Mikrotik VPN Shielding E-Link Health Reports: Strengthening Data Security at Madiun Health Office

Advances in Information and Communication Technology have led to revolutionary changes in computer networking, especially in Indonesia, which has witnessed significant technological growth over the last four years. Despite this progress, inter-agency data exchange, particularly in governmental organizations, remains vulnerable to security risks. This study focuses on enhancing the security measures for the Electronic Health Information Report (E-Link) system at Madiun District Health Office by implementing a Virtual Private Network (VPN) using MikroTik. A multi-method approach, comprising direct observation, interviews, and literature review, was adopted for this investigation. The findings confirm that the utilization of Point-to-Point Tunneling Protocol (PPTP) via MikroTik substantially elevates the security and governs controlled access to the E-Link application. Therefore, the implementation of a VPN not only fortifies the security but also improves the accessibility of health data systems.


INTRODUCTION
In the modern era, the unprecedented growth of Information and Communication Technology (ICT) has fundamentally reshaped computer networking landscapes.Indonesia stands as a case in point, demonstrating marked improvements across key metrics in technology, information, and communication [1].Given that computer networks are now an indispensable medium for government agencies to exchange information, the demand for efficient, secure, and reliable data transmission has never been higher.
At the core of this issue is the Madiun District Health Office, which operates a web-based application to manage clinical health information reports.However, this digital convenience is not without risk.Web-based platforms are prime targets for various cyber-attacks, including but not limited to SQL Injection, Phishing, and Cross-Site Scripting (XSS) [2].One viable countermeasure to bolster cybersecurity is the deployment of Virtual Private Networks (VPNs) over public or internet frameworks.
A VPN is a specialized technology designed to create an isolated, secure network within the confines of a broader public network [3].Its main advantage lies in its exclusivity: unauthorized parties cannot access the internal Application Server.Moreover, organizations can monitor VPN activities, enhancing data confidentiality and integrity.VPNs use encryption and tunneling protocols to facilitate secure data exchanges over a public telecommunication infrastructure [4].The distinguishing factor of a VPN is not its network topology but the security mechanisms and procedures that permit specific user access [5].
This segues into the role of MikroTik RouterOS, a product by a renowned router manufacturer known for its reliability [6].MikroTik offers robust VPN solutions, employing advanced tunneling, authentication, and encryption algorithms to create secure virtual transmission channels over public networks.The VPN options available are diverse, including OpenVPN, PPTP, L2TP, and IPSec, among others.The latter three are commonly preferred for their ease of integration into existing network infrastructures [7].MikroTik routers are also lauded for their versatility, frequent updates, user-friendly interfaces, multiple access and control options, simple installation procedures, and an extensive range of features [8].
In this investigative milieu, we successfully developed and implemented VPN solutions within an organizational context to improve the efficacy and security of frequent data exchanges, primarily using MikroTik devices.Therefore, a comprehensive evaluation of IT governance is paramount to quantify the impact of these technological implementations in fulfilling organizational objectives [9].
The aim of this study is to evaluate the effectiveness of deploying MikroTik RouterOS-based VPN solutions in enhancing cybersecurity measures for the Madiun District Health Office's web-based application.Specifically, the study seeks to assess how these VPN technologies impact data transmission speed, reliability, and security, while also examining the return on investment (ROI) and alignment with organizational objectives.By conducting a multi-faceted analysis, this research aspires to provide actionable insights for government agencies to make informed decisions about network security solutions."

METHODS
This research procedure consists of five stages, as illustrated in Figure 1.Health Office of Madiun District relied on direct access to the E-Link server using a public IP address, which posed significant security risks.A site-to-site VPN using Point-to-Point Tunneling Protocol (PPTP) was proposed to enhance network security.Site-to-site VPNs are known to offer better service quality compared to networks without VPNs.This approach facilitated the protection of centralized data on the server.

Network Development
The current network scheme at the Health Office of Madiun District directly utilizes a public IP to access the E-Link server.When a device has a public IP and is connected to the internet, that device can be accessed from anywhere via the internet [11].This poses a significant and dangerous risk, as anyone can enter and access the E-Link server without any monitoring or detection from the IT team at the Health Office.It's crucial to develop a more secure network structure to enhance network security.One effective solution is implementing a Virtual Private Network (VPN) as a better security measure for the E-Link server.Only individuals with specific access or login credentials can connect to and access the E-Link server by using a VPN.Additionally, these activities can be monitored and tracked using MikroTik devices, enabling the IT team to see who is connected to or accessing the E-Link server.Bintang Agung Gumelar, Guruh Darma Setiya Putra, at all | 1197

Network Design
In the network design phase, the author proposes the development of a network with the implementation of a site-to-site VPN using the PPTP protocol.Networks that implement site-to-site VPN have better service quality than networks without VPN [12].Computer network systems facilitate protecting centralized data on the server [13].Using the site-to-site VPN method, not everyone can access the Madiun District Health Office server.Only authorized devices with the appropriate address, user credentials (username and password), and valid VPN connection can enter and access the server as if it were part of the local area network from the server. .

Figure 2. Proposed VPN Topology Diagram
The diagram shows better security than the direct use of the Public IP address to access the server.

