Rangkuman Keamanan Jaringan

download Rangkuman Keamanan Jaringan

of 14

description

Rangkuman keamanan jaringan bab 1 Computer Security.

Transcript of Rangkuman Keamanan Jaringan

Rangkuman kij bab 1 & 2

Chapter 1Computer SecurityBasic Concept

Computer holds many resources including data, information, system data such as hardware and software. The Resources considered to be useful and important but they would be useless if they are not protected. Thus the need of security to protect those resources is very important. An approach or activity or method to protect information and system resources against security violation is the basic of Computer Security. Such activities can be defined to determine, prevent, detect, and recovery against security attacks.

Principles of Security

The basic principles or taxonomies of security is known as CIA Triad from abbreviation of Confidentiality, Integrity, and Availability.

Fig 1.1 CIA Triad

Confidentiality is to ensure that information is not accessed by unauthorized users. The principle of confidetiality specifies that only sender and the recipient should be able to access and read the information. If the information (e.g. message) accessed by unauthorized person, therefore the purpose of confidentiality is compromised.

Fig 1.2 Loss of Confidentiality

Integrity is to ensure that information is not altered or changed by unauthorized users. When the informations contents are changed after sender sends it and before it reaches the recipient, the integrity principle is surely compromised.

Fig 1.3 Loss of Integrity

Availability is to ensure that the system works as it is to be without any interruption from unauthorized users. The access to unauthorized user and unaccessible to the system caused by unauthorized user rendering the loss of availability principle.

Another principle of security that additional concepts need to be added is Authentication. Authentication is to ensure that only authorized users can access and make changes to information and system. The purpose of this principle is to validate the authorized users through the proof of identity. Thus the unauthorized users unable to access the system or information.

Fig 1.3 Loss of Availability

Types of Security Attacks

Based on theorical concept, there are two types of security attack: passive attack and active attack.

Passive Attacks

Passive attack is the attackers attempt to eavesdrop or to monitor the data or information transmission. The attack does not alter and make changes to the information. Such attack tends to be silent attack which it is harder to detect. The general approach to deal with these attacks is through prevention such as encryption.

Eavesdropping (Sniffing)

The attacker attempts to access and read message from data transmission. In other words, the attackers goal is to obtain information that is in transit. No informational data has been altered or modified since this kind of attack only retrieve information from sender to recipient.

Fig 1.4 Eavesdropping or sniffing attack

Traffic Analysis

The attacker attempts to monitor of data transmission in order to retrieve informations pattern. The goal of this attack is to obtain the behavior of sender and recipient when exchanging the message, though the attacker unable to access and read messages. Attacker could retreive the location and identity of sender and recipient and observe the frequency and length of messages exchanged.

Fig 1.5 Traffic analysis attack

Active Attacks

Attacker attempts modify the message and cause interruption to the communication services. These attack could be easily detected, but harder to prevent.

Masquerade

The attacker pretends to be another entity. The attacker gains identity of sender or recipient and then change his/her identity to be sender or recipient.

Fig 1.6 Masquerade attack

Replay

The attacker captures a sequences of events or messages and then resends them to the recipient.

Fig 1.7 Replay attack Data Modification

The attacker attemps to capture the message from the sender and then alter or change the message before sending it to the recipient.

Fig 1.8 Data modification attack Denial of Service

The attacker attemps prevent users to use communication facilities such those services could not be accessed.

Fig 1.9 Denial of service

Security Services

Security service provided by a service such as

AuthenticationThe communicating entity should be the one that it claims to be.

Access ControlThe prevention of unauthorized use of a resource for unauthorized user.

Data ConfidentialityThe protection of data against unauthorized user.

Data IntegrityThe assurance that data received are sent by authorized user.

NonrepudiationProvides protection against denial by one of the entities involved in a communication of having participated in the part of communication.

AvailabilityProvides availability of system resource to be accessed and used by authorized user.

Security Mechanisms

Security mechanisms nowadays, using the OSI layer can be divided as below

EnciphermentThe use of algorithm to change the message into unreadable message.

Digital SignatureThe method to prove the source and integrity of the data unit.

Access ControlVariety of mechanisms to give access rights to the resources.

Data IntegrityVariety of mechanisms to assure the integrity of data.

Authentication ExchangeA mechanism intended to ensure the identity of an entity.

Traffic PaddingThe insertion of bits into gaps in a data stream to prevent traffic analysis attack.

Routing ControlEnables selection of secure routes for data and change the route when security breach is detected.

