Uji Penetrasi Server Universitas PQR Menggunakan Metode National Institute Of Standards And Technology (NIST SP 800-115)
DOI:
https://doi.org/10.22441/jitkom.2023.v7i1.005Keywords:
Uji Penetrasi, NIST SP 800-115, Keamanan DataAbstract
Abstract -- Ancaman keamanan serangan siber terjadi di beberapa universitas. Data penting yang terletak pada server organisasi bisa saja diretas oleh orang yang tidak berhak. Salah satu cara menghindari peretasan adalah menutup celah-celah keamanan yang dimiliki sistem. Sebelum menutup celah keamanan, tentu harus diketahui celah keamanannya, dengan melakukan pengujian seperti yang dilakukan oleh peretas, namun dengan prosedur yang telah disetujui. Pada penelitian ini dilakukan pengujian penetrasi yang bertujuan menguji kerentanan serta menemukan celah keamanan yang ada pada server universitas, sehingga nantinya dapat ditangani dengan baik oleh Universitas PQR. Pengujian menggunakan metode National Institute of Standards and Technology (NIST SP 800-115) yang terdiri dari 4 fase pengujian, yaitu planning, discovery, attack, dan reporting. Hasil yang didapatkan pada penelitian ini yaitu ditemukannya 13 kerentanan yang dapat dieksploitasi dengan rincian 2 kerentanan termasuk kategori critical yaitu Default Credentials dan PHP Unsupported Version Detection, 3 kerentanan termasuk kategori high yaitu SSL Version 2 and 3 Protocol Detection, PHP < 7.3.24 Multiple Vulnerabilities, SSL Medium Strength Cipher Suites Supported (SWEET32), 8 kerentanan termasuk kategori medium yaitu SSL Certificate Cannot Be Trusted, SSL Self-Signed Certificate, TLS Version 1.0 Protocol Detection, PHPinfo() Information Disclosure, Unencrypted Password Form, HTTP TRACE / TRACK Methods Allowed, SSL Certificate Expiry, SSL RC4 Cipher Suites Supported (Bar Mitzvah), dan 1 kerentanan adalah false positive yaitu PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability. Hasil pengujian menunjukkan bahwa server universitas masih rentan, sehingga perlu penanganan dan perbaikan kerentanannya oleh pihak Universitas PQR.References
-----. Kamus Besar Bahasa Indonesia. [Online]. Diambil pada tanggal 24 Oktober 2020 dari https://kbbi.kemdikbud.go.id/entri/universitas
Arafat, A. A. 2020. Penetration testing pada website registrar Pengelola Nama Domain Internet Indonesia (PANDI). (Bachelor's thesis, Fakultas Sains dan Teknologi Universitas Islam Negeri Syarif Hidayatullah Jakarta).
Cherdantseva, Y. & Hilton, J. 2013. A Reference Model of Information Assurance & Security. [Online] Proceedings 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp.546–555. Diambil pada tanggal 18 Mei 2021 dari 10.1109/ares.2013.72.
Christian S, R. 2018. Analisis Kerentanan Website Menggunakan Metode Nist Sp 800-115 Dan Owasp Di Diskominfo Kabupaten Bandung. (Doctoral dissertation, Universitas Komputer
Indonesia).
Ehmer, M. dan Khan, F. 2012. A Comparative Study of White Box, Black Box and Grey Box Testing Techniques. [Online]. Diambil pada tanggal 28 Juni 2021 dari International Journal of Advanced Computer Science and Applications. Vol 3. 10.14569/IJACSA.2012.030603
Janardhanudu, G. dan Wyk, K. 2013. White-box Testing. [Online]. Diambil pada tanggal 28 Juni 2021 dari https://us-cert.cisa.gov/bsi/articles/best-practices/white-box-testing/white-box-testing
Scarfone, K., Souppaya, M., Cody, A., & Orebaugh, A. 2008. Special Publication 800-115 Technical Guide to Information Security Testing and Assessment Recommendations of the National Institute of Standards and Technology. [Online]. Diambil pada tanggal 24 Oktober 2020 dari https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
Tidy, J. (2020, June 29). How hackers extorted $1.14m from a US university. BBC News. ]. Diambil pada tanggal 3 Desember 2020 dari https://www.bbc.com/news/technology-53214783
Downloads
Published
How to Cite
Issue
Section
License
The copyright to this article is transferred to Universitas Mercu Buana (UMB) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to UMB. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.
We declare that this paper has not been published in the same form elsewhere.
Furthermore, I/We hereby transfer the unlimited rights of publication of the above-mentioned paper as a whole to UMB. The copyright transfer covers the right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.
Our Articles are licensed under CC BY-NC
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
