Hasil Pencarian  ::  Simpan CSV :: Kembali

"one of important applicatons in GIS is the ability to determine position of an address. In the past years there were significant improvement in finding address position by internet mapping APIs komersial dan internet services...."

"Presents state-of-the-art research and practice in intelligence work. Describes novel tools and techniques for counterterrorism and open source intelligence. Provides perspectives on the future uses of open source intelligence. Since the 9/11 terrorist attacks in the United States, serious concerns were raised on domestic and international security issues. Consequently, there has been considerable interest recently in technological strategies and resources to counter acts of terrorism. In this context, this book provides a state-of-the-art survey of the most recent advances in the field of counterterrorism and open source intelligence, demonstrating how various existing as well as novel tools and techniques can be applied in combating covert terrorist networks. A particular focus will be on future challenges of open source intelligence and perspectives on how to effectively operate in order to prevent terrorist activities."

"Penetration testing is often considered an art as much as it is a science, but even an artist needs the right brushes to do the job well. Many commercial and open source tools exist for performing penetration testing, but it's often hard to ensure that you know what tools are available and which ones to use for a certain task. Through the next ten chapters, we'll be exploring the plethora of open source tools that are available to you as a penetration tester, how to use them, and in which situations they apply. Open source tools are pieces of software which are available with the source code so that the software can be modified and improved by other interested contributors. In most cases, this software comes with a license allowing for distribution of the modified software version with the requirement that the source code continue to be included with the distribution. In many cases, open source software becomes a community effort where dozens if not hundreds of people are actively contributing code and improvements to the software project. This type of project tends to result in a stronger and more valuable piece of software than what would often be developed by a single individual or small company. While commercial tools certainly exist in the penetration testing space, they're often expensive and, in some cases, too automated to be useful for all penetration testing scenarios. There are many common situations where the open source tools that we will be talking about fill a need better and (obviously) more cost effectively than any commercial tool. The tools that we will be discussing throughout this book are all open source and available for you to use in your work as a penetration tester."

"Intelijen identik dengan sesuatu yang sangat rahasia, baik itu orang-orangnya maupun aktivitasnya. Intelijen yang kita kenal biasanya berkaitan dengan ketahanan dan keamanan nasional. Namun dengan berkembangnya teknologi serta keterbukaan informasi saat ini, informasi-informasi yang bisa dimanfaatkan untuk diolah menjadi sebuah intelijen semakin terbuka. Dalam proses pengumpulan informasi selain dilakukan pengumpulan informasi secara tertutup, intelijen juga mengumpulkan informasi dari sumber terbuka, yaitu informasi yang tersedia di publik dan bisa diakses oleh siapapun. Pengolahan informasi dari sumber terbuka tersebut bisa menjadi sebuah intelijen yang bernilai dalam pengambilan keputusan. Penelitian ini bertujuan untuk melihat peran intelijen sumber terbuka (OSINT) dalam investigasi fraud, khususnya investigasi pada skema fraud dalam proses pengadaan barang dan jasa. Teori intelijen kriminal dan konsep proses OSINT dilakukan dalam melakukan analisis penelitian. Metode penelitian pada penelitian ini menggunakan metode kualitatif dengan sumber data primer dari wawancara dan juga sumber data sekunder melalui studi literatur. Hasil dari penelitian ini menyimpulkan bahwa OSINT mempunyai peran pada investigasi fraud, yaitu pada tahapan pengumpulan data dan informasi, serta pengumpulan bukti-bukti terkait dengan kasus fraud tersebut.

---

Intelligence is identical with something that is highly confidential, both its people and its activities. Intelligence as we know it is usually related to security and national security. However, with the development of technology and the current disclosure of information, information that can be used to be processed into intelligence is increasingly open. In the process of collecting information apart from collecting information in private, intelligence also collects information from open sources, namely information that is publicly available and can be accessed by anyone. Processing of information from these open sources can be a valuable intelligence in decision making. This study aims to look at the use of open source intelligence (OSINT) in fraud investigations, especially fraud schemes in the process of procuring goods and services. Intelligence criminal theory and OSINT process concept were used as tools of analysis in this research. This research method uses qualitative methods with primary data sources from interviews and secondary data sources through study of literature. The results of this study conclude that OSINT can be useful in fraud investigations, namely at the stage of collecting data and information, as well as collecting evidence related to the fraud case."

"Berdasarkan Lanskap Keamanan Siber Indonesia 2022, BSSN melaporkan terdapat 4.421.992 aktivitas APT dan 2.348 kasus defacement web di Indonesia pada tahun itu. Serangan yang ditujukan pada aplikasi web berfokus pada kelemahan aplikasi, yang disebut kelemahan atau celah keamanan. Akibatnya, penting untuk melakukan analisis dan evaluasi domain website organisasi riset tersebut. Metode yang digunakan adalah analisa deskriptif, yaitu data yang diperoleh disajikan dalam bentuk kalimat yang dideskripsikan. Sehingga memberikan kejelasan dari hasil analisis yang dilakukan. Indeks Keamanan Informasi (KAMI) sebagai alat untuk menilai kesiapan implementasi keamanan data. Serangkaian pertanyaan yang berkaitan dengan berbagai aspek digunakan untuk melakukan evaluasi. Kemudian OWASP ZAP sebagai tools vulnerability scanning, digunakan untuk mengidentifikasi tingkat kemungkinan kerentanan pada aplikasi berbasis web. Pada penelitian ini melakukan analisis dan evaluasi terhadap domain dan subdomain xyz.go.id yang terdapat di organisasi riset. Langkah pertama pengumpulan data target, selanjutnya dilakukan pengukuran dan pengujian tools dengan menggunakan Indeks KAMI pada kategori Sistem Eletronik. Langkah berikutnya dengan aplikasi OWASP ZAP digunakan untuk pengujian vulnerability scanning pada domain target. Data hasil DNSDumpster digunakan, dimana beberapa domain website xyz.go.id dijadikan sasaran penelitian untuk vulnerability scanning. Hasil penilaian Indeks KAMI menunjukkan bahwa 4 subdomain dianggap tergolong tinggi. Kemudian berdasarkan pengujian vulnerability scanning terhadap domain website xyz.go.id memiliki kerentanan dengan kategori low terdapat 15 peringatan, medium terdapat 32 peringatan, high terdapat 4 peringatan dan informational terdapat 20 peringatan. Dari hasil pengujian dapat dibuktikan pendeteksian dengan vulnerability scanning pada OWASP ZAP sangat efektif, meskipun ini tool open source sehingga tidak perlu menggunakan tool berbayar.

