Anda di halaman 1dari 22

ANALISIS, PERANCANGAN, DAN

IMPLEMENTASI INFRASTRUKTUR
KEAMANAN JARINGAN DENGAN
TEKNOLOGI IPS PADA PT. XYZ-TD
Christophorus Calvin Halim
Binus University, Jakarta, DKI Jakarta, Indonesia

dan

Jan Dicky Chandra


Binus University, Jakarta, DKI Jakarta, Indonesia

Abstrak
Saat ini, infrastruktur jaringan harus disertai sistem keamanan untuk mencegah kerusakan
sistem yang ada di perusahaan karena adanya cracker ataupun virus yang mampu menembus
jaringan perusahaan. Oleh karena itu, telah dilaksanakan analisis terhadap infrastruktur jaringan
PT. XYZ-TD dan melakukan rancangan, serta implementasi infrastruktur jaringan yang baru
dengan menambahkan teknologi Intrusion Prevention System (IPS) sebagai alat keamanan untuk
PT. XYZ-TD. Metode yang dipakai adalah metodologi analisis, yaitu melakukan peninjauan
langsung untuk mengetahui karakteristik infrastruktur jaringan PT. XYZ-TD yang sedang
berjalan, dan metodologi PDIOO (Planning, Design, Implementation, Operation and
Optimization) dalam melakukan perancangan dan implementasi. Hasil yang dicapai adalah
terimplementasinya rancangan yang dibuat untuk infrastruktur jaringan PT. XYZ-TD.
Penggunaan modul VLAN, Inter-VLAN-Routing dan ACL memudahkan administrator jaringan
PT. XYZ-TD dalam melakukan perawatan dan pengelolaan jaringan. Selain itu, pemasangan IPS
juga membuat jaringan PT. XYZ-TD menjadi lebih aman terhadap serangan dari luar maupun
dari dalam. Dengan begitu masalah yang terdapat pada PT. XYZ-TD dapat terselesaikan.
Kata kunci :
Intrusion Preventiom System, Infrastruktur Keamanan Jaringan, PT. XYZ-TD

1. Pendahuluan
Perkembangan teknologi informasi semakin hari semakin berkembang, khususnya
jaringan komputer yang pada saat ini telah menjadi satu hal yang paling mendasar pada
suatu perusahaan. Hal ini dapat dilihat dari penggunaan jaringan komputer yang telah
menjadi kebutuhan pokok bagi setiap perusahaan, baik perusahaan besar maupun
perusahaan menengah ke bawah. Teknologi jaringan komputer telah menjadi satu kunci
penting dalam era globalisasi dan teknologi informasi.
PT. XYZ-TD merupakan perusahaan yang bergerak di bidang perdagangan dan
distribusi yang berkantor di Jakarta dan salah satu anak perusahaan dari PT. XYZ. PT.
XYZ-TD sedang mengembangkan teknologi informasi untuk mendukung dan
meningkatkan proses bisnis perusahaan. Berdasarkan informasi yang diterima dari staf IT
kantor PT. XYZ-TD, terdapat beberapa masalah di dalam sistem infrastruktur
jaringannya. PT. XYZ-TD ingin mengganti keseluruhan infrastruktur jaringannya dengan
suatu rancangan infrastruktur yang jauh lebih baik. Hal ini dikarenakan pada sistem
jaringan lama hanya menggunakan satu segmen, sehingga bila ada serangan yang masuk
ke dalam jaringan perusahaan dapat menimbulkan masalah bagi seluruh pengguna yang
terhubung pada jaringan perusahaan tersebut.
Selain itu, PT. XYZ-TD baru saja membeli solusi ERP (Enterprise Resource
Planning) yang digunakan untuk meningkatkan kualitas kerja dan daya jual para staf
marketingnya. Aplikasi solusi ini harus diaktifkan selama 24 jam, sebab bila tidak dapat
diakses dalam beberapa waktu saja, maka akan mengganggu proses bisnis perusahaan
yang secara tidak langsung akan mengurangi profit perusahaan. Oleh sebab itu
diperlukanlah suatu alat yang mampu menjaga keamanan jaringan dan aplikasi ERP pada

