Evaluation of Data Exposure Risks on Unencrypted Application Layer Protocols in RT/RW Net "X" Community Network Using NIST SP 800-86 Framework

Reza Febriana; Muhammad Sidik Asyaky

doi:10.47709/cnahpc.v8i2.8014

Authors

Reza Febriana Universitas Siliwangi
Muhammad Sidik Asyaky Universitas Siliwangi

DOI:

https://doi.org/10.47709/cnahpc.v8i2.8014

Keywords:

Network;, http, NIST, Protocol, Traffic

Abstract

Security vulnerabilities in community-based networks, such as RT/RW Net, remain a critical concern due to the widespread use of unencrypted protocols. This study presents a quantitative evaluation of data exposure risks in application-layer protocols, focusing on HTTP traffic in local community networks. Using a network forensics approach based on the NIST SP 800-86 framework, traffic was captured and analyzed to measure the frequency and magnitude of sensitive data leaks using automated tools for network traffic analysis. The study quantified exposure across four key indicators: user credentials, session tokens, cookies, and personal information. The results indicated a high level of exposure, with analyzed HTTP packets successfully revealing sensitive data in plaintext, including usernames and passwords. Furthermore, statistical analysis of communication patterns identified significant opportunities for eavesdropping and session hijacking due to the lack of encryption standards. This evaluation provides empirical evidence of critical security gaps in RT/RW Net infrastructure and emphasizes the urgent need to transition to encrypted protocols (HTTPS). The findings provide a quantifiable risk assessment that can serve as a basis for implementing mitigation strategies in community-scale network management.

Downloads

Download data is not yet available.

References

Al Manshury, M. S. (2023). Penggunaan Software Wireshark untuk Monitoring dan Troubleshooting pada Komunikasi Client Server IEC 61850. ELECTRON Jurnal Ilmiah Teknik Elektro, 4(2), 62–69.

Arief, A. R. W., Wisnu, M. W. H., Yanti, H. A., & Fauzi, A. F. Z. (2025). Analisis Vulnerabilitas HTTP pada Jaringan Publik Menggunakan Wireshark. Journal of Informatics and Communication Technology (JICT), 7(1), 198–209.

Basile, C., & Lioy, A. (2015). Analysis of Application-Layer Filtering Policies With Application to HTTP. IEEE/ACM Transactions on Networking, 23(1), 28–41. https://doi.org/10.1109/TNET.2013.2293625

Danang, D., & Setiawan, K. (2022). Pengaturan Billing Hotspot Pada Sistem Jaringan Rt/Rw Net Dengan Mikrotik Router Os. Januari, 1(1).

Dodiya, B., & Singh, U. K. (2022). Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise. International Journal of Computer Applications, 183(53), 1–6. https://doi.org/10.5120/ijca2022921876

Februariyanti, H. (2008). Internert Murah dengan Membangun Jaringan RT-RW Net. Jurnal Teknologi Informasi DINAMIK, xlll(2), 98–114.

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to Integrating Forensic Techniques into Incident Response. The National Institute of Standards and Technology.

Khaerullah, S. M., & Mustofa, D. (2024). Penggunaan Wireshark Dalam Penyadapan Lalu Lintas Data Berprotokol Http Pada Jaringan Wi-Fi. Jurnal Ilmiah IT CIDA, 10(1), 19. https://doi.org/10.55635/jic.v10i1.203

Krasser, S., Conti, G., Grizzard, J., Gribschaw, J., & Owen, H. (2005). Real-time and forensic network data analysis using animated and coordinated visualization. Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, 42–49. https://doi.org/10.1109/IAW.2005.1495932

Kusuma, M. R., & Hasan, M. Z. (2025). Strengthening Security in RT/RW Community Networks: A Case Study on Router Default Configuration Vulnerabilities in Indonesia. JOISTECH: Journal of Information System and Technology, 2(2), 46–52.

Mukhti, D. A., Fitriana, Y. B., Yuwono, D. T., & W., Y. (2025). Analisis Kinerja Layanan RT/RW.NET Robby Media Berbasis Hotspot Menggunakan Metode Quality of Service. Digital Transformation Technology, 5(1), 23–32. https://doi.org/10.47709/digitech.v5i1.5549

OWASP Foundation. (2021). OWASP Top 10:2021 – A02:2021 – Cryptographic Failures. https://owasp.org/Top10/A02_2021-Cryptographic_Failures/

Patil, R. Y., & Devane, S. R. (2022). Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime. Journal of King Saud University - Computer and Information Sciences, 34(5), 2031–2044. https://doi.org/https://doi.org/10.1016/j.jksuci.2019.11.016

Rawat, R., Chakrawarti, R. K., Raj, A. S. A., Mani, G., Chidambarathanu, K., & Bhardwaj, R. (2023). Association rule learning for threat analysis using traffic analysis and packet filtering approach. International Journal of Information Technology, 15(6), 3245–3255. https://doi.org/10.1007/s41870-023-01353-0

Sushmita Biya, & Renuka Uday Kotwal. (2023). The OSI Model: Overview of All Seven Layers of Computer Networks. International Journal of Advanced Research in Science, Communication and Technology, 4(3), 427–432. https://doi.org/10.48175/ijarsct-13064

Wicaksana, A. R., Haryanto, M. W., Yanti, H. A., & Zayandra, A. F. (2025). Analisis Vulnerabilitas HTTP pada Jaringan Publik Menggunakan Wireshark. Journal of Informatics and Communications Technology (JICT), 7(1), 198–209. https://ejournal.akademitelkom.ac.id/j_ict/index.php/j_ict/article/view/451