BSI Mikrotik Security Presentation PdfCo
RikiDarmawan10
21 views
69 slides
Aug 20, 2024
Slide 1 of 69
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
About This Presentation
Mikrotik form office
Slide Content
MikroTik
Network Security By: Oky Tria Saputra
Jakarta, April 28, 2016
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
1
Network Security By: Oky Tria Saputra
Jakarta, April 28, 2016
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
1
about me
Oky Tria Saputra
Awal kenal MikroTik pada tahun 2009
Lulusan dari
Pesantren Networkers
Certified MTCNA, MTCRE, MTCWE,
MTCTCE, MTCINE, Mikrotik Certified
Trainer, Mikrotik Academy Coordinator
2014 : System Engineer at Softbank
Telecom Indonesia
2015 - Now : Network Engineer at
ID - Networkers
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Oky Tria Saputra
Awal kenal MikroTik pada tahun 2009
Lulusan dari
Pesantren Networkers
Certified MTCNA, MTCRE, MTCWE,
MTCTCE, MTCINE, Mikrotik Certified
Trainer, Mikrotik Academy Coordinator
2014 : System Engineer at Softbank
Telecom Indonesia
2015 - Now : Network Engineer at
ID - Networkers
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Previous Job. . .
Softbank Telecom Indonesia
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Softbank Telecom Indonesia
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Four Quadrant
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Most Indonesian people want to be an “Employee”
Quit from Comfort Zone, move, move, move!
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Most Indonesian people want to be an “Employee”
Quit from Comfort Zone, move, move, move!
ID NETWORKERS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
In the Most Prestigious Networking Certification
EXPERT LEVEL TRAINERS & CONSULTANS
OVERVIEW
We are young entrepreneurs, we are only one training
partner & consultant who has expert level trainers in the
most prestigious networking certification, CCIE Guru ,
JNCIE Guru and MTCINE guru, which very limited
number in Indonesia even Asia. Proven that hundred of
our students pass the certification exam every year. We
are the biggest certification factory in Indonesia.
WEBSITE
www.idn.id | www.trainingmikrotik.com
5
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
In the Most Prestigious Networking Certification
EXPERT LEVEL TRAINERS & CONSULTANS
OVERVIEW
We are young entrepreneurs, we are only one training
partner & consultant who has expert level trainers in the
most prestigious networking certification, CCIE Guru ,
JNCIE Guru and MTCINE guru, which very limited
number in Indonesia even Asia. Proven that hundred of
our students pass the certification exam every year. We
are the biggest certification factory in Indonesia.
WEBSITE
www.idn.id | www.trainingmikrotik.com
5
Activity Now. . .
Wireless Bootcamp, Bandung MTCRE, Batam MTCNA, Medan
Seminar, Samarinda Seminar, Jakarta Seminar, Kendari
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Wireless Bootcamp, Bandung MTCRE, Batam MTCNA, Medan
Seminar, Samarinda Seminar, Jakarta Seminar, Kendari
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(2) Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(3) Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(4)
Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(4)
Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Colombo, Srilanka
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(5)
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(6)
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Activity Now. . .(7)
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Ohio, United States
of America
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
TECHNOLOGY TREND
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
or
Source:ericsson.com
Which one you want to be?
JUST WATCHER
PLAYER
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
or
Source:ericsson.com
Which one you want to be?
