ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX
Keywords:SIEM, Network Security, Forensic, KAMI
AbstractInformation security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology
Anastasov, I., & Davcev, D. (2014). SIEM implementation for global and distributed environments. In 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014. https://doi.org/10.1109/WCCAIS.2014.6916651
Arsyam, K. (2016). Implementasi Manajemen Keamanan Jaringan Menggunakan Open Source Security Information Management (OSSIM). Retrieved from https://repository.telkomuniversity.ac.id/pustaka/121650/implementasi-manajemen-keamanan-jaringan-menggunakan-open-source-security-information-management-ossim-.html
Bachane, I., Adsi, Y. I. K., & Adsi, H. C. (2017). Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. In Proceedings - 2016 3rd International Conference on Systems of Collaboration, SysCo 2016. https://doi.org/10.1109/SYSCO.2016.7831327
Dairinram, P., Wongsawang, D., & Pengsart, P. (2013). SIEM with LSA technique for Threat identification. In 2013 19th IEEE International Conference on Networks (ICON) (pp. 1–6). https://doi.org/10.1109/ICON.2013.6781951
Gartner. (2016). Security Information and Event Management (SIEM) - Gartner IT Glossary. Retrieved from http://www.gartner.com/it-glossary/security-information-and-event-management-siem/
Hadiansyah, C., & Iskandar Ikbal. (2017). Pembangunan Server Security Information Management Untuk Monitoring Keamanan Di Server Diskominfo Provinsi Jawa Barat.
Irfan, M., Abbas, H., & Iqbal, W. (2015). Feasibility analysis for incorporating/deploying SIEM for forensics evidence collection in cloud environment. In 2015 IEEE/ACIS 14th International Conference on Computer and Information Science, ICIS 2015 - Proceedings (pp. 15–21). https://doi.org/10.1109/ICIS.2015.7166563
McAfee, Beek, C., Frosst, D., Greve, P., Gund, Y., Moreno, F., … Weafer, V. (2017). McAfee Labs Threats Report April 2017. Santa Clara.
Pratama, A., Wijaya, A., & D, R. N. H. (2016). Penerapan Network
Monitoring Menggunakan Security Information And Event Management (Siem) Berbasis Open Source Di Universitas Bina Darma Palembang.
Rihal, M., & Purnamasari, P. D. (2010). Implementasi dan Analisa Security Information Management Menggunakan OSSIM Pada Sebuah Perusahaan. universitas indonesia. Retrieved from http://lib.ui.ac.id/file?file=digital/20249100-R031079.pdf
Vendy Djunaidi, rifqy, supriomanto W., & Roestam, R. (2014). Analisis Dan Perancangan Sistem Monitoring Jaringan Dengan Memanfaatkan Ossim Alientvault Pada Pt.Metalogix Infolink Persada.
Vianello, V., Gulisano, V., Jimenez-Peris, R., Patiño-Martínez, M., Torres, R., Díaz, R., & Prieto, E. (2013). A scalable SIEM correlation engine and its application to the olympic games it infrastructure. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 (pp. 625–629). https://doi.org/10.1109/ARES.2013.82
How to Cite
Copyright (c) 2019 CITRA ARFANUDIN, Bambang Sugiantoro, Yudi Prayudi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.