X PENERAPAN STATEFUL FIREWALL PADA ARSITEKTUR DUAL- HOMED HOST (STUDI KASUS : PT PLN(PERSERO) APL MAMPANG) Skripsi Sebagai Salah

Total Page:16

File Type:pdf, Size:1020Kb

X PENERAPAN STATEFUL FIREWALL PADA ARSITEKTUR DUAL- HOMED HOST (STUDI KASUS : PT PLN(PERSERO) APL MAMPANG) Skripsi Sebagai Salah PENERAPAN STATEFUL FIREWALL PADA ARSITEKTUR DUAL- HOMED HOST (STUDI KASUS : PT PLN(PERSERO) APL MAMPANG) Skripsi Sebagai Salah Satu Syarat Untuk Memperoleh Gelar Sarjana Komputer (S.Kom) Oleh ARIEFATI WIRATAMA NIM: 104091002861 PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS SAINS DAN TEKNOLOGI UNIVERSITAS ISLAM NEGERI SYARIF HIDAYATULLAH JAKARTA 2010 M./1431 H. x PENERAPAN STATEFUL FIREWALL PADA ARSITEKTUR DUAL- HOMED HOST (STUDI KASUS : PT PLN(PERSERO) APL MAMPANG) Skripsi Sebagai Salah Satu Syarat Untuk Memperoleh Gelar Sarjana Komputer Fakultas Sains dan Teknologi Universitas Islam Negeri Syarif Hidayatullah Jakarta Oleh ARIEFATI WIRATAMA 104091002861 PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS SAINS DAN TEKNOLOGI UNIVERSITAS ISLAM NEGERI SYARIF HIDAYATULLAH JAKARTA 2010 M/1431 H xi PENERAPAN STATEFUL FIREWALL PADA ARSITEKTUR DUAL- HOMED HOST (STUDI KASUS : PT PLN(PERSERO) APL MAMPANG) Skripsi Sebagai Salah Satu Syarat Untuk Memperoleh Gelar Sarjana Komputer Fakultas Sains dan Teknologi Universitas Islam Negeri Syarif Hidayatullah Jakarta Oleh : Ariefati Wiratama 104091002861 Menyetujui, Pembimbing I, Pembimbing II, Arini, M.T M.Eng. Victor Amrizal, M.Kom NIP. 19760131 200901 2 001 NIP. 150 411 288 Mengetahui, Ketua Program Studi Teknik Informatika Yusuf Durrachman, M.Sc, MIT NIP. 19710522 200604 1 002 xii PENGESAHAN UJIAN Skripsi yang berjudul ”PENERAPAN STATEFULL FIREWALL PADA ARSITEKTUR DUAL-HOMED HOST (Studi Kasus : PT. PLN(PERSRO) APL Mampang)” telah diuji dan dinyatakan lulus dalam sidang munaqosah Fakultas Sains dan Teknologi, Universitas Islam Negeri Syarif Hidayatullah Jakarta. Pada ”Hari”, XX Juni 2010. Skripsi ini telah diterima sebagai salah satu syarat untuk memperoleh gelar sarjana strata satu (S1) program studi Teknik Informatika Jakarta, Juni 2010 Menyetujui, Penguji I, Penguji II, Husni Teja Sukmana, Ph.D Herlino Nanang, MT NIP. 1977103 200112 1 03 NIP.19731209 200501 1 002 Pembimbing I, Pembimbing II, Arini, MT, M.Eng. Victor Amrizal, M.Kom NIP. 19760131 200901 2 001 NIP. 150 411 288 Mengetahui, Dekan, Fakultas Sains dan Teknologi Ketua Program Studi, Teknik Informatika DR. Syopiansyah Jaya Putra, M. Sis Yusuf Durrachman, MIT NIP. 19680117 200112 1 001 NIP. 19710522 200604 1 002 xiii PERNYATAAN DENGAN INI SAYA MENYATAKAN BAHWA SKRIPSI INI BENAR – BENAR HASIL KARYA SENDIRI YANG BELUM PERNAH DIAJUKAN SEBAGAI SKRIPSI ATAU KARYA ILMIAH PADA PERGURUAN TINGGI ATAU LEMBAGA MANAPUN. Jakarta, Juni 2010 Ariefati Wiratama NIM. 104091002861 xiv ABSTRAK Ariefati Wiratama. Penerapan Statefull Firewall pada Arsitektur Dual-Homed Host. Dibimbing oleh ARINI dan VICTOR AMRIZAL Keamanan jaringan merupakan kebutuhan yang penting bagi personal terlebih lagi perusahaan. Minimnya fungsi dari personal firewall dan mahalnya sebuah hardware firewall ini lah yang menjadi kendala dalam penerapan suatu firewall. IPCop merupakan suatu statefull firewall yang memfilter dari layer transport sampai layer application. IPCop diterapkan pada arsitektur firewall dual-homed host yang menggunakan sedikitnya 2NIC pada sebuah PC. IPCop, juga bertindak sebagai proxy yang transparan sebagai gateway untuk mengakses layanan internet dan melakukan access-control kepada user. Di dalam penelitian ini pembangunan sistem terdiri dari beberapa elemen yang mendefinisikan fase, tahapan, langkah, atau mekanisme proses spesifik. Tahapan dalam pembangunan ini terdiri dari analisis, desain, simulasi prototipe, pengamatan/monitoring, dan manajemen. Firewall diuji dengan akses konten internet yang diblokir dan port scanning. Hasil pengujian menunjukkan bahwa penerapan statefull firewall yang menggunakan arsitektur dual-homed