ANALISIS SISTEM KEAMANAN JARINGAN VPN BERBASIS IPSec (IP Security) dan GRE (Generic Routing Encapsulation) SECURITY SYSTEM ANALYSIS OF IPSEC (IP Security ) and GRE (Generic Routing Encapsulation) BASED VPN

ABSTRAKSI: VPN (Virtual Private Network) merupakan suatu cara untuk membuat sebuah jaringan bersifat private dan aman dengan menggunakan jaringan publik misalnya internet. Jaringan publik yang digunakan saat ini sangat rentan terhadap ancaman keamanan seperti pencurian data, dan memberikan kerugian yang besar apabila data yang dicuri adalah data penting transaksi bisnis suatu perusahaan. Oleh karena itu, dibutuhkan jaringan yang tidak bisa diakses oleh publik. Data yang dilewatkan dienkapsulasi terlebih dahulu kemudian dienkripsi agar tidak terbaca ketika melewati jaringan publik karena harus melewati proses dekripsi.Dikenal tiga jenis VPN dalam implementasinya, yaitu trusted, secure, dan hybrid VPN [18]. Secure VPN adalah perpaduan teknologi tunneling dan enkripsi. Penggunaan enkripsi dalam teknologi VPN membuat VPN tidak dapat dibaca oleh pihak-pihak yang tidak berkepentingan karena harus melewati proses dekripsi terlebih dahulu.Implementasi jaringan VPN berbasis IPSec (Internet Protocol Security) dan GRE (Generic Routing Encapsulation) merupakan jenis VPN yang sering digunakan untuk membentuk jaringan yang bersifat private dan aman.Tujuan dari tugas akhir ini adalah bagaimana mengimplementasikan VPN berbasis IPSec dan VPN berbasis GRE, menganalisis pengaruh sniffing, disclosure attack dan SYN attack berdasarkan vulnerabillities jaringan terhadap layanan keamanan berupa data confidentiality, authentication dan availability. Di samping itu, akan dianalisis pengaruh dari penggunaan teknologi kriptografi tersebut terhadap parameter QoS yaitu delay dan throughput.Kata Kunci : Keamanan, VPN, IPSec, GRE , Sniffing, Disclosure attack, SYN attack, Delay, Throughput.ABSTRACT: VPN (Virtual Private Network) is a way to create a private and secure network by using public network such as the Internet. Public networks which are used today are vulnerable for security threats such as theft of data, and gives a great loss if the data stolen is an important data business transactions of an enterprise. Therefore, it required a network that is inaccessible to the public. First , data must be encapsulated and then encrypted so it can’t be read when passing through public network because they have to pass through the decryption process.There are three types of VPN, consist of trusted, secure, and hybrid VPN [18]. Secure VPN is a combination of tunneling and encryption technology. The use of encryption in VPN technology make a VPN can’t be read by unauthorized users because they have to pass through the decryption process first.Implementation of IPSec (Internet Protocol Security) and GRE (Generic Routing Encapsulation) based VPN is a type of VPN that is often used to build a private and secure network.The purposes are how to implement IPSec-based VPN and GRE-based VPN, to analyze the effect of sniffing, disclosure attack and SYN attack based on network vulnerabillities especially on data confidentiality ,authentication and availability. In addition, to analyze the effect of cryptographic technologies on QoS parameters (delay and throughput).Keyword: Security, VPN, IPSec, GRE , Sniffing, Disclosure attack, SYN attack Delay, Throughpu

IMPLEMENTATION OF GENERIC ROUTING ENCAPSULATION USING CISCO PACKTER TRACER

Virtual Private Network (VPN) is a technology that offers low-cost remote access solutions for companies. The IPSec protocol provides cryptography services and network security for data transmission. Generic Routing Encapsulation (GRE) tunnel exists to encapsulate multicast and broadcast packets into unicast packets. This is very usable which IPSec does not support encryption of multicast and broadcast packets. The target of this simulation is that Router 1 shows that the network is protected by GRE. The first thing to do is set the network topology. Here, for example, there are two offices that want to transmit data to each other. Each of these offices has a switch, FTP server, DNS server, router, and PC. Then set the IP address of each device and connect it with cables. Router 2 and Router 3 function to connect the two offices in one WAN network. Each of these data transmissions is IPSec protected for data encryption protection then GRE coated for transmission encapsulation. From simulation results, we can conclude that both network can be connected and communicated each other with protection from GRE tunnel

