Modul 1 Keamanan Jaringan

Ethical Hacking and Penetration Testing Module Objectives

Nah..ini modul pertama dari sekian banyak modul yang ada. Sok dibaca ya,,kayaknya sih masih banyak yang perlu direvisi gitu..Huakzzzz..

Yang baca tolong dikasih komen ya..

Nah ini cerita lengkapnya…

> Definisi

1.Security
Mengukur dan mengontrol serta ensure the confidentiality, integrity, and availability of information system assets, including, hardware, software, firmware, and data being processed, stored, and communicated.
2. Confidentiality
Menjamin sensitive information is not disclosed to unauthorized persons, processes, or devices.
3. Integrity
Merupakan kualitas informasi: trustworthiness, authenticity, reliability, correctness, completeness.
4. Availability
Ketersediaan informasi jika diperlukan
5. Hacker
Evolving term, once looked at as creative tinkering, then mischievous, then illegal, now a return to ethical research.

> Para tokoh dalm hacking nih: Dennis Ritchie and Ken Thompson, Richard Stallman, John Draper, Mark Abene, Handle: Phiber Optik, Kevin Poulsen, Handle: Dark Dante, Robert Morris, Handle: rtm, Kevin Mitnick, Handle: Condor, Tsutomu Shimomura, Steve Wozniak and Steve Jobs, Bill Gates and Linus Torvalds

> Siapa hacker pertama hayooo??? :p
– 1878 Bell Telephone fired a group of young teenage boys for “pranking” on the lines.
“Mabel, is that you….”
– Females hired as operators for nearly 100 years after that.

> Saat ini hacker saling berhubungan, misalnya melalui Telephone, BBS, IRC Channels, dll

> Motivasi menjadi hacker: Uang, akses untuk mengakses Data, Keuntungan persaingan, Penasaran, Dendam, Perhatian, dll

> Manajemen resiko untuk Ethical Hacker:

-Vulnerabilities
Weaknesses in the network infrastructure, operating systems or applications that give opportunity for a someone to disrupt, compromise, or destroy your information assets
-Ancaman
Whether internal or external to your organization, people with the ability to exploit vulnerabilities in your network
-Resiko = Vulnerabilities x Ancaman
-Risk Management (for Ethical Hackers)
Acting like a threat to find the vulnerabilities before they do, and get them fixed!

> “Ethical” hacking is the authorized probing of information systems for vulnerabilities and weaknesses. You have the owner’s permission (Be specific in contracts).You are performing the probe of the system in an effort to ultimately improve the security of the systems themselves. You are usually being paid to do it.

> Percobaan Vulnerabilities
-Didesain untuk menemukan lobang yang biasanya lebih cepat dari tes penetration
-Dilakukan di level tinggi
-Examine the vulnerability state and current security posture (a “snapshot” in time)
-Often done as part of a regular accreditation process.
-Two forms of vulnerability assessments:
1.White box
Full cooperation of subject
Full access to documentation, procedures, etc.
Often the most successful and least time consuming
2.Black box
Done in secrecy, little cooperation of the subject
Little to no access to documentation, procedures, etc.
Often less successful and more time consuming

> Testing Methodology:

-Footprinting
-Scanning
-Penetrate, external
-Enumerate
-Penetrate, internal
-Escalate, protect
-Pillage
-Get interactive
-Expand influence
-Cleanup/maintenance

1. Footprinting. Mencari rincian informasi terhadap sistem-sistem untuk dijadikan sasaran, mencakup pencarian informasi dengan search engine, whois, dan DNS zone transfer.

2. Scanning. Terhadap sasaran tertentu dicari pintu masuk yang paling mungkin. Digunakan ping sweep dan portscan.

3. Enumeration. Telaah intensif terhadap sasaran, yang mencari user account absah, network resource andshare, dan aplikasi untuk mendapatkan mana yang proteksinya lemah.

4. Gaining Access. Mendapatkan data lebih banyak lagi untuk mulai mencoba mengakses sasaran. Meliputi mengintip dan merampas password, menebak password, serta melakukan buffer overflow.

5. Escalating Privilege. Bila baru mendapatkan user password di tahap sebelumnya, di tahap ini diusahakanmendapat privilese admin jaringan dengan password cracking atau exploit sejenis getadmin, sechole, ataulc_messages.

6. Pilfering. Proses pengumpulan informasi dimulai lagi untuk mengidentifikasi mekanisme untuk mendapatkan akses ke trusted system. Mencakup evaluasi trust dan pencarian cleartext password di registry, config file, dan user data.

7. Covering Tracks. Begitu kontrol penuh terhadap system diperoleh, maka menutup jejak menjadi prioritas.Meliputi membersihkan network log dan penggunaan hidetool seperti macam-macam rootkit dan file streaming.

8. Creating Backdoors. Pintu belakang diciptakan pada berbagai bagian dari sistem untuk memudahkan masuk kembali ke sistem ini dengan cara membentuk user account palsu, menjadwalkan batch job, mengubah startup file, menanamkan servis pengendali jarak jauh serta monitoring tool, dan menggantikan aplikasi dengan trojan.

9. Denial of Service. Bila semua usaha di atas gagal, penyerang dapat melumpuhkan sasaran sebagai usaha terakhir. Meliputi SYN flood, teknik-teknik ICMP, Supernuke, land/latierra, teardrop, bonk, newtear, trincoo, smurf, dan lain-lain.

> VMWare Workstation
-Bekerja di  Intel architecture
-OS (Windows/Linux)
-Multiple guest OS’s may run:
-Either persistent or not
-Can save snapshots in time
-Applications may run in guest OS’s

> VMware Survival Skills:

-Pengaturan:

1. Mode Harddrive

2. jaringan

3. Ukuran memori

-Booting VMware, pausing, dan shut down

-VMtools

-Switching between VMs
– Ctrl-Alt-Del vs. Ctrl-Alt-Ins
-Menyimpan snapshots, reverting

-Full screen
– Mouse capture, release

> Linux adalah keharusan. Linux adalah software yang bagus utuk hacking karena lebih stabil, organic tools, dll.

>Contoh command di Linux:cd, ls-l, cp, mv, rm-f, chmod, dll

Nah…gitu aja deh kayaknya…tolong ditambahin ya..

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s