ArticlePDF Available

Analysis of Security Virtual Private Network (VPN) Using OpenVPN

Authors:

Abstract and Figures

Data transmission on the network of Informatics Engineering Research Laboratory Universitas Ahmad Dahlan using an unsecured public internet network, in order to be able to access the network from crossing actions and search for data traffic. One solution that can be done is with Virtual Private Network techniques using OpenVPN in learning networks. This research describes attempts to make a Virtual Private Network using the OpenVPN network design in the research laboratory of Informatics Universitas Ahmad Dahlan and how big the level of security. The results of implementing Virtual Private Network using OpenVPN is that the attempt gives a positive result, this is evidenced by the sniffing of data that cannot detect the username and password sent. Quality of Service measurement results experienced a decline in network quality with delay parameters rising from 51.4 ms to 463.4 ms, packet loss rose from 7.8% to 20.2%, throughput dropped from 82.8% to 71.6%, and bandwidth dropped from 64786.6 bit/s to 55589 bit/s, it is due to the encryption process and encapsulation that takes time.
Content may be subject to copyright.
Analysis of Security Virtual Private Network (VPN) Using OpenVPN
Muhammad Iqbal1, Imam Riadi2
1Department of Informatics, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
2Department of Information System, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
(muhammad12018182@webmail.uad.ac.id, imam.riadi@is.uad.ac.id)
ABSTRACT
Data transmission on the network of Informatics
Engineering Research Laboratory Universitas Ahmad
Dahlan using an unsecured public internet network,
in order to be able to access the network from
crossing actions and search for data traffic. One
solution that can be done is with Virtual Private
Network techniques using OpenVPN in learning
networks. This research describes attempts to make a
Virtual Private Network using the OpenVPN network
design in the research laboratory of
Informatics Universitas Ahmad Dahlan and how big
the level of security. The results of implementing
Virtual Private Network using OpenVPN is that the
attempt gives a positive result, this is evidenced by
the sniffing of data that cannot detect the username
and password sent. Quality of Service measurement
results experienced a decline in network quality with
delay parameters rising from 51.4 ms to 463.4 ms,
packet loss rose from 7.8% to 20.2%, throughput
dropped from 82.8% to 71.6%, and bandwidth
dropped from 64786.6 bit/s to 55589 bit/s, it is due to
the encryption process and encapsulation that takes
time.
Keywords:
OpenVPN, Mikrotik, Analysis, Security, QoS.
1 INTRODUCTION
Informatics research laboratory of Universitas
Ahmad Dahlan (UAD) which can be used for
students to conduct research primarily in the
field of the internet network, and research in the
lab, lots of data are not allowed to be published
and confidential, but nowadays the available
networks in research laboratory have not
completely safe from the action of tapping the
data so that it gave rise to fears of impending
attack by the attacker who can intercept this data
from outside the area over a network the
Internet. Therefore research laboratory needs a
security system can protect data from the action
of hacking and data-sniffing by using Virtual
Private Network (VPN) with OpenVPN.
The basic idea of a private network VPN can be
used as an advantage of an open communications
network infrastructure. A VPN is needed to
specify a certainty that the confidentiality of
sensitive data can be kept transmitted on the
network a Local Area Network (LAN) or
workable so that only authorized users are able
to access sensitive data. The VPN system
integrated into the communication system is able
to realize security is very high, so as to guarantee
a secure VPN that has been realized by the use
of encryption and decryption.
The advantage of a VPN using the OpenVPN is
a local chain owned will be wide, the time it
takes to connect the local network to other places
also getting faster. Reduces operational costs
when compared with the use of a leased line as a
traditional way to implement WAN. A VPN can
reduce the cost of making the network because it
does not require wires (leased line). Increase
scalability as well as giving ease to be accessed
from anywhere because a VPN to connect to the
internet (Remote Access). OpenVPN uses the
mechanism of Secure Sockets Layer/Transport
Layer Security (SSL/TLS), SSL/TLS uses one of
the best encryption methods namely asymmetric
encryption. On asymmetric encryption, each
server and client has 2 keys, namely public key
and private key.
