Hasil Pencarian  ::  Simpan CSV :: Kembali

"Di era saat ini, kepemilikan terhadap informasi strategis dan kemampuan untuk mengelola informasi tersebut secara efektif telah menjadi suatu keunggulan yang signifikan. Berkaca dari pengalaman mengenai serangan terhadap komunikasi strategis di Indonesia diantaranya penyadapan percakapan Presiden Susilo Bambang Yudhoyono melalui jaringan Selular dan penyadapan rumah dinas Presiden Jokowi, kemudian Indonesia menaruh perhatian lebih terhadap keamanan pada sektor ini. Perangkat X adalah salah satu alat komunikasi strategis rahasia yang digunakan di Indonesia. Penggunaan perangkat ini digagas oleh Instansi XYZ. Hingga tahun 2020, telah terdapat 1.284-unit Perangkat X yang digunakan secara luas oleh TNI, POLRI, dan instansi lain yang bersifat strategis di Indonesia. Dalam selang 5 tahun operasional, Instansi XYZ telah melakukan kajian terhadap keamanan algoritma yang digunakan dalam Perangkat X, namun di satu sisi belum pernah dilakukan kajian terhadap keamanan protokol otentikasi dan komunikasi dari perangkat tersebut. Pada peneitian ini dilakukan analisis keamanan protokol komunikasi suara dan otentikasi Perangkat X dengan pendekatan verifikasi formal menggunakan Scyther Tool untuk melengkapi kajian keamanan Perangkat X sebagai salah satu perangkat komunikasi strategis rahasia di Indonesia. Analisis berfokus pada aspek jaminan kerahasiaan informasi dan otentikasi dengan empat kriteria yaitu secrecy, aliveness, synchronization, dan agreement. Hasil percobaan menunjukkan bahwa protokol otentikasi dan komunikasi suara Perangkat X dinilai telah menenuhi kriteria secrecy untuk informasi rahasia yang ditransmisikan namun belum memenuhi kriteria aliveness, synchronization, dan agreement pada beberapa entitas yang terlibat dalam protokol tersebut. Sehingga, protokol otentikasi dan komunikasi suara Perangkat X dapat dikatakan aman berdasarkan aspek kerahasiaan informasi, namun belum aman dilihat dari aspek otentikasi.

---

In the current era, the ownership of strategic information and the ability to effectively manage it has become a significant advantage. Reflecting on the experience of attacks on strategic communications in Indonesia, including the tapping of President Susilo Bambang Yudhoyono's conversation through the Cellular network and the tapping of President Jokowi's official residence, therefore Indonesia pays more attention to security in this sector. Device X is one of the secret strategic communication tools used in Indonesia. The XYZ Agency initiated the use of this device. Until 2020, there have been 1,284 X Device units widely used by the Army, Police Officer, and other strategic agencies in Indonesia. In 5 years of operation, the XYZ Agency has researched the algorithm security used in Device X, but on the one hand, there has never been a study of the security regarding the authentication and communication protocols of this device. This research aims to make a security analysis of voice communication and authentication protocols of Device X. The research was implemented using Scyther Tool as a formal verification approach. The analysis focuses on aspects of guaranteeing the confidentiality of information and authentication with four criteria, namely secrecy, aliveness, synchronization, and agreement. The experimental results show that the authentication and voice communication protocol of Device X is considered to have satisfied the secrecy criteria for transmitted confidential information but does not satisfy the criteria of aliveness, synchronization, and agreement on several entities involved in the protocol. Thus, the authentication and voice communication protocol of Device X can be claimed to be provably secure based on the confidentiality aspect of information but is not from the authentication aspect."

"Disaster Recovery Plan (DRP) adalah rancangan rencana yang fokus kepada sistem informasi untuk melakukan pemulihan target sistem, aplikasi, atau infrastruktur di lokasi alternatif setelah kondisi darurat. Bank XYZ yang merupakan salah satu bank terbesar di Indonesia, dibantu oleh konsultan independen melakukan Current Assessment Recoverability & Resiliency (CARR) tahun pada 2019. Berdasarkan hasil CARR, masih terdapat kesenjangan implementasi DRP Bank XYZ dengan standar leading practice, yaitu belum memiliki Disaster Recovery Plan (DRP) untuk komunikasi suara. Pentingya komunikasi suara dibutuhkan untuk membantu hubungan penting antara lokasi pemulihan dan lokasi lain, dimana informasi perlu disampaikan secara tepat waktu, efisien, dan efektif, dengan semua saluran komunikasi yang ada. Oleh karena itu, disusunlah rancangan DRP komunikasi suara menggunakan framework BCI GPG 2018 dan penentuan strategi pemulihan berdasarkan NIST SP 800-34 Rev.1 yang disesuaikan dengan kebutuhan organisasi. Penelitian ini merupakan penelitian kualitatif yang termasuk dalam case studies dan action research. Pengumpulan data berdasarkan studi literatur, dokumen internal hasil CARR, dan wawancara stakeholder terkait dengan proses komunikasi suara di Bank XYZ. Dari penelitian ini diperoleh dokumen DRP komunikasi suara yang sesuai dengan kebutuhan Bank XYZ. Tujuan adanya dokumen DRP tersebut, kesenjangan penilaian CARR dapat dipenuhi dan proses pemulihan bencana terkait proses operasional komunikasi suara Bank XYZ dapat berjalan dengan cepat, terarah, dan tepat sehingga dampak bencana dapat diminimalkan.

