Peran CERT dan Penanganan Insiden Keamanan Informasi
! """""""""""""""""""""""""""
# $% & ' () * + , # -. /0
1 / 2 '3 45
67 4 ! 764 8!1 499 1 9 4 7 1 46 5!
Sejarah CERT
! " #$ #
$
% & $ '($ )**"
“CERT” (CMU - 1988) “RFC 2350” (IETF - 1998)
“Morris Worm” (CMU - 1988) Sejarah
ID-CERT “ID-CERT” (Budi Rahardjo - 1998) “APCERT”
! "
(ID-CERT pendiri forum #
$#%&'(
2001-2003)
$ # % & ' (
) *) +,
- ! . / # % $#%&'(
Visi - Misi &
# $ + $./ - , $ "
1
- %
- " -
2 $ "
3 $ "
4 $
$ $
Tim Kami
- 5 6 - % 7 .
8
5 ) & ! " - .
# 1 7 1 9 ) ) : $
;11 < =
8
8 ) : ):
& )
# > $ :
RFC 2350 http://www.cert.or.id/rfc/id/
0"2" ; $./ $ %
1
?
3" " $ 3" " " $ 3" "," 5 $ 3" "0" $
3"," ) !
1
- %
- /
- "
Aduan yang masuk: Darimana Informasi didapat?
$ 1 @
$ 1 @
$ 1 @
Layanan Utama ID-CERT
Jumlah Insiden yang direspon
Jumlah Insiden Yang di Selesaikan
Incident Reported 3.500.000 3.000.000 2.500.000 2.000.000 1.500.000 1.000.000 500.000
- 2010 2011 2012 2013 2014 2015 2016
Incident Reported 3.483.56 783.456 141.616 94.035 140.288 207.433 197.992
2000 1500 1000 500
2010 2011 2012 2013 2014 2015 2016 685 868 1224 1491 1642 1160 Yearly Incidents Responded 686 852 899 1932 1406 965 Yearly Incidents Resolved Beberapa Kasus Yang Sering Diadukan
- 7
'6% & %
- 7
. 1
7 # 8 (7
= 5$ &
$ > #
Kendala yang dihadapi atas aduan yang diterima
! @ ! @ *
) ! ( @
5 ! @
= @
Aktifitas
- $ ) $ %
,A A ,A # - ,A ,%
1
- 1 @
5 %
% ) % > % @
5 BAA ( % C % D % '6% & %8 % 6 %
5 5 5; $*';% 5 *7;?= 5) % .$ > * )= % 677 % 5 .$56 .% % )7>$$% 7)*.$% $#7% *)7 % = 7 ! %
$ # C # "
Kegiatan
7 )7 . ' ,A ,
)7 ) C % ,3 < ,B ,A ,% 6)?$"
( % C !
.$ 5) $*';" 1 $$#' $ $ 1 # ' 2 . ,A .$ 5) $*';"
) 7 = "
Kegiatan ID-CERT Lainnya
Survey Malware
http://www.cert.or.id/index-berita/id/berita/49/ # ! &
#6" " 5
1 E & " " " %
,"
1 E & " " " E & " " "
!
1 0" 1 - %
E & " " " E " "
Survey Malware: Mekanisme Pelaporan
" > " F
1
1
5 ," 7 5 # /G # 7 0" 7
H # % # # % . # % # 2" I#
I 3" 4" I+ &
I
1 E & " " " J E & " " " G 1 1 ( ( ("""""
1 " 7 % " #
1 1 % 1 %
- &
1
Event Report Tools (ERT)
( "
$ $#7 ( $7 ) $ % 1
BA "
7 $7
- ) )# * $#7 "
; 7.' #+ / $#7
- "
AndroScan
) ")75
& K
7
Wiki Malware
6 &
7
6 - .
7 # > $ :
Review Antivirus
6 ! ) ! $./
! & "
. #;7 ! &
Layanan
ID-CERT
, . ,A $./ 1 ( . 1 (7 "
- A > ,A , $./ . A / 2AA/BAA "
,A 0 7 # ) ! *
1 L M" 5 - 7 $ 7)*.$ 5 - 7 $ )7>$$
CERT/CSIRT di Indonesia
http://cert.id/index-berita/id/berita/65/
ID-CERT (1998), sektor umum dan berbasis aduan;
www.cert.or.id
ID-SIRTII (2007), berbasis monitoring log dan memberikan bukti Digital bila diminta penegak hukum;
www.idsirtii.or.id
Acad-CSIRT (2010), sektor Akademik, berbasis aduan;
http://www.acad-csirt.or.id/
GovCSIRT / KAMINFO (2012), sektor Pemerintahan, berbasis aduan dan Monitoring log.
Http://www.govcsirt.go.id/
CSIRT BPPT, 2014, sektor terbatas dibawah BPPT
https://csirt.bppt.go.id/
Top 6
Incident Monitoring Report
2015
RESPONDEN
$./ # &# !
)7>$$ ) C 6=
7)*.$ . $5"* 5 .)C N;* / 5 5; $*'; )' , ;7 ) ;
? 5; *$5)#$ ; )?
B *)7
2A #7;*. *
, $#7 Mengapa perlu respon cepat?
- 5
5 @ @
7 @
7
1 @ 7 & @
L M "
7 @ = $ %
@ ? / @
Insiden Spam
!
0E " !
