Otomasi Instalasi Sistem Operasi Lewat Jaringan

Banyak diantara kita yang masih melakukan penginstalan sistem operasi secara manual, baik lewat CD, Floppy, harddisk, dll. Teknisi harus mendatangi secara fisik ke lokasi komputernya dan menginstalnya disana. Cara ini dikenal sebagai ‘Sneaker-Net’.

Kalau kita hanya mengelola komputer kurang dari 5 cara ‘Sneaker-Net’ masih bisa dilakukan. Bila jumlah komputernya cukup banyak, misalnya di pusat data (data center), perkantoran, perguruan tinggi, dll maka akan membutuhkan banyak sekali waktu dan tenaga hanya untuk menginstal sistem operasinya dan karena penginstalannya dilakukan secara manual, teknisi harus mengetik data-data yang diminta pada waktu menginstal. Dengan cara pemasukan data secara manual ini, bila teknisi diharuskan menginstal 10 komputer atau lebih (berulang-ulang 10 kali), maka akan cenderung untuk melakukan kesalahan.

Otomasi instalasi sistem operasi lewat jaringan akan sangat menghemat waktu dan mengurangi tingkat kesalahan. Data-data yang harus dimasukkan pada waktu menginstal sudah dipersiapkan sebelumnya dan disimpan di server. Instalasi dapat dilakukan berulang-ulang dan hasilnya akan sama (konsisten).

Dokumen ini tidak dibatasi hanya untuk satu jenis sistem operasi saja tetapi terbuka untuk mengakomodasi lebih dari satu sistem operasi. Di dokumen ini akan dibahas otomasi instalasi sistem operasi untuk: Fedora Core 4, Red Hat Enterprise Linux (RHEL) Enterprise Server (ES) 4, SUSE Linux Profesional 9.3, SUSE Linux Enterprise Server (SLES) 9 dan Solaris 10. Sistem operasi yang lain bisa ditambahkan kemudian bila diperlukan.

Biasanya kita memerlukan satu server (kickstart, autoyast, atau jumpstart) untuk menginstal satu jenis sistem operasi. Bila kita ingin mempunyai server kickstart, autoyast dan jumpstart berarti harus mempunyai 3 (tiga) server. Dalam dokumen ini server-server itu akan dikonsolidasikan menjadi satu. Jadi dari satu fisik server bisa menginstal lebih dari satu sistem operasi. Secara ekonomi akan menghemat biaya untuk pembelian perangkat keras untuk server.

Topik yang ditekankan dalam dokumen ini adalah OTOMASI dan KONSOLIDASI SERVER.

Download lengkap Disini

Proxy Server Ubuntu #1

Panduan ini akan terdiri dari beberapa bagian :

1. Setup manual proxy
2. Setup transparent proxy
3. Firewalling

Uji coba dilakukan dengan mesin P3 600, RAM 128 MB dan distro Ubuntu Server 7.04. Jika uji coba ini diterapkan secara real dengan user yang cukup besar akan lebih baik jika hardware menggunakan spek yang lebih tinggi.

Asumsi :

eth0 : 10.25.10.250
eth1 : 192.168.0.250

$ sudo vim /etc/network/interfaces
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 10.25.10.250
netmask 255.255.255.0
network 10.25.10.0
broadcast 10.25.10.255
gateway 10.25.10.3

auto eth1
iface eth1 inet static
address 192.168.0.250
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

Asumsi diatas adalah semua iface menggunakan ip lokal namun jika menggunakan ip publik langsung saja ganti iface eth0 dengan ip publik.

Bagian #1 - Manual Proxy

Instal squid, mulai dari Ubuntu 6.10 Squid 2.5 sudah digantikan dengan Squid 2.6 dan akan ada sedikit perbedaan konfigurasi khususnya pada bagian transparent proxy.

$ sudo apt-get install squid

Lakukan filter terhadap komentar yang ada di squid.conf.

$ sudo cat /etc/squid/squid.conf | sed ‘/ *#/d; /^ *$/d’ >/etc/squid/squid.conf.bak

$ sudo cat /etc/squid/squid.conf.bak > /etc/squid/squid.conf

Konfigurasi squid dengan menambahkan baris yang berhuruf tebal.

$ sudo vim /etc/squid/squid.conf
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
acl myLAN src 192.168.0.0/24
http_access allow myLAN
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname www.slc.web.id
cache_effective_group proxy
coredump_dir /var/spool/squid

Jika squid sudah di konfigurasi dengan benar, maka jika service squid di restart akan tampak seperti dibawah ini.

$ sudo /etc/init.d/squid restart
* Restarting Squid HTTP proxy squid * Creating squid spool directory structure
2004/08/28 11:04:00| Creating Swap Directories
[ OK ]

Selanjutnya set proxy di browser client ke alamat 192.168.0.250 dengan port 3128, dan lakukan browsing. Kemudian cek log squid, jika terdapat log seperti dibawah ini berarti squid sudah berjalan normal.

$ sudo tail -f /var/log/squid/access.log
1188188452.488 1390 192.168.0.230 TCP_MISS/301 562 GET http://google.com/ - DIRECT/72.14.207.99 text/html
1188188454.549 2042 192.168.0.230 TCP_MISS/302 552 GET http://www.google.com/ - DIRECT/64.233.189.104 text/html
1188188456.078 1515 192.168.0.230 TCP_MISS/200 1684 GET http://www.google.co.id/ - DIRECT/64.233.189.104 text/htm

Dari log diatas dapat dilihat bahwa client dengan ip address 192.168.0.230 sedang mengakses google.com. Sampai disini setup bagian #1 setup manual proxy selesai.

