Implementation of IPS (Intrusion Prevention System) Fail2ban on Server for DDoS and Brute Force Attacks

Fazar Dawamsyach, Ikhwan Ruslianto, Uray Ristian

Abstract


Server security is an important thing that must be considered so that the server can work well and serve users. Attacks on servers can threaten server performance and data security in it. According to the National Cyber and Crypto Agency 2020 report, ports 22 and 80 were the top ports with the most attacks. One of the attacks on port 22 is brute force and an attack on port 80 is Distributed Denial of Service (DDoS). To solve this problem, a study was conducted to implement fail2ban IPS (Intrusion Prevention System) to increase server security. The attacks tested focused on brute force attacks on port 22 and DDoS attacks on port 80 using the TCP protocol. The fail2ban system is equipped with a website interface and notifications via telegram. The test results show that DDoS attacks have more impact on CPU performance with the highest increase in CPU being 92%, while brute force attacks have more impact on server memory performance with the highest increase in memory by 100%. The increase in server performance results in slowed server performance. The system managed to prevent DDoS attacks with an average speed of 0.5 seconds while brute force attacks were 6.1 seconds. The system managed to prevent DDoS attacks with a total of 88 attacks and brute force attacks with a total of 864 attacks.


Keywords


computer security; server; Intrusion Prevention System; Fail2ban; DDoS; Bruteforce

Full Text:

PDF

References


Badan Siber dan Sandi Negara, “Laporan Tahunan 2020 Honeynet Project BSSN-IHP,” 2021.

Syaifuddin, D. Risqiwati, and E. Ari Irawan, “Realtime Pencegahan Serangan Brute Force dan DDOS Pada Ubuntu Server,” Techno.COM, vol. 17, no. 4, pp. 347–354, 2018.

R. Suwanto, I. Ruslianto, and M. Diponegoro, “Implementasi Intrusion Prevention System (IPS) Menggunakan Snort dan IPTable pada Monitoring Jaringan Lokal Berbasis Website,” Jurnal Komputer dan Aplikasi, vol. 7, no. 1, pp. 97–107, 2019.

R. Alder, “Snort IDS and IPS Toolkit,” pp. 25–26, 2007.

I. Muakhori, Sunardi, and A. Fadlil, “Security of Dynamic Domain Name System Servers Against DDOS Attacks Using Iptable and Fail2ba,” Jurnal Mantik, vol. 4, no. 1, pp. 41–49, 2020.

K. Hess, “Linux Security: Protect Your Systems with Fail2ban,” Jun. 04, 2020. www.redhat.com/sysadmin/protect-systems-fail2ban (accessed Sep. 21, 2022).

I. F. Irza, Zulhendra, and Efrizon, “Analisis Perbandingan Kinerja Web Server Apache dan Nginx Menggunakan Httperf pada Portal Berita (Studi Kasus beritalinux.com),” Teknik Elektronika & Informatika, vol. 5, no. 2, pp. 75–82, 2017.

Martin. Fjordvald, Instant Nginx Starter : Implement the Nifty Features of Nginx with This Focused Guide. Packt Publishing, 2013.

R. Zhong and G. Yue, “DDoS Detection System Based On Data Mining,” Proceedings of the Second International Symposium on Networking and Network Security, pp. 62–65, 2010.

K. E. Pramudita, Brute Force Attack dan Penerapannya pada Password Cracking. 2010.

H. S. Pratita, “Analisa Brute Force Attack Menggunakan Scanning Aplikasi pada HTTP Attack,” 2016.




DOI: https://doi.org/10.24114/cess.v8i1.40259

Article Metrics

Abstract view : 220 times
PDF - 183 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

CESS (Journal of Computer Engineering, System and Science)

Creative Commons License
CESS (Journal of Computer Engineering, System and Science) is licensed under a Creative Commons Attribution 4.0 International License