Goals of Information Security• The common thread among good information security objectives is
that they address all three core security principles.
Availability
Prevents unauthorized
disclosure of systems
and information.
Prevents unauthorized
modification of systems
and information.
Prevents disruption of
service and productivity.
Cyber Six• Cyber Space
– Web 2.0 / dynamic web
• Cyber Threat– App Vulnerability
• Cyber Attack– Exploit Vulnerability
• Cyber Security– Defense in depth
• Cyber Crime– Unauthorized access
• Cyber Law– UU ITE
Cyber Space
• Growth, 60+ million users, 45+ million students, 60+
Gbit/s traffic, 200% rising local content trends
• Mobile, 90+ million internet users, 3+ million internet
banking, 99%+ district coverage, 100+ milion gadget
• Price War, $10 unlimited/monthly, $200- smartphone,
Blackberry, $300- netbook (bundled internet ready)
• Always On, 40+ million social media (2nd largest), 35+
million online media visitors daily, 10+ million online
gamers, 5+ million e-commerce transaction daily
Cyber Crime
• Online banking fraud (phising, MiTM)
• Tax evasion, money laundering, corruption
• Underground economy, transnational crime (organized, cross border, distributed, multi stage, political issues involved, global action)
• Sophistication (individual, skilled, targetted)
• Crimes that not exist yet (not regulated yet), online (cyber), financial (money), integrated (any kind related), more politics
Cyber Law
• UU ITE Nomor 11/2008
• UU ITE Nomor 19/2016
• UU Perlindungan Anak Nomor 23/2002
• UU Pornografi Nomor 44/2008
• KUHP, RUU, RPP, Peraturan Lain
• Content Regulation dan Filtering
What is Security Analyst
• Planning and implementing security measures to protect computer systems, networks and data
• Creating, testing and implementing network disaster recovery plans
• Performing risk assessments and testing of data processing systems
• Installing firewalls, data encryption and other security measures
• Recommending security enhancements and purchases• Training staff on network and information security
procedures
Lab 1
• Information gathering
• Method: whois lookup, banner grabbing
• Tools: nslookup, idserve, theharvester
• Target: target URL, internal URL, DNS records, key persons, OS/App running
Lab 2
• Scanning port and cracking password
• Tools: nmap/zenmap, hydra
• Target: open port, weak password, default configuration
• Countermeasure: filtering(firewall), password policy, IDS
Lab 3
• Scanning vulnerability and exploit vulnerability
• Tools: nessus, metasploit framework
• Target: deprecated OS
• Countermeasure: update OS, block exploit vulnerability
Lab 4
• Web App Threat
• Method: Directory Traversal, Cross Site Scripting(XSS), Parameter/Form Tampering, SQL Injection
• Tools: Havij, sqlmap, dotdotpwn.pl