JUST WATCHER
PLAYER
SECURITY?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
SECURITY GUARD
Source image http://akarpadinews.com/
15
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
SECURITY GUARD
Source image http://akarpadinews.com/
15
INTERNET SECURITY THREATS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
oInformation gathering
oSniffing and eavesdropping
oSpoofing
oSession hijacking and man-in-
the-middle attacks 0 SQL
injection
oARP Poisoning
oPassword-based attacks
oDenial of service attack
oCompromised-key attack
oMalware attacks
oTarget Footprinting
oPassword attacks
oDenial of service attacks
oArbitrary code execution
oUnauthorized access Privilege
escalation
oBack door Attacks
oPhysical security threats
o Data/Input validation
o Authentication and Authorization
attacks
o Configuration management
o Information disclosure
o Session management issues
o Cryptography attacks
o Parameter manipulation
o Improper error handling and
exception management
Host Threats Application Threats Network Threats
16
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
oInformation gathering
oSniffing and eavesdropping
oSpoofing
oSession hijacking and man-in-
the-middle attacks 0 SQL
injection
oARP Poisoning
oPassword-based attacks
oDenial of service attack
oCompromised-key attack
oMalware attacks
oTarget Footprinting
oPassword attacks
oDenial of service attacks
oArbitrary code execution
oUnauthorized access Privilege
escalation
oBack door Attacks
oPhysical security threats
o Data/Input validation
o Authentication and Authorization
attacks
o Configuration management
o Information disclosure
o Session management issues
o Cryptography attacks
o Parameter manipulation
o Improper error handling and
exception management
Host Threats Application Threats Network Threats
16
INTERNET CRIME
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Cybercrime Gang Tied to 20
Million Stolen Cards
17
Source image =freepix.com
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Cybercrime Gang Tied to 20
Million Stolen Cards
17
Source image =freepix.com
INTERNET CRIME REPORT
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
230,000
240,000
250,000
260,000
270,000
280,000
290,000
300,000
310,000
320,000
2010 2011 2012 2013 2014
Internet Crime Compliant
•Victims are encouraged by law
enforcement to file a complaint
online at www.ic3.gov
•Total Complaints Received in 2014
is amount 269,422
•Complaints Reporting a Loss is
123,684
•Total Losses Reported was
$800,492,073
Overall Statistic
The following is the crime report data from IC3; the Internet Crime Complaint Center (IC3) is a partnership among the
Federal Bureau of Investigation (FBI)
$800M
LOSS
YEAR
REPORT
18
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
230,000
240,000
250,000
260,000
270,000
280,000
290,000
300,000
310,000
320,000
2010 2011 2012 2013 2014
Internet Crime Compliant
•Victims are encouraged by law
enforcement to file a complaint
online at www.ic3.gov
•Total Complaints Received in 2014
is amount 269,422
•Complaints Reporting a Loss is
123,684
•Total Losses Reported was
$800,492,073
Overall Statistic
The following is the crime report data from IC3; the Internet Crime Complaint Center (IC3) is a partnership among the
Federal Bureau of Investigation (FBI)
$800M
LOSS
YEAR
REPORT
18
HACKING EFFECTS IN BUSINESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
19
Source image =freepix.com
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
19
Source image =freepix.com
HACKING EFFECTS IN BUSINESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Every business must provide strong security for its customers. Attackers use hacking techniques to steal, pilfer, and
redistribute intellectual property of businesses and in turn to make financial gain
Reputation
Business Loss
Revenue Loss
Compromise Information
According to the Symantec 2012 State of Information survey,
information costs businesses worldwide $1.1 trillion annually.
Theft of customers' personal information may risk
the business's reputation and invite lawsuits
Hacking can be used to steal, pilfer, and redistribute
intellectual property leading to business loss
Botnets can be used to launch various types of DoS and other web-based attacks,
which may lead to business down-time and significant loss of revenues
Attackers may steal corporate secrets and sell them to competitors,
compromise critical financial I information, and leak information to rivals
20
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Every business must provide strong security for its customers. Attackers use hacking techniques to steal, pilfer, and
redistribute intellectual property of businesses and in turn to make financial gain
Reputation
Business Loss
Revenue Loss
Compromise Information
According to the Symantec 2012 State of Information survey,
information costs businesses worldwide $1.1 trillion annually.
Theft of customers' personal information may risk
the business's reputation and invite lawsuits
Hacking can be used to steal, pilfer, and redistribute
intellectual property leading to business loss
Botnets can be used to launch various types of DoS and other web-based attacks,
which may lead to business down-time and significant loss of revenues
Attackers may steal corporate secrets and sell them to competitors,
compromise critical financial I information, and leak information to rivals
20
HACKING EFFECTS IN BUSINESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
21
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
21
HACKING EFFECTS IN BUSINESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
22
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
22
KNOW THE ATTACK
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
23
If you know both of yourself
and your enemies, you will
not be lose in a hundred
battles.
If you do not know yourself
nor your enemies, you will be
lose in every single battle.
(The Art of War - Sun Tzu).
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
23
If you know both of yourself
and your enemies, you will
not be lose in a hundred
battles.
If you do not know yourself
nor your enemies, you will be
lose in every single battle.
(The Art of War - Sun Tzu).
WHO IS HACKER?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Multitude of Reasons
•Intelligent individuals with excellent computer
skills
•Hacking is a hobby to see how many
computers or networks they can compromise
•Their intention can either be to gain knowledge
or to poke around doing illegal things
•Some hack with malicious intent, such as
stealing business data, credit card information,
social security numbers, email passwords, etc.
A hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive
data, or perform malicious attacks.
24
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Multitude of Reasons
•Intelligent individuals with excellent computer
skills
•Hacking is a hobby to see how many
computers or networks they can compromise
•Their intention can either be to gain knowledge
or to poke around doing illegal things
•Some hack with malicious intent, such as
stealing business data, credit card information,
social security numbers, email passwords, etc.
A hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive
data, or perform malicious attacks.
24
HER?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
25
The Girl with the Dragon Tattoo Movie
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
25
The Girl with the Dragon Tattoo Movie
HIM?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
26
M16 Agent at James Bond Movie
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
26
M16 Agent at James Bond Movie
HIM?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
27
User Warnet
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
27
User Warnet
THEM ?
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
28
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
28
HACKING PHASE
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
29
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
29
GATHER INFORMATION
gathers as much information as possible about the target prior to launching the attack.
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
SOCIAL ENGINEERING ATTACK
because there is no patch for human stupidity.
30
gathers as much information as possible about the target prior to launching the attack.
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
SOCIAL ENGINEERING ATTACK
because there is no patch for human stupidity.
30
GOOGLE SCAM
How to bypass the two-factor google authentication systems using fake SMS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
31
How to bypass the two-factor google authentication systems using fake SMS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
31
Hacking Scene !
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
32
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
32
PORT SCANNING
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Port scanners can be used to detect listening ports to find information about the nature of services
running on the target machine
33
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Port scanners can be used to detect listening ports to find information about the nature of services
running on the target machine
33
PORTS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also
be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering.
•Port is an specific application or specific process on the computer /
host running that running service.
•In a host, total number of port is 65535, with numbering classification
as follows:
1.From 0 to 1023 (well-known ports),
2.From 1024 to 49151 (registered port),
3.From 49152 to 65535 (unregistered / dynamic, private or
ephemeral ports)
34
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
The primary defense technique in this regard is to shut down services that are not required. Appropriate filtering may also
be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering.
•Port is an specific application or specific process on the computer /
host running that running service.
•In a host, total number of port is 65535, with numbering classification
as follows:
1.From 0 to 1023 (well-known ports),
2.From 1024 to 49151 (registered port),
3.From 49152 to 65535 (unregistered / dynamic, private or
ephemeral ports)
34
SERVICE PORT
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
21 22
53 80
35
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
21 22
53 80
35
GAINING ACCESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Software applications
come with large number
of functionalities and
features
Most administrators don't
have the necessary skills
to maintain or fix issues,
which may lead to
configuration errors
some scripts have
various vulnerabilities,
which can lead to shrink
wrap code attacks
Attackers search for OS
vulnerabilities and exploit
them to gain access to a
network system
OPERATING SYSTEM APPLICATION LEVEL MISCONFIGURATION SRINK WRAP CODE
36
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Software applications
come with large number
of functionalities and
features
Most administrators don't
have the necessary skills
to maintain or fix issues,
which may lead to
configuration errors
some scripts have
various vulnerabilities,
which can lead to shrink
wrap code attacks
Attackers search for OS
vulnerabilities and exploit
them to gain access to a
network system
OPERATING SYSTEM APPLICATION LEVEL MISCONFIGURATION SRINK WRAP CODE
36
INTRUSION DETECTION SYSTEM
37
37
INTRUSION DETECTION SYSTEM
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Intrusion: activities that can detected as
anomalies, incorrect, inappropriate occurring on
the network or host, usually done by hacker
•IDS (Intrusion Detecting System): system that
can detect intrusion, it is like the alarm system
38
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Intrusion: activities that can detected as
anomalies, incorrect, inappropriate occurring on
the network or host, usually done by hacker
•IDS (Intrusion Detecting System): system that
can detect intrusion, it is like the alarm system
38
INTRUSION DETECTION SYSTEM
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
39
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
39
BACKGROUND
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Admin can not always monitor the servers directly or
always login in to check the servers for intruder.
•We need firewall not just to blocking intruder, but also
log and report them to admin immediately.
•In wide network with many MikroTik router, we don’t
know which is under attack.
•We can report the to the IP owner of the intruders as
abuse.
40
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Admin can not always monitor the servers directly or
always login in to check the servers for intruder.
•We need firewall not just to blocking intruder, but also
log and report them to admin immediately.
•In wide network with many MikroTik router, we don’t
know which is under attack.
•We can report the to the IP owner of the intruders as
abuse.
