2012-1-00192-if ringkasan
22
ANALISIS, PERANCANGAN, DAN IMPLEMENTASI INFRASTRUKTUR KEAMANAN JARINGAN DENGAN TEKNOLOGI IPS PADA PT. XYZ-TD Christophorus Calvin Halim Binus University, Jakarta, DKI Jakarta, Indonesia dan Jan Dicky Chandra Binus University, Jakarta, DKI Jakarta, Indonesia Abstrak Saat ini, infrastruktur jaringan harus disertai sistem keamanan untuk mencegah kerusakan sistem yang ada di perusahaan karena adanya cracker ataupun virus yang mampu menembus jaringan perusahaan. Oleh karena itu, telah dilaksanakan analisis terhadap infrastruktur jaringan PT. XYZ-TD dan melakukan rancangan, serta implementasi infrastruktur jaringan yang baru dengan menambahkan teknologi Intrusion Prevention System (IPS) sebagai alat keamanan untuk PT. XYZ-TD. Metode yang dipakai adalah metodologi analisis, yaitu melakukan peninjauan langsung untuk mengetahui karakteristik infrastruktur jaringan PT. XYZ-TD yang sedang berjalan, dan metodologi PDIOO (Planning, Design, Implementation, Operation and Optimization) dalam melakukan perancangan dan implementasi. Hasil yang dicapai adalah terimplementasinya rancangan yang dibuat untuk infrastruktur jaringan PT. XYZ-TD. Penggunaan modul VLAN, Inter-VLAN-Routing dan ACL memudahkan administrator jaringan PT. XYZ-TD dalam melakukan perawatan dan pengelolaan jaringan. Selain itu, pemasangan IPS juga membuat jaringan PT. XYZ-TD menjadi lebih aman terhadap serangan dari luar maupun dari dalam. Dengan begitu masalah yang terdapat pada PT. XYZ-TD dapat terselesaikan. Kata kunci : Intrusion Preventiom System, Infrastruktur Keamanan Jaringan, PT. XYZ-TD
-
Upload
krisandi-agusto -
Category
Documents
-
view
16 -
download
1
description
test
Transcript of 2012-1-00192-if ringkasan
-
ANALISIS, PERANCANGAN, DAN IMPLEMENTASI INFRASTRUKTUR KEAMANAN JARINGAN DENGAN
TEKNOLOGI IPS PADA PT. XYZ-TD
Christophorus Calvin Halim Binus University, Jakarta, DKI Jakarta, Indonesia
dan
Jan Dicky Chandra Binus University, Jakarta, DKI Jakarta, Indonesia
Abstrak
Saat ini, infrastruktur jaringan harus disertai sistem keamanan untuk mencegah kerusakan sistem yang ada di perusahaan karena adanya cracker ataupun virus yang mampu menembus jaringan perusahaan. Oleh karena itu, telah dilaksanakan analisis terhadap infrastruktur jaringan PT. XYZ-TD dan melakukan rancangan, serta implementasi infrastruktur jaringan yang baru dengan menambahkan teknologi Intrusion Prevention System (IPS) sebagai alat keamanan untuk PT. XYZ-TD. Metode yang dipakai adalah metodologi analisis, yaitu melakukan peninjauan langsung untuk mengetahui karakteristik infrastruktur jaringan PT. XYZ-TD yang sedang berjalan, dan metodologi PDIOO (Planning, Design, Implementation, Operation and Optimization) dalam melakukan perancangan dan implementasi. Hasil yang dicapai adalah terimplementasinya rancangan yang dibuat untuk infrastruktur jaringan PT. XYZ-TD. Penggunaan modul VLAN, Inter-VLAN-Routing dan ACL memudahkan administrator jaringan PT. XYZ-TD dalam melakukan perawatan dan pengelolaan jaringan. Selain itu, pemasangan IPS juga membuat jaringan PT. XYZ-TD menjadi lebih aman terhadap serangan dari luar maupun dari dalam. Dengan begitu masalah yang terdapat pada PT. XYZ-TD dapat terselesaikan.
