Infrastructure as Code (IaC) Design for Network Security Automation: Hardening Mikrotik-Based Router

Main Article Content

Arief Indriarto Haris
Rd. Angga Ferianda

Abstract

The router plays an important role in managing data packet traffic in the network infrastructure, so its role is central and crucial. Disruption of Router functions by cyber-attacks will have a direct impact on the quality of Information Technology (IT) services in the network as a whole. Therefore, it is necessary to harden the router to protect it from cyber-attacks. But on the other side, securing (Hardening) Router also often encounters several obstacles and challenges, such as configuration errors or configuration processes that are repeated and tend to consume a lot of time and energy, especially if there are a lot of devices configured. By using the PPDIOO method, this study aims to design Infrastructure as Code (IaC) which focuses on MikroTik-based Router Hardening through an automation process. The results obtained were that all IaC designs had been successfully implemented through the automation process and no errors had been encountered. The total duration of hardening through automation was 4 minutes 28 seconds. The results of the system security test showed that the router was successfully protected and no vulnerabilities were encountered.

Dimensions

Article Details

How to Cite
Haris, A. I., & Ferianda, R. A. (2023). Infrastructure as Code (IaC) Design for Network Security Automation: Hardening Mikrotik-Based Router. Jurnal Pekommas, 8(1). https://doi.org/10.30818/jpkm.v8i1.4936
Section
Informatics

References

Agus, I. P., & Pratama, E. (2021). Infrastructure as Code (IaC) Menggunakan OpenStack untuk Kemudahan Pengoperasian Jaringan Cloud Computing (Studi Kasus: Smart City di Provinsi Bali) Infrastructure as Code (IaC) Using OpenStack for Ease of Operation of Cloud Computing Network (Case Study . Jurnal Ilmu Pengetahuan dan Teknologi Komunikasi, 23(1), 93–105.

Akin, T. (2002). Hardening Cisco Routers (J. Sumser (ed.)). O’Reilly Media.

Bahnasse, A., Bensalah, F., Louhab, F. E., Khiat, A., Khiat, Y., & Talea, M. (2019). Automation of network simulation: concepts related to IPv4 and IPv6 convergence. Procedia Computer Science, 155(2018), 456–461. https://doi.org/10.1016/j.procs.2019.08.063

Ceron, J. M., Scholten, C., Pras, A., & Santanna, J. (2020). MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 1–9. https://doi.org/10.1109/NOMS47738.2020.9110336

Christanto, F. W., & Suprayogi, M. S. (2017). Pemantauan Sumber Daya Virtual Server pada Cloud Computing Universitas Semarang Menggunakan Network Monitoring System. Simetris : Jurnal Teknik Mesin, Elektro dan Ilmu Komputer, 8(2), 629. https://doi.org/10.24176/simet.v8i2.1555

CISA. (2020). Security Tip (ST18-001) Securing Network Infrastructure Devices. CISA. https://www.cisa.gov/uscert/ncas/tips/ST18-001

Dalla Palma, S., Di Nucci, D., Palomba, F., & Tamburri, D. A. (2020). Toward a catalog of software quality metrics for infrastructure code. Journal of Systems and Software, 170, 110726. https://doi.org/10.1016/j.jss.2020.110726

Dalla Palma, S., Di Nucci, D., & Tamburri, D. A. (2020). AnsibleMetrics: A Python library for measuring Infrastructure-as-Code blueprints in Ansible. SoftwareX, 12, 100633. https://doi.org/10.1016/j.softx.2020.100633

Haeruddin, H. (2021). Analisa dan Implementasi Sistem Keamanan Router Mikrotik dari Serangan Winbox Exploitation, Brute-Force, DoS. JURNAL MEDIA INFORMATIKA BUDIDARMA, 5(3), 848. https://doi.org/10.30865/mib.v5i3.2979

Haris, A. I., Riyanto, B., Surachman, F., & Ramadhan, A. A. (2022). Analisis Pengamanan Jaringan Menggunakan Router Mikrotik dari Serangan DoS dan Pengaruhnya Terhadap Performansi. Komputika : Jurnal Sistem Komputer, 11(1), 67–76. https://doi.org/10.34010/komputika.v11i1.5227

