Setyo, Moch. Shaladin Rangga (2023) Implementasi SIEM (Security Information & Event Management) Menggunakan Wazuh & Suricata Untuk Monitoring Dalam Lingkup Departemen Teknologi Informasi Institut Teknologi Sepuluh Nopember. Other thesis, Institut Teknologi Sepuluh Nopember.
Text
05311940000029-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only until 1 October 2025. Download (8MB) | Request a copy |
Abstract
Badan Siber dan Sandi Negara (BSSN) mencatat terdapat peningkatan serangan siber sepanjang tahun 2021 sampai 2022. Badan akademi perlu menaati beberapa peraturan seputar keamanan informasi yang berhubungan dengan CIA Triad. Oleh karena itu diperlukan sebuah sistem keamanan yang mampu merespons insiden keamanan. Sistem SIEM mengumpulkan log dan peristiwa dari berbagai sumber untuk membantu tim CSIRT menjalankan tupoksinya. Di dalam arsitektur yang ada pada Departemen Teknologi Informasi ITS, Wazuh Server diinstal pada perangkat virtual Openstack. Wazuh Agent diinstal pada seluruh komputer yang ada pada Laboratorium KCKS dan SOC. Komunikasi antara Wazuh Agent dan Wazuh Server menggunakan protokol komunikasi Wazuh, yang menjaga kerahasiaan dan integritas data yang dikirimkan. Pada sistem NIDS yang diterapkan, Suricata dipasang pada perangkat yang membaca lalu lintas pada switch dengan fitur port-mirroring. Integrasi Wazuh dengan Suricata dilakukan melalui Wazuh Agent pada perangkat Suricata agar dapat berkomunikasi dan data yang dihasilkan Suricata dapat ditampilkan pada Wazuh Dashboard. Rule dan policy tambahan dikonfigurasikan pada sistem yang telah diterapkan untuk memberikan keamanan tambahan terhadap ancaman dan kerentanan. Didapatkan hasil bahwa dalam rentang waktu 30 hari (21 Mei 2023 - 21 Juni 2023) didapati total 479,318 peringatan dengan peringatan level 12 ke atas sebanyak 802 peringatan. Sehingga persentase peringatan berbahaya dibanding total peringatan sebesar 0,167%. Wazuh menyediakan fitur Pemantauan Kebijakan dan Penilaian Konfigurasi Keamanan untuk membantu organisasi menilai tingkat kepatuhan terhadap kebijakan dan standar keamanan. Wazuh juga memiliki fitur untuk mendeteksi kerentanan pada perangkat, Wazuh juga membagi jenis jenis peringatan serangan berdasar kerangka MITRE ATT&CK. Wazuh menawarkan fitur Regulatory Compliance untuk membantu organisasi memenuhi berbagai persyaratan keamanan dan kepatuhan khusus industri diantaranya adalah PCI DSS, GDPR, HIPAA, NIST 800-53, dan TSC. Dari hasil pengujian serangan pada website yang dilakukan, Wazuh berhasil mendeteksi serangan yang terjadi melalui peringatan pada laman Peristiwa Keamanan. Suricata juga menghasilkan peringatan selama pengujian menggunakan tool testmynids.
===============================================================================================================================
The National Cyber and Crypto Agency (BSSN) noted an increase in cyberattacks from 2021 to 2022. The academy needs to comply with several regulations around information security related to the CIA Triad. Therefore, a security system capable of responding to security incidents is needed. The SIEM system collects logs and events from various sources to help the CSIRT team perform its duties. In the existing architecture of the ITS Information Technology Department, Wazuh Server is installed on an OpenStack virtual appliance. Wazuh Agent is installed on all computers in the KCKS and SOC Laboratories. Communication between Wazuh Agent and Wazuh Server uses the Wazuh communication protocol, which maintains the confidentiality and integrity of the transmitted data. In the implemented NIDS system, Suricata is installed on a device that reads traffic on a switch with a port-mirroring feature. The integration of Wazuh with Suricata is done through the Wazuh Agent on the Suricata device to communicate. Data generated by Suricata can be displayed on the Wazuh Dashboard. Additional rules and policies are configured on the system that has been implemented to provide additional security against threats and vulnerabilities. It was found that in a span of 30 days (May 21, 2023 - June 21, 2023) there were a total of 479,318 alerts with 802 level 12 and above alerts. So that the percentage of dangerous warnings compared to the total warnings is 0.167%. Wazuh provides Policy Monitoring and Security Configuration Assessment features to help organizations assess the level of compliance with security policies and standards. Wazuh also has a feature to detect vulnerabilities on devices, Wazuh also divides the types of attack alert types based on the MITRE ATT&CK framework. Wazuh offers Regulatory Compliance features to help organizations meet various industry-specific security and compliance requirements including PCI DSS, GDPR, HIPAA, NIST 800-53, and TSC. From the results of the website attack testing conducted, Wazuh successfully detected the attacks that occurred through alerts on the Security Events page. Suricata also generated alerts during testing using the testmynids tool.
Item Type: | Thesis (Other) |
---|---|
Uncontrolled Keywords: | Pemantauan, Peringatan, SIEM, Suricata, Wazuh, Monitoring, Alert, SIEM, Suricata, Wazuh |
Subjects: | Q Science > QA Mathematics > QA76.9.A25 Computer security. Digital forensic. Data encryption (Computer science) |
Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis |
Depositing User: | Moch. Shaladin Rangga Setyo |
Date Deposited: | 28 Aug 2023 02:28 |
Last Modified: | 28 Aug 2023 02:28 |
URI: | http://repository.its.ac.id/id/eprint/101897 |
Actions (login required)
View Item |