School of Electrical Engineering and Computer Science at Manbaul Ulum University

-"MENCERDASKAN UMAT"-

School of Electrical Engineering and Informatics

EECS at MU

Electrical Enginering & Computer Sciences IR&D Center

at Manbaul Ullum University

Visi

Menjadi Pusat Pelatihan dan Pembelajaran ICT Cyber Terdepan

Misi

1. Unggul dalam Pendidikan ICT untuk pendidikan dasar dan menengah
2. Pusat Riset, Innovasi dan Pengembangan ICT
3. Teknologi Tepat guna dalam bidang ICT
4. Pusat data dan penganalisaannya

Staf Pendidik.

Barkah Firdaus (Ko.)

Ginanjar F.M. & Dian Hadiana

Sandi Socrates

Agus Haeruman

Ngara

Dede Supriatna

Indah

Rani Kharismaya

Ricky Taufikurrahman

Riki

Ricky Aji P.

Arip Nurahman

Anton Timur J.

Wendy Afriza

Security ▶ play

Notes

Slides

Source Code

Screen Scraping

Video

Flash

MP3

QuickTime

Watch it on Academic Earth

Lecture Description

Professor David J. Malan (Harvard University) discusses security as it pertains to building dynamic websites.

David J. Malan, Instructor
dmalan@harvard.edu
http://www.cs.harvard.edu/malan/

Course Description

Today's websites are increasingly dynamic. Pages are no longer static HTML files but instead generated by scripts and database calls. User interfaces are more seamless, with technologies like Ajax replacing traditional page reloads. This course teaches students how to build dynamic websites with Ajax and with Linux, Apache, MySQL, and PHP (LAMP), one of today's most popular frameworks. Students learn how to set up domain names with DNS, how to structure pages with XHTML and CSS, how to program in JavaScript and PHP, how to configure Apache and MySQL, how to design and query databases with SQL, how to use Ajax with both XML and JSON, and how to build mashups. The course explores issues of security, scalability, and cross-browser support and also discusses enterprise-level deployments of websites, including third-party hosting, virtualization, colocation in data centers, firewalling, and load-balancing.

Oleh:

Kang Onno W. Purbo, M.Sc., Ph.D.

Keamanan Jaringan &

Beberapa Tip Hacking

Teori

• Peta Teknologi Network Security
• http://www.owasp.org/index.php/Category:Principle - Prinsip Keamanan Aplikasi
• Trend Keamanan Internet Indonesia 2010
• 20 Linux Server Hardening Security Tips
• Linux Security Howto

Network Security Appliance

Untuk yang tidak mau pusing menginstalasi berbagai software / aplikasi network security, dapat menggunakan appliance yang sudah jadi.

• Cyberoam

• ipcop
• smoothwall
• ebox

Evaluasi Jaringan

• Meneropong Situs e-banking
• Menggunakan whois
• Instalasi PacketTracer Cisco di Ubuntu

Security Test

• http://sectools.org/web-scanners.html
• http://www.cirt.net/nikto2
• http://www.parosproxy.org/

Network Security

• Beberapa Tip Hacking
• Teknik Memblok Situs Tidak Baik
• Memblok Situs Porno Menggunakan Content Filter di Firefox Windows
• 11 Kelemahan Yang Kerap Tidak Disadari Admin Jaringan

Mail Security

• Postfix: Konfigurasi relayhost dengan Authentikasi
• Block Spam Menggunakan Postfix
• Blok Spam Menggunakan Postfix dan Bogofilter
• Instalasi MailScanner
• http://www.scamnailer.info/
• Teknik Anti Spam
• Melihat Header e-mail

Firewall & Blokir Situs

• Mini Howto iptables untuk Firewall
• Firestarter Firewall untuk Ubuntu
• Teknik Memblok Situs Tidak Baik
• Firewall Untuk Proxy DansGuardian
• Edit Konfigurasi Pemblokiran Dansguardian
• Instalasi phpSHIELD

Network Monitoring & Intrution Detection

• Instalasi Nessus
• Instalasi Nessus Client
• Nessus: Melalui Web
• Instalasi NTOP
• Instalasi SNORT dan BASE Intrusion Detection System (IDS)
• Instalasi EasyIDS
• Suricata Open Source Next Generation Intrusion Detection and Prevention Engine
• http://www.endace.com/cyber-security-monitoring.html
• Snorby Preconfigured Security Application

Pertahanan untuk NetCut

• Membuat Linux Kebal ARP Poisoning ARP Spoofing
• Pemutus jaringan LAN di linux dengan TechnoCut
• Anti NetCut
• tuxcut

