Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework

Main Article Content

Utama Hasiolan Panggabean
Benfano Soewito

Abstract

This study concentrates on examining the security of network infrastructure using the cyber kill chain framework approach. The research is conducted within a company operating in network security services. In its operations, it offers a Virtual Private Cloud (VPC) containing various crucial information such as applications, internal data, client data, and product demos. Despite the attractive features of cloud computing, there are significant threats as well. Handling attacks cannot be swiftly and efficiently executed, resulting in temporary operational unavailability until the attacks are resolved. This research delves into the security of the company's infrastructure by testing several points of vulnerability exploited by malicious parties. The cyber kill chain framework approach is employed to systematically assess the company's infrastructure. The study reveals that certain issues have been adequately detected; however, security gaps persist, as evidenced by the testing conducted and the inadequate response from the company's security systems.

Article Details

How to Cite
Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework. (2023). JUSIFO (Jurnal Sistem Informasi), 9(1), 33-44. https://doi.org/10.19109/jusifo.v9i1.17365
Section
Articles

How to Cite

Analisis Keamanan Infrastruktur Jaringan Berdasarkan Cyber Kill Chain Framework. (2023). JUSIFO (Jurnal Sistem Informasi), 9(1), 33-44. https://doi.org/10.19109/jusifo.v9i1.17365

References

Abdul-Jabbar, S. S., Aldujaili, A., Mohammed, S. G., & Saeed, H. S. (2020). Integrity and security in cloud computing environment: a review. Journal of Southwest Jiaotong University, 55(1). https://doi.org/10.35741/issn.0258-2724.55.1.11

Ahmed, Y., Asyhari, A. T., & Rahman, M. A. (2021). A cyber kill chain approach for detecting advanced persistent threats. Computers, Materials and Continua, 67(2), 2497–2513. https://doi.org/10.32604/CMC.2021.014223

Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H., & Ayaz, M. (2021). A systematic literature review on cloud computing security: threats and mitigation strategies. IEEE Access, 9, 57792–57807. https://doi.org/10.1109/ACCESS.2021.3073203

Aminzade, M. (2018). Confidentiality, integrity and availability – finding a balanced IT framework. Network Security, 2018(5), 9–11. https://doi.org/10.1016/S1353-4858(18)30043-6

Bollinadi, M., & Damera, V. K. (2017). Cloud computing: security issues and research challenges. Journal of Network Communications and Emerging Technologies (JNCET) Www.Jncet.Org, 7(11). https://www.jncet.org/Manuscripts/Volume-7/Issue-11/Vol-7-issue-11-M-12.pdf

Capano, D. E. (2019). Understand the cyber-attack lifecycle: a cyber kill chain provides a model for understanding the lifecycle of a cyber attack and helps those involved with critical infrastructure improve cybersecurity policies, technologies, training, and industrial contr. Control Engineering, 66(7), 32–34. https://go.gale.com/ps/i.do?p=AONE&sw=w&issn=00108049&v=2.1&it=r&id=GALE%7CA597810215&sid=googleScholar&linkaccess=fulltext

Carella, A., Kotsoev, M., & Truta, T. M. (2017). Impact of security awareness training on phishing click-through rates. Proceedings - 2017 IEEE International Conference on Big Data, Big Data 2017, 2018-Janua, 4458–4466. https://doi.org/10.1109/BIGDATA.2017.8258485

Garba, F. A., Junaidu, S. B., Ahmad, B. I., & Tekanyi, A. M. S. (2019). Proposed framework for effective detection and prediction of advanced persistent threats based on the cyber kill chain. Scientific and Practical Cyber Security Journal, 3(3). https://journal.scsa.ge/wp-content/uploads/2019/10/sept_2019_full_issue-n_c.pdf

Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., & Baker, T. (2018). Security threats to critical infrastructure: the human factor. Journal of Supercomputing, 74(10), 4986–5002. https://doi.org/10.1007/S11227-018-2337-2/TABLES/1

Gunduz, M. Z., & Das, R. (2020). Cyber-security on smart grid: threats and potential solutions. Computer Networks, 169, 107094. https://doi.org/10.1016/J.COMNET.2019.107094

Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers 2014, Vol. 3, Pages 1-35, 3(1), 1–35. https://doi.org/10.3390/COMPUTERS3010001

Khidzir, N. Z., Mat Daud, K. A., Ismail, A. R., Abd. Ghani, M. S. A., & Ibrahim, M. A. H. (2018). Information security requirement: the relationship between cybersecurity risk confidentiality, integrity and availability in digital social media. Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016), 229–237. https://doi.org/10.1007/978-981-13-0074-5_21

Kiwia, D., Dehghantanha, A., Choo, K. K. R., & Slaughter, J. (2018). A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science, 27, 394–409. https://doi.org/10.1016/J.JOCS.2017.10.020

Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125, 691–697. https://doi.org/10.1016/J.PROCS.2017.12.089

Lee, J.-S., Cho, S.-Y., Oh, H.-R., & Han, M.-M. (2021). A study on defense and attack model for cyber command control system based cyber kill chain. Journal of Internet Computing and Services, 22(1), 41–50. https://doi.org/10.7472/JKSII.2021.22.1.41

Liu, W. (2012). Research on cloud computing security problem and strategy. 2012 2nd International Conference on Consumer Electronics, Communications and Networks, CECNet 2012 - Proceedings, 1216–1219. https://doi.org/10.1109/CECNET.2012.6202020

Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing resilience of critical infrastructure elements. International Journal of Critical Infrastructure Protection, 25, 125–138. https://doi.org/10.1016/J.IJCIP.2019.03.003

Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. Journal of Supercomputing, 76(12), 9493–9532. https://doi.org/10.1007/S11227-020-03213-1/METRICS

Tchernykh, A., Schwiegelsohn, U., Talbi, E. ghazali, & Babenko, M. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science, 36, 100581. https://doi.org/10.1016/J.JOCS.2016.11.011

Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access, 6, 25167–25177. https://doi.org/10.1109/ACCESS.2018.2817560

Wang, Y., Zhang, T., & Ye, Q. (2021). Situation awareness framework for industrial control system based on cyber kill chain. MATEC Web of Conferences, 336, 02013. https://doi.org/10.1051/MATECCONF/202133602013

Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583–592. https://doi.org/10.1016/J.FUTURE.2010.12.006