Apache web server security with security hardening
Article Sidebar
Main Article Content
Abstract
With the internet network, we can quickly get information very quickly. The information we get is not changed by people not authorized to access the system or platform. Apache is a web server often used to connect users with websites where the information is located. The more users there are, the more crimes there will be when attacking the web server by irresponsible people. Due to limited time for web administrators, to improve the security of the Apache web server, an intrusion detection system is needed that can help monitor network traffic and detect the type of attack that is occurring and then forward the notification to the mobile application in real-time, because attacks can occur at any time. Intrusion Detection is one implementation of the security hardening method for the software hardening category. The results of this research will be that the system will detect intrusion attempts based on the rules created, and users will receive notifications to the Telegram application and can see details of incoming reports such as the attacker's I.P. address, description of the intrusion, name of the security hole, time of intrusion, and payload used.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
Zen Munawar, and Novianti Indah Putri, “Keamanan Jaringan Komputer Pada Era Big Data,” J-SIKA|Jurnal Sist. Inf. Karya Anak Bangsa, vol. 2, no. 01 SE-Articles, pp. 14–20, Jul. 2020, [Online]. Available: https://ejournal.unibba.ac.id/index.php/j-sika/article/view/275
B. Fachri and F. H. Harahap, “Simulasi Penggunaan Intrusion Detection System (IDS) Sebagai Keamanan Jaringan dan Komputer,” J. MEDIA Inform. BUDIDARMA, vol. 4, no. 2, p. 413, Apr. 2020, doi: 10.30865/mib.v4i2.2037.
M. Zeeshan, S. U. Nisa, T. Majeed, N. Nasir, and S. Anayat, “Vulnerability Assessment and Penetration Testing: A proactive approach towards Network and Information Security,” Int. J. Digit. Inf. Wirel. Commun., pp. 124–142, 2017.
R. Sahtyawan, “PENERAPAN ZERO ENTRY HACKING DIDALAM SECURITY MISCONFIGURATION PADA VAPT (VULNERABILITY ASSESSMENT AND PENETRATION TESTING),” J. Inf. Syst. Manag., vol. 1, no. 1, pp. 18–22, Jul. 2019, doi: 10.24076/JOISM.2019v1i1.18.
NIST, “Cybersecurity Framework (CSF) 2.0,” NIST, 2023.
M. Antunes, M. Maximiano, R. Gomes, and D. Pinto, “Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal,” J. Cybersecurity Priv., vol. 1, no. 2, pp. 219–238, Apr. 2021, doi: 10.3390/jcp1020012.
G. F. Laurensius, “Security Hardening dengan Cloud Web Service untuk Pengamanan Website Berbasis Wordpress,” Universitas Dian Nuswantoro, 2016.
A. Jacobus, “Sistem Deteksi Intrusi Jaringan Dengan Metode Support Vector Machine,” Universitas Gadjah Mada, 2013.
Netcraft, “June 2021 Web Server Survey,” Netcraft, 2021. https://www.netcraft.com/blog/june-2021-web-server-survey/ (accessed Jul. 02, 2021).
Apache, “Apache HTTP Server 2.4 vulnerabilities,” Apache, 2021. https://httpd.apache.org/security/vulnerabilities_24.html (accessed Oct. 28, 2021).
Adam Dwi Ralianto and S. Cahyono, “Perbandingan Nilai Akurasi Snort dan Suricata dalam Mendeteksi Intrusi Lalu Lintas di Jaringan,” Info Kripto, vol. 15, no. 2, pp. 69–75, Aug. 2021, doi: 10.56706/ik.v15i2.10.
Nazwita and S. Ramadhani, “Analisis Sistem Keamanan Web Server Dan Database Server Menggunakan Suricata,” in Seminar Nasional Teknologi Informasi, Komunikasi dan Industri, 2017, pp. 308–317.
Z. R. Alashhab, M. Anbar, S. D. A. Rihan, B. A. Alabsi, and K. Ateeq, “Enhancing Cloud Computing Analysis: A CCE-Based HTTP-GET Log Dataset,” Appl. Sci., vol. 13, no. 16, p. 9086, Aug. 2023, doi: 10.3390/app13169086.
O. Yevsieieva and S. M. Helalat, “Analysis of the impact of the slow HTTP DOS and DDOS attacks on the cloud environment,” in 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), 2017, pp. 519–523. doi: 10.1109/INFOCOMMST.2017.8246453.
