SlideShare uma empresa Scribd logo

Peranan ID-CERT Dalam Keamanan Cyber Space

budi rahardjo
budi rahardjo

ID-CERT didirikan pada 1998 untuk menangani masalah keamanan siber di Indonesia. Organisasi ini bekerja secara sukarela untuk mengkoordinasikan insiden jaringan dan mendistribusikan laporan tentang ancaman seperti phishing. ID-CERT juga membuat statistik tentang insiden keamanan untuk meningkatkan kesadaran masyarakat. Namun, organisasi ini menghadapi tantangan seperti keterbatasan SDM dan pendanaan yang menghambat upaya mereka untuk mel

Saúde e medicinaNotícias e política
1 de 13
Baixar para ler offline
Peran ID-CERT dalam Keamanan Informasi di Cyber Space Budi Rahardjo budi@cert.or.id Bandung, 19 Juli 2011 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Sejarah ID-CERT • 1998. Dimulai sebagai respon terhadap kebutuhan pelaporan masalah security yang terkait dengan internet Indonesia • Dijalankan oleh voluntir – Come and go, menyulitkan operasional – Mulai mendaftarkan nama dan domain – Berkordinasi secara regional INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Sejarah ID-CERT (2) • 2001-2003. Ikut mendirikan forum regional APCERT (Asia Pacific Computer Emergency Response Team) sebagai full member dan point of contact (POC) untuk Indonesia • 2010. Mulai menerbitkan statistik abuse INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Misi • Melakukan kordinasi penganangan insiden yang melibatkan pihak Indonesia dan pihak luar negeri • ID-CERT tidak memiliki otoritas secara operasional terhadap konstituensinya baik di Indonesia maupun luar negeri, melainkan hanya menginformasikan berbagai keluhan atas insiden, serta bergantung sepenuhnya pada kerjasama dengan para-pihak yang terlibat dalam insiden jaringan terkait. INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Misi (2) • ID-CERT dibangun oleh komunitas dan hasilnya akan kembali kepada komunitas. • Memasyarakatkan pentingnya keamanan internet di Indonesia. • Melakukan berbagai penelitian dibidang keamanan internet yang dibutuhkan oleh komunitas internet Indonesia. INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
ID-CERT Bukan ... • Konsultan Internet Security; • Lembaga / institusi Pemerintah; • Partai Politik INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Kegiatan ID-CERT • Menerima laporan (umumnya dari luar negeri) dan meneruskan ke pihak terkait / mailing list – Phishing, attack (failed login), virus INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Contoh complaint phishing To: abuse@jasatel.net.id Subject: [eBay:2DYHD11OX726] URGENT: 2ND Notice - PayPal Phishing Site Report [202.69.105.146] From: Rebecca <ftsteam@paypal.com> X-Mailer: eBay-FTS Cc: diskusi@cert.or.id, request@cert.or.id, netadmin@jasatel.net.id Dear Jasatel, We have made multiple attempts to notify you that your service is being used to +display false or "spoofed": PayPal pages, apparently in an effort to steal +personal and financial information from consumers, and defraud PayPal users. +Specifically, it appears that a Jasatel user is sending unsolicited messages +which misrepresent the sender as PayPal, and making false statements that +encourage the recipient to go to a page hosted by you at 202.69.105.146 - +http://202.69.105.146/p/Confirm.php?cgi-bin/webscr?cmd=_flow&amp;SESSION=MWRVbS +I4D3pZmo-aItIzTdIemdBE_rquZvWcEQvCn31bgQbyxqyELPMfNOe&amp;dispatch=5885d80a13c0 +db1f8e263663d3faee8d9384d85353843a619606282818e091d0 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Kegiatan ID-CERT (2) • Membuat statistik – Abuse (sudah dilaksanakan) – Malware (akan dilaksanakan, masih mencari dukungan finansial) • Kordinasi dengan berbagai pihak • Memberikan awareness INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Contoh Laporan Singkat Abuse Statistik hasil riset Internet Abuse 2010 edisi Maret 2010 1. Spam-----------------------------1579 2. Spam Komplain-----------------------0 3. Respon------------------------------3 4. Network Incident-------------------17 5. Fraud-------------------------------0 6. Spoofing / Phishing----------------16 7. Malware-----------------------------4 8. Lain-lain--------------------------36 ======================================== JUMLAH------------------------------1655 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Contoh Laporan Abuse • Insiden jaringan (Network Incident) yang mencakup: DoS Attack, Open Relay, Open Proxy, Hacking, Port Scanning, Port Probe (HTTP/HTTPS, FTP, TELNET, TCP, SSH Brute, CGI, RPC, Netbios, VNC Portscan), TCP Sweep dan SQL Injection pada tahun ini menduduki peringkat pertama dalam riset Abuse kali ini. Hal ini merupakan rekor tertinggi semenjak awal tahun ini. NETWORK INCIDENT SEMESTER I 2010 & 2011 90,000 80,000 70,000 60,000 50,000 40,000 30,000 2011 20,000 2010 10,000 0 JAN FEB MAR APR MEI JUN RISET ABUSE ID-CERT 2011 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Masalah • Keterbatasan SDM voluntir • Keterbatasan sumber pendanaan – Belum menemukan business / activity model yang pas • Masih menggalang konstituen untuk memahami RFC 2350, “Expectations for Computer Security Incident Response” INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Kontak • Mailing list: diskusi@cert.or.id • Kontak desk: AHMAD KHALIL ALKAZIMY,ST email: <ahmad@cert.or.id> http://www.cert.or.id/ SKYPE/YM ID: ahmadkaz HP: (+62)857-1011-4577 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM

