Pengenalan Konsep Dasar Firewall Enkripsi Hardening Sistem Monitoring & Logging Intrusion Detection Incident Response Compliance & Standards Studi Kasus Security Scanner

Pertemuan 9: Keamanan Sistem

1. Pendahuluan

Keamanan sistem adalah aspek kritis dalam administrasi sistem yang melindungi infrastruktur TI dari ancaman internal dan eksternal.

Critical Focus: Setelah UTS, kita akan fokus pada implementasi praktis keamanan sistem, khususnya firewall dan enkripsi sebagai dua pilar utama pertahanan sistem.
Malware
Phishing
DDoS
Insider Threats
Ransomware
Zero-day

2. Konsep Dasar Keamanan Sistem

Triad CIA (Confidentiality, Integrity, Availability)
Confidentiality

Perlindungan data dari akses tidak sah

  • Encryption
  • Access controls
  • Authentication
Integrity

Memastikan data tidak diubah oleh pihak tidak berwenang

  • Hashing
  • Digital signatures
  • Checksums
Availability

Memastikan sistem dan data dapat diakses ketika dibutuhkan

  • Redundancy
  • Backups
  • Disaster recovery
Ancaman Keamanan Modern
Kategori Ancaman Contoh Dampak Mitigasi
Malware Virus, worm, trojan, ransomware Data loss, system compromise Antivirus, patching, user training
Social Engineering Phishing, pretexting, baiting Credential theft, data breach Security awareness, MFA
Network Attacks DDoS, man-in-the-middle, port scanning Service disruption, data interception Firewall, IDS/IPS, encryption
Insider Threats Karyawan dengan akses legitimate Data theft, sabotage Access controls, monitoring, least privilege
Defense in Depth
Physical Security
Perimeter Defense
Internal Network
Host Security
Application Security
Data Protection

3. Firewall: Garis Pertahanan Pertama

Konsep Dasar Firewall
Definisi

Sistem yang mengontrol traffic jaringan berdasarkan ruleset yang ditentukan

Bertindak sebagai barrier antara trusted internal network dan untrusted external network

Jenis Firewall
  • Packet Filtering - Header-based filtering
  • Stateful Inspection - Connection state tracking
  • Application-Level Gateway - Layer 7 filtering
  • Next-Generation Firewall (NGFW) - Integrated security
Implementasi Firewall di Linux (iptables/ufw)
iptables Architecture
Tables:
  • filter - Packet filtering (default)
  • nat - Network Address Translation
  • mangle - Packet alteration
  • raw - Connection tracking exemption
Chains:
  • INPUT - Incoming to localhost
  • OUTPUT - Outgoing from localhost
  • FORWARD - Through the server
Basic iptables Commands
# View current rules
iptables -L -n -v

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
UFW (Uncomplicated Firewall)
# Enable UFW
ufw enable

# Basic rules
ufw allow ssh
ufw allow 80/tcp
ufw allow from 192.168.1.0/24

# Deny specific networks
ufw deny from 10.0.0.0/8

# Status monitoring
ufw status verbose
Firewall di Windows
# View firewall rules (PowerShell)
Get-NetFirewallRule | Where-Object {$_.Enabled -eq "True"}

# Create new rule
New-NetFirewallRule -DisplayName "Allow Web Server" `
-Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

# Block specific IP
New-NetFirewallRule -DisplayName "Block Malicious IP" `
-Direction Inbound -RemoteAddress "192.168.100.100" -Action Block

4. Enkripsi: Perlindungan Data

Konsep Kriptografi
Symmetric Encryption

Key sama untuk enkripsi dan dekripsi

  • AES
  • DES
  • Blowfish
# Example: AES encryption
openssl enc -aes-256-cbc -in file.txt -out file.enc
Asymmetric Encryption

Public/private key pair

  • RSA
  • ECC
  • DSA
# Generate key pair
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
Hashing

One-way transformation

  • SHA-256
  • MD5
  • Bcrypt
# Generate hash
echo "password" | sha256sum
# atau
md5sum file.txt
Implementasi Enkripsi di Linux
LUKS (Linux Unified Key Setup)
# Encrypt disk partition
cryptsetup luksFormat /dev/sdb1

