Sentralisasi Manajemen Hotspot Menggunakan Transparent Bridge Tunnel EoIP over SSTP

STMIK Bumigora is the first computer college in the province of West Nusa Tenggara (NTB). There are 11 hotspots spread across the campus to provide Internet services through a wireless connection for the academic community. The increasing number of hotspots that must be managed with locations scattered in various Mikrotik routers hence make the process of management and monitoring hotspots become complex, ineffective and efficient. Centralized campus hotspot management using a transparent bridge EoIP over SSTP can help solve the problems at hand. Ethernet over IP (EoIP) Tunneling is a Mikrotik RouterOS protocol that creates an Ethernet tunnel between routers over IP connections. EoIP tunnel built on SSTP tunnel (EoIP over SSTP) with Site-to-Site type. SSTP is a new form of Virtual Private Network (VPN) tunnel that provides a mechanism for encapsulating Point-toPoint Protocol (PPP) traffic through the SSL path of the HTTPS protocol. The IP address of the SSTP interface is used as the local reference and remote address of the EoIP over SSTP tunnel. The application of bridging on EoIP interfaces and interfaces connected to Access Point devices forms a logical network so that the management and monitoring of hotspot services can be performed centrally on one router

Pengamanan Layanan Private Cloud Storage Menggunakan HTTPS, IPTables dan SSTP

STMIK Bumigora is a computer college in the province of West Nusa Tenggara (NTB). The spread of data from 12 (twelve) sections on each staff computer or section head causes data search both within and between sections to be inefficient. The condition underlies the prototype development of Nextcloud-based Private Cloud Storage system as centralized data storage for each part. This system has been successfully created and tested and received a positive response for immediate implementation. But PusTIK as part of managing Information and Communication Technology (ICT) is still considering to delay implementation until security is done to access and transfer data between client to Private Cloud Storage Server. In addition there is also a need to remain able to access to Cloud Storage services from the Internet, especially when the academic community is on duty out of town or out of campus. The implementation of Secure Socket Tunneling Protocol (IPTables) and Secure Socket Tunneling Protocol (VPN) based Server Protocol Secure (HTTPS) and IPTables on Gateway Routers can help solve the problems encountered. Based on the analysis there is a known test results HTTPS can secure access and transfer data from client to Cloud Storage Server. While IPTables can protect Private Cloud Storage server from unwanted traffic so it can keep the service available. In addition, SSTP can bridge the need for access and security of communications to Private Cloud Storage service from the Internet

PERANCANGAN KEAMANAN JARINGAN AUTHENTICATION LOGIN HOTSPOT MENGGUNAKAN RADIUS SERVER DAN PROTOKOL EAP-TTLS PADA MIKROTIK DI IDOOP HOTEL

Idoop Hotel merupakan salah satu hotel yang terletak di kawasan Kota Mataram, Jalan Swaramahardika No.883, 83121. Idoop Hotel mulai beroperasi pada bulan Juni 2014. Idoop Hotel memiliki total 9 departement yang tergabung dalam jaringan back office dan operasional. Keseluruhan department berada dalam satu jaringan lokal yang dikelola oleh administrator jaringan pada hotel tersebut. Protocol Extensible Authentication Protocol-Tunelled Transport Layer Security (EAP-TTLS) melihat dari segi implementasi EAP-TTLS dirancang untuk memberikan kemudahan implementasi otentikasi dibandingkan dengan protocol EAP yang berbasis sertifikat digital. Implementasi EAP-TTLS hanya memerlukan sertifikat digital pada sisi authentication server, sedangkan sertifikat digital pada sisi client akan digantikan dengan menggunakan kombinasi username dan password. Kesimpulan yang diperoleh berdasarkan hasil pengujian yang dilakukan yaitu Penggunaan kombinasi username dan password untuk menggantikan sertifikat digital pada Extensible Authentication Protocol-Tunelled Transport Layer Security (EAP-TTLS) juga dapat meningkatkan mobilitas pengguna, karena pengguna tidak perlu menambahkan sertifikat digital untuk melakukan login ke hotspot. Authentikasi EAP-TTLS memiliki kemampuan yang lebih baik yang ditambahkan dengan enkripsi MD5 pada hotspot MikroTIK sehingga pengguna nyaman untuk melakukan login ke hotspot dan mempermudah karyawan IT dari Idoop Hotel untuk memanajemen pengguna dalam jumlah banyak

