ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER
In the advancing digital era, cyber attacks pose an increasing and concerning threat to systems and data. One common security vulnerability often exploited involves attacking servers that are poorly maintained and guarded by organizations and companies. A 2014 survey mentioned that out of 2136 co...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/85126 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | In the advancing digital era, cyber attacks pose an increasing and concerning threat
to systems and data. One common security vulnerability often exploited involves
attacking servers that are poorly maintained and guarded by organizations and
companies. A 2014 survey mentioned that out of 2136 companies, 1089 experienced
attacks on their servers through SSH, significantly impacted by these attacks. One
way to secure company servers and SSH protocols and to analyze these attacks is by
implementing a honeypot, intrusion detection system, and firewall. The honeypot
operates on port 22, which is useful for trapping attackers and collecting related
attack data, while the intrusion detection system and firewall are used to monitor and
regulate access rights on the administrator’s SSH. Testing is carried out through port
scanning, brute force, and command injection. Test results show that the
implementation of the intrusion detection system and firewall can block
unauthorized access attempts. Meanwhile, the deployment of the honeypot recorded
32,407 login attempts from 462 different IP addresses, with 40 of those attempts
successfully accessing the system. The most commonly used credentials in brute
force attempts are the username 'root' and password '123456'. Successful attackers
exhibit two patterns of attacks: downloading Linux DDoS Trojans and scouting
routers to exploit the device for cryptomining. |
|---|