PT. XYZ-TD dengan menggunakan Intrusion Prevention System (IPS) sebagai suatu
solusi untuk meminimalisir permasalahan pada keamanan jaringan mereka.
Dalam perkembangannya, IPS adalah suatu teknologi informasi untuk
meningkatkan keamanan jaringan yang mampu mencegah cracker dan virus agar tidak
dapat menyerang jaringan PT. XYZ-TD. Awal munculnya IPS berasal dari IDS
(Intrusion Detection system) yang hanya berfungsi untuk mendeteksi aktivitas
mencurigakan dalam sebuah sistem jaringan dan melakukan analisis serta mencari bukti
dari percobaan intrusi/penyusupan. Karena banyaknya ancaman-ancaman terhadap
jaringan perusahaan maka dikembangkanlah teknologi IDS menjadi IPS yang berfungsi
untuk mengidentifikasi jaringan dari aktivitas yang berbahaya, mencatatkan informasi,
memblokir atau menghentikan, dan melaporkan kegiatan berbahaya tersebut.
Dengan perkembangan teknologi jaringan yang ada pada saat ini, tidak dapat
dipungkiri bahwa keamanan jaringan menjadi suatu hal yang harus diperhitungkan. PT.
Seraphim Digital Technology sebagai salah satu perusahaan yang menawarkan solusi IT
terutama di bidang keamanan jaringan melihat hal tersebut dapat membantu untuk
meminimalisir ancaman dan serangan baik internal maupun external yang dapat
mengganggu aliran bisnis perusahaan. Teknologi ini sangat menarik untuk dibahas
karena berkaitan dengan masalah yang sering timbul dalam jaringan komputer khususnya
pada keamanan jaringan, dimana sistem keamanan jaringan dengan teknologi IPS
diharapkan mampu menjaga infrastruktur jaringan kedepannya. Oleh karena itu, dalam
skripsi ini akan membahas mengenai analisis, perancangan, dan pengimplementasian
infrastruktur keamanan jaringan dengan teknologi IPS yang bekerja sama dengan staf IT
PT. Seraphim Digital Technology untuk PT. XYZ-TD beserta evaluasinya.

2. Metodologi
Ruang lingkup penelitian mencakup analisa system jaringan lama PT. XYZ-TD,
perancangan dan implementasi jaringan baru yang sudah terstruktur serta melakukan
pemasangan alat keamanan IPS pada jaringan PT XYZ-TD. Adapun pembahasan
yang dilakukan meliputi sebagai berikut :

2.1.

Analisis

Perancangan

Evaluasi

Analisis
Pada topologi jaringan yang lama, dapat dilihat pada gambar 2. masih
menggunakan menggunakan router box dan patch panel dan tidak ada alat keamanan
untuk menjaga jaringan perusahaan, serta masih ada server eksternal yang bergabung
dengan server internal. Maka dalam rancangan topologi jaringan yang baru akan
menggunakan switch Cisco manageable dan router Cisco 1Gb agar jaringan lebih
mudah untuk dikelola dan dirawat serta menggunakan Intrusion Prevention System
buatan IBM untuk mengamankan jaringan dari serangan-serangan. Penggunaan Cisco
Switch dan Cisco Router pada topologi jaringan baru dikarenakan Cisco adalah salah
satu produk terbaik di bidang jaringan komputer, selain itu lebih banyak engineer yang
memiliki sertifikasi Cisco di banding produk lainnya, sehingga lebih mudah untuk
mencari orang yang bisa melakukan pengelolaan terhadap switch dan router yang
dipakai. Penggunaan teknologi Intrusion Prevention System buatan IBM yang sebagai
alat keamanan jaringan karena IPS buatan IBM adalah produk yang dapat diandalkan
serta PT. Seraphim Digital Technology merupakan distributor IPS buatan IBM.

Internet

Open VPN

Router Box
Server Aplikasi Mobile
Proxy server 1
Server Aplikasi 1

Switch
3COM

Switch
3COM
Proxy server 2

File Server 1
Switch
3COM

File Server 2

Hub IT

Hub Busdev, Hub Pajak Hub Akuntansi


Sales, &Direksi

Web server

Server Aplikasi 2

Server Aplikasi 3

Server Antivirus

Mail Server

Gambar 2.1 Topologi jaringan PT.XYZ-TD

2.2.

