ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

CITRA ARFANUDIN, Bambang Sugiantoro, Yudi Prayudi

Abstract


Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

Keywords


SIEM; Network Security; Forensic; KAMI

Full Text:

PDF

References


Anastasov, I., & Davcev, D. (2014). SIEM implementation for global and distributed environments. In 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014. https://doi.org/10.1109/WCCAIS.2014.6916651

Arsyam, K. (2016). Implementasi Manajemen Keamanan Jaringan Menggunakan Open Source Security Information Management (OSSIM). Retrieved from https://repository.telkomuniversity.ac.id/pustaka/121650/implementasi-manajemen-keamanan-jaringan-menggunakan-open-source-security-information-management-ossim-.html

Bachane, I., Adsi, Y. I. K., & Adsi, H. C. (2017). Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. In Proceedings - 2016 3rd International Conference on Systems of Collaboration, SysCo 2016. https://doi.org/10.1109/SYSCO.2016.7831327

Dairinram, P., Wongsawang, D., & Pengsart, P. (2013). SIEM with LSA technique for Threat identification. In 2013 19th IEEE International Conference on Networks (ICON) (pp. 1–6). https://doi.org/10.1109/ICON.2013.6781951

Gartner. (2016). Security Information and Event Management (SIEM) - Gartner IT Glossary. Retrieved from http://www.gartner.com/it-glossary/security-information-and-event-management-siem/

Hadiansyah, C., & Iskandar Ikbal. (2017). Pembangunan Server Security Information Management Untuk Monitoring Keamanan Di Server Diskominfo Provinsi Jawa Barat.

Irfan, M., Abbas, H., & Iqbal, W. (2015). Feasibility analysis for incorporating/deploying SIEM for forensics evidence collection in cloud environment. In 2015 IEEE/ACIS 14th International Conference on Computer and Information Science, ICIS 2015 - Proceedings (pp. 15–21). https://doi.org/10.1109/ICIS.2015.7166563

McAfee, Beek, C., Frosst, D., Greve, P., Gund, Y., Moreno, F., … Weafer, V. (2017). McAfee Labs Threats Report April 2017. Santa Clara.

Pratama, A., Wijaya, A., & D, R. N. H. (2016). Penerapan Network

Monitoring Menggunakan Security Information And Event Management (Siem) Berbasis Open Source Di Universitas Bina Darma Palembang.

Rihal, M., & Purnamasari, P. D. (2010). Implementasi dan Analisa Security Information Management Menggunakan OSSIM Pada Sebuah Perusahaan. universitas indonesia. Retrieved from http://lib.ui.ac.id/file?file=digital/20249100-R031079.pdf

Vendy Djunaidi, rifqy, supriomanto W., & Roestam, R. (2014). Analisis Dan Perancangan Sistem Monitoring Jaringan Dengan Memanfaatkan Ossim Alientvault Pada Pt.Metalogix Infolink Persada.

Vianello, V., Gulisano, V., Jimenez-Peris, R., Patiño-Martínez, M., Torres, R., Díaz, R., & Prieto, E. (2013). A scalable SIEM correlation engine and its application to the olympic games it infrastructure. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 (pp. 625–629). https://doi.org/10.1109/ARES.2013.82




DOI: http://dx.doi.org/10.14421/csecurity.2019.%25x

Refbacks

  • There are currently no refbacks.


Copyright (c) 2019 CITRA ARFANUDIN, Bambang Sugiantoro, Yudi Prayudi

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

ISSN: 2615-8442