Perancangan Dan Implementasi Security Information and Event Management (SIEM) pada Layanan Virtual Server
Abstract
Devices accessible through the Internet have provided incredible convenience and connectivity in everyday life. However, the reality is that the device is also an attractive target for bad actors. Security threats such as malware attacks, computer virus attacks, and other cyberattacks can easily attack devices connected to the Internet. To overcome these challenges, effective and sophisticated solutions are needed. SIEM is a security platform that combines security information management (SIM) and security event management technology. (SEM). SIEM Works by collecting logs from various sources and then normalizing and aggregating log event data that is then processed using contextual parameters contained in SIEM collected from various internal and external endpoint devices such as Operating systems and network devices. The research is aimed at implementing the Wazuh SIEM with the primary objective of centralizing logs to quickly detect attacks on VPS, especially web application attacks and SSH protocol attacks. With the final results of SIEM implementation, log data from each application can be decentralized and visualized in a dashboard, and SIEM is able to detect attacks on previously undetected web applications and SSH protocols.
Keyword: Security Operation Center; SIEM; Open Source; Wazuh;
Abstrak
Perangkat yang dapat diakses melalui jaringan internet telah memberikan kenyamanan dan konektivitas yang luar biasa dalam kehidupan sehari-hari. Namun, kenyataannya adalah bahwa perangkat tersebut juga menjadi sasaran menarik bagi para aktor jahat. Ancaman keamanan seperti serangan malware, serangan virus komputer, dan serangan Siber lainnya dapat dengan mudah menyerang perangkat yang terhubung ke internet. Untuk mengatasi tantangan ini, diperlukan solusi yang efektif dan canggih. Security Information and Event Management (SIEM) merupakan platform keamanan yang menggabungkan teknologi Security Information Management (SIM) dan Security Event Management (SEM). SIEM Bekerja dengan cara mengumpulkan log dari berbagai sumber kemudian menormalisasi dan mengagregasi data peristiwa log yang kemudian diproses menggunakan parameter kontekstual yang terdapat di dalam SIEM, yang dikumpulkan dari berbagai sumber internal dan eksternal perangkat Endpoint seperti Sistem Operasi, kontainer, dan perangkat jaringan. Penelitian ini bertujuan untuk mengimplementasikan SIEM Wazuh dengan tujuan utama yaitu melakukan sentralisasi log untuk mendeteksi dengan cepat serangan pada VPS, terutama pada serangan aplikasi web dan serangan pada protokol SSH. Dengan hasil akhir implementasi SIEM, data log dari setiap aplikasi dapat disentralisasi dan divisualisasikan dalam sebuah dashboard, serta SIEM mampu mendeteksi serangan pada aplikasi web dan protokol SSH yang sebelumnya tidak terdeteksi.
Kata kunci: Security Operation Center; SIEM; Open Source; Wazuh
References
J. Nie, “A study on the application cost of server virtualisation,” in Proceedings - 9th International Conference on Computational Intelligence and Security, CIS 2013, 2013, pp. 807–811. doi: 10.1109/CIS.2013.176.
Bojana Vilendečić, Ratko Dejanović, and Predrag Ćurić, “The Impact of Human Factors in the Implementation of SIEM Systems,” J. of Electrical Engineering, vol. 5, no. 4, Jul. 2017, doi: 10.17265/2328-2223/2017.04.004.
G. González-Granadillo, S. González-Zarzosa, and R. Diaz, “Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, Jul. 2021, doi: 10.3390/s21144759.
IBM,“What is Security Information and Event Management (SIEM)? ” IBM, 2022, [Online]. https://www.ibm.com/id-en/topics/siem [Diakses 18 Januari 2023].
Wasuh,“Wazuh documentation.”Wazuh, 2023, [Online]. Tersedia: https://documentation.wazuh.com/current/index.html [Diakses: Desember 14 2022].
M. . Hafiz and B. . Soewito, “Information Security Systems Design Using SIEM, SOAR and Honeypot”, jptam, vol. 6, no. 2, pp. 15913–15926, Jul. 2022, doi: 10.31004/jptam.v6i2.4898.
R. M. Muhammad, I. Dyah Irawati, and M. Iqbal, “Integrated Security System Implementation for Network Intrusion,”Journal of Hunan University(Natural Sciences)., Vol.48, No.6, June 2021.
Muhammad Adabi Raihan, “Sistem Security Information & Event Management (SIEM) untuk Live Analysis berbasis Machine Learning pada Intrusion Detection System (IDS),”e-Proceeding of Engineering., Vol.9, No.4, p.1985 2022.
S. G. P. Stefan Stankovic, “A Review Of Wazuh ToolCapabilities for Detecting Attacks Based on Log Analysis,” Proceedings, Ix International Conference Icetran, Novi Pazar, Serbia, 6 - 9. june 2022.
H. Zahid, S. Hina, M. F. Hayat, and G. A. Shah, “Agentless Approach for Security Information and Event Management in Industrial IoT,” Electronics, vol. 12, no. 8, p. 1831, Apr. 2023, doi: 10.3390/electronics12081831.
M. Sheeraz et al., “Effective Security Monitoring Using Efficient SIEM Architecture,” Human-centric Computing and Information Sciences, vol. 13, p. 17, 2023, doi: 10.22967/HCIS.2023.13.017.
K. Kent dan M. Souppaya, “Guide to Computer Security Log Management,” NIST SP 800-92, 13 September 2006, doi: 10.6028/NIST.SP.800-92. Kent and M. Souppaya, “Special Publication 800-92 Guide to Computer Security Log Management Recommendations of the National Institute of Standards and Technology.” , doi: 10.6028/NIST.SP.800-92
AbuseIPDB, “AbuseIPDB - IP address abuse reports,”AbuseIPDB, 2023. [Online]. Tersedia: https://.abuseipdb.com [Diakses:January 25, 2023].
Avira, “What is a SIEM? Definition & Explanation.”, Avira, 9 February 2023, [Online]. Tersedia: https://www.avira.com/en/blog/your-beginners-guide-security-information-and-event-management-siem [Diakses: 5 Maret 2023].
Miller, D. R., Harris, S., Harper, A. A., VanDyke, S., & Blask, C. Security Information and Event Management (SIEM) Implementation. New YorkNew York: McGraw-Hill.2010.
How To Cite This :
Refbacks
- There are currently no refbacks.