Download - Adsl security
![Page 1: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/1.jpg)
With Harry Chan Putra. SP. MTCNA
Mengoptimalkan Keamanan
Jaringan Kecil Internet Services
http://harrychanputra.web.id
![Page 2: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/2.jpg)
Introduction
. Name : Harry Chan Putra. SP. MTCNA
. Country : Indonesia --- Graduate at Agronomi 2005--- Work : Engginering On Site PT. Telkom. Tbk--- Administrator of http://www.harrychanputra.web.id--- Aktivis : a. Kelompok Pengguna Linux Indonesia Padang b. MinangCrew--- Advisor : -- Telkom Security Report -- Bug Report to securitytracker.com with MinangCrew--- Certificate : -- Basic and Advance Linux Training Apkomindo -- Mikrotik Fundamental With Citraweb -- Fundamental Cisco Inixindo
![Page 3: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/3.jpg)
Materi
Konsep Konfigurasi Security Membangun router
![Page 4: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/4.jpg)
KONSEP
![Page 5: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/5.jpg)
Timbulnya masalah keamanan Kerahasiaan Integritas Ketersediaan
![Page 6: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/6.jpg)
Pelakunya Eksternal
Hackers & Crackers White Hat Hackers Scripts Kiddies Cyber terrorists Black Hat Hackers
Internal Pengguna Layanan Accidents
![Page 7: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/7.jpg)
Tipe Serangan Denial of Services (DoS)
Network flooding Buffer overflows
Software error Malware
Virus, worm, trojan horse Social Engineering Brute force
![Page 8: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/8.jpg)
Langkah rutin cracking… Information gathering Port scanner Network enumeration Gaining & keeping root / administrator access Using access and/or information gained Leaving backdoor Covering his tracks
![Page 9: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/9.jpg)
Cara management proses keamanan Support dari owner usaha
Bicara dengan Pemodal Usaha Sewa white hat hackers ( Admin Network ) Pengalaman dari kejadian yang sudah2 Baca2 di internet masalah kemanan
![Page 10: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/10.jpg)
Bagaimanan Cara Mengamankan
![Page 11: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/11.jpg)
Membuat aturan keamanan Komitmen dari Manajemen dan Staf Konsep jaringan dan terapan secara teknis dan non teknis Kontrak kerja dengan staf yang jelas
![Page 12: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/12.jpg)
KONFIGURASI
![Page 13: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/13.jpg)
Konsep Disain Jaringan
![Page 14: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/14.jpg)
Secure Network Layouts
INTERNET
Router
Switch
Server subnet User subnet(s)
![Page 15: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/15.jpg)
Secure Network Layouts (2)
INTERNET
Router
Switch
Server subnet User subnet(s)
FIREWALL appliance
![Page 16: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/16.jpg)
Secure Network Layouts (3)
INTERNET
Router
Switch
Server subnet User subnet(s)
FIREWALL appliance
FIREWALL appliance
SwitchWeb Server
DMZ
![Page 17: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/17.jpg)
Security
![Page 18: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/18.jpg)
Mengapa ?
![Page 19: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/19.jpg)
Resiko tak terduga
![Page 20: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/20.jpg)
Aktivitas yang berlebihan
![Page 21: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/21.jpg)
Apa yang dilakuan
![Page 22: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/22.jpg)
Keamanan Secara Fisik Amakan komputer dari penguntil hardware
dan data Monitoring with cameras Amankan masalah pelistrikan
![Page 23: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/23.jpg)
Firewall Packet filter Stateful Application proxy firewalls Implementation:
Iptables dengan linux Ipfw dan pf dari BSD Antivirus + Firewall server dari windows
![Page 24: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/24.jpg)
Firewall rules
![Page 25: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/25.jpg)
Contoh Packet filter menggunakan IPTABLES linux di jaringan
![Page 26: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/26.jpg)
Contoh Packet filter menggunakan firewall filter mikrotik di jaringan Lan
![Page 27: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/27.jpg)
File & Dir permissions Chown Chmod Chgrp
![Page 28: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/28.jpg)
Amankan Information gathering
![Page 29: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/29.jpg)
Bagaimana Social Engineering
Apa username dan passwordnya ?