Kata kunci : Intrusion Preventiom System, Infrastruktur Keamanan Jaringan, PT. XYZ-TD
-
1. Pendahuluan
Perkembangan teknologi informasi semakin hari semakin berkembang, khususnya
jaringan komputer yang pada saat ini telah menjadi satu hal yang paling mendasar pada
suatu perusahaan. Hal ini dapat dilihat dari penggunaan jaringan komputer yang telah
menjadi kebutuhan pokok bagi setiap perusahaan, baik perusahaan besar maupun
perusahaan menengah ke bawah. Teknologi jaringan komputer telah menjadi satu kunci
penting dalam era globalisasi dan teknologi informasi.
PT. XYZ-TD merupakan perusahaan yang bergerak di bidang perdagangan dan
distribusi yang berkantor di Jakarta dan salah satu anak perusahaan dari PT. XYZ. PT.
XYZ-TD sedang mengembangkan teknologi informasi untuk mendukung dan
meningkatkan proses bisnis perusahaan. Berdasarkan informasi yang diterima dari staf IT
kantor PT. XYZ-TD, terdapat beberapa masalah di dalam sistem infrastruktur
jaringannya. PT. XYZ-TD ingin mengganti keseluruhan infrastruktur jaringannya dengan
suatu rancangan infrastruktur yang jauh lebih baik. Hal ini dikarenakan pada sistem
jaringan lama hanya menggunakan satu segmen, sehingga bila ada serangan yang masuk
ke dalam jaringan perusahaan dapat menimbulkan masalah bagi seluruh pengguna yang
terhubung pada jaringan perusahaan tersebut.
Selain itu, PT. XYZ-TD baru saja membeli solusi ERP (Enterprise Resource
Planning) yang digunakan untuk meningkatkan kualitas kerja dan daya jual para staf
marketingnya. Aplikasi solusi ini harus diaktifkan selama 24 jam, sebab bila tidak dapat
diakses dalam beberapa waktu saja, maka akan mengganggu proses bisnis perusahaan
yang secara tidak langsung akan mengurangi profit perusahaan. Oleh sebab itu
diperlukanlah suatu alat yang mampu menjaga keamanan jaringan dan aplikasi ERP pada
-
PT. XYZ-TD dengan menggunakan Intrusion Prevention System (IPS) sebagai suatu
solusi untuk meminimalisir permasalahan pada keamanan jaringan mereka.
Dalam perkembangannya, IPS adalah suatu teknologi informasi untuk
meningkatkan keamanan jaringan yang mampu mencegah cracker dan virus agar tidak
dapat menyerang jaringan PT. XYZ-TD. Awal munculnya IPS berasal dari IDS
(Intrusion Detection system) yang hanya berfungsi untuk mendeteksi aktivitas
mencurigakan dalam sebuah sistem jaringan dan melakukan analisis serta mencari bukti
dari percobaan intrusi/penyusupan. Karena banyaknya ancaman-ancaman terhadap
jaringan perusahaan maka dikembangkanlah teknologi IDS menjadi IPS yang berfungsi
untuk mengidentifikasi jaringan dari aktivitas yang berbahaya, mencatatkan informasi,
memblokir atau menghentikan, dan melaporkan kegiatan berbahaya tersebut.
Dengan perkembangan teknologi jaringan yang ada pada saat ini, tidak dapat
dipungkiri bahwa keamanan jaringan menjadi suatu hal yang harus diperhitungkan. PT.
Seraphim Digital Technology sebagai salah satu perusahaan yang menawarkan solusi IT
terutama di bidang keamanan jaringan melihat hal tersebut dapat membantu untuk
meminimalisir ancaman dan serangan baik internal maupun external yang dapat
mengganggu aliran bisnis perusahaan. Teknologi ini sangat menarik untuk dibahas
karena berkaitan dengan masalah yang sering timbul dalam jaringan komputer khususnya
pada keamanan jaringan, dimana sistem keamanan jaringan dengan teknologi IPS
diharapkan mampu menjaga infrastruktur jaringan kedepannya. Oleh karena itu, dalam
skripsi ini akan membahas mengenai analisis, perancangan, dan pengimplementasian
infrastruktur keamanan jaringan dengan teknologi IPS yang bekerja sama dengan staf IT
PT. Seraphim Digital Technology untuk PT. XYZ-TD beserta evaluasinya.
