FORESEC Academy FORESEC Academy Essentials Version 2.2 ...

superfluitysmackoverSecurity

Feb 23, 2014 (3 years and 5 months ago)

54 views

FORE
SEC

Academy

©

FORE
SEC


























FORE
SEC

Academy

©

FORE
SEC










FORE
SEC

Academy Essentials

Version 2.2




Document Legalities



Copyright © 2010, The FORESEC Academy. All rights reserved. The entire contents of this
publication are the property of the FORESEC Academy. User may not co
py, reproduce,
distribute, display, modify, or create derivative works based upon all or any portion of this
publication in any medium, whether printed, electronic, or otherwise, without the express
written consent of the
FORESEC Academy
. Without limiting
the foregoing, user may not
reproduce, distribute, re
-
publish, display, modify, or create derivative works based upon all or
any portion of this publication for purposes of teaching any computer or electronic security
courses to any third party without the

express written consent of the FORESEC Academy.




Warning and Disclaimer

Every effort has been made to make this book as complete and accurate as possible,
but no warranty of fitness is implied. The information provided is on an ias isi basis.
The author
s and publishers shall have neither liability nor responsibility to any person
or entity with respect to any loss or damages arising from the information contained in
this book.















FORE
SEC

Academy

©

FORE
SEC














Defense in
-
Depth



In this chapter, we look at thre
ats to our systems and take a “big picture” look at how to
defend against them. You'll learn that protections need to be layered
-

a principle called
defense in
-
depth. We'll explain some principles that will serve you well in protecting your
systems and
us
e real
-
world attacks from history, which were wildly “successful” to illustrate
them. We examine why the attacks were successful and, more importantly, what measures
could have been taken to lessen the impact or to stop them altogether
-

practical defense
in
-
depth.



Finally, we show you how to examine your systems for vulnerabilities (before the attacker
does) and equip you with a tool to do exactly that. We look at how to ensure that a “hardened”
system stays hardened and close with a case study that il
lustrates defense in
-
depth.





FORE
SEC

Academy

©

FORE
SEC







Defense in
-
Depth



The concept behind defense in
-
depth is simple. The picture we have painted so far is that a
good security architecture, one that can withstand an attack, has many aspects and
dimensions. We need to

be certain that if one countermeasure fails, there are more behind it.
If they all fail, we need to be ready to detect that something has occurred and clean up the
mess expeditiously and completely, and then tune our defenses to keep it from happening to
us again.



One of the most effective attacks that penetrate standard perimeters is malicious code. These
are things like viruses and Trojan software. They come in as attachments to e
-
mail messages,
and on those floppies we bring in from home (even though

we aren't supposed to), and the
CD
-
ROMs we bring home from DEFCON. These can do a lot of damage. Most people have
heard of BackOrifice and NetBus, but there are a score of other Trojans. The best defense is
keeping your anti
-
virus software up
-
to
-
date, and

scanning at the firewall, server, and desktop
level. It isn't particularly expensive or hard, but it takes discipline.










FORE
SEC

Academy

©

FORE
SEC



It's commonplace to encounter systems that don't even record when successful and
unsuccessful logons and logoffs occur. That'
s just basic, sensible auditing and they don't turn
it on. If there is ever a problem, how will we run it to ground? You may or may not be in a
position where you can affect whether these things are done at your organizational level; but,
you can often tak
e the responsibility for your office, shop, division, or desktop. There are even
personal firewall software products
-

like TCP Wrappers, BlackICE Defender, Zone Alarm,
Norton Internet Security, and McAfee Personal Firewall. These range from free to commer
cial
software, and they provide perimeter protection at the host level. The threat is targeting each
of us. What role and responsibility are you willing to accept for defense in
-
depth?








































FORE
SEC

Academy

©

FORE
SEC







This slide shows another
way to think of the defense in
-
depth concept. At the center of the
diagram is your information. However, the center can be anything you value, or the answer to
the question, “What are you trying to protect?” Around that center you build successive layers
o
f protection. In the diagram, the protection layers are shown as blue rings. In this example,
your information is protected by your application. The application is protected by the security
of the host it resides on, and so on. To successfully get your inf
ormation, an attacker would
have to penetrate through your network, your host, your application, and finally your
information protection layers.



