Implementasi Zero Trust Architecture untuk Meningkatkan Keamanan Jaringan: Pendekatan Berbasis Simulasi

Yudhi Kusnanto
Muhammad Agung Nugroho
Rikie Kartadie - [ http://orcid.org/0000-0003-1947-353X ]


DOI: https://doi.org/10.29100/jipi.v9i4.6943

Abstract


Penelitian ini mengeksplorasi penerapan Zero Trust Architecture (ZTA) sebagai pendekatan keamanan untuk mengatasi tantangan keamanan jaringan yang dihadapi oleh perusahaan modern, terutama dengan meningkatnya jumlah perangkat Internet of Things (IoT) yang terhubung. Simulasi dilakukan dengan menggunakan alat iperf dan Wireshark untuk mengukur performa jaringan sebelum dan sesudah penerapan ZTA, khususnya dalam menguji efektivitasnya dalam menghadapi serangan man-in-the-middle, DDoS, dan insider threats. Hasil pengujian menunjukkan bahwa penerapan ZTA mampu mengurangi risiko serangan siber secara signifikan, meskipun terdapat sedikit kompromi pada performa jaringan, dengan penurunan throughput sebesar 5% dan peningkatan latency sebesar 5 ms. Kebijakan micro-segmentation, multi-factor authentication (MFA), dan least privilege access terbukti efektif dalam meningkatkan stabilitas jaringan dan mencegah akses tidak sah. Meskipun demikian, penelitian ini menekankan pentingnya optimalisasi ZTA untuk memastikan keseimbangan antara keamanan dan kinerja jaringan di masa depan.


Keywords


DDoS; least privilege access; man-in-the-middle; micro-segmentation; Zero Trust Architecture

Full Text:

PDF

Article Metrics :

References


Tao Chuan et al 2020 J. Phys.: Conf. Ser. 1651 012010, DOI 10.1088/1742-6596/1651/1/012010

M. Rose, "Zero Trust Architecture for Enhanced Network Security," IEEE Communications Magazine, vol. 58, no. 10, pp. 112-119, 2020.

S. Wood, "Evaluating the Performance Impact of Zero Trust Models on Network Security," Journal of Network Security, vol. 22, no. 3, pp. 45-53, 2021.

A. Pourghorban, M. Dorothy, D. Shishika, A. Von Moll and D. Maity, "Target Defense against Sequentially Arriving Intruders," 2022 IEEE 61st Conference on Decision and Control (CDC), Cancun, Mexico, 2022, pp. 6594-6601, doi: 10.1109/CDC51059.2022.9992425.

Khan, N. M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 19(3), 105–116. https://doi.org/10.30574/wjarr.2023.19.3.1785

Chandramouli, R., & Butcher, Z. (2023). A zero trust architecture model for access control in cloud-native applications in multi-location environments. https://doi.org/10.6028/nist.sp.800-207a

Ahmed, I., Nahar, T., Urmi, S. S., & Taher, K. A. (2020). Protection of Sensitive Data in Zero Trust Model. Protection of Sensitive Data in Zero Trust Model. https://doi.org/10.1145/3377049.3377114

Ramezanpour, K., & Jagannath, J. (2022). Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O-RAN. Computer Networks, 217, 109358. https://doi.org/10.1016/j.comnet.2022.109358

Hassan, H. U., Nor, R. M., Amiruzzaman, M., Wani, S., & Islam, M. R. (2021). DNS attack mitigation Using OpenStack Isolation. arXiv (Cornell University). https://doi.org/10.48550/arxiv.2106.04575.

J. Smith, "Network Simulation Tools for Evaluating Security Architectures," International Journal of Cybersecurity, vol. 15, no. 2, pp. 89-98, 2019.

B. C. Asman, M. H. Kim, R. A. Moschitto, J. C. Stauffer and S. H. Huddleston, "Methodology for analyzing the compromise of a deployed tactical network," 2011 IEEE Systems and Information Engineering Design Symposium, Charlottesville, VA, USA, 2011, pp. 164-169, doi: 10.1109/SIEDS.2011.5876871.

Kurniawan, D. E., Arif, H., Nelmiawati, N., Tohari, A. H., & Fani, M. (2019). Implementation and analysis ipsec-vpn on cisco asa firewall using gns3 network simulator. Journal of Physics Conference Series, 1175, 012031. https://doi.org/10.1088/1742-6596/1175/1/012031

Helali, Saida. (2020). Simulating Network Architectures with GNS3. 9-25. 10.1002/9781119779964.ch2.

Cisco. (2023). Cisco Packet Tracer documentation. https://www.netacad.com/cisco-packet-tracer

Eka Putra, Fauzan & Ubaidi, Ubaidi & Tamam, Alief & Efendi, Reynal. (2024). Implementation And Simulation Of Dynamic Arp Inspection In Cisco Packet Tracer For Network Security. Brilliance: Research of Artificial Intelligence. 4. 340-347. 10.47709/brilliance.v4i1.4199.

Hashimi, S. M., & Güneş, A. (2017). Performance Evaluation of a Network Using Simulation Tools or Packet Tracer. IOSR Journal of Computer Engineering, 19(01), 01–05. https://doi.org/10.9790/0661-1901010105