L1
LAMPIRAN Konfigurasi • AS30000 router>enable router#conf t router(config)#hostname AS30000 AS30000(config)#banner motd #Welcome To AS30000# AS30000(config)#banner login #For Authorized Only !!!# AS30000(config)#ena password router3 AS30000(config)#ena secret router3 AS30000(config)#service password-encryption AS30000(config)#line con 0 AS30000(config-line)#password cisco AS30000(config-line)#login AS30000(config-line)#logging synchronous AS30000(config-line)#exit AS30000(config)#line vty 0 4 AS30000(config-line)#password cisco AS30000(config-line)#login AS30000(config-line)#logging synchronous AS30000(config)#int se0/0 AS30000(config-if)#description RouteBGP/AS20000(Se0/0) AS30000(config)#no ip domain lookup AS30000(config)#exit AS30000#copy running-config startup-config
L2
Destination filename [startup-config]? Building configuration... [OK] IP Address AS30000(config)#interface Se0/0 AS30000(config-if)#ip address 100.100.1.1 255.255.255.252 AS30000(config-if)#clock rate 64000 AS30000(config-if)#no shut Routing Protocol AS30000(config)#router ospf 1 AS30000(config-router)#network 100.100.1.0 0.0.0.3 area 0 AS30000(config)#router bgp 30000 AS30000(config-router)#neighbor 100.100.1.2 remote-as 20000
• AS40000 Basic Config router>enable router#conf t router(config)#hostname AS40000 AS40000(config)#banner motd #Welcome To AS40000# AS40000(config)#banner login #For Authorized Only !!!# AS40000(config)#ena password router4 AS40000(config)#ena secret router4 AS40000(config)#service password-encryption AS40000(config)#line con 0 AS40000(config-line)#password cisco
L3
AS40000(config-line)#login AS40000(config-line)#logging synchronous AS40000(config-line)#exit AS40000(config)#line vty 0 4 AS40000(config-line)#password cisco AS40000(config-line)#login AS40000(config-line)#logging synchronous AS40000(config)#int se0/1 AS40000(config-if)#description RouteBGP/AS20000(Se0/1) AS40000(config)#no ip domain lookup AS40000(config)#exit AS40000#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] IP Address AS40000(config)#interface Se0/1 AS40000(config-if)#ip address 101.100.1.1 255.255.255.252 AS40000(config-if)#clock rate 64000 AS40000(config-if)#no shut Routing Protocol AS40000(config)#router ospf 1 AS40000(config-router)#network 101.100.1.0 0.0.0.3 area 0 AS40000(config)#router bgp 40000 AS40000(config-router)#neighbor 101.100.1.2 remote-as 20000
L4
• AS50000 Basic Config router>enable router#conf t router(config)#hostname AS50000 AS50000(config)#banner motd #Welcome To AS50000# AS50000(config)#banner login #For Authorized Only !!!# AS50000(config)#ena password router5 AS50000(config)#ena secret router5 AS50000(config)#service password-encryption AS50000(config)#line con 0 AS50000(config-line)#password cisco AS50000(config-line)#login AS50000(config-line)#logging synchronous AS50000(config-line)#exit AS50000(config)#line vty 0 4 AS50000(config-line)#password cisco AS50000(config-line)#login AS50000(config-line)#logging synchronous AS50000(config)#int se0/2 AS50000(config-if)#description RouteBGP/AS20000(Se0/2) AS50000(config-if)#exit AS50000(config)#int fa0/0 AS50000(config-if)#description Server AS50000(config)#no ip domain lookup
L5
AS50000(config)#exit AS50000#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] IP Address AS50000(config)#interface Se0/2 AS50000(config-if)#ip address 102.100.1.1 255.255.255.252 AS50000(config-if)#clock rate 64000 AS50000(config-if)#no shut Routing Protocol AS50000(config)#router ospf 1 AS50000(config-router)#network 102.100.1.0 0.0.0.3 area 0 AS50000(config-router)#network 110.100.1.0 0.0.0.3 area 0 AS50000(config)#router bgp 50000 AS50000(config-router)#neighbor 102.100.1.2 remote-as 20000
• RouteBGP Basic Config router>enable router#conf t router(config)#hostname RouteBGP RouteBGP(config)#banner motd #Welcome To RouteBGP# RouteBGP (config)#banner login #For Authorized Only !!!# RouteBGP (config)#ena password router2 RouteBGP (config)#ena secret router2