40
HOW IDS WORK
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Passive System
sensor detects a potential security breach
logs the information
alert on the console
•Reactive System
Like Passive System, but plus:
auto-responds (resetting the connection or drop the
traffic) from intruders
Send the report to admin
41
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Passive System
sensor detects a potential security breach
logs the information
alert on the console
•Reactive System
Like Passive System, but plus:
auto-responds (resetting the connection or drop the
traffic) from intruders
Send the report to admin
41
ATTACK PROCESS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
42
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
42
DROP BY FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
43
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
43
DROP BY FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
44
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
44
IDS WORK FLOW IN MIKROTIK
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
45
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
45
MALICIOUS CONNECTION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Kind of Malicious Connection
•From outside:
Port Scanning, Brute Force, DDoS attack
•From inside:
Virus, spam, ilegal Tunneling (utrasurf),
Anonymous Proxy, Internet Download
manager, url filtered.
46
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Kind of Malicious Connection
•From outside:
Port Scanning, Brute Force, DDoS attack
•From inside:
Virus, spam, ilegal Tunneling (utrasurf),
Anonymous Proxy, Internet Download
manager, url filtered.
46
DEMO SECTION
47
47
TOOLS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
We want simulation with the following tools:
•MikroTik (I am using RB 751)
as IDS machine
•Attacker (my laptop)
it will attack the MikroTik with different method
•Email Account (gmail account)
there are 1 email for smtp relay and some mail as mail
of administrator.
48
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
We want simulation with the following tools:
•MikroTik (I am using RB 751)
as IDS machine
•Attacker (my laptop)
it will attack the MikroTik with different method
•Email Account (gmail account)
there are 1 email for smtp relay and some mail as mail
of administrator.
48
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Router Identity
In menu /system identity, set the router name, ex : customer identity
Why we must set the router id?
–If we have many routers, which one is being attacked.
–Because router identity will be informed in email as subject.
49
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Router Identity
In menu /system identity, set the router name, ex : customer identity
Why we must set the router id?
–If we have many routers, which one is being attacked.
–Because router identity will be informed in email as subject.
49
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure Mikrotik to Send e-mail
Create mail account for the smtp relay, In this lab we using Gmail.
In /tool e-mail , set the smtp server, your username & password of gmail
/tool email
set address=74.125.141.108 user=yourgmailuser
password=yourpassword port=587
Lets try to send some email to make sure its work
50
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure Mikrotik to Send e-mail
Create mail account for the smtp relay, In this lab we using Gmail.
In /tool e-mail , set the smtp server, your username & password of gmail
/tool email
set address=74.125.141.108 user=yourgmailuser
password=yourpassword port=587
Lets try to send some email to make sure its work
50
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•To protect the router from unauthorized access,
both originating from the WAN (Internet) or from
the LAN (local).
•To protect the network that through the router.
•In MikroTik, firewall has many features that are
all included in the IP Firewall menu.
•Basic Firewall in MikroTik configure at
IP>Firewall>Filter Rule.
51
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•To protect the router from unauthorized access,
both originating from the WAN (Internet) or from
the LAN (local).
•To protect the network that through the router.
•In MikroTik, firewall has many features that are
all included in the IP Firewall menu.
•Basic Firewall in MikroTik configure at
IP>Firewall>Filter Rule.
51
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Each firewall filter rules are organized in a chain and read
sequentially.
•Each chain will be read by the router from top to bottom.
•In Firewall Filter Rule there 3 default chain
•input – processes packets sent to the router
•output – processes packets sent by the router
•forward – processes packets sent through the router
•In addition to the 3 default chain, We can make chain by our self as
needed.
•Every user-defined chain should subordinate to at least one of the
default chains
52
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Each firewall filter rules are organized in a chain and read
sequentially.
•Each chain will be read by the router from top to bottom.
•In Firewall Filter Rule there 3 default chain
•input – processes packets sent to the router
•output – processes packets sent by the router
•forward – processes packets sent through the router
•In addition to the 3 default chain, We can make chain by our self as
needed.
•Every user-defined chain should subordinate to at least one of the
default chains
52
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Rules can be placed in three default chains
•input (to router)
•output (from router)
•forward (trough the router)
Input
Winbox
Forward
WWW E-Mail
Output
Ping from Router
53
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Rules can be placed in three default chains
•input (to router)
•output (from router)
•forward (trough the router)
Input
Winbox
Forward
WWW E-Mail
Output
Ping from Router
53
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Rule IF….THEN….
