Hasil Pencarian  ::  Simpan CSV :: Kembali

"ABSTRAKJaringan nirkabel atau wireless adalah salah satu media atau sistem transmisi data yang menggunakan gelombang radio sebagai media transmisinya dan sebuah pengembangan dari jaringan komputer yang sebelumnya menggunakan kabel sebagai media penghubungnya. Nirkabel memanfaatkan udara/gelombang elektromagnetik sebagai media lalu lintas pertukaran data. Namun seiring perkembangannya, keamanan pada jaringan nirkabel ternyata cukup rentan, dan memberikan potensi yang cukup tinggi bagi para hacker. Keamanan jaringan mempunyai dampak yang besar bagi dunia terhadap penggunaannya, seluruh informasi dapat dikirimkan dan diterima tanpa menggunakan kabel. Jaringan nirkabel menyediakan semua fungsi yang sama seperti jaringan kabel tanpa adanya perangkat fisik. Tujuan utama dari studi ini ialah mendemonstrasikan dan menganalisis jenis variasi serangan yang dapat ditemui saat menggunakan jaringan nirkabel sekaligus mitigasi terhadap serangan yang terjadi. Jaringan nirkabel memiliki banyak celah dalam penggunaannya. Pada studi kali ini akan digunakan software yaitu Kali Linux 3.0 adalah open source yang digunakan untuk melakukan uji penetrasi. Uji penetrasi akan dilakukan menggunakan beberapa metode yang nantinya studi ini akan memeberikan edukasi kepada setiap orang agar lebih berhati-hati dalam mengakses jaringan nirkabel di rumah maupun tempat umum.

---

ABSTRACTWireless or wireless network is one media or data transmission system that uses radio waves as transmission media and is a development of a computer network that previously used the cable as a connector. Wireless utilize air electromagnetic waves as a medium of traffic exchange data. But over the development of security on wireless networks was quite vulnerable, and provide a high enough potential for hackers. Network security has a major impact on the world for its use, all information can be sent and received without the use of cables. Wireless networks provide all the same functions as cable networks in the absence of physical devices. The main purpose of this study is to demonstrate and analyze the types of attack variations that can be encountered when using wireless networks and also how to mitigate them. Wireless networks have many loopholes in its use. In this study will be used software that is Kali Linux 3.0 is open source used to do penetration test. The penetration test will be conducted using several methods that will provide education for everyone to be more careful in accessing wireless networks at home and public places. "

"Seiring dengan meningkatnya pemakaian jaringan WiFi di perusahaan-perusahaan tertentu, semakin meningkat pula peluang keamanan jaringan WiFi tersebut dibobol oleh para hacker untuk alasan yang dapat membahayakan perusahaan tersebut. Salah satu bentuk penyadapan yang cukup berbahaya adalah Packet Sniffing. Agar dapat mengetahui tingkat keamanan jaringan WiFi dari perusahaan tersebut dapat dilakukan dengan menganalisa keamanan jaringan WiFi yang perusahaan tersebut gunakan. Skripsi ini berfokus pada analisis keamanan dari empat jaringan WiFi suatu perusahaan dari penyadapan dengan menggunakan aplikasi InSSIDer dan Ettercap. InSSIDer merupakan suatu tools yang digunakan untuk mendeteksi dan mengidentifikasi sinyal wireless yang terbuka. Kemudian Ettercap akan digunakan untuk melakukan penyerangan Packet Sniffing sebagai langkah pengujian keamanan jaringan WiFi tersebut. Hasil dari penelitian ini menunjukkan InSSIDer mampu mengidentifikasi informasi dari keempat jaringan WiFi dan Ettercap mampu melakukan penyerangan terhadap target dengan tingkat keberhasilan terendah adalah 78 , hingga tingkat keberhasilan tertinggi adalah 90 .

---

Along with the increased use of WiFi networks in specific companies, the situation increases the probability that the WiFi network security can be cracked by hackers for reasons that could endanger the company. A form of eavesdropping that quite dangerous is Packet Sniffing. In order to determine the level of the enterprise WiFi networks security, it can be done by analyzing the security of WiFi networks that the company uses.

This thesis focuses on the analysis of a company 39 s wireless network security from eavesdropping by using the application inSSIDer and Ettercap. InSSIDer is a tool that is used to detect and identify open wireless signal. Ettercap will be used for offensive Packet Sniffing as a step of the WiFi network security testing.

The results of this study show that InSSIDer is able to hold information from WiFi network and Ettercap is able to attack target with the lowest acceleration is 78 , up to the highest acceleration which is 90."