---

Disaster Recovery Plan (DRP) is a design plan that focuses on information systems to perform recovery of system targets, applications, or infrastructure in alternative locations after an emergency. Bank XYZ, which is one of the largest banks in Indonesia, assisted by independent consultants conducted a Current Assessment Recoverability &Resiliency (CARR) in 2019. Based on CARR's results, there is still a gap in the implementation of DRP Bank XYZ with leading practice standards, namely not having a Disaster Recovery Plan (DRP) for voice communication. The importance of voice communication is needed to help communicate between recovery sites and other locations, where information needs to be delivered in a timely, efficient, and effective manner, with all existing communication channels. Therefore, voice communication DRP was designed by using BCI GPG 2018 framework and recovery strategy based on NIST SP 800-34 Rev.1 tailored to the needs of the organization. This research is a qualitative study which is included in case studies and action research. Data collection is based on literature studies, internal documents from CARR results, and stakeholder interviews related to the voice communication process at Bank XYZ. From this study, a voice communication DRP document was obtained that was suitable with the needs of Bank XYZ. Benefit of DRP document, CARR's assessment gap can be fulfilled and the disaster recovery process related to the operational process of Bank XYZ's voice communication can run quickly, directed, and precisely so that the impact of the disaster can be minimized."

"ABSTRAKTeknologi informasi dan komunikasi dimanfaatkan secara signifikan dalam kegiatan sehari-hari, sehingga infrastruktur kritis Inggris kini bergantung pada kondisi dalam lingkungan cyberspace. Hal ini tidak hanya memberikan manfaat, tetapi juga dapat menimbulkan ancaman yang dapat mempengaruhi stabilitas keamanan nasional. Oleh karena itu cyber security menjadi salah satu prioritas tertinggi dalam kebijakan keamanan nasional Inggris. Namun regulasi cyber security di Inggris sering kali mengundang perdebatan dan tentangan dari berbagai pihak. Penelitian ini bertujuan untuk mengkonstruksi pro dan kontra masyarakat terhadap regulasi tersebut serta menganalisis penyebab regulasi cyber security di Inggris bertentangan dengan prinsip HAM. Analisis dalam penelitian ini menggunakan teori keamanan dan teori masyarakat informasi dengan metode penelitian hukum normatif dan pendekatan kualitatif. Hasil dari penelitian ini menunjukkan bahwa regulasi cyber security di Inggris tidak mencerminkan nilai kebebasan individu serta dapat bersifat positif dan negatif di saat yang bersamaan. Di satu sisi bertujuan untuk melindungi kemanan seluruh warganya dari kejahatan serius dan di sisi lain tujuan tersebut diwujudkan melalui peraturan yang mencederai hak fundamental individu.

---

ABSTRACTInformation and communication technology utilized significantly in daily activities, so that critical infrastructures in the UK now dependent on conditions in cyberspace. It rsquo s not only bring advantages, but also could pose threats that affect national security. Therefore cyber security becomes one of the highest priorities in national security policy of the UK. Cyber security regulations in the UK are often invite debate and opposition from various parties. This study aimed to construct the pros and cons of the regulation and analyze the causes of its contrary to the principles of Human Rights. The analysis in this study uses security theory and the theory of the information society with normative legal research methods and qualitative approaches. The results of this study indicate that the regulation of cyber security in the UK do not reflect the values of individual freedom and could be positive and negative at the same time. On the one hand aims to protect the security of all citizens from serious crime and on the other hand this objective is manifested through regulations that harm the fundamental rights of individuals."

"The authors present a methodology for formally describing security protocols and their environment. This methodology includes a model for describing protocols, their execution model, and the intruder model. The models are extended with a number of well-defined security properties, which capture the notions of correct protocols, and secrecy of data. The methodology can be used to prove that protocols satisfy these properties. Based on the model they have developed a tool set called Scyther that can automatically find attacks on security protocols or prove their correctness. In case studies they show the application of the methodology as well as the effectiveness of the analysis tool."