L6
RouteBGP (config)#service password-encryption RouteBGP (config)#line con 0 RouteBGP (config-line)#password cisco RouteBGP (config-line)#login RouteBGP (config-line)#logging synchronous RouteBGP (config-line)#exit RouteBGP (config)#line vty 0 4 RouteBGP (config-line)#password cisco RouteBGP (config-line)#login RouteBGP (config-line)#logging synchronous RouteBGP (config)#int se0/0 RouteBGP (config-if)#description AS30000(Se0/0) RouteBGP (config-if)#exit RouteBGP (config)#int se0/1 RouteBGP (config-if)#description AS40000(Se0/1) RouteBGP (config-if)#exit RouteBGP (config)#int se0/2 RouteBGP (config-if)#description AS50000(Se0/2) RouteBGP (config-if)#exit RouteBGP (config)#no ip domain lookup RouteBGP (config)#exit RouteBGP #copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]
L7
IP Address RouteBGP (config)#int se0/1 RouteBGP (config-if)# ip address 100.100.1.2 255.255.255.252 RouteBGP (config-if)#clock rate 64000 RouteBGP (config-if)#no shut RouteBGP (config-if)#exit RouteBGP (config)#int se0/2 RouteBGP (config-if)# ip address 101.100.1.2 255.255.255.252 RouteBGP (config-if)#clock rate 64000 RouteBGP (config-if)#no shut RouteBGP (config-if)#exit RouteBGP (config)#interface Se0/2 RouteBGP (config-if)#ip address 102.100.1.2 255.255.255.252 RouteBGP (config-if)#clock rate 64000 RouteBGP (config-if)#no shut Routing Protocol RouteBGP (config)#router ospf 1 RouteBGP (config-router)#network 102.100.1.0 0.0.0.3 area 0 RouteBGP (config-router)#network 110.100.1.0 0.0.0.3 area 0 RouteBGP (config)#router bgp 50000 RouteBGP (config-router)#neighbor 102.100.1.2 remote-as 20000
• RouteX Basic Config router>enable
L8
router#conf t router(config)#hostname RouteX RouteX(config)#banner motd #Welcome To RouteX# RouteX(config)#banner login #For Authorized Only !!!# RouteX(config)#ena password router1 RouteX(config)#ena secret router1 RouteX(config)#service password-encryption RouteX(config)#line con 0 RouteX(config-line)#password cisco RouteX(config-line)#login RouteX(config-line)#logging synchronous RouteX(config-line)#exit RouteX(config)#line vty 0 4 RouteX(config-line)#password cisco RouteX(config-line)#login RouteX(config-line)#logging synchronous RouteX(config)#int se0/1 RouteX(config-if)#description RouteBGP/AS20000(Se1/0) RouteX(config-if)#exit RouteX(config)#int se0/0 RouteX(config-if)#description Firewall(Se0/0) RouteX(config)#no ip domain lookup RouteX(config)#exit RouteX#copy running-config startup-config Destination filename [startup-config]?
L9
Building configuration... [OK] IP Address RouteX(config)#interface Se0/0 RouteX(config-if)#ip address 202.100.100.1 255.255.255.252 RouteX(config-if)#clock rate 64000 RouteX(config-if)#no shut RouteX(config-if)#exit RouteX(config)#interface Se0/1 RouteX(config-if)#ip address 103.100.1.2 255.255.255.252 RouteX(config-if)#clock rate 64000 RouteX(config-if)#no shut Routing Protocol RouteX(config)#router ospf 1 RouteX(config-router)#network 103.100.1.0 0.0.0.3 area 0 RouteX(config-router)#network 202.100.100.0 0.0.0.3 area 0 RouteX(config-router)#network 102.100.1.0 0.0.0.3 area 0 RouteX(config-router)#network 101.100.1.0 0.0.0.3 area 0 RouteX(config-router)#network 100.100.1.0 0.0.0.3 area 0 RouteX(config-router)#network 100.100.1.1 0.0.0.0 area 0 RouteX(config-router)#network 101.100.1.1 0.0.0.0 area 0 RouteX(config-router)#network 102.100.1.1 0.0.0.0 area 0
L10
• Firewall Basic Config router>enable router#conf t router(config)#hostname Firewall Firewall(config)#banner motd #Welcome To Firewall# Firewall(config)#banner login #For Authorized Only !!!# Firewall(config)#ena password router6 Firewall(config)#ena secret router6 Firewall(config)#service password-encryption Firewall(config)#line con 0 Firewall(config-line)#password cisco Firewall(config-line)#login Firewall(config-line)#logging synchronous Firewall(config-line)#exit Firewall(config)#line vty 0 4 Firewall(config-line)#password cisco Firewall(config-line)#login Firewall(config-line)#logging synchronous Firewall(config)#int se0/0 Firewall(config-if)#description RouteX (Se0/0) Firewall(config-if)#exit Firewall(config-if)#int range fa0/0.100 - fa0/0.104 Firewall(config-if)#description SwitchCore (Fa0/0) Firewall(config-if)#exit
