Security professionals break the term security into three parts: confidentiality, integrity, and availability.
1. confidentiality (rahasia)
Confidentiality is all about determining the appropriate level of access to information. Hak akses u/ data/file/folder.
2. Integrity (keutuhan)
Tidak adanya kehilangan data (data tetap utuh tanpa ada modifikasi).
3. Availability (ketersediaan)
Ketersediaan data yg akan diakses, menuju pada pemikiran back up data or system
Identifikasi Resiko
1. Attack
An attack against a system is an intentional attempt to bypass system security controls or organizational policies to affect the operation of the system (active attack) or gain access to information (passive attack). Attacks can be classified into insider attacks in which someone from within an organization who is authorized to access a system uses it in an unauthorized way, or outsider attacks, which originate outside of the organization's security perimeter, perhaps on the Internet at large
In order for active and passive attacks to succeed, something must be at fault. Attacks necessarily leverage fundamental behavioral problems in software, improper configuration and use of software, or both. In this chapter, we examine these classes of attacks including the special-case denial of service (DoS) attack.
2. Problem software
2.1 Buffer OverFlow
2.2 Injeksi SQL
There are, of course, ways to defend against SQL injection attacks from within web applications. One common approach is to parse every value provided by the user. Make sure it doesn't contain any undesirable characters like backticks, quotes, semi-colons, and so on. Also ensure that the valid characters are appropriate for the value being returned. To get around the problem completely, developers may be able to use stored procedures and avoid dynamically creating SQL.
2.3 Software problem lain
Proteksi :
Being aware of vulnerabilities is a good first step.
Installah 3rd party soft. yang jelas minim bugnya.
Rajin mengkuti mailing list
Selalu lakukan patch
3. DOS ATTACK
DoS attacks are active—they seek to consume system resources and deny the availability of your systems to legitimate users. The root cause of a system or network being vulnerable to a DoS attack may be based on a software vulnerability, as a result of improper configuration and use, or both. DoS attacks can be devastating, and depending on how they are carried out, it can be very difficult to find the source. DoS attacks have a diverse list of possible targets.
Target: physical
DoS attacks can occur at the physical layer. In an 802.11 wireless network, an attacker can flood the network by transmitting garbage in the same frequency band as the 802.11 radios.
Target: network
At the data link and network layers, traffic saturation can interfere with legitimate communications. Flooding a network with illegitimate and constantly changing arp requests can place an extreme burden on networking devices and confuse hosts. Attempting to push a gigabit of data per second through a 100 Mbps pipe will effectively overrun any legitimate network traffic. Too much traffic is perhaps the quintessential example of a DoS attack
Target: application
These DoS attacks generally use up some finite resource on a host such as CPU, memory, or disk I/O. An attacker may send several application requests to a single host in order to cause the application to consume an excessive amount of system resources.
She may simply exploit a bug in code once that causes the application to spiral out of control or simply crash. Some services that fork daemons at every new connection may be subject to a DoS if tens or hundreds of thousands of connections are made within a short period of time
Proteksi :
Physical -> lakukan load balancer
Network -> IDS hosts may be used to help detect these kinds of attacks and automatically update firewall or router configurations to drop the traffic
Application -> secure architecture and build, controlled maintenance, and monitoring logs.
4. Konfigurasi yang kurang sip.
4.1. Konfigurasi yang ceroboh
4.2 Acccount access.
permission file , setuid (memberikan akses hanya pada id, bukan pada nama user).
-r-sr-xr-x 1 root wheel 23392 Jun 4 21:57 traceroute
To find setuid and setgid files on your BSD system, run the following command:
% find / -type f \( -perm -2000 -o -perm -4000 \) -print
Satpam 1
satpam | Wednesday, September 26, 2007
This entry was posted on 2:39 PM
and is filed under
satpam
.
You can follow any responses to this entry through
the RSS 2.0 feed.
You can leave a response,
or trackback from your own site.
Subscribe to:
Post Comments (Atom)
1 komentar:
hmm...nice post more about it when we find anything at our system.
Post a Comment