"Machine generated contents note: Chapter 0: Introduction Chapter 1: Introduction to Command Shell Scripting Chapter 2: Introduction to Python Chapter 3: Introduction to Perl Chapter 4: Introduction to Ruby Chapter 5: Introduction to Web Scripting with PHP Chapter 6: Manipulating Windows with PowerShell Chapter 7: Scanner Scripting Chapter 8: Information Gathering Chapter 9: Exploitation Scripting Chapter 10: Post-Exploitation Scripting Appendix: Subnetting and CIDR Addresses"

"The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more."

"Professional penetration testing walks you through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices.Author Thomas Wilhelm has delivered penetration testing training to countless security professionals, and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book, you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios."

"Penetration testing is often considered an art as much as it is a science, but even an artist needs the right brushes to do the job well. Many commercial and open source tools exist for performing penetration testing, but it's often hard to ensure that you know what tools are available and which ones to use for a certain task. Through the next ten chapters, we'll be exploring the plethora of open source tools that are available to you as a penetration tester, how to use them, and in which situations they apply. Open source tools are pieces of software which are available with the source code so that the software can be modified and improved by other interested contributors. In most cases, this software comes with a license allowing for distribution of the modified software version with the requirement that the source code continue to be included with the distribution. In many cases, open source software becomes a community effort where dozens if not hundreds of people are actively contributing code and improvements to the software project. This type of project tends to result in a stronger and more valuable piece of software than what would often be developed by a single individual or small company. While commercial tools certainly exist in the penetration testing space, they're often expensive and, in some cases, too automated to be useful for all penetration testing scenarios. There are many common situations where the open source tools that we will be talking about fill a need better and (obviously) more cost effectively than any commercial tool. The tools that we will be discussing throughout this book are all open source and available for you to use in your work as a penetration tester."

"Ancaman keamanan terhadap website biasa dihasilkan melalui celah yang memungkinkan pengguna lain melakukan tindak kejahatan. Untuk pemeliharaan keamanan website yang baik, deteksi kerentanan website dapat dilakukan dengan prosedur vulnerability identification dan penetration testing. Penetration Testing Execution Standard (PTES) digunakan pada penelitian ini sebagai kerangka kerja atau framework penetration testing dengan tujuan untuk mendapatkan hasil akhir berupa kerentanan yang dapat mengganggu keamanan website. Terdapat tujuh tahapan yang akan dilakukan pada framework PTES yaitu Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, dan Reporting. Penetration testing ini juga menerapkan metode blackbox testing. Blackbox testing adalah metode pengujian yang dilakukan tanpa mengetahui informasi apa pun mengenai sistem website. Ditemukan tiga kerentanan dengan tingkat risiko tinggi pada website redstorm setelah melakukan penetration testing dengan framework PTES dan metode blackbox testing, yaitu PII Disclosure, SQL Injection, dan SQL Injection-SQLite. Hasil ini menekankan perlunya penguatan keamanan website dan penerapan langkah-langkah mitigasi yang sesuai untuk melindungi data sensitif dan melawan potensi serangan. Selain itu, penelitian ini menegaskan efektivitas dan relevansi kerangka kerja PTES dalam mengidentifikasi kerentanan keamanan sistem. Implikasi dari temuan ini memberikan kontribusi bagi pengembangan kebijakan keamanan informasi dan penelitian tentang keamanan siber yang lebih lanjut.

---

Security threats to common websites are generated by gaps that allow other users to commit criminal acts. For good website security maintenance, website vulnerability detection can be done with vulnerability identification and penetration testing procedures. The Penetration Testing Execution Standard (PTES) is used in this research as a framework for penetration testing with the aim of obtaining the final result of vulnerabilities that can interfere with the operation of the website. There are seven stages that will be performed on the PTES framework: Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-exploitation, and Reporting. The penetration test also uses the blackbox testing method. Blackbox testing is a test method that is performed without knowing any information about the website system. Three high-risk vulnerabilities were found on Redstorm websites after performing penetration testing with the PTES framework and blackbox testing methods, namely PII Disclosure, SQL Injection, and SQL injection-SQLite. The results emphasize the need to strengthen website security and implement appropriate mitigation measures to protect sensitive data and counter potential attacks. In addition, the study confirms the effectiveness and relevance of the PTES framework in identifying system security vulnerabilities. The implications of these findings contribute to the development of information security policies and further research on cybersecurity."

