Diseño e implementación de políticas de seguridad perimetral y de acceso en infraestructura de red corporativa de tres capas
DOI:
https://doi.org/10.64973/6tmzr113Palabras clave:
Seguridad de redes, VLAN, control de acceso, DMZ, Cisco Packet Tracer, Zero TrustResumen
El presente estudio tiene como objetivo diseñar e implementar un conjunto integral de políticas de seguridad perimetral y de control de acceso en una red corporativa basada en una arquitectura jerárquica de tres capas (núcleo, distribución y acceso). La investigación se desarrolló bajo un enfoque aplicado y experimental, utilizando el simulador Cisco Packet Tracer para modelar una infraestructura realista que integra segmentación mediante VLAN, control de tráfico inter-VLAN mediante listas de control de acceso (ACL), mecanismos de seguridad de capa 2 como Port-Security, DHCP Snooping y Dynamic ARP Inspection, así como la implementación de una zona desmilitarizada (DMZ) y alta disponibilidad mediante HSRP. Los resultados obtenidos evidencian que la segmentación lógica permitió aislar dominios de seguridad y reducir la propagación de amenazas, mientras que las políticas de control de acceso limitaron el tráfico únicamente a los flujos autorizados. Asimismo, los mecanismos de capa 2 demostraron ser efectivos para mitigar ataques internos como DHCP rogue y ARP spoofing, y la arquitectura perimetral logró exponer servicios públicos de forma controlada sin comprometer la red interna. Se concluye que la integración de estos mecanismos dentro de una arquitectura coherente permite fortalecer significativamente la seguridad de redes corporativas, garantizando la continuidad operativa, reduciendo la superficie de ataque y alineándose con principios de defensa en profundidad y control de acceso basado en mínima confianza.
Referencias
Guerrero, J. L. P. (2024). Seguridad en redes LAN: La protección de datos hasta la prevención de intrusiones. Journal TechInnovation, 3(1), 4–14. https://revistas.unesum.edu.ec/JTI/index.php/JTI/article/download/67/116
Paredes-Beltrán, D. F., & Illescas-Peña, J. F. (2022). Política de seguridad para acceso a la red LAN de la Universidad de Cuenca. Dominio de las Ciencias, 8(2), 139–164. https://dialnet.unirioja.es/descarga/articulo/8383429.pdf
Nyakomitta, P. S., & Abeka, S. O. (2020). Security investigation on remote access methods of virtual private network. Global Journal of Computer Science and Technology: E-Network, Web & Security, 20(1), 27–35. https://computerresearch.org/index.php/computer/article/view/1919
Mhaskar, N., Alabbad, M., & Khedri, R. (2021). A formal approach to network segmentation. Computers & Security, 103, 102162. https://doi.org/10.1016/j.cose.2020.102162
Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595
Bobbert, Y., & Scheerder, J. (2020). Zero trust validation: From practical approaches to theory. Scientific Journal of Research and Reviews, 2(5), 1–13. https://irispublishers.com/sjrr/pdf/SJRR.MS.ID.000546.pdf
Chicaiza Puedmag, C. A. (2021). Simulación de una red empresarial mediante la herramienta Cisco Packet Tracer. Revista ODIGOS, 2(3), 99–117. https://revista.uisrael.edu.ec/index.php/ro/article/view/495/430
ElShafee, A., & El-Shafai, W. (2022). Design and analysis of data link impersonation attack for wired LAN application layer services. Journal of Ambient Intelligence and Humanized Computing, 14, 13465–13488. https://doi.org/10.1007/s12652-022-03800-5