Secure Connection

• http://www.madboa.com/geek/gpg-quickstart/#keyintro - GPG Key
• Virtual Private Network (VPN)
• Instalasi dan Konfigurasi rsync untuk backup antar mesin
• Persiapan SSH untuk SCP Batch
• Topal - Pengikat GnuPG dan Alpine
• Mengikat GnuPG dan Alpine
• Menggunakan GnuPG
• GnuPG Mini Howto
• GnuPG Privacy Handbook
• Ubah Nomor Port sshd

Mematikan Mesin Windows Jarak Jauh

• http://www.howtoforge.com/how-to-remotely-shut-down-windows-xp-computers-from-a-linux-server
• http://www.lgr.ca/blog/2008/04/shutdown-windows-from-linux.html
• http://www.linuxforums.org/forum/redhat-fedora-linux-help/60324-remote-shutdown-windows-linux-box.html
• http://landofthefreeish.com/linux/howto-remote-shutdown-of-a-windows-computer-from-linux/
• http://blog.beausanders.com/?q=node/8

OS Security

• http://www.go2linux.org/fedora-centos-root-password-recovery - kalau lupa password root
• Enkripsi Disk
• 20 Linux System Monitoring Tool

Anti Rootkit

• Rootkit Hunter
• chkrootkit

Anti Virus

• Instalasi antivirus clamav

Web Security

• http://www.ipa.go.jp/security/vuln/documents/website_security_en.pdf

SQL Injection

• SQL Injection Web dengan Dork
• Algoritma dan teknik menangkal SQL injection
• Teknik Mengatasi SQL Injection
• Patch SQL Injection Session 1 cmsmadesimple
• Patch SQL Injection Session 2 cmsmadesimple
• Patch SQL Injection Session 3 Final akses module

Cross Site Scripting XSS

• Injeksi XSS Ke Dalam Website
• Analisis dan antisipasi serangan Cross Site Scripting (XSS) (RECOMMENDED)
• Cara Mengatasi XSS Bug pada Bagian Komentar Wordpress
• XSS attacks: cross-site scripting exploits and defense
• Security+ Guide to Network Security Fundamentals - Page 93
• Hacking: The Next Generation
• Building scalable web sites
• The definitive guide to Grails - Page 409
• Apache security
• http://www.owasp.org/index.php/SQL_injection

Pelaporan

• Melaporkan Situs Phising

Hacking

• Wireless Hacking
• Beberapa Tip Hacking
• Backtrack
• Mari Hacking Website agar menjadi lebih aman
• Bagi yang Account Facebook di Crack
• WebGoat - Web yang tidak aman Untuk Belajar di Hack

Referensi Keamanan Jaringan

• http://www.securityfocus.com
• http://www.lists.gnac.net/firewalls
• http://www.nfr.com.mailman/listinfo/firewall-wizards
• http://www.sans.org/sansnews/
• http://www.cert.org/
• http://www.safemag.com/
• http://www.ciac.org/
• http://www.linuxsecurity.com/
• http://www.insecure.org/

Buku-Buku

• http://stores.lulu.com/owasp

Referensi Keamanan Web

• http://www.w3.org/security/faq/
• http://www.securityportal.com
• http://www.2600.com
• http://www.go2net.com/people/paulp/cgi-security/
• http://www.consensus.com/security/ssl-talk-faq.html
• / Web Engineering dalam Konteks Web Science: Isu Terkini dan Tantangan author : Bambang Purnomosidi D. P
• http://whitesecure.com
• http://www.owasp.org/index.php/Main_Page

URL Menarik

• http://awarmanf.wordpress.com/2010/05/01/drop-ultrasurf-dengan-iptables/
• Mereset Password pada Aplikasi Berbasis Web - Aplikasi yang cukup aman tidak bisa menggunakan cara ini
• http://situstarget.com/home/2010/07/02/cara-melaporkan-situs-phising/

Beberapa Tip Hacking

• Metoda serangan jaringan komputer secara umum
• Menjalankan Exploit Source Code untuk Pemula dari LiveCD Backtrack.
• Membuat Script Indonesia Jaya Tembus Password
• Wireless Hacking
• Man In the Middle Attack
• Copy Pentest Backtrack
• http://hendrasiahaan.wordpress.com/2010/03/24/11-kelemahan-yang-kerap-tidak-disadari-admin-jaringan/
• http://artikel.xcode.or.id/mengirim-ratusan-wall-facebook-dengan-cepat/
• TuxCut
• Mengirimkan e-mail menggunakan telnet, tanpa bantuan software apapun