Using a defense in
-
depth strategy does not make it impossible to get to your core resources
-

the resource a
t the center of the diagram. However, a well
-
thought
-
out defense in
-
depth
strategy, utilizing the strongest protections feasibly possible at each layer, presents a
formidable defense against would
-
be attackers.












FORE
SEC

Academy

©

FORE
SEC





Principles



We start by expl
aining some fundamental principles that you need to understand and apply
everyday in securing your systems. We progress from what exactly it is about our systems
that we're trying to protect
-

confidentiality, integrity and availability
-

to the risks our
systems
face. After looking at threats and vulnerabilities, we'll talk about an overarching approach to
protecting our systems. We'll show you the importance of layering our protections, with
defense in
-
depth. This will give you a good foundation for evalu
ating and securing your
systems.



Confidentiality, Integrity, and Availability



What exactly about the system or information do we wish to protect? Traditionally,information
security professionals focus on ensuring confidentiality, integrity, and avail
ability. Simply “CIA”
in “infosec” jargon, these are three bedrock principles about which we will be concerned. A
good habit when first exploring any new business application or system is to think about
confidentiality, integrity, and availability
-

and co
untermeasures or lack thereof for protecting
these. Attacks might come against any or all of these.



We will discuss a variety of threats that jeopardize our computer systems. To focus that
discussion, we will consider some of the more famous attacks th
at have occurred. Now,
information assurance can get really complex, but these kinds of problems decompose nicely.
As we work our way through the material, we will point out aspects of

confidentiality, integrity,
and availability, in both the attacks and
also the defenses we discuss.



Let's use an example: You've been assigned to oversee the security of your employer's new
FORE
SEC

Academy

©

FORE
SEC


e
-
commerce site, its first attempt at conducting business directly on the Internet. How do you
approach this? What should you consid
er? What could go wrong?



Think C
-
I
-
A
-

confidentiality, integrity, and availability. Customers will expect that the privacy of
their credit card numbers, their addresses and phone numbers, and other information shared
during the transaction be ensured.

These are examples of confidentiality. They will expect
quoted prices and product availability to be accurate, the quantities they order at the prices to
which they agreed to not be changed, and anything downloaded to be authentic and
complete. These are
examples of integrity. Customers will expect to be able to place orders
when convenient for them, and the employer will want the revenue stream to continue without
disruption. These are examples of availability.



Keep in mind that the dimensions we have

been discussing can be interrelated. An attacker
might exploit an unintended function on a web server and use the cgi
-
bin program “phf” to list
the password file. Now, this would breach the confidentiality of this sensitive information (the
password file)
. Then, in the privacy of his own computer system, the attacker can use brute
force or dictionary
-
driven password attacks to decrypt the passwords. Then, with a stolen
password, the attacker can execute an integrity attack when he gains entrance to the sys
tem.
And he can even use an availability attack as part of the overall effort to neutralize alarms and
defensive systems, so they can't report his existence. When this is completed, the attacker
can fully access the target system, and all three dimensions
(confidentiality, integrity, and
availability) would be in jeopardy. Always think C
-
I
-
A.



We chose a very simple, well
-
known attack for a reason. A large number (in fact, an
embarrassingly large number) of corporate, government, and educational systems
that are
compromised and exploited are defeated by these well
-
known, well
-
publicized attacks. An
attack does not have to be the latest and greatest in order to be successful much of the time.
Countless numbers of attacks, covering years of experience, are
detailed on the Internet and
in books and courses. Often these are still viable, especially when defense in
-
depth is not
being practiced.



















FORE
SEC

Academy

©

FORE
SEC





Utility, Authenticity, and Possession




CIA certainly has classical characteristics of infor
mation security and always should be
in the mind of security professionals. In
Fighting Computer Crime, A New Framework for
Protecting

Information,

Donn B. Parker clarifies and expands these characteristics into a set
of six foundational elements:
availabi
lity, utility, integrity, authenticity, confidentiality, and
possession
. Each of these is (somewhat subtly) different from the other, and Parker asserts
that they are necessary to represent a certain aspect of information protection. Scenarios of
informati
on loss, and thus requirements for information security, exemplify one or more of
these foundational elements.




Parker defines utility as “usefulness of information for a purpose.” Imagine that the only
copy of some critical information is encrypted, a
nd the encryption key has been lost. The
information is still available, but it is not suitable for its intended purpose and thus fails to meet
the need for utility.



