Implementasi dan Analisis Profil Sistem Pada Virtualisasi Paloalto Firewall Berdasarkan Metrik Sumber Daya Komputasi
DOI:
https://doi.org/10.30865/json.v4i1.4780Keywords:
Computing Resources, Paloalto, Profiling, Testing, VirtualizationAbstract
On the security aspect, it is necessary to know how effectively a firewall can protect network devices from DDoS attacks. The characteristics of a firewall have different functions in protecting the system from various external attacks that can attack and retrieve data. In this research, the implementation of Paloalto firewall virtualization aims to obtain the system profile function on the firewall based on the use of computing resources. Profiling of the firewall system of this experiment based on the consumption of computing resources in load testing. This experiment used a DDoS SYN flood attack on Kali Linux as an attacker and a virtualization Paloalto firewall that protects a web server on Ubuntu Server as an attack target. This research distinguished based on two test scenarios, namely based on testing the service HTTP allow and service HTTP block with Paloalto memory specifications at RAM 5.5 GB and RAM 8 GB specifications. Measurements were made based on computing resources on CPU, memory, and a session focused on before, during, and after DDoS SYN flood attacks. The pattern of usage of computing resources tends to be linear when a DDoS SYN flood attack occurs. The experimental results obtained on the highest use of computing resources during the attack were CPU usage with an average percentage of 95.8% and the second increase was in memory usage with an average percentage of 44%, and the session usage was 138682. For further research, it can use variations of DDoS attacks to get a wider profile.
References
M. R. Kamal and M. A. Setiawan, “Deteksi Anomali dengan Security Information and Event Management ( SIEM ) Splunk pada Jaringan UII,†Automata, no. 4, 2021.
C. Sheth and R. Thakker, “Performance Evaluation and Comparison of Network Firewalls under DDoS Attack,†Int. J. Comput. Netw. Inf. Secur., vol. 5, no. 12, pp. 60–67, 2013, doi: 10.5815/ijcnis.2013.12.08.
N. Beigi-Mohammadi, C. Barna, M. Shtern, H. Khazaei, and M. Litoiu, “CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds,†2016 12th Int. Conf. Netw. Serv. Manag. CNSM 2016 Work. 3rd Int. Work. Manag. SDN NFV, ManSDN/NFV 2016, Int. Work. Green ICT Smart Networking, GISN 2016, pp. 136–143, 2017, doi: 10.1109/CNSM.2016.7818409.
K. Neupane, R. Haddad, and L. Chen, “Next Generation Firewall for Network Security : A Survey,†SoutheastCon 2018, pp. 1–6.
R. E. Kahn, “The Organization of Computer Resources into a Packet Radio Network,†IEEE Trans. Commun., vol. 25, no. 1, pp. 169–178, 1977, doi: 10.1109/TCOM.1977.1093714.
A. A. ASTARI, “ImplemenTasi Keamanan Jaringan Dengan Metode Firewall Filtering Menggunakan Mikrotik,†Simki-Techsain Vol. 02 No. 01 Tahun 2018 ISSN 2599-3011, vol. 02, no. 01, 2018.
S. Gold, “The future of the firewall,†Netw. Secur., vol. 2011, no. 2, pp. 13–15, 2011, doi: 10.1016/S1353-4858(11)70015-0.
A. H. Dar, B. Habib, F. Khurshid, and M. T. Banday, “Experimental analysis of DDoS attack and it’s detection in Eucalyptus private cloud platform,†2016 Int. Conf. Adv. Comput. Commun. Informatics, ICACCI 2016, pp. 1718–1724, 2016, doi: 10.1109/ICACCI.2016.7732295.
F. Adhi Purwaningrum, A. Purwanto, E. Agus Darmadi, P. Tri Mitra Karya Mandiri Blok Semper Jomin Baru, and C. -Karawang, “Optimalisasi Jaringan Menggunakan Firewall,†vol. 2, no. 3, pp. 17–23, 2018.
C. Confidential, “Palo Alto Networks Administrator ’ ’ s Guide,†in Networks, 2015, pp. 1–338.
M. A. Ridho and M. Arman, “Analisis Serangan DDoS Menggunakan Metode Jaringan Saraf Tiruan,†J. Sisfokom (Sistem Inf. dan Komputer), vol. 9, no. 3, pp. 373–379, 2020, doi: 10.32736/sisfokom.v9i3.945.
K. Dhiatama Ayunda et al., “Implementation and Analysis ModSecurity on Web-Based Application with OWASP Standards,†Jurnal.Mdp.Ac.Id, vol. 8, no. 3, pp. 1638–1650, 2021, [Online]. Available: https://jurnal.mdp.ac.id/index.php/jatisi/article/view/1223.
F. H. Hsu, Y. L. Hwang, C. Y. Tsai, W. T. Cai, C. H. Lee, and K. W. Chang, “TRAP: A Three-way handshake server for TCP connection establishment,†Appl. Sci., vol. 6, no. 11, 2016, doi: 10.3390/app6110358.
Fahmi Bagaskara Perdana, M. . Dr. Ir. Rendy Munadi, and M. . Arif Indra Irawan, S.T., “Implementasi Sistem Keamanan Jaringan Menggunakan Suricata Dan Ntopng,†e-Proceeding Eng., vol. 6, no. 2, p. 4080, 2019.
D. Makrushin, “Ampli cation Techniques of Stress Testing using Third Party Services Load and stress testing,†no. January, 2021.
M. K. Sriani, “Arsitektur Dan Organisasi Komputer,†Arsit. Dan Organ. Komput., pp. 19–22, 2020.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).
