ArticlePDF Available

Analysis of Security Virtual Private Network (VPN) Using OpenVPN

Authors:

Abstract and Figures

Data transmission on the network of Informatics Engineering Research Laboratory Universitas Ahmad Dahlan using an unsecured public internet network, in order to be able to access the network from crossing actions and search for data traffic. One solution that can be done is with Virtual Private Network techniques using OpenVPN in learning networks. This research describes attempts to make a Virtual Private Network using the OpenVPN network design in the research laboratory of Informatics Universitas Ahmad Dahlan and how big the level of security. The results of implementing Virtual Private Network using OpenVPN is that the attempt gives a positive result, this is evidenced by the sniffing of data that cannot detect the username and password sent. Quality of Service measurement results experienced a decline in network quality with delay parameters rising from 51.4 ms to 463.4 ms, packet loss rose from 7.8% to 20.2%, throughput dropped from 82.8% to 71.6%, and bandwidth dropped from 64786.6 bit/s to 55589 bit/s, it is due to the encryption process and encapsulation that takes time.
Content may be subject to copyright.
Analysis of Security Virtual Private Network (VPN) Using OpenVPN
Muhammad Iqbal1, Imam Riadi2
1Department of Informatics, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
2Department of Information System, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
(muhammad12018182@webmail.uad.ac.id, imam.riadi@is.uad.ac.id)
ABSTRACT
Data transmission on the network of Informatics
Engineering Research Laboratory Universitas Ahmad
Dahlan using an unsecured public internet network,
in order to be able to access the network from
crossing actions and search for data traffic. One
solution that can be done is with Virtual Private
Network techniques using OpenVPN in learning
networks. This research describes attempts to make a
Virtual Private Network using the OpenVPN network
design in the research laboratory of
Informatics Universitas Ahmad Dahlan and how big
the level of security. The results of implementing
Virtual Private Network using OpenVPN is that the
attempt gives a positive result, this is evidenced by
the sniffing of data that cannot detect the username
and password sent. Quality of Service measurement
results experienced a decline in network quality with
delay parameters rising from 51.4 ms to 463.4 ms,
packet loss rose from 7.8% to 20.2%, throughput
dropped from 82.8% to 71.6%, and bandwidth
dropped from 64786.6 bit/s to 55589 bit/s, it is due to
the encryption process and encapsulation that takes
time.
Keywords:
OpenVPN, Mikrotik, Analysis, Security, QoS.
1 INTRODUCTION
Informatics research laboratory of Universitas
Ahmad Dahlan (UAD) which can be used for
students to conduct research primarily in the
field of the internet network, and research in the
lab, lots of data are not allowed to be published
and confidential, but nowadays the available
networks in research laboratory have not
completely safe from the action of tapping the
data so that it gave rise to fears of impending
attack by the attacker who can intercept this data
from outside the area over a network the
Internet. Therefore research laboratory needs a
security system can protect data from the action
of hacking and data-sniffing by using Virtual
Private Network (VPN) with OpenVPN.
The basic idea of a private network VPN can be
used as an advantage of an open communications
network infrastructure. A VPN is needed to
specify a certainty that the confidentiality of
sensitive data can be kept transmitted on the
network a Local Area Network (LAN) or
workable so that only authorized users are able
to access sensitive data. The VPN system
integrated into the communication system is able
to realize security is very high, so as to guarantee
a secure VPN that has been realized by the use
of encryption and decryption.
The advantage of a VPN using the OpenVPN is
a local chain owned will be wide, the time it
takes to connect the local network to other places
also getting faster. Reduces operational costs
when compared with the use of a leased line as a
traditional way to implement WAN. A VPN can
reduce the cost of making the network because it
does not require wires (leased line). Increase
scalability as well as giving ease to be accessed
from anywhere because a VPN to connect to the
internet (Remote Access). OpenVPN uses the
mechanism of Secure Sockets Layer/Transport
Layer Security (SSL/TLS), SSL/TLS uses one of
the best encryption methods namely asymmetric
encryption. On asymmetric encryption, each
server and client has 2 keys, namely public key
and private key.