Perancangan
Untuk menjaga keamanan pada struktur jaringan lama PT.XYZ-TD, maka
dibuatlah rancangan jaringan infrastruktur baru yang dapat mendukung kinerja
perusahaan dan sebagai pemecahan masalah dari hasil identifikasi masalah
yang dilakukan sebelumnya. Berikut ini adalah topologi rancangan
infrastruktur keamanan jaringan pada PT. XYZ-TD:

Gambar 2.2 Rancangan Jaringan Baru PT.XYZ-TD

2.3.

Evaluasi
Untuk evaluasi hasil implementasi sistem keamanan IPS pada PT. XYZ-TD, kami

menggambil log history satu minggu setelah pemasangan sistem keamanan IPS. Berikut
daftar tabel serangan-serangan yang diblok:
Tabel 4.1 Log History

Status

Severity

Event
Count

POP_Command_Overflow

Block

High

6289

95

MSRPC_Srvsvc_Path_Bo

Block

High

494

35

252

SSL_Challenge_Length_Overflow

Block

High

48

HTTP_Oracle_WebCache_Overflow Block

High

45

14

Telnet_Polycom_Blank_Password

Block

High

33

17

MSRPC_Race_Heap_Overflow

Block

High

32

15

SQL_SSRP_Slammer_Worm

Block

High

30

Email_Virus_Suspicious_Zip

Block

High

28

SQL_SSRP_MDAC_Client_Overflow

Block

High

20

DNS_RDATA_String_BO

Block

High

12

Image_JPEG_Tag_Overflow

Block

High

Email_Calendar_Code_Exec

Block

High

Image_JPEG_IE_Size_Overflow

Block

High

HTTP_repeated_character

Block

Medium 5405

158

66

Smurf_Attack

Block

Medium 4350

21

Email_Executable_Extension

Block

Medium 1495

93

76

HTTP_POST_Script

Block

Medium 31

YahooMSG_UserID_Overflow

Block

Medium 13

ICMP_Protocol_Unreachable_TCP

Block

Medium 5

HTTP_Cross_Site_Scripting

Block

Medium 4

HTTP_GET_Very_Long

Block

Medium 2

Tag Name

Source
Count

Target
Count

Email_Virus_Double_Extension

Block

Medium 1

HTTP_ASP_Security_Bypass

Block

Medium 1

UDP_Bomb

Block

Medium 1

DCOM_SystemActivation_DoS

Block

Low

164

HTML_Script_Extension_Evasion

Block

Low

DNS_Windows_SMTP_MX_DoS

Block

Low

Image_ANI_RateNumber_DoS

Block

Low

TCP_Null_Scan

Block

Low

MOV_Container_Overflow

Block

Low

Berdasarkan hasil evaluasi dari log history dapat dilihat bahwa serangan-serangan
yang

menyerang

PT.

XYZ-TD

berstatus

high

severity

terbanyak

adalah

POP_Command_Overflow sebanyak 6289 serangan, serangan berstatus Medium severity


terbanyak adalah HTTP_repeated_character sebanyak 5405 serangan, dan serangan
berstatus low severity terbanyak adalah DCOM_SystemActivation_DoS sebanyak 164
serangan. Dengan adanya pemasangan sistem keamanan IPS, 18.530 serangan mampu
diblok yang membuat jaringan PT. XYZ-TD lebih aman dari serangan-serangan yang
dapat mengganggu kinerja perusahaan.
.

3. Kesimpulan
Berdasarkan hasil evaluasi dari implementasi infrastruktur keamanan jaringan
dengan penggunaan teknologi Intrusion Prevention System (IPS) pada PT. XYZ-TD,
maka dapat disimpulkan :

Penggunaan modul VLAN, Inter-VLAN-Routing dan ACL pada Cisco Switch dan
Cisco Router akan mempermudah pekerjaan administrator jaringan dalam
melakukan pengelolaan dan pemeliharaan jaringan PT. XYZ-TD.

Dengan adanya Intrusion Prevention System (IPS) pada jaringan PT. XYZ-TD lebih
dari 18.530 serangan mampu diblok, sehingga membuat jaringan PT. XYZ-TD lebih
aman.