•IF packet match with our define criteria.
•THEN what will we do for that packet?
•In IP firewall IF condition define in tab General,
Advanced and Extra, and THEN condition define
in Action tab
54
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
•Rule IF….THEN….
•IF packet match with our define criteria.
•THEN what will we do for that packet?
•In IP firewall IF condition define in tab General,
Advanced and Extra, and THEN condition define
in Action tab
54
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
IP>Firewall>Filter Rules>General
55
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
IP>Firewall>Filter Rules>General
55
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
IP>Firewall>Filter Rules>Extra
56
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
IP>Firewall>Filter Rules>Extra
56
MIKROTIK FIREWALL
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
accept - accept the packet. Packet is not passed to next firewall rule.
add-dst-to-address-list - add destination address to address list
specified by address-list parameter
add-src-to-address-list - add source address to address list
specified by address-list parameter
drop - silently drop the packet
jump - jump to the user defined chain specified by the value of jump-
target parameter
log - add a message to the system log containing following data: in-
interface, out-interface, src-mac, protocol, src-ip:port->dst-ip:port and
length of the packet. After packet is matched it is passed to next rule
in the list, similar as passthrough
passthrough - ignore this rule and go to next one (useful for
statistics).
reject - drop the packet and send an ICMP reject message
return - passes control back to the chain from where the jump took
place
tarpit - captures and holds TCP connections (replies with SYN/ACK
to the inbound TCP SYN packet)
IP>Firewall>Filter Rules>Action
57
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
accept - accept the packet. Packet is not passed to next firewall rule.
add-dst-to-address-list - add destination address to address list
specified by address-list parameter
add-src-to-address-list - add source address to address list
specified by address-list parameter
drop - silently drop the packet
jump - jump to the user defined chain specified by the value of jump-
target parameter
log - add a message to the system log containing following data: in-
interface, out-interface, src-mac, protocol, src-ip:port->dst-ip:port and
length of the packet. After packet is matched it is passed to next rule
in the list, similar as passthrough
passthrough - ignore this rule and go to next one (useful for
statistics).
reject - drop the packet and send an ICMP reject message
return - passes control back to the chain from where the jump took
place
tarpit - captures and holds TCP connections (replies with SYN/ACK
to the inbound TCP SYN packet)
IP>Firewall>Filter Rules>Action
57
IP Firewall Filter Rule (Extra) - PSD
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
PSD (Port Scan Detection)
Filter or and identify port scanning (TCP)
low port : 0 – 1023
high port : 1024 - 65535
58
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
PSD (Port Scan Detection)
Filter or and identify port scanning (TCP)
low port : 0 – 1023
high port : 1024 - 65535
58
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure IP Firewall to detect Port Scan Detect
/ip firewall filter
add action=add-src-to-address-list address-list=port_scaners
address-list-timeout=5m10s chain=input comment="QUICK
SCANNING" psd=21,3s,3,1
Add chain=input protocol=icmp reject-with=icmp-host-unreachable
src-address-list=port_scaners action=reject
59
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure IP Firewall to detect Port Scan Detect
/ip firewall filter
add action=add-src-to-address-list address-list=port_scaners
address-list-timeout=5m10s chain=input comment="QUICK
SCANNING" psd=21,3s,3,1
Add chain=input protocol=icmp reject-with=icmp-host-unreachable
src-address-list=port_scaners action=reject
59
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure MikroTik to Run the Script
Scripts can be written directly to console or can be stored in Script
repository
•Example script that directly run in console:
[admin@MikroTik]>:put (45+23+1)
•Script repository ( /system script) can be run by running other
script, on event scheduler or netwatch
60
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure MikroTik to Run the Script
Scripts can be written directly to console or can be stored in Script
repository
•Example script that directly run in console:
[admin@MikroTik]>:put (45+23+1)
•Script repository ( /system script) can be run by running other
script, on event scheduler or netwatch
60
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in Script Repository (/system script)
:foreach a in=[/ip firewall address-list find list=port_scaners] do={:global
ip [/ip firewall address-list get $a address];
:log warning ("Scan Attack from:" .$ip);
:local sysname [/system identity get name];
:local date [/system clock get date];
:local time [/system clock get time];
/tool e-mail send from="Router $sysname<[email protected]>"
to="[email protected]" start-tls=yes server=74.125.127.108
port=587 user=mikrotik.ids password=t3ddyb3ar subject="Scan Attack!" body="
Dear Admin, \n \nWe have note that on $date at $time. There is scanning attack
