Implementasi dan Analisis Profil Sistem Pada Virtualisasi Paloalto Firewall Berdasarkan Metrik Sumber Daya Komputasi

 (*)Ni Made Meliana Listyawati Mail (Telkom University, Bandung, Indonesia)
 Adityas Widjajarto (Telkom University, Bandung, Indonesia)
 M Teguh Kurniawan (Telkom University, Bandung, Indonesia)

(*) Corresponding Author

Submitted: September 2, 2022; Published: September 30, 2022

Abstract

On the security aspect, it is necessary to know how effectively a firewall can protect network devices from DDoS attacks. The characteristics of a firewall have different functions in protecting the system from various external attacks that can attack and retrieve data. In this research, the implementation of Paloalto firewall virtualization aims to obtain the system profile function on the firewall based on the use of computing resources. Profiling of the firewall system of this experiment based on the consumption of computing resources in load testing. This experiment used a DDoS SYN flood attack on Kali Linux as an attacker and a virtualization Paloalto firewall that protects a web server on Ubuntu Server as an attack target. This research distinguished based on two test scenarios, namely based on testing the service HTTP allow and service HTTP block with Paloalto memory specifications at RAM 5.5 GB and RAM 8 GB specifications. Measurements were made based on computing resources on CPU, memory, and a session focused on before, during, and after DDoS SYN flood attacks. The pattern of usage of computing resources tends to be linear when a DDoS SYN flood attack occurs. The experimental results obtained on the highest use of computing resources during the attack were CPU usage with an average percentage of 95.8% and the second increase was in memory usage with an average percentage of 44%, and the session usage was 138682. For further research, it can use variations of DDoS attacks to get a wider profile.

Keywords


Computing Resources; Paloalto; Profiling; Testing; Virtualization

Full Text:

PDF


Article Metrics

Abstract view : 60 times
PDF - 26 times

References

M. R. Kamal and M. A. Setiawan, “Deteksi Anomali dengan Security Information and Event Management ( SIEM ) Splunk pada Jaringan UII,” Automata, no. 4, 2021.

C. Sheth and R. Thakker, “Performance Evaluation and Comparison of Network Firewalls under DDoS Attack,” Int. J. Comput. Netw. Inf. Secur., vol. 5, no. 12, pp. 60–67, 2013, doi: 10.5815/ijcnis.2013.12.08.

N. Beigi-Mohammadi, C. Barna, M. Shtern, H. Khazaei, and M. Litoiu, “CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds,” 2016 12th Int. Conf. Netw. Serv. Manag. CNSM 2016 Work. 3rd Int. Work. Manag. SDN NFV, ManSDN/NFV 2016, Int. Work. Green ICT Smart Networking, GISN 2016, pp. 136–143, 2017, doi: 10.1109/CNSM.2016.7818409.

K. Neupane, R. Haddad, and L. Chen, “Next Generation Firewall for Network Security : A Survey,” SoutheastCon 2018, pp. 1–6.

R. E. Kahn, “The Organization of Computer Resources into a Packet Radio Network,” IEEE Trans. Commun., vol. 25, no. 1, pp. 169–178, 1977, doi: 10.1109/TCOM.1977.1093714.

A. A. ASTARI, “ImplemenTasi Keamanan Jaringan Dengan Metode Firewall Filtering Menggunakan Mikrotik,” Simki-Techsain Vol. 02 No. 01 Tahun 2018 ISSN 2599-3011, vol. 02, no. 01, 2018.

S. Gold, “The future of the firewall,” Netw. Secur., vol. 2011, no. 2, pp. 13–15, 2011, doi: 10.1016/S1353-4858(11)70015-0.

A. H. Dar, B. Habib, F. Khurshid, and M. T. Banday, “Experimental analysis of DDoS attack and it’s detection in Eucalyptus private cloud platform,” 2016 Int. Conf. Adv. Comput. Commun. Informatics, ICACCI 2016, pp. 1718–1724, 2016, doi: 10.1109/ICACCI.2016.7732295.

F. Adhi Purwaningrum, A. Purwanto, E. Agus Darmadi, P. Tri Mitra Karya Mandiri Blok Semper Jomin Baru, and C. -Karawang, “Optimalisasi Jaringan Menggunakan Firewall,” vol. 2, no. 3, pp. 17–23, 2018.

C. Confidential, “Palo Alto Networks Administrator ’ s Guide,” in Networks, 2015, pp. 1–338.

M. A. Ridho and M. Arman, “Analisis Serangan DDoS Menggunakan Metode Jaringan Saraf Tiruan,” J. Sisfokom (Sistem Inf. dan Komputer), vol. 9, no. 3, pp. 373–379, 2020, doi: 10.32736/sisfokom.v9i3.945.

K. Dhiatama Ayunda et al., “Implementation and Analysis ModSecurity on Web-Based Application with OWASP Standards,” Jurnal.Mdp.Ac.Id, vol. 8, no. 3, pp. 1638–1650, 2021, [Online]. Available: https://jurnal.mdp.ac.id/index.php/jatisi/article/view/1223.

F. H. Hsu, Y. L. Hwang, C. Y. Tsai, W. T. Cai, C. H. Lee, and K. W. Chang, “TRAP: A Three-way handshake server for TCP connection establishment,” Appl. Sci., vol. 6, no. 11, 2016, doi: 10.3390/app6110358.

Fahmi Bagaskara Perdana, M. . Dr. Ir. Rendy Munadi, and M. . Arif Indra Irawan, S.T., “Implementasi Sistem Keamanan Jaringan Menggunakan Suricata Dan Ntopng,” e-Proceeding Eng., vol. 6, no. 2, p. 4080, 2019.

D. Makrushin, “Ampli cation Techniques of Stress Testing using Third Party Services Load and stress testing,” no. January, 2021.

M. K. Sriani, “Arsitektur Dan Organisasi Komputer,” Arsit. Dan Organ. Komput., pp. 19–22, 2020.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Implementasi dan Analisis Profil Sistem Pada Virtualisasi Paloalto Firewall Berdasarkan Metrik Sumber Daya Komputasi

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Ni Made Meliana Listyawati, Adityas Widjajarto, M Teguh Kurniawan

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Jurnal Sistem Komputer dan Informatika (JSON)
Dikelola oleh STMIK Budi Darma
Sekretariat : Jln. Sisingamangaraja No. 338 Telp 061-7875998
email : jurnal.json@gmail.com


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.