# Open encrypted volume
cryptsetup luksOpen /dev/sdb1 encrypted_volume

# Format dan mount
mkfs.ext4 /dev/mapper/encrypted_volume
mount /dev/mapper/encrypted_volume /mnt/secure

# Automatic mounting
echo "encrypted_volume /dev/sdb1 none luks" >> /etc/crypttab
GnuPG (File Encryption)
# Generate key pair
gpg --full-generate-key

# Encrypt file
gpg --encrypt --recipient recipient@email.com file.txt

# Decrypt file
gpg --decrypt file.txt.gpg

# Sign and verify
gpg --clearsign document.txt
gpg --verify document.txt.asc
Enkripsi di Windows
BitLocker
# Enable BitLocker (PowerShell)
Enable-BitLocker -MountPoint "C:" `
-EncryptionMethod Aes256 `
-RecoveryPasswordProtector

# Status monitoring
Get-BitLockerVolume

# Manage TPM
Initialize-Tpm
EFS (Encrypting File System)

File/folder encryption melalui properties

  • Properties → Advanced → Encrypt contents
  • Certificate-based encryption
  • Integrated dengan Active Directory
# Command line EFS management
cipher /e /s:C:\SensitiveData

5. Hardening Sistem

Linux Hardening Guidelines
Service Hardening
# Disable unnecessary services
systemctl disable cups
systemctl disable bluetooth

# Remove unused packages
apt purge telnetd rsh-server

# Configure SSH hardening
vi /etc/ssh/sshd_config

# Set password policies
vi /etc/security/pwquality.conf
vi /etc/login.defs
Security Tools
# Install and configure fail2ban
apt install fail2ban
systemctl enable fail2ban

# Configure fail2ban for SSH
vi /etc/fail2ban/jail.local

# Install lynis for auditing
apt install lynis
lynis audit system

# System scanning
chkrootkit
rkhunter --check
Windows Hardening
System Hardening
# Disable SMBv1 (PowerShell)
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

# Configure Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -ExclusionExtension ".exe"

# Apply security templates
secedit /configure /db config.sdb /cfg security_policy.inf

# Enable audit policies
auditpol /set /category:"Account Logon" /success:enable
Application Hardening
  • Regular patching dan updates
  • Least privilege principle untuk service accounts
  • Application whitelisting
  • Secure configuration guidelines
  • Input validation dan sanitization
  • Secure coding practices

6. Security Monitoring & Logging

Centralized Logging
Linux (rsyslog)
# Configure remote logging
vi /etc/rsyslog.conf

# Send logs to remote server
*.* @192.168.1.100:514

# Important log files
/var/log/auth.log # Authentication events
/var/log/syslog # System events
/var/log/secure # Security events (RHEL/CentOS)
/var/log/fail2ban.log # Fail2ban blocking events
Windows Event Log
# Configure event forwarding (PowerShell)
wecutil qc

# Important event logs
Get-EventLog -List

# Security events
Get-WinEvent -FilterHashtable @{
LogName='Security';
ID=4624,4625,4648,4672
}

# Failed login attempts
Get-WinEvent -FilterHashtable @{
LogName='Security';
ID=4625
} | Select-Object TimeCreated,Message
Log Analysis Examples
Linux Log Analysis
# Failed SSH attempts
grep "Failed password" /var/log/auth.log

# Successful logins
grep "Accepted password" /var/log/auth.log

# Suspicious activity
grep "Invalid user" /var/log/auth.log

# Count failed attempts by IP
awk '/Failed password/ {print $11}' /var/log/auth.log | sort | uniq -c | sort -nr
Automated Monitoring Script
#!/bin/bash
LOG_FILE="/var/log/auth.log"
ALERT_FILE="/var/log/security_alerts.log"

tail -f "$LOG_FILE" | while read line; do
if echo "$line" | grep -q "Failed password"; then
echo "$(date): Failed login - $line" >> "$ALERT_FILE"
# Send email alert
echo "Security alert: Failed login" | mail -s "ALERT" admin@company.com
fi
done

7. Intrusion Detection

Host-based Intrusion Detection
AIDE (Advanced Intrusion Detection)
# Install AIDE
apt install aide

