<![CDATA[Cyberattacks on government websites in Indonesia have been steadily increasing, with over 109 million incidents recorded in 2023 by the National Cyber Security Operations Center (BSSN). A Netcraft survey revealed that more than one billion websites globally face similar threats, highlighting the urgent need for improved security measures, especially given infrastructure limitations and inadequate security implementations. Approximately 51% of Micro, Small, and Medium Enterprises in Indonesia reported experiencing web attacks, with 95% stating that these attacks severely disrupted their operations. This study implements a Suricata-based Intrusion Prevention System (IPS) to protect web servers from attacks such as SQL Injection, XSS, and command injection. Suricata monitors network traffic and blocks threats in real time. Detection logs in JSON format are managed through Filebeat, processed by Logstash, stored in Elasticsearch, and visualized using Kibana. The key contribution of this research lies in designing a comprehensive set of rules and integrating all components into a single Docker container, streamlining the deployment process. Testing confirmed that the designed rules effectively detect and block attack payloads by leveraging a rule structure in suricata and nfqueue capable of identifying all suspicious traffic. The novelty of this research lies in deploying a fully operational real-time security system on low-resource computers, demonstrating effective threat management under constrained conditions.]]>
Copyrights © 2024
