Data Center is our focus

We help to build, access and manage your datacenter and server rooms

Structure Cabling

We help structure your cabling, Fiber Optic, UTP, STP and Electrical.

Get ready to the #Cloud

Start your Hyper Converged Infrastructure.

Monitor your infrastructures

Monitor your hardware, software, network (ITOM), maintain your ITSM service .

Our Great People

Great team to support happy customers.

Saturday, July 25, 2015

Analisa Paket untuk lindungi jaringan Anda

Analyse Packet Capture to Protect Your Network

network security
For a network administrator or someone in a production environment who gets paranoid about whether anybody is snooping on the network, tools such as tcpdump act as a reassurance, as they help to counter such threats. This article discusses the processing and analysis of packets that have been captured by tcpdump or Wireshark.
When it comes to network security, the first thing that people should be taking care of is their own network. This can be achieved by analysing your data and making sure that no one is intruding on your network. The name ‘PCAP’ comes from the two words, ‘packet capture’.  The type of file is the Ethernet packet sniffer, which means that this file format is used by the tools that analyse the network traffic. In this article, I will start with the basics so that even a newbie can easily analyse the data, using the tools mentioned.
The basics
Anyone who is new to network security needs to have a good grasp of the various types of networks. The basic types are TCP (Transmission Control Protocol) and IP (Internet Protocol). We do have many versions of IP and the address varies with the type. This understanding is necessary because, with the help of the IP address, we can determine the location of someone who is mounting an attack. I would suggest you visit some of the links below, which will be helpful to get an understanding of the basics of networking.
http://en.wikipedia.org/wiki/Network_security 
http://cse.hcmut.edu.vn/~minhnguyen/NET/Computer%20Networks%20-%20A%20Tanenbaum%20-%205th%20edition.pdf 
http://www.cert.org/historical/tech_tips/home_networks.cfm
The best way to get a strong foundation on the subject would be to Google for information, instead of just reading many books. It is better to concentrate on a single book and try out various tools to get a good command over them.
Tools
Many tools are available for the analysis of packets, the most basic and most powerful one being tcpdump. It can be installed or updated by using the following command:
sudo apt-get install tcpdump
Many open source tools are available to us but none match tcpdump. It is the best tool to capture and filter packets using a basic C code – something that I will discuss briefly, subsequently.
For Windows, there are many tools such as Wireshark and WinPcap. The links are given below.
http://www.winpcap.org/install/default.htm 
http://wiki.wireshark.org/Tools
You can get a list of all the tools in open source from here.
http://www2.opensourceforensics.org/tools/network
Everything can be done in the terminal with the help of tcpdump. The remaining tools give us easy access, some benefits and some ready-made features.
1
Figure 1 : Installing tcpdump
Capturing one’s own data
It’s very easy to capture your data in Linux by using the terminal (Ctrl+Alt+T) and typing the following command:
sudo tcpdump -w capture.pcap
This command invokes the tool tcpdump and writes the data into the file name ‘capture.pcap’ (remember .pcap is the extension for the packets captured). This goes on until you give it a keyboard interrupt (Ctrl+C) or temporarily stop the job with Ctrl+Z. Packet capture can be resumed by giving the command fg which is the same as the normal command.
Packet capture can also be done by using online tools such as Wireshark.
Have a look at the man page of tcpdump before going ahead with the article.
man tcpdump
Analysis
I assume that you have a good knowledge of commands (such as ‘|’ and ‘*’) used in the terminal, for this section. If not, here are some links to tutorials that will teach you the basics.
http://linuxcommand.org/lc3_learning_the_shell.php 
http://ss64.com/bash/ 
http://www.pas.rochester.edu/~pavone/particle-www/telescopes/ComputerCommands.htm
The best way to learn about them is to refer the man page when you have a doubt about a particular command.
Count of packets
To determine the count of packets in the file, we use the following command:
tcpdump -nn -r capture.pcap | wc -l
Since the file usually contains a large amount of data, instead of using the ‘cat’ command, it is better to pipe the file to ‘head’ so that we can get a clear view of it. This can be achieved by using the following command:
tcpdump -nn -r capture.pcap | head
The fields of the PCAP file would be in the following order:
1. Time
2. Network protocol
3. Source IP
4. Source Port
5. Destination IP
6. Destination Port
To concentrate on one of the above fields, remove some of them by using commands for piping and filtering. For example, the following command is used to get only the source IP address and its Port:
tcpdump -nn  -r capture.pcap | cut -f 3 -d “ “ | head
To filter the file to get TCP/IP and exclude the Layer 2 traffic, add the option ‘tcp’ or ‘udp’ at the end of the command:
tcpdump -nn  -r capture.pcap ‘tcp’ or ‘udp’ | cut -f 3 -d “ “ | head
To get only the IP address without the Port, just cut the other columns starting from “.”
tcpdump -nn -r capture.pcap ‘tcp’ or ‘udp’ | cut -f 3 -d “ “ | cut -f 1-4 -d “.” | head
2
Figure 2 : Using tcpdump to capture data
The ‘uniq’ command
The ‘uniq’ command can be used to remove repeated lines in the PCAP file, because we are not interested in the same source and destination twice. This command saves you a lot of time and avoids repetition:
tcpdump -nn -r capture.pcap ‘tcp or udp’  | cut -f 5 -d “ ” | cut - f 1-4 -d “.” | sort | uniq | head
The code below gives the top 10 destination IP addresses. ‘-nr’ gives the IP address in descending order:
tcpdump -nn -r capture.pcap ‘tcp or udp’  | cut -f 5 -d “ ” | cut - f 1-4 -d “.” | sort -c  | uniq -nr | head
3
Figure 3 : Count of packets
You can try every option available and get your work done easily.
Web tools
If you have a PCAP file you want to analyse but don’t have the tools or the sudo password to do so, try online tools such as Wireshark. I am using the small example file which was used for the challenge in picoCTF, where we need to find the destination of the ship from the conversation between the robot and the spaceship. This is a very easy challenge and can be addressed by having a clear look at the conversation (https://www.cloudshark.org/captures/bc1c0a7fae2c).
The alternatives for the cloud shark are given in the following urls.
http://www.wireshark.org/ 
http://canyouseeme.org/ 
http://www.lovemytool.com/ 
http://www.yougetsignal.com/ 
http://sectools.org/
You can try any of the tools from the above links. Some of them provide tools from the browser itself.

