Bagi yang tertarik membaca doumen-dokumen mengenai keamanan informasi yang dipublikasi oleh NIST (800 Series) bisa lihat di link berikut:
http://csrc.nist.gov/publications/PubsSPs.html#800-115
Selamat membaca!!
Monday 8 July 2013
Wednesday 3 July 2013
PACK (Password Analysis and Cracking Toolkit)
Bagi yang tertarik mempelajari password analysis dan cracking, bisa baca di sini:
http://thesprawl.org/projects/pack/
Salam
http://thesprawl.org/projects/pack/
Salam
Incident Response Fundamentals
Artikel menarik tentang Incident Response.
https://securosis.com/blog/incident-response-fundamentals-trigger-escalate-and-size-up
Semoga bermanfaat!
https://securosis.com/blog/incident-response-fundamentals-trigger-escalate-and-size-up
Semoga bermanfaat!
Wednesday 8 May 2013
Wednesday 24 April 2013
Apa sih Botnet?
Botnet merupakan ancaman yang sangat serius bagi keamanan informasi saat ini. Bagi yang ingin tahu bagaimana kerja Botnet, bisa baca informasi tentang Botnet yang di terbitkan di website f-secure.
Silahkan baca di:
http://www.f-secure.com/en/web/labs_global/articles/about_botnets
Selamat membaca!!
Silahkan baca di:
http://www.f-secure.com/en/web/labs_global/articles/about_botnets
Selamat membaca!!
Tuesday 23 April 2013
Malware Android Menggunakan Steganography
Ini informasi menarik yang diterbitkan tanggal 30 Januari 2012 di website f-secure.com tentang malware android yang menggunakan steganography.
Silahkan baca selengkapnya di:
http://www.f-secure.com/weblog/archives/00002305.html
Selamat membaca!!
Silahkan baca selengkapnya di:
http://www.f-secure.com/weblog/archives/00002305.html
Selamat membaca!!
Wednesday 20 February 2013
Firewall vs Honeypot
Secara konsep antara firewall dan honeypot sangat berbeda. Firewall dirancang agar penyerang tetap berada di luar perimeter (perbatasan) sedangkan honeypot justru dirancang untuk menarik penyerang untuk masuk ke dalam lalu kegiatan penyerang di monitor dan dipelajari.
Tuesday 19 February 2013
Slide Presentasi Workshop Honeynet Project 2011
Bagi yang tertarik membaca slide2 presentasi workshop honeynet project 2011 di Paris, silahkan kunjungi website honeynet project di bawah ini:
http://www.honeynet.org/SecurityWorkshops/2011_Paris
Selamat membaca!!
http://www.honeynet.org/SecurityWorkshops/2011_Paris
Selamat membaca!!
Kenapa Butuh Client Honeypot?
Kenapa butuh client honeypot? salah satunya karena sistem operasi dan aplikasi (internet browser, dll) di sisi client (laptop, desktop, smart phone, dll) memiliki kelemahan2 yang kadang belum ada patchnya (0day) atau belum di patch. Kelemahan2 pada sisi client ini dapat menjadi sasaran serangan malware (drive-by-download attack).
Jenis2 malware:
- Virus
- Worm
- Trojans
- Spyware
- Adware
- Root kits
Honeypot yang dipasang pada sisi client dinamakan client honeypot. Client honeypot ada yang aktif dan ada yang pasif. Client honeypot dapat digunakan untuk mendeteksi adanya malware di website (malicious website). Client honeypot jenis ini termasuk jenis client honeypot yang aktif. Client honeypot dapat dibangun dengan menggunakan High Interaction Honeypot yang dinamakan High Interaction Client Honeypots (HICHPs) atau dengan menggunakan Hybrid Honeypot yang dinamakan Hybrid Client Honeypot (gabungan high interaction client honeypot dengan low interaction client honeypot).
Jenis2 malware:
- Virus
- Worm
- Trojans
- Spyware
- Adware
- Root kits
Honeypot yang dipasang pada sisi client dinamakan client honeypot. Client honeypot ada yang aktif dan ada yang pasif. Client honeypot dapat digunakan untuk mendeteksi adanya malware di website (malicious website). Client honeypot jenis ini termasuk jenis client honeypot yang aktif. Client honeypot dapat dibangun dengan menggunakan High Interaction Honeypot yang dinamakan High Interaction Client Honeypots (HICHPs) atau dengan menggunakan Hybrid Honeypot yang dinamakan Hybrid Client Honeypot (gabungan high interaction client honeypot dengan low interaction client honeypot).