Daftar Pustaka
[1] Angelescu, S. (2010). CCNA Certification All-In-One for Dummies. Indianapolis: Wiley
Publishing, Inc.
[2] ISS X-Force. (2011, December 17). Apple Quicktime atom length detected
(MOV_Container_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/MOV_Container_Overflow.htm
[3] ISS X-Force. (2011, December 17). HTML Script Extension Evasion
(HTML_Script_Extension_Evasion). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTML_Script_Extension_Evasion.htm
[4] ISS X-Force. (2011, December 17). HTTP GET contains repeated characters
(HTTP_repeated_character). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_repeated_character.htm
[5] ISS X-Force. (2011, December 17). HTTP POST contains malicious script
(HTTP_POST_Script). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_POST_Script.htm
[6] ISS X-Force. (2011, December 17). ICMP Protocol Unreachable TCP denial of service
(ICMP_Protocol_Unreachable_TCP). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/ICMP_Protocol_Unreachable_TCP.htm
[7] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name
(Email_Executable_Extension). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Executable_Extension.htm
[8] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name
(Email_Virus_Double_Extension). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Virus_Double_Extension.htm
[9] ISS X-Force. (2011, December 17). Mail message contains suspicious ZIP file
(Email_Virus_Suspicious_Zip). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Virus_Suspicious_Zip.htm
[10]ISS X-Force. (2011, December 17). Microsoft ASP.NET Framework bypass security
(HTTP_ASP_Security_Bypass). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_ASP_Security_Bypass.htm
[11]ISS X-Force. (2011, December 17). Microsoft Data Access Components (MDAC) broadcast
request buffer overflow (SQL_SSRP_MDAC_Client_Overflow). Retrieved December 19, 2011,
from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/SQL_SSRP_MDAC_Client_Overflow.htm

[12]ISS X-Force. (2011, December 17). Microsoft Exchange iCal MODPROPS denial of service
(Email_Calendar_Code_Exec). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Calendar_Code_Exec.htm
[13]ISS X-Force. (2011, December 17). Microsoft IIS Cross-Site Scripting (HTTP Cross site
scripting). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_Cross_Site_Scripting.htm
[14]ISS X-Force. (2011, December 17). Microsoft Internet Explorer JPEG image buffer
overflow (Image_JPEG_IE_Size_Overflow). Retrieved December 19, 2011, from
http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_JPEG_IE_Size_Overflow.htm
[15]ISS X-Force. (2011, December 17). Microsoft Windows 2000 and XP RPC race condition
(MSRPC_Race_Heap_Overflow). Retrieved December 19, 2011, from www.iss.net:
MSRPC_Race_Heap_Overflow
[16]ISS X-Force. (2011, December 17). Microsoft Windows ANI file zero rate number overflow
denial of service (Image_ANI_RateNumber_DoS). Retrieved December 19, 2011, from
www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_ANI_RateNumber_DoS.htm
[16]ISS X-Force. (2011, December 17). Microsoft Windows DNS client data string buffer
overflow (DNS_RDATA_String_BO). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/DNS_RDATA_String_BO.htm
[17]ISS X-Force. (2011, December 17). Microsoft Windows JPEG buffer overflow
(Image_JPEG_Tag_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_JPEG_Tag_Overflow.htm
[18]ISS X-Force. (2011, December 17). Microsoft Windows RPCSS Service RPC message can
cause denial of service (DCOM_SystemActivation_DoS). Retrieved December 19, 2011, from
www.iss.net:
http://www.iss.net/security_center/reference/vuln/DCOM_SystemActivation_DoS.htm
[19]ISS X-Force. (2011, December 17). Microsoft Windows Server Service RPC code execution
(MSRPC_Srvsvc_Path_Bo). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/MSRPC_Srvsvc_Path_Bo.htm
[20]ISS X-Force. (2011, December 17). Microsoft Windows SMTP Service and Microsoft
Exchange SMTP DNS Mail Exchanger (MX) denial of service
(DNS_Windows_SMTP_MX_DoS). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/DNS_Windows_SMTP_MX_DoS.htm

