Aplikasi Model Sistem Keamanan Jaringan Berbasis De-Militarised Zone
Abstrak: De-Militarized Zone
(DMZ) is a "sacrificial lamb" for hackers applied to protect internal
system relating to hack attack (hack attack). DMZ works for all service base of
network requiring access to network "external world" to part of
network the other. That way, all " open port" is relating to external
world will stay at network, so that if a hacker did attack and does crack at
server using system DMZ, the hacker will only can access its(the host is only,
not at internal network. In General DMZ is built based on three fruit of
concept, that is: NAT (Network Address Translation), PAT (Port Addressable
Translation), and Access List. NAT functions to show again coming packages
"real address" to internal address. For example: if wes own
"real address" 203.8.90.100, we can form a direct NAT automatically
at data coming to 192.168.100.1 (an internal network address). Then PAT
functions menunjukan data to coming at particular port, or range a port and protocol
(TCP/UDP or other) and address IP to a particular port or range a port to an
internal address of IP. While access list functions to control in precise what
is coming and going out from network in a question. For example: we can refuse
or enables all ICMP is coming to all address IP except for an undesirable ICMP.
Penulis: ADDY SUYATNO
Kode Jurnal: jptinformatikadd090059