58
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
Results of the network observation in this
research laboratory are not using VPN so for the
security of data sent and received is not fully
safe from assault and tapping. According to a
study of the literature, that the network security
and data transfer security method can use VPN,
therefore the author analyzes the network
security and Quality of Service (QoS) from the
VPN using the OpenVPN and analyze the level
of eligibility OpenVPN's security itself.
2 BASIC THEORY
2.1 Computer Network
Computer networks there are a variety of the
following types of computer network based on
scope. The scope here is how big the computer
network will be built. Based on spaces in scope,
a computer network can be distinguished into
three, namely [1] :
a) Local Area Network (LAN), is a computer
network which is built in the room a small
scope as a single building or group of
buildings. LAN is built in a limited scope
and usually owned by organizations that
already have the devices installed. An
internal data rate of the LAN is usually much
greater than the WAN.
b) Wireless Networks, are widely used in
environmental business. Wireless technology
is also common for both large areas of voice
and data network networks. It gives the
advantage in the field of wireless mobility
and ease of installation and configuration for
its users.
c) Wide Area Network (WAN), is a network
that covers a large geographic area requires
delimiters and rely at least partly on the
circuit provided by public operators.
Typically, a WAN consists of a number of
switching node interconnects. A transmission
from one of the devices is channeled through
the internal node to the device purpose. This
node (including node limit) does not affect
the contents of the data, their goal was to
provide a switching facility will move data
from node to node until they reach their
destination. Traditionally, WAN has been
implemented using one of the two
technologies: circuit switching and packet
switching. Recently, frame relay and ATM
networks have assumed the lead role which
uses it [2].
2.2 Virtual Private Network
Virtual Private Network (VPN) is a computer
network where connections between its nodes
utilize public networks (internet/WAN) as it may
be in certain cases or conditions do not allow it
to build its own infrastructure. When the
Connect VPN, the interconnection between the
node such as an independent network that has
actually created a special line pass through
connection or a public network. At every
company site, workstations, servers, and
databases connected by one or more local area
network (LAN) a LAN is under the control of
the network manager and can be configured and
tuned for cost-effective. The Internet or other
public networks can be used to connect the sites,
provide cost savings over the use of private
networks and reduction of the burden of wide
area network traffic to providers of public
networks [2].
2.3 Types of VPN Implementations
On the implementation, there are two types of
VPN, namely Remote Access VPN and Site to
Site VPN [2].
a) Remote access VPN
Figure 1. Remote access VPN
Figure 1 is Remote access VPN, Remote access
VPN also called Virtual dial-up Network
59
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
(VPDN). VPDN is a type of user-to-LAN
connection, the connection that connects a
mobile user with a Local Area Network (LAN).
This means that the user can access the private
network from anywhere. Usually, this VPDN
utilized by employees who are out of the Office
and require a connection to the Office network
of the company. Usually, companies that want to
make this type of VPN network will work
closely with Enterprise Service Provider (ESP).
ESP will provide a Network Access Server
(NAS) for the company. ESP will also provide
special software to computers used by
employees of the company[2].
b) Site-to-site VPN
Site-to-site VPN used to connect various areas
that already fixed or fixed, this device utilizing a
dedicated VPN are connected through the
internet. Site-to-site VPN is divided into two,
namely, extranet and intranet. An intranet that is
where VPN is used only to connect various
locations that are still one agency or one
company. Like the Central Office is connected to
the Branch Office. In other words, administrative
control in control. While the extranet is where
VPN is used to connect the company with other
companies, such as partners, suppliers, or
customers. In other words, administrative control
is under the control of some of the relevant
agencies.
2.4 Network Security
The security of computer networks is defined as
a protection of resources against the efforts of
change and destruction caused by someone who
is not allowed, there are two things that are
related to the security and confidentiality of data
in computer networks namely representation of
the data and data compression, which was later
associated with the issue of encryption [3].
The security of computer networks namely the
protection afforded to the automatic information
system to achieve the goal, namely maintaining
the availability, integrity, and confidentiality [4].
CIA triad can be seen in Figure 2.