Electronic Social engineering: phising
![Page 30: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/30.jpg)
Menggunakan Informasi Umum
Dig Host whois
![Page 31: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/31.jpg)
Port scanning Nmap
Which application running
![Page 32: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/32.jpg)
Network Mapping Icmp
Ping traceroute
![Page 33: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/33.jpg)
Limiting Published Information Disable unnecessary
services and closing port netstat –nlptu Xinetd
Opening ports on the perimeter and proxy serving edge + personal firewall
![Page 34: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/34.jpg)
Amankan dari Rootkit, Spoofing, DoS
![Page 35: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/35.jpg)
RootkitBebahaya karena : Orang bisa masuk kapan saja Server jadi terbuka untuk serangan Semua yang berbau kegiatan hacking
dikerjakan oleh rootkit :
![Page 36: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/36.jpg)
Spoofprotect
Linux untuk protek spoofing /etc/network/options
Spoofprotect=yes
/etc/init.d/networking restart
![Page 37: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/37.jpg)
Tindakan Pengatisipasian DDOS IDS IPS Honeypots firewall
![Page 38: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/38.jpg)
Akibat DDOS
![Page 39: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/39.jpg)
Intrusion Detection Software (IDS) Examining system logs (host based) Examining network traffic (network based) A Combination of the two Implementation:
Snort
![Page 40: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/40.jpg)
![Page 41: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/41.jpg)
![Page 42: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/42.jpg)
Modem ADSL IDS Date/Time Facility Severity Message
Jan 1 04:07:23 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=122.116.17.144 DST=125.162.87.79
LEN=40 TOS=0×00 PREC=0×00 TTL=113 ID=336 PROTO=TCP SPT=10391 DPT=1080 WINDOW=32 RES=0×00 SYN URGP=0
Jan 1 04:17:35 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.62.229 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=2257 DF PROTO=TCP SPT=3072 DPT=139 WINDOW=64800 RES=0×00 SYN URGP=0
Jan 1 04:25:33 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=195.5.116.234 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=114 ID=54968 PROTO=TCP SPT=48832 DPT=1080 WINDOW=65535 RES=0×00 SYN URGP=0
Jan 1 04:36:02 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.232.145.249 DST=125.162.87.79
LEN=52 TOS=0×00 PREC=0×00 TTL=50 ID=23868 DF PROTO=TCP SPT=12513 DPT=139 WINDOW=60352 RES=0×00 SYN URGP=0
Jan 1 04:46:22 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.58.133.210 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=111 ID=21235 DF PROTO=TCP SPT=2084 DPT=1433 WINDOW=65535 RES=0×00 SYN URGP=0
Jan 1 04:55:22 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.100.157 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=125 ID=50280 DF PROTO=TCP SPT=2456 DPT=445 WINDOW=64800 RES=0×00 SYN URGP=0
Jan 1 05:05:26 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.58.77 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=46298 DF PROTO=TCP SPT=1545 DPT=135 WINDOW=64800 RES=0×00 SYN URGP=0
Jan 1 05:16:50 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.58.104 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=21198 DF PROTO=TCP SPT=3555 DPT=135 WINDOW=64800 RES=0×00 SYN URGP=0
Jan 1 05:28:43 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.62.51 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=126 ID=11916 DF PROTO=TCP SPT=2536 DPT=135 WINDOW=16384 RES=0×00 SYN URGP=0
Jan 1 05:36:32 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=125.162.92.191 DST=125.162.87.79
LEN=48 TOS=0×00 PREC=0×00 TTL=127 ID=61656 DF PROTO=TCP SPT=3036 DPT=445 WINDOW=64800 RES=0×00 SYN URGP=0
Jan 1 05:47:49 user alert kernel: Intrusion -> IN=ppp_8_81_1 OUT= MAC= src=195.5.116.234 DST=125.162.87.79
![Page 43: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/43.jpg)
Mikrotik IDS
![Page 44: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/44.jpg)
Intrusion Preventions Software (IPS) Upgrade application Active reaction (IDS = passive) Implementation:
Portsentry hostsentry
![Page 45: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/45.jpg)
Honeypots (http://www.honeynet.org)
![Page 46: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/46.jpg)
Amankan dari Malware