[21]ISS X-Force. (2011, December 17). NCSA httpd allows remote users to execute commands
(HTTP_GET_Very_Long). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_GET_Very_Long.htm
[22]ISS X-Force. (2011, December 17). Oracle9i Application Server Web Cache HTTP Request
Method buffer overflow (HTTP_Oracle_WebCache_Overflow). Retrieved December 19, 2011,
from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_Oracle_WebCache_Overflow.htm
[23]ISS X-Force. (2011, December 17). Polycom ViewStation password is blank
(Telnet_Polycom_Blank_Password). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Telnet_Polycom_Blank_Password.htm
[24]ISS X-Force. (2011, December 17). Qpopper contains a buffer overflow that could allow
root access (POP_Command_Overflow). Retrieved December 19, 2011, from
http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/POP_Command_Overflow.htm
[25]ISS X-Force. (2011, December 17). Smurf denial of service (Smurf_Attack). Retrieved
December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Smurf_Attack.htm
[26]ISS X-Force. (2011, December 17). SQL Slammer worm propagation
(SQL_SSRP_Slammer_Worm). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/SQL_SSRP_Slammer_Worm.htm
[27]ISS X-Force. (2011, December 17). SSLV2 Client Hello Overflow
(SSL_Challenge_Length_Overflow). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/SSL_Challenge_Length_Overflow.htm
[28]ISS X-Force. (2011, December 17). SunOS can be crashed with malformed UDP packets
(UDP_Bomb). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/UDP_Bomb.htm
[29]ISS X-Force. (2011, December 17). TCP Half scan (Stealth scan) (TCP null scan). Retrieved
December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/TCP_Null_Scan.htm
[30]ISS X-Force. (2011, December 17). Yahoo! Messenger victimID buffer overflow
(YahooMSG_UserID_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/YahooMSG_UserID_Overflow.htm
[31]Rob Payne, K. M. (2003). Cisco certified internetwork expert: study guide (2nd Edition ed.).
California: SYBEX Inc.
[32]Tanenbaum, A. S. (2003). Computer Network (4th edition ed.). New Jersey: Prentice Hall.

ANALYSIS, DESIGN, DAN


IMPLEMENTATION NETWORK
INFRASTRUCTURE SECURITY WITH
IPS TECHNOLOGY AT PT. XYZ-TD
Christophorus Calvin Halim
Binus University, Jakarta, DKI Jakarta, Indonesia

and

Jan Dicky Chandra


Binus University, Jakarta, DKI Jakarta, Indonesia

Abstract
Currently, the network infrastructure must be accompanied by a security system to
prevent damage to existing systems in the company because of a cracker or a virus that can
penetrate corporate networks. Therefore, it has been carried out analysis of PT. XYZ-TD
network infrastructure and do design, and implementation of new network infrastructure by
adding technology Intrusion Prevention System (IPS) as a security tool for PT. XYZ-TD. The
method used is the analytical methodology, by conducting direct observation to determine the
characteristics of the PT. XYZ-TD network infrastructure is being run, and the methodology
PDIOO (Planning, Design, Implementation, Operation and Optimization) in doing the design and
implementation. The results obtained are implemented design for PT. XYZ-TD network
infrastructure. The use of module VLAN, Inter-VLAN-Routing and ACL facilitate PT. XYZ-TD
network administrator in doing maintenance and management of the network. In addition, the
installation of IPS also makes the PT. XYZ-TD network to be more secure against attack from
outside or from within. That way there are problems in PT. XYZ-TD can be resolved.

Kata kunci :
Intrusion Preventiom System, Network Infrastructure Security, PT. XYZ-TD

1. Introduction
Development of information technology is increasingly growing, especially
computer networks at this time has become one of the most fundamental thing in a
company. It can be seen from the use of computer networks has become a basic
requirement for any company, whether large or medium companies. Computer network
technology has become an important key in the era of globalization and information
technology.
PT. XYZ-TD is a company engaged in trading and distribution offices in Jakarta
and one subsidiary company of PT. XYZ. PT. XYZ-TD is developing information
technology to support and improve business processes. Based on information received
from the IT staff at PT. XYZ-TD, there are some problems in the network infrastructure
systems. PT. XYZ-TD would like to replace the entire network infrastructure with an
infrastructure design that much better. This is because the old network system using only
one segment, so if there are attacks that enter into the corporate network could cause
problems for all users who connect to the corporate network.
In addition, PT. XYZ-TD just bought a solution ERP (Enterprise Resource
Planning) is used to improve the quality of work and the marketability of its marketing
staff. Application of this solution must be activated for 24 hours, because if not accessible
in some time, it will disrupt the business processes which will indirectly reduce the profit
of the company. Therefore so requires a tool capable of maintaining network security and
ERP applications on PT. XYZ-TD with the use of Intrusion Prevention System (IPS) as a
solution to minimize the problems on their network security.
In the process, IPS is an information technology to improve network security that
can prevent crackers and viruses that can not attack the PT. XYZ-TD network. Early