Figure 2. CIA Triad
a. Availability
Availability means the system can ensure
that the system works well and the service is
not denied to users who are authorized. then
ensure proper access and can be trusted to
use the information. Loss of availability is
the disruption of access to the use of
information or information systems [4].
b. Confidentiality
Confidentiality means ensuring that personal
or confidential information can not be
accessed or used by another user or not on
show to unauthorized users. Can then
guarantee that user information can control
information associated with the user as can
be gathered and given to anyone. Then keep
the limitations of authority information
access such as protect personal privacy and
the information that matters.
c. Integrity
Ensure that the information and the program
can be changed only in a certain way and
with full authority to the user. Ensure that the
system functions as requested by users, there
is no willful and intentional to manipulate the
system. Then be able to guard against
improper information modification or
destruction, including ensuring the
authenticity of the data.
2.5 Mikrotik RouterOS
Mikrotik on standards-based hardware Personal
Computer (PC) known for their stability, quality
control and flexibility for different types of data
packets and handling of these processes
(routing). Mikrotik created as a router-based
60
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
computer much benefit for an ISP that wants to
run multiple applications ranging from the
lightest to advance. In addition to routing,
Mikrotik can be used as a management access
capacity, bandwidth control, firewall, hotspot
system, Virtual Private Network server and
much more [5].
Mikrotik began to be established in 1995 that
was originally intended for the company's
Internet service (Internet Service Provider, ISP).
Currently, MikroTik provides services to many
wireless ISPs for Internet access services in
many countries around the world and also very
popular in Indonesia [6].
2.6 OpenVPN
OpenVPN is an open source application for
Virtual Private Networking (VPN), where the
application can create a connection point to point
tunnel that has been encrypted. OpenVPN using
private keys, certificate, or username or
password to perform authentication in building
connections. Where to use OpenSSL encryption
[7].
a. Layer 2 and Layer 3 VPN.
OpenVPN offers two basic modes, which
operates as both a VPN layer 2 or layer 3
tunnel so that OpenVPN can also run on
Ethernet Frames, IPX packets and Windows
Network (NETBIOS) Packet Browsing, all
of which is a problem in the VPN solution
[7].
b. Protecting field workers with the internal
firewall.
Users who connect to the VPN Server will
make the tunnel and turn the laptop/computer
network settings, so that network traffic is
sent through the tunnel. If the tunnel is
established then the firewall from the VPN
Server will be able to protect your
laptop/computer connected, even though it is
not the local machine.
c. OpenVPN connections can be tunneled
through almost every firewall tunnel.
OpenVPN can work on sites that use HTTPS
protocol.
d. Proxy support and configuration.
OpenVPN has proxy support and can be
configured to run as a service and TCP or
UDP as server or client. As the OpenVPN
server, just wait until the client connection
requests, while as a client, it tries to make the
connection that corresponds to the
configuration.
e. Only one port in the firewall must be opened
to allow incoming connections.
Since the OpenVPN 2.0, a special server
mode allows connection of multiple
incoming TCP or UDP port of the same,
while still using a different configuration for
every single connection.
f. Virtual interfaces allow very specific
networking and firewall rules.
All regulations, restrictions, and forwarding
mechanisms concepts like NAT can be used
with OpenVPN tunnel.
g. High flexibility with extensive scripting
possibilities.
OpenVPN offers many starting points for
individual scripts. This script can be used for
a variety of purposes from authentication to
failover or more.
h. Transparent, high-performance support for
dynamic IPs.
OpenVPN no longer needs to use static IP'S
on both sides of the tunnel. The second point
is the end of the tunnel can have cheap DSL,
access with dynamic IP users will rarely see
the IP changes on both sides. the second
session is the Windows Terminal Server and
the Secure Shell (SSH) will only be "hang"
for a few seconds, but it will not stop the
requested demand after a brief pause.
i. No problems with NAT.
Both the OpenVPN server and clients can be
in a network that uses private IP addresses
only. Any firewall can be used to send traffic
to another tunnel.
j. Simple installation on any platform.
61
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
Both installation and usage are very simple.
Especially, if you've tried to set up IPsec
connections with different implementations.
k. Modular design.
Modular design with a high degree of
simplicity both in security and networking.
There are no other VPN solutions that can
offer different possibilities on the same
security level.
3 RESEARCH METHOD
3.1 Method Of Data Collection
Data collection was conducted to obtain data or
documents required in the research. Methods
undertaken in this research are:
a. Literature Method
This method is done by means of the study of
literature by reading and comparing the books,
journals, and papers on Virtual Private Network,
OpenVPN, sniffing Internet, and related articles.
b. Observation Method
This method is done by Observation or
research directed towards the object being
examined, with UAD research laboratory
experimenting with network security against
sniffing, then provide solutions for prevention
use the new security system.
