Untuk mengamankan sistem kita, baik dari sisi fisik, infrastruktur dan aplikasinya, ada 8 aturan yang layak untuk kita pertimbangkan dalam menjalankan roda dan siklus sistem yang ber-tulang punggung pada layanan teknologi informasi (TIK). Berikut ini 8 aturan keamanan tersebut.

1. Rule of Least Privilege.
2. Rule of Change.
3. Rule of Trust.
4. Rule of the Weakest Link.
5. Rule of Separation.
6. Rule of the Three-Fold Process.
7. Rule of Preventative Action.
8. Rule of Immediate and Proper Response

Berikut sedikit detail masing-masing itemnya.

• Rule of Least Privilege – Only give enough access to a subject as required to do their job. My favorite quote is “The best security model is the one that lets you do anything… <pause> …that you are supposed to do”.
• Rule of Change Management – When you make a new change you expose your business to new risk. Any time a change is to occur you must consider all possible security implications.
• Rule of Trust – You must understand the implications of extending trust to anyone or anything within an organization. The rule of least privilege should prevail. Although you may trust your system administrator today, what happens when he holds a grudge towards you tomorrow ?
• Rule of the Weakest Link – The old analogy still stands… you are only as strong as your weakest link. Think about it in for a second.
• Rule of Separation – To effectively secure something, you must mitigate the risks associated with it by removing the threats around it. Isolating critical business resources and services to their own machines, followed by strengthening its offerings with the rule of least privilege, will significantly reduce the attack surface of the object you are trying to secure.
• Rule of the Three-Fold Process – Security is NOT just about technology implementation. Administrators love to install new fancy wiz bang things, but typically don’t follow through the entire security management lifecycle.
• Rule of Preventative Action – To effectively defend against the digital divide, you need to proactively assess the security in your environment. You need to keep aware of new security risks that are in the field; Keep current with security tracking mailing lists, RSS feeds etc. Regularly test your defences using vulnerability assessment tools before an attacker does. Maintain a strong three-fold process and keep your systems up to date with the latest security patches.
• Rule of Immediate and Proper Response – Long before you are ever breached, you should have an Incidence Response plan put in place. It has been seen in the past, that when an organization responds poorly to an intrusion, they typically do more harm than the attacker did.

Semoga bermanfaat.

Berikut ini tahapan aliran proses dalam melakukan proses investigasi bukti dijital sesuai alur proses dalam ethical hacking.

Semoga bermanfaat.

Gary McKinnon, a systems administrator gained illegal access and made unauthorized modifications to 97 computers belonging to the US government, including computers from the DoD, NASA and the National Security Agency over 12 months.

How Cyber Attacks have Evolved

1. Automation: increasing speed of attacks
2. Increasingly sophisticated attack tools
3. Faster discovery of vulnerabilities
4. Increasing permeability of firewalls
5. Increasingly asymmetric threat
6. Increasing threat from infrastructure attacks

Common Attacks

Backdoor
Bacteria
Buffer overflow/overrun
Compromised system utilities
E-mail forgery
E-mail relay
IP spoofing
Keystroke monitoring
Logic bomb
Mail bombing
Man in the middle
Masquerade
Network scanning
Packet sniffing
Password cracking
Ping flooding

Replay attack
Script kiddies
Security audit tools
Shell escapes
Shoulder surfing
Smurfing
Social engineering
SYN flooding
Traffic analysis
Trapdoor
Trojan horse
van Eck attack
Virus
War dialing
Worm

semoga dapat memahami apa maksud tulisan diatas, sukses selalu, amien.