KEAMANAN INFORMASI 2

PERTEMUAN 5
 REFERENCES
1. CRYPTOGRAPHY BASIC BY William Stallings
 Computer and Network Security
Techniques
To guard against the baneful influence exerted by
strangers is therefore an elementary dictate of savage
prudence. Hence before strangers are allowed to enter a
district, or at least before they are permitted to mingle
freely with the inhabitants, certain ceremonies are often
performed by the natives of the country for the purpose of
disarming the strangers of their magical powers, or of
disinfecting, so to speak, the tainted atmosphere by which
they are supposed to be surrounded.
—The Golden Bough
Sir James George Frazer
  —The Art of War
Sun Tzu
Virtual Private Networks and IPSEC

 IPSEC provides three main facilities:

 an authentication-only function called the
Authentication Header (AH)
 combined authentication/encryption function
called Encapsulating Security Payload (ESP)
 key exchange functionality
 Transport & Tunnel Modes
 ESP supports two modes of use:
 Transport
• which provides protection for upper-layer protocols
• typically used for end-to-end communication between two hosts
 Tunnel
• which provides protection to the entire IP packet
• used when at least one of the two ends is a security gateway
ESP Encryption and Authentication
 Example of Tunnel Mode

Host B
Host A IPSEC Outer IP
Processing Header is
Needed? Stripped
 Key Management
 IPSEC key management involves the
determination and distribution of secret
keys.
IPSEC supports 2 types of key management
• Manual – requires a system administrator
to manually configure the systems and
corresponding keys
• Automated – no human intervention needed
and enables on-demand creation of keys
 IPSEC and VPNs
 thereis a driving need for users and organizations to be
able to:
 secure their networks
 receive traffic over the internet while still meeting the need to
secure the network
 Ipsec and VPNs
IPsec
provides • can be implemented in
the network routers or firewalls owned
manager and operated by the
with organization
• a service provider can
complete simplify the job of planning,
control implementing, and
over the maintaining Internet-based
security VPNs for secure access and
aspects of secure communication
VPN
 Application layer security
 SSL – Secure Socket  TLS – Transport
Layer Layer Security
 general purpose service  RFC 2246
designed to provide a  basically an updated
reliable end-to-end secure service from SSL that
service provides reliable end-
 set of protocols that relies to-end secure data
on TCP transfer
• could be provided as part of
the underlying protocol suite
and transparent to
applications
• can be embedded in specific
packages
SSL Architecture
(Two Important SSL Concepts)
SSL Connection

• transport that provides a suitable type

of service
• peer-to-peer and transient

SSL Session

• association between client and server

• created by handshake protocol
SSL Record Protocol

MAC= message authentification code

Change Cipher Spec Protocol
(see Fig. 24.2 shown previously)
 the simplest of the three SSL-specific
protocols
 makes use of the SSL Record Protocol
 consists of a single message, which
consists of a single byte with the value 1
 sole purpose is to cause the pending state to
be copied into the current state

Pending
 Alert and Handshake
Protocols (see Fig. 24.2 shown previously)
 Alert Protocol (ex. Incorrect MAC)
 conveys SSL related alerts to the peer entity
 compressed and encrypted
 Handshake Protocol
 most complex part of SSL
 allows server and client to authenticate
 negotiates encryption and MAC algorithm as
well as the keys
 used before the transmission of any
application data
 Wi-Fi Protected Access
 Wi-Fi Protected Access is also known as
WPA
 is the Wi-Fi standard
 a set of security mechanisms created to
accelerate the introduction of
strong security into WLANs
 WPA
 Based on the IEEE  requires the use of an
802.11i standard Authentication Server
 addresses 3 main (AS)
security areas  PSK (pre-shared key)
does not require an AS
 defines a more robust
Authentication authentication
protocol
Key management  Supports AES with
128-bit keys and 104-
Data transfer privacy bit RC4 encryption
schemes
802.11i Operational Phases
3 Main Ingredients for WPA

Access
Control Pr
i
it o
n M vac
t ic a In ess y w
n te ag i th
the gr e
ity
Au
802.11i Access Control
Privacy with Message Integrity
 IEEE 80211i defines two schemes
 both add a message integrity code (MIC)
to the 802.11 MAC Frame

Temporal Key Integrity Protocol (TKIP)

• WPA-1
• only requires software changes to devices
implemented with WEP
Counter Mode – CBC MAC Protocol (CCMP)
• WPA-2
• makes use of AES protocol
Intrusion Detection
 Intrusion Detection
 RFC 2828
 Security Intrusion
• a security event, or combination of multiple
security events, that constitutes a security incident
in which an intruder gains, or attempts to gain
access to a system without having authorization to
do so
 Intrusion Detection
• a security service that monitors and analyzes
system events for the purpose of finding, and
providing real-time or near-real-time warning of,
attempts to access system resources in an
unauthorized manner
 Intrusion Detection (IDS)
IDS

Host Based network based

monitors monitors
characteristics of characteristics of
events on a single events on the
host network
 IDS Components

Sensors Analyzers User Interface

• collect data • analyze the • enables a user to

collected data to view the sensor
see if an intrusion output and the
has occurred completed
analysis output
Basic Principles of Countering
Intrusions

Authentication facilities
Access Control facilities
Firewalls
IDS
Intruder Behavior Profiling
 Host-Based IDS Techniques
 can detect both external and internal intrusions.