Membuat Presentasi dengan Macromedia Flash MX2004

Presentasi merupakan hal yang sangat penting bagi kita. Sebelumnya apabila kita akan melakukan presentasi maka pikiran kita akan menuju ke powerpoint yang merupakan product dari microsoft. Ada beberapa tips dan trik apabila kita ingin membuat presentasi menggunakan macromedia flash MX 2004. Silahkan download disini

The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10)

Submitted by falko (Contact Author) (Forums) on Thu, 2007-10-18 13:25. ::
4 Enable The root Account
After the reboot you can login with your previously created username (e.g. administrator). Because we must run all the steps from this tutorial as root user, we must enable the root account now.
Run
sudo passwd root
and give root a password. Afterwards we become root by running
su

5 Install The SSH Server (Optional)
If you did not install the OpenSSH server during the system installation, you can do it now:
apt-get install ssh openssh-server
From now on you can use an SSH client such as PuTTY and connect from your workstation to your Ubuntu Gutsy Gibbon server and follow the remaining steps from this tutorial.

6 Install vim-full (Optional)
I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Ubuntu and Debian; to fix this, we install vim-full:

apt-get install vim-full
(You don't have to do this if you use a different text editor such as joe or nano.)

7 Configure The Network
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
Then restart your network:
/etc/init.d/networking restart
Then edit /etc/hosts. Make it look like this:
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run
echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start
Afterwards, run
hostname
hostname -f
Both should show server1.example.com now.

8 Edit /etc/apt/sources.list And Update Your Linux Installation
Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:
vi /etc/apt/sources.list
#
# deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted

#deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://de.archive.ubuntu.com/ubuntu/ gutsy main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://de.archive.ubuntu.com/ubuntu/ gutsy universe
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy universe
deb http://de.archive.ubuntu.com/ubuntu/ gutsy-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ gutsy multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy multiverse
deb http://de.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository. This software is not part of Ubuntu, but is
## offered by Canonical and the respective vendors as a service to Ubuntu
## users.
# deb http://archive.canonical.com/ubuntu gutsy partner
# deb-src http://archive.canonical.com/ubuntu gutsy partner

deb http://security.ubuntu.com/ubuntu gutsy-security main restricted
deb-src http://security.ubuntu.com/ubuntu gutsy-security main restricted
deb http://security.ubuntu.com/ubuntu gutsy-security universe
deb-src http://security.ubuntu.com/ubuntu gutsy-security universe
deb http://security.ubuntu.com/ubuntu gutsy-security multiverse
deb-src http://security.ubuntu.com/ubuntu gutsy-security multiverse
Then run
apt-get update
to update the apt package database and
apt-get upgrade
to install the latest updates (if there are any).

9 Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
ln -sf /bin/bash /bin/sh
If you don't do this, the ISPConfig installation will fail.

0 Install Some Software
Now we install a few packages that are needed later on. Run
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
(This command must go into one line!)

11 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, run
apt-get install quota
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
# /dev/sda1
UUID=9fc157ff-975c-4f20-9fef-6a70085abdbd / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1
# /dev/sda5
UUID=48fb7dd8-f099-4d63-ac1b-30e886ac7436 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec 0 0
To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

12 DNS Server
Run
apt-get install bind9
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":
vi /etc/default/syslogd
#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start

13 MySQL
In order to install MySQL, we run
apt-get install mysql-server mysql-client libmysqlclient15-dev
You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on (as was the case with previous Ubuntu versions):
New password for the MySQL "root" user: <-- yourrootsqlpassword
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
#
[...]
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
root@server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 5286/mysqld
root@server1:~#
14 Postfix With SMTP-AUTH And TLS
In order to install Postfix with SMTP-AUTH and TLS do the following steps:
apt-get install postfix libsasl2-2 sasl2-bin libsasl2-modules libdb3-util procmail
You will be asked two questions. Answer as follows:
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
Then run
dpkg-reconfigure postfix
Again, you'll be asked some questions:
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
Root and postmaster mail recipient: <-- [blank]
Other destinations to accept mail for (blank for none): <-- server1.example.com, localhost.example.com, localhost.localdomain, localhost
Force synchronous updates on mail queue? <-- No
Local networks: <-- 127.0.0.0/8
Use procmail for local delivery? <-- Yes
Mailbox size limit: <-- 0
Local address extension character: <-- +
Internet protocols to use: <-- all

Next, do this:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
Afterwards we create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Next we configure Postfix for TLS (make sure that you use the correct hostname for myhostname):
postconf -e 'myhostname = server1.example.com'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf should now look like this:
cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Restart Postfix:
/etc/init.d/postfix restart
Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:
mkdir -p /var/spool/postfix/var/run/saslauthd
Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Set START to yes and change the line OPTIONS="-c" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r":
vi /etc/default/saslauthd
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Now start saslauthd:
/etc/init.d/saslauthd start
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH PLAIN LOGIN
everything is fine.
The output on my system looks like this:
root@server1:/etc/postfix/ssl# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@server1:/etc/postfix/ssl#
Type
quit
to return to the system's shell.

