Resource Modification On Multicore Server With Kernel Bypass

Technology develops very fast marked by many innovations both from hardware and software. Multicore servers with a growing number of cores require efficient software. Kernel and Hardware used to handle various operational needs have some limitations. This limitation is due to the high level of complexity especially in handling as a server such as single socket discriptor, single IRQ and lack of pooling so that it requires some modifications. The Kernel Bypass is one of the methods to overcome the deficiencies of the kernel. Modifications on this server are a combination increase throughput and decrease server latency. Modifications at the driver level with hashing rx signal and multiple receives modification with multiple ip receivers, multiple thread receivers and multiple port listener used to increase throughput. Modifications using pooling principles at either the kernel level or the program level are used to decrease the latency. This combination of modifications makes the server more reliable with an average throughput increase of 250.44% and a decrease in latency 65.83%

Infrastructure as Code for Security Automation and Network Infrastructure Monitoring

The Corona Virus (COVID-19) pandemic that has spread throughout the world has created a new work culture, namely working remotely by utilizing existing technology. This has the effect of increasing crime and cyber attacks as more and more devices are connected to the internet for work. Therefore, the priority on security and monitoring of network infrastructure should be increased. The security and monitoring of this infrastructure requires an administrator in its management and configuration. One administrator can manage multiple infrastructures, making the task more difficult and time-consuming. This research implements infrastructure as code for security automation and network infrastructure monitoring including IDS, honeypot, and SIEM. Automation is done using ansible tools to create virtual machines to security configuration and monitoring of network infrastructure automatically. The results obtained are automation processes and blackbox testing is carried out and validation is carried out using a User Acceptance Test to the computer apparatus of the IT Poltek SSN Unit to prove the ease of the automation carried out. Based on the results of the UAT, a score of 154 was obtained in the Agree area with an acceptance rate of 81.05% for the implementation of infrastructure as code for the automation carried ou

Honeypot-as-a-Service dengan Kubernetes Cluster

Honeypot merupakan salah satu strategi yang digunakan untuk melindungi jaringan dari serangan siber. Honeypot digunakan untuk menarik penyerang agar menyerang honeypot tersebut daripada perangkat-perangkat jaringan. Namun, penggunaan honeypot masih jarang terjadi di tingkat korporat maupun individu karena membutuhkan tenaga profesional dan infrastruktur khusus untuk mengelolanya selama implementasi. Berdasarkan permasalahan ini, peneliti mengusulkan solusi Software-as-a-Service  (SaaS) yang disebut Honeypot-as-a-Service  (HaaS). HaaS adalah layanan honeypot berbasis cloud yang dikelola oleh orkestrasi kontainer Kubernetes Cluster. Penggunaan Kubernetes Cluster dirancang untuk mengotomatiskan konstruksi, penjadwalan, pemeliharaan, dan penghapusan honeypot berkontainer. Otomatisasi ini dimaksudkan untuk membantu pelanggan yang ingin menggunakan sistem pertahanan berbasis honeypot dalam jaringan mereka tanpa harus menjalankan honeypot mereka sendiri. Pengguna dapat mendaftar akun dan mengonfigurasi honeypot menggunakan dashboard yang langsung terhubung ke cloud honeypot. Sistem ini sedang dikembangkan di lingkungan pusat data Departemen Keamanan Siber dari Politeknik Siber dan Sandi Negara, yang dikelola dengan manajemen virtualisasi Proxmox Virtual Environment. Komponen-komponen dari sistem HaaS terdiri dari honeypot di Kubernetes Cluster, HaaS-proxy, dan HaaS Dashboard. Sistem yang telah dibuat kemudian diuji availability, performance, functionality, and scenario. Hasil evaluasi sistem menunjukkan bahwa sistem HaaS membutuhkan pengembangan lebih lanjut. Meskipun ketersediaan dan performa sistem HaaS telah memenuhi kriteria layanan berbasis cloud, namun fungsionalitas sistem tidak memenuhi standar layanan SaaS secara umum. Namun, honeypot dibangun untuk memenuhi tujuan honeypot dalam menarik penyerang

Comparative analysis of evolutionary-based maximum power point tracking for partial shaded photovoltaic

The characteristics of the photovoltaic module are affected by the level of solar irradiation and the ambient temperature. These characteristics are depicted in a V-P curve. In the V-P curve, a line is drawn that shows the response of changes in output power to the level of solar irradiation and the response to changes in voltage to ambient temperature. Under partial shading conditions, photovoltaic (PV) modules experience non-uniform irradiation. This causes the V-P curve to have more than one maximum power point (MPP). The MPP with the highest value is called the global MPP, while the other MPP is the local MPP. The conventional MPP tracking technique cannot overcome this partial shading condition because it will be trapped in the local MPP. This article discusses the MPP tracking technique using an evolutionary algorithm (EA). The EAs analyzed in this article are genetic algorithm (GA), firefly algorithm (FA), and fruit fly optimization (FFO). The performance of MPP tracking is shown by comparing the value of the output power, accuracy, time, and tracking effectiveness. The performance analysis for the partial shading case was carried out on various populations and generations