-
2. Metodologi
Ruang lingkup penelitian mencakup analisa system jaringan lama PT. XYZ-TD,
perancangan dan implementasi jaringan baru yang sudah terstruktur serta melakukan
pemasangan alat keamanan IPS pada jaringan PT XYZ-TD. Adapun pembahasan
yang dilakukan meliputi sebagai berikut :
- Analisis
- Perancangan
- Evaluasi
2.1. Analisis
Pada topologi jaringan yang lama, dapat dilihat pada gambar 2. masih
menggunakan menggunakan router box dan patch panel dan tidak ada alat keamanan
untuk menjaga jaringan perusahaan, serta masih ada server eksternal yang bergabung
dengan server internal. Maka dalam rancangan topologi jaringan yang baru akan
menggunakan switch Cisco manageable dan router Cisco 1Gb agar jaringan lebih
mudah untuk dikelola dan dirawat serta menggunakan Intrusion Prevention System
buatan IBM untuk mengamankan jaringan dari serangan-serangan. Penggunaan Cisco
Switch dan Cisco Router pada topologi jaringan baru dikarenakan Cisco adalah salah
satu produk terbaik di bidang jaringan komputer, selain itu lebih banyak engineer yang
memiliki sertifikasi Cisco di banding produk lainnya, sehingga lebih mudah untuk
mencari orang yang bisa melakukan pengelolaan terhadap switch dan router yang
dipakai. Penggunaan teknologi Intrusion Prevention System buatan IBM yang sebagai
alat keamanan jaringan karena IPS buatan IBM adalah produk yang dapat diandalkan
serta PT. Seraphim Digital Technology merupakan distributor IPS buatan IBM.
-
Internet
Router Box
Switch3COM
Proxy server 1
Proxy server 2
Web server
Switch3COM
Server Aplikasi 1
Switch 3COM
File Server 1
File Server 2
Server Aplikasi 2
Server Antivirus Mail ServerServer Aplikasi 3
Hub IT Hub Busdev, Sales, &Direksi
Hub Pajak Hub Akuntansi
Server Aplikasi Mobile
Open VPN
Gambar 2.1 Topologi jaringan PT.XYZ-TD
2.2. Perancangan
Untuk menjaga keamanan pada struktur jaringan lama PT.XYZ-TD, maka
dibuatlah rancangan jaringan infrastruktur baru yang dapat mendukung kinerja
perusahaan dan sebagai pemecahan masalah dari hasil identifikasi masalah
yang dilakukan sebelumnya. Berikut ini adalah topologi rancangan
infrastruktur keamanan jaringan pada PT. XYZ-TD:
-
Gambar 2.2 Rancangan Jaringan Baru PT.XYZ-TD
-
2.3. Evaluasi
Untuk evaluasi hasil implementasi sistem keamanan IPS pada PT. XYZ-TD, kami
menggambil log history satu minggu setelah pemasangan sistem keamanan IPS. Berikut
daftar tabel serangan-serangan yang diblok:
Tabel 4.1 Log History
Tag Name Status Severity Event Count
Source Count
Target Count
POP_Command_Overflow Block High 6289 95 5
MSRPC_Srvsvc_Path_Bo Block High 494 35 252
SSL_Challenge_Length_Overflow Block High 48 1 2
HTTP_Oracle_WebCache_Overflow Block High 45 3 14
Telnet_Polycom_Blank_Password Block High 33 1 17
MSRPC_Race_Heap_Overflow Block High 32 2 15
SQL_SSRP_Slammer_Worm Block High 30 8 3
Email_Virus_Suspicious_Zip Block High 28 9 3
SQL_SSRP_MDAC_Client_Overflow Block High 20 1 2
DNS_RDATA_String_BO Block High 12 4 5
Image_JPEG_Tag_Overflow Block High 9 5 4
Email_Calendar_Code_Exec Block High 4 3 2
Image_JPEG_IE_Size_Overflow Block High 1 1 1
HTTP_repeated_character Block Medium 5405 158 66
Smurf_Attack Block Medium 4350 2 21
Email_Executable_Extension Block Medium 1495 93 76
HTTP_POST_Script Block Medium 31 6 5
YahooMSG_UserID_Overflow Block Medium 13 1 1
ICMP_Protocol_Unreachable_TCP Block Medium 5 3 1
HTTP_Cross_Site_Scripting Block Medium 4 4 3
HTTP_GET_Very_Long Block Medium 2 2 2
-
Email_Virus_Double_Extension Block Medium 1 1 1
HTTP_ASP_Security_Bypass Block Medium 1 1 1
UDP_Bomb Block Medium 1 1 1
DCOM_SystemActivation_DoS Block Low 164 1 2
HTML_Script_Extension_Evasion Block Low 7 4 6
DNS_Windows_SMTP_MX_DoS Block Low 2 2 2
Image_ANI_RateNumber_DoS Block Low 2 1 1
TCP_Null_Scan Block Low 1 1 1
MOV_Container_Overflow Block Low 1 1 1
Berdasarkan hasil evaluasi dari log history dapat dilihat bahwa serangan-serangan
yang menyerang PT. XYZ-TD berstatus high severity terbanyak adalah
POP_Command_Overflow sebanyak 6289 serangan, serangan berstatus Medium severity
terbanyak adalah HTTP_repeated_character sebanyak 5405 serangan, dan serangan
berstatus low severity terbanyak adalah DCOM_SystemActivation_DoS sebanyak 164
serangan. Dengan adanya pemasangan sistem keamanan IPS, 18.530 serangan mampu
diblok yang membuat jaringan PT. XYZ-TD lebih aman dari serangan-serangan yang
dapat mengganggu kinerja perusahaan.