15 Courier-IMAP/Courier-POP3
Run this to install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995):
apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
You will be asked two questions:
Create directories for web-based administration ? <-- No
SSL certificate required <-- Ok
If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
*Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Server -> Settings -> EMail in the ISPConfig web interface.
16 Apache/PHP5
Now we install Apache:
apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert
Next we install PHP5:
apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
You will be asked the following question:
Continue installing libc-client without Maildir support? <-- Yes
Next we edit /etc/apache2/mods-available/dir.conf:
vi /etc/apache2/mods-available/dir.conf
and change the DirectoryIndex line:


#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml


Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
Reload the Apache configuration:
/etc/init.d/apache2 force-reload

16.1 Disable PHP Globally
(If you do not plan to install ISPConfig on this server, please skip this section!)
In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.
To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:
vi /etc/mime.types
[...]
#application/x-httpd-php phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4
[...]
Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:
vi /etc/apache2/mods-enabled/php5.conf

#AddType application/x-httpd-php .php .phtml .php3
#AddType application/x-httpd-php-source .phps

Then restart Apache:
/etc/init.d/apache2 restart

17 Proftpd
In order to install Proftpd, run
apt-get install proftpd ucf
You will be asked a question:
Run proftpd from inetd or standalone? <-- standalone
Then open /etc/proftpd/proftpd.conf and change UseIPv6 from on to off; otherwise you'll get a warning like this when you start Proftpd:
If you get a message like this:
- IPv6 getaddrinfo 'server1.example.com' error: Name or service not known
you can either modify /etc/hosts and add server1.example.com to the ::1 line:
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback server1.example.com
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
... or you can open /etc/proftpd/proftpd.conf and change UseIPv6 from on to off
vi /etc/proftpd/proftpd.conf
[...]
UseIPv6 off
[...]
For security reasons you can also add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):
vi /etc/proftpd/proftpd.conf
[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]
ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig):
ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf
Then restart Proftpd:
/etc/init.d/proftpd restart
previous
next
up
The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) - Page 5
The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) - Page 7

18 Webalizer
To install webalizer, just run
apt-get install webalizer

19 Synchronize the System Clock
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run
apt-get install ntp ntpdate
and your system time will always be in sync.

20 Install Some Perl Modules Needed By SpamAssassin (Comes With ISPConfig)
Run
apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl

21 ISPConfig
The configuration of the server is now finished, and if you wish you can now install ISPConfig on it. Please check out the ISPConfig installation manual: http://www.ispconfig.org/manual_installation.htm

21.1 A Note On SuExec
If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as Ubuntu's suExec is compiled with /var/www as Doc_Root. Run
/usr/lib/apache2/suexec -V
and the output should look like this:

root@server1:~# /usr/lib/apache2/suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
root@server1:~#
So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).
The following screenshot is taken from an ISPConfig installation in expert mode. If you want to use ISPConfig, then don't change the default web root:

Open office tutorial

Sekarang banyak orang yang menggunakan aplikasi officenya menggunakan produk microsoft. Itu memang baik dan dengan berbuat seperti itu kita akan cenderung untuk ketagihan dengan produknya microsoft. Ada suatu aplikasi yang open source yaitu open office. Sebenarnya aplikasi open office mirip dengan aplikasi office yang dimiliki oleh bawaannya microsoft. Pada open office bisa didapatkan secara gratis melalui internet. Cobalah tutorial aplikasi open office melalui media berikut ini. Silahkan link disini

Iskandar, S.Pd, M.Pd

HOW INSTALL AVG ANTI VIRUS ON UBUNTU

Before Installation

Make sure that your sourcelist is set up correctly. If you are in doubt make a search on the forum.



Installation

Download The Free AVG Advisor from here (.deb) to your Desktop.

Code:

cd ~/Desktop

sudo dpkg -i avg75fld-r45-a0973.i386.deb

Launcher

Making a launcher to start AVG

Code:

sudo rm -r /usr/share/applications/avggui.desktop

sudo nano /usr/share/applications/avg.desktop

add:

Code:

[Desktop Entry]

Name=AVG Antivirus

Comment=Antivirus

Exec=gksudo avggui &

Icon=/opt/grisoft/avggui/prog/pixmaps/avgico_big.png

Terminal=false

Type=Application

Categories=Application;System;

save and exit.

You can now start AVG by going to Applications tab ---> System Tools.

Diambil: samosir.wordpress.com

Seperti tulisan sebelumnya, awalnya saya bingung dengan banyaknya cara menambah program di distro Linux yang berbeda-beda. Untuk bagian ini saya akan menulis cara otomatis dan semi otomatis.
Sebutan “otomatis” dan “semi-otomatis” hanyalah istilah buatan saya.

Saya sebut otomatis karena memakai repository dan bisa di-klak-klik dengan mudah menggunakan tampilan grafis yang indah.
Apa itu repository? Yaitu media yang dibuat khusus agar bisa dipakai untuk instalasi cepat. Repository bisa berbentuk CD, DVD, alamat website, atau jaringan lokal. Kalo kita nginstall pake repository lalu ada file-file dependency, mereka akan diikut-sertakan secara otomatis. Itu enaknya. Saya gak tau apa harddisk kita bisa dibikin sebagai repository juga. Kayaknya bisa deh. CD aja bisa dibikin jadi repository, kenapa harddisk kagak?! Cuma, saya belum tau caranya.