emergence of IPS came from IDS (Intrusion Detection System) which only serves to
detect suspicious activity in a network system and perform analysis and look for evidence
of experimental intrusion/infiltration. Since the number of threats to the companies
network IDS to IPS is developing technology that serves to identify the network from
malicious activity, logging information, block or stop, and report these dangerous
activities.
With the development of network technology that exist at present, it is undeniable
that network security becomes a matter that should be taken into account. PT. Seraphim
Digital Technology as a company offering IT solutions, especially in the field of view of
network security that can help to minimize the threat and both internal and external
attacks that could disrupt the flow of business. This technology is very interesting to
discuss because it deals with issues that often arise in computer networks, especially in
network security, network security system with which the IPS technology is expected to
maintain the network infrastructure in the future. Therefore, in this paper will discuss the
analysis, design, and implementation of network security infrastructure with IPS
technology in collaboration with IT staff PT. Seraphim Digital Technology for the PT.
XYZ-TD and its evaluation.

2. Metodologi
The scope of research includes analysis of the old network system of PT. XYZTD, design and implementation of new networks that are structured as well as
installing safety devices on the network IPS PT. XYZ-TD. The discussion is carried
out include the following:
-

Analysis

Design

2.1.

Evaluation

Analysis
At that time the network topology, can be seen in Figure 2. still use the router box
and use the patch panel and there is no security tools to keep your corporate network,
and there are still external servers that join the internal server. So in the design of
new network topologies will be using Cisco switches and routers Cisco 1Gb
manageable so that the network easier to manage and maintain, and use IBM's
Intrusion Prevention System made to secure the network from attacks. The use of
Cisco switches and Cisco routers in the network topology due to the new Cisco is
one of the best products in the field of computer network, except that more engineers
who have Cisco certifications in the appeal of other products, making it easier to find
someone who could take over management of switches and routers is used. The use
of technology made by IBM Intrusion Prevention System which as a network
security tool for IPS products made by IBM is a reliable and PT. Seraphim Digital
Technology is a distributor of IPS made by IBM.

Figure 2.1 PT.XYZ-TD Network Topology

2.2.

Design
To maintain security on the old network structure PT.XYZ-TD, then made
the design of new network infrastructure that can support the company's
performance and as a result of solving the problem of identifying problems
before. Here is a topology design of network security infrastructure at the PT.
XYZ-TD:

Figure 2.2 PT.XYZ-TD New Design

2.3.

Evaluation
To evaluate the implementation of the IPS security system on PT. XYZ-TD, we

took this log history one week after the installation of security systems IPS. The following
table lists blocked attacks:
Table 2.1 Log History