Moreira Santos, M. G., & Alcívar Marcillo, P. A. (2017). Security in the data link layer of the OSI model on LANs wired Cisco. Journal of Science and Research: Revista Ciencia e Investigación, 3(CITT2017), 106–112. https://dialnet.unirioja.es/descarga/articulo/7349975.pdf
Sullivan, S., Brighente, A., Kumar, S. A. P., & Conti, M. (2021). 5G security challenges and solutions: A review by OSI layers. IEEE Access, 9, 116295–116313. https://doi.org/10.1109/ACCESS.2021.3105896
El Kafhali, S., El Mir, I., & Hanini, M. (2021). Security threats, defense mechanisms, challenges, and future directions in cloud computing. Archives of Computational Methods in Engineering, 29(3), 1731–1765. https://doi.org/10.1007/s11831-021-09573-y
Abdelrahman, A. M., Rodrigues, J. J. P. C., Mahmoud, M. M. E., Saleem, K., Das, A. K., Korotaev, V., & Kozlov, S. A. (2020). Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions. International Journal of Communication Systems, 33(18), e4706. https://doi.org/10.1002/dac.4706
He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022, Article 6476274. https://doi.org/10.1155/2022/6476274
Putra, F. P. E., Ubaidi, U., Tamam, A. B., & Efendi, R. W. (2024). Implementation and simulation of dynamic ARP inspection in Cisco Packet Tracer for network security. Brilliance: Research of Artificial Intelligence, 4(1), 340–347. https://doi.org/10.47709/brilliance.v4i1.4199
Adjei, H. A. S., Shunhua, T., Agordzo, G. K., Li, Y., Peprah, G., & Gyarteng, E. S. A. (2021). SSL stripping technique (DHCP snooping and ARP spoofing inspection). En 2021 23rd International Conference on Advanced Communication Technology (ICACT) (pp. 187–193). IEEE. https://doi.org/10.23919/ICACT51234.2021.9370460
Saputra, B. R., & Chandra, D. W. (2022). Simulasi keamanan jaringan dengan metode DHCP snooping dan VLAN menggunakan Cisco. Jurnal Teknik Informatika dan Sistem Informasi, 9(4), 3481–3488. https://jurnal.mdp.ac.id/index.php/jatisi/article/download/2730/1056
Pradana, D. A., & Budiman, A. S. (2020). The DHCP snooping and DHCP alert method in securing DHCP server from DHCP rogue attack. International Journal on Informatics for Development, 10(1), 38–46. https://doi.org/10.14421/ijid.2021.2287
Purnomo, A. (2024). Implementation of DHCP snooping method to improve security on computer networks. Journal Bit-Tech, 6(3), 311–318. https://doi.org/10.32877/bt.v6i3.1174
Tuli, R. (2020). Packet sniffing and sniffing detection. International Journal of Innovations in Engineering and Technology, 16(1), 22–32. https://ijiet.com/wp-content/uploads/2020/05/4.pdf
El-Taj, H., & Miralam, L. (2024). Network sniffing and its consequences: A comprehensive survey. International Journal of Computer Science and Information Security, 22(3), 1–15. https://doi.org/10.5281/zenodo.12750103
Marín Valencia, J. J., Patiño Valencia, A., & Acevedo Bedoya, J. C. (2020). Implementación de un sistema de seguridad perimetral informático usando VPN, firewall e IDS. Revista Universidad Católica de Oriente, 31(45), 84–99. https://revistas.uco.edu.co/index.php/uco/article/view/284/370
Ma, Z. (2023). The investigation of communications protocol. En Proceedings of the 2023 International Conference on Data Science, Advanced Algorithm and Intelligent Computing (DAI 2023) (pp. 577–582).