# Initialize database
aide --init

# Copy database
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

# Regular integrity checking
aide --check

# Update database after changes
aide --update
OSSEC - HIDS
# Install OSSEC
apt install ossec-hids

# Configuration
vi /var/ossec/etc/ossec.conf

# Management
/var/ossec/bin/ossec-control start
/var/ossec/bin/ossec-control status

# Log monitoring
tail -f /var/ossec/logs/alerts/alerts.log
Network Intrusion Detection
Snort - NIDS
# Install Snort
apt install snort

# Basic configuration
vi /etc/snort/snort.conf

# Run Snort
snort -A console -q -c /etc/snort/snort.conf -i eth0

# Monitor mode
snort -v -i eth0
Wazuh - Modern SIEM
# Install Wazuh agent
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee -a /etc/apt/sources.list.d/wazuh.list
apt update
apt install wazuh-agent

# Start agent
systemctl enable wazuh-agent
systemctl start wazuh-agent

8. Incident Response Framework

Phases of Incident Response
1
Preparation

Develop policies, tools, team

2
Identification

Detect and analyze incidents

3
Containment

Isolate affected systems

4
Eradication

Remove threat components

5
Recovery

Restore systems and operations

6
Lessons Learned

Document and improve

Basic Incident Response Kit
  • Forensic toolkit - Write blockers, imaging tools
  • Network monitoring tools - Wireshark, tcpdump
  • Memory analysis tools - Volatility, Rekall
  • Documentation templates - Incident reports
  • Clean analysis systems - Isolated environment
  • Communication plan - Contact lists, escalation

9. Compliance dan Security Standards

Common Standards
ISO 27001

Information Security Management

  • Risk assessment
  • Security controls
  • Continuous improvement
  • International standard
PCI DSS

Payment Card Industry

  • Cardholder data protection
  • Network security
  • Vulnerability management
  • Access controls
NIST Framework

Cybersecurity Framework

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
GDPR

Data Protection (EU)

  • Data privacy
  • Consent management
  • Right to be forgotten
  • Data breach notification
Security Policies
  • Acceptable Use Policy
  • Password Policy
  • Incident Response Policy
  • Data Classification Policy

10. Studi Kasus: Ransomware Attack Response

Scenario:

Server file sharing terinfeksi ransomware. File penting terenkripsi dengan ekstensi .encrypted. Users melaporkan tidak bisa mengakses file.

Response Plan:
1. Identification & Isolation
# Isolate server dari network
ifdown eth0
# atau
iptables -A INPUT -s 0.0.0.0/0 -j DROP

# Disconnect dari domain
net ads leave -U administrator

# Disable user accounts
usermod -L compromised_user
passwd -l compromised_user
2. Eradication
# Identify malware
ps aux | grep -i encrypt
find / -name "*encrypt*" -type f 2>/dev/null

# Remove malware
rm -f /tmp/malware.bin

# Check crontab untuk persistence
crontab -l
ls -la /etc/cron*
3. Recovery
# Restore dari clean backup
tar -xzpf backup_pre_attack.tar.gz -C /clean_environment/

# Verify restored data
find /clean_environment/ -name "*.encrypted" | wc -l
# Should return 0

# Compare file checksums
md5sum -c checksums.list
4. Hardening
# Apply security patches
apt update && apt upgrade

# Harden SSH configuration
vi /etc/ssh/sshd_config

# Implement fail2ban
apt install fail2ban
systemctl enable fail2ban

# Security audit
lynis audit system
Post-Incident Actions:
  • Root cause analysis - Identify infection vector
  • Security awareness training - User education
  • Backup strategy review - Ensure RTO/RPO compliance
  • Monitoring enhancement - Better detection capabilities

11. Security Configuration Scanner

System Security Assessment
Select Assessment Type:
Scan Results:
Select scan type and click Run...
Security Score: 0%
Recommended Actions:

Ringkasan Pembelajaran

Pada pertemuan ini kita telah mempelajari keamanan sistem yang komprehensif, termasuk defense in depth, tools security, dan incident response.

Key Takeaways:
  • Pemahaman CIA triad dan defense in depth
  • Implementasi firewall dan enkripsi
  • System hardening techniques
  • Incident response procedures
Next Topic Preview:

Pertemuan berikutnya: Audit Keamanan - tools dan metodologi untuk security assessment.

Sebelumnya Selanjutnya: Audit Keamanan