Network Security

14
Network Security Sritrusta Sukaridhoto Netadmin & Head of Computer Network Lab EEPIS-ITS

description

Network Security. Sritrusta Sukaridhoto Netadmin & Head of Computer Network Lab EEPIS-ITS. Tentang aku…. Seorang pegawai negeri yang berusaha menjadi dosen yang baik,... Senang bermain dengan “Linux” sejak 1999 (kuliah sem 5) Pengalaman : Mengajar Penelitian Jaringan komputer. - PowerPoint PPT Presentation

Transcript of Network Security

Page 1: Network Security

Network Security

Sritrusta SukaridhotoNetadmin & Head of Computer Network Lab

EEPIS-ITS

Page 2: Network Security

Tentang aku… Seorang pegawai

negeri yang berusaha menjadi dosen yang baik,...

Senang bermain dengan “Linux” sejak 1999 (kuliah sem 5)

Pengalaman : Mengajar Penelitian Jaringan komputer

Page 3: Network Security

Tentang aku lagi… bergabung dengan EEPIS-ITS tahun 2002 berkenalan dengan Linux embedded di Tohoku University,

Jepang (2003 - 2004) “Tukang jaga” lab jaringan komputer (2004 – sekarang) Membimbing Tugas Akhir, 25 mahasiswa menggunakan Linux,

th 2005 (Rekor) Tim “Tukang melototin” Jaringan EEPIS (2002 – sekarang) ngurusin server “http://kebo.vlsm.org” (2000 – sekarang) Debian GNU/Linux – IP v6 developer (2002) GNU Octave developer (2002) EEPIS-ITS Goodle Crew (2005 – sekarang) Linux – SH4 developer (2004 – sekarang) Cisco CNAP instructure (2004 – sekarang) ....

Page 4: Network Security

EEPIS-ITS secure network

Page 5: Network Security

INTERNET

FIREWALL

E-MAIL

FILESERVER EIS

WWWDOMAIN NOC

MULTILAYERSWITCH

ROUTER-GTW

Traffic MonitoringCACTIHttp://noc.eepis-its.edu

EEPISHOTSPOT

PROXY LECTURER, EMPLOYEE

STUDENTS Internal ServerEEPIS-INFORMATION SYSTEM (EIS http://eis.eepis-its.edu)Http://fileserver.eepis-its.edu

DMZ

E-Mail serverHTTPS, SPAM (Spamassassin), Virus Scanner (ClamAV)

PROXY (Squid)All access to Internet must through Proxy

FIREWALL-IDSLinux bridge, iptables shorewall, snort, portsentry, acidlab

CISCO RouterUsing acl, block malware from outside

L3 SwitchBlock malware on physical port from inside network

All Server in DMZManage using SSH, Secure Webmin

SQL Database (MySQL)Access only from localhost (127.0.0.1)

EEPISHOTSPOTAccess from wifi, signal only in EEPIS campusAuthentication from Proxy

Managable SwitchsBlock unwanted user from port, manage from WEB

Page 6: Network Security

Router-GTW Cisco 3600 series Encrypted

password Using “acl”

Page 7: Network Security

Linux Firewall-IDS Bridge mode

Iface br0 inet static Address xxx.xxx.xxx.xxx Netmask yyy.yyy.yyy.yyy Bridge_ports all

Apt-get install snort-mysql webmin-snort snort-rules-default acidlab acidlab-mysql

Apt-get install shorewall webmin-shorewall

Apt-get install portsentry

Page 8: Network Security

Multilayer switch Cisco 3550

CSC303-1#sh access-listsExtended IP access list 100 permit ip 10.252.0.0 0.0.255.255

202.154.187.0 0.0.0.15 (298 matches) deny tcp any 10.252.0.0 0.0.255.255 eq 445

(1005 matches)Extended IP access list CMP-NAT-ACL Dynamic Cluster-HSRP deny ip any any Dynamic Cluster-NAT permit ip any any permit ip host 10.67.168.128 any permit ip host 10.68.187.128 any

Page 9: Network Security

NOC for traffic monitoring

Page 10: Network Security

E-Mail

ClamAV

VirtualMAP

Open relayRBLSPF

User AUser BUser C

Spamasassin

Courierimap

AmavisSmtp

Parsing

SmtpPostfix

Quarantine

http 80

Securehttps443

Pop beforesmtp

Pop 3courier

ok

Outlook/

Squirrelmail

ok

maildir

Y Y

N

DNSSERVER

secu

re in se cu re

reject

N

DIAGRAM ALUR POSTFIX

Page 11: Network Security

Policy

No one can access server using shell

Access mail using secure webmail Use proxy to access internet No NAT 1 password in 1 server for many

applications

Page 12: Network Security

Security updates

Use security updates for server(s) EEPIS has a debian mirror Authorized server room password

Page 13: Network Security

Server room

Page 14: Network Security

Thank you

[email protected]