Implementation of Configuration Management Virtual Private Server Using Ansible

Virtualization technology has been applied to universities with computer study programs to support practicum in Network Management courses. Each user gets a Virtual Private Server (VPS) with container technology. VPS system that is prepared manually requires a long time, especially when the number of users is increasing. The activity repeats every semester so it becomes ineffective and inefficient. Application of automation using Ansible can help to manage VPS objects in the Promox Virtual Environment (PVE) Cluster dynamically. Network Development Life Cycle (NDLC) was used as a method in this study. The design of the VPS management automation system created supports the grouping of container, user and permission resource management for users. The design is implemented in Ansible Playbook. The test results show the average time of making VPS objects per student with an automation system 2 (two) times faster, that is 26.25 seconds compared to the old system which takes 2 minutes 15 seconds. Besides that, the Playbook that was created succeeded in automating the start and stop containers per group of students based on the practicum schedule dynamically so as to maintain the availability of services from the PVE Cluster. &nbsp

ANALISA METRIC ROUTING PROTOKOL EIGRP

  Router merupakan peralatan jaringan yang dapat menghubungkan satu jaringan dengan jaringan yang lain. Router bekerja menggunakan routing table yang disimpan di memorinya untuk membuat keputusan tentang bagaimana paket dikirimkan. Informasi pada routing table dapat diperolah salah satunya melalui penggunaan routing protocol. Routing protocol adalah suatu aturan yang mempertukarkan informasi routing yang akan membentuk sebuah tabel routing sehingga pengalamatan pada paket data yang akan dikirim menjadi lebih jelas dan routing protocol mencari rute tersingkat untuk mengirimkan paket data menuju alamat yang dituju. Enhanced Interior Gateway Routing Protocol (EIGRP) merupakan salah satu protocol dengan jenis Interior Gateway Protocol (IGP) yang dapat digunakan dalam suatu Autonomous System (AS). EIGRP adalah protokol routing yang dikembangkan oleh Cisco dan saat ini hanya dapat dijalankan pada router Cisco. Berdasarkan latar belakang diatas mendorong penulis untuk meneliti lebih lanjut tentang bagaimana penentuan rute terbaik pada EIGRP berdasarkan metric yang digunakan pada jaringan LAN (Local Area Network) dan WAN (Wide Area Network). Metric yang digunakan oleh EIGRP dikenal dengan nama K-Value meliputi bandwidth, delay, reliability, loading, dan MTU. Adapun kesimpulan dalam penilitian ini adalah bahwa antar router EIGRP harus memiliki nilai AS dan K-value yang sama agar terbentuk hubungan kebertetanggaan sehingga dapat bertukar informasi routing, nilai K-Value default yang digunakan untuk perhitungan metric adalah bandwidth terendah sepanjang jalur dan cumulative delay sepanjang jalur

DETEKSI KEMIRIPAN TOPIK PROPOSAL JUDUL TUGAS AKHIR DAN SKRIPSI MENGGUNAKAN LATENT SEMANTIC ANALYSIS DI STMIK BUMIGORA MATARAM

Research in university has important role in contributing to national development. By knowing the importance of research, students are motivated to be involved in a research which makes contribution to science. Therefore, the appropriateness of research topic taken by students need to be verified. The result of manual verification process is neither efficient, effective, nor accurate. Thus, methods employing Information Technology (IT) are being developed nowadays. This research applied the Latent Semantic Analysis (LSA) method to detect similarity of topic research title. There are 4 steps in applying LSA method; those are preparation, preprocessing, similarity detection and evaluation step. The experimental result using 40 title proposal query for 400 undergraduate final assignments showed that this system is able to detect topic similarity of thesis title proposal with value MAP of 0.8465 on reduced value k=210 with Threshold Cosine similarity of > 0 without DF thresholding. Whereas testing by DF thresholding resulted in MAP value of 0.8744 on reduced value k=270 with threshold cosine similarity > 0

