<![CDATA[The security of campus digital services has become increasingly critical due to the rising intensity of automated attacks such as brute-force attempts, vulnerability scanning, and file upload exploitation targeting web-based administrative systems. The eOffice server of Universitas HKBP Nommensen, which serves as the central platform for document management and official correspondence, is also exposed to such threats. This study aims to enhance server security by implementing a defense-in-depth hardening strategy on Apache 2.4. The methodology includes the activation of TLS 1.3 for modern encrypted communication, the implementation of OWASP-compliant security headers, directory isolation to restrict malicious file execution, and the deployment of Fail2ban as a log-based Intrusion Prevention System (IPS) using a multi-jail approach. Evaluation was conducted using SSL Labs, SecurityHeaders.com, and attack log analysis. The results demonstrate significant improvements, highlighted by an upgrade in SSL rating from grade B to A+ and an increase in Security Headers rating to Grade A. In addition, the implemented IPS proved effective in detecting and mitigating automated attacks in real time. In conclusion, the combination of Apache hardening, modern TLS configuration, and log-based intrusion prevention significantly enhances the resilience of eOffice services and can be readily replicated by other institutions with limited resources.]]>
Copyrights © 2025