.
3. Kesimpulan
Berdasarkan hasil evaluasi dari implementasi infrastruktur keamanan jaringan
dengan penggunaan teknologi Intrusion Prevention System (IPS) pada PT. XYZ-TD,
maka dapat disimpulkan :
Penggunaan modul VLAN, Inter-VLAN-Routing dan ACL pada Cisco Switch dan Cisco Router akan mempermudah pekerjaan administrator jaringan dalam
melakukan pengelolaan dan pemeliharaan jaringan PT. XYZ-TD.
-
Dengan adanya Intrusion Prevention System (IPS) pada jaringan PT. XYZ-TD lebih dari 18.530 serangan mampu diblok, sehingga membuat jaringan PT. XYZ-TD lebih
aman.
-
Daftar Pustaka [1] Angelescu, S. (2010). CCNA Certification All-In-One for Dummies. Indianapolis: Wiley Publishing, Inc. [2] ISS X-Force. (2011, December 17). Apple Quicktime atom length detected (MOV_Container_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/MOV_Container_Overflow.htm
[3] ISS X-Force. (2011, December 17). HTML Script Extension Evasion (HTML_Script_Extension_Evasion). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTML_Script_Extension_Evasion.htm
[4] ISS X-Force. (2011, December 17). HTTP GET contains repeated characters (HTTP_repeated_character). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_repeated_character.htm
[5] ISS X-Force. (2011, December 17). HTTP POST contains malicious script (HTTP_POST_Script). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_POST_Script.htm
[6] ISS X-Force. (2011, December 17). ICMP Protocol Unreachable TCP denial of service (ICMP_Protocol_Unreachable_TCP). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/ICMP_Protocol_Unreachable_TCP.htm
[7] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name (Email_Executable_Extension). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Executable_Extension.htm
[8] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name (Email_Virus_Double_Extension). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Virus_Double_Extension.htm
[9] ISS X-Force. (2011, December 17). Mail message contains suspicious ZIP file (Email_Virus_Suspicious_Zip). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Virus_Suspicious_Zip.htm
[10]ISS X-Force. (2011, December 17). Microsoft ASP.NET Framework bypass security (HTTP_ASP_Security_Bypass). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_ASP_Security_Bypass.htm
[11]ISS X-Force. (2011, December 17). Microsoft Data Access Components (MDAC) broadcast request buffer overflow (SQL_SSRP_MDAC_Client_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/SQL_SSRP_MDAC_Client_Overflow.htm
-
[12]ISS X-Force. (2011, December 17). Microsoft Exchange iCal MODPROPS denial of service (Email_Calendar_Code_Exec). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Calendar_Code_Exec.htm
[13]ISS X-Force. (2011, December 17). Microsoft IIS Cross-Site Scripting (HTTP Cross site scripting). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_Cross_Site_Scripting.htm
[14]ISS X-Force. (2011, December 17). Microsoft Internet Explorer JPEG image buffer overflow (Image_JPEG_IE_Size_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_JPEG_IE_Size_Overflow.htm
[15]ISS X-Force. (2011, December 17). Microsoft Windows 2000 and XP RPC race condition (MSRPC_Race_Heap_Overflow). Retrieved December 19, 2011, from www.iss.net: MSRPC_Race_Heap_Overflow
[16]ISS X-Force. (2011, December 17). Microsoft Windows ANI file zero rate number overflow denial of service (Image_ANI_RateNumber_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_ANI_RateNumber_DoS.htm
[16]ISS X-Force. (2011, December 17). Microsoft Windows DNS client data string buffer overflow (DNS_RDATA_String_BO). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/DNS_RDATA_String_BO.htm
[17]ISS X-Force. (2011, December 17). Microsoft Windows JPEG buffer overflow (Image_JPEG_Tag_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_JPEG_Tag_Overflow.htm