Recomendados

Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 
Imr id-cert-traceroute-12042013
Imr id-cert-traceroute-12042013Imr id-cert-traceroute-12042013
Imr id-cert-traceroute-12042013Mad Jimmy
 
Tren it 2012
Tren it 2012Tren it 2012
Tren it 2012budi rahardjo
 
IT Security Human Resources
IT Security Human ResourcesIT Security Human Resources
IT Security Human Resourcesbudi rahardjo
 
Security short intro
Security short introSecurity short intro
Security short introbudi rahardjo
 
Product development
Product developmentProduct development
Product developmentbudi rahardjo
 
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015Achmad Yahya Sjarifuddin
 
Elearning sim setelah UTS (Regina Silaban)
Elearning sim setelah UTS (Regina Silaban)Elearning sim setelah UTS (Regina Silaban)
Elearning sim setelah UTS (Regina Silaban)Regina Silaban
 

Recomendados

Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 
Imr id-cert-traceroute-12042013
Imr id-cert-traceroute-12042013Imr id-cert-traceroute-12042013
Imr id-cert-traceroute-12042013Mad Jimmy
 
Tren it 2012
Tren it 2012Tren it 2012
Tren it 2012budi rahardjo
 
IT Security Human Resources
IT Security Human ResourcesIT Security Human Resources
IT Security Human Resourcesbudi rahardjo
 
Security short intro
Security short introSecurity short intro
Security short introbudi rahardjo
 
Product development
Product developmentProduct development
Product developmentbudi rahardjo
 
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015
Pertemuan Tahunan ke VII ID-CERT 2015, Bandung, 29 Januari 2015Achmad Yahya Sjarifuddin
 
Elearning sim setelah UTS (Regina Silaban)
Elearning sim setelah UTS (Regina Silaban)Elearning sim setelah UTS (Regina Silaban)
Elearning sim setelah UTS (Regina Silaban)Regina Silaban
 
Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)Regina Silaban
 
Jul pustekom 316 upload
Jul pustekom 316 uploadJul pustekom 316 upload
Jul pustekom 316 uploadSetia Juli Irzal Ismail
 
Computer security by josua m sinambela
Computer security by josua m sinambelaComputer security by josua m sinambela
Computer security by josua m sinambelakhoiril anwar
 
Bagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasiBagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasiPT Datacomm Diangraha
 
Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)PT Datacomm Diangraha
 
Proposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknikProposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknikKamal Qrimly
 
Information System Security
Information System SecurityInformation System Security
Information System SecurityNovizul Evendi
 
Net-crypt Marketing Plan
Net-crypt Marketing PlanNet-crypt Marketing Plan
Net-crypt Marketing PlanRandy CIC
 
ComPro INFOTEK_2015
ComPro INFOTEK_2015ComPro INFOTEK_2015
ComPro INFOTEK_2015Ita Laksmi
 
Menuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v RevisiMenuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v RevisiHemat Dwi Nuryanto
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 IGN MANTRA
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiHemat Dwi Nuryanto
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiHemat Dwi Nuryanto
 
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisiMenuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisiHemat Dwi Nuryanto
 
Didiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa IndonesiaDidiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa IndonesiaDidiet Kusumadihardja
 
Web Security
Web SecurityWeb Security
Web SecurityPutu Shinoda
 
Security Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRTSecurity Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRTIGN MANTRA
 
Day-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdfDay-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdfssuser258b3a
 
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283Rian Krisna
 
Bisnis It 1
Bisnis It 1Bisnis It 1
Bisnis It 1AjidPurwanto
 
How to train Electronics Rockstars
How to train Electronics RockstarsHow to train Electronics Rockstars
How to train Electronics Rockstarsbudi rahardjo
 
Product development 2021
Product development 2021Product development 2021
Product development 2021budi rahardjo
 

Mais conteúdo relacionado

Semelhante a Peranan ID-CERT Dalam Keamanan Cyber Space

Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)Regina Silaban
 
Computer security by josua m sinambela
Computer security by josua m sinambelaComputer security by josua m sinambela
Computer security by josua m sinambelakhoiril anwar
 
Bagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasiBagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasiPT Datacomm Diangraha
 
Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)PT Datacomm Diangraha
 
Proposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknikProposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknikKamal Qrimly
 
Information System Security
Information System SecurityInformation System Security
Information System SecurityNovizul Evendi
 
Net-crypt Marketing Plan
Net-crypt Marketing PlanNet-crypt Marketing Plan
Net-crypt Marketing PlanRandy CIC
 
ComPro INFOTEK_2015
ComPro INFOTEK_2015ComPro INFOTEK_2015
ComPro INFOTEK_2015Ita Laksmi
 
Menuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v RevisiMenuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v RevisiHemat Dwi Nuryanto
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 IGN MANTRA
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiHemat Dwi Nuryanto
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiHemat Dwi Nuryanto
 
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisiMenuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisiHemat Dwi Nuryanto
 
Didiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa IndonesiaDidiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa IndonesiaDidiet Kusumadihardja
 
Security Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRTSecurity Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRTIGN MANTRA
 
Day-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdfDay-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdfssuser258b3a
 
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283Rian Krisna
 

Semelhante a Peranan ID-CERT Dalam Keamanan Cyber Space (20)

Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)Elearning sim-setelah-UTS (Regina Silaban)
Elearning sim-setelah-UTS (Regina Silaban)
 
Jul pustekom 316 upload
Jul pustekom 316 uploadJul pustekom 316 upload
Jul pustekom 316 upload
 
Computer security by josua m sinambela
Computer security by josua m sinambelaComputer security by josua m sinambela
Computer security by josua m sinambela
 
Bagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasiBagaimana Cloud Computing mendigitalkan koperasi
Bagaimana Cloud Computing mendigitalkan koperasi
 
Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)Bagaimana Cloud Computing mendigitalkan koperasi (full)
Bagaimana Cloud Computing mendigitalkan koperasi (full)
 
Proposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknikProposal bisnis ekonomi teknik
Proposal bisnis ekonomi teknik
 
Information System Security
Information System SecurityInformation System Security
Information System Security
 
Net-crypt Marketing Plan
Net-crypt Marketing PlanNet-crypt Marketing Plan
Net-crypt Marketing Plan
 