![Page 47: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/47.jpg)
Malware Virus Worm Trojan horse Spyware
On email server : Spamassassin, ClamAV, Amavis
On Proxy server Content filter using squidguard
![Page 48: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/48.jpg)
Monitoring network
![Page 49: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/49.jpg)
Firewall Check
![Page 50: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/50.jpg)
Tips mengantisipasi masalah viruses & worms:
Tidak membuka attachment e-mail yang diragukan isinya, dikirimkan oleh pihak yang tidak dikenal, atau tidak mengharapkan mendapatkan e-mail tersebut
Menghapus “junk mails” (SPAM), kecuali Anda memang mengharapkannya
Tidak mendownload file dari orang yang tidak Anda kenal Selalu meng-update anti-virus dan gunakan antivirus
network untuk komputer yang terhubung kejaringan Melakukan backup & restore secara berkala terhadap
data penting yang Anda miliki Jangan pernah membuka web site yang tidak penting Gunakan deepfrezee dan deepfree semua partisi dan
gunakan passwordnya lebih dari 6 karakter
![Page 51: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/51.jpg)
Amankan user and password
![Page 52: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/52.jpg)
User and password Aturan Password Penggunaan karakter password Password file security
/etc/passwd, /etc/shadow Password audit
John the ripper Password management software
Centralized password Individual password management
![Page 53: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/53.jpg)
router# cat /etc/passwd# $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $#root:*:0:0:Charlie &:/root:/bin/cshtoor:*:0:0:Bourne-again Superuser:/root:daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologinoperator:*:2:5:System &:/:/usr/sbin/nologinbin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologintty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologinkmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologingames:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologinnews:*:8:8:News Subsystem:/:/usr/sbin/nologinman:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologinsshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologinsmmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologinmailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologinbind:*:53:53:Bind Sandbox:/:/usr/sbin/nologinproxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologinuucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucicopop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologinwww:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologinnobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologinareksitiung:*:1001:0:senthod:/home/areksitiung:/bin/tcshsquid:*:1002:1002:User &:/home/squid:/bin/sh
![Page 54: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/54.jpg)
![Page 55: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/55.jpg)
Amankan Remote Access
![Page 56: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/56.jpg)
Remote access Telnet vs SSH VPN
Ipsec Freeswan Racoon
CIPE PPTP OpenVPN
![Page 57: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/57.jpg)
Melindungi remote login1. Ganti port yang tidak biasanya untuk ssh standar 22 jadi ke 222 2. Jangan langsung izinkan remote pakai user admin atau root3. Jangan izinkan blank password4. Batasi waktu login
![Page 58: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/58.jpg)
ROUTER
![Page 59: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/59.jpg)
Apa itu Router ?sebuah alat jaringan komputer yang mengirimkan paket data melalui sebuah jaringan atau Internet menuju tujuannya, melalui sebuah proses yang dikenal sebagai routing.Vendor router contohnya : mikrotik,cisco, vertex, juniper, huwawei, 3com, dlink. Anda beli produk atau kegunaannya tergantung anda ?
![Page 60: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/60.jpg)
PC - Router
Pc yang di installkan system operasi yang memiliki fungsi sebagai router/gw atau dedicated router.
![Page 61: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/61.jpg)
Fungsi dan Manfaat PC-Router ?
1. Firewall untuk antisipasi aktivitas vandalisme ( virus , worm dan hacking2. Bandwith Management untuk mengatur alokasi bandwith dan prioritas trafik agar optimal3. Mengatur routing di antar network untuk memudahkan memanajemen semua host di jaringan 4. Proxy Server untuk cache web. Sehingga bandwith yang ada dapat dimanfaatkan alokasinya untuk trafik yang lain.