Sedangkan istilah semi-otomatis saya berikan untuk cara menginstalasi yang setengah-setengah, ada yang pake repository tanpa kemudahan klak-klik mouse (tanpa tampilan grafis). Ada juga cara mudah pake klak-klik mouse, tetapi tanpa repository. Sehingga kalo ada dependency kita perlu menginstallnya satu persatu.

Penggunaan repository harus menggunakan tool manajemen software, biasanya dipasang di menu sebagai tombol “Add or Remove Software”. Dengan tool ini kita bisa melihat software aplikasi apa saja yang sudah diinstall dan apa saja yang belum.
Kita bisa menambah atau mengurangi sumber repository sesuai kehendak kita. Bila kita hanya memiliki CD/DVD instalasi sebagai repository dan gak punya sambungan internet, bersabarlah seperti saya karena belum bisa meraih nikmatnya repository secara utuh.
CD/DVD repository dibuat khusus untuk fungsi instalasi otomatis. Bukan sembarangan CD/DVD. Kita bisa mendapatkannya di majalah InfoLinux atau membelinya dari situs web. Atau membuatnya sendiri dengan cara-cara khusus. DOWNLOAD

Tutorial dan Latihan Corel Draw

Tutorial yang akan saya bawakan kali ini adalah, membuat butiran air dengan aplikasi CorelDraw, saya sengaja menggunakan Coreldraw. Alasannya adalah vector, yang tidak mengalami distorsi walaupun gambar diperbesar beberapa kali.

Link Download

How to install ANYTHING in Ubuntu!

Having problems installing something on your new Ubuntu operating system? "Where's the EXE?", "Where do I need to extract this to?", "How do I run it?", "Where did it go?" - have you been thinking questions like these? Don't worry, installing software, themes and other things on Ubuntu is actually very easy! This guide will help you understand with screenshots, instructional videos and to-the-point language.

Plesae Click Here To Guide You

Iskandar, S.Pd, M.Pd

Moving to Ubuntu Linux

Link Download

Discover Ubuntu, Today's Hottest Linux

Everyone's talking about Ubuntuit's not just 100% free, it's the most useful, practical desktop Linux ever! Now, Linux expert Marcel Gagné reveals Ubuntu's amazing power and helps you migrate from Windows faster than you ever thought possible.

Moving to Ubuntu Linux will teach you how to do virtually anything with Ubuntuwrite documents, create spreadsheets, surf the Web, use email, listen to music, watch movies, and play games.

• Install Ubuntu fast, with easy, step-by-step instructions

• Take control, with the GNOME desktop environment and Nautilus file manager

• Browse the Internet using Firefox, the powerful browser that's quickly replacing Microsoft Internet Explorer

• Find and install all the software you'll ever need, with Ubuntu's powerful Synaptic package manager

• Send email, track contacts, create calendars, and manage all your personal information with Evolution

• Organize digital photos, rip music, burn and play CDs, watch movies, create graphics, and more

• Discover the world of Linux games, and learn how to run Windows games on your Ubuntu PC

• Set up an efficient, convenient network for your home or small business

• Customize your desktop so it's perfectly comfortable and totally efficient

By: Iskandar, S.Pd, M.Pd (Chief Manager ICT Center SMKN 1 Pungging Mojokerto)

Jika Anda Membutuhkan bagaimana mengistalasi dan menggunakan ubuntu dekstop silakan download disini.

Download

Created ; Iskandar, S.Pd, M.Pd

KONFIGURASI DHCP SERVER

Sekilas DHCP (Dynamic Host Configuration Protocol)


Dynamic Host Configuration Protocol (DHCP) merupakan protocol jaringan yang secara otomatis menunjuk informasi TCP/IP kepada komputer client. Masing-masing DHCP client terhubung ke server DHCP sentral yang berfungsi mengembalikan konfigurasi jaringan client termasuk IP address, gateway, and DNS servers.
DHCP berfungsi untuk pengiriman secara cepat konfigurasi jaringan client. Ketika mengkonfigurasi sistem client, administrator dapat memilih DHCP dan tidak harus memasukkan IP address, netmask dan gateway atau DNS servers. Clien memperoleh informasi dari server DHCP. Selain itu, jika sebuah laptop atau jenis mobile komputer yang lain dikonfigurasi untuk DHCP, maka dapat dipindahkan dari kantor satu ke kantor lain tanpa menkonfigurasi kembali selama masing-masing kantor memiliki server DHCP yang
memungkinkan komputer tersebut terhubung ke jaringan.
Mengkonfigurasi server DHCP
Anda bisa mengkonfigurasi sebuah server DHCP dengan mengggunakan file /etc/dhcpd.conf. DHCP juga menggunakan file /var/lib/dhcp/dhcpd.leases untuk menyimpan transaksi database client.
Konfigurasi File
Langkah pertama dalam mengkonfigurasi server DHCP adalah membuat konfigurasi file informasi jaringan untuk client. Opsi umum dapat di deklarasikan untuk semua client, atau pilihan dapat dideklarasikan untuk masing- masing client. Konfigurasi fle dapat berisi berbagai tab extra atau baris kosong untuk pemformatan yang lebih mudah. Kata kuncinya adalah “case- insensitive, dan baris yang dimulai dengan tanda pagar (#) dianggap komentar.
Ada dua bentuk pernyataan dalam konfigurasi file :
tugas atau pilihan konfigurasi jaringan apa yang dikirm ke client Deklarasi menggambarkan topologi jaringan, menggambarkan client, menyediakan alamat-alamat untuk client atau mengaplikasikan kelompok parameter ke kelompok deklarasi। Beberapa parameter harus dimulai dengan kata kunci option dan dianggap sebagai pilihan. Pilihan mengkonfigurasi opsi DHCP, dimana parameter mengkonfigurasi nilai yang bukan opsional atau mengkontrol bagaimana server DHCP bekerja. Parameters (termasuk opsi) dideklarasikan sebelum sebuah bagian disertakan dalam tanda kurung kurawal ({ }) dianggap parameter global.

