Infrastructure as Code (IaC) Design for Network Security Automation: Hardening Mikrotik-Based Router
Article Sidebar
Read Counter : 460
Download : 334
Main Article Content
Abstract
The router plays an important role in managing data packet traffic in the network infrastructure, so its role is central and crucial. Disruption of Router functions by cyber-attacks will have a direct impact on the quality of Information Technology (IT) services in the network as a whole. Therefore, it is necessary to harden the router to protect it from cyber-attacks. But on the other side, securing (Hardening) Router also often encounters several obstacles and challenges, such as configuration errors or configuration processes that are repeated and tend to consume a lot of time and energy, especially if there are a lot of devices configured. By using the PPDIOO method, this study aims to design Infrastructure as Code (IaC) which focuses on MikroTik-based Router Hardening through an automation process. The results obtained were that all IaC designs had been successfully implemented through the automation process and no errors had been encountered. The total duration of hardening through automation was 4 minutes 28 seconds. The results of the system security test showed that the router was successfully protected and no vulnerabilities were encountered.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The proposed policy for journals that offer open access
Authors who publish with this journal agree to the following terms:
- Copyright on any article is retained by the author(s).
- Author grant the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
- The article and any associated published material is distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
References
Agus, I. P., & Pratama, E. (2021). Infrastructure as Code (IaC) Menggunakan OpenStack untuk Kemudahan Pengoperasian Jaringan Cloud Computing (Studi Kasus: Smart City di Provinsi Bali) Infrastructure as Code (IaC) Using OpenStack for Ease of Operation of Cloud Computing Network (Case Study . Jurnal Ilmu Pengetahuan dan Teknologi Komunikasi, 23(1), 93–105.
Akin, T. (2002). Hardening Cisco Routers (J. Sumser (ed.)). O’Reilly Media.
Bahnasse, A., Bensalah, F., Louhab, F. E., Khiat, A., Khiat, Y., & Talea, M. (2019). Automation of network simulation: concepts related to IPv4 and IPv6 convergence. Procedia Computer Science, 155(2018), 456–461. https://doi.org/10.1016/j.procs.2019.08.063
Ceron, J. M., Scholten, C., Pras, A., & Santanna, J. (2020). MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 1–9. https://doi.org/10.1109/NOMS47738.2020.9110336
Christanto, F. W., & Suprayogi, M. S. (2017). Pemantauan Sumber Daya Virtual Server pada Cloud Computing Universitas Semarang Menggunakan Network Monitoring System. Simetris : Jurnal Teknik Mesin, Elektro dan Ilmu Komputer, 8(2), 629. https://doi.org/10.24176/simet.v8i2.1555
CISA. (2020). Security Tip (ST18-001) Securing Network Infrastructure Devices. CISA. https://www.cisa.gov/uscert/ncas/tips/ST18-001
Dalla Palma, S., Di Nucci, D., Palomba, F., & Tamburri, D. A. (2020). Toward a catalog of software quality metrics for infrastructure code. Journal of Systems and Software, 170, 110726. https://doi.org/10.1016/j.jss.2020.110726
Dalla Palma, S., Di Nucci, D., & Tamburri, D. A. (2020). AnsibleMetrics: A Python library for measuring Infrastructure-as-Code blueprints in Ansible. SoftwareX, 12, 100633. https://doi.org/10.1016/j.softx.2020.100633
Haeruddin, H. (2021). Analisa dan Implementasi Sistem Keamanan Router Mikrotik dari Serangan Winbox Exploitation, Brute-Force, DoS. JURNAL MEDIA INFORMATIKA BUDIDARMA, 5(3), 848. https://doi.org/10.30865/mib.v5i3.2979
Haris, A. I., Riyanto, B., Surachman, F., & Ramadhan, A. A. (2022). Analisis Pengamanan Jaringan Menggunakan Router Mikrotik dari Serangan DoS dan Pengaruhnya Terhadap Performansi. Komputika : Jurnal Sistem Komputer, 11(1), 67–76. https://doi.org/10.34010/komputika.v11i1.5227
Hariyadi, I. P., & Marzuki, K. (2020). Implementation Of Configuration Management Virtual Private Server Using Ansible. MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, 19(2), 347–357. https://doi.org/10.30812/matrik.v19i2.724
Islami, M. F., Musa, P., & Lamsani, M. (2020). Implementation of Network Automation using Ansible to Configure Routing Protocol in Cisco and Mikrotik Router with Raspberry PI. Jurnal Ilmiah Komputasi, 19(2), 127–134. https://doi.org/10.32409/jikstik.19.2.80
Jeni Rahman, Azhari, M. L., Tamba, S. R., Ramadhan, A. N., Fakhriyah, I., Hilmi, M. A., Hartadi, E. E., & Kristallia, R. (2022). Laporan Tahunan Hasil Monitoring Keamanan Siber Tahun 2021.