Routing ControlThe use of trusted third party for data exchange.

Network Security Model

Fig 1.10 Common model of data transmission

The entities listed on the figure above can be defined below

SenderA Person who is sending the message

RecipientA Person who is receiving the message

Information ChannelA channel provides message exchange.

Trusted Third PartyA service outside the system ensures secure transmission of data.

OpponentA threat who is attempting to access the data through transmission of data.

The general model shows on the figure above, concludes that there are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security transformation.2. Generate the secret information to be used with the algorithm.3. Develop methods for the transmission of the secret information.4. Specify a protocol to be used by the two principals that makes use of the securityalgorithm and the secret information to achieve a particular security service.

Chapter 2Classical Encryption Techniques

1. 1. 1. Basic Concept

A known techniques in network security to secure the data transmission is message encryption which is involving cryptography. Cryptography is an approach to achieve security by encoding message so that the messahe becomes unreadable. The basic techniques is to change the message into unreadable which is called encryption in order to make it harder to read unless it is decrypted. A study to decrypt an encrypted message without any knowledge of the encrypting details is Cryptanalysis.

In the world of cryptography, there are basic ingredients for symmetric cipher model:

Plain textThe original message that can be understood and not codified in any manner.

Encryption algorithmAn algorithm to perform various transformations on the plaintext.

Secret keyThe key to define output and input of encryption used by encryption algorithm.

CiphertextThe encrypted plain text messgae as output of encrypted algorithm.

Decryption algorithmAn algorithm to perform various transformations on the ciphertext and change it to be plain text or original message.

Fig 2.1 Simple model of symmetric encryption

Classical techniques of encryption uses symmetric encryption with two basic techniques. They are susbtitution and transposition.

Substitution Techniques

Substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols

Caesar Cipher

The first and the simplest use of replacing each leter of the alphabet with the letter three places down the order is called Caesar Cipher which proposed by Julius Caesar. The characters of a plain text message are replaced by othe characters, numbers or symbols.

Fig 2.2 The caesar cipher alphabetic replacement rule

Fig 2.3 Example of breaking caesar cipherMonoalphabetic Cipher

The improved version of caesar cipher to replace each letter of the alphabets to random letter of the alphabets.

Playfair

Playfair cipher is a digraph substitution cipher which employs a tabel where one letter of the alphabet is omitted and the letters are arranged in 5x5 matrix. The letter I and J count as one letter.

Fig 2.4 Example of playfair cipherTransposition Techniques

Transposition technique involves mapping letters is achieved by performing some sort of permutation on the plaintext letters.

Rail Fence

This technique is simplest transposition which the plain text is written down as a sequence of diagonal. For example, the plain text is come home tomorrow. Then the plain text is sequenced below

Fig 2.5 Example of rail fence transpositionThen the ciphertext would be cmhmtmrooeoeoorw

Simple Columnar

Another technique to use a rectangle which contains columns and rows. The plain text is written column by column and add row after the space of column is supressed.

Fig 2.6 Example of simple columnar transpositionSteganography

Another technique which involves writings and images is called steganography. This technique conceal the message into secret message which requires more effort to reveal the secret message. Some example of steganography used is character marking and invisible ink. But nowadays, the steganography can be represented with bits, which those bits conceal message into images, shown in the figure below

Fig 2.7 Example of steganography image using bitsRangkuman kij bab 1 & 2fariz aulia pradipta - 5112100021

MIND MAPChanpter 1

Chapter 2

PertanyaanChapter 1Bagaimana cara kerja firewall komputer untuk menangani proteksi serangan dari jaringan?Chapter 2Bisakah kita menggabungkan dua atau lebih metode enkripsi yang berbeda (misal caesar cipher dengan simple columnar dan playfair)?

Referensi

Stalling, William, 2011, Cryptography and Network Security Principle and Practice Fifth Edition, Pearson Education

Kahate, Atul, 2013, Cryptography and Network Security Third Edition, New Delhi, Tata McGraw-Hill Publishing Company Limitedhttp://books.google.co.id/books?id=HAxRAgAAQBAJ&printsec=frontcover&hl=id#v=onepage&q&f=false

Computer Security: A Practical Definitionhttp://www.albion.com/security/intro-4.html

Common Types of Network Attackshttps://technet.microsoft.com/en-us/library/cc959354.aspx

What is Computer Sercurity?http://www.cse.psu.edu/~tjaeger/cse544-s10/papers/gasser_ch1-2.pdf