host pada PT.PLN(PERSERO) APL Mampang dapat berjalan dengan baik sebagai firewall yang mudah dikonfigurasi untuk mengamankan jaringan. Kata kunci : stateful firewall, dual-homed host, IPCop xv KATA PENGANTAR Assalamu¶alaikum Warahmatullahi Wabarakatuh Segala puji kehadirat Allah SWT yang telah memberikan nikmat iman, nikmat islam, dan nikmat hidup sehingga penulis dapat menyelesaikan skripsi ini dengan baik. Shalawat dan salam semoga tetap tercurahkan kepada suri tauladan kita Rasulullah Muhammad SAW yang telah berhasil membawa manusia ke dalam dunia yang penuh peradaban. Amin. Skripsi merupakan salah satu tugas wajib mahasiswa sebagai persyaratan untuk menyelesaikan program studi Strata 1 (S1) di Universitas Islam Negeri Syarif Hidayatullah Jakarta. Sejauh ini penulis menyadari sepenuhnya masih banyak kekurangan-kekurangan pada skripsi ini, yang disebabkan karena terbatasnya kemampuan dan pengetahuan yang penulis miliki, Dalam penyusunan skripsi ini, penulis mendapat bimbingan dan bantuan dari berbagai pihak, oleh karena itu perkenankanlah pada kesempatan ini penulis mengucapkan terima kasih kepada : 1. DR. Syopiansyah Jaya Putra, M.Sis, selaku Dekan Fakultas Sains dan Teknologi, Universitas Islam Negeri Syarif Hidayatullah Jakarta 2. DR. Yusuf Durrachman, MIT selaku Ketua Program Studi Teknik Informatika. 3. Arini, MT, M.Eng dan Victor Amrizal, M.Kom, selaku Pembimbing I dan Pembimbing II, yang secara kooperatif, penuh kesabaran memberikan nasihat xvi dan saran-saran berharga secara bijak dan membantu membimbing penulis dalam penyelesaian skripsi ini. 4. Seluruh Dosen Program Studi Teknik Informatika yang tidak dapat penulis sebutkan satu persatu, terima kasih atas pengajaran dan ilmunya yang bermanfaat bagi penulis. 5. Staf karyawan Fakultas Sains dan Teknologi dan Prodi TI, yang telah banyak membantu penulis dalam hal administrasi di kampus. 6. Manajer PT. PLN PERSERO APL Mampang, beserta seluruh staff yang telah banyak membantu penulis dalam penelitian di lapangan. Akhir kata semoga skripsi ini bermanfaat bagi penulis khususnya dan bagi para pembaca umumnya, sebagai manusia dengan segala kerendahan hati, penulis menyadari bahwa skripsi ini masih jauh dari kesempurnaan. Saran dan kritik yang konstruktif dari pembaca sangat penulis harapkan. Semoga pembaca memperoleh tambahan pengetahuan setelah membacanya. Wassalamu¶alaikum Warahmatullahi Wabarakatuh Jakarta, Juni 2010 Penulis xvii LEMBAR PERSEMBAHAN Skripsi ini khusus penulis persembahkan kepada pihak-pihak yang telah memberikan dukungan baik secara moril maupun materil dalam menyelesaikan penelitian skripsi ini , diantaranya adalah : 1. Orang tua tercinta, Ayahanda H. Zainal Fanani dan Ibunda Hj. Yulia Herliyanti, yang telah menunggu penulis menyelesaikan kuliah dengan penuh kesabaran dan kasih sayang, yang selalu memberikan nasehat, bimbingan dan motivasi. Semoga Allah selalu melimpahkan rahmat dan ampunan-Nya kepada Ayahanda dan Ibunda. Amin 2. Adik–adikku, Renaldi Fardani dan Egi Yunandi yang sering mengingatkan penulis untuk rajin mengerjakan skripsi dengan menanyakan kapan penulis lulus. 3. Ulul Azmi, yang telah mendampingi penulis selama penulisan skripsi ini dan tidak bosan-bosannya menanyakan tentang skripsi penulis setiap hari serta memberikan dorongan, motivasi, bantuan dan semangat kepada penulis. 4. Sahabat – sahabatku semua, Insan, Hirzi, Razka, Udin, Arie, Sidik, Fajar, Edoy, Taufiq terima kasih untuk motivasi, inspirasi dan bantuan kalian selama ini, semoga persahabatan ini adalah awal dari persaudaraan kita kedepannya, dan tetap semangat untuk mewujudkan semua cita-cita kita. xviii 5. Teman – teman TI UIN Syarif Hidayatullah khususnya TIC angkatan 2004 senang sekali bisa mengenal kalian selama lebih dari 5 tahun ini, semoga kita selalu sukses kedepannya dan terus terjalin persaudaraan kita. xix DAFTAR ISI Lembar Judul .................................................................................................. i Lembar Persetujuan Pembimbing .................................................................. ii Lembar Pengesahan Ujian ............................................................................. iii Lembar Pernyataan ........................................................................................ iv Abstrak ..................................................................................................... v Kata Pengantar ............................................................................................... vi Lembar Persembahan ..................................................................................... viii Daftar Isi ........................................................................................................ x Daftar Gambar ................................................................................................ xiv Daftar Tabel ................................................................................................... xvii Daftar Lampiran ............................................................................................. xviii BAB I PENDAHULUAN ............................................................................. 1 1.1. Latar Belakang .................................................................................. 1 1.2. Perumusan Masalah........................................................................... 2 1.3. Batasan Masalah ............................................................................... 3 1.4. Tujuan dan Manfaat Penulisan ......................................................... 4 1.5. Metoe Penelitian ............................................................................... 5 1.5.1. Metode Pengumpulan Data .................................................... 5 1.5.2. Metode Pembangunan Sistem …............................................ 5 1.6. Sistematika Penulisan ....................................................................... 7
Recommended publications
  • Physical Or Virtual Firewall for Perimeter Protection in Cloud Computer Infrastructure
    16th INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS & TECHNOLOGY MANAGEMENT - CONTECSI - 2019 DOI: 10.5748/16CONTECSI/ITM-6115 PHYSICAL OR VIRTUAL FIREWALL FOR PERIMETER PROTECTION IN CLOUD COMPUTER INFRASTRUCTURE Thiago Mello Valcesia - IPT - Instituto de Pesquisas Tecnológicas - [email protected] Antonio Luiz Rigo - IPT - Instituto de Pesquisas Tecnológicas - [email protected] SUMMARY This article presents an examination of the different types of firewalls geared toward protecting Datacenters. The idea is to perform a survey of the different ways of installation, the safety perceived by customers, the positive and negative points of each model and the market trends for perimeter protection. In addition, it is intended to categorize rules, protection filters, application inspection criteria and services offered by firewalls, by analyzing the various protection schemes available in firewalls, regardless of the structure as a service in Cloud adopted. Keywords: Physical firewall, Virtual firewall, Cloud firewall, Security, Cloud Computing. INTRODUCTION The term Digital Security is increasingly present in our daily lives. The need to protect computers or prevent corporate networks from receiving unnecessary traffic, improper access, and unknown packets, coupled with the concern of professional information security staff about content accessed by Internet users, make data control a vital task. Firewall is much more than a "fire wall" isolating the company network from the external world represented by the Internet. The Firewall function is therefore essential to raise the level of security of the internal environment, protecting it from external attacks, increasing security and reducing the vulnerability of the local network. There are currently three Firewall alternatives to install on enterprise networks that aggregate cloud network segments: 1.
