ANALYSIS AND EVALUATION SNORT, BRO, AND SURICATA AS INTRUSION DETECTION SYSTEM Analysis And Evaluation Snort, Bro, And Suricata As Intrusion Detection System Based On Linux Server.

(1)

ANALYSIS A

AND EVALUATION SNORT, B

AS INTRUSION DETECTION S

BASED ON LINUX SERVER

FINAL PROJECT REPORT

mitted as One of Fulfillment of the Requiremen ting Bachelor Degree in Department of Informa

(2)

(3)

(4)

(5)

“Life is not fo

“Indeed, those who beneath w

v

MOTTO

t for pleasure but looking for a change for a bett ( Arba’atin)

ho have believed and done righteous deeds will th which rivers flow. That is the great attainmen

(Qs. Al Buruj:11)

etter life “

(6)

vi

DEDICATION

As my thankful, the author dedicated this final project to:

1. My lovely parents, Mr. Widodo and Mrs. Siti Aminah for the unlimited love, every advices, every pray that always given to me to be successful person and also for the support that never unforgettable.

2. My lovely brother and sister; Artati, Kosim, Ami and Listanto that always give me the best support.

3. My beloved, Nur Fajarwati Halimah that always be my dearest supporter, friend of discussion, sharing, and my best future.

4. My classmates in class A; Rijal, Novel, Galuh, Sofyan, Septiawan, Budi and Ida. My friends that accompany me in the happiness and sadness for 4 years.

5. My MATIKEP’s friends (Mahasiswa TI Kelas E Punya), my friends in the early study in college.

6. My HIMATIF UMS’s friends, the first place that the author recognize organization of development myself.

7. The big family in Informatics Engineering Department – UMS, Laboratory of Informatics Engineering Department – UMS and all of my practicum friends for the all valuable thing that given to me.

8. The big family of IT-UMS and IT-Helpdesk that always give me the support and the place for sharing.

(7)

vii

ACKNOWLEDGEMENT

Praise be to Allah the Almighty who has given His blessing so that the author can finally finished this final project report entitled “ANALYSIS AND EVALUATION SNORT, BRO, AND SURICATA AS INTRUSION DETECTION SYSTEM BASED ON LINUX SERVER” as one of fulfillment in achieving the Bachelor Degree of Informatics Engineering Department.

The author realizes that this final project report could not be achieved without the help and assistance from others. Therefore, in this occasion the author would give her appreciation to the individuals and institutions who have given their help during the process of writing so that this final project report is finally finished. She would like to express her deepest gratitude to the following:

1. Mr. Husni Thamrin, S.T MT, Ph.D as Dean of Faculty of Communications and Informatics, Universitas Muhammadiyah Surakarta.

2. Mr. Dr. Heru Supriyono, S.T M.Sc. as Head of Department of Informatics, Universitas Muhammadiyah Surakarta.

3. Mrs. Endah Sudarmilah, S.T, M.Eng as the Academic Advisor along the study.

(8)

viii

5. All the lecturer and employees of Informatics Engineering Department for the help and knowledge that given to author along the study. So, the author gets the bachelor degree.

6. My parents that always give me the pray, support and motivation to the author.

7. Everyone that can’t be mentioned one by one that help the author finished the final project.

At last but definitely not least, hopefully this final project report will be a beneficial contribution to the future research.

Surakarta, May 2014

(9)

ix

TABLE OF CONTENTS ... viii

LIST OF TABLES...xiv

LIST OF FIGURES ... xv

ABSTRACT ... xviii

CHAPTER I: INTRODUCTION ... 1

A. Background of the Study ... 1

B. Problem Statement ... 2

C. Limitation of the Study ... 2

D. Objective of the Study ... 3

E. Benefit of the Study ... 3

F. Systematical of Writing ... 4

CHAPTER II: REVIEW OF LITERATURE ... 5

A. Research Study ... 5

(10)

x

1. Network Security ... 6

2. Linux Ubuntu ... 7

3. Intrusion Detection System ... 8

4. Snort ... 11

5. Bro ... 12

6. Suricata ... 13

7. Malware... 14

CHAPTER III: RESEARCH METHOD ... 15

A. Time and Place ... 15

B. Tools ... 15

1. Software ... 15

2. Hardware ... 16

C. Research Method ... 16

1. Ubuntu Server Installation ... 22

2. Installing Supporting System ... 24

3. Installing and Configuring Snort ... 26

4. Installing and Configuring Bro ... 27

5. Installing and Configuring Suricata ... 27

CHAPTER IV: RESULTS AND DISCUSSION ... 28

A. Research Result ... 28

1. Scanning ... 28

2. Penetration... 29

(11)

xi

4.Warning Detection ... 34

B. Discussion ... 38

CHAPTER V: CONCLUSION AND SUGGESTION ... 41

5.1 Conclusions ... 41

5.2 Suggestions ... 41

BIBLIOGRAPHY ... 42

(12)

xii

LIST OF TABLES

Table 3.1 : Hardware Spesification to test IDS ... 16

Table 3.2 : Package which is needed by IDS ... 24

Table 4.1 : Event of Snort ... 35

Table 4.2 :Event of Suricata ... 37

(13)

xiii

Figure 3.4 : The Process to chose a software in Ubuntu server installation ... 22

(14)

xiv

Figure 4.12 : Suricata alert ... 36

Figure 4.13 : Log Snort ... 39

Figure 4.14 : Suricata Log ... 39

(15)

xv

ABSTRACT

Security and confidentiality of data on computer networks is currently a problem that continues to grow. Installation of firewalls, antivirus, IDS (Intrusion Detection System) / IPS (Intrusion Prevention System) and various other security applications often require the best available installation cost is not small. Open source is the best solution to address the security issues that expensive. Intrusion Detection System is a system designed to collect information about the activities in the network, analyzing information, and give a warning. Snort, Bro and Suricata is an open source Intrusion Detection System. By comparing how the installation, configuration, warnings are displayed, and the resulting information can to know the advantages and disadvantages of snort Snort, Bro and Suricata as Intrusion Detection System. ease to install and update rule, Bro requires the least amount of resources.