10 tk3193-firewall 2
-
Upload
setia-jul-ismail -
Category
Education
-
view
1.078 -
download
0
Transcript of 10 tk3193-firewall 2
SETIA JULI IRZAL ISMAIL,[email protected]
TK 3193-KEAMANAN JARINGAN Semester Ganjil 2015/2016
FIREWALLFIREWALL
Hanya dipergunakan untuk kepentingan pengajaran di lingkungan Telkom University
Contoh RulesContoh Rules
● Blok paket masuk dari alamat pengirim/ penerima tertentu
●Blok paket keluar dari alamat pengirim/ penerima tertentu
●Blok paket berdasarkan isi paket
●Membuka akses ke internal resource tertentu
●Membuka koneksi ke jaringan internal
●Melaporkan semua aktifitas jaringan
Contoh RulesContoh Rules
●Allow semua akses ke semua Website
●Allow outgoing email dari internal mail server
●Drop semua akses outgoing kecuali ke email dan website
●Drop semua incoming akses kecuali ke public web server
●Log semua akses ke website luar
●Log semua koneksi yang diblok Firewall
SCREENING ROUTERSCREENING ROUTER
Row 1 Row 2 Row 3 Row 40
2
4
6
8
10
12
Column 1
Column 2
Column 3
• Paketfilter
• Allow Outgoing
• Filter Incoming
• 2 Interface
• ACL
• Kekurangan Single Point
of Error (SPoE)
DMZ (De-Militerized Zone)DMZ (De-Militerized Zone)
• Zona Khusus
• Layanan Publik (Web
Server, Mail Server ,
DNS, FTP, VOIP)
• Melindungi Jaringan
Internal
• DMZ – Internal dibatasi
• DMZ – Internet
DMZ (2)DMZ (2)
• Konfigurasi security ancaman Eksternal
• Ancaman Internal (Sniffing & Spoofing)
• Proxy Server
DMZ – 2 FirewallDMZ – 2 Firewall
● Front –End ● Allow Traffic to DMZ
● Back End ● DMZ – Internal
● Lebih aman
● Multi Vendor
● Biaya
ANCAMANANCAMAN
● DOS● IP Spoofing
›Tabel● ARP Spoofing
›Statik● Session Hijacking● Buffer Overflow● SQL Injection
REFERENSIREFERENSI
Buku Bacaan Wajib (BW)
1 Engebretson, P. (2011). The Basic of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Syngress.
2 Stallings, W. (2010). Network Security Essentials:Applications and Standards 4th Edition. Prentice Hall.
Buku Bacaan Anjuran (BA)
3 Beale, J. (2007). Snort IDS and IPS Toolkit. Syngress.
4 Rash, M. (2007). Linux Firewalls: Attack Detection and Response with Iptables, psad and fwsnort. No Starch.