![Page 62: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/62.jpg)
System Operasi
1. Free Software - Linux distro ( Redhat, Suse, Mandrake ) - BSD distribusinya ( FreeBSD,NetBSD, OpenBSD ) - Open Solaris2. Propritiary Software - Windows ( Windows 2000, Windows 2003 ) - Mikrotik ( version 2.xxx – 3.xxx ) dan berdasarkan level lisensi
![Page 63: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/63.jpg)
LINUX dan BSD adalah
System Operasi komputer yang merupakan clonning UNIX Yang membuat beroperasinya sebuah Mesin ( Personal Computer ).
![Page 64: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/64.jpg)
Bagaimana Linux berkembang ? Ditemukan Oleh Linux Torvald tahun 1991 Menggunakan pengembangan Open Source Berlisensi GPL (GNU Public License) dan Free
Software Didistribusikan oleh banyak perusahaan: RedHat,
SuSE, TurboLinux, Mandrake, CorelLinux, Trustix, RedFlag, Slackware, Debian, dst
Dukungan Vendor besar: IBM, Intel, Compaq, dll
![Page 65: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/65.jpg)
Bagaimana BSDberkembang ? sistem operasi bertipe Unix bebas yang diturunkan dari
UNIX AT&T lewat cabang Berkeley Software Distribution (BSD) yaitu sistem operasi 386BSD dan 4.4BSD. FreeBSD berjalan di atas sistem Intel x86 (IA-32) (termasuk Microsoft Xbox[1], DEC Alpha, Sun UltraSPARC, IA-64, AMD64, PowerPC dan arsitektur NEC PC-98. Dukungan untuk arsitektur ARM dan MIPS sedang dalam pengembangan.
Berlisensi GPL (GNU Public License) dan Free Software Didistribusikan oleh Komunitas FreeBSD, NetBSD, Open
BSD ) Dukungan Vendor besar: IBM, Intel, Compaq, dll
![Page 66: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/66.jpg)
Apa itu FREE ?
FREE tidak sama dengan GRATIS FREE artinya Kebebasan :
Bebas di Duplikasi/Copy Bebas di Ubah/Modifikasi Bebas di distribusi/jual/sewa
LINUX and BSD is FREE SOFTWAREKonsep free software dapat dilihat di:http://www.fsf.org
![Page 67: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/67.jpg)
Bagaimana dg Software Aplikasi di Linux dan BSD? Aplikasi Server
Web server : Apache (Free) digunakan > 60 % seluruh dunia
Mailserver: Sendmail, Qmail; FTP Server; Fileserver, Router, Gateway, dst
Aplikasi desktop Staroffice (Free), mirip dengan Ms Office The Gimp mirip dengan Photoshop dst
![Page 68: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/68.jpg)
Desktop : KDE
![Page 69: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/69.jpg)
Shell BOX linux/BSD
![Page 70: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/70.jpg)
Bagaimana dengan VIRUS, Security, Kestabilan ? Linux/ BSD relatif jauh lebih tahan terhadap Virus dibanding
dengan sistem operasi Microsoft Windwos/NT/2000 Linux / BSD mewarisi sistem keamanan yang paling tinggi dari
sistem operasi UNIX, jauh sebelum Microsoft Windows dikenal orang
Berbagai pengalaman telah membutktikan kestabilan Linux dan BSD, perlakuan 'restart' hampir tidak pernah ditemui.