58
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
Results of the network observation in this
research laboratory are not using VPN so for the
security of data sent and received is not fully
safe from assault and tapping. According to a
study of the literature, that the network security
and data transfer security method can use VPN,
therefore the author analyzes the network
security and Quality of Service (QoS) from the
VPN using the OpenVPN and analyze the level
of eligibility OpenVPN's security itself.
2 BASIC THEORY
2.1 Computer Network
Computer networks there are a variety of the
following types of computer network based on
scope. The scope here is how big the computer
network will be built. Based on spaces in scope,
a computer network can be distinguished into
three, namely [1] :
a) Local Area Network (LAN), is a computer
network which is built in the room a small
scope as a single building or group of
buildings. LAN is built in a limited scope
and usually owned by organizations that
already have the devices installed. An
internal data rate of the LAN is usually much
greater than the WAN.
b) Wireless Networks, are widely used in
environmental business. Wireless technology
is also common for both large areas of voice
and data network networks. It gives the
advantage in the field of wireless mobility
and ease of installation and configuration for
its users.
c) Wide Area Network (WAN), is a network
that covers a large geographic area requires
delimiters and rely at least partly on the
circuit provided by public operators.
Typically, a WAN consists of a number of
switching node interconnects. A transmission
from one of the devices is channeled through
the internal node to the device purpose. This
node (including node limit) does not affect
the contents of the data, their goal was to
provide a switching facility will move data
from node to node until they reach their
destination. Traditionally, WAN has been
implemented using one of the two
technologies: circuit switching and packet
switching. Recently, frame relay and ATM
networks have assumed the lead role which
uses it [2].
2.2 Virtual Private Network
Virtual Private Network (VPN) is a computer
network where connections between its nodes
utilize public networks (internet/WAN) as it may
be in certain cases or conditions do not allow it
to build its own infrastructure. When the
Connect VPN, the interconnection between the
node such as an independent network that has
actually created a special line pass through
connection or a public network. At every
company site, workstations, servers, and
databases connected by one or more local area
network (LAN) a LAN is under the control of
the network manager and can be configured and
tuned for cost-effective. The Internet or other
public networks can be used to connect the sites,
provide cost savings over the use of private
networks and reduction of the burden of wide
area network traffic to providers of public
networks [2].
2.3 Types of VPN Implementations
On the implementation, there are two types of
VPN, namely Remote Access VPN and Site to
Site VPN [2].
a) Remote access VPN
Figure 1. Remote access VPN
Figure 1 is Remote access VPN, Remote access
VPN also called Virtual dial-up Network
59
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
(VPDN). VPDN is a type of user-to-LAN
connection, the connection that connects a
mobile user with a Local Area Network (LAN).
This means that the user can access the private
network from anywhere. Usually, this VPDN
utilized by employees who are out of the Office
and require a connection to the Office network
of the company. Usually, companies that want to
make this type of VPN network will work
closely with Enterprise Service Provider (ESP).
ESP will provide a Network Access Server
(NAS) for the company. ESP will also provide
special software to computers used by
employees of the company[2].
b) Site-to-site VPN
Site-to-site VPN used to connect various areas
that already fixed or fixed, this device utilizing a
dedicated VPN are connected through the
internet. Site-to-site VPN is divided into two,
namely, extranet and intranet. An intranet that is
where VPN is used only to connect various
locations that are still one agency or one
company. Like the Central Office is connected to
the Branch Office. In other words, administrative
control in control. While the extranet is where
VPN is used to connect the company with other
companies, such as partners, suppliers, or
customers. In other words, administrative control
is under the control of some of the relevant
agencies.