Anomaly Detection Signature Detection

• collecting a baseline and • defines a set of rules or
then comparing behavior attack patterns
against that baseline
 Firewalls
 an integral part of an organization’s
defense-in-depth strategy as well as an
important complement to an organization’s
IDS.
 typically thought of as perimeter protection
 “defense in depth”
 Firewall Characteristics

 all traffic passes through the firewall

 only authorized traffic is allowed to pass

 the firewall itself is immune to penetration
 assumes a hardened system with a secured
operating system
Firewall Control Access Techniques
Service Control

• determines types of internet services that can be accessed both

inbound and outbound

Direction Control

• determines the direction in which particular service requests may be

initiated

User Control

• access to service is controlled based on user’s identity

Behavior Control

• controls how a particular service can be used

 Firewall Limitations
 cannot protect against attacks that bypass
the firewall (i.e. a modem pool)
 may not fully protect against internal
threats
 cannot guard against wireless
communications between local systems on
different sides of the internal firewall
 cannot protect against mobile devices that
plug directly into the internal network
 Types of Firewalls
Packet Filtering Firewall Stateful Inspection Firewall
• applies a set of rules to • tightens up the rules for
each incoming and TCP traffic by creating a
outgoing IP packet directory of outbound
TCP connections.

Application Level Gateway Circuit Level Gateway

• application proxy, acts as • sets up two TCP
a relay of application connections and relays
level traffic TCP segments from one
connection to the other
Types of
Firewalls
 Packet-
Filtering
Examples
 Packet Filtering Firewalls
 Advantages:
 its simplicity
 transparent to users
 very fast
 Disadvantages:
 cannot prevent attacks to application specific
vulnerabilities
 do not support advanced user authentication schemes
 vulnerable to attacks that take advantage of problems
within TCP/IP
 susceptible to security breaches caused by improper
configurations
Stateful Firewall Connection
State Table(keeps track of sequence number and other info)
 Application-Level Gateway
 also called an application proxy, acts as a relay of
application-level traffic
 tend to be more secure than packet filters
 easy to log and audit all incoming traffic
 Disadvantage:
 additional processing overhead on each connection
 Circuit-Level Gateway
 circuit-levelproxy
 stand alone system or function performed
by an application-level gateway
 sets up two TCP connections
 security function consists of determining
which connections will be allowed
 used where the system administrator
trusts the internal users
 Malware Defense
 Prevention
is the primary goal for malware defense.
However when prevention is not possible we want to:
 Detect
 Identify
 Remove
 Anti-virus software is designed to do all of the above
 Anti-Virus Generic Decryption
(GD)
 GD is technology that enables anti-virus programs to
detect even the most complex polymorphic viruses.

A GD scanner contains:
• CPU Emulator
• Virus Signature Scanner
• Emulation Control Module
Digital Immune System
 Behavior-Blocking Software

Types of behavior being

monitored are:
 integrates with the • attempts to open, view,
operating system of a delete or modify files
• attempts to format or
host computer and
otherwise erase disks
monitors program • modifications to the logic of
behavior in real time. macro or executable files
• modifications of critical
system settings
• unauthorized scripting
Behavior Blocking
Generality Timeliness
• should be able to • approach should
handle a wide variety of respond quickly to limit
worm attacks infected systems

Resiliency Minimal denial-of- Worm

• should be resistant to service costs
techniques by to evade • minimal reduction in Counterm
worm capacity or service due
to countermeasure
easures
Transparency Global and local
• should not require coverage
modification to existing • should be able to deal
OS and hardware with attack sources
from inside and outside
 (6 Classes of Worm Defense)
 Signature-based scanning & filtering
 Filter-based containment
 Payload-classification based worm containment
 Threshold Random Walk (TRW) scan detection
 Rate Limiting
 Rate Halting
 Summary
 VPNs and IPsec
 transport and tunnel modes
 SSL and TLS
 architecture and protocol
 Wi-Fi protected access
 access control and privacy
 Intrusion detection
 Firewalls
 characteristics and types
 Malware Defense
 worm countermeasures