ComPro INFOTEK_2015
ComPro INFOTEK_2015ComPro INFOTEK_2015
ComPro INFOTEK_2015
 
Menuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v RevisiMenuju BUMN Open Source e-Business Cloud v Revisi
Menuju BUMN Open Source e-Business Cloud v Revisi
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisi
 
Menuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisiMenuju bumn erp & e business cloud & saa s v revisi
Menuju bumn erp & e business cloud & saa s v revisi
 
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisiMenuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
Menuju BUMN Open Source ERP / e-Business Cloud & saa s v revisi
 
Didiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa IndonesiaDidiet Cyber Security Consultant Portfolio - Bahasa Indonesia
Didiet Cyber Security Consultant Portfolio - Bahasa Indonesia
 
Web Security
Web SecurityWeb Security
Web Security
 
Security Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRTSecurity Incident Response and Handling, Best Practices, ACAD-CSIRT
Security Incident Response and Handling, Best Practices, ACAD-CSIRT
 
Day-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdfDay-1-Goverment-CSIRT.pdf
Day-1-Goverment-CSIRT.pdf
 
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
Ppt analysis-kelebihan-e-commerce-dan-pengalaman-indones-283
 
Bisnis It 1
Bisnis It 1Bisnis It 1
Bisnis It 1
 

Mais de budi rahardjo

How to train Electronics Rockstars
How to train Electronics RockstarsHow to train Electronics Rockstars
How to train Electronics Rockstarsbudi rahardjo
 
Product development 2021
Product development 2021Product development 2021
Product development 2021budi rahardjo
 
Security in COVID-19 Era
Security in COVID-19 EraSecurity in COVID-19 Era
Security in COVID-19 Erabudi rahardjo
 
Peluang IoT di Indonesia
Peluang IoT di IndonesiaPeluang IoT di Indonesia
Peluang IoT di Indonesiabudi rahardjo
 
IoT: Dari Hobby ke Profesi
IoT: Dari Hobby ke ProfesiIoT: Dari Hobby ke Profesi
IoT: Dari Hobby ke Profesibudi rahardjo
 
The Joy of Programming (short version)
The Joy of Programming (short version)The Joy of Programming (short version)
The Joy of Programming (short version)budi rahardjo
 
Technology-based Startup
Technology-based StartupTechnology-based Startup
Technology-based Startupbudi rahardjo
 
A very short Introduction to Software Security
A very short Introduction to Software SecurityA very short Introduction to Software Security
A very short Introduction to Software Securitybudi rahardjo
 
Topik Penelitian Keamanan Informasi
Topik Penelitian Keamanan InformasiTopik Penelitian Keamanan Informasi
Topik Penelitian Keamanan Informasibudi rahardjo
 
Keaslian Dokumen Digital
Keaslian Dokumen DigitalKeaslian Dokumen Digital
Keaslian Dokumen Digitalbudi rahardjo
 
Strategi Industri Telematika Indonesia
Strategi Industri Telematika IndonesiaStrategi Industri Telematika Indonesia
Strategi Industri Telematika Indonesiabudi rahardjo
 
Klik and Modar: social engineering dengan menggunakan URL Bait
Klik and Modar: social engineering dengan menggunakan URL BaitKlik and Modar: social engineering dengan menggunakan URL Bait
Klik and Modar: social engineering dengan menggunakan URL Baitbudi rahardjo
 
To teach is ... (On Teaching)
To teach is ... (On Teaching)To teach is ... (On Teaching)
To teach is ... (On Teaching)budi rahardjo
 
How to Train Electronics Rockstars
How to Train Electronics RockstarsHow to Train Electronics Rockstars
How to Train Electronics Rockstarsbudi rahardjo
 
Kronologis penganiayaan timmy
Kronologis penganiayaan timmyKronologis penganiayaan timmy
Kronologis penganiayaan timmybudi rahardjo
 
Bdg software uploaded
Bdg software uploadedBdg software uploaded
Bdg software uploadedbudi rahardjo
 