Hariyadi, I. P., & Marzuki, K. (2020). Implementation Of Configuration Management Virtual Private Server Using Ansible. MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, 19(2), 347–357. https://doi.org/10.30812/matrik.v19i2.724

Islami, M. F., Musa, P., & Lamsani, M. (2020). Implementation of Network Automation using Ansible to Configure Routing Protocol in Cisco and Mikrotik Router with Raspberry PI. Jurnal Ilmiah Komputasi, 19(2), 127–134. https://doi.org/10.32409/jikstik.19.2.80

Jeni Rahman, Azhari, M. L., Tamba, S. R., Ramadhan, A. N., Fakhriyah, I., Hilmi, M. A., Hartadi, E. E., & Kristallia, R. (2022). Laporan Tahunan Hasil Monitoring Keamanan Siber Tahun 2021.

Khumaidi, A. (2021). Implementation of DevOps Method for Automation of Server Management Using Ansible. Jurnal Transformatika, 18(2), 199. https://doi.org/10.26623/transformatika.v18i2.2447

Kokuryo, S., Kondo, M., & Mizuno, O. (2020). An Empirical Study of Utilization of Imperative Modules in Ansible. Proceedings - 2020 IEEE 20th International Conference on Software Quality, Reliability, and Security, QRS 2020, 442–449. https://doi.org/10.1109/QRS51102.2020.00063

MikroTik. (2019). Manual: Securing Your Router. Wiki MikroTik. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

Mohd Fuzi, M. F., Abdullah, K., Abd Halim, I. H., & Ruslan, R. (2021). Network Automation using Ansible for EIGRP Network. Journal of Computing Research and Innovation, 6(4), 59–69. https://doi.org/10.24191/jcrinn.v6i4.237

Pambudi, R., & Muslim, M. A. (2017). Implementasi Policy Base Routing dan Failover Menggunakan Router Mikrotik untuk Membagi Jalur Akses Internet di FMIPA Unnes. Jurnal Teknologi dan Sistem Komputer, 5(2), 57. https://doi.org/10.14710/jtsiskom.5.2.2017.57-61

Perera, H. M. D. G. V., Samarasekara, K. M., Hewamanna, I. U. K., Kasthuriarachchi, D. N. W., Abeywardena, K. Y., & Yapa, K. (2021). NetBot - An Automated Router Hardening Solution for Small to Medium Enterprises. 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 0015–0021. https://doi.org/10.1109/IEMCON53756.2021.9623186

Pratama, M. A. A., & Hariyadi, I. P. (2021). Otomasi Manajemen dan Pengawasan Linux Container (LCX) Pada Proxmox VE Menggunakan Ansible. Jurnal Bumigora Information Technology (BITe), 3(1), 82–95. https://doi.org/10.30812/bite.v3i1.807

Rifki Afandi, M., Hatta, P., Efendi, A., Kunci-Otomatisasi Jaringan, K., Komputer, L., & Jaringan, P. (2020). Otomatisasi Perangkat Jaringan Komputer Menggunakan Ansible Pada Laboratorium Komputer. SMARTICS Journal, 6(2), 48–53.

Spichkova, M., Li, B., Porter, L., Mason, L., Lyu, Y., & Weng, Y. (2020). VM2: Automated security configuration and testing of virtual machine images. Procedia Computer Science, 176, 3610–3617. https://doi.org/10.1016/j.procs.2020.09.025

Swastika, I. M. B., & Atitama, I. G. O. G. (2017). Otomatisasi Konfigurasi Mikrotik Router Menggunakan Software Ansible. Internet of Think (IoT) & Big Data : Teknologi, Tantangan dan Peluang, 495–502.

Tantoni, A., Ashari, M., & Zaen, M. T. A. (2020). Analisis Dan Implementasi Jaringan Komputer Brembuk.Net Sebagai Rt/Rw.Net Untuk Mendukung E-Commerce Pada Desa Masbagik Utara. MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, 19(2), 312–320. https://doi.org/10.30812/matrik.v19i2.591

Wilkins, S. (2011). Cisco’s PPDIOO Network Cycle. Cisco Press. https://www.ciscopress.com/articles/article.asp?p=1697888