    [Show full text]
  • Exploiting Cloud Management Services As an Information Leakage Channel
    I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel Hyunwook Baek∗ Eric Eide [email protected] [email protected] University of Utah University of Utah Salt Lake City, UT, USA Salt Lake City, UT, USA Robert Ricci Jacobus Van der Merwe [email protected] [email protected] University of Utah University of Utah Salt Lake City, UT, USA Salt Lake City, UT, USA ABSTRACT Though there has been much study of information leakage chan- nels exploiting shared hardware resources (memory, cache, and disk) in cloud environments, there has been less study of the ex- ploitability of shared software resources. In this paper, we analyze the exploitability of cloud networking services (which are shared among cloud tenants) and introduce a practical method for build- ing information leakage channels by monitoring workloads on the cloud networking services through the virtual firewall. We also demonstrate the practicality of this attack by implementing two different covert channels in OpenStack as well as a new classof side channels that can eavesdrop on infrastructure-level events. By utilizing a Long Short-Term Memory (LSTM) neural network model, our side channel attack could detect infrastructure level VM creation/termination events with 93.3% accuracy. CCS CONCEPTS • Security and privacy → Distributed systems security; Fire- walls; • Computer systems organization → Cloud computing; • Networks → Cloud computing; Figure 1: Resource sharing of two requests KEYWORDS cloud management, cloud security, side channel, OpenStack 1 INTRODUCTION However, shared resources also cause interference among cloud tenants and can even be exploited as information leakage channels Resource sharing is a fundamental part of cloud computing.
    [Show full text]
  • Who Is Ivan Pepelnjak (@Ioshints)
    Virtual Firewalls Ivan Pepelnjak ([email protected]) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) • Networking engineer since 1985 • Focus: real-life deployment of advanced technologies • Chief Technology Advisor @ NIL Data Communications • Consultant, blogger (blog.ioshints.info), book and webinar author • Teaching “Scalable Web Application Design” at University of Ljubljana Current interests: • Large-scale data centers and network virtualization • Networking solutions for cloud computing • Scalable application design • Core IP routing/MPLS, IPv6, VPN 2 © ipSpace.net / NIL Data Communications 2013 Virtual Firewalls Virtualization Webinars on ipSpace.net Coming in 2013 Coming in 2013 vSphere 5 Update Overlay Virtual Networking Coming in 2013 Virtual Firewalls OpenFlow and SDN Use Cases VXLAN Deep Dive OpenFlow VMware Networking Cloud Computing Networking Introduction to Virtualized Networking Availability Other options • Live sessions • Customized webinars • Recordings of individual webinars • ExpertExpress • Yearly subscription • On-site workshops 3 InterMore© ipSpace.net- DCinformation /FCoE NIL Data Communications has @ very2013 http://www.ipSpace.net/Webinars limitedVirtual use Firewalls and requires no bridging Firewalls Used To Be Easy Packet filters Application-level firewalls (WAF) Firewalls Stateful Load firewalls balancers? 4 © ipSpace.net / NIL Data Communications 2013 Virtual Firewalls Routed or Bridged? Routed (inter-subnet) Transparent (bridged) • Packet filtering and IP routing • Packet filtering and bridging
    [Show full text]
  • The Virtual Firewall
    The Virtual Firewall Vassilis Prevelakis Computer Science Department Drexel University 1. Introduction The trend towards portable computing means that the traditional security perimeter architecture (where a firewall protects computers in the LAN by controlling access to the outside world) is rapidly becoming obsolete. This has resulted in a number of products described as “personal firewalls” that control that computer’s access to the network and hence can protect it in the same way as a traditional firewall. Existing systems such as Windows and most Unix and Unix-like systems already provide security features that can be used to implement firewall functionality on every machine. However, the difficulty of securing general purpose operating systems has im- peded the widespread use of this approach. Moreover, it is difficult to ensure that a secured sys- tem remains secure after the user has had the opportunity to install software and perform recon- figurations and upgrades. Recognizing the futility of attempting to secure the user machines themselves, in [Prev03, Denk99] the authors proposed the use of a portable “shrink-wrapped” firewall. This was a sepa- rate machine running an embedded system that included firewall capabilities and was intended to be placed between the general purpose computer and the network. The problem of securing the firewall became much simpler as it utilized a special-purpose firewall platform with a highly controlled architecture. Sadly, the proposal saw limited adoption because carrying around yet another device is expensive and inconvenient. To make matters worse, if the external device is lost or damaged the user will be presented with a dilemma: remain disconnected from the net- work until the firewall box is replaced, or accept the risk and connect the laptop directly to the unprotected network.