3.2 Design
The process of designing this system needed a
structured scenario. To simplify the process of
designing the implementation of required
network topology and flowchart to help in
understanding the process of designing an
OpenVPN to be made. As for the topology of
VPN using OpenVPN using two Mikrotik
routers to connect between the server and the
client.
Figure 3. OpenVPN Network Topology
Figure 3 Is an OpenVPN Topology design,
OpenVPN server located in research laboratory
associated with Mikrotik router by taking an
existing internet access, and then in the
configuration of Mikrotik router to a client and
also take the internet available in research
laboratory, in this topology using the IP Public
Server 172.10.70.3/24 and Client 172.10.70.2/24
and the IP OpenVPN Server 10.100.100.1/32
and Client 10.100.100.2/32.
3.3 Testing System
Testing of the system will be done by conducting
an analysis of the QoS on the VPN network that
includes Throughput, Packet loss, Delay, and
Bandwidth, then conducted Security Test for
linking among servers with a user for sharing
data using VPN. To test security can be done an
assault by sniffing the data using tools of
Wireshark.
Figure 4. QoS analysis flowchart
Figure 4, is the flowchart in the analysis of the
QoS, using Software Tools, namely Axance Net
Tools to measure Delay, Packet lost, Throughput
62
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
and Bandwidth on the internet network Research
Laboratory. The principle of work is to connect
first to a network that will be the measure after
that start the analysis with time, then note down
the measurement results with the specified
parameters.
Figure 5. Attack Scenarios
In Figure 5, Assault scenario by using the tools
of Wireshark, which an attacker can place his
position in two machines communicate with
each other, then the attacker will perform the
action of sniffing data, and later in the analysis
to get the difference between when OpenVPN is
attacked and not attacked.
4 RESULTS AND DISCUSSION
4.1 Creation of OpenVPN
Creation of VPN with OpenVPN network of
informatics research laboratory UAD after doing
research on QoS and security network from
sniffing action and known to the preliminary
results of the parameter delay, packet loss,
throughput, and bandwidth on the site
www.google.com and the sniffing is done with
the login to the website portal.uad.ac.id by
sending the username and password data,
sniffing data is done using the software
Wireshark.
The first configuration on the proxy server is to
enable OpenVPN on the main gateway, by
entering the router configuration using the
Winbox software and then configuring the PPP
(Point to Point Protocol) menu.
Figure 6. Enable OpenVPN
In Figure 6, this OVPN server tab is configured
for the port used, enter the certificate to the
server and choose security or encryption will be
used. After that make a PPP connection to dial
the secret from the OpenVPN client.
Figure 7. Configuring PPP Secret
Figure 7, is a secret PPP configuration that
functions as an identity identifier when the client
dials the connection on the OpenVPN server.
The configuration with the name OpenVPN and
password 12018182, OpenVPN service OVPN
and local IP and remote IP IP later on this
63
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
remote be the IP of the client OpenVPN is
connected.
Figure 8. Static Interface Configuration
In Figure 8, the static interface configuration is
used for the interface when the OpenVPN
connection is formed, here also included user
authentication when a client will connect to the
server. Then proceed with the configuration on
the router client.
Figure 9. Configuring OpenVPN client
In Figure 9, OpenVPN client configuration is
entered the IP address of the server's public IP,
namely 172.10.70.3 then the port used, on the
user and the password is entered with the
appropriate name and password created on the
PPP server secret, then put the certificate client
for authentication to the server.
4.2 Security Analysis Results
Sniffing data on a network of research laboratory
of Informatics UAD sniffing by performing
against the network, the data is then sent in the
form of a username and password from the client
computer. Results of sniffing data before using a
VPN with OpenVPN can be seen in Figure 10.
Figure 10. Results of Sniffing before using OpenVPN
From the results, it can be stated that a network
of research laboratory of Informatics UAD
HTTP to access the web is not secure from
eavesdropping, as can be seen in the username
and password as shown in Figure 10, When the
user performs the authentication to the
address portal.uad.ac.id or 103.19.180.90 with
the username 12018182 and the password
Iqbal12018182. The results are then compared
with sniffing the network against after using a
VPN with OpenVPN.
