ABSTRACT CHAPTER I. Preliminary Background

Transcription

1 FIREWALL OPTIMIZATION ON BROAD SCALE NETWORK Nama Penulis : Jurnalis : Bobi Paisal Baraba Dosen Bahasa Indonesia : Bambang Dahrmaputra Pendidikan Teknik Informatika dan Komputer Fakultas Teknik Universitas Negeri Jakarta bobibaraba@yahoo.com ABSTRACT Computer networks are not new at this time. Almost every company there is a computer network to facilitate the flow of information within the company The. Internet is gaining popularity today is a giant computer network which is a computer network and can interact. It is may occur due to the development of network technology is very rapid. But in some way connected to the Internet can be a threat dangerous, many attacks can occur both within and outside such as viruses, trojans, and hackers. In the end the security of computers and computer networks will play an important role in this case. A good firewall configuration and optimized to reduce the threats The. Firewall configuration, there are 3 types of them are screened host firewall system (single-homed bastion), screened host firewall system (dual-homed bastion), and screened subnet firewall. And also configure the firewall to open portport right to have a connection to the Internet, because the configure the ports in a firewall can filter packets that entered in accordance with the policy or policies. The firewall architecture that will used to optimize a network firewall CHAPTER I Preliminary 1.1. Background Internet is often referred to as a world without borders. Various information can be obtained at Internet and anyone can access the information. Along with the development information technology, the Internet not only make a positive contribution to the lives of but also a threat. More frightening threat is coming from the virtual world, ranging from viruses, trojans, phishing cracker biased to meddle with the security computer systems. Connected to the Internet proverbial open door to the computer can be accessed by anyone. Through the door is exactly, you can very easily explore whether it's the wilds of cyberspace for online shopping, read the latest news, send and so forth. But it is precisely through the door, hackers can enter and easily

2 meddle even take control of the system komputer.pada many occasions, we need to determine which option is to be trusted and which are not. Even if something is coming from a trusted source and safe to run. You may receive s from trusted sources in which is included a link and clicking on it. But who would have thought if it turns through the link, hackers to slip malicious program to spy on a computer without the knowledge You. For this reason, the computer requires a fortress that will protect the computer from malicious threats on the internet. In the virtual world, this fortress called firewall. Computer or computer network security, especially those connected to the Internet must be planned and coordinated properly in order to protect resources (Resource) and the investment in it. Information (data) and service (service) has been become a very important commodity. The ability to access and provide information quickly and accurately to be essential for a organization, either in the form of a commercial organization (company), universities, government agencies, and individual (personal) Destination Based on the above background the purpose of this study is to be optimize firewall on the network so as to reduce ancamanancaman contained in the internet world and we become more comfortable explore the world of the Internet Research Methods The method used in the manufacture of writing this journal is to using literature. With this method, the authors collected a variety of information related to the subject matter of this journal article.

3 CHAPTER II Basis Theory 2.1. Computer Networks The computer network is a collection of computers, printers and other equipment connected. Information and data moving through wires allowing computer network users can exchange documents and data, print on and with the same printer using the same hardware / software connected with the network. Each computer, printer or peripherals connected to the network called nodes. A computer network can have two, tens, thousands or even millions of nodes. A network usually consists of 2 or more interconnected computers among one another, and share resources eg CDROM, Printers, exchange files, or allow it to communicate with each other electronics Type - Type Network There are 3 kinds of network types, namely: 1. The Local Area Network (LAN) LAN is a network that is limited by the relatively small area, generally bounded by the environment such as an office area in a building, or a school, and usually not much of approximately 1 sq. km. 2. Metropolitan Area Network (MAN) MAN typically covers a larger area than a LAN, for example between regions within a province. In this case the network linking several pieces small networks into a larger area environments, for example namely Bank network where several branches of a bank in a major cities are connected to one another. 3. Wide Area Network (WAN) Wide Area Networks (WAN) is a network whose scope is usually by means of satellite or submarine cable as an example of the overall BANK BNI networks that exist in Indonesia or in other countries.

4 2.2. Firewall The Internet is a computer network that is very open in the world, the consequences The responsibility is to be no guarantee of security for the network related to Internet. This means that if the operator is not careful in setting up the system, then most likely related to network Internetakan easily enter the were not invited from outside. It is the duty of the concerned network operators, to reduce these risks to a minimum. The selection of strategy and skill The network administrator, would be very easy to distinguish whether a network penetrated or not. Firewall is a tool to implement security policies (security policy). While the security policy, created by the balance between facilities supplied with its security implications. The more stringent security policies, increasingly complex service configuration information or the less facilities available in the network. Conversely, with more and more facilities are available or applied in such a simple configuration, the easier the person 'Nosy' from outside into the system (a direct result of the weakness of the security policy). In the real world, a firewall is a wall that separates the room, so fire on a room does not spread to other rooms. But the truth firewall on the Internet is more like a defense around the fort, which maintains against attacks from the outside. The point: restrict the movement of people into the internal network restrict the movement of people out of the internal network prevent attackers layered defense approach So in and out of the firewall should be acceptable. A firewall is a combination of routers, servers, and software appropriate complementary. A firewall is a way / system / mechanism which is applied both to the hardware, software or system itself in order to protect both with filter, limit or even reject any or all relationships / activities a segment on a private network with external networks is not a space scope. These segments can be a workstation, server, router, or local area network (LAN).