2.4 Network Security
The security of computer networks is defined as
a protection of resources against the efforts of
change and destruction caused by someone who
is not allowed, there are two things that are
related to the security and confidentiality of data
in computer networks namely representation of
the data and data compression, which was later
associated with the issue of encryption [3].
The security of computer networks namely the
protection afforded to the automatic information
system to achieve the goal, namely maintaining
the availability, integrity, and confidentiality [4].
CIA triad can be seen in Figure 2.
Figure 2. CIA Triad
a. Availability
Availability means the system can ensure
that the system works well and the service is
not denied to users who are authorized. then
ensure proper access and can be trusted to
use the information. Loss of availability is
the disruption of access to the use of
information or information systems [4].
b. Confidentiality
Confidentiality means ensuring that personal
or confidential information can not be
accessed or used by another user or not on
show to unauthorized users. Can then
guarantee that user information can control
information associated with the user as can
be gathered and given to anyone. Then keep
the limitations of authority information
access such as protect personal privacy and
the information that matters.
c. Integrity
Ensure that the information and the program
can be changed only in a certain way and
with full authority to the user. Ensure that the
system functions as requested by users, there
is no willful and intentional to manipulate the
system. Then be able to guard against
improper information modification or
destruction, including ensuring the
authenticity of the data.
2.5 Mikrotik RouterOS
Mikrotik on standards-based hardware Personal
Computer (PC) known for their stability, quality
control and flexibility for different types of data
packets and handling of these processes
(routing). Mikrotik created as a router-based
60
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
computer much benefit for an ISP that wants to
run multiple applications ranging from the
lightest to advance. In addition to routing,
Mikrotik can be used as a management access
capacity, bandwidth control, firewall, hotspot
system, Virtual Private Network server and
much more [5].
Mikrotik began to be established in 1995 that
was originally intended for the company's
Internet service (Internet Service Provider, ISP).
Currently, MikroTik provides services to many
wireless ISPs for Internet access services in
many countries around the world and also very
popular in Indonesia [6].
2.6 OpenVPN
OpenVPN is an open source application for
Virtual Private Networking (VPN), where the
application can create a connection point to point
tunnel that has been encrypted. OpenVPN using
private keys, certificate, or username or
password to perform authentication in building
connections. Where to use OpenSSL encryption
[7].
a. Layer 2 and Layer 3 VPN.
OpenVPN offers two basic modes, which
operates as both a VPN layer 2 or layer 3
tunnel so that OpenVPN can also run on
Ethernet Frames, IPX packets and Windows
Network (NETBIOS) Packet Browsing, all
of which is a problem in the VPN solution
[7].
b. Protecting field workers with the internal
firewall.
Users who connect to the VPN Server will
make the tunnel and turn the laptop/computer
network settings, so that network traffic is
sent through the tunnel. If the tunnel is
established then the firewall from the VPN
Server will be able to protect your
laptop/computer connected, even though it is
not the local machine.
c. OpenVPN connections can be tunneled
through almost every firewall tunnel.
OpenVPN can work on sites that use HTTPS
protocol.
d. Proxy support and configuration.
OpenVPN has proxy support and can be
configured to run as a service and TCP or
UDP as server or client. As the OpenVPN
server, just wait until the client connection
requests, while as a client, it tries to make the
connection that corresponds to the
configuration.
e. Only one port in the firewall must be opened
to allow incoming connections.
Since the OpenVPN 2.0, a special server
mode allows connection of multiple
incoming TCP or UDP port of the same,
while still using a different configuration for
every single connection.
f. Virtual interfaces allow very specific
networking and firewall rules.
All regulations, restrictions, and forwarding
mechanisms concepts like NAT can be used
with OpenVPN tunnel.
g. High flexibility with extensive scripting
possibilities.
OpenVPN offers many starting points for
individual scripts. This script can be used for
a variety of purposes from authentication to
failover or more.
h. Transparent, high-performance support for
dynamic IPs.
