Design and Implement of Intrusion Prevention System Based on Snort and IP Tables
DOI:
https://doi.org/10.24191/jcrinn.v10i1.498Keywords:
Network Security, Intrusion Detection System, Intrusion Prevention System, Snort, Wireless SecurityAbstract
In the era of rapid advancement in communication and computer technology, network security has become a crucial issue, especially in wireless networks. Unlimited internet access can cause security threats such as Distributed Denial of Service (DDoS) attacks, spoofing, and port scanning. This study aims to design and implement a Snort-based Intrusion Prevention System (IPS) combined with IP Tables to improve the security of wireless local area networks (WLANs). The proposed system not only detects but also prevents attacks in real-time by blocking malicious network traffic. Testing was carried out using penetration testing with various attack scenarios, including ARP spoofing and DDoS, which showed that this system successfully identified and blocked attacker access. The results of this study were measured based on the system's ability to reduce wireless network threats, which showed a significant increase in threat mitigation. This system provides a more optimal security solution compared to traditional intrusion detection systems that are only detection. Overall, the implementation of this system is able to increase the efficiency of attack prevention and show success in reducing the risk of illegal network access on WLANs.
Downloads
References
Alamsyah, H., Riska, A. A. A., & Al Akbar, A. (2020). Analisa Keamanan Jaringan Menggunakan Network Intrusion Detection and Prevention System. JOINTECS (Journal of Information Technology and Computer Science), 5(1), 17.
Asian, J., & Erlangga, D. (2023). Data exfiltration anomaly detection on enterprise networks using deep packet inspection. MATRIK: Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, 22(3), 665-672. https://doi.org/10.30812/matrik.v22i3.3089
Dao, Q. D. (2024). Research and deploy a network attack detection and warning system using snort [Doctoral dissertation, Vietnam-Korea University of Information and Communication Technology].
Evizal, A. K., Apri, S., & Abdul, S. (2016). Performance analysis of wireless LAN 802.11 n standard for e-Learning. In the Fourth International Conference on Information and Communication Technologies (ICoICT) (pp 1-6). IEEE Xplore. https://doi.org/10.1109/ICoICT.2016.7571948
Garlinska, M., Osial, M., Proniewska, K., & Pregowska, A. (2023). The influence of emerging technologies on distance education. Electronics, 12(7), 1550. https://doi.org/10.3390/electronics12071550
Green, J. J. (2019). The effects of today's technology on student learning in higher education. Baker College (Michigan).
Hwang, H., Jung, G., Sohn, K., & Park, S. (2008). A study on MITM (Man in the Middle) vulnerability in wireless network using 802.1 X and EAP. In the 2008 International Conference on Information Science and Security (ICISS 2008) (pp. 164-170). https://doi.org/10.1109/ICISS.2008.10
Kizza, J. M. (2024). System intrusion detection and prevention guide to computer network security. In Guide to Computer Network Security (pp. 295-323). Springer. https://doi.org/10.1007/978-3-031-47549-8_13
Nathasia, N. D. (2018). Implementasi metode intrusion detection systems (IDS) dan intrusion prevention systems (IPS) berbasis snort server untuk keamanan jaringan LAN. Jurnal Informatika, 18(1), 71-84.
Palamà, I., Amici, A., Bellicini, G., Gringoli, F., Pedretti, F., & Bianchi, G. (2023). Attacks and vulnerabilities of Wi-Fi Enterprise networks: User security awareness assessment through credential stealing attack experiments. Computer Communications, 212, 129-140. https://doi.org/10.1016/j.comcom.2023.09.031
Pandey, A., & Saini, J. R. (2014). Attacks & defense mechanisms for TCP/IP based protocols. International Journal of Engineering Innovations and Research, 3(1), 17-23.
Pour, M. S., Nader, C., Friday, K., & Bou-Harb, E. (2023). A comprehensive survey of recent internet measurement techniques for cyber security. Computers & Security, 128, 103123. https://doi.org/10.1016/j.cose.2023.103123
Radhakrishna, K. S., Lee, Y., You, K., Thiruvarasu, K., & Ng, S. (2023). Study of obstacles effect on mobile network and WLAN signal strength. International Journal of Electronics and Telecommunications, 69(1), 155-161. https://doi.org/10.24425/ijet.2023.144345
Rangaraju, S. (2023). AI sentry: Reinventing cybersecurity through intelligent threat detection. EPH-International Journal of Science and Engineering, 9(3), 30-35. https://doi.org/10.53555/ephijse.v9i3.211
Siswanto, A., Evizal, E., & Kusmeli, K. (2019). Analisa dan perancangan jaringan wireless Local Area Network pada SMK Negeri 1 Rengat Barat. IT Journal Research and Development, 3(2), 1-8. https://doi.org/10.25299/itjrd.2019.vol3(2).2096
Thankappan, M., Rifà-Pous, H., & Garrigues, C. (2024). A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks. IEEE Access, 12, 23096-23121. https://doi.org/10.1109/ACCESS.2024.3362803
Tyagi, A. K., Dananjayan, S., Agarwal, D., & Thariq Ahmed, H. F. (2023). Blockchain—Internet of Things applications: Opportunities and challenges for industry 4.0 and society 5.0. Sensors, 23(2), 947. https://doi.org/10.3390/s23020947
Vamshi Krishna, K., & Ganesh Reddy, K. (2023). Classification of distributed denial of service attacks in VANET: A survey. Wireless Personal Communications, 132(2), 933-964. https://doi.org/10.1007/s11277-023-10643-6
Widiyanto, W. W. (2022). SIMRS Network Security Simulation Using Snort IDS and IPS Methods. Indonesian of Health Information Management Journal (INOHIM), 10(1), 10-17. https://doi.org/10.47007/inohim.v10i1.396
Widodo, R., & Riadi, I. (2021). Intruder detection systems on computer networks using host based intrusion detection system techniques. Buletin Ilmiah Sarjana Teknik Elektro, 3(1), 21-30. https://doi.org/10.12928/biste.v3i1.1752
Zhou, Z., Chen, Z., Zhou, T., & Guan, X. (2010). The study on network intrusion detection system of Snort. In the 2010 International Conference on Networking and Digital Society (pp. 194-196). IEEE Xplore. http://doi.org/10.1109/ICNDS.2010.5479341
Downloads
Published
How to Cite
Issue
Section
