1 SISTEM PENCEGAHAN SERANGAN HEARTBLEED PADA SITU FAKULTAS TEKNIK UNIVERSITAS PASUNDAN TUGAS AKHIR Disusun sebagai salah satu syarat untuk kelulusan P...
SISTEM PENCEGAHAN SERANGAN HEARTBLEED PADA SITU FAKULTAS TEKNIK UNIVERSITAS PASUNDAN TUGAS AKHIR
Disusun sebagai salah satu syarat untuk kelulusan Program Strata 1, Program Studi Teknik Informatika, Universitas Pasundan Bandung
oleh : Alvin Dwi Pratama Nrp. 10.304.0089
PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS TEKNIK UNIVERSITAS PASUNDAN BANDUNG MEI 2015
ii
iii
DAFTAR ISI ABSTRAK ................................................................................................ Error! Bookmark not defined. ABSTRACT .............................................................................................. Error! Bookmark not defined. KATA PENGANTAR ........................................................................................................................... ii DAFTAR ISI ......................................................................................................................................... iv DAFTAR ISTILAH ............................................................................................................................. vi DAFTAR TABEL................................................................................................................................ vii DAFTAR GAMBAR .......................................................................................................................... viii DAFTAR LAMPIRAN ......................................................................................................................... x DAFTAR SIMBOL .............................................................................................................................. xi BAB 1 PENDAHULUAN......................................................................... Error! Bookmark not defined. 1.1 Latar Belakang Tugas Akhir ........................................................ Error! Bookmark not defined. 1.2 Identifikasi Masalah ..................................................................... Error! Bookmark not defined. 1.3 Batasan Masalah........................................................................... Error! Bookmark not defined. 1.4 Tujuan Tugas Akhir ..................................................................... Error! Bookmark not defined. 1.5 Lingkup Tugas Akhir ................................................................... Error! Bookmark not defined. 1.6 Metodologi Tugas Akhir .............................................................. Error! Bookmark not defined. 1.7 Sistematika Penulisan Tugas Akhir.............................................. Error! Bookmark not defined. BAB 2 LANDASAN TEORI................................................ ERROR! BOOKMARK NOT DEFINED. 2.1 Keamanan Informasi .................................................................... Error! Bookmark not defined. 2.2 SSL (Secure Socket Layer) .......................................................... Error! Bookmark not defined. 2.3 OSI Layer ..................................................................................... Error! Bookmark not defined. 2.4 Heartbeat ...................................................................................... Error! Bookmark not defined. 2.5 OpenSSL ...................................................................................... Error! Bookmark not defined. 2.6 Heartbleed .................................................................................... Error! Bookmark not defined. 2.7 Anatomy Of Hack ........................................................................ Error! Bookmark not defined. 2.8 Linux Backtrack ........................................................................... Error! Bookmark not defined. BAB 3 ANALISIS DAN PENGUJIAN ............................... ERROR! BOOKMARK NOT DEFINED. 3.1 Kerangka Tugas Akhir ................................................................. Error! Bookmark not defined. 3.2 Skema Tugas Akhir ...................................................................... Error! Bookmark not defined. 3.3 Profil SITU Unpas........................................................................ Error! Bookmark not defined. 3.4 Analisis Kebutuhan Hardware ..................................................... Error! Bookmark not defined. 3.5 Analisis Kebutuhan Software ....................................................... Error! Bookmark not defined. 3.6 Skenario Pengujian....................................................................... Error! Bookmark not defined. 3.7 Tahap Pengujian Sebelum Implementasi ..................................... Error! Bookmark not defined. 3.7.1 Reconnassiance ..................................................................... Error! Bookmark not defined. iv
v 3.7.2 Scanning ................................................................................Error! Bookmark not defined. 3.7.3 Gaining Access ......................................................................Error! Bookmark not defined. 3.7.3.1 Pengujian Menggunakan Metode Metasploit ................Error! Bookmark not defined. 3.7.3.2 Pengujian Menggunakan Metode Custom Script ...........Error! Bookmark not defined. 3.7.4 Maintaining Access ...............................................................Error! Bookmark not defined. BAB 4 IMPLEMENTASI DAN PENGUJIAN .................. ERROR! BOOKMARK NOT DEFINED. 4.1 Instalasi OpenSSL ........................................................................Error! Bookmark not defined. 4.2 Pengujian Setelah Implementasi ...................................................Error! Bookmark not defined. 4.2.1 Pengujian Menggunakan Metode Metasploit ........................Error! Bookmark not defined. 4.2.2 Pengujian Menggunakan Metode Custom Script ..................Error! Bookmark not defined. BAB 5 KESIMPULAN DAN SARAN ................................ ERROR! BOOKMARK NOT DEFINED. 5.1 Kesimpulan ...................................................................................Error! Bookmark not defined. 5.2 Saran .............................................................................................Error! Bookmark not defined. DAFTAR PUSTAKA ...............................................................................Error! Bookmark not defined. LAMPIRAN ......................................................................................... A-Error! Bookmark not defined.