OpenVPN no longer needs to use static IP'S
on both sides of the tunnel. The second point
is the end of the tunnel can have cheap DSL,
access with dynamic IP users will rarely see
the IP changes on both sides. the second
session is the Windows Terminal Server and
the Secure Shell (SSH) will only be "hang"
for a few seconds, but it will not stop the
requested demand after a brief pause.
i. No problems with NAT.
Both the OpenVPN server and clients can be
in a network that uses private IP addresses
only. Any firewall can be used to send traffic
to another tunnel.
j. Simple installation on any platform.
61
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
Both installation and usage are very simple.
Especially, if you've tried to set up IPsec
connections with different implementations.
k. Modular design.
Modular design with a high degree of
simplicity both in security and networking.
There are no other VPN solutions that can
offer different possibilities on the same
security level.
3 RESEARCH METHOD
3.1 Method Of Data Collection
Data collection was conducted to obtain data or
documents required in the research. Methods
undertaken in this research are:
a. Literature Method
This method is done by means of the study of
literature by reading and comparing the books,
journals, and papers on Virtual Private Network,
OpenVPN, sniffing Internet, and related articles.
b. Observation Method
This method is done by Observation or
research directed towards the object being
examined, with UAD research laboratory
experimenting with network security against
sniffing, then provide solutions for prevention
use the new security system.
3.2 Design
The process of designing this system needed a
structured scenario. To simplify the process of
designing the implementation of required
network topology and flowchart to help in
understanding the process of designing an
OpenVPN to be made. As for the topology of
VPN using OpenVPN using two Mikrotik
routers to connect between the server and the
client.
Figure 3. OpenVPN Network Topology
Figure 3 Is an OpenVPN Topology design,
OpenVPN server located in research laboratory
associated with Mikrotik router by taking an
existing internet access, and then in the
configuration of Mikrotik router to a client and
also take the internet available in research
laboratory, in this topology using the IP Public
Server 172.10.70.3/24 and Client 172.10.70.2/24
and the IP OpenVPN Server 10.100.100.1/32
and Client 10.100.100.2/32.
3.3 Testing System
Testing of the system will be done by conducting
an analysis of the QoS on the VPN network that
includes Throughput, Packet loss, Delay, and
Bandwidth, then conducted Security Test for
linking among servers with a user for sharing
data using VPN. To test security can be done an
assault by sniffing the data using tools of
Wireshark.
Figure 4. QoS analysis flowchart
Figure 4, is the flowchart in the analysis of the
QoS, using Software Tools, namely Axance Net
Tools to measure Delay, Packet lost, Throughput
62
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
and Bandwidth on the internet network Research
Laboratory. The principle of work is to connect
first to a network that will be the measure after
that start the analysis with time, then note down
the measurement results with the specified
parameters.
Figure 5. Attack Scenarios
In Figure 5, Assault scenario by using the tools
of Wireshark, which an attacker can place his
position in two machines communicate with
each other, then the attacker will perform the
action of sniffing data, and later in the analysis
to get the difference between when OpenVPN is
attacked and not attacked.
4 RESULTS AND DISCUSSION
4.1 Creation of OpenVPN
Creation of VPN with OpenVPN network of
informatics research laboratory UAD after doing
research on QoS and security network from
sniffing action and known to the preliminary
results of the parameter delay, packet loss,
throughput, and bandwidth on the site
www.google.com and the sniffing is done with
the login to the website portal.uad.ac.id by
sending the username and password data,
sniffing data is done using the software
Wireshark.
The first configuration on the proxy server is to
enable OpenVPN on the main gateway, by
entering the router configuration using the
Winbox software and then configuring the PPP
(Point to Point Protocol) menu.
Figure 6. Enable OpenVPN
In Figure 6, this OVPN server tab is configured
for the port used, enter the certificate to the
server and choose security or encryption will be
used. After that make a PPP connection to dial
the secret from the OpenVPN client.
Figure 7. Configuring PPP Secret
Figure 7, is a secret PPP configuration that
functions as an identity identifier when the client
dials the connection on the OpenVPN server.
