Resume network Security

Fundamental Keamanan Jaringan

Mitigasi Ancaman

1. Melindungi jaringan
- Network Security Professional : Chief Information Officer (CIO), Chief Information Security
Officer (CISO), Securit Operations (SecOps) Manager, Chief Security Officer (CSO), Security
Manager, etc
- Network Intelligence Communities : SANS, Mitre, FIRST, SecurityNewsWire, ISC, CIS
- Network Security Certifications
- Communications Security : CIA (Confidentiality, Integrity, Availability)
2. Network Security Policies
- Network Security Domains : Informations Security Policies, Organization of Information
Security, Asset Management, Access Control, Cryptography, Physical and Environmental
Security, Operations Security, Communications Security; System Acquisition, Development,
and Maintenance; Supplier Relationships, Information Security Incident Management,
Business Continuity Management, Compliance
- Business Policies : Company policies, employee policies, security policies
- Security Policy : Identification and authentication policy, Password policies, Acceptable Use
Policy (AUP), Remote access policy, network maintenance policy, incident handling
procedures
- BYOD Policies : password protected access, manually control wireless connectivity, keep
updated, backup data, enable “find my device”, provide antivirus software, use mobile
device managemen (MDM) software
3. Security Tools, Platforms, and Services
The Security Onion adalah analogi keamanan dimana untuk mencapai inti/aset maka terdapat
lapisan-lapisan keamanan sebelum menembus ke inti/aset.

The Security Artichoke adalah analogi dimana lanskap jaringan berubah, seperti evolusi jaringan
tanpa batas yang menguntungkan pelaku ancaman karena mereka tidak lagi harus mengupas
setiap lapisan. Mereka hanya perlu membuang “daun artichoke” tertentu.
- Security Testing Tools (categories of tools):
• Password Crackers : John the Ripper, Ophcrack, LOphtCrack, THC Hydra,
RainbowCrack, Medusa
• Wireless hacking tools : Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep,
NetStumbler
• Network scanning and hacking tools : nmap, Superscan, Angry IP Scanner,
NetScanTools
• Packet crafting tools : Hping, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis
• Packet sniffers : Wireshark, Tcpdump, Ettercap, Dsniff, EteherApe, Paros, Fiddler,
ratproxy, SSLstrip
• Rootkit detectors : AIDE, Netfilter, PF: OpenBSD Packet Filter
• Fuzzers to search vulnerabilities : Skipfish, Wapiti, W3af
 • Forensic tools: Sleuth Kit, Helix, Maltego, Encase
• Debugger : GDB, WinDbg, IDA Pro, immunity Debugger
• Hacking operating systems: Kali Linux, SELinux, Knoppix, Parrot OS, BackBox Linux
• Encrypting tools : VeraCrypt, CipherShed, Open SSH, OpenSSl, OpenVPN, Stunnel
• Vulnerability exploitation tools : Metasploit, Core Impact, Sqlmap, Social Engineer
Tool kit, Netsparker
• Vulnerability scanners : Nipper, Securia PSI, Core Impact, Nessus, Open VAS
- Data Security Platforms (DSP)
Kemanan terintegrasi yang menggabungkan alat independent tradisional ke dalam rangkaian
alat. Alat keamanan yang melindungi dan memantau karingan, salah satu DSP adalah
platform Helix dari FireEye. FireEye Helix adalah platform operasi keamanan berbasis cloud
yang mengintegrasikan banyak fungsi keamanan dalam suatu platform. Menyediakan
manajemen acra, perilaku jaringan analitik, deteksi ancaman tingkat lanjut, dan insiden
orkestrasi keamanan, otomatisasi, dan respons (SOAR) untuk menanggapi ancaman saat
terdeteksi.

