Implementation of DHCP Snooping Method to Improve Security on Computer Networks

This research proposes the DHCP Snooping method which is used to increase security on computer networks because Dynamic Host Configuration Protocol (DHCP) is a potential target for computer network attacks, one of the attack gaps that can occur in DHCP is the DHCP Rogue attack which is the simplest hacking method in which the attacker creates a fake DHCP connected to the core network allowing the hacker to set up a fake DHCP Server with full access to distribute IP addresses to clients. To address security gaps in computer networks in this research, researchers applied the DHCP Snooping method, which is a series of techniques to improve DHCP network security. When the DHCP server allocates IP addresses to clients on the LAN, DHCP Snooping can be configured on the LAN switch to allow only clients with certain IP and MAC addresses to have access to the network. By implementing the DHCP Snooping method you can increase security on computer networks where DHCP Snooping can distinguish which ports can be trusted (Trusted Port) and which ports cannot be trusted (Untrusted Port) so that the security of data and information in the computer network is maintained properly. Based on the results of this


I. INTRODUCTION
The development of information technology is currently growing very rapidly, marked by the existence of various types of computers that are connected to each other so that they can provide convenience for users.Every computer definitely needs a computer network which has become a critical infrastructure that supports communication and information exchange throughout the world.The rapid growth in use of Computer Networks, including increases in the number of connected devices and the volume of data transmitted, has encouraged ongoing research in various aspects of computer networks.
A computer network is a collection of devices connected to each other, allowing users to exchange information in the form of sound, video, images and Internet connections [2].According to APJII (Association of Indonesian Internet Service Providers), in 2023 the number of Indonesian people connected to the internet will reach 215.62 million people out of a total population of 275.77 million Indonesians, meaning that 78.19% of Indonesia's population is connected to the internet.In recent years, computer networks have become an important component in various fields, including business, education, health, and communications.The rapid growth of information and communication technology has encouraged the development and use of increasingly complex computer networks.
Computer networks are very important for an agency because they really support the process of exchanging information and communication.In this process, of course you need a network service to get an Internet Protocol (IP) Address.Handling IP addresses will waste a lot of time and energy because you have to configure them one by one, therefore we need a technology that can distribute IP addresses to users automatically.The technology that can support automatic IP address sharing is Dynamic Host Configuration Protocol (DHCP) [2].The DHCP IP provided is a Dynamic IP, whereas if the IP is assigned manually it is called a Static IP [15].
However, DHCP is a potential target for network attacks, one of the attack gaps that can occur on a DHCP server is a DHCP Rogue attack which is the simplest hacking method where the attacker creates a fake DHCP that is connected to the core network, allowing the hacker to set up a fake DHCP Server with access.full to distribute IP addresses to clients, and not just IP Addresses, the attacker also replaces the original Gateway IP and Domain Name Server (DNS) IP with a Gateway IP and DNS IP that he created himself to then distribute to clients who make IP Address requests to DHCP Server [1].
Therefore, there is a need to increase network security to prevent attacks on computer networks because the main goal of computer network security is to protect information on the network.According to (Lede et al, 2022) if a client gets a DNS IP from a fake DHCP, the attacker can carry out an attack called phishing by sending a fake website, so that the client's computer fills in real data, then the data entered will be recorded for use by the attacker.Internet access on the network often experiences difficulties caused by attacks on servers run by unauthorized users due to poor network security.
Researchers want to use the DHCP Snooping technique on LAN switches in this study to address security flaws in computer networks and enhance network security.A set of methods called "DHCP Snooping" is used to increase the security of DHCP networks.DHCP snooping can be set up on the LAN switches to restrict network access to clients with specific IP and MAC addresses when the DHCP Server assigns IP addresses to LAN clients.IP addresses and their related MAC addresses are recorded in a switch database through DHCP snooping [8].
Researchers hope that the application of the DHCP Snooping method can improve security on computer networks where DHCP Snooping can distinguish which ports can be trusted (Trusted Port) and which ports cannot be trusted (Untrusted Port) so that the security of data and information in computer networks is maintained properly.

