Infrastructure as Code for Security Automation and Network Infrastructure Monitoring

Wahyu Riski Aulia Putra; Agus Reza Aristiadi Nurwa; Dimas Febriyan Priambodo; Muhammad Hasbi

doi:10.30812/matrik.v22i1.2471

Wahyu Riski Aulia Putra Politeknik Siber dan Sandi Negara, Bogor, Indonesia
Agus Reza Aristiadi Nurwa Politeknik Siber dan Sandi Negara, Bogor, Indonesia
Dimas Febriyan Priambodo Politeknik Siber dan Sandi Negara, Bogor, Indonesia https://orcid.org/0000-0001-5347-3248
Muhammad Hasbi STMIK Sinar Nusantara, Surakarta, Indonesia

DOI: https://doi.org/10.30812/matrik.v22i1.2471

Keywords: Ansible-playbook, Infrastructure as code, system administration

Abstract

The Corona Virus (COVID-19) pandemic that has spread throughout the world has created a new work culture, namely working remotely by utilizing existing technology. This has the effect of increasing crime and cyber attacks as more and more devices are connected to the internet for work. Therefore, the priority on security and monitoring of network infrastructure should be increased. The security and monitoring of this infrastructure requires an administrator in its management and configuration. One administrator can manage multiple infrastructures, making the task more difficult and time-consuming. This research implements infrastructure as code for security automation and network infrastructure monitoring including IDS, honeypot, and SIEM. Automation is done using ansible tools to create virtual machines to security configuration and monitoring of network infrastructure automatically. The results obtained are automation processes and blackbox testing is carried out and validation is carried out using a User Acceptance Test to the computer apparatus of the IT Poltek SSN Unit to prove the ease of the automation carried out. Based on the results of the UAT, a score of 154 was obtained in the Agree area with an acceptance rate of 81.05% for the implementation of infrastructure as code for the automation carried out

Downloads

Download data is not yet available.

