M. Faqih Ridho - COnnecting REpositories · 2018. 2. 11. · FINAL PROJECT REPORT Fulfillment of...
Transcript of M. Faqih Ridho - COnnecting REpositories · 2018. 2. 11. · FINAL PROJECT REPORT Fulfillment of...
ANALYSIS AND EVALUATION SNORT, BRO, AND
SURICATA AS INTRUSION DETECTION SYSTEM
BASED ON LINUX SERVER
Submitted as One of
for Getting B
DEPARTMENT
FACULTY OF COMMUNICATIONS AND INFORMATICS
UNIVERSITAS
ANALYSIS AND EVALUATION SNORT, BRO, AND
SURICATA AS INTRUSION DETECTION SYSTEM
BASED ON LINUX SERVER
FINAL PROJECT REPORT
Submitted as One of Fulfillment of the Requirement
for Getting Bachelor Degree in Department of Informatics
Universitas Muhammadiyah Surakarta
By:
M. Faqih Ridho L200090136
DEPARTMENT OF INFORMATICS
FACULTY OF COMMUNICATIONS AND INFORMATICS
UNIVERSITAS MUHAMMADIYAH SURAKARTA
2014
ANALYSIS AND EVALUATION SNORT, BRO, AND
SURICATA AS INTRUSION DETECTION SYSTEM
Fulfillment of the Requirement
Degree in Department of Informatics
FACULTY OF COMMUNICATIONS AND INFORMATICS
MUHAMMADIYAH SURAKARTA
ii
iii
iv
“Life is not for pleasure but looking for a change for a better life
“ Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.
v
MOTTO
Life is not for pleasure but looking for a change for a better life
( Arba’atin)
Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.
(Qs. Al Buruj:11)
Life is not for pleasure but looking for a change for a better life “
Indeed, those who have believed and done righteous deeds will have gardens beneath which rivers flow. That is the great attainment.”
vi
DEDICATION
As my thankful, the author dedicated this final project to:
1. My lovely parents, Mr. Widodo and Mrs. Siti Aminah for the unlimited
love, every advices, every pray that always given to me to be successful
person and also for the support that never unforgettable.
2. My lovely brother and sister; Artati, Kosim, Ami and Listanto that always
give me the best support.
3. My beloved, Nur Fajarwati Halimah that always be my dearest supporter,
friend of discussion, sharing, and my best future.
4. My classmates in class A; Rijal, Novel, Galuh, Sofyan, Septiawan, Budi
and Ida. My friends that accompany me in the happiness and sadness for 4
years.
5. My MATIKEP’s friends (Mahasiswa TI Kelas E Punya), my friends in the
early study in college.
6. My HIMATIF UMS’s friends, the first place that the author recognize
organization of development myself.
7. The big family in Informatics Engineering Department – UMS, Laboratory
of Informatics Engineering Department – UMS and all of my practicum
friends for the all valuable thing that given to me.
8. The big family of IT-UMS and IT-Helpdesk that always give me the
support and the place for sharing.
9. The last, thanks to everyone that always beside me.
vii
ACKNOWLEDGEMENT
Praise be to Allah the Almighty who has given His blessing so that the
author can finally finished this final project report entitled “ANALYSIS AND
EVALUATION SNORT, BRO, AND SURICATA AS INTRUSION
DETECTION SYSTEM BASED ON LINUX SERVER” as one of fulfillment in
achieving the Bachelor Degree of Informatics Engineering Department.
The author realizes that this final project report could not be achieved
without the help and assistance from others. Therefore, in this occasion the author
would give her appreciation to the individuals and institutions who have given
their help during the process of writing so that this final project report is finally
finished. She would like to express her deepest gratitude to the following:
1. Mr. Husni Thamrin, S.T MT, Ph.D as Dean of Faculty of Communications
and Informatics, Universitas Muhammadiyah Surakarta.
2. Mr. Dr. Heru Supriyono, S.T M.Sc. as Head of Department of Informatics,
Universitas Muhammadiyah Surakarta.
3. Mrs. Endah Sudarmilah, S.T, M.Eng as the Academic Advisor along the
study.
4. Mr. Fatah Yasin, S.T, M.T. and Mr. Yusuf Sulistyo Nugroho S.T M.Eng
as the final project advisor that give the guidance and advice. So, the
author finished this final project.
viii
5. All the lecturer and employees of Informatics Engineering Department for
the help and knowledge that given to author along the study. So, the author
gets the bachelor degree.
6. My parents that always give me the pray, support and motivation to the
author.
7. Everyone that can’t be mentioned one by one that help the author finished
the final project.
At last but definitely not least, hopefully this final project report
will be a beneficial contribution to the future research.
