Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Didiet Kusumadihardja
1. IT Security Specialist
PT. Mitra Solusi Telematika
Gedung TMT 2. GF
Jl. Cilandak KKO
Jakarta
Global
IT Security
Incident
Indonesia
IT Security
Incident
INDONESIA
IS
SAFE?
polri.go.id
2013
Deface
Teman Ahok
DDoS Attack
Videotron
Kebayoran Baru
Jakarta Selatan
IT Security
Trends
Gak Perlu
Pinter Buat
Hacking
Didiet Kusumadihardja - didiet@arch.web.id
Source: Carnegie Mellon University
14
Hacking Tools Example
Cybercrime as
a Service (CaaS)
Modern Business
How Hackers
do it?
1.Reconnaissance
2.Scanning
3.Gaining Access
4.Maintaining Access
5.Clearing Tracks
Didiet Kusumadihardja - didiet@arch.web.id
Source: Ethical Hacking by EC-Council
18
Hacking Phase (Cont’d)
1.Reconnaissance
Information Gathering Device Type
2.Scanning Application
Version
Vulnerability
5.Clearing Tracks
Data harvesting
Delete/overwrite Event/Logs
Didiet Kusumadihardja - didiet@arch.web.id
19
Hacking Phase Analogy
1.Reconnaissance
2.Scanning
3.Gaining Access
4.Maintaining Access
5.Clearing Tracks
Didiet Kusumadihardja - didiet@arch.web.id
20
When we fools them?
1.Reconnaissance
2.Scanning
3.Gaining Access
4.Maintaining Access
5.Clearing Tracks
Didiet Kusumadihardja - didiet@arch.web.id
21
Why at Scanning Phase?
TELNET SSH
The Dude
How to fools
them?
Hacker
Bait
Web Server
=
HTTP HTTPS
Didiet Kusumadihardja - didiet@arch.web.id
26
Confuse your enemy
HTTP HTTPS
SERVER X
How we do it
with Mikrotik?
NAT
(Network Address Translation)
Fake NAT
Other Ports to
Fake Server
INTERNET
Chain Action
Web Server
192.168.2.3 Fake Server
(Honey Pot)
192.168.2.4
Chain Action
KFSensor
Didiet Kusumadihardja - didiet@arch.web.id Others HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
38
What Hacker See (NMAP)
Nmap / Zenmap
Before After
Didiet Kusumadihardja - didiet@arch.web.id
39
What Hacker See (SoftPerfect NetScan)
Before After
Didiet Kusumadihardja - didiet@arch.web.id
40
I don’t want to use HoneyPot
Step 1: Chain
Step 2: Action
SRC-MAC ADDRESS
SRC-IP ADDRESS
Didiet Kusumadihardja - didiet@arch.web.id
42
What we see, If someone NMAP
Mikrotik LOG:
University
Internet Café
(WARNET) Insider Threat
http://public.honeynet.id
Research
For Fun
Analytics Learn hacking method
(Low Interaction Honeypot) from hacker / script kiddies
Didiet Kusumadihardja - didiet@arch.web.id (High Interaction Honeypot)
46
DIDIET KUSUMADIHARDJA
Thank you
.
.
Question?
didiet@arch.web.id
http://didiet.arch.web.id/
https://www.facebook.com/ArchNetID/
Didiet Kusumadihardja - didiet@arch.web.id