network security
DESCRIPTION
Network Security. Sritrusta Sukaridhoto Netadmin & Head of Computer Network Lab EEPIS-ITS. Tentang aku…. Seorang pegawai negeri yang berusaha menjadi dosen yang baik,... Senang bermain dengan “Linux” sejak 1999 (kuliah sem 5) Pengalaman : Mengajar Penelitian Jaringan komputer. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/1.jpg)
Network Security
Sritrusta SukaridhotoNetadmin & Head of Computer Network Lab
EEPIS-ITS
![Page 2: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/2.jpg)
Tentang aku… Seorang pegawai
negeri yang berusaha menjadi dosen yang baik,...
Senang bermain dengan “Linux” sejak 1999 (kuliah sem 5)
Pengalaman : Mengajar Penelitian Jaringan komputer
![Page 3: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/3.jpg)
Tentang aku lagi… bergabung dengan EEPIS-ITS tahun 2002 berkenalan dengan Linux embedded di Tohoku University,
Jepang (2003 - 2004) “Tukang jaga” lab jaringan komputer (2004 – sekarang) Membimbing Tugas Akhir, 25 mahasiswa menggunakan Linux,
th 2005 (Rekor) Tim “Tukang melototin” Jaringan EEPIS (2002 – sekarang) ngurusin server “http://kebo.vlsm.org” (2000 – sekarang) Debian GNU/Linux – IP v6 developer (2002) GNU Octave developer (2002) EEPIS-ITS Goodle Crew (2005 – sekarang) Linux – SH4 developer (2004 – sekarang) Cisco CNAP instructure (2004 – sekarang) ....
![Page 4: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/4.jpg)
EEPIS-ITS secure network
![Page 5: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/5.jpg)
INTERNET
FIREWALL
FILESERVER EIS
WWWDOMAIN NOC
MULTILAYERSWITCH
ROUTER-GTW
Traffic MonitoringCACTIHttp://noc.eepis-its.edu
EEPISHOTSPOT
PROXY LECTURER, EMPLOYEE
STUDENTS Internal ServerEEPIS-INFORMATION SYSTEM (EIS http://eis.eepis-its.edu)Http://fileserver.eepis-its.edu
DMZ
E-Mail serverHTTPS, SPAM (Spamassassin), Virus Scanner (ClamAV)
PROXY (Squid)All access to Internet must through Proxy
FIREWALL-IDSLinux bridge, iptables shorewall, snort, portsentry, acidlab
CISCO RouterUsing acl, block malware from outside
L3 SwitchBlock malware on physical port from inside network
All Server in DMZManage using SSH, Secure Webmin
SQL Database (MySQL)Access only from localhost (127.0.0.1)
EEPISHOTSPOTAccess from wifi, signal only in EEPIS campusAuthentication from Proxy
Managable SwitchsBlock unwanted user from port, manage from WEB
![Page 6: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/6.jpg)
Router-GTW Cisco 3600 series Encrypted
password Using “acl”
![Page 7: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/7.jpg)
Linux Firewall-IDS Bridge mode
Iface br0 inet static Address xxx.xxx.xxx.xxx Netmask yyy.yyy.yyy.yyy Bridge_ports all
Apt-get install snort-mysql webmin-snort snort-rules-default acidlab acidlab-mysql
Apt-get install shorewall webmin-shorewall
Apt-get install portsentry
![Page 8: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/8.jpg)
Multilayer switch Cisco 3550
CSC303-1#sh access-listsExtended IP access list 100 permit ip 10.252.0.0 0.0.255.255
202.154.187.0 0.0.0.15 (298 matches) deny tcp any 10.252.0.0 0.0.255.255 eq 445
(1005 matches)Extended IP access list CMP-NAT-ACL Dynamic Cluster-HSRP deny ip any any Dynamic Cluster-NAT permit ip any any permit ip host 10.67.168.128 any permit ip host 10.68.187.128 any
![Page 9: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/9.jpg)
NOC for traffic monitoring
![Page 10: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/10.jpg)
ClamAV
VirtualMAP
Open relayRBLSPF
User AUser BUser C
Spamasassin
Courierimap
AmavisSmtp
Parsing
SmtpPostfix
Quarantine
http 80
Securehttps443
Pop beforesmtp
Pop 3courier
ok
Outlook/
Squirrelmail
ok
maildir
Y Y
N
DNSSERVER
secu
re in se cu re
reject
N
DIAGRAM ALUR POSTFIX
![Page 11: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/11.jpg)
Policy
No one can access server using shell
Access mail using secure webmail Use proxy to access internet No NAT 1 password in 1 server for many
applications
![Page 12: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/12.jpg)
Security updates
Use security updates for server(s) EEPIS has a debian mirror Authorized server room password
![Page 13: Network Security](https://reader035.vdokumen.com/reader035/viewer/2022081504/56813bfc550346895da54ffd/html5/thumbnails/13.jpg)
Server room