Kesiapan Lulusan Perguruan Tinggi
Kesiapan Lulusan Perguruan TinggiKesiapan Lulusan Perguruan Tinggi
Kesiapan Lulusan Perguruan Tinggibudi rahardjo
 

Mais de budi rahardjo (20)

How to train Electronics Rockstars
How to train Electronics RockstarsHow to train Electronics Rockstars
How to train Electronics Rockstars
 
Product development 2021
Product development 2021Product development 2021
Product development 2021
 
Security in COVID-19 Era
Security in COVID-19 EraSecurity in COVID-19 Era
Security in COVID-19 Era
 
Peluang IoT di Indonesia
Peluang IoT di IndonesiaPeluang IoT di Indonesia
Peluang IoT di Indonesia
 
IoT: Dari Hobby ke Profesi
IoT: Dari Hobby ke ProfesiIoT: Dari Hobby ke Profesi
IoT: Dari Hobby ke Profesi
 
The Joy of Programming (short version)
The Joy of Programming (short version)The Joy of Programming (short version)
The Joy of Programming (short version)
 
Technology-based Startup
Technology-based StartupTechnology-based Startup
Technology-based Startup
 
A very short Introduction to Software Security
A very short Introduction to Software SecurityA very short Introduction to Software Security
A very short Introduction to Software Security
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Dealing with Hoax
Dealing with HoaxDealing with Hoax
Dealing with Hoax
 
Topik Penelitian Keamanan Informasi
Topik Penelitian Keamanan InformasiTopik Penelitian Keamanan Informasi
Topik Penelitian Keamanan Informasi
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
 
Keaslian Dokumen Digital
Keaslian Dokumen DigitalKeaslian Dokumen Digital
Keaslian Dokumen Digital
 
Strategi Industri Telematika Indonesia
Strategi Industri Telematika IndonesiaStrategi Industri Telematika Indonesia
Strategi Industri Telematika Indonesia
 
Klik and Modar: social engineering dengan menggunakan URL Bait
Klik and Modar: social engineering dengan menggunakan URL BaitKlik and Modar: social engineering dengan menggunakan URL Bait
Klik and Modar: social engineering dengan menggunakan URL Bait
 
To teach is ... (On Teaching)
To teach is ... (On Teaching)To teach is ... (On Teaching)
To teach is ... (On Teaching)
 
How to Train Electronics Rockstars
How to Train Electronics RockstarsHow to Train Electronics Rockstars
How to Train Electronics Rockstars
 
Kronologis penganiayaan timmy
Kronologis penganiayaan timmyKronologis penganiayaan timmy
Kronologis penganiayaan timmy
 
Bdg software uploaded
Bdg software uploadedBdg software uploaded
Bdg software uploaded
 
Kesiapan Lulusan Perguruan Tinggi
Kesiapan Lulusan Perguruan TinggiKesiapan Lulusan Perguruan Tinggi
Kesiapan Lulusan Perguruan Tinggi
 

