Implementasi dan Analisis Profil Sistem Pada Virtualisasi Paloalto Firewall Berdasarkan Metrik Sumber Daya Komputasi

Authors

  • Ni Made Meliana Listyawati Telkom University, Bandung
  • Adityas Widjajarto Telkom University, Bandung
  • M Teguh Kurniawan Telkom University, Bandung

DOI:

https://doi.org/10.30865/json.v4i1.4780

Keywords:

Computing Resources, Paloalto, Profiling, Testing, Virtualization

Abstract

On the security aspect, it is necessary to know how effectively a firewall can protect network devices from DDoS attacks. The characteristics of a firewall have different functions in protecting the system from various external attacks that can attack and retrieve data. In this research, the implementation of Paloalto firewall virtualization aims to obtain the system profile function on the firewall based on the use of computing resources. Profiling of the firewall system of this experiment based on the consumption of computing resources in load testing. This experiment used a DDoS SYN flood attack on Kali Linux as an attacker and a virtualization Paloalto firewall that protects a web server on Ubuntu Server as an attack target. This research distinguished based on two test scenarios, namely based on testing the service HTTP allow and service HTTP block with Paloalto memory specifications at RAM 5.5 GB and RAM 8 GB specifications. Measurements were made based on computing resources on CPU, memory, and a session focused on before, during, and after DDoS SYN flood attacks. The pattern of usage of computing resources tends to be linear when a DDoS SYN flood attack occurs. The experimental results obtained on the highest use of computing resources during the attack were CPU usage with an average percentage of 95.8% and the second increase was in memory usage with an average percentage of 44%, and the session usage was 138682. For further research, it can use variations of DDoS attacks to get a wider profile.

References

M. R. Kamal and M. A. Setiawan, “Deteksi Anomali dengan Security Information and Event Management ( SIEM ) Splunk pada Jaringan UII,†Automata, no. 4, 2021.

C. Sheth and R. Thakker, “Performance Evaluation and Comparison of Network Firewalls under DDoS Attack,†Int. J. Comput. Netw. Inf. Secur., vol. 5, no. 12, pp. 60–67, 2013, doi: 10.5815/ijcnis.2013.12.08.

N. Beigi-Mohammadi, C. Barna, M. Shtern, H. Khazaei, and M. Litoiu, “CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds,†2016 12th Int. Conf. Netw. Serv. Manag. CNSM 2016 Work. 3rd Int. Work. Manag. SDN NFV, ManSDN/NFV 2016, Int. Work. Green ICT Smart Networking, GISN 2016, pp. 136–143, 2017, doi: 10.1109/CNSM.2016.7818409.

K. Neupane, R. Haddad, and L. Chen, “Next Generation Firewall for Network Security : A Survey,†SoutheastCon 2018, pp. 1–6.

R. E. Kahn, “The Organization of Computer Resources into a Packet Radio Network,†IEEE Trans. Commun., vol. 25, no. 1, pp. 169–178, 1977, doi: 10.1109/TCOM.1977.1093714.

A. A. ASTARI, “ImplemenTasi Keamanan Jaringan Dengan Metode Firewall Filtering Menggunakan Mikrotik,†Simki-Techsain Vol. 02 No. 01 Tahun 2018 ISSN 2599-3011, vol. 02, no. 01, 2018.

S. Gold, “The future of the firewall,†Netw. Secur., vol. 2011, no. 2, pp. 13–15, 2011, doi: 10.1016/S1353-4858(11)70015-0.

A. H. Dar, B. Habib, F. Khurshid, and M. T. Banday, “Experimental analysis of DDoS attack and it’s detection in Eucalyptus private cloud platform,†2016 Int. Conf. Adv. Comput. Commun. Informatics, ICACCI 2016, pp. 1718–1724, 2016, doi: 10.1109/ICACCI.2016.7732295.

F. Adhi Purwaningrum, A. Purwanto, E. Agus Darmadi, P. Tri Mitra Karya Mandiri Blok Semper Jomin Baru, and C. -Karawang, “Optimalisasi Jaringan Menggunakan Firewall,†vol. 2, no. 3, pp. 17–23, 2018.

C. Confidential, “Palo Alto Networks Administrator ’ ’ s Guide,†in Networks, 2015, pp. 1–338.

M. A. Ridho and M. Arman, “Analisis Serangan DDoS Menggunakan Metode Jaringan Saraf Tiruan,†J. Sisfokom (Sistem Inf. dan Komputer), vol. 9, no. 3, pp. 373–379, 2020, doi: 10.32736/sisfokom.v9i3.945.

K. Dhiatama Ayunda et al., “Implementation and Analysis ModSecurity on Web-Based Application with OWASP Standards,†Jurnal.Mdp.Ac.Id, vol. 8, no. 3, pp. 1638–1650, 2021, [Online]. Available: https://jurnal.mdp.ac.id/index.php/jatisi/article/view/1223.

F. H. Hsu, Y. L. Hwang, C. Y. Tsai, W. T. Cai, C. H. Lee, and K. W. Chang, “TRAP: A Three-way handshake server for TCP connection establishment,†Appl. Sci., vol. 6, no. 11, 2016, doi: 10.3390/app6110358.

Fahmi Bagaskara Perdana, M. . Dr. Ir. Rendy Munadi, and M. . Arif Indra Irawan, S.T., “Implementasi Sistem Keamanan Jaringan Menggunakan Suricata Dan Ntopng,†e-Proceeding Eng., vol. 6, no. 2, p. 4080, 2019.

D. Makrushin, “Ampli cation Techniques of Stress Testing using Third Party Services Load and stress testing,†no. January, 2021.

M. K. Sriani, “Arsitektur Dan Organisasi Komputer,†Arsit. Dan Organ. Komput., pp. 19–22, 2020.

Downloads

Published

2022-09-30

How to Cite

Listyawati, N. M. M., Widjajarto, A., & Kurniawan, M. T. (2022). Implementasi dan Analisis Profil Sistem Pada Virtualisasi Paloalto Firewall Berdasarkan Metrik Sumber Daya Komputasi. Jurnal Sistem Komputer Dan Informatika (JSON), 4(1), 112–122. https://doi.org/10.30865/json.v4i1.4780

Issue

Vol. 4 No. 1 (2022): September 2022

Section

Articles