II. RELATED WORKS/LITERATURE REVIEW
A service called Dynamic Host Configuration Protocol (DHCP) gives a computer or client that requests one an IP address automatically.A DHCP Server is a computer that distributes IP addresses, and a DHCP Client is a computer that requests IP addresses.In this manner, network managers can configure TCP/IP by just providing a reference to the DHCP Server instead of manually providing IP addresses [4].
DHCP snooping is a term used to describe a collection of methods used in computer networking to increase a DHCP network's security.DHCP snooping can be set up on the LAN switches to restrict network access to clients with particular IP and MAC addresses when a DHCP server assigns IP addresses to clients on a LAN.In Layer 2 switched domains, IP integrity can be guaranteed using DHCP snooping.[6].DHCP Snooping works like a firewall where its main function and task is to distinguish between trusted IP sources and untrusted sources [11].
A layer 2 security mechanism called DHCP Snooping can stop rogue DHCP servers from giving clients on the network harmful information.When DHCP Snooping is used at every network layer, it can be a very helpful tool for safeguarding sensitive data and preventing assaults on the network architecture.In order to control access to IP addresses that have been registered on the router and stop attackers from accessing or entering the network, DHCP Snooping is primarily used.More generally, ARP Man in the Middle attacks, DHCP packet flooding attacks, IP/MAC spoofing attacks, and unauthorized DHCP server assaults can all be avoided with DHCP snooping [10].DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients.TCP/IP configuration settings include Default Gateway and DNS Server IP addresses [14].
Unlike LANs, which are restricted to a certain physical location, VLANs allow for virtual network configuration, independent of a device's physical location.By using VLANs, the network configuration can be divided into departments or organizations rather than relying just on the workstation's location [16].
Cisco Packet Tracer is an application produced by the San Francisco, California-based Cisco company.Cisco was founded in 1984.Cisco Packet Tracer is a simulation tool for learning computer networks, especially those related to Cisco products.With the Cisco Packet Tracer tool, simulated network data can be used to provide information about the connection status of a machine in a network in the event that an issue with the connections occurs [9].
There are various kinds of threats to the network security of an institution which can result in the loss of valuable information held by the institution.The following are several threats to network security according to [4].
Interruption It is a threat to the availability of information, the data in the computer system is damaged or deleted so that if the data or information is needed, the owner will have difficulty accessing it, the information may even be lost.An example is damage/modification to hardware or network channels.
Interception it is a threat to confidentiality.Information is intercepted so that unauthorized people can access the computer where the information is stored.An example is tapping data on a network.
Modifications it is a threat to integrity.An unsuccessful person intercepts the information traffic that is being sent and then changes it according to that person's wishes.Examples include changing values in data files, modifying programs so that they run incorrectly, and modifying messages that are being transmitted on a network.
Fabrication it is a threat to integrity.Unauthorized people succeed in imitating or falsifying information so that the person receiving the information thinks that the information comes from the person the recipient of the information wants.An example is sending fake messages to other people.

III. METHODS
Research requires clear, orderly and systematic stages, so that the research can be achieved in accordance with its objectives.

Identify the Problem
In the initial stage, it begins with determining the topic of discussion by looking for problems that occur in the surrounding area and that can be solved using methods that have been studied in computer science.After determining the topic to be researched, the background to the problem needs to be identified and stated in the problem formulation.Carrying out this stage aims to ensure that this research focuses on the main problem only.At this stage, the objectives and benefits obtained from the results of this research will also be explained.

Literature Study
Literature study, which is carried out by looking for theoretical references, previous research and methodology that are relevant to the case or problem found.

Topology Design
Topology Design functions to get an idea of how devices on a computer network are connected to each other.Topology design uses Cisco packet tracer, the topology design used in this research can be seen in Figure 1.

Configure Switch and Router Devices
In the topology design which can be seen in Figure 3, the Switch will be configured with VLAN without DHCP Snooping and the Router will be configured with a DHCP Server to provide IP to the PC and Server.

Configure DHCP Snooping
After carrying out the basic configuration, the next step will be to configure DHCP Snooping on the Switch.