GNFC: Towards Network Function Cloudification

An increasing demand is seen from enterprises to host and dynamically manage middlebox services in public clouds in order to leverage the same benefits that network functions provide in traditional, in-house deployments. However, today's public clouds provide only a limited view and programmability for tenants that challenges flexible deployment of transparent, software-defined network functions. Moreover, current virtual network functions can't take full advantage of a virtualized cloud environment, limiting scalability and fault tolerance. In this paper we review and evaluate the current infrastructural limitations imposed by public cloud providers and present the design and implementation of GNFC, a cloud-based Network Function Virtualization (NFV) framework that gives tenants the ability to transparently attach stateless, container-based network functions to their services hosted in public clouds. We evaluate the proposed system over three public cloud providers (Amazon EC2, Microsoft Azure and Google Compute Engine) and show the effects on end-to-end latency and throughput using various instance types for NFV hosts

Implementation and Provisioning of Federated Networks in Hybrid Clouds (pre-print)

Federated cloud networking is needed to allow the seamless and efficient interconnection of resources distributed among different clouds. This work introduces a new cloud network federation framework for the automatic provision of Layer 2 (L2) and layer 3 (L3) virtual networks to interconnect geographically distributed cloud infrastructures in a hybrid cloud scenario. After a revision of existing encapsulation technologies to implement L2 and L3 overlay networks, the paper analyzes the main topologies that can be used to construct federated network overlays within hybrid clouds. In order to demonstrate the proposed solution and compare the different topologies, the article shows a proof-of-concept of a real federated network deployment in a hybrid cloud, which spans a local private cloud, managed with OpenNebula, and two public clouds, two different regions of mazon EC2. Results show that L2 and L3 overlay connectivity can be achieved with a minimal bandwidth overhead, lower than 10%

IMPLEMENTASI DAN ANALISIS PERFORMA MULTI PROTOCOL LABEL SWITCHING - VIRTUAL PRIVATE NETWORK (MPLS-VPN) DENGAN METODE GENERIC ROUTING ENCAPSULATION PADA LAYANAN BERBASIS FILE TRANSFER PROTOCOL (FTP)

ABSTRAK Pengaplikasian jaringan Internet Protocol menjadi marak karena tuntutan perkembangan ilmu telekomunikasi. Layanan berbasis IP semakin berkembang dan terintegrasi dengan baik. Untuk integrasi yang baik, salah satu faktor yang jadi bahasan adalah performa jaringan tersebut. Tunneling menjadi salah satu solusi peningkatan performa tersebut. Tunneling menyediakan mekanisme untuk mengangkut paket satu protokol dalam protokol lain. Protokol yang diangkut disebut sebagai protokol passenger, dan protokol yang digunakan untuk membawa protocol passenger disebut sebagai protokol transport. Generic Routing Encapsulation (GRE) adalah salah satu mekanisme tunneling yang tersedia yang menggunakan IP sebagai protokol transport dan dapat digunakan untuk membawa banyak protokol penumpang yang berbeda. Terowongan bertindak sebagai jalur virtual point-to-point yang memiliki dua titik akhir yaitu tunnel source dan tunnel destination di setiap endpoint. Fitur ini menggunakan MPLS melalui Generic Routing Encapsulation untuk enkapsulasi paket MPLS dalam terowongan IP. Enkapsulasi MPLS paket dalam IP tunnels membuat link virtual point-to-point di seluruh jaringan non-MPLS. Parameter uji yaitu throughput, RTT Delay, dan Packet Loss menunjukkan penurunan performa dengan diberi tunnel GRE. Penurunan performa tersebut disebabkan oleh adanya penggunaan resource pada jaringan saat interkey exchange pada pembentukan tunnel GRE. Namun penurunan performa bisa saja tidak terjadi saat tidak adanya background traffic sehingga resource yang bisa digunakan masih tesedia. Kata Kunci: Throughput, RTT Delay, Packet Loss, GRE, MPLS-VPN, FT

Virtual Private Network Implementation with GRE Tunnels and EIGRP Protocol

Nowadays, the modern companies and institutions have a inevitable need for secure connections with remote locations trough broadband WAN networks. The reason for such requisite is mainly the need for shared services utilization like application servers, database servers, messaging servers, etc., physically located at remote datacenters. In this paper, we present realistic VPN implementation and configuration for a company with two central locations (head office and warehouse) and branch offices in several cities. For secure communication between central locations and branch offices, Generic Routing Encapsulation (GRE) tunnels are implemented. EIGRP protocol is used for routing the data between networks. From the implementation analyses conducted in this paper, we can figure out that this approach allows low-complexity realization and low-cost maintenance solution

Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area