Thursday 7 February 2013
Wawancara menarik dengan key note speaker Honeynet Project Workshop 2013
Wawancara menarik dengan key note speaker Workshop Honeynet Project 2013.
Dikutip dari website Honeynet Project http://www.honeynet.org/node/1026
Dikutip dari website Honeynet Project http://www.honeynet.org/node/1026
Security in 2020? Anton Chuvakin will give you the broad overview!
Thu, 02/07/2013 - 22:46 — sjur.usken
The broader picture a the conference will be given by a well known person in this field. He will talk about "Security 2020" This is Dr. Anton Chuvakin, and he is a Research Director at Gartner's Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team in his day job.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" is one of the most popular in the industry.
Tell us Anton, why did you become a security expert?
Few people I met in the industry have a noble answer to that question, such as “to protect the world from evil computer criminals”, or something. I think for most people the more important question is “how” not “why.” So, in my case, I started helping with Linux system administration back in my graduate student years - and I immediately discovered that the machines that I was supposed to help with were already compromised and had IRC bots running on them. That pretty much started my interest in security – I started reading books and online resources. Soon, I was sharing my experiences and writing papers about fighting the attackers at a small ISP. That pretty much became a passion and the career.
And what will you talk about?
Since I am giving a keynote, I will talk about everything :-). But in particular, I will talk about the future. I will try to create a framework for understanding how information security will look in, say, 2020 and possibly even beyond. I would invite my audience to explore that world of that possible future and see what we need to do now to prepare for it.
What do you love the most being a security expert?
Change! The world of information security changes all the time as technologies and attacks change. Admittedly, you are more likely to find a Windows NT 4.0 machine than a private cloud at many large organizations, so quite a few things that should change don't really change. Still, information security is an exciting domain because of its ever-changing nature, which nearly guarantees you'll never be bored.
So further on, what do you think the future security threats will be like?
I will defer that question to my presentation, to make it more fun!
OK, nice one. But what is your best tip then for security professionals today?
To protect the ever-changing IT landscape, you must keep your deep technical knowledge current and constantly learn about the technologies at tax vulnerabilities as well as about new uses of information for business and other purposes. A security professional simple cannot “fall into the rut” and stay in the comfort zone of what he already knows – he will become useless fairly soon. Constant learning without stopping for a second is your best tip.
And why should people come to the upcoming (and awesome) HP workshop in Dubai?
Honeynet Project workshops (and I remember my first one at Lance’s house in 2003 or so) is a very special type of an event where you can learn (from presentations as well as hands on) from the people who are at the very top of their fields (be is visualization, forensics or malware reversing).
Thanks Anton for your time, and looking forward seeing you again on the workshop! It will be another interesting and great workshop (IMHO at least.. )! There are still some tickets left! Check the schedule here and join us in Dubai 10-12th of February!
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" is one of the most popular in the industry.
Tell us Anton, why did you become a security expert?
Few people I met in the industry have a noble answer to that question, such as “to protect the world from evil computer criminals”, or something. I think for most people the more important question is “how” not “why.” So, in my case, I started helping with Linux system administration back in my graduate student years - and I immediately discovered that the machines that I was supposed to help with were already compromised and had IRC bots running on them. That pretty much started my interest in security – I started reading books and online resources. Soon, I was sharing my experiences and writing papers about fighting the attackers at a small ISP. That pretty much became a passion and the career.
And what will you talk about?
Since I am giving a keynote, I will talk about everything :-). But in particular, I will talk about the future. I will try to create a framework for understanding how information security will look in, say, 2020 and possibly even beyond. I would invite my audience to explore that world of that possible future and see what we need to do now to prepare for it.
What do you love the most being a security expert?
Change! The world of information security changes all the time as technologies and attacks change. Admittedly, you are more likely to find a Windows NT 4.0 machine than a private cloud at many large organizations, so quite a few things that should change don't really change. Still, information security is an exciting domain because of its ever-changing nature, which nearly guarantees you'll never be bored.
So further on, what do you think the future security threats will be like?
