Senin, 13 Desember 2010

What exactly is hacking

The term probably originated in the 1960s when the modern computing system was evolving and people were studying computers in the labs of the Massachusetts Institute of Technology (MIT). There were a few people who could make the system work faster or differently and they were called hackers. These people were programmers who could simply break into a computer to see its code — the statements written by the original programmers to specify the actions to be performed by a computer.

Most of these early hackers were visionaries who would later shape the computer industry in the way we see it today. But in the 1970s this word started getting a bad reputation after the emergence of phone hackers. The most remarkable of them was John Draper, who devised the technique of breaking into regional and international phone networks for making free calls. He was later convicted and soon the word started getting its present day meaning — unauthorized access of computers and computer networks.

When did hackers start building communities or groups?

The early '70s witnessed hardwiring of neighbourhood computers and a community memory was created, which was nothing but an electronic bulletin board where the users can teletype their messages and retrieve the messages meant for them.

By the early '80s, the system was improved resulting in the evolution of a more efficient electronic bulletin board system (BBS). Users could now use usernames to hide their identities and the BBS became a place to boast of hacking accomplishments as well as trading stolen passwords and credit card numbers. The BBS witnessed the formation of the first hacking groups and groups like Legion of Doom and Chaos Computer Club were formed in the US and Germany respectively.

The 1983 film 'War Games' is considered the first mainstream film which introduced the general public to the world of computer hacking. In the same year, six teenagers, known as the 414s, were arrested for breaking into dozens of high profile computer systems. The event got widespread publicity and the image of hackers as being young and intelligent got established in society.

When did hacking start gaining notoriety?

Although it started in the early '70s, the first case to get international publicity was the cyber espionage of 1989 when four German hackers led by Karl Koch hacked US military computers and sold the information to the KGB. Koch, who confessed to his role in the hacking, was later found burnt to death in a forest.

By now the hacking community had got divided into two groups — black hats or crackers who worked to exploit computer systems, and white hats or hackers who were hired by companies to do ethical hacking for improving network security. The crackers included Jonathan James, who cracked into Nasa computers, stealing software worth approximately $1.7 million, or people like Adrian Lamo, who used to break into the websites of big corporations like Yahoo, Bank of America and Citigroup to find the network hole which he would later inform the company about.

Lamo was arrested after hacking the systems of the New York Times and his excuse that he was doing penetration testing did not work. Similarly, in 1993, Kevin Poulsen managed to hack into the system of a radio station in Los Angeles. Along with his friends, he rigged the station's phone system so that only their calls were received. This helped them win two Porsches, vacation trips and cash worth $20,000.

6 Jebakan yang Dipakai Hacker untuk Mencuri Password Facebook

Salah satu kemudahan yang ditawarkan Facebook adalah bisa diakses di mana pun Anda berada. Dengan semua konektivitas ini, ada tanggung jawab penting yang harus dijaga yaitu keamanan account pribadi.
Untuk mencegah terjadinya pembajakan akun Facebook, Anda baiknya Anda tahu trik-trik yang dipakai hacker dalam mencuri akun. Berikut ini adalah trik yang biasanya dipakai hacker untuk membajak akun/ mendapatkan password Facebook seseorang.

1. Aplikasi Facebook dan Iklan
Berhati-hatilah saat sudah login ke Facebook. Jangan sembarangan meng-klik iklan atau aplikasi yang Anda sendiri tidak familiar. Banyak pengguna Facebook terkena virus dari iklan di Facebook atau terjebak memberikan data pribadi mereka tanpa sengaja ketika menggunakan aplikasi tertentu.

