Implementation of Intrusion Prevention System (IPS) as a Website-Based Server Security System and Mobile Application

Abstract

Server is a center for providing services and storing data in a computer network. A server is managed by server administrator who has a duty of monitoring security server. While on duty, there are deficiencies in detecting attacks, the slow information about the attacks, and how to handle attacks on the server. In this research, a server security system was created by implementing an Intrusion Prevention System (IPS) based on website and mobile applications. Attack detection focuses on ICMP and TCP port attacks with the latency time when the system responds to an attack is 99,89 ms (very good). The attack handling system was successfully carried out using Iptables against the attacker's IP that detected by the Suricata system through the website and mobile applications, to be given action which is divided into Drop, Reject and Accept. Administrators can quickly take the necessary precautions after receiving an automatic notification when the server is under attack via Telegram with an average speed is 3.41second. The ping attack, port scanning and ping of death (DoS) attacks resulted in an increase in the performance load on the local server with the initial conditions of CPU performance ranging from 10-19%, increasing when a ping attack occurred to 21,6%, memory 41,7%, and disk 19,6%. Port scanning increased by 85,9% CPU, memory 41,9%, and disk 20,3%. Ping of death increased CPU 90,4%, memory 42,9%, and disk 20,8%. Based on the tests that have been done, an excessive increase is found in the ping of death attack which results in server performance increasing to 90,4%, if the attack occurs for a long time then the server condition will be hang (damaged).