I will defer that question to my presentation, to make it more fun!
OK, nice one. But what is your best tip then for security professionals today?
To protect the ever-changing IT landscape, you must keep your deep technical knowledge current and constantly learn about the technologies at tax vulnerabilities as well as about new uses of information for business and other purposes. A security professional simple cannot “fall into the rut” and stay in the comfort zone of what he already knows – he will become useless fairly soon. Constant learning without stopping for a second is your best tip.
And why should people come to the upcoming (and awesome) HP workshop in Dubai?
Honeynet Project workshops (and I remember my first one at Lance’s house in 2003 or so) is a very special type of an event where you can learn (from presentations as well as hands on) from the people who are at the very top of their fields (be is visualization, forensics or malware reversing).
Thanks Anton for your time, and looking forward seeing you again on the workshop! It will be another interesting and great workshop (IMHO at least.. )! There are still some tickets left! Check the schedule here and join us in Dubai 10-12th of February!
Tuesday 29 January 2013
Workshop Honeynet Project 2013
Honeynet Project tahun ini akan mengadakan workshop di Dubai.
Workshop akan diadakan pada tanggal 10 Pebruari sampai 12 Pebruari.
Lihat websitenya di:
http://www.honeynet.org/node/dubai2013
http://dubai2013.honeynet.org/
Workshop akan diadakan pada tanggal 10 Pebruari sampai 12 Pebruari.
Lihat websitenya di:
http://www.honeynet.org/node/dubai2013
http://dubai2013.honeynet.org/
Saturday 26 January 2013
Proactive Detection of Security Incidents - Honeypot
Dapat dari Internet, sebuah laporan tentang honeypot yang diterbitkan oleh ENISA (European Network and Information Security Agency). Laporan ini merupakan study tentang teknologi Honeypot yang cukup lengkap. Laporan ini diterbitkan pada tanggal 22 November 2012.
Silahkan baca di:
http://www.enisa.europa.eu/activities/cert/support/proactive-detection-of-security-incidents-II-honeypots
Selamat membaca!!
Silahkan baca di:
http://www.enisa.europa.eu/activities/cert/support/proactive-detection-of-security-incidents-II-honeypots
Selamat membaca!!
Pembagian jenis honeypot berdasarkan interaksi penyerang
Honeypot dapat dibagi menjadi tiga jenis berdasarkan tingkat interaksi peyerang terhadap sebuah honeypot, yaitu:
- High interaction
- Medium interaction
- Low interaction
High interaction honeypot adalah sebuah honeypots yang menyediakan sistem operasi nyata (real operating system) untuk diserang tanpa adanya batasan-batasan. Dengan menggunakan honeypot jenis ini diharapkan akan mendapatkan banyak data tentang aktivitas penyerang.
Medium interaction honeypot, berbeda dengan high interaction honeypots, honeypot jenis ini menyediakan lebih sedikit interaksi dibandingkan dengan high interaction honeypots. Honeypot jenis ini tidak memiliki sistem operasi nyata yang lengkap, beberapa layanan teknis disimulasikan.
Dalam low interaction honeypots, layanan-layanan disimulasikan sehingga penyerang tidak bisa mendapatkan akses penuh terhadap honeypot. Pada honeypot jenis ini, penyerang tidak berinteraksi dengan sistem operasi nyata.
- High interaction
- Medium interaction
- Low interaction
High interaction honeypot adalah sebuah honeypots yang menyediakan sistem operasi nyata (real operating system) untuk diserang tanpa adanya batasan-batasan. Dengan menggunakan honeypot jenis ini diharapkan akan mendapatkan banyak data tentang aktivitas penyerang.
Medium interaction honeypot, berbeda dengan high interaction honeypots, honeypot jenis ini menyediakan lebih sedikit interaksi dibandingkan dengan high interaction honeypots. Honeypot jenis ini tidak memiliki sistem operasi nyata yang lengkap, beberapa layanan teknis disimulasikan.
Dalam low interaction honeypots, layanan-layanan disimulasikan sehingga penyerang tidak bisa mendapatkan akses penuh terhadap honeypot. Pada honeypot jenis ini, penyerang tidak berinteraksi dengan sistem operasi nyata.
Script untuk setup honeypot secara otomatis
Subscribe to:
Posts (Atom)