Status Severity

Event
Count

POP_Command_Overflow

Block

High

6289

95

MSRPC_Srvsvc_Path_Bo

Block

High

494

35

252

SSL_Challenge_Length_Overflow

Block

High

48

HTTP_Oracle_WebCache_Overflow Block

High

45

14

Telnet_Polycom_Blank_Password

Block

High

33

17

MSRPC_Race_Heap_Overflow

Block

High

32

15

SQL_SSRP_Slammer_Worm

Block

High

30

Email_Virus_Suspicious_Zip

Block

High

28

SQL_SSRP_MDAC_Client_Overflow Block

High

20

DNS_RDATA_String_BO

Block

High

12

Image_JPEG_Tag_Overflow

Block

High

Email_Calendar_Code_Exec

Block

High

Image_JPEG_IE_Size_Overflow

Block

High

HTTP_repeated_character

Block

Medium 5405

158

66

Smurf_Attack

Block

Medium 4350

21

Email_Executable_Extension

Block

Medium 1495

93

76

HTTP_POST_Script

Block

Medium 31

YahooMSG_UserID_Overflow

Block

Medium 13

ICMP_Protocol_Unreachable_TCP

Block

Medium 5

HTTP_Cross_Site_Scripting

Block

Medium 4

HTTP_GET_Very_Long

Block

Medium 2

Email_Virus_Double_Extension

Block

Medium 1

HTTP_ASP_Security_Bypass

Block

Medium 1

UDP_Bomb

Block

Medium 1

DCOM_SystemActivation_DoS

Block

Low

164

HTML_Script_Extension_Evasion

Block

Low

DNS_Windows_SMTP_MX_DoS

Block

Low

Image_ANI_RateNumber_DoS

Block

Low

TCP_Null_Scan

Block

Low

TagName

Source
Count

Target
Count

MOV_Container_Overflow

Block

Low

Based on the evaluation of the history log can be seen that the attacks that attack
the PT. XYZ-TD status of high severity is POP_Command_Overflow as much as 6289
most attacks, Medium severity status as most are HTTP_repeated_character 5405 attacks,
and attacks low-status is the highest severity DCOM_SystemActivation_DoS as much as
164 attacks. With the installation of security systems IPS, 18 530 attacks can be blocked to
create a network of PT. XYZ-TD is more secure from attacks that could disrupt the
company's performance.

3. Conclusion
Based on the evaluation of the implementation of network security infrastructure
with the use of Intrusion Prevention System (IPS) at PT. XYZ-TD, it can be concluded:

Use of module VLAN, Inter-VLAN-ACL on the Cisco Routing and Switch and
Cisco Router will facilitate the work of network administrators in managing and
maintaining a network of PT. XYZ-TD.

With the Intrusion Prevention System (IPS) on the PT. XYZ-TD network more than
18.530 attacks can be blocked, making the PT. XYZ-TD network is more secure.

Daftar Pustaka
[1] Angelescu, S. (2010). CCNA Certification All-In-One for Dummies. Indianapolis: Wiley
Publishing, Inc.
[2] ISS X-Force. (2011, December 17). Apple Quicktime atom length detected
(MOV_Container_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/MOV_Container_Overflow.htm
[3] ISS X-Force. (2011, December 17). HTML Script Extension Evasion
(HTML_Script_Extension_Evasion). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTML_Script_Extension_Evasion.htm
[4] ISS X-Force. (2011, December 17). HTTP GET contains repeated characters
(HTTP_repeated_character). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_repeated_character.htm
[5] ISS X-Force. (2011, December 17). HTTP POST contains malicious script
(HTTP_POST_Script). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_POST_Script.htm
[6] ISS X-Force. (2011, December 17). ICMP Protocol Unreachable TCP denial of service
(ICMP_Protocol_Unreachable_TCP). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/ICMP_Protocol_Unreachable_TCP.htm
[7] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name
(Email_Executable_Extension). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Executable_Extension.htm
[8] ISS X-Force. (2011, December 17). Mail attachment with a suspicious file name
(Email_Virus_Double_Extension). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Virus_Double_Extension.htm
[9] ISS X-Force. (2011, December 17). Mail message contains suspicious ZIP file
(Email_Virus_Suspicious_Zip). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Virus_Suspicious_Zip.htm
[10]ISS X-Force. (2011, December 17). Microsoft ASP.NET Framework bypass security
(HTTP_ASP_Security_Bypass). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_ASP_Security_Bypass.htm
[11]ISS X-Force. (2011, December 17). Microsoft Data Access Components (MDAC) broadcast
request buffer overflow (SQL_SSRP_MDAC_Client_Overflow). Retrieved December 19, 2011,
from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/SQL_SSRP_MDAC_Client_Overflow.htm

