Diseño e implementación de políticas de seguridad perimetral y de acceso en infraestructura de red corporativa de tres capas

Authors

  • Víctor José Arias Valarezo Universidad Tecnica de Machala image/svg+xml Author
  • Joan Alexander Carrillo Tenesaca Universidad Tecnica de Machala image/svg+xml Author
  • John Patrick Chugchilan Castillo Universidad Tecnica de Machala image/svg+xml Author
  • Jonathan Joseph Chalco Berrezueta Universidad Tecnica de Machala image/svg+xml Author
  • Israel Stalin Cajamarca González Universidad Tecnica de Machala image/svg+xml Author
  • Anthony Andrés Merchan Dota Universidad Tecnica de Machala image/svg+xml Author

DOI:

https://doi.org/10.64973/6tmzr113

Keywords:

Seguridad de redes, VLAN, control de acceso, DMZ, Cisco Packet Tracer, Zero Trust

Abstract

El presente estudio tiene como objetivo diseñar e implementar un conjunto integral de políticas de seguridad perimetral y de control de acceso en una red corporativa basada en una arquitectura jerárquica de tres capas (núcleo, distribución y acceso). La investigación se desarrolló bajo un enfoque aplicado y experimental, utilizando el simulador Cisco Packet Tracer para modelar una infraestructura realista que integra segmentación mediante VLAN, control de tráfico inter-VLAN mediante listas de control de acceso (ACL), mecanismos de seguridad de capa 2 como Port-Security, DHCP Snooping y Dynamic ARP Inspection, así como la implementación de una zona desmilitarizada (DMZ) y alta disponibilidad mediante HSRP. Los resultados obtenidos evidencian que la segmentación lógica permitió aislar dominios de seguridad y reducir la propagación de amenazas, mientras que las políticas de control de acceso limitaron el tráfico únicamente a los flujos autorizados. Asimismo, los mecanismos de capa 2 demostraron ser efectivos para mitigar ataques internos como DHCP rogue y ARP spoofing, y la arquitectura perimetral logró exponer servicios públicos de forma controlada sin comprometer la red interna. Se concluye que la integración de estos mecanismos dentro de una arquitectura coherente permite fortalecer significativamente la seguridad de redes corporativas, garantizando la continuidad operativa, reduciendo la superficie de ataque y alineándose con principios de defensa en profundidad y control de acceso basado en mínima confianza.

References

Guerrero, J. L. P. (2024). Seguridad en redes LAN: La protección de datos hasta la prevención de intrusiones. Journal TechInnovation, 3(1), 4–14. https://revistas.unesum.edu.ec/JTI/index.php/JTI/article/download/67/116

Paredes-Beltrán, D. F., & Illescas-Peña, J. F. (2022). Política de seguridad para acceso a la red LAN de la Universidad de Cuenca. Dominio de las Ciencias, 8(2), 139–164. https://dialnet.unirioja.es/descarga/articulo/8383429.pdf

Nyakomitta, P. S., & Abeka, S. O. (2020). Security investigation on remote access methods of virtual private network. Global Journal of Computer Science and Technology: E-Network, Web & Security, 20(1), 27–35. https://computerresearch.org/index.php/computer/article/view/1919

Mhaskar, N., Alabbad, M., & Khedri, R. (2021). A formal approach to network segmentation. Computers & Security, 103, 102162. https://doi.org/10.1016/j.cose.2020.102162

Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595. https://doi.org/10.3390/e25121595

Bobbert, Y., & Scheerder, J. (2020). Zero trust validation: From practical approaches to theory. Scientific Journal of Research and Reviews, 2(5), 1–13. https://irispublishers.com/sjrr/pdf/SJRR.MS.ID.000546.pdf

Chicaiza Puedmag, C. A. (2021). Simulación de una red empresarial mediante la herramienta Cisco Packet Tracer. Revista ODIGOS, 2(3), 99–117. https://revista.uisrael.edu.ec/index.php/ro/article/view/495/430

ElShafee, A., & El-Shafai, W. (2022). Design and analysis of data link impersonation attack for wired LAN application layer services. Journal of Ambient Intelligence and Humanized Computing, 14, 13465–13488. https://doi.org/10.1007/s12652-022-03800-5

