M. Faqih Ridho - COnnecting REpositories · 2018. 2. 11. · FINAL PROJECT REPORT Fulfillment of...

ANALYSIS AND EVALUATION SNORT, BRO, AND

SURICATA AS INTRUSION DETECTION SYSTEM

BASED ON LINUX SERVER

Submitted as One of

for Getting B

DEPARTMENT

FACULTY OF COMMUNICATIONS AND INFORMATICS

UNIVERSITAS



BASED ON LINUX SERVER

FINAL PROJECT REPORT

Submitted as One of Fulfillment of the Requirement

for Getting Bachelor Degree in Department of Informatics

Universitas Muhammadiyah Surakarta

By:

M. Faqih Ridho L200090136

DEPARTMENT OF INFORMATICS


UNIVERSITAS MUHAMMADIYAH SURAKARTA

2014



Fulfillment of the Requirement

Degree in Department of Informatics


MUHAMMADIYAH SURAKARTA

“Life is not for pleasure but looking for a change for a better life

“ Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.

v

MOTTO

Life is not for pleasure but looking for a change for a better life

( Arba’atin)

Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.

(Qs. Al Buruj:11)

Life is not for pleasure but looking for a change for a better life “

Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.”

vi

DEDICATION

As my thankful, the author dedicated this final project to:

1. My lovely parents, Mr. Widodo and Mrs. Siti Aminah for the unlimited

love, every advices, every pray that always given to me to be successful

person and also for the support that never unforgettable.

2. My lovely brother and sister; Artati, Kosim, Ami and Listanto that always

give me the best support.

3. My beloved, Nur Fajarwati Halimah that always be my dearest supporter,

friend of discussion, sharing, and my best future.

4. My classmates in class A; Rijal, Novel, Galuh, Sofyan, Septiawan, Budi

and Ida. My friends that accompany me in the happiness and sadness for 4

years.

5. My MATIKEP’s friends (Mahasiswa TI Kelas E Punya), my friends in the

early study in college.

6. My HIMATIF UMS’s friends, the first place that the author recognize

organization of development myself.

7. The big family in Informatics Engineering Department – UMS, Laboratory

of Informatics Engineering Department – UMS and all of my practicum

friends for the all valuable thing that given to me.

8. The big family of IT-UMS and IT-Helpdesk that always give me the

support and the place for sharing.

9. The last, thanks to everyone that always beside me.

vii

ACKNOWLEDGEMENT

Praise be to Allah the Almighty who has given His blessing so that the

author can finally finished this final project report entitled “ANALYSIS AND

EVALUATION SNORT, BRO, AND SURICATA AS INTRUSION

DETECTION SYSTEM BASED ON LINUX SERVER” as one of fulfillment in

achieving the Bachelor Degree of Informatics Engineering Department.

The author realizes that this final project report could not be achieved

without the help and assistance from others. Therefore, in this occasion the author

would give her appreciation to the individuals and institutions who have given

their help during the process of writing so that this final project report is finally

finished. She would like to express her deepest gratitude to the following:

1. Mr. Husni Thamrin, S.T MT, Ph.D as Dean of Faculty of Communications

and Informatics, Universitas Muhammadiyah Surakarta.

2. Mr. Dr. Heru Supriyono, S.T M.Sc. as Head of Department of Informatics,

Universitas Muhammadiyah Surakarta.

3. Mrs. Endah Sudarmilah, S.T, M.Eng as the Academic Advisor along the

study.

4. Mr. Fatah Yasin, S.T, M.T. and Mr. Yusuf Sulistyo Nugroho S.T M.Eng

as the final project advisor that give the guidance and advice. So, the

author finished this final project.

viii

5. All the lecturer and employees of Informatics Engineering Department for

the help and knowledge that given to author along the study. So, the author

gets the bachelor degree.

6. My parents that always give me the pray, support and motivation to the

author.

7. Everyone that can’t be mentioned one by one that help the author finished

the final project.

At last but definitely not least, hopefully this final project report

will be a beneficial contribution to the future research.

Surakarta, May 2014

The author

ix

TABLE OF CONTENTS

TITLE ........................................................................................................................i

APPROVAL ............................................................................................................ ii

VALIDATION ........................................................................................................ iii

MOTTO ...................................................................................................................iv

DEDICATION ......................................................................................................... v

ACKNOWLEDGEMENT ......................................................................................vi

TABLE OF CONTENTS ..................................................................................... viii

LIST OF TABLES.................................................................................................xiv

LIST OF FIGURES ................................................................................................ xv

ABSTRACT ....................................................................................................... xviii