Authenticity

is “validity, conformance, and genuineness of information.” Imagine someo
ne
-

who has no association with SANS
-

writing and printing a book about computer security but
saying on the cover and title page that this is a SANS book. Such a book would not be
authentic; it would violate the requirement for information authenticity.




Possession

is “the holding, control, and ability to use information.” Suppose that an
organization's backup tapes are all encrypted, and that they have been stolen and held for
ransom. Parker would contend that the information is available (by paying t
he ransom); what
is lacking is possession.




So, the next time you are thinking of the security requirements for your project, system,
or business, you might think CIA, or you might expand your consideration to include
availability, utility, integrity,
authenticity, confidentiality, and possession.














FORE
SEC

Academy

©

FORE
SEC




Identity, Authentication, and Authorization



It is critical for an information security practitioner to understand clearly the closely related
concepts of identity, authentication, and autho
rization
-

their meanings and their distinctive
differences.



Identity is one of those common words that seem difficult to define without using the word in
its own definition. By identity, we mean “whom someone or what something is;” for example,
the nam
e by which one is recognized. This identity may be of a human being, a program, a
computer, or data. Identification is the process for establishing whom someone or what
something claims to be.



Authentication is the process of confirming the correctness

of the claimed identity. A motorist
identifies himself to a police officer and presents a driver's license for confirmation. The officer
compares the photograph, description, and signature with that of the motorist to authenticate
the identity. Do you see

the distinction? Identity and authentication do not mean the same
thing.












FORE
SEC

Academy

©

FORE
SEC


Finally, authorization means the approval, permission, or empowerment for someone or
something to do something. Cleaning personnel may have authorization to physically e
nter all
rooms in the organization after hours. A running process might be authorized to access the
payroll database. Even with identity and authentication telling us with confidence whom
someone is, we still need authorization to tell us what the identifi
ed person is allowed to do.
Let's tie these together with an example. Someone presents as her identity a picture ID smart
card to a building guard. The guard checks the picture and the name against her face and
perhaps uses a biometric device as well; th
is is authentication. Checking the name on the
smart card against a database tells the guard that she is allowed in the building; this is
authorization. He allows you to enter. It takes all three for access; remember, the whole point
is access control.



































FORE
SEC

Academy

©

FORE
SEC








Means of Authentication



We just used two examples of how authentication might be performed, for example
possessing an ID card and comparing a photo with a face. Let's be more rigorous. Classically,
authentication h
as been based on:




• Something you know



• Something you have



• Something you are



Easy, right? I know my dog's name is Spot; I have a driver's license; and I am 5' 11”. So now I
can authenticate to a system securely, right? This is not quite
what we meant.



Something you know should be something only you know and can keep to yourself. This
might be the PIN to your bank account or a password. Most commonly, it is a password, and it
should be a strong password. A strong password normally is a
t least seven characters long,
contains upper and lower case letters, contains numeric characters and at least one special
character, and is not something that can be found in a dictionary.




Something you have might be a photo ID or a security token. RS
A's SecurID is a
commonly used security token that comes in the same size and shape as a credit card or as a
FORE
SEC

Academy

©

FORE
SEC


key fob. The token also may plug into one of your computer's ports or be in software. It has a
pseudorandom number sequence that changes every sixt
y seconds. Combined with a PIN,
this is two factor authentication
-

something you have and something you know.






RSA SecurID




RSA's SecurID system is commonly used for strong authentication. The system
combines something you have, the SecurID, with
something you know, a PIN. Whether in
credit card, key fob, or software form, the ID displays a number whose value changes every
60 seconds in accordance with a pseudorandom number sequence. Each SecurID is uniquely
numbered and has its own sequence. The o
nly way to know this minute's value is to see the
number on the token
-

something you have
-

or eavesdrop as it is being transmitted. However,
even the correct value is only good one time, so an eavesdropper cannot successfully repeat
what was heard.




Something you know is also part of the authentication scheme, in this case a PIN. The
most secure form of the SecurID tokens includes numbered buttons on the actual card into
which the user enters his PIN. The card calculates and displays the correct numbe
r to send
for authentication, based on the current minute's slot in the pseudorandom number sequence
and the PIN. In cards without these buttons, the PIN is transmitted in clear text along with the
current minute's number. Although the random number cannot

be known without access to
the token, the other factor, what you know, is vulnerable to eavesdropping.