---

Based on the Indonesian Cybersecurity Landscape 2022, BSSN reported 4,421,992 APT activities and 2,348 web defacement cases in Indonesia that year. Attacks aimed at web applications focus on application weaknesses, called security flaws or gaps. As a result, it is important to conduct an analysis and evaluation of the research organization's website domain. The method used is descriptive analysis, in which the data obtained is presented in the form of sentences that are described. Information Security Index (KAMI Index) as a tool to assess the readiness of data security implementation A series of questions relating to various aspects are used to conduct the evaluation. Then OWASP ZAP as a vulnerability scanning tool, was used to identify the level of possible vulnerabilities in web-based applications. In this study, the analysis and evaluation of xyz.go.id domains and subdomains found in research organizations. The first step is collecting target data, then measuring and testing tools using the KAMI Index in the Electronic Systems category. The next step with the OWASP ZAP application is vulnerability scanning testing on the target domain. DNSDumpster result data is used, and several xyz.go.id website domains are used as research material for vulnerability scanning. The results of the KAMI Index assessment show that 4 subdomains are considered high. Then based on vulnerability scanning testing of the xyz.go.id website domain, it has a vulnerability with a low category of 15 warnings, a medium category of 32 warnings, a high category of 4 warnings, and an informational category of 20 warnings. From the test results, it can be proven that detection with vulnerability scanning on OWASP ZAP is very effective, even though this is an open source tool, so there is no need to use paid tools.

"

"Salah satu isu yang sangat penting dalam dunia internet saat ini adalah serangan-serangan dalam dunia maya dengan motivasi keuangan dan perangkat lunak berbahaya yang memiliki kemampuan untuk melakukan serangan secara otomatis. Honeypot dan IDS bekerja sama untuk memberikan solusi keamanan jaringan yaitu sebagai intrusion detection yang dapat mengumpulkan data serangan. Pada penelitian ini, akan dibangun sistem keamanan jaringan menggunakan Honeynet multiple sensor yang berbasis open-source. Integrasi beberapa sensor Honeypot dan IDS dalam satu sistem disebut Honeynet. Honeypot dan IDS diimplementasikan pada suatu Host komputer dengan menggunakan MHN server sebagai web server, yang didalamnya dibangun sensor-sensor seperti Dionaea, Glastopf, Wortpot, p0f, Snort, dan Suricata. Berdasarkan pengujian yang telah dilakukan diperoleh total keseluruhan alert yang berhasil direkam oleh sistem yaitu skenario 1: 5453 alert, skenario 2: 3021 alert, dan skenario 3:7035 alert dengan total keseluruhan serangan yaitu 15509 alert. Dari total keseluruhan serangan dideteksi 35% serangan berasal dari IP 192.168.1.103, 20% serangan berasal dari IP 192.168.1.104 , dan 45% serangan berasal dari IP 192.168.1.105. Hasil pengujian ini menunjukkan bahwa sistem telah berhasil menjebak, memonitoring, dan mendeteteksi serangan. Pengimplementasian sistem Honeynet ini bertujuan agar kekurangan dari suatu sensor seperti halnya hanya dapat mendeteksi serangan terhadap port dan protocol tertentu dapat diatasi oleh sensor yang lain. Sehingga apapun bentuk serangan yang ada dapat dideteksi. Penggunaan Honeynet multiple sensor berbasis open-source dapat menjadi langkah awal yang baik untuk mitigasi resiko dan sebagai peringatan awal adanya serangan cyber.

---

Recently, some of the important issues in the internet things are the attacks in a network with profit motivation and malicious software which has the ability to do the attack automatically. Honeypot and IDS are working together to give the solution for network security and act as the instrusion detection which has the ability to collect the attack's log.

This research will build network security system using multiple sensor Honeynet based on open-source. The integration of Honeypot's sensors and IDS in one system is called Honeynet. Honeypot and IDS are implemented in a computer host using MHN server as the web server, that contains various of sensors such as Dionaea, Glastopf, Wortpot, p0f, Snort, and Suricata.

Based on the research that has been done, it showed total of alerts that is successfully recorded by system are for the first scenario, there are 5453 alerts, second scenario is 3021 alerts, and the third scenario is 7035 alerts with total of alerts are 15509. From the total attacks, it is detected that 35% of the attacks are from IP address 192.168.1.103, 20% are from IP 192.168.1.104, and the 45% are from IP 192.168.1.105.

This testing result showed that the system successfully monitores and detected the attacks. The purpose of this implementation of Honeynet system is that one sensor can be able to handle another sensor's lack of ability, such as that can only detect the attack to the particular port and protocol. So, it can detect all various of attack. The application of Honeypot multiple sensors based on open-source could be the first step for the risk mitigation and acts as the first alert for the possibility of attack."