"Over the last decade, mobile telecommunications has grown dramatically, from a niche technology to a massive industry. As the mobile phone becomes ubiquitous and the divisions between PCs, personal digital assistants, mobiles phones and other mobile devices becomes blurred, the security both of the information handled by these devices and the devices themselves becomes increasingly important. The book consists of 17 chapters covering current developments in security for mobility; underlying technologies; network security; mobile code issues; application security; and the future."

"Penggunaan Load Balancing pada aplikasi E-Voting memberikan hasil performa yang effisien untuk hasil test GET (download) dan hasil yang tidak effisien untuk hasil test POST (upload). Dengan menggunakan Load Balancing, angka yang diperoleh untuk throughput sebesar 750kbps. Pada test POST membutuhkan proses read dan write, throughput yang diperoleh kurang dari 2kbps. Pengukuran POST mendapatkan hasil yang tidak efisien dikarenakan penggunaan content server secara virtual (3 server pada satu machine). Algoritma Least Current Request menunjukkan performa terbaik dibandingkan dengan 3 algoritma lainnya, yaitu Least Response Time, Weighted Round Robin, dan Weighted Total Traffic. Kinerja Load Balancing tidak hanya dipengaruhi oleh jumlah paket data yang diakses, tetapi juga proses request apa yang dilakukan. Solusi terbaik adalah, Load Balancing diimplementasikan dengan menggunakan mesin yang memiliki spesifikasi yang tinggi pada database server dan setiap server pada server farms tidak dijalankan secara virtual.

---

The use of Load Balancing in the E-Voting application gives an efficient result for the GET (download) test, and an inefficient one for the POST (upload) test. Using Load Balancing, the resulting throughput is 750 kbps. The POST test needs read and write processes, making the resulting throughput less than 2 kbps. The POST test obtained inefficient results because the uses of content server virtualy (3 servers in one machine). Least Current Request algorithm shows the best performance compared to the other three in the measurement, which are Least Response Time, Weighted Round Robin, and Weighted Total Traffic. The performance of Load Balancing not only influenced by the numbers of data packet accessed, but also by the request process. The best solution is to implement Load Balancing on a high specification system on the server database, with no virtual machines for the servers"

"Dewasa ini, otentikasi berbasis password telah digunakan berbagai situs penyedia layanan berbasis web. Hal ini disebabkan kemudahan yang diberikan layanan Single Sign On (SSO) untuk memberikan akses ke berbagai aplikasi web melalui satu kali otentikasi password. Namun, layanan SSO memiliki kerentanan terhadap serangan password guessing, terutama serangan brute force dan dictionary attack. Penerapan protokol login berupa protokol Pinkas-Sander (PS), protokol van Oorchot-Stubblebine (VS) dan Password Guessing Resistant Protocol (PGRP) pada layanan SSO bertujuan untuk menyediakan layanan otentikasi berbasis password yang aman dan terpercaya bagi pengguna. Hal ini dipertimbangkan berdasarkan beberapa aspek, seperti keamanan (security), keberdayagunaan (usability) dan konsumsi sumber daya komputasi. Hasil pengujian menunjukkan bahwa protokol PGRP mendukung tiga aspek tersebut dengan baik. Protokol PGRP hanya memunculkan tiga kali CAPTCHA saat pengguna melakukan login secara benar menggunakan tiga akun berbeda, sedangkan protokol PS dan protokol VS memunculkan CAPTCHA sebanyak 30 kali. Selain itu, protokol PGRP menghasilkan utilisasi memory server otentikasi lebih kecil dibandingkan protokol PS dan protokol VS. Hal ini ditunjukkan oleh nilai rata-rata dari protokol PS memiliki selisih nilai utilisasi memory sebesar 226,1 kB ? 706,35 kB lebih kecil dibandingkan protokol PS dan protokol VS. Dengan demikian, protokol PGRP direkomendasikan untuk diterapkan pada layanan SSO.

---

Nowadays, password based authentication have been used by various web service provider. It is due to the convenience of Single Sign On (SSO) service to permit a user to access into multiple web applications through password authentication at once. However, password based authentication prone to password guessing attacks, especially brute force and dictionary attack. The implementation of login protocol as PS protocol, VS protocol and Password Guessing Resistant Protocol (PGRP) in SSO service aim to provide a secured and trustworthy password based authentication service for legitimated users. It will be considered based on several aspect including security, usability and computation resource consumption.

The experiment's result show that PGRP is able to support the three aspect of SSO service. PGRP protocol only challenged CAPTCHA three times when user use three different account, whereas PS protocol and VS protocol challenged CAPTCHA 30 times. In addition, PGRP protocol result memory utilization of authentication server less than protocol PS and protocol VS. It was showed by average value of memory utilization about 226.1 kB to 706.35 kB less than PS protocol and VS protocol. Thus, PGRP protocol is recommended to be implemented on SSO service."