The configuration with the name OpenVPN and
password 12018182, OpenVPN service OVPN
and local IP and remote IP IP later on this
63
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
remote be the IP of the client OpenVPN is
connected.
Figure 8. Static Interface Configuration
In Figure 8, the static interface configuration is
used for the interface when the OpenVPN
connection is formed, here also included user
authentication when a client will connect to the
server. Then proceed with the configuration on
the router client.
Figure 9. Configuring OpenVPN client
In Figure 9, OpenVPN client configuration is
entered the IP address of the server's public IP,
namely 172.10.70.3 then the port used, on the
user and the password is entered with the
appropriate name and password created on the
PPP server secret, then put the certificate client
for authentication to the server.
4.2 Security Analysis Results
Sniffing data on a network of research laboratory
of Informatics UAD sniffing by performing
against the network, the data is then sent in the
form of a username and password from the client
computer. Results of sniffing data before using a
VPN with OpenVPN can be seen in Figure 10.
Figure 10. Results of Sniffing before using OpenVPN
From the results, it can be stated that a network
of research laboratory of Informatics UAD
HTTP to access the web is not secure from
eavesdropping, as can be seen in the username
and password as shown in Figure 10, When the
user performs the authentication to the
address portal.uad.ac.id or 103.19.180.90 with
the username 12018182 and the password
Iqbal12018182. The results are then compared
with sniffing the network against after using a
VPN with OpenVPN.
Figure 11. Results of Sniffing after using OpenVPN
Seen in Figure 11, results of sniffing after using
a VPN with OpenVPN, the username and the
password changed to row characters that can not
be in the know or already in the encryption, so
that the results from data sniffing after using
64
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
VPN with OpenVPN can be said to be safe from
sniffing the network data.
5 CONCLUSION
The level of appropriateness of the use of VPN
with OpenVPN is already quite worthy, this is
due to increased data security than before using a
VPN with OpenVPN, evidenced by the results of
testing the action data sniffing is done using
software Wireshark by sending data in the form
of a username and password, the results obtained
before using OpenVPN username and password
can be seen and detected, then after using
OpenVPN username and password data is not
detected or has been encrypted by the OpenVPN
so it is safe from the action of sniffing data. QoS
measurement results experienced a decline in
network quality with delay parameters rising
from 51.4 ms to 463.4 ms, packet loss rose from
7.8% to 20.2%, throughput dropped from 82.8%
to 71.6%, and bandwidth dropped from 64786.6
bit/s to 55589 bit/s, it is due to the encryption
process and encapsulation that takes time.
REFERENCES
[1] Mains, John, VPNs A Beginners Guide, McGraw
Hill, 2001.
[2] Stallings, William., Data and Computer
Communications, Eighth Edition, Pearson
Education, 2007.
[3] Kristanto, Andi., Computer Network, Graha Ilmu,
Yogyakarta, 2003.
[4] Stallings, William., Cryptography and Network
Security Principle and Practice, 5th Edition, Pearson
Education, 2011.
[5] I. Riadi, Network Security Optimization using
Microtic Based Application Filtering Introduction
Theoretical Basis,” JUSI, Universitas Ahmad Dahlan
Yogyakarta, vol. 1, no. 1, pp. 7180, 2011.
[6] Setiawan, Design and Implementation of Virtual
Private Networks with PPTP Protocol on Cisco
Router 2901 (UNTAN Informatics Engineering case
study), volume 1, JUSTIN, 2016.
[7] Purbo, Onno W., Solution Mesh Network Building
a Mutual Cooperation Wireless Network Without
Access Points, Andi, Yogyakarta, 2013.
[8] Afrianto, Setiawan., Study of Virtual Private
Network as a Data Security System on Computer
Networks, Vol.12, Scientific Magazine UNIKOM,
2013.