to $sysname from IP $ip, and has been blocked by firewall. \nSee
http://whois.sc/$ip for detail IP attacker information. \n \n Thanks & Regard
\nIDS Machine":log warning "IP intruder telah diblock dan Email report telah
dikirim."}
Find match address list
Get the IP address
Log it on machine
Get router id, date & time
send the report
61
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in Script Repository (/system script)
:foreach a in=[/ip firewall address-list find list=port_scaners] do={:global
ip [/ip firewall address-list get $a address];
:log warning ("Scan Attack from:" .$ip);
:local sysname [/system identity get name];
:local date [/system clock get date];
:local time [/system clock get time];
/tool e-mail send from="Router $sysname<[email protected]>"
to="[email protected]" start-tls=yes server=74.125.127.108
port=587 user=mikrotik.ids password=t3ddyb3ar subject="Scan Attack!" body="
Dear Admin, \n \nWe have note that on $date at $time. There is scanning attack
to $sysname from IP $ip, and has been blocked by firewall. \nSee
http://whois.sc/$ip for detail IP attacker information. \n \n Thanks & Regard
\nIDS Machine":log warning "IP intruder telah diblock dan Email report telah
dikirim."}
Find match address list
Get the IP address
Log it on machine
Get router id, date & time
send the report
61
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in Script Repository (/system script)
Download script from www.trainingmikrotik.com/ids
62
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in Script Repository (/system script)
Download script from www.trainingmikrotik.com/ids
62
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in System Scheduler
In /system schedule add schedule in order to run the scripts within a certain period
Interval set to 5m, because the ip address list time out set to 5m 10s,
its to ensure that the IP in address-list sent once.
63
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Configure in System Scheduler
In /system schedule add schedule in order to run the scripts within a certain period
Interval set to 5m, because the ip address list time out set to 5m 10s,
its to ensure that the IP in address-list sent once.
63
MIKROTIK CONFIGURATION
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
In /system log, add logging for mail topics, Its make us easy to get the log if there are
troubleshoot in send mail
64
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
In /system log, add logging for mail topics, Its make us easy to get the log if there are
troubleshoot in send mail
64
ATACKER DEMO
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
–Today most of the attackers who attacked
continuously usually is a machine or boot
–In this demonstration, we will use Software for
testing/simulation
–For demo, We will using Nmap for scanning and
Brute Force for involves systematically checking
all possible code, combination, or password until
the correct one is found
65
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
–Today most of the attackers who attacked
continuously usually is a machine or boot
–In this demonstration, we will use Software for
testing/simulation
–For demo, We will using Nmap for scanning and
Brute Force for involves systematically checking
all possible code, combination, or password until
the correct one is found
65
ATACKER DEMO
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Download NMAP from https://nmap.org/, and run it:
66
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Download NMAP from https://nmap.org/, and run it:
66
ATACKER DEMO
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Check in your email inbox:
67
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
Check in your email inbox:
67
CONCLUTIONS
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
We can change our mikrotik box to become a
smart machine that inform us if it’s attacked by
intruders.
We can improve this method to any malicious
connection
68
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
We can change our mikrotik box to become a
smart machine that inform us if it’s attacked by
intruders.
We can improve this method to any malicious
connection
68
“If you cannot survive in the tired of learning, then you will be suffering by the pain of stupidity” (Imam
Syafi’i)
THANK YOU
FOR YOUR TIME
If you have any other questions or would like me
to clarify anything else, please, let me know. I am
always glad to help in any way I can
Jakarta, Indonesia
www.trainingmikrotik.com
[email protected]
+62 85780740217
@okytria
www.facebook.com/okytria
ADDRESS:
WEBSITE:
EMAIL:
TELEPHONE:
id.linkedin.com/in/okytria/
okytria
CONTACT
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
69
Syafi’i)
THANK YOU
FOR YOUR TIME
If you have any other questions or would like me
to clarify anything else, please, let me know. I am
always glad to help in any way I can
Jakarta, Indonesia
www.trainingmikrotik.com
[email protected]
+62 85780740217
@okytria
www.facebook.com/okytria
ADDRESS:
WEBSITE:
EMAIL:
TELEPHONE:
id.linkedin.com/in/okytria/
okytria
CONTACT
Oky Tria Saputra | [email protected] | 0857 8074 0217 | www.idn.id | Bina Sarana Informatika
69
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 21
- Slides 69
- Age 470 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views