At a central location, typically a dedicated security server, the corresponding random
number can be computed for each unique SecurID device or sof
tware. If the number
submitted by the user matches the number computed centrally, authentication is successful,
but only one time for each minute's value.




Because of clock drift, the central server computes the “correct”î value for the current
minute,

the previous minute, and the following minute. Matching any these will be successful.
If the SecurID and central system clocks have drifted apart such that the match was for an
earlier or later minute, adjustments will be made so that subsequent computati
ons will match
on the “current” minute's value. Such adjustments will keep the clocks in sync” indefinitely,
with use. A SecurID card would have to go unused for several months before it would likely
drift out of the 3
-
minute window and need to be resync'd

by an administrator.










Something you are is biometrics based. There are many different characteristics that are
FORE
SEC

Academy

©

FORE
SEC


considered sufficiently unique in and on a human body. Some devices used for biometric
authentication are iris scanners, retinal scann
ers, hand geometry substantiaters, finger
scanners, and many others as well . . . even facial scanners. Facial scanning in crowds, such
as the U.S. football Super Bowl spectators, for identification was already newsworthy prior to
the events of September 1
1, 2001. Since that date, there has been an increased interest in
employing biometrics for authentication.



Despite its rising popularity, biometric authentication is not without its downsides. Once
compromised, unlike passwords or tokens, biometric par
ameters cannot be changed.
However, some aspects of the body can be simulated for detectors, as seen in many spy
movies. Perhaps the most practical limitation is the degree to which false positives or false
negatives can be tolerated in a particular applic
ation. Because of this limitation, biometrics in
particular always should be in the context of defense in
-
depth.


Now we know with

whom

we are dealing; next we cover with
what

we are dealing and how
different data sometimes require different protection.

































FORE
SEC

Academy

©

FORE
SEC





Data Classification


The reality is that no organization has sufficient resources to protect all information with the
rigor that the most sensitive information requires. Not all information requires the protection
need
ed for nuclear weapons designs or war plans. Consequently, so that appropriate
protections can be applied based on the sensitivity of the information and on the potential
impact of loss, organizations often classify their data into differing levels. Loss m
ight be in
terms of confidentiality (what we usually think of regarding government or corporate secrets)
but also could be in terms of integrity or availability.



Governments and their militarizes, such as the U.S. Department of Defense (DoD), started
t
he phenomenon of labeling data in order to apply higher levels of protection to data that was
so sensitive that if it were leaked it could harm their country's national security. Subsequently,
this is becoming commonplace in the corporate world, as well. A

quick listing of the DoD and
federal levels follows:




• Top Secret
-

The highest levels of protection are given to this data; it is critical to



protect.



• Secret
-

This data is important, and its release could harm national security.



• Con
fidential
-

This is important, and it could be detrimental to national security if



released.





FORE
SEC

Academy

©

FORE
SEC


• Sensitive But Unclassified (SBU)
-

This generally is information that is sensitive and



should not be released (like SSNís).



• Unclassified
-

Th
ey prefer to keep it from being released but the nation would not be



harmed if it were.





Corporations are labeling their data, too. It is extremely difficult to protect all the data in a
company. But some data easily is recognized as needing specia
l protection. Perhaps you
manufacture closed
-
source software; that source code would need special protection
because its release could impact your revenues directly. Could it damage the morale of your
company if everyone learned the salaries of their co
-
wo
rkers? Do they all earn the same
amount of money?



Generally, the best strategy for classifying data is to use a few clearly delineated categories
and train your personnel in distinctive category use. Think about whom has the authority to
classify data a
nd to change data classification. Think about how the entire U.S. government
and military have but a few levels of classification, considering the vast quantities of data with
which they deal
-

and some suggest that they have too many categories. You only
need a
different category when you have a significant quantity of information that requires
significantly different protection.



























FORE
SEC

Academy

©

FORE
SEC







Threats and Vulnerabilities


We've been talking about what we need to protect, e.g. the confi
dentiality, integrity, and
availability of our systems. Next, we'll discuss
from what

we need to protect them
-

the threats
to them and their vulnerabilities to those threats. We'll see how risk is a function of threat and
vulnerability.