DHCP Snooping Testing
After DHCP Snooping has been configured, the next step will be to test whether the PC and server can still get IP distribution from DHCP Server -Untrusted.
From the topology design which can be seen in Figure 1, each device will have an IP address configured, along with the distribution of IP addresses which can be seen in Table 1.After configuring the DHCP Server on FastEthernet port 0/0, a test will be carried out on PC0 to see whether it is successful in getting a DHCP IP originating from the Trusted Router which can be seen above.If the result of pinging the gateway is a reply, then the test is successful, which can be seen in Figure 3.After configuring the DHCP Server on FastEthernet port 0/1, a test will be carried out on Server0 to see whether it is successful in getting the IP Address 192.168.2.2 which comes from the Router -Trusted which can be seen in figure 4.After testing the DHCP Server on the Server, it gets the IP Address 192.168.2.2, then after getting the IP Address, then carry out the test by pinging the gateway 192.168.2.1.If the result of pinging the gateway is a reply then the test is successful which can be seen in Figure 5.After configuring DHCP Server False on FastEthernet port 0/0, a test will be carried out on PC0 to see whether it is successful in getting the IP Address 192.168.10.2 which comes from the Router -untrusted which can be seen above.Can be seen in table 2, PC0 initially got the IP DHCP from the trusted router after configuring the untrusted router for the dhcp server, PC0 got the IP address from the untrusted router which PC0 should have gotten the DHCP IP from the trusted router

V. DISCUSSION
In the configuration below, it is used to determine that the FastEthenet 0/0 port and FastEtheher 0/1 port on switch 0 are trusted ports, where the path passed by FastEthernet 0/1 and FastEthernet 0/2 is a trusted interface that can provide IP DHCP and FastEtehernet 0/3 cannot provide IP DHCP which can be seen in figure 7. Next, we carried out another test on PC0 which previously got a DHCP IP from the untrusted router which can be seen in Table 3.After configuring DHCP Snooping, PC0 currently only gets IP addresses from ports that have been declared Trusted, namely FastEthernet 0/1 and FastEthernet ports.0/2 which can be seen in Figure 8 that PC0's DHCP IP comes from Router-Trusted.Trusted port which can be seen in Figure 7.After configuring DHCP Snooping, testing is carried out on PC0 which can be seen in table 2, before configuring DHCP Snooping PC0 can still get the IP Address from the Router-Untrusted , while PC0 should only get the IP Address from the Router-Trusted.However, after DHCP Snooping configuration which can be seen in table 3, PC0 has received an IP Address from Router-Trusted.DHCP Snooping on layer 2 switches in the future can still be further developed and the DHCP Snooping method applied to strengthen the security of layer 2 switches.

Fig 2 .
Fig 2. PC0 Server DHCP Testing After testing the DHCP Server on PC0, it gets the IP Address 192.168.1.2,then after getting the IP Address, then carry out the test by pinging the gateway 192.168.1.1.If the result of pinging the gateway is a reply, then the test is successful, which can be seen in Figure 3.

Fig 5 .
Fig 5. Server0 Connection Testing to the gateway B. DHCP Server Router Configuration -Untrusted Configure router-untrusted on FastEthernet port 0/0 with Network IP 192.168.10.0 & Gateway IP 192.168.10.1, which will later be used to carry out DHCP Snooping testing to see whether it can detect giving fake IP addresses to PCs 0,1 and 2 with IP range 192.168 .10.2 -192.168.10.254 which can be seen below.

Fig 8 .
Fig 8.DHCP Snooping Testing on PC0 VI.CONCLUSIONS Based on the tests carried out in chapter IV, it can be concluded that DHCP Snooping can improve computer network security by distinguishing Trusted ports and Untrusted Ports which have been determined in the switch configuration port FastEthernet 0/1 and port FastEthernet 0/2 as Trusted port and port FastEthernet 0/3 as NotTrusted port which can be seen in Figure7.After configuring DHCP Snooping, testing is carried out on PC0 which can be seen in table 2, before configuring DHCP Snooping PC0 can still get the IP Address from the Router-Untrusted , while PC0 should only get the IP Address from the Router-Trusted.However, after DHCP Snooping configuration which can be seen in table3, PC0 has received an IP Address from Router-Trusted.DHCP Snooping on layer 2 switches in the future can still be further developed and the DHCP Snooping method applied to strengthen the security of layer 2 switches.