NO Blue Screen
![Page 71: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/71.jpg)
Membangun Pc-router Clackconect Standar Tahapan Instalasi Tahapan Konfigurasi Tahapan Optimalisasi Monitoring router
![Page 72: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/72.jpg)
Tahapan Instalasi
Masukan CD INSTALASI BOOT di bios menjadi boot ke cdrom. Akan keluar dua pilihan boot disk atau boot cd
![Page 73: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/73.jpg)
Booting Proses
![Page 74: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/74.jpg)
Pemilihan Bahasa
![Page 75: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/75.jpg)
Pemilihan Type Keyboard
![Page 76: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/76.jpg)
Pemilihan Setup
![Page 77: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/77.jpg)
Pemilihan Media Instalasi
![Page 78: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/78.jpg)
Pemiliahan Partisi Hardisk
![Page 79: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/79.jpg)
Pemilihan Gateway / Standalone
Gateway mode jika kita ingin menginstall system menjadi jembatan dua network dengan mengaktifkan firewall
Standalone mode ditujukan untuk server local network, hanya satu network card disarankan pada mode ini.
![Page 80: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/80.jpg)
Memilih interface network
![Page 81: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/81.jpg)
Set Ip Addres interface ke internet
192.168.1.2255.255.255.0192.168.1.1192.168.1.1
![Page 82: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/82.jpg)
Set Ip Addres To LAN
192.168.0.254255.255.255.0
![Page 83: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/83.jpg)
Set Hostname PC
proxye-com.war.net.id
![Page 84: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/84.jpg)
Pemilihan Date/Time
![Page 85: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/85.jpg)
Pengisian Passowrd root
![Page 86: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/86.jpg)
Tempat penginstalan
![Page 87: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/87.jpg)
Pemilihan paket instalasi
![Page 88: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/88.jpg)
Tahapan Penginstalan
![Page 89: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/89.jpg)
Format partisi dan instalasi paket
![Page 90: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/90.jpg)
Finish dan BooT
![Page 91: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/91.jpg)
Menu Login
![Page 92: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/92.jpg)
Tahapan Konfigurasi
Running IE or Mozilla and access ip lan router https://192.168.0.254:81
![Page 93: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/93.jpg)
Menu Awal
![Page 94: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/94.jpg)
Setup Proxy Server
![Page 95: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/95.jpg)
Setup DANSGUARDIAN
![Page 96: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/96.jpg)
Bandwith Management
![Page 97: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/97.jpg)
Firewall
![Page 98: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/98.jpg)
Blocking Peer-To-Peer
![Page 99: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/99.jpg)
Tahapan Optimalisasi
Matikan services yang tidak perlu untuk mengurangi proses backgound agar pemakaian memory lebih hemat
Tambahkan firewall tambahan jika di butuhkan jika di rasa dengan firewall bawaan dari clackconect masih kurang
Perubahan settingan pada proxy jika di perlukan untuk pengoptimalan jalannya proxy
![Page 100: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/100.jpg)
Monitoring System
![Page 101: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/101.jpg)
Monitoring Trafik
![Page 102: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/102.jpg)
Untuk mencek situs yang di akses oleh pc client #tail -f /var/log/squid/access.log
![Page 103: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/103.jpg)
![Page 104: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/104.jpg)
Cek Koneksi#ipstate
![Page 105: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/105.jpg)
Membangun Pc-router Mikrotik Standar Tahapan Instalasi Tahapan Configuration Tahapan Pengoptimalan Monitoring Router
![Page 106: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/106.jpg)
Tahapan Instalasi
Masukan CD INSTALASI BOOT di bios menjadi boot ke cdrom. Akan keluar dua pilihan boot disk atau boot cd
![Page 107: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/107.jpg)
Pemilihat paket instalasi
![Page 108: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/108.jpg)
Running instalasi dan reboot
![Page 109: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/109.jpg)
Menu Shell
![Page 110: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/110.jpg)
Tahapan Configurasi Set Interface with shell and Winbox
![Page 111: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/111.jpg)
Set Interface Name