[18]ISS X-Force. (2011, December 17). Microsoft Windows RPCSS Service RPC message can cause denial of service (DCOM_SystemActivation_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/DCOM_SystemActivation_DoS.htm
[19]ISS X-Force. (2011, December 17). Microsoft Windows Server Service RPC code execution (MSRPC_Srvsvc_Path_Bo). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/MSRPC_Srvsvc_Path_Bo.htm
[20]ISS X-Force. (2011, December 17). Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service (DNS_Windows_SMTP_MX_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/DNS_Windows_SMTP_MX_DoS.htm
-
[21]ISS X-Force. (2011, December 17). NCSA httpd allows remote users to execute commands (HTTP_GET_Very_Long). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_GET_Very_Long.htm
[22]ISS X-Force. (2011, December 17). Oracle9i Application Server Web Cache HTTP Request Method buffer overflow (HTTP_Oracle_WebCache_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_Oracle_WebCache_Overflow.htm
[23]ISS X-Force. (2011, December 17). Polycom ViewStation password is blank (Telnet_Polycom_Blank_Password). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Telnet_Polycom_Blank_Password.htm
[24]ISS X-Force. (2011, December 17). Qpopper contains a buffer overflow that could allow root access (POP_Command_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/POP_Command_Overflow.htm
[25]ISS X-Force. (2011, December 17). Smurf denial of service (Smurf_Attack). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Smurf_Attack.htm
[26]ISS X-Force. (2011, December 17). SQL Slammer worm propagation (SQL_SSRP_Slammer_Worm). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/SQL_SSRP_Slammer_Worm.htm
[27]ISS X-Force. (2011, December 17). SSLV2 Client Hello Overflow (SSL_Challenge_Length_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/SSL_Challenge_Length_Overflow.htm
[28]ISS X-Force. (2011, December 17). SunOS can be crashed with malformed UDP packets (UDP_Bomb). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/UDP_Bomb.htm
[29]ISS X-Force. (2011, December 17). TCP Half scan (Stealth scan) (TCP null scan). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/TCP_Null_Scan.htm
[30]ISS X-Force. (2011, December 17). Yahoo! Messenger victimID buffer overflow (YahooMSG_UserID_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/YahooMSG_UserID_Overflow.htm
[31]Rob Payne, K. M. (2003). Cisco certified internetwork expert: study guide (2nd Edition ed.). California: SYBEX Inc.
[32]Tanenbaum, A. S. (2003). Computer Network (4th edition ed.). New Jersey: Prentice Hall.
-
ANALYSIS, DESIGN, DAN IMPLEMENTATION NETWORK
INFRASTRUCTURE SECURITY WITH IPS TECHNOLOGY AT PT. XYZ-TD
Christophorus Calvin Halim Binus University, Jakarta, DKI Jakarta, Indonesia
and
Jan Dicky Chandra Binus University, Jakarta, DKI Jakarta, Indonesia
Abstract
Currently, the network infrastructure must be accompanied by a security system to prevent damage to existing systems in the company because of a cracker or a virus that can penetrate corporate networks. Therefore, it has been carried out analysis of PT. XYZ-TD network infrastructure and do design, and implementation of new network infrastructure by adding technology Intrusion Prevention System (IPS) as a security tool for PT. XYZ-TD. The method used is the analytical methodology, by conducting direct observation to determine the characteristics of the PT. XYZ-TD network infrastructure is being run, and the methodology PDIOO (Planning, Design, Implementation, Operation and Optimization) in doing the design and implementation. The results obtained are implemented design for PT. XYZ-TD network infrastructure. The use of module VLAN, Inter-VLAN-Routing and ACL facilitate PT. XYZ-TD network administrator in doing maintenance and management of the network. In addition, the installation of IPS also makes the PT. XYZ-TD network to be more secure against attack from outside or from within. That way there are problems in PT. XYZ-TD can be resolved.