Threats


Not
all the bad things that happen to computer systems are attacks per se. There are fires,
water damage, mechanical breakdowns, accidental errors by systems administrators, and
plain old user error. But all of these are called threats. We use threat models to

describe a
given threat and the harm it could do if the system has a vulnerability.



In security discussions, you will hear a lot about threats. Threats, in an information security
sense, are any activities that represent possible danger to your informa
tion or operation.
Danger can be thought of as anything that would negatively affect the confidentiality, integrity,
or availability of your systems or services. Thus, if risk is the potential for loss or harm, threats
can be thought of as the

agents of ri
sk.




Threats can come in many different forms and from many different sources. There are
physical threats, like fires, floods, terrorist activities, and random acts of violence. And there
are electronic threats, like hackers, vandals, and viruses. Your p
articular set of threats will
depend heavily on your situation
-

what business you are in; who your partners and
FORE
SEC

Academy

©

FORE
SEC


adversaries are; how valuable your information is; how it is stored, maintained, and secured;
who has access to it; and a host of other factors
.



The point is that there are
too many variables to ever protect against all the possible threats

to your information. To do so would cost too much money and take too much time and effort.
So, you will need to pick and choose against what threats you wi
ll protect your systems.
Security is as much risk management as anything. You will start by identifying those
threats
that are most likely to occur or most worrisome

to your organization.



The way to do this is by identifying three primary areas of thre
at. The first is based on your
business goals. If your business is heavily dependent on a patented formula, you would
consider theft of that formula to be a likely threat. If your business is the transferring of funds
over a network, you would consider att
acks on that network link to be a likely threat. These
are two examples of business
-
based threats.



The second type of threat is those based on validated data. If your web site is repeatedly
hacked through your firewall, you would consider Internet hacke
rs to be a major threat. If your
main competitor always manages to find out key confidential information about your business
plans, you would start considering corporate espionage a threat. These are examples of
threats identified because of validated inst
ances of damage based on those threats. In some
ways, these can be the most serious because they have already happened and are likely to
happen again in the future.



The final types of threats are those that are widely known in the security industry. To
protect
against them is just good common sense. That is why you put badge readers and guards in
buildings, why you use passwords on your computer systems, and why you keep secret
information locked in a safe. You may not have had attacks against any of the
se, but it is
commonly understood to be foolish not to do so.



















FORE
SEC

Academy

©

FORE
SEC



Vulnerabilities


In security terms, a vulnerability is a weakness in your systems or processes that allow a
threat to occur. However, simply having a vulnerability by itse
lf is not necessarily a bad thing.
It is only when the vulnerability is coupled with a threat that the danger starts to set in. Let's
look at an example.



Suppose you like to leave the doors and windows to your house unlocked at night. If you live
in the

middle of the woods, far away from anyone else, this may not be a bad thing. There
really aren't many people who wander around, and, if you're high enough on the hill, you'll be
able to see them coming long before they present a danger. So, in this case,
the vulnerability
of having no locks is there, but there really isn't any threat to take advantage of that
vulnerability.



Now suppose you move to a big city full of crime. In fact, this city has the highest burglary rate
of any city in the country. If y
ou continue your practice of leaving the doors and windows
unlocked, you have exactly the same vulnerability as you had before. However, in the city the
threat is that much higher. Thus, your overall danger and risk is much greater.



Vulnerabilities can
be reduced or even prevented, provided of course that you know about
them. The problem is that many vulnerabilities lay hidden, undiscovered until somebody finds
out about them. Unfortunately, the “somebody” is usually a bad guy. The bad guys always
seem t
o find out about vulnerabilities long before the good guys.






FORE
SEC

Academy

©

FORE
SEC





Relating Risk, Threat and Vulnerability


Risks, threats, and vulnerabilities are highly interrelated. Their relationship can be expressed
by this simple formula:




Risk
(due to a thre
at)

= Threat x Vulnerability
(to that threat)




This formula shows that risk is directly related to the level of threat and vulnerability you,your
systems, or your networks face. Here's how the formula works:




• If you have a very high threat, but a v
ery low vulnerability to that threat, your resulting


risk will be only moderate. In the example we used before, if you live in a high crime




neighborhood (thus, high threat) but you keep your doors and windows locked (so you


have a low vulnerab
ility to that threat), your overall risk is moderate.



• If you have a high vulnerability to a threat (by keeping your doors and windows



unlocked), but the threat itself is minor (by living in the woods), once again you have




only a moderate r
isk factor.



