Security Awareness jateng
Security Awareness
Direktorat Pengembangan Sistem Pengadaan Secara Elektronik
LKPP
Incident di LPSE
•
•
•
•
•
•
•
•
•
Sulit Melakukan Upload
Password berubah
FiPenyalahgunaan user LPSE
le Upload diganti
File corrupt
OS Corrupt
HDD rusak
Aplikasi Tidak Bisa Di Akses
Dll………
Side Effect
• LPSE kehilangan kepercayaan termasuk oleh
LKPP
• Audit oleh eksternal mulai inspektorat, BPKP,
Kejaksaan, Kepolisian, BPK atau KPK
• Review pegawai oleh Atasan
• Pembekuan LPSE dan Penyekatan IT
infrastruktur
Review Fungsi IT di LPSE
• Administratif
• Fisik
– Akses Ruang server (finger print,kunci &
gembok)
– CCTV
• Orang
– Integrity
Review Fungsi IT di LPSE
• Teknik
– Fungsi redundancy environment
• Power Source (Listrik PLN dan Genset)
• Temporary Power Source (UPS)
• Cooling (Primary and Backup)
– Fungsi Redundancy data
• Backup Data file dan DB (COLD atau HOT)
• Mirroring System
– Fungsi Monitoring
• Monitoring ketersediaan
• Monitoring capacity
• Monitoring Security
Common Security Threat LPSE
•
•
•
•
•
•
•
•
•
Remote ssh steal password
Ransomware Database
HTTP Header Modification
Defaced
SQL Injection
SSH Without Password
Slowloris DDOS (Flooding)
Brute Force
Hack By Admin
Remote steal password
• Add source code into openssh
• Co pile a d let’s rock roll
Ransomeware Database
Ransomeware Database
Ransomeware Database
Ransomware Database
Send 0.5 BTC to this address and go to this site
http://ann2hzqgedo3plvu.onion/ to recover
your database! SQL dump will be available after
payment! |
1QUfRujo8U1wPgMcjkT4XZrViW2Bgvmf1 |
back_support@mai2tor.com
HTTP Header Modification
Deface
SQL Injection
SQL Injection
•
•
112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET
/eproc/faqpage?q=%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34
%39%38%37%29%20%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A
HTTP/1.1" 403 234 "-" "sqlmap/1.0-dev (http://sqlmap.org) »
112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET /eproc/faqpage?q= HTTP/1.1" 403 234 "-" »
%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34%39%38%37%29%2
0%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A»
SSH no password with key auth
Slowloris DDoS
Common Backdoor / Trojan / Malware
• bl0wsshd 6.71p (/usr/bin/ssh, /usr/sbin/sshd)
• Perl IRC bot
• rainroot, file ./u (privilege gainer, permission:
suid)
• MiG log cleaner
• php-reverse-shell
Hack By Admin
What to do ???
• Separate security for each entity in the Infrastructure
• Manage User Access Control
Password Policy
Different User Access
• Hardening Remote System
• Hardening Kernel OS
• Manage Log System
• Secure Communication Channel
• Defend at Network Perimeter
Manage User Access Control
Password Policy :
• Used cracklib PAM Library : libpam-cracklib
• Edit file PAM configuration
– /etc/pam.d/system-auth on Centos
– /etc/pam.d/common-password on Debian
• Set Complexity Configuration
“........
password requisite pam_cracklib.so try_first_pass retry=3 minlength=12
lcredit=3 ucredit=2 dcredit=3 ocredit=2 difok=4
…....”