Figure 11. Results of Sniffing after using OpenVPN
Seen in Figure 11, results of sniffing after using
a VPN with OpenVPN, the username and the
password changed to row characters that can not
be in the know or already in the encryption, so
that the results from data sniffing after using
64
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
VPN with OpenVPN can be said to be safe from
sniffing the network data.
5 CONCLUSION
The level of appropriateness of the use of VPN
with OpenVPN is already quite worthy, this is
due to increased data security than before using a
VPN with OpenVPN, evidenced by the results of
testing the action data sniffing is done using
software Wireshark by sending data in the form
of a username and password, the results obtained
before using OpenVPN username and password
can be seen and detected, then after using
OpenVPN username and password data is not
detected or has been encrypted by the OpenVPN
so it is safe from the action of sniffing data. QoS
measurement results experienced a decline in
network quality with delay parameters rising
from 51.4 ms to 463.4 ms, packet loss rose from
7.8% to 20.2%, throughput dropped from 82.8%
to 71.6%, and bandwidth dropped from 64786.6
bit/s to 55589 bit/s, it is due to the encryption
process and encapsulation that takes time.
REFERENCES
[1] Mains, John, VPNs A Beginners Guide, McGraw
Hill, 2001.
[2] Stallings, William., Data and Computer
Communications, Eighth Edition, Pearson
Education, 2007.
[3] Kristanto, Andi., Computer Network, Graha Ilmu,
Yogyakarta, 2003.
[4] Stallings, William., Cryptography and Network
Security Principle and Practice, 5th Edition, Pearson
Education, 2011.
[5] I. Riadi, Network Security Optimization using
Microtic Based Application Filtering Introduction
Theoretical Basis,” JUSI, Universitas Ahmad Dahlan
Yogyakarta, vol. 1, no. 1, pp. 7180, 2011.
[6] Setiawan, Design and Implementation of Virtual
Private Networks with PPTP Protocol on Cisco
Router 2901 (UNTAN Informatics Engineering case
study), volume 1, JUSTIN, 2016.
[7] Purbo, Onno W., Solution Mesh Network Building
a Mutual Cooperation Wireless Network Without
Access Points, Andi, Yogyakarta, 2013.
[8] Afrianto, Setiawan., Study of Virtual Private
Network as a Data Security System on Computer
Networks, Vol.12, Scientific Magazine UNIKOM,
2013.
[9] I. Riadi, A. Luthfi, and M. Itqan, Live Forensics on
RouterOS using API Services to Investigate Network
Attacks, IJCSIS, vol. 15, no. 2, 2017.
[10] Irwan, Budhi, Computer Network, Graha Ilmu,
Yogyakarta, 2005.
[11] Wahyudi, VPN Server Implementation using
Slackware13 for Computer Network Security,
STMIK Amikom Yogyakarta, 2011.
[12] Ulumuddin, VPN Design and Application Using the
OpenVPN Protocol for Hotspot User
Authentication, Universitas Muhammadiyah
Jember, 2015.
[13] R. Rizal, I. Riadi, Y. Prayudi, Network Forensics
for Detecting Flooding Attack on Internet of Things
(IoT) Device,” SDIWC, 2018.
[14] Supriyono, Application of Virtual Private Network
for data security PT. Mega Tirta Alami, WARTA,
volume 16.
[15] Desti, I. Riadi, “Network Forensics For Detecting
Flooding Attack On Web Server,” IJCSIS, vol. 15,
no. 2, 2017.
[16] A.R. Caesarano, I. Riadi, “Network Forensics for
Detecting SQL Injection Attacks Using NIST
Method,” SDIWC, 2018.
65
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
... Tapi untuk beberapa kasus masih banyak sekali yang menggunakan Internet karena biaya yang lebih murah dibandingkan layanan lain. Dengan adanya Virtual Private Network, dapat menghubungkan jaringan dari suatu lokasi ke lokasi lain melalui jalur internet secara aman dengan enkripsi yang baik [1]. ...
... Ada banyak tipe VPN yang sering digunakan saat ini, tapi penelitian dari [1] membahas tentang keamanan OpenVPN merupakan salah satu yang aman bisa digunakan untuk menghubungkan jaringan kantor pusat dengan kantor cabang. Penelitian dilakukan di Labolatorium Penelitian Teknik Informatika Universitas Ahmad Dahlan. ...