Download Here

Working With Your Ubuntu Desktop

Cached Content

. extend, and improve the Ubuntu documentation source code under the . Linux. . Ndiswrapper is a Linux module which allows Ubuntu to use the Windows .

File Summary

Chapter 1। Linux Basics Linux is inspired by the Unix operating system which first appeared in 1969, and has been in continous use and development ever since. Many of the design conventions behind Unix also exist in Linux and are central to understanding the basics of the system. Unix was primarily oriented towards the command line interface, and that legacy is carried on in Linux. Thus, the graphical user interface with its windows, icons and menus are built on top of a basic command line interface. Furthermore, this means that the Linux file system is structured to be easily manageable and accessible from the command line.

download

SOFWARE PEMBUAT JADWAL MENGAJAR

Di setiap sekolah kegiatan yang rutin dilakukan setiap tahun pelajaran baru atau setiap semester adalah membuat/mengatur/menyusun jadwal pelajaran. Diperlukan keseriusan dalam pembuatannya. Kalau tidak teliti bisa di komplain rekan guru yang akan mengajar. Lebih rumit lagi kalau kelasnya cukup banyak dengan guru kurang memadai.

Selama ini menyusun jadwal pelajaran dilakukan secara manual. Meskipun bisa saja sedikit lebih maju dengan menggunakan program spreadsheet semacam excel. Masih kurang praktis memang. Mungkin bisa saja dibuat dengan menggunakan logika-formula yang disedikan program tersebut. Kalau tidak berpengalaman repot juga membuat logikanya. Bersyukur saya memperoleh link untuk software yang bisa memudahkan pembuatan jadwal pelajaran ini.

Setahun yang lalu saya menjelajah dan mendapatkan program pembuat jadwal yang praktis dan otomatis ascTimeTable namanya। Konsepnya adalah membuat mudah pengguna dengan menyediakan GUI dalam penyusuunan jadwal. Hanya diperlukan sedikit belajar untuk memahami cara penggunaanya. Tapi jangan khawatir ada tutorial berbahasa indonesia pula. Anda juga bisa download panduannya disini

Created by Iskandar, S.Pd, M.Pd

Using Linux

Linux can be used to set up any number of server-type systems as well as workstations. This site is primarily concerned with the server aspects of Linux. If you're interested in playing around with Linux as a workstation OS on an older system, pick up a copy of Corel Linux which is based on the Debian distribution and is GUI all the way. The Corel Linux desktop looks a lot like Windows so the transition from using Windows to Linux for a desktop OS will be an easy one. (See the Desktop Linux page for more information on and screen-prints of Corel Linux.)

You can use your Debian Linux software to set up the following types of systems:

• Web servers for external (Internet) or internal (Intranet) use. (We show you how on the Internet Servers page.)
• Mail servers to handle both internal and Internet e-mail. (We show you how on the Internet Servers page.)
• Other Internet-type application servers such as FTP, news, IRC (chat), etc.
• Web cam servers to keep an eye on your home or business operations from a remote location. (We show you how on the Web Cam Server page.)
• Proxy/NAT servers that allow all the systems on a network to share a single broadband Internet connection at home or the office. (We show you how on the Proxy/NAT page.)
• Packet-filtering firewalls which allow you to control what traffic goes out of and comes in to your network (while also performing the proxy/NAT function). (We show you how on the Firewall page.)
• Internal LAN servers for file and print sharing much like Novell or NT/2000. There's even a Linux software package available called Samba that makes a Linux server appear as an NT server to Windows workstations. (We show you how on the LAN Servers page.)
• DNS servers to resolve Internet and/or internal LAN host/domain names. (We show you how on the DNS page.)
• Database servers running MaxDB - formerly SAPDB (free), MySQL (free), or Oracle ($$$$) database software. (We show you how on the Database Server page.)
• Fax servers running HylaFax and utilizing old fax-modems allow all users on your network to send faxes from their desktops rather than printing out a hard-copy to stuff in a fax machine. (We show you how on the Fax Server page.)
• LAN and WAN routers which offer an inexpensive alternative to those $5,000 Cisco boxes.
• Syslog servers which allow you to centralize the monitoring of your network and systems operations. (We show you how on the Syslog Server page.)
• IDS (Intrusion Detection Systems) to monitor your Internet address space for hacking and attack activity. (We show you how on the Securing Servers page.)