[12]ISS X-Force. (2011, December 17). Microsoft Exchange iCal MODPROPS denial of service
(Email_Calendar_Code_Exec). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Email_Calendar_Code_Exec.htm
[13]ISS X-Force. (2011, December 17). Microsoft IIS Cross-Site Scripting (HTTP Cross site
scripting). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_Cross_Site_Scripting.htm
[14]ISS X-Force. (2011, December 17). Microsoft Internet Explorer JPEG image buffer
overflow (Image_JPEG_IE_Size_Overflow). Retrieved December 19, 2011, from
http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_JPEG_IE_Size_Overflow.htm
[15]ISS X-Force. (2011, December 17). Microsoft Windows 2000 and XP RPC race condition
(MSRPC_Race_Heap_Overflow). Retrieved December 19, 2011, from www.iss.net:
MSRPC_Race_Heap_Overflow
[16]ISS X-Force. (2011, December 17). Microsoft Windows ANI file zero rate number overflow
denial of service (Image_ANI_RateNumber_DoS). Retrieved December 19, 2011, from
www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_ANI_RateNumber_DoS.htm
[16]ISS X-Force. (2011, December 17). Microsoft Windows DNS client data string buffer
overflow (DNS_RDATA_String_BO). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/DNS_RDATA_String_BO.htm
[17]ISS X-Force. (2011, December 17). Microsoft Windows JPEG buffer overflow
(Image_JPEG_Tag_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Image_JPEG_Tag_Overflow.htm
[18]ISS X-Force. (2011, December 17). Microsoft Windows RPCSS Service RPC message can
cause denial of service (DCOM_SystemActivation_DoS). Retrieved December 19, 2011, from
www.iss.net:
http://www.iss.net/security_center/reference/vuln/DCOM_SystemActivation_DoS.htm
[19]ISS X-Force. (2011, December 17). Microsoft Windows Server Service RPC code execution
(MSRPC_Srvsvc_Path_Bo). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/MSRPC_Srvsvc_Path_Bo.htm
[20]ISS X-Force. (2011, December 17). Microsoft Windows SMTP Service and Microsoft
Exchange SMTP DNS Mail Exchanger (MX) denial of service
(DNS_Windows_SMTP_MX_DoS). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/DNS_Windows_SMTP_MX_DoS.htm

[21]ISS X-Force. (2011, December 17). NCSA httpd allows remote users to execute commands
(HTTP_GET_Very_Long). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_GET_Very_Long.htm
[22]ISS X-Force. (2011, December 17). Oracle9i Application Server Web Cache HTTP Request
Method buffer overflow (HTTP_Oracle_WebCache_Overflow). Retrieved December 19, 2011,
from www.iss.net:
http://www.iss.net/security_center/reference/vuln/HTTP_Oracle_WebCache_Overflow.htm
[23]ISS X-Force. (2011, December 17). Polycom ViewStation password is blank
(Telnet_Polycom_Blank_Password). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/Telnet_Polycom_Blank_Password.htm
[24]ISS X-Force. (2011, December 17). Qpopper contains a buffer overflow that could allow
root access (POP_Command_Overflow). Retrieved December 19, 2011, from
http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/POP_Command_Overflow.htm
[25]ISS X-Force. (2011, December 17). Smurf denial of service (Smurf_Attack). Retrieved
December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/Smurf_Attack.htm
[26]ISS X-Force. (2011, December 17). SQL Slammer worm propagation
(SQL_SSRP_Slammer_Worm). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/SQL_SSRP_Slammer_Worm.htm
[27]ISS X-Force. (2011, December 17). SSLV2 Client Hello Overflow
(SSL_Challenge_Length_Overflow). Retrieved December 19, 2011, from http://www.iss.net:
http://www.iss.net/security_center/reference/vuln/SSL_Challenge_Length_Overflow.htm
[28]ISS X-Force. (2011, December 17). SunOS can be crashed with malformed UDP packets
(UDP_Bomb). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/UDP_Bomb.htm
[29]ISS X-Force. (2011, December 17). TCP Half scan (Stealth scan) (TCP null scan). Retrieved
December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/TCP_Null_Scan.htm
[30]ISS X-Force. (2011, December 17). Yahoo! Messenger victimID buffer overflow
(YahooMSG_UserID_Overflow). Retrieved December 19, 2011, from www.iss.net:
http://www.iss.net/security_center/reference/vuln/YahooMSG_UserID_Overflow.htm
[31]Rob Payne, K. M. (2003). Cisco certified internetwork expert: study guide (2nd Edition ed.).
California: SYBEX Inc.
[32]Tanenbaum, A. S. (2003). Computer Network (4th edition ed.). New Jersey: Prentice Hall.