CHAPTER I: INTRODUCTION ......................................................................... 1

A. Background of the Study ......................................................................... 1

B. Problem Statement .................................................................................. 2

C. Limitation of the Study ............................................................................ 2

D. Objective of the Study ............................................................................. 3

E. Benefit of the Study ................................................................................. 3

F. Systematical of Writing ............................................................................ 4

CHAPTER II: REVIEW OF LITERATURE ...................................................... 5

A. Research Study ........................................................................................ 5

B. Basic Theory ........................................................................................... 6

x

1. Network Security ............................................................................ 6

2. Linux Ubuntu .................................................................................. 7

3. Intrusion Detection System ............................................................. 8

4. Snort .............................................................................................. 11

5. Bro ................................................................................................. 12

6. Suricata .......................................................................................... 13

7. Malware......................................................................................... 14

CHAPTER III: RESEARCH METHOD ........................................................... 15

A. Time and Place ...................................................................................... 15

B. Tools ...................................................................................................... 15

1. Software ........................................................................................ 15

2. Hardware ....................................................................................... 16

C. Research Method ................................................................................... 16

1. Ubuntu Server Installation ............................................................ 22

2. Installing Supporting System ........................................................ 24

3. Installing and Configuring Snort ................................................... 26

4. Installing and Configuring Bro ..................................................... 27

5. Installing and Configuring Suricata .............................................. 27

CHAPTER IV: RESULTS AND DISCUSSION ................................................ 28

A. Research Result ..................................................................................... 28

1. Scanning ........................................................................................ 28

2. Penetration..................................................................................... 29

3. The Use of Resource ..................................................................... 30

xi

4.Warning Detection ......................................................................... 34

B. Discussion .............................................................................................. 38

CHAPTER V: CONCLUSION AND SUGGESTION ...................................... 41

5.1 Conclusions .......................................................................................... 41

5.2 Suggestions .......................................................................................... 41

BIBLIOGRAPHY ................................................................................................ 42

APPENDIX ........................................................................................................... 44

xii

LIST OF TABLES

Table 3.1 : Hardware Spesification to test IDS ................................................ 16

Table 3.2 : Package which is needed by IDS .................................................. 24

Table 4.1 : Event of Snort ................................................................................ 35

Table 4.2 :Event of Suricata ............................................................................. 37

Table 5.1 : Comparison Snort, Bro and Suricata ............................................ 42

xiii

LIST OF FIGURES

Figure 2.1 : The Structure of Bro System ....................................................... 13

Figure 3.1 : The Flowchart of the Research .................................................... 18

Figure 3.2 : Armitage ...................................................................................... 19

Figure 3.3 : The Scheme network of IDS testing ........................................... 21

Figure 3.4 : The Process to chose a software in Ubuntu server installation ... 22

Figure 3.5 : Snort ............................................................................................ 26

Figure 3.6 : Bro .............................................................................................. 27

Figure 3.7 : Suricata ....................................................................................... 27

Figure 4.1 : Result of Scanning ....................................................................... 28

Figure 4.2 : the use of hail mary to do penetration ......................................... 29

Figure 4.3 : the use of resources in normal condition .................................... 30

Figure 4.4 : the use of Snort resource before testing ...................................... 31

Figure 4.5 : the use of Snort resource when testing ....................................... 31

Figure 4.6 : the use of Bro resource before testing ........................................ 32

Figure 4.7 : the use of Bro resource when testing .......................................... 32

Figure 4.8 : the use of Suricata resource before testing ................................. 33

Figure 4.9 : the use of Suricata resource before testing ................................. 33

Figure 4.10 : Snort alert .................................................................................. 34

Figure 4.11 : Bro alert .................................................................................... 36

xiv

Figure 4.12 : Suricata alert .............................................................................. 36

Figure 4.13 : Log Snort .................................................................................. 39

Figure 4.14 : Suricata Log .............................................................................. 39

Figure 4.15 : Bro Log ...................................................................................... 40

xv

ABSTRACT

Security and confidentiality of data on computer networks is currently a problem that continues to grow. Installation of firewalls, antivirus, IDS (Intrusion Detection System) / IPS (Intrusion Prevention System) and various other security applications often require the best available installation cost is not small. Open source is the best solution to address the security issues that expensive. Intrusion Detection System is a system designed to collect information about the activities in the network, analyzing information, and give a warning. Snort, Bro and Suricata is an open source Intrusion Detection System. By comparing how the installation, configuration, warnings are displayed, and the resulting information can to know the advantages and disadvantages of snort Snort, Bro and Suricata as Intrusion Detection System.

There are two stages of testing, such as scanning and penetration. Phase scanning is a scan of all ports, scanning is done by using NMAP application which is found on Armitage. Stage penetration is done by using the menu hail mary which is contained in Attack tab, hail mary is used to try all the exploits against computer target.

Based on Scanning and penetration process, Snort detects 926 alert, Suricata detects 1218 alerts and Bro detects 128 low alerts. Snort and Suricata ease to install and update rule, Bro requires the least amount of resources.

Key words: Bro, Intrusion Detection System, Snort, Suricata

M. Faqih Ridho - COnnecting REpositories · 2018. 2. 11. · FINAL PROJECT REPORT Fulfillment of...

Documents

Transcript of M. Faqih Ridho - COnnecting REpositories · 2018. 2. 11. · FINAL PROJECT REPORT Fulfillment of...