Implementasi honeypot cowrie untuk meningkatkan sistem keamanan server berbasis web monitoring dengan notifikasi menggunakan telegram
Total View This Week0
Total View This Week0
Institusion
Institut Teknologi Telkom Purwokerto
Author
Achmad, Faisal
Subject
T Technology (General)
Datestamp
2021-04-21 06:19:30
Abstract :
security needs attention from the administrator to detect and prevent cyber attacks. Attackers attack port 22 (SSH) on the network can be either bruteforce attacks. To increase security on the server can be done by using the Intrusion Prevention System (IPS) software as a mitigation if there is an attack on the SSH port on the server. Intrusion Prevention System by using Cowrie in this case can detect and mitigate so that the original SSH port cannot be Accessed by random parties and unknown parties are transferred access to the SSH port and the fake system. The information aspect of the attacker can be recorded by Cowrie. This system is integrated with IPTables to distinguish the ip that is allowed access to the server and the ip that is denied access to the original server, as well as the use of the Telegram application to get a notification every time an unknown party tries to access the server. Administrators can monitor the server in real time using Splunk. The test was carried out using 1 unit of PC as a server integrated with Honeypot Cowrie, then with 4 units of PC using the Ncrack brute force method. Performance testing is carried out to determine the condition of the system by measuring Quality of Service testing. The study found an average throughput of 234.44 KBps, an average delay of 11.27 ms, an average value of jitter of 9.13 ms and packet loss of 0.61%. The accuracy rate of Splunk in recording attacker information without Telegram is 97.4% and using Telegram is 95.74%. Keywords: Honeypot Cowrie, Intrusion Prevention System, , Telegram, Splunk, Quality of Services.
security needs attention from the administrator to detect and prevent cyber attacks. Attackers attack port 22 (SSH) on the network can be either bruteforce attacks. To increase security on the server can be done by using the Intrusion Prevention System (IPS) software as a mitigation if there is an attack on the SSH port on the server. Intrusion Prevention System by using Cowrie in this case can detect and mitigate so that the original SSH port cannot be Accessed by random parties and unknown parties are transferred access to the SSH port and the fake system. The information aspect of the attacker can be recorded by Cowrie. This system is integrated with IPTables to distinguish the ip that is allowed access to the server and the ip that is denied access to the original server, as well as the use of the Telegram application to get a notification every time an unknown party tries to access the server. Administrators can monitor the server in real time using Splunk. The test was carried out using 1 unit of PC as a server integrated with Honeypot Cowrie, then with 4 units of PC using the Ncrack brute force method. Performance testing is carried out to determine the condition of the system by measuring Quality of Service testing. The study found an average throughput of 234.44 KBps, an average delay of 11.27 ms, an average value of jitter of 9.13 ms and packet loss of 0.61%. The accuracy rate of Splunk in recording attacker information without Telegram is 97.4% and using Telegram is 95.74%. Keywords: Honeypot Cowrie, Intrusion Prevention System, , Telegram, Splunk, Quality of Services.
Download
book
BibTex
Latex, Jabref
cloud_download
Original Resource
url resource Institution