TIA-942 Approach dengan Computational Fluid Dynamic untuk Data Center

Data Center (DC) is currently one of the most popular Information and Communication Technologies (ICT) along with the increasing digitization of business processes. The concept of centralization provides convenience for the improvement, development and efficiency of energy resources. DC networks support cloud-inspired environments that require stability and agility, thereby extending the functionality of DC networks into a public cloud provider infrastructure to better manage hybrid cloud networks. The TIA-942 standard allows DC designs to be considered early in the building development process and contributes to architectural considerations, by providing multidisciplinary design and construction information. It is used for a comprehensive understanding of DC design including facility planning, cabling systems, and network design. Good planning during building construction or renovation is significantly less expensive and less intrusive than after the facility is operational. The DC design using the TIA-942 standard was tested through Computational Fluid Dynamic simulation to produce a better analysis. All of these analyzes are to avoid misplacing or positioning cooling devices or racks in the DC, as well as assisting in the selection of efficient cooling system technology. So that the DC design can function as an operation center and service provider, as well as increase efficiency and energy resources for all SKPD in XYZ Province

Security Assessment Aplikasi Mobile Pemerintahan dengan Acuan OWASP Top 10 Mobile Risks

Mobile E-Kinerja XYZ adalah aplikasi yang digunakan untuk pelaporan kegiatan PNS dan ASN Pemerintah Kabupaten XYZ. Aplikasi ini menunjang peraturan dari pemerintah pusat terkait Sistem Pemerintahan Berbasi Elektronik (SPBE). Security assessment yang dilakukan mencakup pengujian keamanan aplikasi dan juga mengidentifikasi kerentanan menggunakan MobSF dan MARA Framework dan analisis dinamis serta melakukan validasi mengacu pada OWASP Top Ten Mobile Risk 2016. Menilai kerentanan menggunakan Common Vulnerability Scoring System (CVSS) 3.1. Memberikan rekomendasi keamanan terhadap kerentanan yang ditemukan mengacu pada Common Weakness Enumeration (CWE) serta menjelaskan dampak dari kerentanan. Aplikasi ini mempunyai satu krentanan high (Insecure Data Storage), tiga kerentanan medium (Improper Platform Usage, Insufficient Cryptography, Reverse Engineering), satu kerentanan low (Extraneous Functionality)

Implementasi KRACK dan KRACK Detector terhadap Wpa_Supplicant pada Perangkat Android dan Linux Ubuntu

Nowadays WiFi services is available in many public places to accesses the information. Most of WiFi services use the Wifi Protected Access 2 (WPA2) security. This protocol uses a 4-way handshake mechanism for authentication process, but there is a weakness by using the 4-way handshake mechanism that possible to re-install the key (KRACK). This weakness can be used by attackers to hold up communications so that attackers can enter the network. This study, KRACK analysis was carried out on wpa_supplicant Android and Linux Ubuntu which connected to WiFi and the WPA2 security protocol to know the weaknesses. The analysis is doing on the user's device by connecting to the Rogue AP generated by the Vanhoef script. This dangerous line is compared to normal line. Analyzing attacks on 4-way handshakes, this research create implementation of KRACK Detector and the result of detection will be used to get the KRACK characteristics. The information getting from the result can prevent the disadvantages which coming by attacks. The validation of the research was carried out by using Wireshark to make sure that the third massage sends which show threat of attack

Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating

Website ”XYZ” merupakan aplikasi yang mempunyai fungsi dalam layanan pembuatan dokumen kependudukan, layanan pendaftaran akses masuk, dan fitur login. Penilaian kerawanan secara berkala diperlukan untuk menjamin kehandalan dari aplikasi. Penilaian kerawanan dengan menggunakan tool uji saja sekarang tidak dirasa cukup sehingga memerlukan validasi. Salah satu validasi tersebut adalah menggunakan penetration testing. Uji penetrasi pada Website XYZ Kabupaten XYZ dilaksanakan dengan mengacu kepada Open Web Application Security Project (OWASP) Top 10-2021. Penetration testing dilaksanakan dengan metode black box untuk mendapatkan hasil pengukuran tingkat kerentanan pada aplikasi. Keseluruhan penilaian kerentanan dilakukan dalam empat tahap yaitu planning, information gathering, vulnerability scanning menggunakan 2 tools otomatis yaitu Vega dan OWASP ZAP sebagai upaya untuk mendapatkan cakupan yang lebih luas terkait kerentanan yang ditemukan dikuti dengan validasi dilanjutkan tahap analysis and reporting. Hasil tahap vulnerability scanning menghasilkan 9 jenis kerentanan dengan sebaran 2 high, 1 medium, dan 6 low. Pengujian penetrasi untuk validasi mengacu pada dokumen panduan Web Security Testing Guide (WSTG) versi 4.2. Hasil proses akhir berupa rekomendasi dapat digunakan sebagai referensi pengembang aplikasi web untuk menangani kerentanan khususnya hilangnya ketersediaan layanan dan kebocoran data