2. Halaman Phishing Login Facebook
Hacker umumnya selalu mengeksploitasi topik-topik populer. Spammer menggunakan berbagai macam cara dan metode agar Anda terjebak dan memberikan account Anda. Facebook sendiri belakangan ini banyak dijadikan target serangan spam lewat teknik phishing. Ketika kita mengklik link yang terdapat pada Facebook, kita akan digiring ke sebuah halaman yang seolah-olah halaman login Facebook, padahal halaman tersebut adalah halaman yang dirancang spammer untuk mencuri password Facebook.
Salah satu cara untuk menghindari seperti jebakan ini adalah dengan tidak sembarangan meng-klik URL pada email. Lebih baik mengetikkan URL situs yang ingin dikunjungi langsung pada browser. Sebenarnya sangat mudah untuk mengenali URL palsu. Jika URL yang tertulis bukan Facebook.com, maka URL tersebut adalah palsu.

Encryption

 
John Edwards
For many people, the word "encryption" invokes images of spies, clandestine operations and World War II code breakers feverishly working to decipher enemy messages. Actually, encryption is a priceless security tool that any business can easily use to keep sensitive information confidential and safe from prying eyes.

Unfortunately, many businesses fail to take advantage of encryption technology, fearing that it's too complex and difficult to use on a routine basis. In reality, encrypting vital data isn't much more difficult than running a virus scanner or a data-backup program. Here's how to get started.

The Basics

There are two basic ways to encrypt data. One approach is to use asymmetric PKI (public-key infrastructure) encryption. PKI cryptography is based on a pair of cryptographic keys: One is private and known only to the user, while the other is public and known to the opposite party in any exchange.

PKI technology provides privacy and confidentiality, access control, proof of document transmission, and document archiving and retrieval support. While most security vendors currently incorporate some type of PKI technology into their software, differences in design and implementation prevent interoperability between products.

The other method of encrypting data is symmetric key protection, also known as "secret-key" encryption. Generally speedier yet less secure than PKI, symmetric encryption uses the same key to both encrypt and decrypt messages. Symmetric technology works best when key distribution is restricted to a limited number of trusted individuals. Since symmetric encryption can be fairly easy to break, it's primarily used for safeguarding relatively unimportant information or material that only has to be protected for a short period of time.

Applying Encryption

The easiest way to use encryption is to purchase a business application or a hardware product that incorporates some form of encryption technology. Microsoft's Outlook Express email client, for example, provides built-in encryption support. Meanwhile, vendors such as Seagate Technology LLC and Hitachi Ltd. have started incorporating encryption technology into their hard drives.

Since most software applications and hardware products don't include any type of internal encryption technology, business owners and managers need to look for stand-alone encryption products. This can be a confusing process, one that's best approached by first determining the business's precise security requirements, then finding an encryption product that fits each need.

Microsoft Vista Enterprise and Ultimate users can take advantage of BitLocker Drive Encryption, a full disk tool that offers powerful 1024-bit encryption. Another Windows offering is EFS (Encrypting File System), which uses symmetrical PKI technology to provide file encryption.

Beyond Microsoft, leading encryption vendors and products include PGP, open-source TrueCrypt, DESlock+, Namo FileLock and T3 Basic Security.

What to Encypt

So how do you know what to encrypt? Here are some places to start:

Minggu, 11 Juli 2010

Firewall LAB on Juniper

--> Proteksi router: DOS, warm
--> Limitasi akses: illegal access



Task:
1. deploy suatu rule dimana PC1 hanya bisa melakukan telnet ke R2 saja


tambahkan route R2 untuk advertise route dari PC1
set routing-options static route 10.10.10.0/24 next-hop 172.10.160.1

Pastikan PC1 bisa ping dan telnet R1 dan R2
Ping 192.168.1.1 rapid count 100
Ping 192.168.1.2 rapid count 100
telnet 192.168.1.1
telnet 192.168.1.2

Pastikan PC1 hanya bisa telnet R2
R1
set firewall filter no-telnet term 1 from source-address 10.10.10.2/32
set firewall filter no-telnet term 1 from destination-address 192.168.1.1/32
set firewall filter no-telnet term 1 from port telnet
set firewall filter no-telnet term 1 then reject
set firewall filter no-telnet term 2 then accept

Apply policy no-telnet pada interface face to PC1

set interfaces em3 unit 0 family inet filter input no-telnet