Vulnerability Mapping pada Jaringan Komputer di Universitas X

Authors

  • Devi Christiani Angir Program Studi Teknik Informatika
  • Agustinus Noertjahyana Program Studi Teknik Informatika
  • Justinus Andjarwirawan Program Studi Teknik Informatika

Keywords:

Family bussines, Good Corporate Governance.

Abstract

X University is now growing increasingly large and has a wide variety of information systems to run its operations. One of the most important servers in X University is www.xyz.ac.id. That URL is one of the URLs that are frequented by the public outside to get to know closer about X University in general. Security of web server is usually a matter of an administrator. Sometimes, security issues or server application system and the importance of securing web server neglected only realized after the disaster. Without a good security application systems, the application of technology would be very dangerous as good as any institution or organization itself. Therefore, it takes a server security evaluation and conduct vulnerability mapping to be wary of the security server.

Based on the background of the problem, it is necessary to evaluate by using penetration testing. In addition, this study also uses the guidelines of the module CEH (Certified Ethical Hacker) and the official web Acunetix. Testing of this thesis is aimed to find the weaknesses of existing servers. Some problems were found after testing, among others: the weaknesses found pretty much where any weaknesses have different handling, ports should not be open even open, and less important public IP should not be open.

The solution provided to overcome these problems include: the use of Acunetix standards can be maintained and continued, testing will be done more than one time, to upgrade web server to a newer version periodically, to filter the existing port, increasing the level of web security server, periodic maintenance, and security testing regularly and periodically, either by consulting the relevant field or using a guide (like Acunetix, CEH, OWASP).

References

[1] Certified Ethical Hacker v7. 2012. Module 02 – Footprinting and Reconnaissance. CEH_V7_Module_01.pdf.

[2] Certified Ethical Hacker v7. 2012. Module 03 – Scanning Networks. CEH_V7_Module_03.pdf..

[3] Certified Ethical Hacker v7. 2012. Module 04 – Enumeration. CEH_V7_Module_04.pdf.

[4] Certified Ethical Hacker v7. 2012. Module 19 – Penetration Tetsing. CEH_V7_Module_19.pdf.

[5] Dr. Eric Cole, Dr. Ronald Krutz, and James W. Conley. 2009. Network Security Bible. USA: Wiley Publishing Inc.

[6] Rafiuddin, R. 2010. Manajemen Website dan WWW server. Jakarta: Andi Publisher.

[7] Rusli, H. 2014. Analysis and Implementation of Operational Security Management on Computer Center, Petra Christian University. Surabaya: Universitas Kristen Petra.

[8] S’to. 2010. CEH Certified Ethical Hacker 100% Illegal. Jakarta: Jasakom.

[9] Sadikin, R. 2012. Kriptografi Untuk Keamanan Jaringan. Jakarta: Andi Publisher.

[10] “Certified Ethical Hacker”. Retrieved March 12, 2015 from http://it.proxsisgroup.com/2015/01/mengenal-certified-ethical-hacking-ceh/.

[11] “Pengertian TTL”. Retrieved March 2, 2015 from http://rizkyagung.com/apa-itu-time-to-live-ttl-pengertian-dan-penjelasan-ttl/.

[12] “Penjelasan Port”. Retrieved March 2, 2015 from http://jamboaufa.net/port-nomor-dan-fungsinya-pada-jaringan-komputer/.

[13] “Vulnerability Level Acunetix”. Retrieved January 5, 2015 from http://www.acunetix.com/support/docs/wvs/analyzing-scan-results/.

[14] “Vulnerability Scanning”. Retrieved March 2, 2015 from http://www.acunetix.com/vulnerabilities/severity.

Downloads

Published

2015-08-14

Issue

Section

Articles