Implementasi Dan Analisis VPN Protokol IPSec (Internet Protokol Security) Beserta VPN Protokol SSL (Secure Socket Layer)

ABSTRAKSI: Untuk mengatasi masalah keamanan dalam komunikasi data pada jaringan umum (internet) maka lahirlah Virtual Private Network (VPN). Didalam VPN terdapat perpaduan teknologi tunneling dan enkripsi yang membuat VPN menjadi teknologi yang handal untuk mengatasi permasalahan keamanan jaringan. Selain keamanan jaringan, dilakukan pula pengujian Quality of Service (QoS) sebagai suatu pengukuran tentang seberapa baik jaringan VPN tersebut.Protokol IPSec (Internet Protocol Security) digunakan sebagai protokol yang dirancang pada implementasi site-to-site VPN. Sedangkan Protokol SSL (Secure Socket Layer) digunakan sebagai protokol yang dirancang pada implementasi remote access VPN.Berdasarkan hasil analisis QoS, VPN IPSec sangat ideal untuk organisasi yang memiliki jumlah remote user yang relatif kecil dan juga organisasi dapat mengontrol tiap user. Untuk kondisi sebaliknya, maka VPN SSL menjadi solusi yang lebih baik. Sedangkan hasil keamanan jaringan, baik VPN IPSec maupun VPN SSL memiliki tingkat keamanan jaringan yang baik karena didukung teknologi tunneling dan enkripsi yang sama baiknya.Kata Kunci : virtual private network, keamanan jaringan, quality of service,ABSTRACT: To solve the security issues in data communication on public network (Internet) is born a Virtual Private Network (VPN). Inside there is a combination of technology VPN tunneling and encryption to create a VPN to be a reliable technology to solve network security problems. In addition to network security, also conducted testing of Quality of Service (QoS) as a measure of how well the network VPN.Protocols of IPSec (Internet Protocol Security) is used as the implementation of protocols designed site-to-site VPN. While the SSL protocol (Secure Socket Layer) protocol is used as designed in the implementation of remote access VPN.Based on the analysis of QoS, IPSec VPN is ideal for organizations that have a number of remote users that are relatively small and can control each user organization. To the opposite, then the SSL VPN to be a better solution. While the results of network security, both IPSec VPN and SSL VPN has a good level of network security for tunneling and encryption technology supported equally well.Keyword: virtual private network, network security, quality of service, interne

VNE solution for network differentiated QoS and security requirements: from the perspective of deep reinforcement learning

The rapid development and deployment of network services has brought a series of challenges to researchers. On the one hand, the needs of Internet end users/applications reflect the characteristics of travel alienation, and they pursue different perspectives of service quality. On the other hand, with the explosive growth of information in the era of big data, a lot of private information is stored in the network. End users/applications naturally start to pay attention to network security. In order to solve the requirements of differentiated quality of service (QoS) and security, this paper proposes a virtual network embedding (VNE) algorithm based on deep reinforcement learning (DRL), aiming at the CPU, bandwidth, delay and security attributes of substrate network. DRL agent is trained in the network environment constructed by the above attributes. The purpose is to deduce the mapping probability of each substrate node and map the virtual node according to this probability. Finally, the breadth first strategy (BFS) is used to map the virtual links. In the experimental stage, the algorithm based on DRL is compared with other representative algorithms in three aspects: long term average revenue, long term revenue consumption ratio and acceptance rate. The results show that the algorithm proposed in this paper has achieved good experimental results, which proves that the algorithm can be effectively applied to solve the end user/application differentiated QoS and security requirements

RANCANG BANGUN DAN ANALISA QoS AUDIO DAN VIDEO STREAMING PADA JARINGAN MPLS VPN

Today and more people in Indonesia to use audio and video streaming applications in daily life. With the streaming video we can use it for various activities such as distance education or as a means of monitoring. In the public network has security weaknesses are lack of communication, to overcome this, the technology is used VPN (Virtual Private Network) on the network. VPN allows the formation of a network of private data on public networks by applying authentication and encryption so that access to these networks can only be done by certain parties. Layers of additional security such as IPSec can be applied to data security, if necessary. Such methods, however, without any IPSec, VPN with MPLS can be used well. In this thesis analyzes the QoS of MPLS VPN network, the QoS parameters include delay, jitter, packet loss and throughput. Quality of Service (QoS) of video streaming is absolutely taken to ensure that users feel satisfied when using it. With this analysis are expected video streaming technology users through a VPN MPLS network is to know the extent to which the performance of videostreaming via MPLS VPN networ

