IDS Implementation and Security Analysis on the Public Cloud Network using RouterOS and Alert Notification with Instant Messaging

Published: 08-01-2021| Version 1 | DOI: 10.17632/5hdsndgrpb.1
Contributors:
Ekky Rega Prabowo,
Marza Ihsan Marzuki

Description

Cyberattacks have a significant impact on network performance in the public cloud. Sysadmin must be prepared to handle any attacks on the server urgently needed to prevent attacks that may interfere with the public cloud network's performance. A system is required to detect and provide early warning against any cyberattacks. This detection method is called Intrusion Detection System (IDS). This research has succeeded in improving ids network security by adding notification alerts with instant messaging capable of detecting IcmpFlooding, PortScanning, and HttpFlooding attacks. Response time of notification alert delivery in 10x the experiment of each attack obtained an average result of 21.5 seconds for IcmpFlooding, 26 seconds for PortScanning, and 29.8 seconds HTTP flooding, this response following ISO standard 27001:2013 point A.13.1.1 NetworkControls, where IDS and alert notification detect and provide valid and realtime warnings. This is expected to help sysadmin perform the next action handling against threats on the public cloud network.

Files

Steps to reproduce

This research consists of several stages has a flow of research that delivers research problems to research objectives through methodology of model action research. The author identifies the main problems/threats in literature has been collected and then analyzes the shortcomings, after which the next stage is carried out, among others: Hardware and Software Design, System Design (in the design, a flowchart design explains the flow of IDS implementation integrated by instant messaging that is being researched). After studying supporting theories and designing research designs. Furthermore, there are several scenarios, among others: 1.Creation of VM attacker, IDS, and target VM and the instant messaging application as a research object. 2. Configure data security. After the implementation stage is the continued process of testing the security system that has been created by the author by conducting a variety of testing scenarios as follows: 1.Testing the system with a wide range of attack techniques such as Icmp Flood, Port Scanning, and HTTP Flood. 2. Integrate alert monitoring in real-time to administrators. The results at the test stage of 3 attacks carried out on VM targets after ids implementation in the public cloud and integrated with instant messaging applications generate information test results that have been done can be analyzed that any rule that RouterOS has configured can detect the threat sent and able to store the history log IP address long storage depending on the needs of system administrators. Then the tagging configuration that has been done from each rule, system administrators can know the type of attack. Based on the response analysis results of notification delivery time conducted in 10x experiments, each attack obtained results close to realtime, including ICMP Flooding 21.5 seconds, Port Scanning 26 seconds, and HTTP Flooding 29.8 seconds.