Konfigurasi Cisco Secure PIX Firewall & 2 Cisco Router

Ξ August 27th, 2008 | → 4 Comments | ∇ Cisco, Security |

Network Diagram



Konfigurasi yang ditampilkan pertama kali disini adalah PIX Firewall karena konfigurasi router harus sudah mengerti sebelumnya dalam hubungannya dengan Firewall.



IP Subnet Calculator

Ξ November 20th, 2007 | → 3 Comments | ∇ Cisco, LAN, MPLS, NAT, Routing, Security, Technology, WAN, Wireless |

Bagi para Netwokers atau pemula, ingin cepat menghitung subnet alamat IP , bisa menggunakan Software Berikut :
IP Subnet Culculator


IP Security

Ξ May 31st, 2007 | → 14 Comments | ∇ Security, Technology |

ipsec.jpgYou cannot talk about VPNs without saying something about IP Security (IPSec). IPSec is a framework of open standards. It is not bound to any specific encryption or authentication algorithm keying technology. IPSec acts on the network layer, where it protects and authenticates IP packets between participating peers such as firewalls, routers, or concentrators. IPSec security provides four major functions:

  • Confidentiality The sender can encrypt the packets before transmitting them across the network. If such a communication is intercepted, it cannot be read by anybody.
  • Data integrity The receiver can verify whether the data was changed while traveling the Internet.
  • Origin authentication The receiver can authenticate the source of the packet.
  • Antireplay protection The receiver can verify that each packet is unique and is not duplicated.

When packets are traveling on the Internet, they are vulnerable to eavesdropping. Clear-text messages can be intercepted and read by anybody. Therefore, to keep the data secure, it can be encrypted. For encryption to work, both the sender and the receiver need to know the rules that were used to encrypt the original message. There are two types of encryption:

  • Symmetric
  • Asymmetric

With symmetric key encryption, each peer uses the same key to encrypt and decrypt data. With asymmetric key encryption, each peer uses a different key to encrypt and decrypt the message. Both the Data Encryption Standard (DES) and Triple DES (3DES) require a symmetric shared secret key. The problem is then to give those keys to both users. The keys can be sent by mail, courier, or public key exchange. The easiest method to exchange the key is Diffie-Hellman public key exchange. This key exchange provides a way for the users to establish a shared secret key, which only they know, although they are sending it over an insecure channel.

Public key cryptosystems rely on a two-key system:

  • A public key, which is exchanged between the users
  • A private key, which is kept secret by the owners
  • (more…)


Cryptography versus Cryptanalysis

Ξ November 11th, 2006 | → 0 Comments | ∇ Security, Technology |

crypto.jpgCryptanalysis is the flip side of cryptography. It is the science of cracking codes, decoding secrets, and in general, breaking cryptographic protocols. To design a robust encryption algorithm, one should use cryptanalysis to find and correct any weaknesses.

The various techniques in cryptanalysis that attempt to compromise cryptosystems are called attacks. A cryptanalyst starts from the decoded message. The cryptanalyst then tries to get this message back into its original form without knowing anything of that original message. This kind of attack is called a ciphertext-only attack. The data that a cryptanalyst needs for this attack is fairly easy to obtain, but it is very difficult to successfully recover the original message.

Manual Systems
Cryptography dates as far back as 1900 B.C., when a scribe in Egypt first carved a derivation of the standard hieroglyphics on clay tablets. Early Indian texts such as the Kama Sutra used ciphers that consisted mostly of simple alphabetic substitutions often based on phonetics. This is somewhat similar to “pig latin” (igpay atinlay), in which the first letter is placed at the end of the word and is followed by the sound “ay.” (more…)


TCP/IP Suite Weaknesses

Ξ November 11th, 2006 | → 6 Comments | ∇ Security, Technology |

syn_flood.gifCommunication on the Internet is based on the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. The TCP/IP protocol suite was developed in the mid-1970s as part of research by the Defense Advanced Research Projects Agency (DARPA). With the introduction of personal computers as standalone devices, the strategic importance of interconnected networks was quickly realized. The strategic importance of networks was first realized in the development of local-area networks (LANs) that shared printers and hard drives. The importance of networks increased in a second phase with the development of worldwide applications such as e-mail and file transfers. The globalization of business caused web applications to be developed to support customers and clients all over the world with a focus on increasing efficiency and productivity for organizations. Now TCP/IP is seen as the de jure standard for Internet communication, enabling millions of users to communicate globally. Computer systems in general communicate with each other by sending streams of data (bytes), as displayed in Figure 1. (more…)


Monitor dan Memblok Trafik Virus Pada Cisco Router

Ξ March 14th, 2006 | → 67 Comments | ∇ Cisco, Security, Technology |

Router merupakan sebuah device yang berfungsi untuk meneruskan paket-paket dari sebuah network ke network yang lainnya (baik LAN ke LAN atau LAN ke WAN) sehingga host-host yang ada pada sebuah network bisa berkomunikasi dengan host-host yang ada pada network yang lain. Router menghubungkan network-network tersebut pada network layer dari model OSI, sehingga secara teknis Router adalah Layer 3 Gateway.

Selain itu juga router dapat menangkap dan melihat aktivitas trafik dalam jaringan, sehingga memudahkan kita untuk mengklasifikasikan trafik dan membuang paket-paket yang tidak diperlukan.

Berkembangnya virus-virus komputer yang sangat cepat, cukup merugikan para penyedia jaringan dan pengguna komputer. Serangan virus ini telah banyak mengkonsumsi bandwidth sehingga trafik aplikasi yang sebenarnya tidak bisa dilewatkan melalui jaringan karena jaringan telah dipenuhi oleh paket-paket virus. (more…)