Moreira Santos, M. G., & Alcívar Marcillo, P. A. (2017). Security in the data link layer of the OSI model on LANs wired Cisco. Journal of Science and Research: Revista Ciencia e Investigación, 3(CITT2017), 106–112. https://dialnet.unirioja.es/descarga/articulo/7349975.pdf

Sullivan, S., Brighente, A., Kumar, S. A. P., & Conti, M. (2021). 5G security challenges and solutions: A review by OSI layers. IEEE Access, 9, 116295–116313. https://doi.org/10.1109/ACCESS.2021.3105896

El Kafhali, S., El Mir, I., & Hanini, M. (2021). Security threats, defense mechanisms, challenges, and future directions in cloud computing. Archives of Computational Methods in Engineering, 29(3), 1731–1765. https://doi.org/10.1007/s11831-021-09573-y

Abdelrahman, A. M., Rodrigues, J. J. P. C., Mahmoud, M. M. E., Saleem, K., Das, A. K., Korotaev, V., & Kozlov, S. A. (2020). Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions. International Journal of Communication Systems, 33(18), e4706. https://doi.org/10.1002/dac.4706

He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 2022, Article 6476274. https://doi.org/10.1155/2022/6476274

Putra, F. P. E., Ubaidi, U., Tamam, A. B., & Efendi, R. W. (2024). Implementation and simulation of dynamic ARP inspection in Cisco Packet Tracer for network security. Brilliance: Research of Artificial Intelligence, 4(1), 340–347. https://doi.org/10.47709/brilliance.v4i1.4199

Adjei, H. A. S., Shunhua, T., Agordzo, G. K., Li, Y., Peprah, G., & Gyarteng, E. S. A. (2021). SSL stripping technique (DHCP snooping and ARP spoofing inspection). En 2021 23rd International Conference on Advanced Communication Technology (ICACT) (pp. 187–193). IEEE. https://doi.org/10.23919/ICACT51234.2021.9370460

Saputra, B. R., & Chandra, D. W. (2022). Simulasi keamanan jaringan dengan metode DHCP snooping dan VLAN menggunakan Cisco. Jurnal Teknik Informatika dan Sistem Informasi, 9(4), 3481–3488. https://jurnal.mdp.ac.id/index.php/jatisi/article/download/2730/1056

Pradana, D. A., & Budiman, A. S. (2020). The DHCP snooping and DHCP alert method in securing DHCP server from DHCP rogue attack. International Journal on Informatics for Development, 10(1), 38–46. https://doi.org/10.14421/ijid.2021.2287

Purnomo, A. (2024). Implementation of DHCP snooping method to improve security on computer networks. Journal Bit-Tech, 6(3), 311–318. https://doi.org/10.32877/bt.v6i3.1174

Tuli, R. (2020). Packet sniffing and sniffing detection. International Journal of Innovations in Engineering and Technology, 16(1), 22–32. https://ijiet.com/wp-content/uploads/2020/05/4.pdf

El-Taj, H., & Miralam, L. (2024). Network sniffing and its consequences: A comprehensive survey. International Journal of Computer Science and Information Security, 22(3), 1–15. https://doi.org/10.5281/zenodo.12750103

Marín Valencia, J. J., Patiño Valencia, A., & Acevedo Bedoya, J. C. (2020). Implementación de un sistema de seguridad perimetral informático usando VPN, firewall e IDS. Revista Universidad Católica de Oriente, 31(45), 84–99. https://revistas.uco.edu.co/index.php/uco/article/view/284/370

Ma, Z. (2023). The investigation of communications protocol. En Proceedings of the 2023 International Conference on Data Science, Advanced Algorithm and Intelligent Computing (DAI 2023) (pp. 577–582).

Satria, A., & Ramadhani, F. (2023). Keamanan jaringan komputer menggunakan switch port security pada Cisco Packet Tracer. Sudo Jurnal Teknik Informatika, 2(2), 52–60. https://jurnal.ilmubersama.com/index.php/sudo/article/download/260/182

Nurfaishal, M. D., & Akbar, Y. (2024). Analisis efektivitas keamanan jaringan layer 2: Port security, VLAN hopping, DHCP snooping. Jurnal Indonesia: Manajemen Informatika dan Komunikasi, 5(3), 3278–3287. https://journal.stmiki.ac.id/index.php/jimik/article/download/975/797