1 E / " = " " "OOOOO" " / ,,," ,2" 3" ,2 #
7 ,A"4 "30 B1A, " B 4"A : 0 4 ,A //G3BA 6 ((&&&" / F"
1 JP G ! 1 1 , 8 ! % &
1 * .) )
Insiden Deface
Q,A 2/A /A0 0 ,0 ,B Q, ,3B2 Q
1 R Q " "43"BA Q " Q (( " "OOOO" "
Q,A 2/A /A0 0 ,0 ,B Q, ,3B2, Q
1 R Q " "43"BA Q " Q (( " "OOOO" "
Q,A 2/A /A0 0 ,0 , Q, ,3B20 Q
1 R Q " "43"BA Q " Q (( " "OOOOO" "
Q,A 2/A /A0 0 ,0 , Q, ,3B22 Q
1 R Q " "43"BA Q " Q (( " "OOOOO" "
Contoh Phishing: tselnet.com
Penipuan Mengatasnamakan Kepolisian dan Operator Telekomunikasi
= ! 1 $./ (( " ( F/
( ( (B3(
Sektor di Indonesia yang pernah diadukan -
Phishing;
7
! (# ( (7
7
5
7
Insiden Malware
,A 2/A4/ A A A ,0 # . & *) )7*$ $.
/ E " " ,3" 4A" B" ,
(( " " " ( (K S224
Malware Penyandera/Ransomware http://www.cnnindonesia.com/teknologi/20150123074005-185- 26742/malware-penyandera-komputer-beredar-di-indonesia/
"# )
6 #
?
6 >
Malware ,A 2/ A/A2 A 0B 2B # & R (( OOOO" " ( (( " " OOOO" " ( ((1 " " OOOO" " ( ((:1 " F " OOOO" " ( (( " F " OOOO" " ( ((F1-" F " OOOO" " ( (( -" F " OOOO" " ( (( " " OOOO" " ( (( !" " OOOO" " ( ((& " " OOOO" " ( (( " " OOOO" " ( ((T1 " " OOOO" " (
Mengapa perlu respon cepat?
- 5
5 @ @
7 @
7
1 @ 7 & @
L M "
7 @ = $ %
@ ? / @
Kelemahan Joomla http://www.cert.or.id/index-berita/id/berita/16/ 7 ,, . ,A ,% $./
1
- $ * $7 ) $ " # % 2 . % $./ " -
- # - ) ,A ,% . . 1 # ! .. # " 5 > ! "4 ,"3"2
1 # . ! "- " ( ( & (2BA/,A ,A4A / / ! / " . ! "- " ( ( & (0 3/,A ,A0A0/ / ! / " OpenSSL Heartbleed http://www.cert.or.id/index-berita/id/berita/47/
7 0 )7 $? ,A 2 $./
1 ! ! ; ##? "A" "A" 1
1
1 " .
% 1 1 % " .
1 1 % % 1 % / / / ; ##? " -
# "
1
- " *
; ##? " ; ##? / .;7 *##?R*;R= ) 6 ) # ')?C " Peringatan Keamanan Tentang BASH http://www.cert.or.id/index-berita/id/berita/50/
,3 # 7 ,A 2% $./ 1 6 "
( 7 ( - . ( ) / 7 ( PERINGATAN KEAMANAN I: Malware ZEUS
- > ,AAB
1 1 .
) # " ,AA !
" > ,AA %
7 !F & N B2%AAA ' 7
- ; ,AA % '6$ &
( & N / , ) # "
; ,A ! N " "
- / /
" ) ,A , ! & N 1 $ "
/ & % / %
" # /
% * & ' % D % = 3%
1 % # * "
Tips bagi Pengguna
? ) !
/
- #
1 ; (6 (
7 "
Tips bagi Instansi
- # $./
"
- #
7 = @
6 $#7( (
1 "
6 ( #$
" Tips di Media Sosial
- 7
# = / #
- 7 6 % - " - #
- "
- 7 ! * & +7*
6 # % %
1 # ( % ! - ( "
7 - 7 ///G $
READING ROOM: Saran Keamanan
" ? % ) !
& & " ,"
1 & % " - 0"
%
" 2" # % 1 3" $
/ 1 " 4" $
& " B" ? (! "
Reading Room
7 5 3/,A , 5 # ((&&&" " " ( R ( ( 3(
7 5 2/,A , 5 > ((&&&" " " ( R ( ( 0(
7 5 0/,A , # 7 # ((&&&" " " ( R ( ( (
7 5 ,/,A , & C ((&&&" " " ( R ( ( (
7 5 /,A , & N ((&&&" " " ( R ( (3(
.*# ((&&&" " ( R ( ( ( ,A,, A & N (( "& " (& (N RP, - R P, 7 $ = $./
((&&&" " " ( R (
READING ROOM: cara melapor ke ID-CERT
5 $./
E " "
!
A / 2AA/BAA @
#
1 %
?
1 ? ( ? K #
5
6 % $./
( " PERTANYAAN, SARAN & MASUKAN? Kontak Desk
ID-CERT: www.cert.or.id
Telpon: (+62)889-1400-700 ______________________________ Ahmad Alkazimy(Manajer
ID-CERT ) cert@cert.or.id
_________________________ Rahmadian L. Arbianita (Helpdesk
ID-CERT ) rahmadian@cert.or.id
__________________ Mailing List: diskusi@MILIS.cert.or.id