Article
p> Virtual Private Network (VPN) often we found to connect private networks securely through internet. One of the VPN that often we used OpenVPN. OpenVPN was one of the opensource application with high level security and compatible with a lot of operating system. For prevent Single Point of Failure (SPoF) need backup link so VPN still can be accessed when there's one link down. When there's 2 VPN link, we need to loadbalance it to make it optimized. For connect some network, we need routing protocol such as OSPF. Researcher will optimize load balance with two links of VPN with OSPF (Open Shortest Path First) used EVE-NG network simulator. When researcher did the test download file from FTP (File Transfer Protocol) Server with 200Megabyte to client1 and client2 got throughput 0,385 Mbps with 8 minutes 4 second with latency ping 65ms average. And 0,445 Mbps to client2 with duration 7 minutes 58 seconds with latency ping average 63ms. Keywords : OpenVPN; Loadbalance; Failover; Open Shortest Path First, Djikstra Algorithm Abstrak Virtual Private Network (VPN) sering kita jumpai untuk menghubungkan jaringan pribadi secara aman melalui internet. Salah satu VPN yang sering digunakan yaitu OpenVPN . OpenVPN salah satu VPN gratis dengan tingkat keamanan tinggi serta kompatibel banyak Operating System. Untuk menghindari Single Point of Failure (SPoF) perlu adanya jalur backup sehingga vpn bisa diakses jika salah satu ISP terputus. Ketika ada dua jalur VPN supaya lebih optimal maka dibuatkan pembagian beban diantara dua jalur VPN. Untuk menghubungkan jaringan, menggunakan routing OSPF ( Open Shortest Path First ). OSPF dapat mengirimkan paket secara merata di kedua jalur yang berbeda. Peniliti akan mensimulasikan optimisasi pembagian beban 2 jalur VPN menggunakan OSPF di simulator EVE-NG. Pada saat dilakukan download file sebesar 200 Megabyte dari FTP ( File Transfer Protocol ) Server ke client1 dan client2 didapati throughput 0,385 Mbps sekitar 8 menit 4 detik pada client1 dengan ping rata-rata 65ms dan 0,445 Mbps pada client2 dengan waktu 7 menit 58 detik dan ping rata-rata 63ms. Kata Kunci: OpenVPN; Loadbalance; Failover; Open Shortest Path First; Algoritma Djikstra </p
... The expanding dependence on progressed communication in our everyday schedules has increased concerns about protection and namelessness, influencing people and businesses. This developing mindfulness has driven the broad appropriation of virtual private networks (VPNs) to defend individual data and touchy information from inescapable online observation [1]. However, the viability of VPNs in guaranteeing namelessness and circumventing censorship is challenged by advanced reconnaissance procedures by governments, internet service providers (ISPs), and pernicious performing artists (see Figure 1). ...
Article
Full-text available
Due to increased inspection of internet traffic and the pervasive surveillance practices put in place by many organizations, virtual private networks (VPNs) are now frequently used to safeguard online privacy and circumvent censorship. However, existing VPN protocols are susceptible to methods of detection and blockage employed by network administrators, internet service providers, and in certain cases, governments. Stealth protocols and proxying techniques have therefore been presented as potential means of hiding VPN activity and avoiding discovery. Therefore, the purpose of this work is to assess how well stealth protocols and proxying work to hide the use of VPNs using a thorough experimental setup (i.e., evaluate how well-known stealth VPN protocols like Obfsproxy, Shadowsocks, and WireGuard perform against different detection techniques like deep packet inspection (DPI)). Furthermore, examine the effects of using proxy servers in conjunction with VPN connections in order to further obfuscate traffic signatures and improve privacy. The results center on how well various stealth protocols and proxying techniques defy detection attempts, offering insightful information to VPN users and developers. Thus, the outcomes help strengthen censorship resistance and online particularity in keeping pace with the development of monitoring technology. Also, analyze the efficiency of Obfsproxy, Shadowsocks, and WireGuard to provide comprehensive comparisons of current capabilities and potential enhancements. Finally, a discussion for future VPN design is conducted, focusing on the importance of adaptability in keeping secure communication channels among increasingly sophisticated surveillance measures.