[9] I. Riadi, A. Luthfi, and M. Itqan, Live Forensics on
RouterOS using API Services to Investigate Network
Attacks, IJCSIS, vol. 15, no. 2, 2017.
[10] Irwan, Budhi, Computer Network, Graha Ilmu,
Yogyakarta, 2005.
[11] Wahyudi, VPN Server Implementation using
Slackware13 for Computer Network Security,
STMIK Amikom Yogyakarta, 2011.
[12] Ulumuddin, VPN Design and Application Using the
OpenVPN Protocol for Hotspot User
Authentication, Universitas Muhammadiyah
Jember, 2015.
[13] R. Rizal, I. Riadi, Y. Prayudi, Network Forensics
for Detecting Flooding Attack on Internet of Things
(IoT) Device,” SDIWC, 2018.
[14] Supriyono, Application of Virtual Private Network
for data security PT. Mega Tirta Alami, WARTA,
volume 16.
[15] Desti, I. Riadi, “Network Forensics For Detecting
Flooding Attack On Web Server,” IJCSIS, vol. 15,
no. 2, 2017.
[16] A.R. Caesarano, I. Riadi, “Network Forensics for
Detecting SQL Injection Attacks Using NIST
Method,” SDIWC, 2018.
65
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 58-65
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
... Institutions and libraries must enforce high level of encryption in using VPN as the top priority, before making VPN the pathway in accessing the subscribed data sources for access to the users. Iqbal and Riadi (2019) ...
... VPNs security can be enhanced by integrating the firewall with complex intrusion detection or prevention systems. Intrusion detection systems contain hardware/software that analyse traffic to and from a network [29][30][31]. They present alerts and log files if there is any suspected malicious activity in the network; storing these in databases for future reference. ...
Preprint
Full-text available
The recent COVID-19 pandemic has showcased the implications of using virtual private networks (VPNs) as home-working is now common. Establishing the current state of knowledge on VPNs and their processes is vital. This corroborates an up to date understanding on the fundamentals of VPNs and their usage in today’s society; it informs on how to better use VPNs too. Insight into the security issues VPNs face and possible solutions to these allows for the identification of gaps for potential future research. Addressing these gaps would then indicate how to further improve VPNs, making sure VPNs are indeed beneficial to users.
... Virtual Private Network (VPN) adalah jaringan komputer yang koneksi antar node-nya dengan memanfaatkan jaringan publik (internet/WAN) [11]. Teknologi VPN memungkinkan setiap orang untuk mengakses jaringan lokal dari luar melalui Internet. ...
Article
Kresna-Hotspot merupakan usaha yang menyediakan layanan RT/RW Net dalam ruang lingkup perumahan. Layanan Kresna-Hotspot menjual voucher internet berupa user dan password login yang disesuaikan dengan kebutuhan pelanggan. Penjualan voucher internet pada Kresna-Hotspot masih dilakukan secara manual yaitu pelanggan datang langsung ke tempat penyedia layanan untuk membeli voucher, kemudian pemilik usaha Kresna-Hotspot yang bertindak sebagai administrator jaringan akan membuatkan voucher internet tersebut melalui aplikasi Mikhmon Desktop. Mekanisme pelayanan yang sudah berjalan pada usaha Kresna-Hotspot tersebut masih kurang efisien, karena pelanggan harus datang langsung ke tempat layanan Kresna-Hotspot untuk membeli voucher. Permasalahan akan muncul ketika pelaku usaha Kresna-Hotspot sebagai admin memiliki kesibukan di luar kota, sehingga tidak mempunyai waktu untuk memberikan voucher dan membuatkan voucher tersebut. Berdasarkan permasalahan tersebut penelitian ini mengembangkan sebuah sistem aplikasi android untuk membantu pelayanan penjualan voucher hotspot pada mikrotik. Implementasi aplikasi pada layanan Kresna-Hotspot dinilai berhasil berdasarkan metode analisis User Acceptance Testing (UAT).
