IMPLEMENTASI SNORT INTRUSION DETECTION SYSTEM (IDS) PADA SISTEM JARINGAN KOMPUTER
Abstract
Penelitian ini bertujuan untuk merancang sebuah sistem keamanan jaringan komputer dengan menerapkan Snort Intrusion Detection System (IDS). Sistem keamanan jaringan yang dibangunmengintegrasikan antara Intrusion Detection System (IDS), Database System, dan Monitoring System. Dalam skema pengujian, sistem terdiri dari dua jenis, yaitu server dan client. Server berfungsi sebagai target serangan dan sekaligus digunakan untuk melakukan pemantauan terhadap jaringan. Sedangkan client berfungsi sebagai intruder (penyusup). Metode seranganyang diterapkan pada lingkup pengujian adalah Port Scanning dan Denial of Service (DoS). Dari hasil pengujian yang telah dilakukan, Snort-IDS mampu menganalisis paket-paket yang melewati jaringan dan berusaha menentukan apakah terdapat paket-paket data yang berisi aktivitas mencurigakan atau tidak. Dari data hasil pengujian yang diperlihatkan oleh Basic Analysis and Security Engine (BASE), didapatkan bahwa intruder melakukan port scanningsebanyak 28%, TCP attack 62%, UDP attack sebanyak 1%, dan ICMP attack sebanyak 9%. Unique Alerts yang dihasilkan terbagi kepada dua kategori yaitu, unclassified sebanyak 28%dengan jumlah 74, dan attempted-dos sebanyak 72% dengan jumlah 189.Kata kunci: Jaringan Komputer, Keamanan Jaringan, Sistem Deteksi Penyusupan, NIDS,Snort, Denial of Service (DoS).This study aims to design a computer network security system by applying the Snort Intrusion Detection System (IDS). Network security system that is built integrates the Intrusion Detection System (IDS), Database System, and Monitoring System. In the test scheme, the system consists of two types, namely server and client. The server functions as a target of attack and is simultaneously used to monitor the network. While the client functions as an intruder. The attack methods applied in the test scope are Port Scanning and Denial of Service (DoS). From the results of tests that have been done, Snort-IDS is able to analyze packets that pass through the network and try to determine whether thereare data packets that contain suspicious activity or not. From the test data shown by the Basic Analysis and Security Engine (BASE), it is found that intruders do port scanning as much as 28%, TCP attacks 62%, UDP attacks as much as 1%, and ICMP attacks as much as 9%. The resulting Unique Alerts are divided into two categories, 28% unclassified with 74, and 72% attempted dosage with 189.Keywords: Computer Network, Network Security, Intrusion Detection System, NIDS,Snort, Denial of Service (DoS)