... VPN adalah sebuah teknologi komunikasi yang memungkinkan untuk dapat terkoneksi ke jaringan publik dan menggunakannya untuk bergabung dengan jaringan lokal. Gagasan dasar dari pembuatan VPN adalah dimungkinkannya pengiriman data yang sensitif dengan tetap menjaga confidentiality melalui infrastruktur jaringan komunikasi yang terbuka/public [2]. Keamanan data dan enkripsi data dalam teknologi VPN adalah sebagai standar utama dalam penerapannya dengan menyertakan fitur utama yaitu enkripsi dan tunneling [3]. ...
Article
PT Indobinatu Mitra Sejati merupakan perusahaan bidang jasa pelayanan pencucian (laundry), berupa Dry Cleaning dan Wet Cleaning. Perusahaan ini memerlukan sinkronisasi data yang baik untuk kegiatan operasional kantor dan komunikasi data antara kantor pusat dan kantor cabang. Akan tetapi, terdapat kendala berupa belum terhubung nya kantor pusat dengan kantor cabang, sehingga dalam proses pertukaran data masih menggunakan e-mail yang memiliki batasan ukuran file. Disamping itu terdapat potensi kelemahan keamanan selama transmisi data melalui jaringan publik, dan juga kesalahan dalam aplikasi perusahaan yang tidak bisa langsung di tangani karena pemilik berada di kantor pusat. Untuk itu, perlu dirancang sebuah jaringan Virtual Private Network (VPN) dengan Point to Point Tunneling Protocol (PPTP) yang dapat menghubungkan jaringan kantor pusat dengan kantor cabang. Dengan tetap memanfaatkan IP Publik diharapkan pertukaran data dapat dilakukan dengan mudah, aman dan efisien dengan adanya autentikasi pengguna, enkripsi dan juga enkapulasi pada setiap data yang di transmisikan di dalam jaringan. Dengan penggunaan jaringan VPN ini pengguna juga dapat memanfaatkan jaringan publik dalam mengakses data di kantor cabang dari kantor pusat atau bahkan dari rumah dengan menggunakan perangkat pribadi.
... The virtual private network (VPN) be it the service or client that were used for this experiment are as follows (Karaymeh et. al, 2019), (Iqbal & Riadi, 2019): ...
Article
Full-text available
In the current millennium, human society has immensely improved its ability to obtain and distribute information. This change on the other hand, has caused the majority of daily routines to actively involve the usage of computers and mobile devices, which in turn has made people rely heavily on the availability of internet access. This fact was taken advantage of, causing a massive increase in public networks by people or businesses to draw in customers or just as simple public service. This increase gives both ease and risks which this paper will address, specifically on the security measures in network devices that are nearby, and the solution proposed to provide complementary insight on securing the technologies. The authors of this paper supply the main point of the research through experimental efforts i.e., by testing the solution in a real-life scenario. The solution itself involves the configuration of a Raspberry Pi into a VPN server and rerouting all traffic into the Raspberry server so that it will be encrypted and safe from the dangers that will be mentioned in later parts of this paper. The result of the experiment shows that the proposed solution can successfully encrypt the targeted packet so it can’t be read by malicious attackers. Although the solution works it can’t be simply applied to every public network due to internet connection protocols and its inconvenience. Future research will involve the improvement or rework of the solution until the issues mentioned above are solved.
Article
Full-text available
Federated learning (FL) is a popular method where edge devices work together to train machine learning models. This study introduces an efficient network for analyzing healthcare records. It uses VPN technology and applies a federated learning approach over a wireless backhaul network. The study compares different wireless backhaul channels, including terahertz (THz), E/V band (mmWave), and microwave, for their effectiveness. We looked closely at a suggested FL network that uses VPN technology over awireless backhaul network. We compared it with the standard method and found that using the FedAvg algorithm with Terahertz (THz) for communication gave the best accuracy. The time it took to reach a conclusion improved a lot, going from 55 seconds to an impressive 38 seconds. This emphasizes how having a faster communication link makes FL networks work much better. Furthermore, a three-step plan was executed to boost security, adopting a multi-layered method to safeguard the FL network and its confidential data. The first step involves integrating a private network into the current telecom infrastructure, establishing an initial layer of security. To enhance security further, licensed frequency channels are introduced, providing an extra layer of protection. The highest level of security is achieved by combining a private network with licensed frequency channels, complemented by an additional layer of security through VPN-based measures. This comprehensive strategy ensures the application of strong security protocols.
