SETIA JULI IRZAL ISMAIL,jul@tass.telkomuniversity.ac.id

TK 3193-KEAMANAN JARINGAN Semester Ganjil 2015/2016

FIREWALLFIREWALL

Hanya dipergunakan untuk kepentingan pengajaran di lingkungan  Telkom University

Tembok ApiTembok Api

AncamanAncaman

●Virus

●Worm

●DOS

●Cracker

Internal Vs ExternalInternal Vs External

Contoh RulesContoh Rules

● Blok paket masuk dari alamat pengirim/ penerima tertentu

●Blok paket keluar dari alamat pengirim/ penerima tertentu

●Blok paket berdasarkan isi paket

●Membuka akses ke internal resource tertentu

●Membuka koneksi ke jaringan internal

●Melaporkan semua aktifitas jaringan

UkuranUkuran

●Firewall personal

●Firewall unit

●Firewall perusahaan

IPTablesIPTables

IPTables (2)IPTables (2)

Contoh RulesContoh Rules

●Allow semua akses ke semua Website

●Allow outgoing email dari internal mail server

●Drop semua akses outgoing kecuali ke email dan website

●Drop semua incoming akses kecuali ke public web server

●Log semua akses ke website luar

●Log semua koneksi yang diblok Firewall

Contoh Rules (2)Contoh Rules (2)

ARSITEKTUR FIREWALL

SCREENING ROUTERSCREENING ROUTER

Row 1 Row 2 Row 3 Row 40

2

4

6

8

10

12

Column 1

Column 2

Column 3

• Paketfilter

• Allow Outgoing

• Filter Incoming

• 2 Interface

• ACL

• Kekurangan Single Point

of Error (SPoE)

SCREENING ROUTER (2)SCREENING ROUTER (2)

Screened HostScreened Host

DMZ (De-Militerized Zone)DMZ (De-Militerized Zone)

• Zona Khusus

• Layanan Publik (Web

Server, Mail Server ,

DNS, FTP, VOIP)

• Melindungi Jaringan

Internal

• DMZ – Internal dibatasi

• DMZ – Internet

DMZ (2)DMZ (2)

• Konfigurasi security ancaman Eksternal

• Ancaman Internal (Sniffing & Spoofing)

• Proxy Server

DMZ – 1 FirewallDMZ – 1 Firewall

• 3 Zone

• Single Point of Error

DMZ – SubnetDMZ – Subnet

DMZ – 2 FirewallDMZ – 2 Firewall

● Front –End ● Allow Traffic to DMZ

● Back End ● DMZ – Internal

● Lebih aman

● Multi Vendor

● Biaya

DMZ – MultipleDMZ – Multiple

DMZ – Multiple (2)DMZ – Multiple (2)

2 Firewall – 2 DMZ2 Firewall – 2 DMZ

ANCAMANANCAMAN

● DOS● IP Spoofing

›Tabel● ARP Spoofing

›Statik● Session Hijacking● Buffer Overflow● SQL Injection

REFERENSIREFERENSI

Buku Bacaan Wajib (BW)

1 Engebretson, P. (2011). The Basic of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Syngress.

2 Stallings, W. (2010). Network Security Essentials:Applications and Standards 4th Edition. Prentice Hall.

 

Buku Bacaan Anjuran (BA)

3 Beale, J. (2007). Snort IDS and IPS Toolkit. Syngress.

4 Rash, M. (2007). Linux Firewalls: Attack Detection and Response with Iptables, psad and fwsnort. No Starch.