Khumaidi, A. (2021). Implementation of DevOps Method for Automation of Server Management Using Ansible. Jurnal Transformatika, 18(2), 199. https://doi.org/10.26623/transformatika.v18i2.2447
Kokuryo, S., Kondo, M., & Mizuno, O. (2020). An Empirical Study of Utilization of Imperative Modules in Ansible. Proceedings - 2020 IEEE 20th International Conference on Software Quality, Reliability, and Security, QRS 2020, 442–449. https://doi.org/10.1109/QRS51102.2020.00063
MikroTik. (2019). Manual: Securing Your Router. Wiki MikroTik. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
Mohd Fuzi, M. F., Abdullah, K., Abd Halim, I. H., & Ruslan, R. (2021). Network Automation using Ansible for EIGRP Network. Journal of Computing Research and Innovation, 6(4), 59–69. https://doi.org/10.24191/jcrinn.v6i4.237
Pambudi, R., & Muslim, M. A. (2017). Implementasi Policy Base Routing dan Failover Menggunakan Router Mikrotik untuk Membagi Jalur Akses Internet di FMIPA Unnes. Jurnal Teknologi dan Sistem Komputer, 5(2), 57. https://doi.org/10.14710/jtsiskom.5.2.2017.57-61
Perera, H. M. D. G. V., Samarasekara, K. M., Hewamanna, I. U. K., Kasthuriarachchi, D. N. W., Abeywardena, K. Y., & Yapa, K. (2021). NetBot - An Automated Router Hardening Solution for Small to Medium Enterprises. 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 0015–0021. https://doi.org/10.1109/IEMCON53756.2021.9623186
Pratama, M. A. A., & Hariyadi, I. P. (2021). Otomasi Manajemen dan Pengawasan Linux Container (LCX) Pada Proxmox VE Menggunakan Ansible. Jurnal Bumigora Information Technology (BITe), 3(1), 82–95. https://doi.org/10.30812/bite.v3i1.807
Rifki Afandi, M., Hatta, P., Efendi, A., Kunci-Otomatisasi Jaringan, K., Komputer, L., & Jaringan, P. (2020). Otomatisasi Perangkat Jaringan Komputer Menggunakan Ansible Pada Laboratorium Komputer. SMARTICS Journal, 6(2), 48–53.
Spichkova, M., Li, B., Porter, L., Mason, L., Lyu, Y., & Weng, Y. (2020). VM2: Automated security configuration and testing of virtual machine images. Procedia Computer Science, 176, 3610–3617. https://doi.org/10.1016/j.procs.2020.09.025
Swastika, I. M. B., & Atitama, I. G. O. G. (2017). Otomatisasi Konfigurasi Mikrotik Router Menggunakan Software Ansible. Internet of Think (IoT) & Big Data : Teknologi, Tantangan dan Peluang, 495–502.
Tantoni, A., Ashari, M., & Zaen, M. T. A. (2020). Analisis Dan Implementasi Jaringan Komputer Brembuk.Net Sebagai Rt/Rw.Net Untuk Mendukung E-Commerce Pada Desa Masbagik Utara. MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, 19(2), 312–320. https://doi.org/10.30812/matrik.v19i2.591
Wilkins, S. (2011). Cisco’s PPDIOO Network Cycle. Cisco Press. https://www.ciscopress.com/articles/article.asp?p=1697888