IT Master Plan, Apa dan Bagaimana Regulasinya Di Indonesia



Saat ini, penggunaan teknologi informasi (TI) di perusahaan semakin meningkat. Tidak hanya untuk proses operasional sehari-hari, tetapi juga dalam proses pengambilan keputusan. Bahkan, di beberapa sektor industri seperti perbankan dan keuangan ketergantungan pada IT sangat besar.

Untuk dapat melaksanakan pengelolaan informasi yang baik dalam suatu perusahaan diperlukan suatu sistem pengelolaan sistem informasi berbasis teknologi informasi. Pengembangan sistem informasi berbasis teknologi informasi memerlukan analisis yang menyeluruh dalam melihat permasalahan yang berkaitan dengan semua proses pengembangan sistem baik itu dari persiapan, pengembangan, implementasi dan sosialisasi serta berkaitan dengan sumberdaya yang harus dipersiapkan.

Namun demikian, perusahaan tidak bisa secara gegabah mengeluarkan investasi untuk implementasi TI.  Mereka perlu memperhitungkan cost dan benefit yang dihasilkannya. Itulah sebabnya, perusahaan membutuhkan semacam blue print — yang sering disebut IT Master Plan atau IT strategic plan — sebagai dasar perusahaan dalam mengimplementasi IT.

IT Master Plan intinya berisi rencana strategis perusahaan dalam mengimplementasi dan membangun sistem informasi. Di dalamnya memuat pedoman kebutuhan sistem informasi seperti apa yang diperlukan perusahaan.

Yang penting dicatat, IT Master Plan merupakan turunan dari business plan perusahaan. Alasannya, IT diimplementasikan  sebagai tool untuk membantu perusahaan mencapai visi dan misinya. Maka, tanpa ada visi dan misi yang jelas dari perusahaan, IT Master Plan juga tidak bisa dibangun.

Dalam penyusunan IT Master Plan terdapat tiga strategi utama, yaitu People, Process, and Technology Strategy  melakukan transformasi menuju pencapaian visi dan misi perusahaan. Penjelasan dari ketiga strategi tersebut adalah:

  1. People Strategy, ditujukan untuk mengembangkan dan mengelola sumber daya manusia yang lebih efisien.
  2. Process Strategy, merancang/menata/mengusulkan alur data baik manajemen maupun operasional data dalam organisasi perusahaan
  3. Technology Strategy, didasarkan pada prinsip pemanfaatan dan penerapan teknologi untuk mendukung pencapaian tujuan perusahaan.
Regulasi di Indonesia yang membahas perihal penyusunan IT Master Plan ditegaskan dalam Peraturan Menteri BUMN tentang panduan penyusunan pengelolaan teknologi informasi BUMN, yang terdapat pada Peraturan Menteri BUMN dengan No. PER-02/MBU/2013 Pasal 3 tentang IT Master Plan.

  • Dalam rangka penempatan dan pengembangan TI, setiap BUMN menyusun IT Master Plan paling lambat 2 tahun setelah Peraturan ini ditetapkan.
  • IT Master Plan sebagaimana dimaksud pada ayat (1), disusun dan ditetapkan oleh Direksi dengan mengacu pada Lampiran II Peraturan Menteri ini.
  • IT Master Plan disusun untuk periode 3 (tiga) sampai dengan 5 (lima) tahun dan diselaraskan dengan Rencana Jangka Panjang Perusahaan (RJPP) dan mendukung strategi dan tujuan perusahaan.
  • Master plan dan teknologi informasi diimplementasikan dalam rencana tahunan yang menjadi bagian dari Rencana Kerja dan Anggaran Perusahaan.
  • Direksi wajib melakukan monitoring dan evaluasi pelaksanaan IT Master Plan secara berkala dan setiap tahun untuk mengetahui keberhasilan pencapaian pelaksanaan, hasil, dan tujuan IT Master Plan.
  • Hasil monitoring dan evaluasi berkala menjadi bagian dari Laporan Manajemen BUMN yang disampaikan kepada RUPS/Menteri setiap triwulan dan hasil evaluasi tahunan.
  • Direksi dapat melakukan pengkajian ulang dan melakukan perubaha IT Master Plan yang telah ditetapkan apabila diperlukan untuk mengantisipasi perubahan bisnis dan perkembangan teknologi informasi.