L11
Firewall(config)#no ip domain lookup Firewall(config)#exit Firewall#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Access List Firewall(config)#interface se0/0 Firewall(config) #ip address 202.100.100.2 255.255.255.252 Firewall(config)#access-list 105 deny tcp 192.163.100.32 0.0.0.31 any eq www Firewall(config)#access-list 105 deny tcp 192.163.100.128 0.0.0.31 any eq www Firewall(config)#access-list 105 permit ip any any Firewall(config)#access-list 1 permit 192.163.100.0 0.0.0.31 Firewall(config)#access-list 1 permit 192.163.100.32 0.0.0.31 Firewall(config)#access-list 1 permit 192.163.100.64 0.0.0.31 Firewall(config)#access-list 1 permit 192.163.100.96 0.0.0.31 Firewall(config)#access-list 1 permit 192.163.100.128 0.0.0.31 Firewall(config)#ip nat outside source list 1 pool word
IP Address Firewall(config)#interface se0/0 Firewall(config-if)#ip address 202.100.100.2 255.255.255.252 Firewall(config-if)#ip nat outside Firewall(config-if)#ip access-group 105 out Firewall(config-if)#exit
L12
Firewall(config)#interface fa0/0.100 Firewall(config-subif)#ip address 192.163.100.1 255.255.255.224 Firewall(config-subif)#ip nat inside Firewall(config-subif)# encapsulation dot1Q 10 Firewall(config-subif)#exit Firewall(config)#interface fa0/0.101 Firewall(config-subif)#ip address 192.163.100.33 255.255.255.224 Firewall(config-subif)#ip nat inside Firewall(config-subif)# encapsulation dot1Q 20 Firewall(config-subif)#exit Firewall(config)#interface fa0/0.102 Firewall(config-subif)#ip address 192.163.100.65 255.255.255.224 Firewall(config-subif)#ip nat inside Firewall(config-subif)# encapsulation dot1Q 30 Firewall(config-subif)#exit Firewall(config)#interface fa0/0.103 Firewall(config-subif)#ip address 192.163.100.99 255.255.255.224 Firewall(config-subif)#ip nat inside Firewall(config-subif)# encapsulation dot1Q 40 Firewall(config-subif)#exit Firewall(config)#interface fa0/0.104 Firewall(config-subif)#ip address 192.163.100.130 255.255.255.224 Firewall(config-subif)#ip nat inside Firewall(config-subif)# encapsulation dot1Q 50 Firewall(config-subif)#exit
L13
Routing Protocol Firewall(config)#router ospf 1 Firewall(config-router)#network 103.100.1.0 0.0.0.3 area 0 Firewall(config-router)#network 202.100.100.0 0.0.0.3 area 0 Firewall(config-router)#network 102.100.1.0 0.0.0.3 area 0 Firewall(config-router)#network 101.100.1.0 0.0.0.3 area 0 Firewall(config-router)#network 100.100.1.0 0.0.0.3 area 0 Firewall(config-router)#network 100.100.1.1 0.0.0.0 area 0 Firewall(config-router)#network 101.100.1.1 0.0.0.0 area 0 Firewall(config-router)#network 102.100.1.1 0.0.0.0 area 0
• SwitchCore Basic Config Switch>enable Switch#conf t Switch(config)#hostname SwitchCore SwitchCore(config)#banner motd #Welcome To SwitchCore# SwitchCore(config)#banner login #For Authorized Only !!!# SwitchCore(config)#ena password switch1 SwitchCore(config)#ena secret switch1 SwitchCore(config)#service password-encryption SwitchCore(config)#line con 0 SwitchCore(config-line)#password cisco SwitchCore(config-line)#login SwitchCore(config-line)#logging synchronous
L14
SwitchCore(config-line)#exit SwitchCore(config)#line vty 0 4 SwitchCore(config-line)#password cisco SwitchCore(config-line)#login SwitchCore(config-line)#logging synchronous SwitchCore(config-line)#exit SwitchCore(config)#vlan 10 SwitchCore(config-vlan)#name HRD SwitchCore(config-vlan)#vlan 20 SwitchCore(config-vlan)#name Marketing SwitchCore(config-vlan)#vlan 30 SwitchCore(config-vlan)#name Finance SwitchCore(config-vlan)#vlan 40 SwitchCore(config-vlan)#name IT SwitchCore(config-vlan)#vlan 50 SwitchCore(config-vlan)#name Humas SwitchCore(config-vlan)#Exit SwitchCore(config)# interface range fastEthernet 0/2-5 SwitchCore(config-if-range)#switchport mode access SwitchCore(config-if-range)#switchport access vlan 10 SwitchCore(config-if-range)#exit SwitchCore(config)# interface range fastEthernet 0/6-10 SwitchCore(config-if-range)#switchport mode access SwitchCore(config-if-range)#switchport access vlan 20 SwitchCore(config)# interface range fastEthernet 0/11-14