Peranan ID-CERT Dalam Keamanan Cyber Space

  • 1. Peran ID-CERT dalam Keamanan Informasi di Cyber Space Budi Rahardjo budi@cert.or.id Bandung, 19 Juli 2011 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 2. Sejarah ID-CERT • 1998. Dimulai sebagai respon terhadap kebutuhan pelaporan masalah security yang terkait dengan internet Indonesia • Dijalankan oleh voluntir – Come and go, menyulitkan operasional – Mulai mendaftarkan nama dan domain – Berkordinasi secara regional INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 3. Sejarah ID-CERT (2) • 2001-2003. Ikut mendirikan forum regional APCERT (Asia Pacific Computer Emergency Response Team) sebagai full member dan point of contact (POC) untuk Indonesia • 2010. Mulai menerbitkan statistik abuse INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 4. Misi • Melakukan kordinasi penganangan insiden yang melibatkan pihak Indonesia dan pihak luar negeri • ID-CERT tidak memiliki otoritas secara operasional terhadap konstituensinya baik di Indonesia maupun luar negeri, melainkan hanya menginformasikan berbagai keluhan atas insiden, serta bergantung sepenuhnya pada kerjasama dengan para-pihak yang terlibat dalam insiden jaringan terkait. INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 5. Misi (2) • ID-CERT dibangun oleh komunitas dan hasilnya akan kembali kepada komunitas. • Memasyarakatkan pentingnya keamanan internet di Indonesia. • Melakukan berbagai penelitian dibidang keamanan internet yang dibutuhkan oleh komunitas internet Indonesia. INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 6. ID-CERT Bukan ... • Konsultan Internet Security; • Lembaga / institusi Pemerintah; • Partai Politik INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 7. Kegiatan ID-CERT • Menerima laporan (umumnya dari luar negeri) dan meneruskan ke pihak terkait / mailing list – Phishing, attack (failed login), virus INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 8. Contoh complaint phishing To: abuse@jasatel.net.id Subject: [eBay:2DYHD11OX726] URGENT: 2ND Notice - PayPal Phishing Site Report [202.69.105.146] From: Rebecca <ftsteam@paypal.com> X-Mailer: eBay-FTS Cc: diskusi@cert.or.id, request@cert.or.id, netadmin@jasatel.net.id Dear Jasatel, We have made multiple attempts to notify you that your service is being used to +display false or "spoofed": PayPal pages, apparently in an effort to steal +personal and financial information from consumers, and defraud PayPal users. +Specifically, it appears that a Jasatel user is sending unsolicited messages +which misrepresent the sender as PayPal, and making false statements that +encourage the recipient to go to a page hosted by you at 202.69.105.146 - +http://202.69.105.146/p/Confirm.php?cgi-bin/webscr?cmd=_flow&amp;SESSION=MWRVbS +I4D3pZmo-aItIzTdIemdBE_rquZvWcEQvCn31bgQbyxqyELPMfNOe&amp;dispatch=5885d80a13c0 +db1f8e263663d3faee8d9384d85353843a619606282818e091d0 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 9. Kegiatan ID-CERT (2) • Membuat statistik – Abuse (sudah dilaksanakan) – Malware (akan dilaksanakan, masih mencari dukungan finansial) • Kordinasi dengan berbagai pihak • Memberikan awareness INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 10. Contoh Laporan Singkat Abuse Statistik hasil riset Internet Abuse 2010 edisi Maret 2010 1. Spam-----------------------------1579 2. Spam Komplain-----------------------0 3. Respon------------------------------3 4. Network Incident-------------------17 5. Fraud-------------------------------0 6. Spoofing / Phishing----------------16 7. Malware-----------------------------4 8. Lain-lain--------------------------36 ======================================== JUMLAH------------------------------1655 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 11. Contoh Laporan Abuse • Insiden jaringan (Network Incident) yang mencakup: DoS Attack, Open Relay, Open Proxy, Hacking, Port Scanning, Port Probe (HTTP/HTTPS, FTP, TELNET, TCP, SSH Brute, CGI, RPC, Netbios, VNC Portscan), TCP Sweep dan SQL Injection pada tahun ini menduduki peringkat pertama dalam riset Abuse kali ini. Hal ini merupakan rekor tertinggi semenjak awal tahun ini. NETWORK INCIDENT SEMESTER I 2010 & 2011 90,000 80,000 70,000 60,000 50,000 40,000 30,000 2011 20,000 2010 10,000 0 JAN FEB MAR APR MEI JUN RISET ABUSE ID-CERT 2011 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 12. Masalah • Keterbatasan SDM voluntir • Keterbatasan sumber pendanaan – Belum menemukan business / activity model yang pas • Masih menggalang konstituen untuk memahami RFC 2350, “Expectations for Computer Security Incident Response” INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
  • 13. Kontak • Mailing list: diskusi@cert.or.id • Kontak desk: AHMAD KHALIL ALKAZIMY,ST email: <ahmad@cert.or.id> http://www.cert.or.id/ SKYPE/YM ID: ahmadkaz HP: (+62)857-1011-4577 INDONESIA COMPUTER EMERGENCY RESPONSE TEAM