Kata kunci : Intrusion Preventiom System, Network Infrastructure Security, PT. XYZ-TD
-
1. Introduction
Development of information technology is increasingly growing, especially
computer networks at this time has become one of the most fundamental thing in a
company. It can be seen from the use of computer networks has become a basic
requirement for any company, whether large or medium companies. Computer network
technology has become an important key in the era of globalization and information
technology.
PT. XYZ-TD is a company engaged in trading and distribution offices in Jakarta
and one subsidiary company of PT. XYZ. PT. XYZ-TD is developing information
technology to support and improve business processes. Based on information received
from the IT staff at PT. XYZ-TD, there are some problems in the network infrastructure
systems. PT. XYZ-TD would like to replace the entire network infrastructure with an
infrastructure design that much better. This is because the old network system using only
one segment, so if there are attacks that enter into the corporate network could cause
problems for all users who connect to the corporate network.
In addition, PT. XYZ-TD just bought a solution ERP (Enterprise Resource
Planning) is used to improve the quality of work and the marketability of its marketing
staff. Application of this solution must be activated for 24 hours, because if not accessible
in some time, it will disrupt the business processes which will indirectly reduce the profit
of the company. Therefore so requires a tool capable of maintaining network security and
ERP applications on PT. XYZ-TD with the use of Intrusion Prevention System (IPS) as a
solution to minimize the problems on their network security.
In the process, IPS is an information technology to improve network security that
can prevent crackers and viruses that can not attack the PT. XYZ-TD network. Early
-
emergence of IPS came from IDS (Intrusion Detection System) which only serves to
detect suspicious activity in a network system and perform analysis and look for evidence
of experimental intrusion/infiltration. Since the number of threats to the companies
network IDS to IPS is developing technology that serves to identify the network from
malicious activity, logging information, block or stop, and report these dangerous
activities.
With the development of network technology that exist at present, it is undeniable
that network security becomes a matter that should be taken into account. PT. Seraphim
Digital Technology as a company offering IT solutions, especially in the field of view of
network security that can help to minimize the threat and both internal and external
attacks that could disrupt the flow of business. This technology is very interesting to
discuss because it deals with issues that often arise in computer networks, especially in
network security, network security system with which the IPS technology is expected to
maintain the network infrastructure in the future. Therefore, in this paper will discuss the
analysis, design, and implementation of network security infrastructure with IPS
technology in collaboration with IT staff PT. Seraphim Digital Technology for the PT.
XYZ-TD and its evaluation.
2. Metodologi
The scope of research includes analysis of the old network system of PT. XYZ-
TD, design and implementation of new networks that are structured as well as
installing safety devices on the network IPS PT. XYZ-TD. The discussion is carried
out include the following:
- Analysis
- Design
-
- Evaluation
2.1. Analysis
At that time the network topology, can be seen in Figure 2. still use the router box
and use the patch panel and there is no security tools to keep your corporate network,
and there are still external servers that join the internal server. So in the design of
new network topologies will be using Cisco switches and routers Cisco 1Gb
manageable so that the network easier to manage and maintain, and use IBM's
Intrusion Prevention System made to secure the network from attacks. The use of
Cisco switches and Cisco routers in the network topology due to the new Cisco is
one of the best products in the field of computer network, except that more engineers
who have Cisco certifications in the appeal of other products, making it easier to find
someone who could take over management of switches and routers is used. The use
of technology made by IBM Intrusion Prevention System which as a network
security tool for IPS products made by IBM is a reliable and PT. Seraphim Digital
Technology is a distributor of IPS made by IBM.
Figure 2.1 PT.XYZ-TD Network Topology
-
2.2. Design
To maintain security on the old network structure PT.XYZ-TD, then made
the design of new network infrastructure that can support the company's
performance and as a result of solving the problem of identifying problems
before. Here is a topology design of network security infrastructure at the PT.
