a device that controls the flow of communication between internal networks and external networks, such as the Internet. • It controls “port-level” access to a network and a website. A “port” is like a doorway into a server. • Here are some examples of firewall configurations you might want to implement. • Close off the possibility of unnecessary or unauthorized traffic accessing your servers. • Configure the firewall so that only wanted traffic gets through. • Encrypt most or all traffic between servers. • Limit the points of access.

  17. COMMON WEBSITE SECURITY MEASURES (3) • Disable Nonessential Services • Some of the services you should disable on your website’s servers include, but are not limited to: • Mail (SMTP). • Finger Network Protocol • Netstat, systat. • Chargen, echo.  Character generator Protocol • FTP. • Telnet. • Berkeley UNIX”r” commands such as rlogin,rsh, rdist etc. • SNMP.  Simple Network Management Protocol

  18. COMMON WEBSITE SECURITY MEASURES (4) • User Account Security • A common method hackers use to gain access to a web server is to steal an authorized user’s account. • Restricting a user’s access to only the needed resources limits the amount of damage hackers can do to your website. Authentication and authorization are the two best general ways to restrict access. • Authentication. This verifies that you are who you claim to be. • Authorization. This defines what a user is allowed to do.

  19. COMMON WEBSITE SECURITY MEASURES (5) • Data Confidentiality • Confidentiality ensures that only authorized people can view data transferred in networks or stored in databases. • Protecting sensitive data like credit card numbers, inventory, etc. is a difficult problem for web-based businesses

  20. COMMON WEBSITE SECURITY MEASURES (6) • Monitoring Your Website • Finally, monitor your website’s usage and take a proactive stance on security holes. To ensure a high level of security, you should: • Monitor for break-ins. Institute a user account change report or install a sophisticated network monitoring system. • Monitor your logs after an attack, they can tell you how the attack occurred and might even provide a clue as to the identity of the attacker. • Run a security analysis program that can take a snapshot of your site and then analyze for potential weaknesses in your site. • Perform security audits with outside auditors to check for potential security holes that you might have missed. • Back up your website on a scheduled basis so that, if needed, you can recover damaged data and programs.

  21. Silakanbertanya???

  22. Thank You… Have a nice weekend… The only source of knowledge is experience.Albert Einstein 

More Related