Abstract
De-Militarized Zone (DMZ) is a "sacrificial lamb" for hackers applied to protect internal system relating to hack attack (hack attack). DMZ works for all service base of network requiring access to network "external world" to part of network the other. That way, all " open port" is relating to external world will stay at network, so that if a hacker did attack and does crack at server using system DMZ, the hacker will only can access its(the host is only, not at internal network. In General DMZ is built based on three fruit of concept, that is: NAT (Network Address Translation), PAT (Port Addressable Translation), and Access List. NAT functions to show again coming packages "real address" to internal address. For example: if wes own "real address" 203.8.90.100, we can form a direct NAT automatically at data coming to 192.168.100.1 (an internal network address). Then PAT functions menunjukan data to coming at particular port, or range a port and protocol (TCP/UDP or other) and address IP to a particular port or range a port to an internal address of IP. While access list functions to control in precise what is coming and going out from network in a question. For example: we can refuse or enables all ICMP is coming to all address IP except for an undesirable ICMP.
Keywords: NAT, real address, PAT, Access List, Port, Protocol, DMZ, ICMP
Pendahuluan
Pada umumnya berbagai perusahaan menggunakan Internet untuk hosting web server, komunikasi e-mail dan memberikan akses web kepada karyawannya. Pemisahan jaringan Internet dan IntraNet umumnya dilakukan dengan menggunakan teknik/software Firewall dan Proxy server. Melihat kondisi penggunaannya, kelemahan sistem umumnya dapat di tembus misalnya dengan menembus mailserver external yang digunakan untuk memudahkan akses ke mail keluar dari perusahaan. Selain itu, dengan menggunakan agressive-SNMP scanner dan program yang memaksa SNMP community string dapat mengubah sebuah router menjadi bridge (jembatan) yang kemudian dapat digunakan untuk batu loncatan untuk masuk ke dalam jaringan internal perusahaan (IntraNet).
Peneliti: ADDY SUYATNO
Untuk lebih lengkapnya silahkan download di link berikut:
Post a Comment
Post a Comment