Understanding Security Threats in Cloud

As cloud computing has become a trend in the computing world, understanding its security concerns becomes essential for improving service quality and expanding business scale. This dissertation studies the security issues in a public cloud from three aspects. First, we investigate a new threat called power attack in the cloud. Second, we perform a systematical measurement on the public cloud to understand how cloud vendors react to existing security threats. Finally, we propose a novel technique to perform data reduction on audit data to improve system capacity, and hence helping to enhance security in cloud. In the power attack, we exploit various attack vectors in platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS) cloud environments. to demonstrate the feasibility of launching a power attack, we conduct series of testbed based experiments and data-center-level simulations. Moreover, we give a detailed analysis on how different power management methods could affect a power attack and how to mitigate such an attack. Our experimental results and analysis show that power attacks will pose a serious threat to modern data centers and should be taken into account while deploying new high-density servers and power management techniques. In the measurement study, we mainly investigate how cloud vendors have reacted to the co-residence threat inside the cloud, in terms of Virtual Machine (VM) placement, network management, and Virtual Private Cloud (VPC). Specifically, through intensive measurement probing, we first profile the dynamic environment of cloud instances inside the cloud. Then using real experiments, we quantify the impacts of VM placement and network management upon co-residence, respectively. Moreover, we explore VPC, which is a defensive service of Amazon EC2 for security enhancement, from the routing perspective. Advanced Persistent Threat (APT) is a serious cyber-threat, cloud vendors are seeking solutions to ``connect the suspicious dots\u27\u27 across multiple activities. This requires ubiquitous system auditing for long period of time, which in turn causes overwhelmingly large amount of system audit logs. We propose a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high quality forensics analysis. In particular, we first propose an aggregation algorithm that preserves the event dependency in data reduction to ensure high quality of forensic analysis. Then we propose an aggressive reduction algorithm and exploit domain knowledge for further data reduction. We conduct a comprehensive evaluation on real world auditing systems using more than one-month log traces to validate the efficacy of our approach

RPL routing protocol performance under sinkhole and selective forwarding attack: experimental and simulated evaluation

To make possible dream of connecting 30 billion smart devices assessable from anywhere, anytime and to fuel the engine growth of Internet of things (IoT) both in terms of physical and virtual things, Internet Engineering Task Force (IETF) came up with a concept of 6LoWPAN possessing characteristics like low power, bandwidth and cost. To bridge the routing gap and to collaborate between low power private area network and the outside world, IETF ROLL group proposed IPv6 based lightweight standard RPL (Routing protocol for low power and lossy networks). Due to large chunks of random data generated on daily basis security either externally or internally always remain bigger threat which may lead to devastation and eventually degrades the quality of service parameters affecting network resources. This paper evaluates and compare the effect of internal attacks like sinkhole and selective forwarding attacks on routing protocol for low power and lossy network topology. Widely known IoT operating system Contiki and Cooja as the simulator are used to analyse different consequences on low power and lossy network

Edge Provisioning and Fairness in VPN-DiffServ Networks

Customers of Virtual Private Networks (VPNs) over Differentiated Services (DiffServ) infrastructure are most likely to demand not only security but also guaranteed Quality-of-Service (QoS) in pursuance of their desire to have leased-line-like services. However, expectedly they will be unable or unwilling to predict the load between VPN endpoints. This paper proposes that customers specify their requirements as a range of quantitative services in the Service Level Agreements (SLAs). To support such services Internet Service Providers (ISPs) would need an automated provisioning system that can logically partition the capacity at the edges to various classes (or groups) of VPN connections and manage them efficiently to allow resource sharing among the groups in a dynamic and fair manner. While with edge provisioning a certain amount of resources based on SLAs (traffic contract at edge) are allocated to VPN connections, we also need to provision the interior nodes of a transit network to meet the assurances offered at the boundaries of the network. We, therefore, propose a two-layered model to provision such VPN-DiffServ networks where the top layer is responsible for edge provisioning, and drives the lower layer in charge of interior resource provisioning with the help of a Bandwidth Broker (BB). Various algorithms with examples and analyses are presented to provision and allocate resources dynamically at the edges for VPN connections. We have developed a prototype BB performing the required provisioning and connection admissio

