The aspects that must be considered when applying computer security are wired network, wireless network, computer servers (include use secure OS), application software (mail, web, database), network devices (gateway, router, firewall, switch), computer room, network (wired and wireless) monitoring tools, testing/detecting/monitoring software tools, anti virus, IDS/IPS, cryptography, early warning system. The most important is the awareness of users. Without this, every effort be useless.Computer Security is talking about how to prevent and detect from unauthorized access from unwanted users from certain computer system. Prevent to protect.
Rule 10/90, that is 10% technique, 90% habit.
Example :
- Yes, you need a password
- How to save it
- How to written down
- Don't using easy password
- Don't using the same password
- Don't give somebody else
- Change password periodically
- Remember to logout
- Make sure already logout
- Always login on secure system, no key logger, no cam, no spyware
Bugs and Security holes
- Bugs : error in computer system.
- Vulnerabilities (security hole) : bugs that enable user to violate security policy. For instance: wired network, wireless network and Operating Systems.
- Security hole : errors in design, errors in implementation, errors in maintenance. For instance: hand made applications, hand made programs, CMS.
Catagories computer misuse :
- External
- Hardware misuse
- Masquerading
- Pest Program
- By passes
- Active misuse
- Passive misuse
- Inactive misuse
- Indirect misuse
- Administration access : allows administrative activies on the computer, above and beyond that of a normal user
- Read restricted access : allows access to files that can normally not be accessed, or can view information not supposed to be viewed that may lead to a security compromise
- Reguler user access : access as a regular user has a strong degree of severity because these are typically many more ways interact with the system than without access at all
- Spoofing : allows the intruder to assume the identity of a user, computer, or network entity. This can result in other systems trusting the intruder and allow a system compromise
- Non-detectability : arises when a logging system has been disabled or otherwise malfunction. This can allow an intruder to perform actions that cannot be recorded.
- Deniel of Service : lowest degree of severity
- Nikto, looking for detail and possibility of vulnerbility.
- w3bfuktor, directories
- sqler.sh, sql injection
- hping, testing for detail packet handling, blocking by firewall or not
- nmap, open port
Cheak out :
Top 100 Network Security Tools, include Nessus, WireShark, Hping, Cain and Abel, Nikto, GFI LANguard
Top 10 Web Vulnerability Scanners, include Nikto
Top 10 Vulnerability Scanners, include Nessus, GFI LANguard
Top 11 Packet Sniffers, include WireShark, Cain and Abel, NetStumbler,
Top 5 Wireless Tools, include NetStumbler
Top 4 Packet Crafting Tools, include hping
Top 6 Traffic Monitoring Tools, include Ntop, EtherApe
Top 5 Security-Oriented Operating Systems, include BackTrack, Knoppix
Top 4 Port Scanners, include Superscan, Angry IP Scanner
John the Ripper for Windows Download
Cracking password dengan John The Ripper
Jika tidak ada file /etc/shadow, bisa juga pakai file /etc/master.passwd
No comments:
Post a Comment