    [Show full text]
  • Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions
    This is the author’s version of an article that has been published in IEEE Transactions on Network and Service Management. Changes were made to this version by the publisher prior to publication. The final version of record is available at https://doi.org/10.1109/TNSM.2019.2941128. The source code associated with this project is available at https://github.com/doriguzzi/pess-security. Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions Roberto Doriguzzi-Corinα, Sandra Scott-Haywardβ, Domenico Siracusaα, Marco Saviα, Elio Salvadoriα αCREATE-NET, Fondazione Bruno Kessler - Italy β CSIT, Queen’s University Belfast - Northern Ireland Abstract—A promising area of application for Network Func- connected to the network through an automated and logically tion Virtualization is in network security, where chains of Virtual centralized management system. Security Network Functions (VSNFs), i.e., security-specific virtual functions such as firewalls or Intrusion Prevention Systems, The centralized management system, called NFV Manage- can be dynamically created and configured to inspect, filter ment and Orchestration (NFV MANO), controls the whole or monitor the network traffic. However, the traffic handled life-cycle of each VNF. In addition, the NFV MANO can by VSNFs could be sensitive to specific network requirements, dynamically provision complex network services in the form such as minimum bandwidth or maximum end-to-end latency. of sequences (often called chains) of VNFs. Indeed, Network Therefore, the decision on which VSNFs should apply for a given application, where to place them and how to connect them, Service Chaining (NSC) is a technique for selecting subsets should take such requirements into consideration.
    [Show full text]
  • Escribe Agenda Package
    BOARD OF COMMISSIONERS REVISED MEETING AGENDA January 11, 2021, 5:30 PM Virtual Meeting Held in Accordance with Public Act 254 of 2020 Zoom Virtual Meeting Meeting ID: 399-700-0062 / Password: LCBOC https://zoom.us/j/3997000062?pwd=SUdLYVFFcmozWnFxbm0vcHRjWkVIZz09 "The mission of Livingston County is to be an effective and efficient steward in delivering services within the constraints of sound fiscal policy. Our priority is to provide mandated services which may be enhanced and supplemented to improve the quality of life for all who work, reside and recreate in Livingston County." Pages 1. CALL MEETING TO ORDER 2. MOMENT OF SILENT REFLECTION 3. PLEDGE OF ALLEGIANCE TO THE FLAG 4. ROLL CALL 5. CORRESPONDENCE 3 a. Wexford County Resolution 20-30 In Support of Local Business 6. CALL TO THE PUBLIC 7. APPROVAL OF MINUTES 5 a. Minutes of Meeting Dated: January 4, 2021 b. Minutes of Meeting Dated: January 6, 2021 c. Closed Session Minutes Dated: January 6, 2021 8. TABLED ITEMS FROM PREVIOUS MEETINGS 9. APPROVAL OF AGENDA 10. REPORTS a. COVID-19 Vaccination Update Dianne McCormick, Public Health Officer 11. APPROVAL OF CONSENT AGENDA ITEMS Resolutions 2020-01-004 through 2020-01-008 a. 2021-01-004 12 Resolution Approving the Commissioner Assignments to Committees for 2021 – Board of Commissioners b. 2021-01-005 13 Resolution Authorizing the Approval of an EMS collections charge. c. 2021-01-006 15 Resolution Authorizing a Clinical Training Affiliation Agreement with Pittsfield Twp Fire Department to Provide Clinical Internship Services - Emergency Medical Services d. 2021-01-007 20 Resolution Authorizing the Purchase of a Five-Year CISCO Flex Subscription for the County’s Phone System from Logicalis Inc.