XYZ-TD:
Figure 2.2 PT.XYZ-TD New Design
2.3. Evaluation
To evaluate the implementation of the IPS security system on PT. XYZ-TD, we
took this log history one week after the installation of security systems IPS. The following
table lists blocked attacks:
Table 2.1 Log History
-
TagName Status SeverityEventCount
SourceCount
TargetCount
POP_Command_Overflow Block High 6289 95 5
MSRPC_Srvsvc_Path_Bo Block High 494 35 252
SSL_Challenge_Length_Overflow Block High 48 1 2
HTTP_Oracle_WebCache_Overflow Block High 45 3 14
Telnet_Polycom_Blank_Password Block High 33 1 17
MSRPC_Race_Heap_Overflow Block High 32 2 15
SQL_SSRP_Slammer_Worm Block High 30 8 3
Email_Virus_Suspicious_Zip Block High 28 9 3
SQL_SSRP_MDAC_Client_Overflow Block High 20 1 2
DNS_RDATA_String_BO Block High 12 4 5
Image_JPEG_Tag_Overflow Block High 9 5 4
Email_Calendar_Code_Exec Block High 4 3 2
Image_JPEG_IE_Size_Overflow Block High 1 1 1
HTTP_repeated_character Block Medium 5405 158 66
Smurf_Attack Block Medium 4350 2 21
Email_Executable_Extension Block Medium 1495 93 76
HTTP_POST_Script Block Medium 31 6 5
YahooMSG_UserID_Overflow Block Medium 13 1 1
ICMP_Protocol_Unreachable_TCP Block Medium 5 3 1
HTTP_Cross_Site_Scripting Block Medium 4 4 3
HTTP_GET_Very_Long Block Medium 2 2 2
Email_Virus_Double_Extension Block Medium 1 1 1
HTTP_ASP_Security_Bypass Block Medium 1 1 1
UDP_Bomb Block Medium 1 1 1
DCOM_SystemActivation_DoS Block Low 164 1 2
HTML_Script_Extension_Evasion Block Low 7 4 6
DNS_Windows_SMTP_MX_DoS Block Low 2 2 2
Image_ANI_RateNumber_DoS Block Low 2 1 1
TCP_Null_Scan Block Low 1 1 1
-
MOV_Container_Overflow Block Low 1 1 1
Based on the evaluation of the history log can be seen that the attacks that attack
the PT. XYZ-TD status of high severity is POP_Command_Overflow as much as 6289
most attacks, Medium severity status as most are HTTP_repeated_character 5405 attacks,
and attacks low-status is the highest severity DCOM_SystemActivation_DoS as much as
164 attacks. With the installation of security systems IPS, 18 530 attacks can be blocked to
create a network of PT. XYZ-TD is more secure from attacks that could disrupt the
company's performance.
3. Conclusion
Based on the evaluation of the implementation of network security infrastructure
with the use of Intrusion Prevention System (IPS) at PT. XYZ-TD, it can be concluded:
Use of module VLAN, Inter-VLAN-ACL on the Cisco Routing and Switch and Cisco Router will facilitate the work of network administrators in managing and
maintaining a network of PT. XYZ-TD.
With the Intrusion Prevention System (IPS) on the PT. XYZ-TD network more than 18.530 attacks can be blocked, making the PT. XYZ-TD network is more secure.
-
Daftar Pustaka [1] Angelescu, S. (2010). CCNA Certification All-In-One for Dummies. Indianapolis: Wiley Publishing, Inc. [2] ISS X-Force. (2011, December 17). Apple Quicktime atom length detected (MOV_Container_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/MOV_Container_Overflow.htm
[3] ISS X-Force. (2011, December 17). HTML Script Extension Evasion (HTML_Script_Extension_Evasion). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTML_Script_Extension_Evasion.htm
[4] ISS X-Force. (2011, December 17). HTTP GET contains repeated characters (HTTP_repeated_character). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_repeated_character.htm
[5] ISS X-Force. (2011, December 17). HTTP POST contains malicious script (HTTP_POST_Script). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_POST_Script.htm
[6] ISS X-Force. (2011, December 17). ICMP Protocol Unreachable TCP denial of service (ICMP_Protocol_Unreachable_TCP). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/ICMP_Protocol_Unreachable_TCP.htm
[7] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name (Email_Executable_Extension). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Executable_Extension.htm
[8] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name (Email_Virus_Double_Extension). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Virus_Double_Extension.htm
[9] ISS X-Force. (2011, December 17). Mail message contains suspicious ZIP file (Email_Virus_Suspicious_Zip). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Virus_Suspicious_Zip.htm
[10]ISS X-Force. (2011, December 17). Microsoft ASP.NET Framework bypass security (HTTP_ASP_Security_Bypass). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_ASP_Security_Bypass.htm
