• Home

  • Documents

  • Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... ·...
12
Cloud Computing Security Haditya L. Mukri Prodi RMIK & MIK

Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

  • Upload
    vonga

  • View
    218

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Cloud Computing Security Haditya L. Mukri Prodi RMIK & MIK

Page 2: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Survey Tantangan Cloud Computing

Page 3: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

“The number one concern about cloud services is security.”

Frank Gens, IDC, Senior VP & Chief Analyst

Source: Source: IDC eXchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," (http://blogs.idc.com/ie/?p=730)

Page 4: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Cloud Computing Security • Cloud Computing Security = IT/Network Security secara

umum. • Jadi semua jenis ancaman atau serangan yang ditemukan

pada sistem “tradisional/konvensional”, masih tetap menjadi ancaman pada Cloud Computing. Misalnya Web Security Vulnerabilities yang disebut pada OWASP mulai SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll.

• Penyadapan, scanning, remote exploit, brute force dll juga masih bisa terjadi. Ancaman keamanan fisik juga masih tetap sama, karena bisasa jadi akses oleh pihak pihak yang tidak terotorisasi, hanya saja mungkin sudah menjadi tanggung jawab provider untuk bagian pengamanan fisik tersebut.

Page 5: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Cloud Computing Security

• Pada Prinsip IT Security, terdapat 3 yang menjadi objectives dasar yakni“C” “I” “A” – Confidentiality – Integrity – Availability

• Tantangan paling besar pada cloud computing saat ini adalah “Availability”

• Hampir setiap provider Cloud memberikan jaminan “Availability” yang tinggi pada client.

Page 6: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll
Page 7: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll
Page 8: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Ancaman Keamanan dari Cloud Computing

• “Cloud Computing” membawa ancaman baru untuk Keamanan

• Pada sistem keamanan sistem server konvensional (tradisional), umumnya yang dijaga adalah agar penyerang tidak dapat masuk ke dalam sistem

• Untuk itu penyerang (attacker) harus mampu menyusup dengan berbagai serangan pada otentikasi atau otorisasi/access control, atau mendapatkan secara ilegal account user lain.

• Sedang pada “Cloud Computing”, attacker yang dapat bertindak sebagai pelanggan yang juga memiliki hak atau akses ke mesin yang sama dengan target

Page 9: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Ancaman pada Cloud Computing

• Permasalahan Confidentiality • Perilaku/attitude yang tidak baik dari pihak

Provider • Memahami resiko yang ada pada setiap

industri yang mempraktekkan sistem oursourcing

• Provider dan Instrastrukturnya membutuhkan kepercayaan

Page 10: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

Beberapa jenis serangan dan ancaman baru

• Ancaman-ancaman baru bertambah dari sesama pelanggan

• Server Virtualisasi pelanggan dan attacker dapat ditempatkan pada fisik mesin yang sama

• Serangan kolaborasi(DoS) • Pemetaan internal cloud infrastructure • Mengidentifikasi lokasi target Server Virtual target • Cross-VM side-channel attacks • Menggali informasi dari target pada mesin yang sama

Page 11: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

HIDS (Host Intrusion Detection System)

• Meski infrastruktur Server menggunakan Cloud provider, bukan berarti kita menjadi tidak aware dalam keamanan sistem.

• Sebaiknya tetap memasang lapisan-lapisan keamanan seperti Host IDS

• Open Source HIDS seperti OSSEC (Ossec.net) mendukung aplikasi Cloud seperti VmwareESX

Page 12: Cloud Computing Security Haditya L. Mukrihim750.weblog.esaunggul.ac.id/wp-content/uploads/... · SQL injection, cross site scripting (XSS), cross site request forgeries (CSRF), dll

• Sumber : Josua M Sinambela, M.Eng CEH, CHFI, ECSA|LPT, ACE, CCNP, CCNA, CompTIASecurity+


Fakes and Forgeries: The Scientific Detection of Fraud

Fakes and Forgeries: The Scientific Detection of Fraud

Documents
Cuneiform forgeries in the Museu Bíblic of …bdtns.filol.csic.es/PDFs/Marquez_Molina_2006_FS_San...CUNEIFORM FORGERIES IN THE MUSEU BÍBLIC OF MONTSERRAT (BARCELONA) 291 Girsu (note

Cuneiform forgeries in the Museu Bíblic of …bdtns.filol.csic.es/PDFs/Marquez_Molina_2006_FS_San...CUNEIFORM FORGERIES IN THE MUSEU BÍBLIC OF MONTSERRAT (BARCELONA) 291 Girsu (note

Documents
INDEX POSTAL STAMP FORGERIES, FAKES, REPRINTS, FRAUDULENT POSTAL ... · PDF fileindex . of . literature in the english language that describes . postal stamp forgeries, fakes, reprints,

INDEX POSTAL STAMP FORGERIES, FAKES, REPRINTS, FRAUDULENT POSTAL ... · PDF fileindex . of . literature in the english language that describes . postal stamp forgeries, fakes, reprints,

Documents
Exposing Digital Forgeries Through Chromatic Aberration

Exposing Digital Forgeries Through Chromatic Aberration

Documents
Methods to Detect Forgeries in Static Signatures

Methods to Detect Forgeries in Static Signatures

Documents
Unmasking the Criminal Frauds and Forgeries

Unmasking the Criminal Frauds and Forgeries

Documents
Detecting Digital Forgeries using Blind Noise Estimation

Detecting Digital Forgeries using Blind Noise Estimation

Documents
Fabrications & Forgeries - Comparing Signatures & Titles on Mortgage Documents