DSP terintegrasi lainnya adalah Cisco SecureX, berfungsi sebagai tim yang menyediakan
interoperabilitas dengan infrastruktur keamanan, termasuk teknologi pihak ketiga.
Fungsionalitas SecureX dibangun ke dalam portofolio produk keamanan Cisco yang besar
dan beragam termasuk firewall generasi berikutnya, VPN, analitik jaringan, mesin layanan
identitas, perlindungan malware tingkat lanjut (AMP), dan banyak sistem lain yang bekerja
untuk mengamankan semua aspek jaringan.
- Security Services
Threat Intelligence and security service dapat melakukan pertukatan informasi atas ancmaan
dan kerentanan, indicators of compromise (IOC), dan Teknik mitigasi. Threats intelligence
service membuat dan mendistribusi aturan firewall dan IOCs ke perangkat yang telah
memiliki layanan tersebut.

Salah satu layanannya yaitu Cisco Talos Threat Intelligence Group. Talos adalah salah satu
commercial threat intelligence tim terbesar di dunia. Membatu dalam melindungi enterprise
user, data, dan infrastruktur. Tim Talos mengkoleksi informasi tentang ancaman aktif,
ancaman yang ada, dan emerging threats. Talos menyediakan proteksi yang komprehensif
melawan serangan dan malware kepada para pelanggannya

4. Mitigationg Common Network Attacks

- Defending the Network
• Develop a written security policy for the company.
• Educate employees about the risks of social engineering, and develop strategies to
validate identities over the phone, via email, or in person.
• Control physical access to systems.
• Use strong passwords and change them often.
• Encrypt and password-protect sensitive data.
• Implement security hardware and software such as firewalls, IPSs, virtual private
network (VPN) devices, antivirus software, and content filtering.
 • Perform backups and test the backed-up files on a regular basis.
• Shut down unnecessary services and ports.
• Keep patches up-to-date by installing them weekly or daily, if possible, to prevent
buffer overflow and privilege escalation attacks.
• Perform security audits to test the network.
- Mitigating Malware : malware termasuk virus, worms, trojans horses dengan software
antivirus
- Mitigating worms : fase containment, inoculation, quarantine, treatment
- Mitigating Reconnaissance Attacks :
• Terapkan otentikasi akses
• Gunakan Enkripsi agar serangan packet sniffer tidak berguna
• Gunakan anti alat sniffer
• Terapkan switched infrastuktur
• Gunakan firewall dan IPS
- Mitigating Access Attacks : Gunakan password yang kuat dan Nonaktifkan akun setelah sejumlah
login yang gagal telah terjadi
- Mitigating DoS Attacks : Untuk minimalisir jumlah serangan, network utilization software
package harus berjalan sepanjang waktu. Gunakan router cisco dan switch yang mendukung
banyak teknologi antispoofing, seperti keamana port, Dynamic host, pengintaian protokol
konfigurasi (DHCP), penjaga alamat IP, resolusi alamar dinamis protokol (ARP) inspensi, dan
daftar control akses (ACL)

5. Cisco Network Doundation Protection Framework

- NFP Framework
Menyediakan proteksi infrastuktur jaringan. NFP secar logika memisahkan routers dan switches
ke 3 fungsional area : control plane (routing data), management plane (managing network
elements), data plane (forwarding data)
- Securing Control Plane
Berisi device-generated packets yang terdiri dari jaringan tersebut sendiri. Fitur yang
terimplementasi :
• Routing protocol authentication : mencegah router dari menerima fraudulent routing
updates
• Control plane policing (CoPP) : Fitur ini membuat user mengontrol aur lalu lintas yang di
handle oleh router processor pada jaringan perangkat
• AutoSecure : dapat lock down fungsi management plane dan forwarding plane service
pada router
- Securing the management plane :
• Login and password policy : restrict device
• Presnt legal notification
• Ensure the confidentiality of data
• Role-based access control (RBAC)
• Authorize actions
• Enable management access reporting
- Securing the Data Plane :
• Blocking unwanted traffic or users
• Reducing the chance of DoS
• Mitigating spoofing attacks.
• Providing bandwidth control
• Classifying traffic to protect the Management and Control planes