"Collaboration with cloud computing discusses the risks associated with implementing these technologies across the enterprise and provides you with expert guidance on how to manage risk through policy changes and technical solutions.Drawing upon years of practical experience and using numerous examples and case studies, author Ric Messier discusses :- The evolving nature of information security- The risks, rewards, and security considerations when implementing SaaS, cloud computing and VoIP- Social media and security risks in the enterprise- The risks and rewards of allowing remote connectivity and accessibility to the enterprise network"

"It may seem a strange place to start, but a good beginning here is the Boston Marathon bombings in April, 2013 and the days that followed. In particular, the Friday when officials shut down the city of Boston and neighboring communities. Businesses all over the city were forced to shut down while the manhunt took place over the course of the day on Friday. While retail establishments were really out of luck because no one on the streets meant no one in the stores, other businesses were able to continue to operate because of a number of technologies that allowed remote workers to get access to their files, the systems they needed and their phone systems. Any business that implemented a full Unified Communications (UC) solution could have employees also communicating with instant messaging and know who was on-line because of the presence capabilities. Additionally, news of the events spread quickly and less because of news outlets who were, quite rightly, not allowed to provide specifics about many of the activities"-- Provided by publisher."

"Teknologi komputasi cloud merupakan sebuah pool besar yang terdiri dari sumber daya komputasi yang di virtualisasikan, sehingga pengguna dapat mengakses dan menggunakannya. Cloud telah diadaptasi oleh banyak perusahaan besar di bidang IT, seperti Google, IBM, Amazon dan masih banyak lagi. Oleh karena itu, keamanan pada teknologi cloud menjadi prioritas utama, sehingga bisa terhindar dari serangan cyber. Advanced Persistent Threat (APT) merupakan sebuah serangan cyber yang bertujuan untuk mendapatkan akses terhadap sistem atau jaringan, sehingga bisa melakukan pencurian data. Berbeda dengan teknik pencurian data biasa yang bersifat "smash and grab", APT akan tetap berada pada sistem target dalam periode waktu tertentu, sehingga penyerang bisa mengakses dan mengambil data target secara terus menerus, tanpa bisa terdeteksi. Hal ini membuat APT menjadi salah satu ancaman cyber yang sulit untuk dicegah, khususnya pada cloud environment. Metode keamanan analitik menjadi salah satu solusi yang bisa digunakan untuk bisa mengatasi serangan APT pada cloud environment, hal ini dikarenakan data yang dihasilkan semakin banyak, dan infrastruktur dari cloud juga mempunyai kapasitas yang besar untuk bisa menangani banyak nya data yang dihasilkan, sehingga metode keamanan lama yang sering diterapkan menjadi tidak lagi efisien. Salah satu metode keamanan analitik yang dapat diterapkan pada teknologi cloud adalah dengan menggunakan Security Information Event Management (SIEM) yang disediakan oleh banyak vendor seperti IBM dengan IBM QRadar. Hasilnya didapatkan bahwa kinerja tingkat deteksi SIEM dengan IBM Qradar terhadap ancaman serangan APT tidak optimal dengan pendeteksian hanya sebesar 57,1% dan yang terdeteksi sebagai kategori penyerangan sebesar 42,9% dari total 4 serangan yang dilancarkan. Hal ini dikarenakan IBM Qradar memerlukan beberapa ekstensi tambahan, sehingga membutuhkan resource komputasi yang lebih besar agar bisa meningkatkan kemampuan deteksi terhadap serangan APT.

---

Cloud computing technology is a large pool of virtualized computing resources, so that users can access and use them. Cloud has been adapted by many large companies in the IT field, such as Google, IBM, Amazon and many more. Therefore, security in cloud technology is a top priority, so that it can avoid cyber attacks. Advanced Persistent Threat (APT) is a cyber attack that aims to gain access to a system or network, so that it can carry out data theft. Unlike the usual "smash and grab" data theft technique, the APT will remain on the target system for a certain period of time, so that attackers can access and retrieve target data continuously, without being detected. This makes APT one of the most difficult cyber threats to prevent, especially in cloud environments. Analytical security methods are one of the solutions that can be used to overcome APT attacks in the cloud environment, this is because more and more data is generated, and the infrastructure of the cloud also has a large capacity to be able to handle a lot of data generated, so the old security method which are often applied become inefficient. One of the analytical security methods that can be applied to cloud technology is to use Security Information Event Management (SIEM) that have been provided by many vendors such as IBM with IBM Qradar. The result shows that the performance of SIEM detection rate with IBM Qradar against APT attack is not optimal with only 57.1% detection rate and 42.9% detected as an attack category out of a total of 4 attacks launched. This is because IBM Qradar needs some additional extension, thus requiring more additional computing resources in order to increase the detection rate ability against APT attack."