A Survey on Communication Networks for Electric System Automation

Published in Computer Networks 50 (2006) 877–897, an Elsevier journal. The definitive version of this publication is available from Science Direct. Digital Object Identifier:10.1016/j.comnet.2006.01.005In today’s competitive electric utility marketplace, reliable and real-time information become the key factor for reliable delivery of power to the end-users, profitability of the electric utility and customer satisfaction. The operational and commercial demands of electric utilities require a high-performance data communication network that supports both existing functionalities and future operational requirements. In this respect, since such a communication network constitutes the core of the electric system automation applications, the design of a cost-effective and reliable network architecture is crucial. In this paper, the opportunities and challenges of a hybrid network architecture are discussed for electric system automation. More specifically, Internet based Virtual Private Networks, power line communications, satellite communications and wireless communications (wireless sensor networks, WiMAX and wireless mesh networks) are described in detail. The motivation of this paper is to provide a better understanding of the hybrid network architecture that can provide heterogeneous electric system automation application requirements. In this regard, our aim is to present a structured framework for electric utilities who plan to utilize new communication technologies for automation and hence, to make the decision making process more effective and direct.This work was supported by NEETRAC under Project #04-157

Analisa Perbandingan Quality Of Service Antara Protokol PPTP dan L2TP Pada Virtual Private Network Berbasis Router Mikrotik

ABSTRACTThe internet as a data transmission backbone has security threats in sending data. To overcome the security problem of every data communication that is done through a public network (public network), then a connection is needed that requires a connection between workstations running privately, so that only workstations that have access can connect, by using a virtual private network or VPN. The advantage of a VPN is that data sent over an encrypted VPN is quite safe and the secret is maintained even through the internet network because the data sent will go through the tunnel. Tunneling itself is a method for transferring data from one network to another by using a veiled internet network. Two protocols can be chosen in a VPN, namely Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). However, the performance of each of these protocols is unknown yet. To find out the performance of the two protocols we need a test with a simulation method. Using a Mikrotik router and Wireshark application with Quality of Service (QoS) parameters consisting of Packet Loss, Delay, and Throughput on 2 clients connected to the mikrotik router and each client uses a different protocol. All clients will stream videos simultaneously to get a data packet capture. The test results will be grouped into four categories, namely bad, moderate, good and very good. It is expected that data will be able to show the quality of service of both protocols. so that it can be used as a reference in the selection of VPN protocol to be used.Keywords: Quality of Service, PPTP, L2TPABSTRAKInternet sebagai backbone pengiriman data memiliki ancaman keamanan dalam pengiriman data. Untuk mengatasi masalah keamanan setiap komunikasi data yang dilakukan melalui jaringan publik (public network) maka diperlukan suatu mekanisme yang memungkinkan koneksi antar workstation berjalan secara private, sehingga hanya workstation yang memiliki akses yang dapat saling terhubung, dengan cara memanfaatkan virtual private network atau VPN. Keuntungan VPN adalah data yang dikirimkan melalui VPN terenkripsi sehingga cukup aman dan rahasianya tetap terjaga meskipun melalui jaringan internet, karena data yang dikirim akan melalui tunnel. Tunneling sendiri merupakan metode untuk transfer data dari suatu jaringan ke jaringan lain dengan memanfaatkan jaringan internet secara terselubung. Terdapat dua protokol yang dapat dipilih dalam VPN yaitu Point to Point Tunneling Protocol (PPTP) dan Layer 2 Tunneling Protocol (L2TP). Akan tetapi belum diketahui performa dari masing – masing protokol tersebut. Untuk mengetahui kinerja dari kedua protokol tersebut diperlukan sebuah pengujian dengan metode simulasi. Menggunakan router mikrotik dan aplikasi Wireshark dengan parameter Quality of Service (QoS) yang terdiri dari Packet Loss, Delay, dan Throughtput pada 2 client yang terhubung ke router mikrotik dan setiap client akan menggunakan protokol yang berbeda. Semua client akan melakukan video streaming secara bersamaan untuk mendapatkan capture paket data. Hasil pengujian akan dikelompokkan menjadi empat kategori, yaitu kategori buruk, sedang, bagus dan sangat bagus. Diharapkan akan dihasilkan sebuah data yang dapat menunjukkan kualitas dari layanan kedua protokol tersebut. sehingga dapat dijadikan acuan dalam pemilihan protokol vpn yang akan digunakan.Kata kunci: Quality of Service, PPTP, L2T