![Page 112: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/112.jpg)
Setup Interface Name /interface set 0 name=Public /Interface Set 1 name=Local
![Page 113: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/113.jpg)
Set Ip Address
![Page 114: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/114.jpg)
Set Ip Address/ip address add address=192.168.1.2 netmask= 255.255.255.0 interface=Public Comment=Link To Modem/ip address add address=192.168.0.254 netmask= 255.255.255.0 interface=Local Comment=Link Lan
![Page 115: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/115.jpg)
Set Ip route to Gw
![Page 116: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/116.jpg)
Set ip route ke gw ke modem/ip route add gateway=192.168.1.2 comment=Link Ke Modem
![Page 117: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/117.jpg)
Set Dns server
![Page 118: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/118.jpg)
Set DNS Server/ip dns primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-request=yes
![Page 119: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/119.jpg)
Set sharing access
![Page 120: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/120.jpg)
Set Nat Sharing Access /ip firewall nat add chain=dst-nat ouput-interface=Public Comment=Nat Sharing
![Page 121: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/121.jpg)
Set Ip-WebProxy
![Page 122: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/122.jpg)
![Page 123: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/123.jpg)
Setup Ip-Web-Proxy ip web-proxy set enabled=yes port=8080 hostname="proxy.admin.war.net.id" transparent-proxy=yes parent-proxy=0.0.0.0:0 cache-administrator="[email protected]" max-object-size=4096KiB cache-drive=system max-cache-size=1048576KiB max-ram-cache-size=unlimited
![Page 124: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/124.jpg)
Transparan proxy
![Page 125: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/125.jpg)
Set proxy Tranparan/ ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment="Proxy MIx" disabled=yes add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment="" disabled=yes add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment="" disabled=yes
![Page 126: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/126.jpg)
Blocking Situs Terlarang
![Page 127: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/127.jpg)
Setup Blocking Situs terlarang/ ip web-proxy access add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no add url="**suck***" action=deny comment="P O R N O" disabled=no add url="*nude*" action=deny comment="" disabled=no
![Page 128: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/128.jpg)
Setup Cache Situs
![Page 129: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/129.jpg)
Setup File Cache web proxy/ ip web-proxy cache add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no add url="\\.exe\$" action=allow comment="" disabled=no add url="\\.zip\$" action=allow comment="" disabled=no add url="\\.mpeg\$" action=allow comment="" disabled=no
![Page 130: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/130.jpg)
Bandwith Manajemen
![Page 131: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/131.jpg)
Simple Script to Queues
/queues simple add name="QOS" dst-address=0.0.0.0/0 interface=all parent=none direction=both \ priority=8 queue=default-small/default-small limit-at=0/0 \ max-limit=1000000/1800000 total-queue=default-small disabled=no
:for z from 2 to 254 do={/queue simple add name=(0. . $z) target-addresses=(192.168.0. . $z) \parent="QOS" interface=all priority=4 queue=default/default max-limit=128000/530000 \total-queue=default}
![Page 132: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/132.jpg)
Tahapan Optimalisasi
Instal pakat sesuai kebutuhan sajan atau standar2 saja seperti admintool, security paket, webproxy
Matikan services yang tidak perlu untuk mengurangi proses backgound agar pemakaian memory lebih hemat kalau mau dipakai juga mesti memperhitungkan jumlah memory dan hardisk.
Tambahkan firewall tambahan jika di butuhkan jika di rasakan perlu.
Perubahan settingan pada proxy jika di perlukan untuk pengoptimalan jalannya proxy dan juga memperhitungkan cpu load dan resource pcnya
![Page 133: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/133.jpg)
Monitoring Trafik
![Page 134: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/134.jpg)
![Page 135: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/135.jpg)
![Page 136: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/136.jpg)
http://harrychanputra.web.id
KELOMPOK PENGGUNA LINUX PADANG
Thanks to : - Primadonal - http://primadonal.wordpress.com- Harinto - http://harinto.wordpresss.com- Tommy – Owner Central.Net - Hengky – Owner Vega.Net - All Team C4 and EOS Telkom Atas uji coba router2nya dan tempat usahanya
![Page 137: Adsl security](https://reader035.vdocument.in/reader035/viewer/2022081511/5592013f1a28ab47498b47e0/html5/thumbnails/137.jpg)
Bye-Bye
The End