Audit and Monitoring

(Cont.)

Slide ke-17 Mata Kuliah: Keamanan Jaringan

oleh Setio Basuki

  

Monitoring Tools and Technique

• The actual tools and techniques used to perform monitoring Vary Greatly between environments and system platforms.
• – Warning Banner.
• – Keystroke Monitor.
• – Traffic and Trend Analysis.
• – Other Monitoring Tools.

  

Warning Banner

• Warning Banners

Serve to Inform

  would-be intruders or those who attempt to Violate Security Policy that their intended activities are restricted and that any further activities will be audited and monitored.

  

Keystroke Monitor

• Keystroke

  monitoring is the act of recording the key presses a user performs on a physical keyboard.

• – The act of recording can be visual (such as

  with a video recorder) or logical/technical

  (such as with a capturing hardware device or a software program).

  

Keystroke Monitor

• In most cases, Keystroke monitoring is used for malicious purposes.
• – Only in Extreme Circumstances and Highly

  Restricted Environments is keystroke monitoring actually employed as a means to audit and analyze.

• – The software or hardware devices used to perform keystroke monitoring can be described as “keystroke loggers” or “keylogger”,

  Keystroke Monitor Traffic and Trend Analysis

• Traffic and Trend Analysis

  can be used to infer a lot of information, such as

• – Primary communication routes, sources of

  encrypted traffic, location of primary servers, primary and backup communication pathways, amount of traffic supported by the network, typical direction of traffic flow, etc.

  Traffic and Trend Analysis

  

Other Monitoring Tools

• A common example of a tool for monitoring physical access is the use of CCTV (Close Circuit Television) .
• – CCTV can be configured to automatically record the viewed events onto tape for later review, and personnel who watch for unwanted, unauthorized, or illegal activities in real time can watch it live.

  Other Monitoring Tools

  

Penetration-Testing Technique

• In security terms, a

  Penetration Occurs when an attack is successful and an intruder is able to breach the perimeter of your environment.

• A Black Box

  is literally a device of unknown composition whose internal circuits, makeup,

and processing functions are unknown but

whose outputs in response to various kinds

of inputs can be observed and analyzed.

Penetration-Testing Technique

• On the other hand, a White Box is a device whose internal structure or processing is known and understood.
• This distinction is important in penetration testing, where Black-box Testing proceeds without making use of any knowledge of how

  an organization is structured, what kinds of

  hardware and software it uses, or its security policies, processes, and procedures.

  

Planning Penetration Testing

• It is just another name for launching intrusion attempts and re-creating attacks against a network or entities on that network.
• – The activity in either a real intrusion or a simulated intrusion is the same.
• Formal Penetration testing is performed

  with prior approval and advance

  Planning Penetration Testing

  

Penetration Testing Team

• Penetration testing teams may have

  Varying Levels Of Knowledge about the environment to be evaluated. Three

commonly recognized knowledge levels

are zero, partial, and full. Here are brief descriptions:

• – Zero Knowledge Team.
• – Partial Knowledge Team.

  

Penetration Testing Team

• Zero Knowledge Team

  , knows nothing about the site except for basic information, such as domain name and company address.

• Closely resembles a real external attack because all information about the environment must be obtained from scratch.

  

Penetration Testing Team

• Partial Knowledge Team

  , is given an inventory of hardware and software used at the site and possibly network design and configuration details.

• The team is then able to focus its efforts on attacks and vulnerabilities specific to actual hardware and software in use at the site.

  

Penetration Testing Team

, are completely aware

• Full Knowledge Team

  of every aspect of the environment, down to patch and upgrades installed and exact security configurations.

• Full-knowledge team conducts white-box penetration testing.
• – Partial-knowledge teams are sometimes said to

  conduct gray-box testing because they operate

  between the extremes of black (zero

  Penetration Testing Team

  

Ethical Hacking

is a security assessment

• Ethical Hacking

  process whereby hacking techniques and tools are employed.

• When an ethical hacker is engaged as part of your assessment team, it is important to ensure that the person does not have a conflict of interest.
• – This could be a person who also is a provider, reseller, or consultant for security products or add- in or value-add services.

  

Ethical Hacking

• An Ethical Hacker should not exploit discovered vulnerabilities.
• Writing to, altering, or damaging a target of evaluation is a violation of the concept of ethical hacking and bleeds into the realm of unethical.
• – Which is specifically called .

  Cracking

  

Sniffing and Eavesdropping

• • Sniffing often involves capture or duplication

  of network traffic for examination, re- creation, and extraction.

• Effective tool for capturing or extracting data from unencrypted network traffic streams:
• – Passwords, usernames, IP addresses, message contents, and much more can be captured using software or hardware-based sniffers.

  Sniffing and Eavesdropping

• Eavesdropping

  is just another term for sniffing. However, eavesdropping can include more than just capturing and recording network traffic.

• Eavesdropping also includes recording or listening to audio communications, faxes, radio signals, and so on.

  

Radiation Monitoring

• Radiation Monitoring is a specific form of

  

sniffing or eavesdropping that involves the

detection, capture, and recording of radio frequency signals and other radiated communication methods, including sound and light.

• • Radiation monitoring also includes tapping of

  radio frequencies often used by cell phones

  or other types of wireless commmunication.

  Dumpster Diving

• Dumpster Diving

  is the act of digging through the refuse, remains, or leftovers from an organization or operation in order to discover or infer confidential information.

  Dumpster Diving

• Researching an organization for its useful details, or information gathering, includes :
• – Searching, investigating, and reverse- engineering an organization’s website and commercial products and obtaining publicly accessible literature (such as financial statements, brochures, product information, shareholder reports).

  Dumpster Diving

• Scavenging

  is a form of information gathering performed electronically.

• This could include audit trails, log files, memory dumps, variable settings, port mappings, and cached data.

  Social Engineering

• Social Engineering

  is a skill by which an unknown person gains the trust of someone inside your organization.

• An individuals can persuade employees that they are associated with upper management, technical support, the help desk, or anyone of influential status.

  Social Engineering

• Three

  Well-known Forms of social

  engineering attack:

  is the process of attempting to

• – Phishing

  obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information by pretending as a trustworthy entity.

  Social Engineering - Phishing

  Social Engineering

• Three well-known forms of social engineering attack:

  is more targeted form of

• – Spearphishing

  

phishing. Attackers may gather personal

information about their target to increase their probability of success.

  Social Engineering

• Three well-known forms of social engineering attack:
• – Whaling

  Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses.

  

Countermeasure

• Not All

  problems that an IT infrastructure will face have definitive countermeasures or are even recognizable threats.

• Many of these vulnerabilities lack direct effect countermeasures, or the deployment of available countermeasures offers little risk reduction.

Error and Omission

• Errors and omissions occur because humans interact with, program, control, and provide data for IT.
• There are no direct countermeasures to prevent all errors and omissions.
• Some safeguards against errors and omissions are input validators and user training.

  

Collusion

• Collusion is an agreement among multiple people to perform an unauthorized or illegal action.

  

End of Slides

• Available at