Analisa Penerapan Private Cloud Computing Berbasis Proxmox Virtual Environment Sebagai Media Pembelajaran Praktikum Manajemen Jaringan

STMIK Bumigora Mataram strives to develop a curriculum that adopts the needs of the industrial world. In the past 2 years, Network Management lecturers have experienced problems related to practicum implementation. During this time the learning process uses virtualization installed on each laboratory computer. However, the system has various weaknesses, especially related to the freedom of access and availability. The implementation of Private Cloud Computing based on Proxmox Virtual Environment (PVE) which in the cluster can be a solution to the problems faced. PVE cluster which is made using four servers and integrated with one storage server can be used as a learning media for network management practicum and support high availability so that live migration can be done. Users can manage Virtual Private Servers using Linux Container (LXC) independently with a login and limited access permission account and the configuration can be done through the console and SSH. All practicum materials were successfully tested on LXC. An FTP-based local repository built on a storage server can minimize the bandwidth usage of an Internet connection and speed up the package installation. In addition port forwarding on the gateway router can facilitate the remote access needs on LXC from the Internet

Application of Domain Keys Identified Mail, Sender Policy Framework, Anti-Spam, and Anti-Virus: The Analysis on Mail Servers

Viruses spread through email are often sent by irresponsible parties that aim to infect email users' servers. This background encouraged the author to analyze the application of DKIM, SPF, anti-spam, and anti-virus to avoid spam, viruses, and spoofing activities. The goal is for the server to prevent spam, spoofing, and viruses to ensure the security and convenience of email users and prevent the impact of losses caused by them. The design and analysis of DKIM, SPF, anti-spam, and anti-virus applications use the NDLC methodology. The process includes designing spam, spoofing, and virus filtering systems and performing installation and configuration simulations. The next stage is implementation, during which the previously developed system is tested on the spam filtering system, spoofing, and viruses. The last stage is the monitoring stage, where supervision is conducted on the approach to determine its success level. This study concludes that applying the DKIM protocol can prevent spoofing through private and public key-matching methods for authentication. Meanwhile, the application of the SPF protocol can prevent spoofing by authorizing the IP address of the sending server. Additionally, SpamAssassin, ClamAV and Amavisd-New can prevent spam and viruses from entering by checking email headers, bodies, and attachments

Analisa Penerapan Intrusion Prevention System (IPS) Berbasis Snort Sebagai Pengaman Server Internet Yang Terintegrasi Dengan Telegram