    [Show full text]
  • Implementation and Evaluation of Virtual Network Functions Performance in the Home Environment
    Implementation and Evaluation of Virtual Network Functions Performance in the Home Environment Clive Burke Faculty of Computing Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of MSc in EE with focus on Telecommunication Systems. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author: Clive Burke E-mail: [email protected] University advisor: Kurt Tutschku Department of Communication Systems (DIKO) Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE-371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 i ABSTRACT Networks Functions Virtualization in a Home environment is being discussed and trialed extensively. People mention that it is a “game changer”. The main purpose of this thesis is to prove virtualization works and is better than existing home network environments. In the Related Works section we explore other topics which relate to what we set out to achieve. There are some interesting related works which we describe here, mainly SoftEther and OpenWRT. Taking both subjects together, try to get them working with each other to achieve a Virtual Dynamic Host Control Protocol, VDHCP server. We also explore another important topic on how to tether a Linux Customer Premises Equipment, CPE, for IP Service Delivery. A thesis completed in BTH was also reviewed. This discusses the various different VPN solutions available to use in today’s Internet. The next chapter in my thesis, Methodology, will describe how we designed, implemented and configured a system to achieve Virtualizing a Network Function in the Home Environment, more specifically DHCP.
    [Show full text]
  • A Model-Based Approach Towards Real-Time Analytics in NFV Infrastructures Raffaele Bolla, Roberto Bruschi, Franco Davoli and Jane Frances Pajo
    1 A Model-based Approach Towards Real-time Analytics in NFV Infrastructures Raffaele Bolla, Roberto Bruschi, Franco Davoli and Jane Frances Pajo Abstract—Network Functions Virtualization (NFV) has Contrary to the special-purpose hardware mostly deployed recently gained much popularity in the research scene for within classical network infrastructures, lower performance the flexibility and programmability that it will bring with the and energy efficiency are intrinsic to COTS hardware. While software implementation of network functions on commercial off- the-shelf (COTS) hardware. To substantiate its roll out, a number the Advanced Configuration and Power Interface (ACPI) of issues (e.g., COTS’ inherent performance and energy efficiency, specification [2] equips most – if not all – of it with power virtualization overhead, etc.) must be addressed, in a scalable and management mechanisms (e.g., Low Power Idle (LPI) and sustainable manner. Numerous works in the scientific literature Adaptive Rate (AR)), power savings come in trade-off manifest the strong correlation of network key performance with performance degradation [3]. Moreover, virtualization indicators (KPIs) with the burstiness of the traffic. This paper proposes a novel model-based analytics approach for profiling typically adds extra layer(s) in the networking stack that result virtualized network function (VNF) workloads, towards real-time in additional processing delays, further lowering the perfor- estimation of network KPIs (specifically, power and latency), mance. For a given amount of workload, VNFs may consume based on an MX/G/1/SET queueing model that captures both the even more energy than their physical counterparts [4]. workload burstiness and system setup times (caused by interrupt coalescing and power management actions).
