Pengamanan Sistem Informasi Instansi, studi kasus pemkot bogor

GhesangPratano 1 views 16 slides Oct 11, 2025
Slide 1
Slide 1 of 16
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16

About This Presentation

paparan pandi

Size: 1.49 MB
Language: en
Added: Oct 11, 2025
Slides: 16 pages

Slide Content

Pengamanan sistem informasi instansi, studi kasus Pemerintah Kota Bogor Basuki Suhardiman [email protected] / [email protected]

Judi Online (Judol) dll Pola Memanfaatkan celah pada domain-domain yang populer dan banyak digunakan pengguna Internet *.go.id ; *.ac.id , *.sch.id Memanfaatkan kelemahan yang ada pada sistem (vulnerable dll) Sistem lama yang tidak terupdate Wordpress Php OJS Moodle Webserver (web deface) SQL Injection Cross-site scripting Command injection https://trends.google.com/trends/explore?date=now%207-d&geo=ID&hl=en

Pola yang biasa terjadi ( web deface)

Apa yang harus dilakukan ? Check berkala dengan beberapa tools yang biasa digunakan kebanyakan orang di cyberspace Buat Kebijakan terkait tata kelola dengan rujukan misalnya mengadopsi CyberSecuriy Framework NIST Buat Pandungan penanganan masalah cybersecurity (Judol dll) Kerjasama dengan para pihak terkait BSSN PANDI APJI Perguruan Tinggi Sekolah/SMK Gunakan tools untuk mengetahui kondisi internal masing - masing Linux Kali Security Wazuh ( https://wazuh.com/ ) OpenVAS (https://www.openvas.org/)

Scan Report (Studi kasus kominfo.kotabogor.go.id)

Severity Count Deskripsi High 5 Critical vulnerabilities in PHPMailer allowing Remote Code Execution (RCE), Object Injection, and End-of-Life usage. Medium 4 Includes XSS, information disclosure, SMTP CRLF injection, and missing 'Secure' cookie flag. Low 1 Weak MAC algorithms in SSH configuration.

Step-by-Step Fix Guide 1. Update PHPMailer (Critical – High Priority) The core issue is that PHPMailer version 5.2.9 is outdated, unsupported (End-of-Life), and vulnerable to multiple critical exploits. 🔴 Why it's dangerous: Allows Remote Code Execution (RCE) – attackers can run arbitrary code on your server. Vulnerable to Object Injection , XSS , CRLF injection , and information disclosure . CVE-2016-10033 , CVE-2016-10045 , and others are known exploited vulnerabilities (KEV) . Upgrade PHPMailer to the latest stable version (6.x or newer) : Remove vulnerable files : Replace old code : Verify installation path :

Tasks Priority Command/Action 1. Update PHPMailer to v6.0.6+ 🔴 High composer require phpmailer/phpmailer 2. Delete class.html2text.php 🔴 High rm extras/class.html2text.php 3. Block access to /PHPMailer-master 🔴 High Web server deny rule 4. Set Secure flag on cookies 🟠 Medium Update PHP/config settings 5. Disable weak SSH MACs 🟡 Low Edit sshd_config , restart SSH 6. Apply HTTP security headers 🟠 Medium Add HSTS, X-Frame-Options, etc. Apa Yang Harus dilakukan ?

Technical Measures (System Hardening) Network Security Firewalls : Control incoming/outgoing traffic. Intrusion Detection/Prevention Systems (IDS/IPS) : Detect and block suspicious activity. Web Application Firewall (WAF) : Protects websites from exploits like SQL injection, XSS. ✅ Endpoint Security Antivirus/Antimalware : Keep up to date. Endpoint Detection and Response (EDR) tools. Disable unused ports, services, and admin accounts. ✅ Secure Configuration Regular patching (OS, applications, firmware). Use strong, unique passwords or password managers . Multi-Factor Authentication (MFA) everywhere possible Secure Communication VPNs for remote access. TLS/SSL for all web services (HTTPS). Email encryption and DMARC/DKIM/SPF to prevent spoofing

2. Kebijakan (Policy) dan Tatakelola (Governance) ✅ Access Control Principle of Least Privilege (PoLP) : Only give users the access they need. Role-Based Access Control (RBAC) or Zero Trust Architecture . ✅ Backup & Recovery Regular, offline or immutable backups . Test restoration procedures regularly. ✅ Logging & Monitoring Centralized logging (e.g., via SIEM ). Alert on anomalies (e.g., failed logins, unusual traffic). ✅ Vendor/Supply Chain Security Audit third-party software/services. Use secure APIs and software repositories

3. Aspek Manusia User Education Phishing simulations and training. Social engineering awareness . Policies on passwords , USB drives , and remote work . ✅ Incident Response Plan A clear response team , contact list, and playbook. Practice via tabletop exercises or red team/blue team drills. https://www.geeksforgeeks.org/software-engineering/software-engineering-capability-maturity-model-cmm/

Kesimpulan dan Saran Harus dipasang perangkat scanning untuk mengetahui kondisi setiap saat Sistem informasi yang beroperasi Penataan Sumberdaya perlu dilakukan terutama untuk SDM Pengembangan SDM menjadi kunci utama untuk menyelesaikan masalah termasuk masalah sisipan konten negatif (Judol dll) Sosialisasi perlu dilakukan terus menerus
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1
  • Slides 16
  • Age 55 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
50 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
38 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
36 views
Know for Certain 21
Know for Certain
DaveSinNM
24 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views
View More in This Category