ABSTRAK Keamanan merupakan salah satu bagian yang sangat penting dalam Teknologi Informasi (TI) yang telah dimanfaatkan di berbagai bidang. Pemanfaatan TI dapat memperlancar operasional sehingga meningkatkan kualitas layanan. Namun di sisi lain apabila tidak dijaga keamanannya maka akan berdampak pada ketersediaan layanan. Setiap institusi atau lembaga harus memiliki pencegahan terhadap keterbukaan akses dari pihak yang tidak berhak. Peran pertahanan sistem pada umumnya terletak pada administrator sebagai pengelola jaringan yang memiliki akses penuh terhadap infrastruktur jaringan yang dibangunnya. Terdapat berbagai metode yang dihasilkan oleh beberapa peneliti yang telah menerapkan pengamanan terkait layanan pada server Internet salah satunya adalah Intrusion Prevention System (IPS). Sistem IPS yang diterapkan oleh peneliti terdahulu belum terintegrasi dengan telegram sehingga administrator system yang sedang berada di luar instansi atau perusahaan tidak dapat mengetahui ketika server mengalami serangan. Selain itu pemblokiran terhadap serangan masih dilakukan secara manual menggunakan IPTables sehingga memerlukan campur tangan administrator system. Berdasarkan permasalahan tersebut maka mendorong peneliti mengembangkan system IPS yang diintegrasikan dengan Telegram dan IPTables sehingga administrator system dapat memperoleh notifikasi ketika terjadi serangan kapan pun dan dimana pun. Selain itu system dapat secara otomatis melakukan pemblokiran serangan. Pada tahap analysis dilakukan pengumpulan data dan analisa data. Pada tahap desain dilakukan rancangan jaringan ujicoba, pengalamatan IP, perancangan alur kerja system dan kebutuhan perangkat keras dan lunak. Pada tahap simulation prototyping memuat tentang instalasi konfigurasi pada masing-masing perangkat, ujicoba dan analisa hasil ujicoba. Terdapat 5 skenario uji coba yang dilakukan meliputi Ftp Attack, Telnet Attack, Bruteforce Form Login menggunakan Hydra Attack, Remote File Incusion (RFI) Attack serta Http Bruteforce menggunakan Hydra Attack. Adapun kesimpulan dari penelitian ini adalah penerapan IPS berbasis Snort yang diintegrasikan dengan telegram serta IPTables maka server dapat mendeteksi serangan yang masuk. ABSTRACT Security is one very important part in Information Technology (IT) which has been utilized in various fields. Utilization of IT can facilitate operations so as to improve service quality. But on the other hand if it is not maintained its security will have an impact on the availability of services. Every institution or institution must have a prevention against open access from unauthorized parties. The role of the defense system in general lies with the administrator as a network manager who has full access to the network infrastructure that he built. There are various methods produced by several researchers who have implemented security-related services on an Internet server, one of which is the Intrusion Prevention System (IPS). The IPS system implemented by previous researchers has not been integrated with telegrams so that system administrators who are outside the agency or company cannot find out when the server has an attack. Besides blocking attacks is still done manually using IPTables so that it requires the intervention of a system administrator. Based on these problems, it encourages researchers to develop IPS systems that are integrated with Telegram and IPTables so that system administrators can get notifications when an attack occurs anytime and anywhere. In addition the system can automatically block attacks. In the analysis phase, data collection and data analysis are carried out. At the design stage, a trial network design, IP addressing, system workflow design and hardware and software requirements are carried out. At the simulation stage prototyping includes the configuration installation on each device, testing and analyzing the results of trials. There are 5 test scenarios conducted including Ftp Attack, Telnet Attack, Bruteforce Form Login using Hydra Attack, Remote File Incusion (RFI) Attack and Http Bruteforce using Hydra Attack. The conclusion of this study is the application of Snort-based IPS integrated with telegram and IPTables, the server can detect incoming attacks

IMPLEMENTASI IPS BERBASIS PORTSENTRY DAN VULNERABILITY ASSESMENT BERBASIS OPENVAS UNTUK PENGAMANAN WEB SERVER

  Jaringan komputer merupakan jaringan telekomunikasi yang menghubungkan satu komputer atau lebih agar dapat saling bertukar data dan informasi. Manfaat yang sedemikian besar tersebut tentunya akan berkurang dengan adanya gangguan yang muncul terhadap jaringan. Adapun salah satu masalah yang dapat menganggu keamanan sistem adalah masuknya user atau hacker yang bermaksud merusak sistem jaringan. Dalam penerapan pengamanan web server berbasis Intrusion Prevention System (IPS), penulis menggunakan aplikasi Portsentry dan IPTables. Portsentry dan IPTables berfungsi sebagai firewall terhadap serangan  seperti DDoS, Ping Attack, dan Portscanning, serta penggunaan OpenVAS dalam penerepanan metode Vulnerability Assesment dalam melakukan scannin terhadap sistem, untuk dapat mengetahui kekelemahan-kelemahan terhadap sistem yang dibangun, sehingga dapat dilakukan upaya perbaikan terhadap sistem agar menjadi lebih baik. Metodologi Penelitian yang penulis adopsi yaitu Network Development Life Cycle (NDLC), NDLC merupakan pendekatan proses dalam komunikasi data yang menggambarkan siklus yang tiada awal dan tiada akhir dalam membangun sebuah jaringan komputer mencakup sejumlah tahapan yaitu Analysis, Design, Simulation Prototype, Implementation, Monitoring dan Management