[11]ISS X-Force. (2011, December 17). Microsoft Data Access Components (MDAC) broadcast request buffer overflow (SQL_SSRP_MDAC_Client_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/SQL_SSRP_MDAC_Client_Overflow.htm
-
[12]ISS X-Force. (2011, December 17). Microsoft Exchange iCal MODPROPS denial of service (Email_Calendar_Code_Exec). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Email_Calendar_Code_Exec.htm
[13]ISS X-Force. (2011, December 17). Microsoft IIS Cross-Site Scripting (HTTP Cross site scripting). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_Cross_Site_Scripting.htm
[14]ISS X-Force. (2011, December 17). Microsoft Internet Explorer JPEG image buffer overflow (Image_JPEG_IE_Size_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_JPEG_IE_Size_Overflow.htm
[15]ISS X-Force. (2011, December 17). Microsoft Windows 2000 and XP RPC race condition (MSRPC_Race_Heap_Overflow). Retrieved December 19, 2011, from www.iss.net: MSRPC_Race_Heap_Overflow
[16]ISS X-Force. (2011, December 17). Microsoft Windows ANI file zero rate number overflow denial of service (Image_ANI_RateNumber_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_ANI_RateNumber_DoS.htm
[16]ISS X-Force. (2011, December 17). Microsoft Windows DNS client data string buffer overflow (DNS_RDATA_String_BO). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/DNS_RDATA_String_BO.htm
[17]ISS X-Force. (2011, December 17). Microsoft Windows JPEG buffer overflow (Image_JPEG_Tag_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Image_JPEG_Tag_Overflow.htm
[18]ISS X-Force. (2011, December 17). Microsoft Windows RPCSS Service RPC message can cause denial of service (DCOM_SystemActivation_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/DCOM_SystemActivation_DoS.htm
[19]ISS X-Force. (2011, December 17). Microsoft Windows Server Service RPC code execution (MSRPC_Srvsvc_Path_Bo). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/MSRPC_Srvsvc_Path_Bo.htm
[20]ISS X-Force. (2011, December 17). Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service (DNS_Windows_SMTP_MX_DoS). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/DNS_Windows_SMTP_MX_DoS.htm
-
[21]ISS X-Force. (2011, December 17). NCSA httpd allows remote users to execute commands (HTTP_GET_Very_Long). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_GET_Very_Long.htm
[22]ISS X-Force. (2011, December 17). Oracle9i Application Server Web Cache HTTP Request Method buffer overflow (HTTP_Oracle_WebCache_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/HTTP_Oracle_WebCache_Overflow.htm
[23]ISS X-Force. (2011, December 17). Polycom ViewStation password is blank (Telnet_Polycom_Blank_Password). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/Telnet_Polycom_Blank_Password.htm
[24]ISS X-Force. (2011, December 17). Qpopper contains a buffer overflow that could allow root access (POP_Command_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/POP_Command_Overflow.htm
[25]ISS X-Force. (2011, December 17). Smurf denial of service (Smurf_Attack). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/Smurf_Attack.htm
[26]ISS X-Force. (2011, December 17). SQL Slammer worm propagation (SQL_SSRP_Slammer_Worm). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/SQL_SSRP_Slammer_Worm.htm
[27]ISS X-Force. (2011, December 17). SSLV2 Client Hello Overflow (SSL_Challenge_Length_Overflow). Retrieved December 19, 2011, from http://www.iss.net: http://www.iss.net/security_center/reference/vuln/SSL_Challenge_Length_Overflow.htm
[28]ISS X-Force. (2011, December 17). SunOS can be crashed with malformed UDP packets (UDP_Bomb). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/UDP_Bomb.htm
[29]ISS X-Force. (2011, December 17). TCP Half scan (Stealth scan) (TCP null scan). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/TCP_Null_Scan.htm
[30]ISS X-Force. (2011, December 17). Yahoo! Messenger victimID buffer overflow (YahooMSG_UserID_Overflow). Retrieved December 19, 2011, from www.iss.net: http://www.iss.net/security_center/reference/vuln/YahooMSG_UserID_Overflow.htm
[31]Rob Payne, K. M. (2003). Cisco certified internetwork expert: study guide (2nd Edition ed.). California: SYBEX Inc.
[32]Tanenbaum, A. S. (2003). Computer Network (4th edition ed.). New Jersey: Prentice Hall.