Satria, A., & Ramadhani, F. (2023). Keamanan jaringan komputer menggunakan switch port security pada Cisco Packet Tracer. Sudo Jurnal Teknik Informatika, 2(2), 52–60. https://jurnal.ilmubersama.com/index.php/sudo/article/download/260/182
Nurfaishal, M. D., & Akbar, Y. (2024). Analisis efektivitas keamanan jaringan layer 2: Port security, VLAN hopping, DHCP snooping. Jurnal Indonesia: Manajemen Informatika dan Komunikasi, 5(3), 3278–3287. https://journal.stmiki.ac.id/index.php/jimik/article/download/975/797
Indrianingsih, Y., Wintolo, H., & Saputri, E. Y. (2021). Spanning tree protocol (STP) based computer network performance analysis on BPDU config attacks and take over root bridge using the linear regression method. Jurnal Online Informatika, 6(2), 155–162. https://join.if.uinsgd.ac.id/index.php/join/article/download/703/200
Ubaidillah, A., Joni, K., Bachtiar, M. I., & Kholida, S. I. (2021). Enhancement of computer network performance with VLAN. En E3S Web of Conferences (Vol. 328, Article 02004). https://doi.org/10.1051/e3sconf/202132802004
Hossain, M. A., Miah, H., Ahmed, R., & Anower, S. (2023). Secure inter-VLAN routing in multi branches office network. International Journal of Communication and Information Technology, 4(2), 1–11. https://doi.org/10.33545/2707661X.2023.v4.i2a.65
Al-Ofeishat, H. A., & Alshorman, R. (2024). Build a secure network using segmentation and micro-segmentation techniques. International Journal of Computing and Digital Systems, 16(1), 1499–1508.
Ahmad, I., Ashraf, J., & Nasir, A. R. (2020). Design and implementation of network security using inter-VLAN-routing and DHCP. Asian Journal of Applied Science and Technology, 4(3), 37–44. https://doi.org/10.38177/ajast.2020.4306
Luiselli, V., & Volpi, J. (2023). Strengthening network security: Best practices to protect your digital infrastructure. EXCELLENCIA: International Multi-disciplinary Journal of Education, 1(4), 348–361.
Sharma, R. K., & Verma, A. (2024). Network security strategy with VLANs and access control lists: Case studies and implementation. Information Technology and Systems, 2(1), 45–58.
Hasan, U., Dewi, S., & Firmansyah. (2022). Penerapan metode access control list pada jaringan VLAN menggunakan router Cisco. IMTechno: Journal of Industrial Management and Technology, 3(1), 37–41. https://doi.org/10.31294/imtechno.v3i1.927
Hafizhan, M., Wahyuddin, M. I., & Komalasari, R. T. (2020). Implementasi packet filtering menggunakan metode extended access control list (ACL) pada protokol EIGRP. Jurnal Media Informatika Budidarma, 4(1), 185–192. https://doi.org/10.30865/mib.v4i1.1926
Nizzero, L., Giaretta, L., Vallati, M., & Moore, A. (2023). Doomed to repeat with IPv6? Characterization of NAT-centric security in SOHO routers. ACM Computing Surveys, 56(2), 1–36. https://doi.org/10.1145/3586007
Mutter, E., & Shannigrahi, S. (2024). Science DMZ networks: How different are they really? En 2024 IEEE 49th Conference on Local Computer Networks (LCN) (pp. 1–9). IEEE. https://doi.org/10.1109/LCN60385.2024.10639626
Allison, J. (2022). Simulation-based learning via Cisco Packet Tracer to enhance the teaching of computer networks. En Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE ’22) (pp. 1–7). ACM. https://doi.org/10.1145/3502718.3524739
Purnama, I. B. I. (2020). Role of Packet Tracer in simulating server services on the client-server computer network. Journal of Physics: Conference Series, 1511, 012007. https://doi.org/10.1088/1742-6596/1511/1/012007
Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and design of information security management system based on ISO 27001:2013 using annex control (Case study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1–11.
Sembiring, A. S. (2020). Penerapan model protokol AAA (Authentication, Authorization, Accounting) pada keamanan jaringan komunikasi WAN (Wide Area Network). Jurnal Multimedia dan Teknologi Informasi, 2(1), 19–29. https://doi.org/10.54209/jatilima.v2i1.140
Descargas
Publicado
Número
Sección
Licencia
Derechos de autor 2026 EduLearn
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-SinDerivadas 4.0.