Manage User Access Control
Different User Access :
• allow root / admin login from spesific console
• Create Different User
• Assign user to spesific group
Hardening Remote System (SSH)
• Limit User Remote
• Use non Standart Port
• Disable non-usable fitur
– TCP Forward
– Tunnel
– X11 Forward
Log Management
• Using rsyslog
• Using Adiscon Log Analyzer for Web UI
Secure Communication Channel
• Type VPN :
– Site to Site VPN
– Remote Access Site VPN
• Jenis VPN :
– VPN Software (OpenVPN , Softether VPN)
– VPN Hardware (Appliance)
Secure Communication Channel
Defend at Network Perimeter
Security Statistic
Terima Kasih
Direktorat Pengembangan Sistem Pengadaan Secara Elektronik
LKPP
Incident di LPSE
•
•
•
•
•
•
•
•
•
Sulit Melakukan Upload
Password berubah
FiPenyalahgunaan user LPSE
le Upload diganti
File corrupt
OS Corrupt
HDD rusak
Aplikasi Tidak Bisa Di Akses
Dll………
Side Effect
• LPSE kehilangan kepercayaan termasuk oleh
LKPP
• Audit oleh eksternal mulai inspektorat, BPKP,
Kejaksaan, Kepolisian, BPK atau KPK
• Review pegawai oleh Atasan
• Pembekuan LPSE dan Penyekatan IT
infrastruktur
Review Fungsi IT di LPSE
• Administratif
• Fisik
– Akses Ruang server (finger print,kunci &
gembok)
– CCTV
• Orang
– Integrity
Review Fungsi IT di LPSE
• Teknik
– Fungsi redundancy environment
• Power Source (Listrik PLN dan Genset)
• Temporary Power Source (UPS)
• Cooling (Primary and Backup)
– Fungsi Redundancy data
• Backup Data file dan DB (COLD atau HOT)
• Mirroring System
– Fungsi Monitoring
• Monitoring ketersediaan
• Monitoring capacity
• Monitoring Security
Common Security Threat LPSE
•
•
•
•
•
•
•
•
•
Remote ssh steal password
Ransomware Database
HTTP Header Modification
Defaced
SQL Injection
SSH Without Password
Slowloris DDOS (Flooding)
Brute Force
Hack By Admin
Remote steal password
• Add source code into openssh
• Co pile a d let’s rock roll
Ransomeware Database
Ransomeware Database
Ransomeware Database
Ransomware Database
Send 0.5 BTC to this address and go to this site
http://ann2hzqgedo3plvu.onion/ to recover
your database! SQL dump will be available after
payment! |
1QUfRujo8U1wPgMcjkT4XZrViW2Bgvmf1 |
back_support@mai2tor.com
HTTP Header Modification
Deface
SQL Injection
SQL Injection
•
•
112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET
/eproc/faqpage?q=%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34
%39%38%37%29%20%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A
HTTP/1.1" 403 234 "-" "sqlmap/1.0-dev (http://sqlmap.org) »
112.215.44.239 - - [07/Jun/2015:14:26:00 +0800] "GET /eproc/faqpage?q= HTTP/1.1" 403 234 "-" »
%2D%34%38%35%32%27%29%29%29%20%4F%52%20%28%31%34%38%32%3D%34%39%38%37%29%2
0%41%4E%44%20%28%28%28%27%76%62%4B%6A%27%3D%27%76%62%4B%6A»
SSH no password with key auth
Slowloris DDoS
Common Backdoor / Trojan / Malware
• bl0wsshd 6.71p (/usr/bin/ssh, /usr/sbin/sshd)
• Perl IRC bot
• rainroot, file ./u (privilege gainer, permission:
suid)
• MiG log cleaner
• php-reverse-shell
Hack By Admin
What to do ???
• Separate security for each entity in the Infrastructure
• Manage User Access Control
Password Policy
Different User Access
• Hardening Remote System
• Hardening Kernel OS
• Manage Log System
• Secure Communication Channel
• Defend at Network Perimeter
Manage User Access Control
Password Policy :
• Used cracklib PAM Library : libpam-cracklib
• Edit file PAM configuration
– /etc/pam.d/system-auth on Centos
– /etc/pam.d/common-password on Debian
• Set Complexity Configuration
“........
password requisite pam_cracklib.so try_first_pass retry=3 minlength=12
lcredit=3 ucredit=2 dcredit=3 ocredit=2 difok=4
…....”
Manage User Access Control
Different User Access :
• allow root / admin login from spesific console
• Create Different User
• Assign user to spesific group
Hardening Remote System (SSH)
• Limit User Remote
• Use non Standart Port
• Disable non-usable fitur
– TCP Forward
– Tunnel
– X11 Forward
Log Management
• Using rsyslog
• Using Adiscon Log Analyzer for Web UI
Secure Communication Channel
• Type VPN :
– Site to Site VPN
– Remote Access Site VPN
• Jenis VPN :
– VPN Software (OpenVPN , Softether VPN)
– VPN Hardware (Appliance)
Secure Communication Channel
Defend at Network Perimeter
Security Statistic
Terima Kasih