M. A. Fauzi, A. T. Hanuranto, and C. Setianingsih, “Sistem Deteksi Intrusi Menggunakan Algoritma Genetik Pada Serangan Dos Di Protokol Tcp Dan Udp,” eProceedings Eng., vol. 6, no. 2, p. 4800, 2019.
Y. Abdullah, J. Triyono, and U. Lestari, “PENGARUH PENEMPATAN SNORT TERHADAP KEAMANAN JARINGAN (STUDI KASUS LABORATORIUM VI JARINGAN KAMPUS 3 IST AKPRIND YOGYAKARTA),” J. Jarkom, vol. 8, no. 1, 2020.
F. Nuraeni and I. Nurfajri, “Notifikasi Network Intrusion Detection System Menggunakan Media Aplikasi Telegram (Studi Kasus: Kantor Imigrasi Tasikmalaya),” J. Sist. Inf. dan Teknol. Inf., vol. 6, no. 1, pp. 87–98, 2017.
V. M. Hashemi, Z. Muda, and W. Yassin, “Improving Intrusion Detection Using Genetic Algorithm,” Inf. Technol. J., vol. 12, no. 11, pp. 2167–2173, May 2013, doi: 10.3923/itj.2013.2167.2173.
S. E. Benaicha, L. Saoudi, S. E. B. Guermeche, and O. Lounis, “Intrusion detection system using genetic algorithm,” in 2014 Science and Information Conference, IEEE, Aug. 2014, pp. 564–568. doi: 10.1109/SAI.2014.6918242.
J.-Z. Zhao and H.-K. Huang, “An intrusion detection system based on data mining and immune principles,” in Proceedings. International Conference on Machine Learning and Cybernetics, 2022, pp. 524–528 vol.1. doi: 10.1109/ICMLC.2002.1176811.
P. Jongsuebsuk, N. Wattanapongsakorn, and C. Charnsripinyo, “Real-time intrusion detection with fuzzy genetic algorithm,” in 2013 10th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, IEEE, May 2013, pp. 1–6. doi: 10.1109/ECTICon.2013.6559603.
Y. Danane and T. Parvat, “Intrusion detection system using fuzzy genetic algorithm,” in 2015 International Conference on Pervasive Computing (ICPC), IEEE, Jan. 2015, pp. 1–5. doi: 10.1109/PERVASIVE.2015.7086963.
D. Hariyadi and F. E. Nastiti, “Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta,” J. Komtika (Komputasi dan Inform., vol. 5, no. 1, pp. 35–42, Jul. 2021, doi: 10.31603/komtika.v5i1.5134.
R. Z. Nufal, U. Y. K. S. Herdianto, and M. Fathinuddin, “Hardening Cloudfri Dengan Metode Security Hardening Pada Aplikasi Berbasis Website Tap2go.cloudfri.id,” eProceedings Eng., vol. 8, no. 5, 2021.
T. R. Peltier, Information Security Risk Analysis. Auerbach Publications, 2010. doi: 10.1201/EBK1439839560.
Owasp, “Top 10 Web Application Security Risks,” Owasp. https://owasp.org/www-project-top-ten/ (accessed Mar. 23, 2023).
A. Sudhodanan, R. Carbone, L. Compagna, N. Dolgin, A. Armando, and U. Morelli, “Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries,” in 2017 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, Apr. 2017, pp. 350–365. doi: 10.1109/EuroSP.2017.45.
M. Chawda, D. P. Sharma, and M. J. Patel, “Deep Dive into Directory Traversal and File Inclusion Attacks leads to Privilege Escalation,” Int. J. Sci. Res. Sci. Eng. Technol., pp. 115–120, May 2021, doi: 10.32628/IJSRSET218384.
A. Begum, M. M. Hassan, T. Bhuiyan, and M. H. Sharif, “RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh,” in 2016 International Workshop on Computational Intelligence (IWCI), IEEE, Dec. 2016, pp. 21–25. doi: 10.1109/IWCI.2016.7860332.
P. Nagarjun and S. Shakeel, “Cross-site Scripting Research: A Review,” Int. J. Adv. Comput. Sci. Appl., vol. 11, no. 4, 2020, doi: 10.14569/IJACSA.2020.0110481.