DAFTAR ISTILAH No 1 2 3 4
Istilah SSL (Secure Socket Layer) OpenSSL Heartbeat Heartbleed
Keterangan Merupakan protocol keamanan enkripsi data pada web server Merupakan sebuah toolkit kriptografi yang bersifat OpenSource Merupakan fitur ekstensi TLS pada SSL (Secure Socket Layer) Merupakan sebuah bugs pada fitur ekstensi Heartbeat sekaligus jenis serangan hacking
vi
DAFTAR TABEL Tabel 2-1 Tabel OSI Layer..................................................................... Error! Bookmark not defined. Tabel 3-1 Tabel Keterangan Skema Tugas Akhir .................................. Error! Bookmark not defined.
vii
DAFTAR GAMBAR
Gambar 1.1 Metodologi Tugas Akhir .................................................... Error! Bookmark not defined. Gambar 2.1 Konsep Keamanan Informasi ............................................. Error! Bookmark not defined. Gambar 2.2 OSI Layer ........................................................................... Error! Bookmark not defined. Gambar 2.3 Ilustrasi cara kerja Heartbeat .............................................. Error! Bookmark not defined. Gambar 2.4 Ilustrasi cara kerja Heartbleed ............................................ Error! Bookmark not defined. Gambar 3.1 Kerangka Tugas Akhir ....................................................... Error! Bookmark not defined. Gambar 3.2 Skema Tugas Akhir ............................................................ Error! Bookmark not defined. Gambar 3.3 Skenario Pengujian ............................................................. Error! Bookmark not defined. Gambar 3.4 Scanning IP......................................................................... Error! Bookmark not defined. Gambar 3.5 Scanning Zenmap ............................................................... Error! Bookmark not defined. Gambar 3.6 Scanning Port ..................................................................... Error! Bookmark not defined. Gambar 3.7 Host details ......................................................................... Error! Bookmark not defined. Gambar 3.8 Scanning SSL ..................................................................... Error! Bookmark not defined. Gambar 3.9 Starting Metasploit ............................................................. Error! Bookmark not defined. Gambar 3.10 Exploit Module Searching ................................................ Error! Bookmark not defined. Gambar 3.11 Add Module Exploit ......................................................... Error! Bookmark not defined. Gambar 3.12 Module Parameter Searching ........................................... Error! Bookmark not defined. Gambar 3.13 Use Parameter................................................................... Error! Bookmark not defined. Gambar 3.14 Run Exploit....................................................................... Error! Bookmark not defined. Gambar 3.15 Change Directory Heartbleed ........................................... Error! Bookmark not defined. Gambar 3.16 Vulnerable Testing 1 ........................................................ Error! Bookmark not defined. Gambar 3.17 Vulnerable Testing 2 ........................................................ Error! Bookmark not defined. Gambar 3.18 Listening Process Phase ................................................... Error! Bookmark not defined. Gambar 3.19 Heartbleed Execution ....................................................... Error! Bookmark not defined. Gambar 3.20 Result Execution............................................................... Error! Bookmark not defined. Gambar 3.21 Result Execution Output Changing 1 ............................... Error! Bookmark not defined. Gambar 3.22 Result Execution Output Changing 2 ............................... Error! Bookmark not defined. Gambar 3.23 Logging Phase .................................................................. Error! Bookmark not defined. Gambar 3.24 Maintaining Access .......................................................... Error! Bookmark not defined. Gambar 4.1 Install Mod SSL.................................................................. Error! Bookmark not defined. Gambar 4.2 Create New Directory......................................................... Error! Bookmark not defined. Gambar 4.3 Create Self-Signed Certificate 1 ......................................... Error! Bookmark not defined. Gambar 4.4 Create Self-Signed Certificate 2 ......................................... Error! Bookmark not defined. Gambar 4.5 Set up Certificate 1 ............................................................. Error! Bookmark not defined. Gambar 4.6 Set up Certificate 2 ............................................................. Error! Bookmark not defined. viii
ix Gambar 4.7 SSL Engine on ....................................................................Error! Bookmark not defined. Gambar 4.8 SSL Certificate Key File .....................................................Error! Bookmark not defined. Gambar 4.9 SSL Certificate File ............................................................Error! Bookmark not defined. Gambar 4.10 Integrating Module 1 ........................................................Error! Bookmark not defined. Gambar 4.11 Integrating Module 2 ........................................................Error! Bookmark not defined. Gambar 4.12 Redirect HTTP to HTTPS ................................................Error! Bookmark not defined. Gambar 4.13 Starting Metasploit............................................................Error! Bookmark not defined. Gambar 4.14 Exploit Module Searching ................................................Error! Bookmark not defined. Gambar 4.15 Add Module Exploit .........................................................Error! Bookmark not defined. Gambar 4.16 Module Parameter Searching ............................................Error! Bookmark not defined. Gambar 4.17 Use Parameter ...................................................................Error! Bookmark not defined. Gambar 4.18 Run Exploit .......................................................................Error! Bookmark not defined. Gambar 4.19 Change Directory Heartbleed ...........................................Error! Bookmark not defined. Gambar 4.20 Vulnerable Testing 1.........................................................Error! Bookmark not defined. Gambar 4.21 Vulnerable Testing 2.........................................................Error! Bookmark not defined. Gambar 4.22 Listening Process Phase ....................................................Error! Bookmark not defined. Gambar 4.23 Hearbleed Execution.........................................................Error! Bookmark not defined. Gambar 4.24 Result Execution ...............................................................Error! Bookmark not defined. Gambar 4.25 Result Execution Output Changing 1 ...............................Error! Bookmark not defined. Gambar 4.26 Result Execution Output Changing 2 ...............................Error! Bookmark not defined. Gambar 4.27 Logging Phase ..................................................................Error! Bookmark not defined.
DAFTAR LAMPIRAN Lampiran A Surat Ijin Duplikasi Web Server SITU UNPAS ............ A-Error! Bookmark not defined.
x
DAFTAR SIMBOL Berikut ini merupakan simbol-simbol yang digunakan dalam laporan tugas akhir ini, simbol-simbol tersebut diuraikan pada tabel dibawah ini. No 1
Gambar
Nama Gambar Process
Keterangan Simbol yang digunakan untuk menunjukan aktivitas pengolahan informasi atau menyatakan suatu posisi.
2
Sub Process
Simbol yang digunakan untuk menunjukan atribut atribut yang berkontribusi untuk mencapai tujuan dari proses