L15
SwitchCore(config-if-range)#switchport mode access SwitchCore(config-if-range)#switchport access vlan 30 SwitchCore(config-if-range)#exit SwitchCore(config)# interface range fastEthernet 0/15-19 SwitchCore(config-if-range)#switchport mode access SwitchCore(config-if-range)#switchport access vlan 40 SwitchCore(config-if-range)#exit SwitchCore(config)# interface range fastEthernet 0/20-24 SwitchCore(config-if-range)#switchport mode access SwitchCore(config-if-range)#switchport access vlan 50 SwitchCore(config-if-range)#exit SwitchCore(config)# interface fastEthernet 0/1 SwitchCore(config-if-range)#switchport mode trunk SwitchCore(config-if)#switchport trunk native vlan 99 SwitchCore(config-if-range)#exit
L16
WAWANCARA PENGAMBILAN DATA Pertanyaan wawancara untuk : Nama
: Sri Suyanto
Status
: Staff Jaringan Perusahaan
Lokasi
: PT. Rekayasa Industri, Kalibata, Jakarta
Waktu
: ? November 2012, Pukul 10.00 WIB
1. Adakah kendala yang selama ini mulai dihadapi oleh perusahaan dalam bidang teknologi informasi maupun jaringan? Perusahaan ingin mengetahui jenis-jenis ancaman jaringan berbahaya yang ada akhir-akhir ini. Teknologi selalu berkembang, dan kami ingin agar network yang digunakan tetap update terhadap ancaman-ancaman baru dan berbahaya yang ada dewasa ini. 2. Ada berapa gedung yang memiliki jaringan aktif pada PT Rekayasa Industri? Di Kalibata ada dua gedung utama, yang terhubung dengan cyber building serta temporary building dan site project yang berada diluar wilayah Kalibata. 3. Sebelumnya untuk koneksi dari building utama kalibata ke cyber building apakah memang menggunakan konfigurasi BGP atau ada yang lain? Dari kalibata ke cyber building statik routing. Yang ada bgp-nya router kami di cyber building. 4. Hardware dan software apa saja yang digunakan pada UTM? Pada topologi, dimana letak paling baik untuk meletakkan UTM?
L17
Hardware + software watchguard. Penempatan watchguard sendiri diletakkan diantara LAN DMZ dengan internet. 5. Jika
kami
melakukan
pengujian
Watchguard
dengan
menyerang
server
menggunakan LOIC, kira-kira akan terjadi hal seperti apa? Penyerangan menggunakan LOIC hanya terlihat sebaris pada log reverse - proxy saja. Jika di watchguard sendiri kan lalu lintasnya banyak sekali, jadi ga kelihatan, kecuali kalo ingin dipantau spesifik dari ip sekian. Jika penyerangan DDoS menggunakan bandwidth yang kecil, tidak akan terjadi masalah yang berarti. 6. Untuk tampilan yang akan diletakkan pada skripsi, apakah ada yang harus diburamkan demi keamanan perusahaan? (seperti alamat IP, dst) Setiap print screen yang didapat mohon untuk ditunjukkan terlebih dahulu kepada pihak perusahaan sebelum ditambahkan ke dalam skripsi, agar alamat IP dan hal-hal lain yang penting dapat kami buramkan terlebih dahulu. 7. Kami mencoba melakukan konfigurasi BGP dan routing protocol pada bagian cyber building. Sebagai seorang network programmer, apakah konfigurasi tersebut dilakukan oleh dilakukan oleh pihak cyber building? Konfigurasi network dilakukan di dua sisi, yaitu pada network provider yang kami pakai dan sisi network provider. 8. Saat ini, Rekayasa Industri menggunakan sistem keamanan yang hanya mengandalkan IDS. Secara teknis, bagaimana cara penanganan serangan yang masuk?
L18
Penanganan dengan IDS tergantung pada kasusnya. Untuk yang mencoba - coba seperti brute force password biasanya akan disampaikan secara manual ke tim development agar dibatasi akses atau log-in percobaannya.