Article
This paper investigates possible threats and risks to information security arising from the use of VPN products. A combined methodology for assessing the security of VPN products is pro-posed, which includes the IMECA (Intrusion Modes and Effects Criticality Analysis) method, as well as some so-called static and dynamic methods. This allows you to make an informed choice of a VPN product for secure Internet use, taking into account your personal prefer-ences. The combined vulnerability analysis methodology involves determining the criticality of threats, taking into account the likelihood of their occurrence and implementation, as well as the severity of the consequences. Based on the results of the analysis, the choice of appropri-ate countermeasures in the form of VPN product features to minimize risks and increase the security of their users is substantiated. The practical significance of the results for improving cybersecurity is determined. The article is based on a study of the features of VPN products and proposes a new approach that includes IMEСA and experimental methods.
Article
Full-text available
SQL Injection is a technique to exploit web applications that use the database as data storage. By being able to influence what will be forwarded to the database, the attacker can exploit the syntax and capabilities of SQL, as well as the power and flexibility to support database operation functions and available system functionality to the database. The purpose of this study is that Snort IDS that can detect SQL Injection attacks produces logs that can provide information about attackers and attack notifications in real time using email. The subjects in this study are building a webserver network system using Snort IDS to detect SQL Injection attacks. The method used is NIST 800-30, where there are 9 important stages in risk assessment. Data collection methods in this study are observation and literature study. The research stage is the stage of doing a case simulation to try to implement Snort in detecting intrusions or attacks, where there are 5 stages of research namely vulnerability testing, attack scenario, snort configuration, data collection, and analysis stage. The results of this study are a webserver system development using Snort IDS for SQL Injection attack detection systems and real time attack notifications using email.
Article
Full-text available
Network Forensics are complicated and worth studying. One of the interesting parts of the network is a router that manages all connection for all logical network activity. On network forensics, we need traffic log to analyze the activity of any computer connected to the network in purpose to know what hackers do. In another hand, not all information can get from traffic log if the network didn't save the network sniffing. Thus this case need find other resources like router information. To access information on the router like RouterOS on Mikrotik devices, can maintain some data using API to remote access the router remotely. The purpose of this paper is to explore how to do a forensics of RouterOS based Mikrotik devices and developing a remote application to extract router data using API services. As a result, acquisition process could obtain some valuable data from the router as digital evidence to explore information of network's attacks activity.
VPNs A Beginners Guide
  • John Mains
Mains, John, "VPNs A Beginners Guide," McGraw Hill, 2001.
Network Security Optimization using Microtic Based Application Filtering Introduction Theoretical Basis
  • I Riadi
I. Riadi, "Network Security Optimization using Microtic Based Application Filtering Introduction Theoretical Basis," JUSI, Universitas Ahmad Dahlan Yogyakarta, vol. 1, no. 1, pp. 71-80, 2011.
Design and Implementation of Virtual Private Networks with PPTP Protocol on Cisco Router 2901 (UNTAN Informatics Engineering case study)
  • Setiawan
Setiawan, "Design and Implementation of Virtual Private Networks with PPTP Protocol on Cisco Router 2901 (UNTAN Informatics Engineering case study)," volume 1, JUSTIN, 2016.
Solution Mesh Network Building a Mutual Cooperation Wireless Network Without Access Points
  • Onno W Purbo
Purbo, Onno W., "Solution Mesh Network Building a Mutual Cooperation Wireless Network Without Access Points," Andi, Yogyakarta, 2013.
Study of Virtual Private Network as a Data Security System on Computer Networks
  • Setiawan Afrianto
Afrianto, Setiawan., "Study of Virtual Private Network as a Data Security System on Computer Networks," Vol.12, Scientific Magazine UNIKOM, 2013.
VPN Server Implementation using Slackware13 for Computer Network Security
  • Wahyudi
Wahyudi, "VPN Server Implementation using Slackware13 for Computer Network Security," STMIK Amikom Yogyakarta, 2011.