"ABSTRAKArah pengembangan jaringan saat ini adalah pemanfaatan open source mengingat terbatasnya sumber untuk pengembangan teknologi jaringan baik untuk keperluan riset berbasis akademis ataupun enterprise. Open source yang dikembangkan memanfaatkan teknologi Software Defined Networking (SDN) yang memisahkan fungsi kontrol dan pengiriman data dalam pengiriman paket dalam jaringan sehingga pengguna memiliki kontrol atas lalu lintas jaringannya. Adapun OpenFlow sebagai protokol SDN paling umum digunakan kemudian digunakan untuk membangun open network tersebut. Teknologi Internet dan penggunaan perangkat mobile yang berkembang pesat secara bersamaan menyebabkan ketiga kebutuhan tersebut harus dikembangkan secara bersamaan, salah satunya dalam bentuk teknologi jaringan nirkabel berbasis open mobile. Penelitian ini akan fokus pada pengembangan jaringan Wi-Fi berbasis OpenFlow dengan evaluasi pada proses handoff secara horizontal menggunakan skema fast handoff mengingat belum diterapkannya skema ini dalam komunikasi multimedia secara real-time. Hasil pengujian yang dilakukan pada testbed sederhana memperlihatkan bahwa delay proses handoff pada jaringan Wi-Fi berbasis OpenFlow adalah sebesar 79,9 milidetik atau 21% lebih cepat dibanding delay handoff jaringan “tradisional”. Aliran data saat komunikasi terjadi juga lebih stabil akibat adanya flow yang diterapkan di tiap switch berbasis OpenFlow. Namun hasil pengujian harus diteliti lebih lanjut akibat kondisi testbed yang kurang stabil, tools packet capturer yang belum memenuhi standar, dan perumusan flow yang lebih baik.

---

ABSTRACTResearch in communication network has the limit due to its problem of the supply frequency and equipment. To overcome this problem, open source network using Software Defined Network (SDN) which has been continuously developed due enormous number of installed base equipment and protocols that are inflexible, predefined, and fixed since SDN offers a flexible, dynamic, and programmable functionality of network systems can be developed. By using OpenFlow as its protocol, we can program the network flow in a flow table on different switches and routers. This research approaches an OpenFlow-based Wi-Fi environment using OpenFlow-based Access Point (OFAP) and OpenFlow controller. Through this system we expect to achieve high performance and reliability in in real-time traffic (e.g: video streaming) over WLAN, by reducing the handoff delay compared to normal Wi-Fi environment. Each OFAP is deployed at two different rooms and performed several experiments to evaluate handoff delay. The result of this experiment is the handoff delay between OFAPs is smaller compared to handoff delay between normal vendor’s AP."

"Pengujian penetrasi merupakan suatu langkah penting yang diambil untuk meningkatkan keamanan sebuah website, terutama bagi suatu perusahaan. Terdapat beberapa kerangka kerja dan metodologi untuk uji penetrasi, salah satunya adalah Information Systems Security Assessment Framework (ISSAF). ISSAF merupakan sebuah kerangka kerja yang komprehensif dengan keunggulan pada domain coverage sehingga memungkinkan pengujian bukan hanya dari luar sistem, namun juga masuk ke dalam sistem. Penelitian ini menunjukan tahapan uji penetrasi menggunakan kerangka kerja ISSAF dan memanfaatkan beberapa tools yang umum digunakan untuk mengidentifikasi kerentanan website bagi perusahaan. Hasil dari penelitian ini ditemukan 7 kerentanan, diantaranya yaitu Clickjacking, Brute-force Attack pada Login Page, HSTS Missing From HTTP Server, Content Security Policy (CSP) Header Not Set , Cookie without SameSite Attribute, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s),serta X-Content-Type-Options Header Missing. Dari hasil pengujian penetrasi ini dapat dijadikan rekomendasi untuk mengatasi kerentanan keamanan pada perusahaan-perusahaan di bidangnya.

---

Penetration testing is an important step taken to improve the security of a website, especially for a company. There are several frameworks and methodologies for penetration testing, one of which is the Information Systems Security Assessment Framework. (ISSAF). ISSAF is a comprehensive framework with advantages on domain coverage that allows testing not only from outside the system, but also into the system.  This research demonstrates the stage of penetration testing using the ISSAF framework and utilizes several commonly used tools to identify website vulnerabilities for companies. This study we found seven vulnerabilities in the target website, including Clickjacking, Brute-force Attack on Login Page, HSTS Missing from HTTP Server, Content Security Policy (CSP) Header Not Set, Cookie without SameSite Attribute, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s), and X-Content-Type-Options Header Missing. From this penetration test results, a recommendation to address security vulnerabilities in companies can be conducted."

"Managing information security offers focused coverage of how to protect mission critical systems, and how to deploy security management systems, IT security, ID management, intrusion detection and prevention systems, computer forensics, network forensics, firewalls, penetration testing, vulnerability assessment, and more. It offers in-depth coverage of the current technology and practice as it relates to information security management solutions."