... Only users having the password and salt of a channel can read messages exchanged in that channel, and it is also assumed that user equipment is secure in a way that the used services do not collude or pursue user reidentification based on their access patterns or IP address (such as a non-rooted phone). Aside from using multiple services, users can also rely on Virtual Private Network (VPN) [48][49][50][51][52] services or a custom-built service on the TOR [53] network to enhance user anonymity. Furthermore, the Exchangeable Image File Format (EXIF) data is removed from all images used so that no location data, for instance, is left. ...
Article
Full-text available
Messaging services are usually provided within social network platforms and allow these platforms to collect additional information about users, such as what time, for how long, with whom, and where a user communicates. This information allows the identification of users and is available to the messaging service provider even when communication is encrypted end-to-end. Thus, a gap still exists for alternative messaging services that enable anonymous and confidential communication and that are independent of a specific online service. Online services can still be used to support this messaging service, but in a way that enables users to communicate anonymously and without the knowledge and scrutiny of the online services. In this paper, we propose messaging using steganography and online services to support anonymous and confidential communication. In the proposed messaging service, only the sender and the receiver are aware of the existence of the exchanged data, even if the online services used or other third parties have access to the exchanged secret data containers. This work reviews the viability of using existing online services to support the proposed messaging service. Moreover, a proof-of-concept of the proposed message service is implemented and tested using two online services acting as proxies in the exchange of encrypted information disguised within images and links to those images. The obtained results confirm the viability of such a messaging service.
Article
Purpose The aim of this study is to investigate the benefits and weaknesses of OpenVPN to access Osiris. Design/methodology/approach This study uses a case study approach to describe a phenomenon. The data collected from observation of the real-world environment. Findings The benefits of OpenVPN are the following: librarian can access the Osiris and other resources remotely and safely; OpenVPN protects the connection when accessing the Osiris; and librarian can also manage Osiris systems easily to control access, monitoring the users efficiently. However, there are some drawbacks of OpenVPN, such as network infrastructure dependency, require stabile internet connection, configuration complexity, to arrange and configurate OpenVPN needs skills and knowledge on the related field, data protection and security breach. Originality/value The originality of this study is the use of OpenVPN to access Osiris that is managed by library. There are some variables to determine the benefits and drawbacks of the OpenVPN such as managing access, data security and efficiency. This study gives an original contribution to the use of OpenVPN in academic libraries.
Article
Full-text available
Network security is still a big concern in data exchange because it involves users' data privacy. There are several ways to secure data exchange on the internet. One of them uses a Virtual Private Network (VPN), which functions as a tunnel in the public internet that securely connects users to the local network. This research will analyze the performance of the OpenVPN IPv4 and IPv6 protocols. The method used to determine the performance results is based on the QoS parameters. The performance analysis results obtained are throughput OpenVPN IPv6 is better, namely 198.155 Kbps on ICMP data packets, 35.704 Kbps on FTP data packets, and 17.698 on TCP data packets. The delay value of OpenVPN in IPv4 is superior, namely 1.4s for ICMP data packets, and on IPv6, FTP data packages are superior with 0.1s. Jitter values indicate OpenVPN IPv6 is better with similar results. Packet loss values on OpenVPN for both IPv4 and IPv6 protocols are 0%. Based on these results, throughput IPv6 OpenVPN on ICMP data packets and delay on FTP data packets is better than IPv4 OpenVPN.