Given the free nature of the Linux software and its modest hardware requirements, small and non-profit businesses, schools, libraries, etc. can have all of the computing capabilities and Internet services of big, for-profit corporations with very little financial investment. And Linux is not just for the little guy. Big businesses can save big dollars with Linux because they don't have to pay for all those expensive client access or "seat" licenses (see the server comparison diagram below).

The other benefit to the modest hardware requirements of Linux is that if you do have a fairly powerful machine, you can run numerous applications (such as Web and e-mail and FTP and Telnet and DNS) all on one system reducing your overall hardware requirements. (While it is certainly possible for a single server to handle both internal LAN and external Internet functions, it isn't wise to put both functions on one server for security reasons.)

Support options for Linux-based systems are also growing. Commercial server vendors HP, IBM, and Dell now offer servers pre-loaded with Linux and provide numerous support options for them. Commercial distro vendors have various support packages available and third-party companies offer distribution-specific support options ranging from per-incident to 24/7 contract coverage. For individuals and small businesses, there are free self-help and peer-support options such as on-line documentation, newsgroups, listserves, and chat rooms. We show you how to use one of Debian's chat rooms on the Compiling Software page and Debian support resources are listed on the Resources page.

If you're looking for a career, there are two different categories of jobs working with Linux/UNIX servers, but they can often overlap. You can focus on a career as a network administrator, where you primarily take care of all of the types of systems mentioned above, manage user accounts, access rights to files, etc. The other is as a programmer, where you are writing shell scripts or programs which can be written in a wide variety of languages, with C being the most widely used. These scripts and programs are often used in the middle or "back-end" tiers of "multi-tier" client/server systems to automate things. For instance, Linux/UNIX servers are often used as back-end database servers running Oracle. In large organizations these two aspects are usually segregated with different job titles. In smaller organizations you may end up doing both, which would be the best training you could ask for. Note that a network administrator will find their life much easier if they are a good shell script programmer. The better they are at writing shell scripts the more they can automate administrative tasks on the servers. As more and more businesses learn about the potential for productivity gains and substantial cost savings realized through the reduced licensing costs associated with Linux, those with Linux knowledge will be in greater demand.

That's not to say you have to be into networking or C programming to have any use for Linux. A vanilla installation of most Linux distributions will include the installation and setup of the Apache Web server software. Out of the box a Linux system can act as a test Web server for Web site developers and those who write CGI scripts for Web sites (which you know the value of if you've ever taken down a production Web server hosting 200+ sites with a looping CGI script).

Linux can be useful at home too. It's easy to use it to set up a firewalling proxy server to share a broadband Internet connection with the all of the computers on a home network. (We show you how on the Networking page.) And as long as you've got a Linux proxy box hanging on the Internet, it's just as easy to have your own home Web/e-mail server.

Normally, if you want to set up a e-mail or Web server you have to have a fixed ("static") IP address assigned by your ISP and your own domain name. However, dyndns.org offers a free service called "dynamic DNS" which will allow you to set up your own home Web and e-mail server on a system where the IP address changes (as happens with dial-up, and residential DSL and cable-modem services). You don't even need your own domain name! If you did register your family's name as a domain name you can use dynamic DNS and set up a Sendmail server to receive e-mail for the domain name (ex: homer@simpson.com). Family members would then set their POP3 clients to retreive their mail from this Sendmail server rather than the ISP's. In addition, you can run the Apache Web server software on the system also and host your own family Web site. Information on using dynamic DNS services is given on the DNS page and setting up a Web/e-mail server using the Apache and Sendmail software is given on the Internet Servers page.

download

Enam (6) Langkah Mengamankan Jaringan & Sistem Komputer Dari Serangan Hacker

Secara umum ada enam (6) langkah besar yang mungkin bisa digunakan untuk mengamankan jaringan & sistem komputer dari serangan hacker. Adapun langkah tersebut adalah:

1. Membuat Komite Pengarah Keamanan.
2. Mengumpulkan Informasi
3. Memperhitungkan Resiko
4. Membuat Solusi
5. Implementasi & Edukasi / Pendidikan.
6. Terus Menerus Menganalisa, dan Meresponds.

Langkah 1: Membuat Komite Pengarah Keamanan.

Komite pengarah sangat penting untuk dibentuk agar kebijakan keamanan jaringan dapat diterima oleh semua pihak. Agar tidak ada orang terpaksa, merasa tersiksa, merasa akses-nya dibatasi dalam beroperasi di jaringan IntraNet mereka. Dengan memasukan perwakilan dari semua bidang / bagian, maka masukan dari bawah dapat diharapkan untuk dapat masuk & di terima oleh semua orang.

Dengan adanya komite pengarah ini, akan memungkinkan terjadi interaksi antara orang teknik / administrator jaringan, user & manajer. Sehingga dapat dicari kebijakan yang paling optimal yang dapat di implementasikan dengan mudah secara teknis.

Langkah 2: Mengumpulkan Informasi

Sebelum sebuah kebijakan keamanan jaringan di implementasikan, ada baiknya proses audit yang lengkap dilakukan. Tidak hanya mengaudit peralatan & komponen jaringan saja, tapi juga proses bisnis, prosedur operasi, kesadaran akan keamanan, aset. Tentunya proses audit harus dari tempat yang paling beresiko tinggi yaitu Internet; berlanjut pada home user & sambungan VPN. Selain audit dari sisi external, ada baiknya dilakukan audit dari sisi internet seperti HRD dll.

