Optimasi Keamanan Pada Jaringan Multi-Endpoint Access Menggunakan Network Access Control Berbasis Cisco ISE
DOI:
https://doi.org/10.31000/jika.v5i3.4811Abstract
Perusahaan perlu terus meningkatkan kinerja dan performa jaringan komputernya, termasuk yang paling utama adalah terkait dengan keamanan jaringan komputer. PT. Nusantara Compnet Integrator (Compnet) memiliki kepadatan akses yang cukup tinggi dari endpoints ke jaringan perusahaan. Pertambahan endpoints, mengakibatkan lalu lintas data pada jaringan Compnet menjadi padat dan lebih rentan dengan masalah keamanan. Imbasnya, membuat identifikasi terhadap pengguna, perangkat, dan aktivitas yang ada di dalam jaringan Compnet menjadi lebih sulit untuk dilakukan, mengingat akses ke jaringan Compnet tanpa adanya kontrol akses. Untuk menyelesaikan permasalahan tersebut dibutuhkan rancangan keamanan jaringan yang mampu mengidentifikasi dan mengendalikan akses terhadap setiap endpoint yang akan terkoneksi ke jaringan sehingga tidak sembarang endpoint dapat terkoneksi ke jaringan. Didalam penelitian ini, dilakukan perencanaan dan perancangan Network Access Control (NAC), sebagai mekanisme pengawasan dan pengendalian akses endpoints dalam jaringan Compnet. NAC akan melakukan filter terhadap endpoint yang bukan milik Compnet yang mencoba terkoneksi melalui Switch. NAC yang digunakan berbasis Cisco Identity Services Engine (ISE). Dari hasil pengujian, diperoleh optimasi keamanan jaringan Compnet, berupa kontrol terhadap endpoint yang lebih baik ketika akan mengakses jaringan Compnet, melalui proses otentikasi dan verifikasi.References
Arta, Y., Syukur, A., & Kharisma, R. (2018). Simulasi Implementasi Intrusion Prevention System (IPS) Pada Router Mikrotik. IT Journal Research and Development, 3(1), 104. https://doi.org/10.25299/itjrd.2018.vol3(1).1346
Dali, F. (2017). Sistem Keamanan Jaringan Menggunakan Cisco AnyConnect Dengan Metode Network Access Manager. Jurnal Ilmu Teknik Dan Komputer, Vol.X(No. X), 1–7.
Darmadi, E. A. (2018). Perancangan Sistem Otentikasi Radius Pada Pengguna Jaringan Wireless. Jurnal IKRA-ITH Informatika, 2(3), 9–16.
Fortinet. (2018). The Evolution of Network Access Control (NAC): How IoT and BYOD Devices Have Changed NAC Solutions (White Paper). www.fortinet.com
Janoff, C., & McGlothin, B. (2016). Cisco Compliance Solution for PCI DSS 2.0 Design Guide Summary (3rd Editio). Cisco.
Ma’sum, M. S., Irwansyah, M. A., & Priyanto, H. (2017). Analisis Perbandingan Sistem Keamanan Jaringan Menggunakan Snort dan Netfilter. Jurnal Sistem Dan Teknologi Informasi (JUSTIN), 5(1), 56–60.
Miller, L. C. (2014). Cybersecurity For Dummies, Palo Alto Networks Edition (R. Mengle (ed.); Palo Alto). John Wiley & Sons, Inc.
Nugroho, F. E., Daniarti, Y., & Rosidin. (2021). Rancang Bangun QOS (Quality of Service) Jaringan Wireless Local Network Menggunakan Metode NDLC (Network Development Life Cycle) di PT Trimitra Kolaborasi Mandiri (3KOM). Jurnal Informatika (JIKA), 5(1), 79–83.
Ouaddah, A., Mousannif, H., Elkalam, A. A., & Ouahman, A. A. (2017). Access control in the Internet of Things: Big challenges and New Opportunities. Computer Networks, 112(November 2016), 237–262. https://doi.org/10.1016/j.comnet.2016.11.007
Pawar, M. V., & Anuradha, J. (2015). Network Security and Types of Attacks in Network. International Conference on Intelligent Computing, Communication & Convergence (ICCC-2015), 503–506.
Rasner, B. G. (2015). Cisco IT and the Identity Services Engine (White Paper) (Issue 02/15). https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/cisco-it-and-ise.pdf
Roldán-Molina, G., Almache-Cueva, M., Silva-Rabadão, C., Yevseyeva, I., & Basto-Fernandes, V. (2017). A Comparison of Cybersecurity Risk Analysis Tools. Procedia Computer Science, 121, 568–575. https://doi.org/10.1016/j.procs.2017.11.075
Roopesh, M., Reethika, G., Srinath, B. V, & Sarumathi, A. (2017). Network Access Control. International Journal on Computer Science and Engineering (IJCSE), 9(05), 1–3.
Taufik, A. M. (2014). Pembangunan Network Access Control Untuk Autentikasi dan Security dengan Menggunakan 802 .1X Authentication. Jurnal Ilmiah Komputer Dan Informatika (KOMPUTA), 1, 1–7.
Widyatmoko, D., & Salamah, U. (2016). Implementasi Freeradius Berbasis Lightweight Directory Access Protocol Pada Management Infrastruktur Jaringan Internet Service Provider. Jurnal Format, 6(2), 119–135.
Woland, A. T., & Redmon, K. (2015). CCNP Security SISAS 300-208 Official Cert Guide.
Downloads
Published
Issue
Section
License
License and Copyright Agreement
In submitting the manuscript to the journal, the authors certify that:
- They are authorized by their co-authors to enter into these arrangements.
- That it is not under consideration for publication elsewhere,
- That its publication has been approved by all the author(s) and by the responsible authorities – tacitly or explicitly – of the institutes where the work has been carried out.
- They secure the right to reproduce any material that has already been published or copyrighted elsewhere.
- They agree to the following license and copyright agreement.
Copyright
Authors who publish with International Journal of Advances in Intelligent Informatics agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.Â
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Licensing for Data Publication
International Journal of Advances in Intelligent Informatics use a variety of waivers and licenses, that are specifically designed for and appropriate for the treatment of data:
Open Data Commons Attribution License, http://www.opendatacommons.org/licenses/by/1.0/ (default)
Creative Commons CC-Zero Waiver, http://creativecommons.org/publicdomain/zero/1.0/
Open Data Commons Public Domain Dedication and Licence, http://www.opendatacommons.org/licenses/pddl/1-0/
Other data publishing licenses may be allowed as exceptions (subject to approval by the editor on a case-by-case basis) and should be justified with a written statement from the author, which will be published with the article.
Open Data and Software Publishing and Sharing
The journal strives to maximize the replicability of the research published in it. Authors are thus required to share all data, code or protocols underlying the research reported in their articles. Exceptions are permitted but have to be justified in a written public statement accompanying the article.
Datasets and software should be deposited and permanently archived inappropriate, trusted, general, or domain-specific repositories (please consult http://service.re3data.org and/or software repositories such as GitHub, GitLab, Bioinformatics.org, or equivalent). The associated persistent identifiers (e.g. DOI, or others) of the dataset(s) must be included in the data or software resources section of the article. Reference(s) to datasets and software should also be included in the reference list of the article with DOIs (where available). Where no domain-specific data repository exists, authors should deposit their datasets in a general repository such as ZENODO, Dryad, Dataverse, or others.
Small data may also be published as data files or packages supplementary to a research article, however, the authors should prefer in all cases a deposition in data repositories.