Surakarta, May 2014
The author
ix
TABLE OF CONTENTS
TITLE ........................................................................................................................i
APPROVAL ............................................................................................................ ii
VALIDATION ........................................................................................................ iii
MOTTO ...................................................................................................................iv
DEDICATION ......................................................................................................... v
ACKNOWLEDGEMENT ......................................................................................vi
TABLE OF CONTENTS ..................................................................................... viii
LIST OF TABLES.................................................................................................xiv
LIST OF FIGURES ................................................................................................ xv
ABSTRACT ....................................................................................................... xviii
CHAPTER I: INTRODUCTION ......................................................................... 1
A. Background of the Study ......................................................................... 1
B. Problem Statement .................................................................................. 2
C. Limitation of the Study ............................................................................ 2
D. Objective of the Study ............................................................................. 3
E. Benefit of the Study ................................................................................. 3
F. Systematical of Writing ............................................................................ 4
CHAPTER II: REVIEW OF LITERATURE ...................................................... 5
A. Research Study ........................................................................................ 5
B. Basic Theory ........................................................................................... 6
x
1. Network Security ............................................................................ 6
2. Linux Ubuntu .................................................................................. 7
3. Intrusion Detection System ............................................................. 8
4. Snort .............................................................................................. 11
5. Bro ................................................................................................. 12
6. Suricata .......................................................................................... 13
7. Malware......................................................................................... 14
CHAPTER III: RESEARCH METHOD ........................................................... 15
A. Time and Place ...................................................................................... 15
B. Tools ...................................................................................................... 15
1. Software ........................................................................................ 15
2. Hardware ....................................................................................... 16
C. Research Method ................................................................................... 16
1. Ubuntu Server Installation ............................................................ 22
2. Installing Supporting System ........................................................ 24
3. Installing and Configuring Snort ................................................... 26
4. Installing and Configuring Bro ..................................................... 27
5. Installing and Configuring Suricata .............................................. 27
CHAPTER IV: RESULTS AND DISCUSSION ................................................ 28
A. Research Result ..................................................................................... 28
1. Scanning ........................................................................................ 28
2. Penetration..................................................................................... 29
3. The Use of Resource ..................................................................... 30
xi
4.Warning Detection ......................................................................... 34
B. Discussion .............................................................................................. 38
CHAPTER V: CONCLUSION AND SUGGESTION ...................................... 41
5.1 Conclusions .......................................................................................... 41
5.2 Suggestions .......................................................................................... 41
BIBLIOGRAPHY ................................................................................................ 42
APPENDIX ........................................................................................................... 44
xii
LIST OF TABLES
Table 3.1 : Hardware Spesification to test IDS ................................................ 16
Table 3.2 : Package which is needed by IDS .................................................. 24
Table 4.1 : Event of Snort ................................................................................ 35
Table 4.2 :Event of Suricata ............................................................................. 37
Table 5.1 : Comparison Snort, Bro and Suricata ............................................ 42
xiii
LIST OF FIGURES
Figure 2.1 : The Structure of Bro System ....................................................... 13
Figure 3.1 : The Flowchart of the Research .................................................... 18
Figure 3.2 : Armitage ...................................................................................... 19
Figure 3.3 : The Scheme network of IDS testing ........................................... 21
Figure 3.4 : The Process to chose a software in Ubuntu server installation ... 22
Figure 3.5 : Snort ............................................................................................ 26
Figure 3.6 : Bro .............................................................................................. 27
Figure 3.7 : Suricata ....................................................................................... 27
Figure 4.1 : Result of Scanning ....................................................................... 28
Figure 4.2 : the use of hail mary to do penetration ......................................... 29
Figure 4.3 : the use of resources in normal condition .................................... 30
Figure 4.4 : the use of Snort resource before testing ...................................... 31
Figure 4.5 : the use of Snort resource when testing ....................................... 31
Figure 4.6 : the use of Bro resource before testing ........................................ 32
Figure 4.7 : the use of Bro resource when testing .......................................... 32
Figure 4.8 : the use of Suricata resource before testing ................................. 33
Figure 4.9 : the use of Suricata resource before testing ................................. 33
Figure 4.10 : Snort alert .................................................................................. 34
Figure 4.11 : Bro alert .................................................................................... 36
xiv
Figure 4.12 : Suricata alert .............................................................................. 36
Figure 4.13 : Log Snort .................................................................................. 39
Figure 4.14 : Suricata Log .............................................................................. 39
Figure 4.15 : Bro Log ...................................................................................... 40
xv
ABSTRACT
Security and confidentiality of data on computer networks is currently a problem that continues to grow. Installation of firewalls, antivirus, IDS (Intrusion Detection System) / IPS (Intrusion Prevention System) and various other security applications often require the best available installation cost is not small. Open source is the best solution to address the security issues that expensive. Intrusion Detection System is a system designed to collect information about the activities in the network, analyzing information, and give a warning. Snort, Bro and Suricata is an open source Intrusion Detection System. By comparing how the installation, configuration, warnings are displayed, and the resulting information can to know the advantages and disadvantages of snort Snort, Bro and Suricata as Intrusion Detection System.
There are two stages of testing, such as scanning and penetration. Phase scanning is a scan of all ports, scanning is done by using NMAP application which is found on Armitage. Stage penetration is done by using the menu hail mary which is contained in Attack tab, hail mary is used to try all the exploits against computer target.
Based on Scanning and penetration process, Snort detects 926 alert, Suricata detects 1218 alerts and Bro detects 128 low alerts. Snort and Suricata ease to install and update rule, Bro requires the least amount of resources.
Key words: Bro, Intrusion Detection System, Snort, Suricata