    [Show full text]
  • Bab 1 Pendahuluan
    BAB 1 PENDAHULUAN 1.1 Latar Belakang Network Function Virtualization atau biasa yang disebut NFV merupakan sebuah konsep baru dalam mendesain, menyebarkan, dan mengelola sebuah layanan jaringan dengan cara pembuatan virtual sebuah perangkat jaringan dari yang sebelumnya berbentuk fisik atau perangkat keras sehingga dapat dipakai dan dipindahkan di berbagai lokasi jaringan yang diperlukan tanpa harus melakukan pemasangan alat baru. NFV memungkinkan beberapa perangkat jaringan dapat berjalan pada satu komputer. Perangkat – perangkat jaringan yang divirtualkan pada NFV disebut sebagai VNF (Virtual Network Function). Untuk menjalankan VNF dibutuhkan sebuah hypervisor yang mengatur manajemen hardware yang digunakan. Hypervisor atau yang dikenal sebagai virtual machine management dibagi menjadi 2 tipe, yaitu bare-metal hypervisor dan hosted hypervisor. Bare-metal hypevisor dapat berjalan langsung pada perangkat keras komputer sedangkan hosted hypervisor memerlukan operating system environment (OSE) untuk menjalankannya [1]. Salah satu contoh bare- metal hypervisor adalah XEN. Xen ProjectTM adalah platform virtualisasi open source yang mendukung beberapa cloud terbesar dalam produksi saat ini. Amazon Web Services, Aliyun, Rackspace Cloud Umum, Verizon Cloud dan banyak layanan hosting menggunakan software Xen [2]. Salah satu contoh VNF adalah virtual firewall. Kelebihan virtual firewall dibandingkan firewall fisik adalah mudah dikelola, dapat dipakai sesuai kebutuhan, dan efektivitas biaya [3]. Pada tugas akhir ini virtual firewall yang digunakan adalah OPNsense, pfSense, dan IPFire karena ketiga firewall tersebut bisa didapatkan secara gratis dan bersifat open source serta ketiga firewall tersebut dapat dikonfigurasi melalui web. pfSense merupakan firewall berbasis FreeBSD yang sangat populer untuk solusi keamanan serta user dapat melakukan modifikasi dan mudah dalam instalasi [4]. IPFire adalah sebuah distribusi Linux yang berfokus pada setup yang mudah, penanganan yang yang baik, dan tingkat keamanan yang tinggi [5].
    [Show full text]
  • Methods and Techniques for Dynamic Deployability of Software-Defined
    ALMA MATER STUDIORUM · UNIVERSITA` DI BOLOGNA Dottorato di Ricerca in Ingegneria Elettronica, Telecomunicazioni e Tecnologie dell’Informazione Ciclo XXXII Settore concorsuale: 09/F2 - TELECOMUNICAZIONI Settore scientifico disciplinare: ING-INF/03 - TELECOMUNICAZIONI METHODS AND TECHNIQUES FOR DYNAMIC DEPLOYABILITY OF SOFTWARE-DEFINED SECURITY SERVICES Presentata da: Roberto Doriguzzi Corin Coordinatore dottorato: Supervisori: Prof. Alessandra Costanzo Prof. Franco Callegati Dr. Domenico Siracusa Dipartimento di Ingegneria dell’Energia Elettrica e dell’Informazione “Guglielmo Marconi” Esame finale anno 2020 1 Abstract ith the recent trend of “network softwarisation”, enabled by emerging tech- W nologies such as Software-Defined Networking (SDN) and Network Func- tion Virtualisation (NFV), system administrators of data centres and enterprise net- works have started replacing dedicated hardware-based middleboxes with virtualised network functions running on servers and end hosts. This radical change has facili- tated the provisioning of advanced and flexible network services, ultimately helping system administrators and network operators to cope with the rapid changes in service requirements and networking workloads. This thesis investigates the challenges of provisioning network security services in “softwarised” networks, where the security of residential and business users can be provided by means of sets of software-based network functions running on high performance servers or on commodity compute devices. The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats and, at the same time, maximize the number of provisioned services, and thereby revenue. Specifically, the overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services, hence for increasing the chances for the operator to accommodate more service requests while respecting the desired level of network security of its customers.
