Analysis Server Security Assessment of Staffing Management Information System Using the NIST SP 800-115 Method at UIN Ar-Raniry Banda Aceh

Abstract

Ar-Raniry State Islamic University management information system has been implemented based on technology. It becomes vulnerable to attacks brought on by weaknesses (vulnerabilities). The degree to which institutions are able to improve their access to authority inside the system is gauged by this research. To evaluate the server's dependability based on confidentiality, integrity, and availability, penetration testing is necessary. The NIST SP 800-115 approach, which comprises of four testing stages—planning, discovery, attack, and reporting—is used to conduct the server security assessment. The findings demonstrate the Security Management Information System contains nine vulnerabilities in various ways with varying improvements. Two of these vulnerabilities are classified as high threat: DNS Server Spoofed Request Amplification DDoS by blocking access from the public network or rejecting the query; and Interception Attack by enhancing the SSL/TLS protocol through a stunnel. The remaining seven vulnerabilities are classified as medium threat. However, Ar-Raniry's campus server vulnerability level is categorized as medium threat