Pengetahuan Umum

• Dunia Bawah Tanah di Internet
• Gerandongteam

Tools

• http://backtrack.offensive-security.com/index.php/Tools - daftar tool hacking

Jebol Password

• 3 Tahap Membuka Password Windows dengan Ubuntu

Port Scanning

• nmap

XSS Scanner

• http://www.acunetix.com/cross-site-scripting/scanner.htm

Web Security

• MITM Attack Mandiri Internet Banking Using SSLstrip
• http://www.ilmuhacking.com/web-security/memahami-cara-kerja-token-internet-banking/
• http://www.ilmuhacking.com/cryptography/memecahkan-kriptografi-dengan-chosen-plaintext-attack/
• http://www.ilmuhacking.com/web-security/membuat-web-dengan-otentikasi-berbasis-token/
• http://www.ilmuhacking.com/web-security/berburu-direktori-dan-file-sensitif-dengan-dirbuster/
• Sniffing SSL Traffic using oSpy

Sniffing

• Instalasi Wireshark
• http://awarmanf.wordpress.com/2010/04/29/tcpdump-dan-wireshark-untuk-sniffing-network/
• http://workaround.org/using-tcpdump-and-wireshark
• http://www.alexonlinux.com/tcpdump-for-dummies
• http://acs.lbl.gov/~jason/tcpdump_advanced_filters.txt

SQL Injection

SQL Injection Tutorial

• http://www.stmik-im.ac.id/userfiles/TEHNIK%20SQL%20INJECTION.pdf
• http://www.sekuritionline.net/plugins/p2_news/printarticle.php?p2_articleid=7
• http://www.binushacker.net/simple-sql-injection-tutorial.html
• http://fairuz.web.id/kumpulan-google-dork-untuk-sql-injection-deface-website-lewat-google.html

SQL Injection Software

• http://www.itsecteam.com/en/projects/project1.htm - Havij
• http://www.itsecteam.com/en/projects/project1_page2.htm - Havij Download
• http://linuxpoison.blogspot.com/2008/04/sql-injection-tool-sqlninja.html
• http://sourceforge.net/projects/sqlninja/files/
• http://sourceforge.net/projects/wapiti/
• http://sourceforge.net/projects/spinj/
• http://sourceforge.net/projects/paros/
• http://sourceforge.net/projects/w3af/
• http://sourceforge.net/projects/sqlmap/
• http://sourceforge.net/projects/hexjector/
• http://sourceforge.net/projects/joomscan/

Forum

• http://indobacktrack.or.id/forum/

Buku & Tutorial

• Buku Jasakom
• http://www.offensive-security.com/backtrack-tutorials.php

Echo ezine

echo|zine issue #20 ( Pebruari 2009 )

1. Introduction .................................................. y3dips
2. Pseudo-random .............................................. anonymous
3. Interview with Onno W Purbo......................................az001
4. What`s goin on echo forum ............................anonymous-co-ed
5. Intercepting Library Call ............................ mulyadi santosa
6. Caesar Shift Cipher............................................... Rey
7. ARPWall; Konsep dan Pembuktian ............................... y3dips
8. Encryption: Algoritma Combo .................................... jackD
9. Prophile on Jck.mrshl ................-----................. echostaff
10. Enkripsi dan Dekripsi dengan Fungsi Mcrypt di PHP............ monqichi
11. Salty Py; Password Salt Bruteforcer .. sheran gunasekera & selwin ong
12. Anti-Forensic; Seek and Destroy .............................jck.mrshl
13. Hacker LogBook....................................lirva 32; x-diamond1

echo|zine issue #19 ( Agustus 2008 )

1. Introduction .................................................. y3dips
2. Pseudo-random .............................................. anonymous
3. idsecconf ................................................. echo|staff
4. Digital Signature secara gampangnya ......................... mamasexy
5. cryptography : Simple a-symetric algorithm................. x-diamond1
6. Prophile on CyberTank .................................... echo|staff
7. Prophile on lirva32 ...................................... echo|staff
8. Whats Goin On Echo Forum ....................................... az001
9. Bailiwicked DNS Attack (Cache Poisoning) .................... Cyberheb
10. Scapy: obrak-abrik paket data ................................. y3dips
11. Hacker LogBook ........................................ various artist

Referensi Menarik

• http://www.echo.or.id
• http://ezine.echo.or.id/ezine-index.html
• http://www.jasakom.com
• http://www.remote-exploit.org
• http://www.xnuxer.or.id
• http://www.ilmuhacking.com
• http://indobacktrack.or.id/forum/ - forum backtrack
• http://www.backtrack-linux.org
• http://indobacktrack.or.id/
• http://www.chinapage.com/sunzi-e.html - SunTsu the Art of War
• http://www.hackforums.net
• http://www.exploit-db.com

Repository

• http://www.hacktoolrepository.com/

Pentest LiveCD

• Backtrack
• GnackTrack
• Ubuntu Pentest Edition
• Samurai Pentest

Pranala Menarik

• Linux Howto

Sumber:

http://opensource.telkomspeedy.com/wiki