5 CHAPTER III Discussion To perform the optimization of a firewall there are a few things to note. Among them: The first we need to define a firewall policy Policy or stretcher. Because they determination of policy or policies merupak very important thing, whether good or bad a firewall is largely determined by the policy or policies are implemented. Determination The policies include: Determine what needs to be serviced. That is what will be policy that we will create. Determining the individuals or groups that would be subject to policy or the policy. Determine the services dibuthkan by each individual orgroups that use the network. Under each service used by individuals or groupsthe best configuration will be determined bagaimanan which shall be made increasingly comfortable. Applying all of the policy or policies. Next can analyze the list of ports that are used by various protocol and open the ports into the firewall and the ports must be stretcher appropriate. Web servers often identified through port 80, FTP (File Transfer Protocol) through port 21, through the SSH port 22. Port shows which ports are must be opened in the web server side. On the PC ports need to be opened is to making outgoing connections, the setting for it usually has been done by the firewall automatically when when we run a program that requires a connection to Internet. When we have to know which ports are needed by the program open the ports into the firewall. Basically, the more open ports on the firewall then the less The PC safe, especially on file and printer-sharing under Windows. Hackers often find and exploit weak points that exist. If we're using the notebook is connected to the hotspot umumtutup ports open. Modern firewall will automatically recognize and configure network self own seseuai with the situation. Most firewallmasa now offers function settings automatically for file and printer sharing. In another firewall like XP-firewall must each dikonfugurasi times manually. To enable file and printer sharing, open ports TCP 139 and 445 and UDP ports 137 and 138 for data entry. In addition we need allow ICMP echo requests. When we connect to the internet through a router is better if configure the router. Router settings that need to be changed is the function of Port Forwarding to be activated, because most routers Port function Forwarding normally have been turned off by default. With proper configuration, router will reject IP packets with spoofed sender. Optimizing the next firewall configuration adalahmenentukan a firewall appropriately. There are several firewall configuration: Dual-homed host Dual homed host can be a router, but for being the firewall traffic IP in this architecture completely blocked. So if there is a package that is coming out entry, should be through a proxy.

6 Screened Host Using the bastion host is placed in the intranet, and the whole communication and out must go through a proxy on the bastion and then through screening router. Bastion host is the system / section considered the strongest in the network security system by administrator.atau can call the forefront which is considered the most powerful in resisting the attack, so it becomes part important in network security, usually a firewall component or the outer portion of the public system. Glance it appears that a dual-homed architecture is more secure, but in practice many system failures that allow packets passing from one side to the other in a dual homed architecture. So the main reason for using a screened host as a router architecture is more easily secured than a computers / hosts. The main evil is they both have a 'single point of failure '. Screened Subnet The reason why Bastion hosts are often the target of attacks. Because the idea is if the bastion host has been compromised, the attacker not to enter into internal network. Therefore, the bastion host is placed in the perimeter network. To break into the network, hackers have to attack the exterior and interior routers router. There is also one that has a layered perimeter, where the condition to be effective is the defense system of each layer must be different. Perimeter networkyaitu if anyone managed to penetrate to the exterior router and bastion, then the attacker can only see packets that roam perimeter of the network only. So the communication traffic on the internal network (which relatively sensitive) can not be seen by the attacker from the network perimeter. Bastion host acts as an entry point connections from the outside, including SMTP, FTP and DNS. Meanwhile, to make the connection from the client to the server in the Internet can done in 2 ways: Allow routers so that the client can connect to the Internet server directly. Using a proxy server on the bastion. Interior routers protecting the internal network from the Internet and the perimeter network. Traffic should be allowed between the bastion with a client, is only the essentials only. For example, the relationship with the mail server SMTP antarabastion internally. Pay attention to any internal server computer that is connected to the bastion, because that will be the target of an attack if successful bastion destroyed by hackers. Exterior routers in practice allow many packages out, and only slightly filter incoming packets. However, usually for screening the internal network, same settings between internal and external routers. The main task of the external router is to block packets that have fake addresses from the outside (because tried to disguise the IP address of one of the hosts in the internal network). Because certainly from the Internet. Why not in the internal router? Because they can be of perimeter of the net a little more trusted.

7 CHAPTER IV Conclusion A security is a very important thing in the world of internet either computer security and network security that many are filled with a variety of threats both from within and from outside, and the firewall is a solution to be overcome the security. With a proper configuration on the firewall the possibility of securing a data or remote computer on the network becomes more secure. Konfigrasi a firewall first is the determination of policy or firewall policy is about what will be the policy, anyone who would subject to the policies and services that are required for each individual. Then specify the ports that are used by various protocols and open these ports into the firewall, and also open the ports used for file sharing and ping requests. Next is to determine an appropriate configuration and in accordance with the state of the network. A screened subnet configuration highest level of security, because in this configuration used 2 pieces pack filtering router, so that local networks become invisible (invisible) and can not be construct routing directly to the internet or in other words, the Internet became invisible due to external router that will serve the relationship between the Internet and the bastion host, yet it does not mean the local network can not connect to the internet. With this configuration allows us to boost firewall security much better than threats internet.namun not rule that we fixed network can be attacked by hackers who attack highly directional. But a little better protected than not at all. REFERENCES 1. Tanembaum, Andrew S Jaringan Komputer Edisi Bahasa Indonesia Jilid 1. Prenhallindo : Jakarta. 2. Majalah CHIP edisi Mei Firewall Yang Sempurna f1b ewall.pdf 8. ewall.pdf 9.