ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER
In the advancing digital era, cyber attacks pose an increasing and concerning threat to systems and data. One common security vulnerability often exploited involves attacking servers that are poorly maintained and guarded by organizations and companies. A 2014 survey mentioned that out of 2136 co...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/85126 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:85126 |
|---|---|
| spelling |
id-itb.:851262024-08-19T15:08:23ZANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER Rizqi Sobri, Alvito Indonesia Final Project honeypot, intrusion detection system, firewall, secure shell, server, brute force, command injection INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/85126 In the advancing digital era, cyber attacks pose an increasing and concerning threat to systems and data. One common security vulnerability often exploited involves attacking servers that are poorly maintained and guarded by organizations and companies. A 2014 survey mentioned that out of 2136 companies, 1089 experienced attacks on their servers through SSH, significantly impacted by these attacks. One way to secure company servers and SSH protocols and to analyze these attacks is by implementing a honeypot, intrusion detection system, and firewall. The honeypot operates on port 22, which is useful for trapping attackers and collecting related attack data, while the intrusion detection system and firewall are used to monitor and regulate access rights on the administrator’s SSH. Testing is carried out through port scanning, brute force, and command injection. Test results show that the implementation of the intrusion detection system and firewall can block unauthorized access attempts. Meanwhile, the deployment of the honeypot recorded 32,407 login attempts from 462 different IP addresses, with 40 of those attempts successfully accessing the system. The most commonly used credentials in brute force attempts are the username 'root' and password '123456'. Successful attackers exhibit two patterns of attacks: downloading Linux DDoS Trojans and scouting routers to exploit the device for cryptomining. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
In the advancing digital era, cyber attacks pose an increasing and concerning threat
to systems and data. One common security vulnerability often exploited involves
attacking servers that are poorly maintained and guarded by organizations and
companies. A 2014 survey mentioned that out of 2136 companies, 1089 experienced
attacks on their servers through SSH, significantly impacted by these attacks. One
way to secure company servers and SSH protocols and to analyze these attacks is by
implementing a honeypot, intrusion detection system, and firewall. The honeypot
operates on port 22, which is useful for trapping attackers and collecting related
attack data, while the intrusion detection system and firewall are used to monitor and
regulate access rights on the administrator’s SSH. Testing is carried out through port
scanning, brute force, and command injection. Test results show that the
implementation of the intrusion detection system and firewall can block
unauthorized access attempts. Meanwhile, the deployment of the honeypot recorded
32,407 login attempts from 462 different IP addresses, with 40 of those attempts
successfully accessing the system. The most commonly used credentials in brute
force attempts are the username 'root' and password '123456'. Successful attackers
exhibit two patterns of attacks: downloading Linux DDoS Trojans and scouting
routers to exploit the device for cryptomining. |
| format |
Final Project |
| author |
Rizqi Sobri, Alvito |
| spellingShingle |
Rizqi Sobri, Alvito ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| author_facet |
Rizqi Sobri, Alvito |
| author_sort |
Rizqi Sobri, Alvito |
| title |
ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| title_short |
ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| title_full |
ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| title_fullStr |
ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| title_full_unstemmed |
ANALYSIS AND IMPLEMENTATION OF HONEYPOT, INTRUSIONDETECTION SYSTEM, AND FIREWALL TO DETECT CYBER ATTACKSON SECURE SHELL AND SERVER |
| title_sort |
analysis and implementation of honeypot, intrusiondetection system, and firewall to detect cyber attackson secure shell and server |
| url |
https://digilib.itb.ac.id/gdl/view/85126 |
| _version_ |
1822283035740995584 |