Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework
Article Sidebar
Published:
Jun 30, 2023
Keywords:
Infrastructure Security Analysis, Security Gaps, Cyber Kill Chain Framework
Main Article Content
Abstract
This study concentrates on examining the security of network infrastructure using the cyber kill chain framework approach. The research is conducted within a company operating in network security services. In its operations, it offers a Virtual Private Cloud (VPC) containing various crucial information such as applications, internal data, client data, and product demos. Despite the attractive features of cloud computing, there are significant threats as well. Handling attacks cannot be swiftly and efficiently executed, resulting in temporary operational unavailability until the attacks are resolved. This research delves into the security of the company's infrastructure by testing several points of vulnerability exploited by malicious parties. The cyber kill chain framework approach is employed to systematically assess the company's infrastructure. The study reveals that certain issues have been adequately detected; however, security gaps persist, as evidenced by the testing conducted and the inadequate response from the company's security systems.
Article Details
How to Cite
Panggabean, U. H., & Soewito, B. (2023). Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework. JUSIFO (Jurnal Sistem Informasi), 9(1), 33-44. https://doi.org/10.19109/jusifo.v9i1.17365
Section
Articles
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
How to Cite
Panggabean, U. H., & Soewito, B. (2023). Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework. JUSIFO (Jurnal Sistem Informasi), 9(1), 33-44. https://doi.org/10.19109/jusifo.v9i1.17365
References
Abdul-Jabbar, S. S., Aldujaili, A., Mohammed, S. G., & Saeed, H. S. (2020). Integrity and security in cloud computing environment: a review. Journal of Southwest Jiaotong University, 55(1). https://doi.org/10.35741/issn.0258-2724.55.1.11
Ahmed, Y., Asyhari, A. T., & Rahman, M. A. (2021). A cyber kill chain approach for detecting advanced persistent threats. Computers, Materials and Continua, 67(2), 2497–2513. https://doi.org/10.32604/CMC.2021.014223
Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H., & Ayaz, M. (2021). A systematic literature review on cloud computing security: threats and mitigation strategies. IEEE Access, 9, 57792–57807. https://doi.org/10.1109/ACCESS.2021.3073203
Aminzade, M. (2018). Confidentiality, integrity and availability – finding a balanced IT framework. Network Security, 2018(5), 9–11. https://doi.org/10.1016/S1353-4858(18)30043-6
Bollinadi, M., & Damera, V. K. (2017). Cloud computing: security issues and research challenges. Journal of Network Communications and Emerging Technologies (JNCET) Www.Jncet.Org, 7(11). https://www.jncet.org/Manuscripts/Volume-7/Issue-11/Vol-7-issue-11-M-12.pdf
Capano, D. E. (2019). Understand the cyber-attack lifecycle: a cyber kill chain provides a model for understanding the lifecycle of a cyber attack and helps those involved with critical infrastructure improve cybersecurity policies, technologies, training, and industrial contr. Control Engineering, 66(7), 32–34. https://go.gale.com/ps/i.do?p=AONE&sw=w&issn=00108049&v=2.1&it=r&id=GALE%7CA597810215&sid=googleScholar&linkaccess=fulltext
Carella, A., Kotsoev, M., & Truta, T. M. (2017). Impact of security awareness training on phishing click-through rates. Proceedings - 2017 IEEE International Conference on Big Data, Big Data 2017, 2018-Janua, 4458–4466. https://doi.org/10.1109/BIGDATA.2017.8258485
Garba, F. A., Junaidu, S. B., Ahmad, B. I., & Tekanyi, A. M. S. (2019). Proposed framework for effective detection and prediction of advanced persistent threats based on the cyber kill chain. Scientific and Practical Cyber Security Journal, 3(3). https://journal.scsa.ge/wp-content/uploads/2019/10/sept_2019_full_issue-n_c.pdf
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., & Baker, T. (2018). Security threats to critical infrastructure: the human factor. Journal of Supercomputing, 74(10), 4986–5002. https://doi.org/10.1007/S11227-018-2337-2/TABLES/1
Gunduz, M. Z., & Das, R. (2020). Cyber-security on smart grid: threats and potential solutions. Computer Networks, 169, 107094. https://doi.org/10.1016/J.COMNET.2019.107094
Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers 2014, Vol. 3, Pages 1-35, 3(1), 1–35. https://doi.org/10.3390/COMPUTERS3010001
Khidzir, N. Z., Mat Daud, K. A., Ismail, A. R., Abd. Ghani, M. S. A., & Ibrahim, M. A. H. (2018). Information security requirement: the relationship between cybersecurity risk confidentiality, integrity and availability in digital social media. Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016), 229–237. https://doi.org/10.1007/978-981-13-0074-5_21
Kiwia, D., Dehghantanha, A., Choo, K. K. R., & Slaughter, J. (2018). A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science, 27, 394–409. https://doi.org/10.1016/J.JOCS.2017.10.020
Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125, 691–697. https://doi.org/10.1016/J.PROCS.2017.12.089
Lee, J.-S., Cho, S.-Y., Oh, H.-R., & Han, M.-M. (2021). A study on defense and attack model for cyber command control system based cyber kill chain. Journal of Internet Computing and Services, 22(1), 41–50. https://doi.org/10.7472/JKSII.2021.22.1.41
Liu, W. (2012). Research on cloud computing security problem and strategy. 2012 2nd International Conference on Consumer Electronics, Communications and Networks, CECNet 2012 - Proceedings, 1216–1219. https://doi.org/10.1109/CECNET.2012.6202020
Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing resilience of critical infrastructure elements. International Journal of Critical Infrastructure Protection, 25, 125–138. https://doi.org/10.1016/J.IJCIP.2019.03.003
Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. Journal of Supercomputing, 76(12), 9493–9532. https://doi.org/10.1007/S11227-020-03213-1/METRICS
Tchernykh, A., Schwiegelsohn, U., Talbi, E. ghazali, & Babenko, M. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science, 36, 100581. https://doi.org/10.1016/J.JOCS.2016.11.011
Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access, 6, 25167–25177. https://doi.org/10.1109/ACCESS.2018.2817560
Wang, Y., Zhang, T., & Ye, Q. (2021). Situation awareness framework for industrial control system based on cyber kill chain. MATEC Web of Conferences, 336, 02013. https://doi.org/10.1051/MATECCONF/202133602013
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583–592. https://doi.org/10.1016/J.FUTURE.2010.12.006
Ahmed, Y., Asyhari, A. T., & Rahman, M. A. (2021). A cyber kill chain approach for detecting advanced persistent threats. Computers, Materials and Continua, 67(2), 2497–2513. https://doi.org/10.32604/CMC.2021.014223
Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H., & Ayaz, M. (2021). A systematic literature review on cloud computing security: threats and mitigation strategies. IEEE Access, 9, 57792–57807. https://doi.org/10.1109/ACCESS.2021.3073203
Aminzade, M. (2018). Confidentiality, integrity and availability – finding a balanced IT framework. Network Security, 2018(5), 9–11. https://doi.org/10.1016/S1353-4858(18)30043-6
Bollinadi, M., & Damera, V. K. (2017). Cloud computing: security issues and research challenges. Journal of Network Communications and Emerging Technologies (JNCET) Www.Jncet.Org, 7(11). https://www.jncet.org/Manuscripts/Volume-7/Issue-11/Vol-7-issue-11-M-12.pdf
Capano, D. E. (2019). Understand the cyber-attack lifecycle: a cyber kill chain provides a model for understanding the lifecycle of a cyber attack and helps those involved with critical infrastructure improve cybersecurity policies, technologies, training, and industrial contr. Control Engineering, 66(7), 32–34. https://go.gale.com/ps/i.do?p=AONE&sw=w&issn=00108049&v=2.1&it=r&id=GALE%7CA597810215&sid=googleScholar&linkaccess=fulltext
Carella, A., Kotsoev, M., & Truta, T. M. (2017). Impact of security awareness training on phishing click-through rates. Proceedings - 2017 IEEE International Conference on Big Data, Big Data 2017, 2018-Janua, 4458–4466. https://doi.org/10.1109/BIGDATA.2017.8258485
Garba, F. A., Junaidu, S. B., Ahmad, B. I., & Tekanyi, A. M. S. (2019). Proposed framework for effective detection and prediction of advanced persistent threats based on the cyber kill chain. Scientific and Practical Cyber Security Journal, 3(3). https://journal.scsa.ge/wp-content/uploads/2019/10/sept_2019_full_issue-n_c.pdf
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., & Baker, T. (2018). Security threats to critical infrastructure: the human factor. Journal of Supercomputing, 74(10), 4986–5002. https://doi.org/10.1007/S11227-018-2337-2/TABLES/1
Gunduz, M. Z., & Das, R. (2020). Cyber-security on smart grid: threats and potential solutions. Computer Networks, 169, 107094. https://doi.org/10.1016/J.COMNET.2019.107094
Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers 2014, Vol. 3, Pages 1-35, 3(1), 1–35. https://doi.org/10.3390/COMPUTERS3010001
Khidzir, N. Z., Mat Daud, K. A., Ismail, A. R., Abd. Ghani, M. S. A., & Ibrahim, M. A. H. (2018). Information security requirement: the relationship between cybersecurity risk confidentiality, integrity and availability in digital social media. Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016), 229–237. https://doi.org/10.1007/978-981-13-0074-5_21
Kiwia, D., Dehghantanha, A., Choo, K. K. R., & Slaughter, J. (2018). A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science, 27, 394–409. https://doi.org/10.1016/J.JOCS.2017.10.020
Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125, 691–697. https://doi.org/10.1016/J.PROCS.2017.12.089
Lee, J.-S., Cho, S.-Y., Oh, H.-R., & Han, M.-M. (2021). A study on defense and attack model for cyber command control system based cyber kill chain. Journal of Internet Computing and Services, 22(1), 41–50. https://doi.org/10.7472/JKSII.2021.22.1.41
Liu, W. (2012). Research on cloud computing security problem and strategy. 2012 2nd International Conference on Consumer Electronics, Communications and Networks, CECNet 2012 - Proceedings, 1216–1219. https://doi.org/10.1109/CECNET.2012.6202020
Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing resilience of critical infrastructure elements. International Journal of Critical Infrastructure Protection, 25, 125–138. https://doi.org/10.1016/J.IJCIP.2019.03.003
Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. Journal of Supercomputing, 76(12), 9493–9532. https://doi.org/10.1007/S11227-020-03213-1/METRICS
Tchernykh, A., Schwiegelsohn, U., Talbi, E. ghazali, & Babenko, M. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science, 36, 100581. https://doi.org/10.1016/J.JOCS.2016.11.011
Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access, 6, 25167–25177. https://doi.org/10.1109/ACCESS.2018.2817560
Wang, Y., Zhang, T., & Ye, Q. (2021). Situation awareness framework for industrial control system based on cyber kill chain. MATEC Web of Conferences, 336, 02013. https://doi.org/10.1051/MATECCONF/202133602013
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583–592. https://doi.org/10.1016/J.FUTURE.2010.12.006