References

[1] T. Oktarina, “Media Pembelajaran Online Untuk Mendukung Belajar Pada Stebis Islam Darussalam,” MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 19, no. 2, pp. 329–338, 2020, doi: 10.30812/matrik.v19i2.674.
[2] BSSN-IHP, “Laporan Tahun 2020 Honeynet Project BSSN - IHP,” 2021.
[3] S. R. Sairam Jetty, Securing Network Infrastructure. Packt Publishing Ltd, 2019.
[4] I. P. Hariyadi and K. Marzuki, “Implementation Of Configuration Management Virtual Private Server Using Ansible,” MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 19, no. 2, pp. 347–357, 2020, doi: 10.30812/matrik.v19i2.724.
[5] K. Marzuki et al., “Otomasisasi Manajemen Vlan Intervlan dan Dhcp Server Menggunakan Ansible,” Jurnal Informatika & Rekayasa Elektronika), vol. 4, no. 2, pp. 171–180, 2021.
[6] H. Ahmetoglu and R. Das, “A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions,” Internet of Things, vol. 20, p. 100615, 2022, doi: https://doi.org/10.1016/j.iot.2022.100615.
[7] C. Kelly, N. Pitropakis, A. Mylonas, S. McKeown, and W. J. Buchanan, “A Comparative Analysis of Honeypots on Different Cloud Platforms.,” Sensors (Basel, Switzerland), vol. 21, no. 7, Apr. 2021, doi: 10.3390/s21072433.
[8] A. Khumaidi, “Implementation of Devops Method for Automation of Server Management Using Ansible,” Jurnal Transformatika, vol. 18, no. 2, p. 199, 2021, doi: 10.26623/transformatika.v18i2.2447.
[9] I. P. A. E. Pratama, “Infrastructure as Code (IaC) Menggunakan OpenStack untuk Kemudahan Pengoperasian Jaringan Cloud Computing (Studi Kasus: Smart City di Provinsi Bali) Infrastructure as Code (IaC) Using OpenStack for Ease of Operation of Cloud Computing Network (Case Study,” Jurnal Ilmu Pengetahuan dan Teknologi Komunikasi, vol. 23, no. 1, pp. 93–105, 2021, doi: 10.33169/iptekkom.23.1.2021.93-105.
[10] Nane Kratzke, “Infrastructure as Code | Cloud-native Programming.” .
[11] C. Siebra et al., “From theory to practice: The challenges of a Devops infrastructure as code implementation,” ICSOFT 2018 - Proceedings of the 13th International Conference on Software Technologies, no. Icsoft, pp. 427–436, 2019, doi: 10.5220/0006826104270436.
[12] M. Artaˇ and T. Borovˇ, “DevOps : Introducing Infrastructure-as-Code,” 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp. 1–2, 2017, doi: 10.1109/ICSE-C.2017.162.
[13] J. M. Kizza, Guide to Computer Network Security - Fifth Edition. 2017.
[14] Y. Hidayat and B. Arifwidodo, “Implementasi Web Server Menggunakan Infrastructure As Code Terraform Berbasis Cloud Computing,” Format Jurnal Ilmiah Teknik Informatika, vol. 10, no. 2, p. 192, 2021, doi: 10.22441/format.2021.v10.i2.010.
[15] A. O. Olagunju and F. Samu, “In Search of Effective Honeypot and Honeynet Systems for Real-Time Intrusion Detection and Prevention,” in Proceedings of the 5th Annual Conference on Research in Information Technology, 2016, pp. 41–46, doi: 10.1145/2978178.2978184.
[16] R. Acheampong, T. C. Bălan, D.-M. Popovici, and A. Rekeraho, “Security Scenarios Automation and Deployment in Virtual Environment using Ansible,” in 2022 14th International Conference on Communications (COMM), 2022, pp. 1–7, doi: 10.1109/COMM54429.2022.9817150.
[17] H. Asad and I. Gashi, “Dynamical analysis of diversity in rule-based open source network intrusion detection systems,” Empirical Software Engineering, vol. 27, no. 1, 2022, doi: 10.1007/s10664-021-10046-w.
[18] F. R. Hariawan and S. U. Sunaringtyas, “Design an Intrusion Detection System, Multiple Honeypot and Packet Analyzer Using Raspberry Pi 4 for Home Network,” in 2021 17th International Conference on Quality in Research (QIR): International Symposium on Electrical and Computer Engineering, Oct. 2021, pp. 43–48, doi: 10.1109/QIR54354.2021.9716189.
[19] R. M. R. Alan Dennis, Barbara Wixom, Systems Analysis and Design, 8th ed. John Wiley & Sons, Inc., 2021.
[20] P. P. Et. al., “A Honey pot Implementation for security Enhancement in IOT System using AES and Key management,” Turkish Journal of Computer and Mathematics Education (TURCOMAT), vol. 12, no. 3, pp. 5206–5214, 2021, doi: 10.17762/turcomat.v12i3.2149.
[21] “Security Operations Center | Certified SOC Analyst | CSA | EC-Council.” .
[22] “Wazuh Elastic Stack.” .
[23] L. Hochstein and R. Moser, Ansible: Up and Running, 3rd ed. O’Reilly Media, Inc., 2022.
[24] P. D. Sugiyono, Metode Penelitian Kuantitatif, Kualitatif, dan R&D, 3rd ed. Bandung: CV Alfabeta, 2021.
[25] S. Aiiy, “Comparative analysis of proxmox VE and xenserver as type 1 open source based hypervisors,” International Journal of Scientific and Technology Research, vol. 7, no. 3, pp. 72–77, 2018.
[26] R. Khan, N. AlHarbi, G. AlGhamdi, and L. Berriche, “Virtualization Software Security: Oracle VM VirtualBox,” in 2022 Fifth International Conference of Women in Data Science at Prince Sultan University (WiDS PSU), 2022, pp. 58–60, doi: 10.1109/WiDS-PSU54548.2022.00023.