• If, however, you have a high level of threat potential (a high crime area) and your



vulnerability to that threat is very high (no locks), you have a very high risk factor.






FORE
SEC

Academy

©

FORE
SEC







Impact



ISO 1779 and many risk management meth
odologies include the magnitude of the
impact resulting from a threat connecting with a vulnerability in determining risk. Sometimes in
these methodologies they use the term
asset

instead of
impact.

Our simple formula for risk
becomes:




Risk
(due to a th
reat)

= Threat x Vulnerability
(to that threat)

x Impact




The greater the impact on an organization, the greater the risk that particular threat and
vulnerability represents to the organization.







Of course, this formula is nice, but keep in mind t
hat there are no absolutes in security.
It is challenging to assign meaningful numeric values to areas like threats and vulnerabilities,
but this formula can be used as an aid to guide your thinking
-

as a reminder of the concept
-

as much as an absolute m
athematical calculation. When you begin to get into discussions
and arguments about risks, threats, and vulnerabilities (and yes, you will get into arguments
about this stuff), you can refer back to this basic formula to help guide you in your decision
mak
ing process.






















FORE
SEC

Academy

©

FORE
SEC




The Threat Model


Vulnerabilities are the gateways by which threats are manifested. So, for a threat model to
have any meaning, there has to be a threat. Are there people with the capability and
inclination to attack
and quite possibly harm your computer systems and networks? What is
the probability of that happening? Consider attacks from the Internet as an example: the
probability is high that any non
-
private address will be targeted several times a day, or even
an h
our. The most common countermeasure for most organizations is to deploy firewalls or
other perimeter devices.



These can significantly reduce the volume of attacks that originate from the Internet. But, they
should be only one component of our overall d
efenses. Attacks pass through firewalls all the
time
-

for example, web
-
based attacks against your web server
-

and attacks from insiders
might never pass through a firewall. That is why defense in
-
depth must be practiced, as we'll
discuss in the next sect
ion.



So there is a threat, and there certainly are vulnerabilities; when a threat is able to connect to
its specific vulnerability, the result can be system compromise. Again, the most common tactic
is to protect systems with perimeter devices such as
firewalls. It's cost
-
effective, it's practical,
and it's highly recommended. Even the most open universities, or other research
environments that require themselves to be very open, should be able to have some
perimeter defense. Perhaps it can be at the de
partment or building level or even at the host
level.





FORE
SEC

Academy

©

FORE
SEC




Lessons from Historical Attacks


So far we have been discussing theory that provides a framework to understand and use
tools like the ones we discussed in risk management
-

the big picture. Now

we want to move
away from theory a bit into some historical applications of confidentiality, integrity, and
availability. The attacks we are going to discuss represent some of the most famous
information security defense failures:




• Morris worm
-

Av
ailability
-

1988



• Melissa macro virus
-

Availability
-

1999



• W32.SirCam worm
-

Confidentiality
-

2001



• Code Red II worm
-

Integrity
-

2001



• Blaster worm
-

Availability and Integrity
-

2003



These span from 1988 to 2003. Hopefully, we

can learn enough from history to help prevent
us from having to repeat it. We don't have space in this book to explore each of these in great
detail, but you should be familiar with each of these as a security professional. We
recommend that you search th
e Internet for these attacks and read a bit more. We provide a
number of URLs to help get you started. There are information security lessons that we ought
to be able to learn from these well
-
known attacks. In each case, there was a computer system
vulnera
bility, and it was exploited.



FORE
SEC

Academy

©

FORE
SEC



In each of the cases, there was an absence of defense in
-
depth. In fact, in the case of most
systems affected by the Morris worm and the Code Red attack, the exploit did not have to
penetrate any defensive perimeters. So,
that's “Defense in
-
shallow!”




As we go through each of the attacks, try to look out for the three primary security
dimensions: confidentiality, integrity, and availability. Consider how the defenses for each
failed or did not exist in the first place. T
he vulnerability is listed in every case, so please note
how the threat was able to exploit the vulnerability to compromise or affect the target
system(s).

FORE
SEC

Academy

©

FORE
SEC



ipung@unisbank.ac.id

0818 0589 5566


Tugas berikutnya

:

Upload tugas anda di
blog pribadi anda

Buat link di blog anda

http://unisbank.ac.id