Implementation of IPS (Intrusion Prevention System) Fail2ban on Server for DDoS and Brute Force Attacks

Fazar Dawamsyach; Ikhwan Ruslianto; Uray Ristian

doi:10.24114/cess.v8i1.40259

Authors

Fazar Dawamsyach Universitas Tanjungpura
Ikhwan Ruslianto Universitas Tanjungpura
Uray Ristian Universitas Tanjungpura

DOI:

https://doi.org/10.24114/cess.v8i1.40259

Keywords:

computer security, server, Intrusion Prevention System, Fail2ban, DDoS, Bruteforce

Abstract

Server security is an important thing that must be considered so that the server can work well and serve users. Attacks on servers can threaten server performance and data security in it. According to the National Cyber and Crypto Agency 2020 report, ports 22 and 80 were the top ports with the most attacks. One of the attacks on port 22 is brute force and an attack on port 80 is Distributed Denial of Service (DDoS). To solve this problem, a study was conducted to implement fail2ban IPS (Intrusion Prevention System) to increase server security. The attacks tested focused on brute force attacks on port 22 and DDoS attacks on port 80 using the TCP protocol. The fail2ban system is equipped with a website interface and notifications via telegram. The test results show that DDoS attacks have more impact on CPU performance with the highest increase in CPU being 92%, while brute force attacks have more impact on server memory performance with the highest increase in memory by 100%. The increase in server performance results in slowed server performance. The system managed to prevent DDoS attacks with an average speed of 0.5 seconds while brute force attacks were 6.1 seconds. The system managed to prevent DDoS attacks with a total of 88 attacks and brute force attacks with a total of 864 attacks.

References

Badan Siber dan Sandi Negara, œLaporan Tahunan 2020 Honeynet Project BSSN-IHP, 2021.

Syaifuddin, D. Risqiwati, and E. Ari Irawan, œRealtime Pencegahan Serangan Brute Force dan DDOS Pada Ubuntu Server, Techno.COM, vol. 17, no. 4, pp. 347“354, 2018.

R. Suwanto, I. Ruslianto, and M. Diponegoro, œImplementasi Intrusion Prevention System (IPS) Menggunakan Snort dan IPTable pada Monitoring Jaringan Lokal Berbasis Website, Jurnal Komputer dan Aplikasi, vol. 7, no. 1, pp. 97“107, 2019.

R. Alder, œSnort IDS and IPS Toolkit, pp. 25“26, 2007.

I. Muakhori, Sunardi, and A. Fadlil, œSecurity of Dynamic Domain Name System Servers Against DDOS Attacks Using Iptable and Fail2ba, Jurnal Mantik, vol. 4, no. 1, pp. 41“49, 2020.

K. Hess, œLinux Security: Protect Your Systems with Fail2ban, Jun. 04, 2020. www.redhat.com/sysadmin/protect-systems-fail2ban (accessed Sep. 21, 2022).

I. F. Irza, Zulhendra, and Efrizon, œAnalisis Perbandingan Kinerja Web Server Apache dan Nginx Menggunakan Httperf pada Portal Berita (Studi Kasus beritalinux.com), Teknik Elektronika & Informatika, vol. 5, no. 2, pp. 75“82, 2017.

Martin. Fjordvald, Instant Nginx Starter : Implement the Nifty Features of Nginx with This Focused Guide. Packt Publishing, 2013.

R. Zhong and G. Yue, œDDoS Detection System Based On Data Mining, Proceedings of the Second International Symposium on Networking and Network Security, pp. 62“65, 2010.

K. E. Pramudita, Brute Force Attack dan Penerapannya pada Password Cracking. 2010.

H. S. Pratita, œAnalisa Brute Force Attack Menggunakan Scanning Aplikasi pada HTTP Attack, 2016.