Article
Full-text available
-It is a well-known fact that consumers may gain significant benefits from the effective use of IoT in pandemic and post-pandemic settings. Security vulnerabilities can be seen in the ever-increasing Internet of Things (IoT) ecosystem from cloud to edge, which is crucial to note in this particular circumstance. Most merchants, even luxury stores, have failed to implement robust IoT cyber security procedures. Therefore, the researchers sought to put forth secondary research methodologies to bring forward efficient scrutiny regarding this particular issue to properly comprehend the influence of IoT in various devices, including a smartwatch, power displaying metre, brilliant weight showing gadgets and many more. The secondary research approach allowed the researchers to collect a large quantity of data quickly, acquiring a wide range of possible solutions for security and privacy issues in Consumer IoT (CIoT) devices. Secondary research also will enable scholars to compare and contrast several papers' philosophies and research findings to get a quick conclusion. To gather information, the researchers used publications and the internet efficiently. In this situation, it helped to save a significant amount of time. Findings suggested that vulnerabilities occur in smart IoT gadgets, including the intelligent power consumption metre and brilliant weight displaying widget, due to their low-standard and conventional security system. Thus, this paper has suggested possible solutions to protect IoT devices against phishing and theft attacks. General Terms: Technology Acceptance Framework, CENTRON Smart Metre.
Article
Full-text available
SQL Injection is a technique to exploit web applications that use the database as data storage. By being able to influence what will be forwarded to the database, the attacker can exploit the syntax and capabilities of SQL, as well as the power and flexibility to support database operation functions and available system functionality to the database. The purpose of this study is that Snort IDS that can detect SQL Injection attacks produces logs that can provide information about attackers and attack notifications in real time using email. The subjects in this study are building a webserver network system using Snort IDS to detect SQL Injection attacks. The method used is NIST 800-30, where there are 9 important stages in risk assessment. Data collection methods in this study are observation and literature study. The research stage is the stage of doing a case simulation to try to implement Snort in detecting intrusions or attacks, where there are 5 stages of research namely vulnerability testing, attack scenario, snort configuration, data collection, and analysis stage. The results of this study are a webserver system development using Snort IDS for SQL Injection attack detection systems and real time attack notifications using email.
Article
Full-text available
Network Forensics are complicated and worth studying. One of the interesting parts of the network is a router that manages all connection for all logical network activity. On network forensics, we need traffic log to analyze the activity of any computer connected to the network in purpose to know what hackers do. In another hand, not all information can get from traffic log if the network didn't save the network sniffing. Thus this case need find other resources like router information. To access information on the router like RouterOS on Mikrotik devices, can maintain some data using API to remote access the router remotely. The purpose of this paper is to explore how to do a forensics of RouterOS based Mikrotik devices and developing a remote application to extract router data using API services. As a result, acquisition process could obtain some valuable data from the router as digital evidence to explore information of network's attacks activity.
VPNs A Beginners Guide
  • John Mains
Mains, John, "VPNs A Beginners Guide," McGraw Hill, 2001.
Network Security Optimization using Microtic Based Application Filtering Introduction Theoretical Basis
  • I Riadi
I. Riadi, "Network Security Optimization using Microtic Based Application Filtering Introduction Theoretical Basis," JUSI, Universitas Ahmad Dahlan Yogyakarta, vol. 1, no. 1, pp. 71-80, 2011.
Design and Implementation of Virtual Private Networks with PPTP Protocol on Cisco Router 2901 (UNTAN Informatics Engineering case study)
  • Setiawan
Setiawan, "Design and Implementation of Virtual Private Networks with PPTP Protocol on Cisco Router 2901 (UNTAN Informatics Engineering case study)," volume 1, JUSTIN, 2016.
Solution Mesh Network Building a Mutual Cooperation Wireless Network Without Access Points
  • Onno W Purbo
Purbo, Onno W., "Solution Mesh Network Building a Mutual Cooperation Wireless Network Without Access Points," Andi, Yogyakarta, 2013.
Study of Virtual Private Network as a Data Security System on Computer Networks
  • Setiawan Afrianto
Afrianto, Setiawan., "Study of Virtual Private Network as a Data Security System on Computer Networks," Vol.12, Scientific Magazine UNIKOM, 2013.
VPN Server Implementation using Slackware13 for Computer Network Security
  • Wahyudi
Wahyudi, "VPN Server Implementation using Slackware13 for Computer Network Security," STMIK Amikom Yogyakarta, 2011.