    [Show full text]
  • Deliverable D3.2
    Ref. Ares(2016)3479770 - 15/07/2016 Converged Heterogeneous Advanced 5G Cloud-RAN Architecture for Intelligent and Secure Media Access Project no. 671704 Research and Innovation Action Co-funded by the Horizon 2020 Framework Programme of the European Union Call identifier: H2020-ICT-2014-1 Topic: ICT-14-2014 - Advanced 5G Network Infrastructure for the Future Internet Start date of project: July 1st, 2015 Deliverable D3.2 Initial 5G multi-provider v-security realization: Orchestration and Management Due date: 30/06/2016 Submission date: 15/07/2016 Deliverable leader: I2CAT Editor: Shuaib Siddiqui (i2CAT) Reviewers: Konstantinos Filis (COSMOTE), Oriol Riba (APFUT), and Michael Parker (UESSEX) Dissemination Level PU: Public PP: Restricted to other programme participants (including the Commission Services) RE: Restricted to a group specified by the consortium (including the Commission Services) CO: Confidential, only for members of the consortium (including the Commission Services) CHARISMA – D3.2 – v1.0 Page 1 of 145 List of Contributors Participant Short Name Contributor Fundació i2CAT I2CAT Shuaib Siddiqui, Amaia Legarrea, Eduard Escalona Demokritos NCSRD NCSRD Eleni Trouva, Yanos Angelopoulos APFutura APFUT Oriol Riba Innoroute INNO Andreas Foglar, Marian Ulbricht JCP-Connect JCP-C Yaning Liu University of Essex UESSEX Mike Parker, Geza Koczian, Stuart Walker Intracom ICOM Spiros Spirou, Konstantinos Katsaros, Konstantinos Chartsias, Dimitrios Kritharidis Ethernity ETH Eugene Zetserov Ericsson Ericsson Carolina Canales Altice Labs Altice Victor Marques Fraunhofer HHI HHI Kai Habel CHARISMA – D3.2 – v1.0 Page 2 of 145 Table of Contents List of Contributors ................................................................................................................ 2 1. Introduction ...................................................................................................................... 7 1.1. 5G network challenges: Security and Multi-tenancy ......................................................................... 7 1.2.
    [Show full text]
  • Finance Committee Agenda
    FINANCE COMMITTEE AGENDA January 6, 2021, 7:30 AM Virtual Meeting Held in Accordance with Public Act 254 of 2020 Zoom Virtual Meeting Meeting ID: 399-700-0062 / Password: LCBOC https://zoom.us/j/3997000062?pwd=SUdLYVFFcmozWnFxbm0vcHRjWkVIZz09 Pages 1. CALL MEETING TO ORDER 2. ROLL CALL 3. APPROVAL OF MINUTES 3 Meeting minutes dated: December 23, 2020 4. TABLED ITEMS FROM PREVIOUS MEETINGS 5. APPROVAL OF AGENDA 6. CALL TO THE PUBLIC 7. REPORTS 8. RESOLUTIONS FOR CONSIDERATION 8.1. Human Resources 8 Resolution Approving the Tentative Agreement between the Livingston County Board of Commissioners and the Union Representing 911 Dispatchers 8.2. Emergency Medical Services 19 Resolution Authorizing the Approval of an EMS collections charge. 8.3. Emergency Medical Services 21 Resolution Authorizing a Clinical Training Affiliation Agreement with Pittsfield Twp Fire Department to Provide Clinical Internship Services 8.4. Information Technology 26 Resolution Authorizing the Purchase of a Five-Year CISCO Flex Subscription for the County’s Phone System from Logicalis Inc. 8.5. Information Technology 33 Resolution Authorizing the Purchase of Cyber Security Enhancements and Replacements from Palo Alto Networks 9. CLAIMS Dated: January 6, 2021 10. PREAUTHORIZED Dated: December 18 through December 30, 2020 11. CALL TO THE PUBLIC 12. ADJOURNMENT Agenda Page 2 of 116 FINANCE COMMITTEE MEETING MINUTES December 23, 2020, 7:30 a.m. Virtual Meeting Held in Accordance with Public Act 228 of 2020 Zoom Virtual Meeting Meeting ID: 399-700-0062 / Password: LCBOC https://zoom.us/j/3997000062?pwd=SUdLYVFFcmozWnFxbm0vcHRjWkVIZz09 Members Present Kate Lawrence, Douglas Helzerman, William Green, Wes Nakagiri, Jay Drick, Robert Bezotte, Carol Griffith, Jay Gross, and Gary Childs 1.
    [Show full text]