Fabrications & Forgeries - Comparing Signatures & Titles on Mortgage Documents

Documents
Fakes, Forgeries, and Reproductions - Scholastic · Fakes, Forgeries, and Reproductions 10/14 Experts use visual, scientific, and historical clues to identify ... al Sandro Boticelli

Fakes, Forgeries, and Reproductions - Scholastic · Fakes, Forgeries, and Reproductions 10/14 Experts use visual, scientific, and historical clues to identify ... al Sandro Boticelli

Documents
Gospel Forgeries - Torah Prophecies/Falsificarea Noului Testament

Gospel Forgeries - Torah Prophecies/Falsificarea Noului Testament

Documents
Localization of Forgeries in MPEG-2 Video through …clem.dii.unisi.it/~vipp/files/publications/2013_KEYNOTE_MMSP... · Localization of Forgeries in MPEG-2 Video through GOP Size

Localization of Forgeries in MPEG-2 Video through …clem.dii.unisi.it/~vipp/files/publications/2013_KEYNOTE_MMSP... · Localization of Forgeries in MPEG-2 Video through GOP Size

Documents
Coin forgeries and replicas 2007 / Ilya Prokopov

Coin forgeries and replicas 2007 / Ilya Prokopov

Documents
Armenian falsifications, forgeries

Armenian falsifications, forgeries

Documents
1 Exposing Digital Forgeries in Interlaced and De

1 Exposing Digital Forgeries in Interlaced and De

Documents
Detecting Image Forgeries using Geometric Cues

Detecting Image Forgeries using Geometric Cues

Documents
ECMC UNREGULATED STUDENT LOAN FRAUD, FORGERIES AND GARNISHMENT

ECMC UNREGULATED STUDENT LOAN FRAUD, FORGERIES AND GARNISHMENT

Documents
[email protected] FORGERIES THE FIUME

[email protected] FORGERIES THE FIUME

Documents
35. Contemporary forgeries. - Byzantine Copper Coins · PDF file35. Contemporary forgeries. ... and the coinage of Syria under Persian occupation (19). ... the Imperial administration,

35. Contemporary forgeries. - Byzantine Copper Coins · PDF file35. Contemporary forgeries. ... and the coinage of Syria under Persian occupation (19). ... the Imperial administration,

Documents
Exposing Digital Forgeries by Detecting Duplicated Image ... · PDF fileTR2004-515, Dartmouth College, Computer Science Exposing Digital Forgeries by Detecting Duplicated Image Regions

Exposing Digital Forgeries by Detecting Duplicated Image ... · PDF fileTR2004-515, Dartmouth College, Computer Science Exposing Digital Forgeries by Detecting Duplicated Image Regions

Documents
Some Trinitarian Forgeries by a Monotheist. (1906)

Some Trinitarian Forgeries by a Monotheist. (1906)

Documents
Angga Haditya (03009022) & Laras Asia Cheria (03010157) Ruptur Tendon Tangan

Angga Haditya (03009022) & Laras Asia Cheria (03010157) Ruptur Tendon Tangan

Documents
XSLT Processing Security and Server Side Request Forgeries · XSLT Processing Security and Server Side Request Forgeries ... XSL_SECPREF_READ_FILE ... XSLT Processing Security and

XSLT Processing Security and Server Side Request Forgeries · XSLT Processing Security and Server Side Request Forgeries ... XSL_SECPREF_READ_FILE ... XSLT Processing Security and

Documents
Fakes and Forgeries Essay 1

Fakes and Forgeries Essay 1

Documents
FAKES & FORGERIES ETCellott-postalhistorian.com/articles/Fakes_and_Forgeries.pdf · 2016-09-28 · 1 FAKES & FORGERIES ETC. Revised and updated 13 September 2016 Gerald J. Ellott

FAKES & FORGERIES ETCellott-postalhistorian.com/articles/Fakes_and_Forgeries.pdf · 2016-09-28 · 1 FAKES & FORGERIES ETC. Revised and updated 13 September 2016 Gerald J. Ellott

Documents
Exposing Digital Forgeries by Detecting Duplicated Image

Exposing Digital Forgeries by Detecting Duplicated Image

Documents
Report on Frauds & Forgeries in Nigerian Banks

Report on Frauds & Forgeries in Nigerian Banks

Documents
DIES, HUBS, FORGERIES AND THE ATHENIAN ...stannard.info/stannard_fischer_bossert_dies_hubs...7 DIES, HUBS, FORGERIES AND THE ATHENIAN DECADRACHM Fig. 2 is an imitative denarius made

DIES, HUBS, FORGERIES AND THE ATHENIAN ...stannard.info/stannard_fischer_bossert_dies_hubs...7 DIES, HUBS, FORGERIES AND THE ATHENIAN DECADRACHM Fig. 2 is an imitative denarius made

Documents
A Forensic Tool for Investigating Image Forgeries - unisi.itclem.dii.unisi.it/~vipp/files/publications/2013_IJDCF_FontaniBDPB... · A Forensic Tool for Investigating Image Forgeries

A Forensic Tool for Investigating Image Forgeries - unisi.itclem.dii.unisi.it/~vipp/files/publications/2013_IJDCF_FontaniBDPB... · A Forensic Tool for Investigating Image Forgeries

Documents
Fakes and forgeries

Fakes and forgeries

Documents
1 Exposing Digital Forgeries in Color Filter Array

1 Exposing Digital Forgeries in Color Filter Array

Documents