PERBANDINGAN SISTEM AUTENTIKASI WPA2 EAP-PSK PADA JARINGAN WIRELESS DENGAN METODE PENETRATION TESTING MENGGUNAKAN FLUXION TOOLS

aringan Nirkabel merupakan sekumpulan perangkat elektronik yang menghubungkan satu dengan yang lain memanfaatkan perangkat udara alias frekuensi jadi alur lintas data. Masa sekarang ini, ada banyak pengguna yang memanfaatkan WPA2-PSK ataupun WPA2-EAP menjadi security system jaringan nirkabel yang bertujuan untuk menghindari orang yang mengakses tanpa izin. Riset ini memakai teknik wireless penetration testing yang memakai fluxion tools dengan membandingkan dan menganalisis security system otentikasi WPA2 dengan EAP-PSK pada jaringan nirkabel yang bertujuan untuk mengetahui kerentanan sebuah sistem keamanan jaringan tersebut. Untuk melaksanakan penetration testing penulis mengacu terhadap “Wireless Network Penetration Testing Methodology.” Yang terdiri dari intelligence gathering, vulnerability analysis, threat modelling, password cracking, dan reporting. Dari penelitian ini akan menyimpulkan WPA2-PSK kurang aman untuk digunakan dikarenakan terlihat pada penetration testing tesrsebut WPA2-PSK berhasil dibobol dalam keadaan SSID unhide­, sedangkan WPA2-EAP berhasil dalam pembuatan Web Interface namun tidak berhasil dalam mendapatkan informasi seperti username dan passwor. Jika WPA2-PSK SSID dalam keadaan hide akan mengagalkan peretasan sehingga dari sistem keamanan kedua tersebut memiliki kelebihan dan kekurangan masing-masing tergantung kebutuhan pengguna.

Practical Modelling of Threats to ICT Systems Using the STRIDE Model

This article describes a practical approach to the issue which is currently an integral part of the development of modern advanced and complex information systems – ICT threat modelling. The article presents the practical validity and process of threat modelling and then describes one of the most popular methods of threat identification and analysis – the so-called STRIDE model.

Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach

Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.

Security Threat Modelling With Bayesian Networks and Sensitivity Analysis for IAAS Virtualization Stack

Designing security mechanisms for cloud computing infrastructures has assumed importance with the widespread adoption of public clouds. Virtualization security is a crucial component of the overall cloud infrastructure security. In this article, the authors employ the concept of Bayesian networks and attack graphs to carry out sensitivity analysis on the different components involved in virtualization security for infrastructure as a service (IaaS) cloud infrastructures. They evaluate the Bayesian attack graph (BAG) for the IaaS model to reveal the sensitive regions and thus help the administrators to secure the high risk components in the stack. They present a formal definition of the sensitivity analysis and then evaluate using the BAG model for IaaS stack. The model and analysis presented here can also be used by security analysts and designers to make a selection of the security solutions based on the risk profile of vulnerable nodes and the corresponding cost involved in adding a defense against the identified vulnerabilities.