Indrianingsih, Y., Wintolo, H., & Saputri, E. Y. (2021). Spanning tree protocol (STP) based computer network performance analysis on BPDU config attacks and take over root bridge using the linear regression method. Jurnal Online Informatika, 6(2), 155–162. https://join.if.uinsgd.ac.id/index.php/join/article/download/703/200

Ubaidillah, A., Joni, K., Bachtiar, M. I., & Kholida, S. I. (2021). Enhancement of computer network performance with VLAN. En E3S Web of Conferences (Vol. 328, Article 02004). https://doi.org/10.1051/e3sconf/202132802004

Hossain, M. A., Miah, H., Ahmed, R., & Anower, S. (2023). Secure inter-VLAN routing in multi branches office network. International Journal of Communication and Information Technology, 4(2), 1–11. https://doi.org/10.33545/2707661X.2023.v4.i2a.65

Al-Ofeishat, H. A., & Alshorman, R. (2024). Build a secure network using segmentation and micro-segmentation techniques. International Journal of Computing and Digital Systems, 16(1), 1499–1508.

Ahmad, I., Ashraf, J., & Nasir, A. R. (2020). Design and implementation of network security using inter-VLAN-routing and DHCP. Asian Journal of Applied Science and Technology, 4(3), 37–44. https://doi.org/10.38177/ajast.2020.4306

Luiselli, V., & Volpi, J. (2023). Strengthening network security: Best practices to protect your digital infrastructure. EXCELLENCIA: International Multi-disciplinary Journal of Education, 1(4), 348–361.

Sharma, R. K., & Verma, A. (2024). Network security strategy with VLANs and access control lists: Case studies and implementation. Information Technology and Systems, 2(1), 45–58.

Hasan, U., Dewi, S., & Firmansyah. (2022). Penerapan metode access control list pada jaringan VLAN menggunakan router Cisco. IMTechno: Journal of Industrial Management and Technology, 3(1), 37–41. https://doi.org/10.31294/imtechno.v3i1.927

Hafizhan, M., Wahyuddin, M. I., & Komalasari, R. T. (2020). Implementasi packet filtering menggunakan metode extended access control list (ACL) pada protokol EIGRP. Jurnal Media Informatika Budidarma, 4(1), 185–192. https://doi.org/10.30865/mib.v4i1.1926

Nizzero, L., Giaretta, L., Vallati, M., & Moore, A. (2023). Doomed to repeat with IPv6? Characterization of NAT-centric security in SOHO routers. ACM Computing Surveys, 56(2), 1–36. https://doi.org/10.1145/3586007

Mutter, E., & Shannigrahi, S. (2024). Science DMZ networks: How different are they really? En 2024 IEEE 49th Conference on Local Computer Networks (LCN) (pp. 1–9). IEEE. https://doi.org/10.1109/LCN60385.2024.10639626

Allison, J. (2022). Simulation-based learning via Cisco Packet Tracer to enhance the teaching of computer networks. En Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE ’22) (pp. 1–7). ACM. https://doi.org/10.1145/3502718.3524739

Purnama, I. B. I. (2020). Role of Packet Tracer in simulating server services on the client-server computer network. Journal of Physics: Conference Series, 1511, 012007. https://doi.org/10.1088/1742-6596/1511/1/012007

Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and design of information security management system based on ISO 27001:2013 using annex control (Case study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1–11.

Sembiring, A. S. (2020). Penerapan model protokol AAA (Authentication, Authorization, Accounting) pada keamanan jaringan komunikasi WAN (Wide Area Network). Jurnal Multimedia dan Teknologi Informasi, 2(1), 19–29. https://doi.org/10.54209/jatilima.v2i1.140

Downloads

Published

2026-05-01

Issue

Vol. 1 No. 1 (2026): Enero - Marzo

Section

Artículos de Tecnologías de la Información y Comunicaciones

License

Copyright (c) 2026 EduLearn

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite

Arias Valarezo, V. J., Carrillo Tenesaca, J. A., Chugchilan Castillo, J. P., Chalco Berrezueta, J. J., Cajamarca González, I. S., & Merchan Dota, A. A. (2026). Diseño e implementación de políticas de seguridad perimetral y de acceso en infraestructura de red corporativa de tres capas. EduLearn, 1(1), 113-147. https://doi.org/10.64973/6tmzr113