Implementation
A

Test Results
The testing was conducted to determine whether the created VPN network functions effectively.In network testing, two stages are carried out to ensure optimal outcomes, particularly in VPN technology design: Initial Network Testing and Final Network Testing [10].

Initial Network Testing
In this stage, testing is performed by pinging the local IP address of the E-Link server (10.10.10.10) from the Puskesmas, the technical implementation unit of the District Health Office of Madiun Regency.Before the implementation of the VPN configuration, Puskesmas could not establish a connection to the local IP address of the E-Link server.Figure 7 displays the testing results using the 'ping' command to the local IP address of the E-Link server.In this initial phase, the Puskesmas cannot connect to the local IP address of the E-Link server due to the absence of a VPN configuration.However, despite this, the Puskesmas can still access the E-Link server via the server's public IP address, which can be vulnerable to cyberattacks.Figure 8 illustrates the testing results of accessing the E-Link server through its public IP address.This outcome indicates that in the initial phase, the Puskesmas can still access the E-Link server using its public IP address.Bintang Agung Gumelar, Guruh Darma Setiya Putra, at all | 1201

Final Network Testing
After the VPN configuration is implemented, Puskesmas successfully accesses the local IP address of the E-Link server securely, even if it is not within the local network of the Madiun Regency Health Office.Furthermore, the time taken to access the E-Link server has significantly increased.Figure 9 presents the network testing results of the local IP address of the E-Link server after the connection between the Puskesmas and the Madiun Regency Health Office is established through the PPTP VPN method.This display indicates that after the VPN configuration, Puskesmas can securely connect to the local IP address of the E-Link server using the PPTP method.Furthermore, the public IP address of the E-Link server, which was initially active, was disabled, rendering the server inaccessible through the Internet network.Figure 10 illustrates the view after the public IP address of the E-Link server was deactivated.This display demonstrates that once the public IP address of the E-Link server was disabled, the Puskesmas facility could not reconnect to the server E-Link through the internet network.These testing results show that the VPN configuration has successfully enhanced the security and accessibility of the E-Link server while reducing its vulnerability to attacks through its public IP address.

CONCLUSION
In summary, implementing a site-to-site VPN using the PPTP protocol at the Madiun District Health Office has yielded positive results.This VPN solution enhances the security of the E-Link server, ensuring that only authorized VPN users can access it.Network testing demonstrates that Puskesmas can access the E-Link server securely and swiftly via VPN, even outside the Madiun District Health Office's local network after configuration.

Figure 1 .
Figure 1.Research Procedures The details procedures based on Fifure 1 as follow.1. Observation and Interviews, Direct observation was conducted at the Health Office of Madiun District to understand the existing network infrastructure, its implementation, and current operations.Interviews were also worked with the IT team of the Health Office to gather detailed information about network configurations and security issues.The validity of research data was ensured through triangulation, a method of comparing data from observation, interviews, and documents to arrive at consistent conclusions.No additional data outside the scope of this research was utilized [10].2. Literature Review, A comprehensive review of relevant literature was undertaken to explore previous research related to Virtual Private Networks (VPNs) and network security.3. Network Development and Design, The initial network architecture at the Health Office of Madiun District relied on direct access to the E-Link server using a public IP address, which posed significant security risks.A site-to-site VPN using Point-to-Point Tunneling Protocol (PPTP) was proposed to enhance network security.Site-to-site VPNs are known to offer better service quality compared to networks without VPNs.This approach facilitated the protection of centralized data on the server.

Figure 3 .
Figure 3. VPN Server Configuration VPN Secret Configuration, Still, in the PPP menu, select Secret, then click the add button to create a new PPP Secret.Continue by filling in the following details: a) Name: Enter the desired Username for PPTP VPN.b) Password: Set the Password for PPTP VPN as desired.c) Service: Choose the service to be used; you can select PPTP or choose any.d) Local Address: Enter the IP address to be used by the PPTP VPN Server.e) Remote Address: Enter the IP address to be used by the PPTP VPN Client.Then click OK.

Figure 4 .
Figure 4. VPN Secret Configuration B. Setting Up Mikrotik at the Puskesmas.Configuring Dial Out PPTP, click on the PPP menu, and a PPP window will appear.Click the add (+) icon and select PPP Client.A New Interface window will appear then choose Dial Out and fill in the following details: a) Connect To: Fill in with the Public IP Address.b) Name: Enter the Username for the PPTP VPN as desired.

Figure 5 .
Figure 5. MikroTik Puskesmas Dial Out Configuration Routing Configuration, Click on the IP menu and then select Route.A Route List window will appear.Click the add (+) icon, and a Route window will appear.Fill in the Dst Address with the Server IP and fill in the Gateway with the IP Gateway from the VPN Server's Gateway IP.Then click OK.

Figure 6 .
Figure 6.Static Routing Configuration for Local E-Link Server IP

Figure 7 .
Figure 7. Testing Results of Local IP E-Link using cmd

Figure 8 .
Figure 8. Testing Results of Public IP E-Link using cmd

Figure 9 ,
Figure 9, Network Test Results of Local IP E-Link, connected via PPTP VPN

Figure 9 .
Figure 9. Network Test Results of Public IP E-Link, disconnected after disabling . Setting up MikroTik at the Madiun District Health Office