Langkah 3: Memperhitungkan Resiko

Resiko dalam formula sederhana dapat digambarkan sebagai:

Resiko = Nilai Aset * Vurnerability * Kemungkinan di Eksploit

Nilai aset termasuk nilai uang, biaya karena sistem down, kehilangan kepercayaan mitra / pelanggan. Vurnerability termasuk kehilangan data total / sebagian, system downtime, kerusakan / korupsi data.

Dengan mengambil hasil dari langkah audit yang dilakukan sebelumnya, kita perlu menanyakan:

· Apakah kebijakan keamanan yang ada sekarang sudah cukup untuk memberikan proteksi?

· Apakah audit secara eksternal berhasil memvalidasi ke keandalan kebijakan keamanan yang ada?

· Adakah proses audit mendeteksi kelemahan & belum tertuang dalam kebijakan keamanan?

· Apakah tingkat keamanan, setara dengan tingkat resiko?

· Apa aset / informasi yang memiliki resiko tertinggi?

Dengan menjawab pertanyaan di atas merupakan titik awal untuk mengevaluasi kelengkapan kebijakan informasi yang kita miliki. Dengan mengevaluasi jawaban di atas, kita dapat memfokuskan pada solusi yang sifatnya macro & global terlebih dulu tanpa terjerat pada solusi mikro & individu.

Langkah 4: Membuat Solusi

Pada hari ini sudah cukup banyak solusi yang sifatnya plug’n’play yang dapat terdapat di pasar. Sialnya, tidak ada satu program / solusi yang ampuh untuk semua jenis masalah. Oleh karena kita kita harus pandai memilih dari berbagai solusi yang ada untuk berbagai kebutuhan keamanan. Beberapa di antaranya, kita mengenal:

· Firewall.

· Network Intrusion Detection System (IDS).

· Host based Intrusion Detection System (H-IDS).

· Application-based Intrusion Detection System (App-IDS).

· Anti-Virus Software.

· Virtual Private Network (VPN).

· Two Factor Authentication.

· Biometric.

· Smart cards.

· Server Auditing.

· Application Auditing.

· Dll – masih ada beberapa lagi yang tidak termasuk kategori di atas.

Langkah 5: Implementasi & Edukasi / Pendidikan.

Setelah semua support diperoleh maka proses implementasi dapat di lakukan. Proses instalasi akan sangat tergantung pada tingkat kesulitan yang harus di hadapi. Satu hal yang harus di ingat dalam semua proses implementasi adalah proses pendidikan / edukasi jangan sampai dilupakan. Proses pendidikan ini harus berisi:

· Detail dari sistem / prosedur keamanan yang baru.

· Effek dari prosedur keamanan yang baru terhadap aset / data perusahaan.

· Penjelasan dari prosedur & bagaimana cara memenuhi goal kebijakan keamanan yang baru.

Peserta harus di jelaskan tidak hanya bagaimana / apa prosedur keamanan yang dibuat, tapi juga harus dijelaskan mengapa prosedur keamanan tersebut di lakukan.

Langkah 6: Terus Menerus Menganalisa, dan Meresponds.

Sistem selalu berkembang, oleh karena itu proses analisa dari prosedur yang dikembangkan harus selalu dilakukan. Selalu berada di depan, jangan sampai ketinggalan kereta api L …

Mengenal Jaringan Remote Access

Koneksi वां

infokomputer.com, Perusahaan telekomunikasi, seperti TELKOM, biasanya menawarkan beberapa jenis layanan WAN, seperti T1, E1, Analog POTS/PSTN, Frame Relay, dan lain-lain. Jenis layanan tersebut dapat dikategorikan menjadi 3, yaitu:
- Dedicated atau dikenal pula dengan Leased Line
- Circuit-switched
- Packet-switched

Penggunaan jenis layanan yang diberikan oleh provider jaringan biasanya dikenakan biaya. Besarnya biaya tergantung dari jenis layanan yang digunakan. Misalnya seseorang menggunakan layanan analog POTS (saluran telepon biasa), maka biaya yang harus dibayarkan kepada provider jaringan sebesar pulsa telepon yang digunakan. Gambar 1 menunjukkan skema layanan koneksi WAN.

Dedicated
Jenis layanan ini biasanya menggunakan biaya tetap. Maksudnya, digunakan maupun tidak biaya yang dibayar kepada provider jaringan setiap bulannya sama. Besarnya biaya tergantung bandwidth yang disewa dan jarak. Dedicated atau Leased Line menggunakan koneksi point-to-point yang menghubungkan satu area lokasi dengan lokasi lainnya. Gambar 2 merupakan contoh desain jaringan antara kantor pusat dan kantor cabang menggunakan koneksi dedicated.

Synchronous serial adalah sinyal digital yang ditransmisikan dengan clock tertentu secara serial. Sinyal tersebut dikirim menggunakan frekuensi yang sama sehingga data dapat dikirim tanpa diselingi bit lain. Bandingkan dengan transmisi asynchronous yang selalu menggunakan control bit, yaitu start dan stop bit untuk menentukan bit awal dan akhir dari komunikasi. Penggunaan control bit tentu sedikit membebani bandwidth dan mengurangi kinerja jaringan.

