ANALISIS SECURITY ASSESSMENT MENGGUNAKAN METODE PENETRATION TESTING DALAM MENJAGA KAPABILITAS KEAMANAN TEKNOLOGI INFORMASI PERTAHANAN NEGARA
DOI:
https://doi.org/10.33172/tp.v2i1.574Abstract
Kemajuan teknologi informasi dan sistem pertahanan siber saat ini berkembang begitu pesat dengan kemajuan teknologi pada bidang siber khususnya pada webserver dan database dapat menjadi suatu ancaman dalam dalam pencurian data dan informasi sehingga perlu adanya penilaian keamanan untuk menanggulangi terjadinya pencurian data. Diperlukan langkah-langkah Security Assessment yang meliputi tahapan Vulnerability Assessment dan Penetration Testing fokus pada proses yang digunakan dalam merancang, meningkatkan, dan mengelola keamanan webserver dalam menekankan pada identifikasi area yang rentan terhadap serangan hacker. Dengan mengidentifikasi celah keamanan siber dalam Analisis Security Assessment bertujuan untuk memahami resiko keamanan sistem dari serangan siber melalui tahap penetration testing, selanjutnya mengkaji keamanan server dengan tujuan untuk meningkatkan keamanan sistem komputer dari pencurian data ilegal dengan pelanggaran keamanan pada jaringan komputer dan pengujian dalam peningkatan keamanan sistem pertahanan firewall, router dan server, selanjutnya untuk melakukan tahapan Security Assessment menggunakan beberapa metode seperti Scanning Vulnerability standar Open Web Application Security Project, Common Vulnerability Scoring System yang digunakan untuk mengidentifikasi keamanan untuk melakukan penilaian kelayakan pada suatu sistem, dan tahapan terakhir yaitu dengan melakukan Lawful Penetration Testing yang sudah memiliki izin pada penelitian untuk melihat data akses login dan akses database yang bisa masuk melalu celah-celah webserver sebagai akhir dari langkah uji coba untuk melihat celah dalam basis data.
Kata Kunci: Security Assessment, Penetration Testing, CVSS, OWASP, Webserver
References
Buku
Departemen Pertahanan Republik Indonesia. (2015). Buku Putih Pertahanan Indonesia 2015. Jakarta: Departemen Pertahanan Republik Indonesia
Critical Ethical Hacking, (2012), Penetration Testing
Fatahna, An’im M (2011) CentOS Indonesia Community, Surabaya
Jurnal
Nishant Shrestha (2012) Security Assessment A Network and System Administrator's Approach, Universitas Oslensis
Yunanri W, et all. (2016). Analisis Keamanan Web Server menggunakan metode Penetration testing, UAD Yogyakarta, ISBN: 979-587-626-0
Libicki, C Martin et all. (2016). A Framework for Programming and Budgeting for CyberSecurity. Rand Corporation
National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cyber Security. U.S Departement of Commerce
Disterer, Georg. (2013). ISO / IEC 27000, 27001, and 27002 for Information Security Management, University of Applied Sciences, Journal of Information Security, 2013, 4, 92-100.
Gultom, Rudy AG. (2018). Enhancing Computer Network Security Environment by Implementing The Six-Ware Network Security Framework (SWNSF), Indonesia Defense University, Conference Paper 2018. DOI: 10.5121/csit.2018.81714
Ankita Gupta et all. (2013). Vulnerability assessment and Penetration testing, University of Technology India. International Journal of Engineering Trends and Technology- Volume4Issue3- 2013
Klima, Tomas. (2016). Methodology of Information Systems Security Penetration testing, Acta Informatica Pragensia
Peraturan
Peraturan Menteri Pertahanan Republik Indonesia No 82 Tahun 2014 Tentang Pedoman Pertahanan Siber
Website
OWASP Zed Attack Proxy Project (2019) https://wwwowasp.org/ index.php/ OWASP_Zed_Attack_Proxy_Project diakses tanggal 31 Juli 2019
CNN Indonesia (2018) https:// www.cnnindonesia.com/teknologi/2018 1107155049-185-344721/kemenhan-terima-80-ribu-serangan-hacker-tiap-hari diakses tanggal 07 Juni 2018
Veracode, "SQL Injection: Vulnerabilities & How to Prevent SQL Injection Attacks," https:// www. veracode. com/security/sqlinjection
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access. Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access. Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