Koneksi dedicated dibuat pada port serial synchronous router. Beberapa standar serial synchronous yang didukung oleh router Cisco adalah:

- EIA/TIA-232. merupakan salah satu standar yang banyak digunakan. Pada referensi OSI model, EIA/TIA-232 merupakan standar physical layer yang dikembangkan oleh EIA (Electronic Industries Association) dan TIA (Telecommunications Industry Association) dikenal pula sebagai RS-232.
- EIA/TIA-449. Seperti EIA/TIA-232, EIA/TIA-449 juga dikembangkan oleh EIA dan TIA. Pada dasarnya EIA/TIA-449 merupakan pengembangan dari EIA/TIA-232, dirancang untuk memiliki bandwidth sampai 2Mbps.
- V.35. Dikembangkan oleh ITU-T (International Telecommunication Union Telecommunication Standardization Sector) untuk sinyal synchronous. ITU-T merupakan organisasi internasional yang bertugas mengembangkan standar komunikasi. V.35 umumnya digunakan di AS dan Eropa.
- X.21, merupakan standar yang ditetapkan oleh ITU-T untuk komunikasi serial melalui digital synchronous line. Protokol X.21 diutamakan untuk digunakan di Eropa dan Jepang.
- EIA-530
- HSSI. High-Speed Serial Interface merupakan antarmuka (interface) yang dikembangkan oleh Cisco system dan T3plus Networking. HSSI digunakan untuk komunikasi yang memerlukan kecepatan tinggi pada WAN. Spesifikasi HSSI memungkinkan organisasi lain untuk mengimplementasikannya. HSSI mendefinisikan antarmuka elektronik DTE/DCE maupun antamuka fisiknya.

Packet-switched
Packet-switched merupakan metode WAN switching di mana perangkat jaringan berbagi satu link point-to-point untuk meneruskan paket dari dari pengirim kepada penerima melalui jaringan (carrier network). ATM (Asynchronous Transfer Mode), Frame Relay, SMDS (Switched Multimegabit Data Service), dan X.25 merupakan contoh dari teknologi WAN packet-switched. Gambar 4 menggambarkan jaringan packet-switched.

Packet-switched menggunakan tehnik multiplexing untuk mengontrol akses jaringan dan membentuk PVC (Permanent Virtual Circuit).

- Frame Relay. Frame Relay merupakan protokol WAN yang memiliki performa tinggi. Beroperasi pada physical layer dan data link layer OSI referensi model, Frame Relay merupakan komunikasi data packet-switched yang dapat menghubungkan beberapa perangkat jaringan dengan multipoint WAN.

Frame Relay merupakan standar yang dikeluarkan oleh CCITT (Consultative Committee for International Telegraph and Telephone) dan ANSI (American National Standards Institute) untuk proses pengiriman data melalui PDN (Public Data Network). Pengiriman informasi dilakukan dengan membagi data menjadi paket. Setiap paket dikirimkan melalui rangkaian WAN switch sebelum akhirnya sampai kepada tujuan.

- X.25. Merupakan salah satu standar komunikasi WAN yang mendefinisikan bagaimana koneksi antara perangkat user dengan perangkat jaringan dibangun dan dipelihara. X.25 dirancang untuk bekerja secara efektif tanpa tergantung kepada jenis sistem yang terhubungan jaringan. Biasanya menggunakan jaringan umum PSN (Packet Switch Network) seperti jaringan milik perusahaan telepon. Pelanggan dikenakan biaya berdasarkan penggunaannya.

X.25 dikembangkan pada awal tahun 1970-an, didasari atas kebutuhan terhadap protokol WAN yang mampu bekerja pada Public Data Network. Kemudian protokol ini diakui menjadi standar internasional oleh ITU-T.

Circuit-Switched
Circuit-switched merupakan koneksi yang menggunakan metode WAN switching di mana physical circuit dibangun, dipelihara, dan diputuskan setiap melakukan sesi komunikasi. Pada jaringan perusahaan telepon, circuit-switched beroperasi layaknya operasi telepon biasa. Koneksi yang dibangun dari satu lokasi kepada lokasi lain biasanya menggunakan bandwidth yang sempit. Pada saat ini, koneksi yang biasa digunakan hanya mampu memperoleh bandwidth maksimum 56Kbps.

Contoh koneksi circuit-switched yang sering ditemui dan digunakan adalah koneksi kepada ISP (Internet Service Provider) menggunakan modem analog. Meskipun modem yang digunakan mampu mencapai bandwidth 56 Kbps, biasanya koneksi dari rumah selalu di bawah bandwidth yang ditawarkan tersebut. Jangan dulu menyalahkan pihak vendor modem tersebut, karena besarnya bandwidth yang diperoleh lebih dipengaruhi oleh jaringan telepon yang digunakan.

Salah satu keuntungan menggunakan jaringan circuit-switched adalah biaya penggunaannya yang relatif murah dan dapat dikontrol. Teknologi ini biasanya digunakan oleh:
- Mobile user
- Telecommuter
- Perusahaan atau instansi sebagai koneksi cadangan

Secara umum, ada dua jenis jaringan circuit-switched yang biasa digunakan, yaitu:
- Analog menggunakan POTS (Plain old telephone service), juga disebut PSTN
- Digital menggunakan ISDN (Integrated Service Digital Network)

selengkapnya