IMPLEMENTATION OF SECURITY INFORMATION AND EVENT MANAGEMENT TO PREVENT DEFACE ATTACKS ON SERVERS INTEGRATED WITH TELEGRAM
Main Article Content
Abstract
Deface attacks are critical threats that disrupt server integrity and damage an organization's reputation. This research aims to design a Wazuh-based Security Information and Event Management (SIEM) system integrated with the Telegram Bot to detect, prevent, and provide real-time notifications against deface attacks. The method used is the Network Development Life Cycle (NDLC), which has three main stages: requirement analysis, system design, and prototype simulation. The implementation was conducted on a virtual environment using Ubuntu Server 22.04 as the Wazuh Manager and Parrot Security OS as the attack simulator. The results showed that Wazuh successfully detected three main types of attacks: File Upload Vulnerability, Remote Code Execution (RCE), and Webshell through log analysis and custom rules. Integration with Telegram Bot enables instant notification when threats are detected, along with automated responses such as directory restores, attacker IP address blocking, and proactive mitigation. Tests prior to Wazuh's implementation proved the server's vulnerability to file modification, while after implementation, the system was able to prevent illegal changes with 100% effectiveness. The conclusion of this study confirms that the combination of Wazuh SIEM and Telegram Bot improves server security through early detection, rapid response, and centralized monitoring. This solution not only reduces the risk of deface but also provides an efficient notification mechanism for administrators. Recommendations for development include adding attack variations, improving active response, and optimizing integration with other platforms.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How to Cite
References
S. Sibuea et al., “Clustering perkerjaannya . Salah satu tantangan yang dihadapi oleh perusahaan atau instansi skala besar,” vol. 10, no. 1, pp. 330–345, 2024.
W. P. Putra, R. Burjulius, M. Anis, A. Hilmi, and A. Sumarudin, “Implementasi Sistem Manajemen Log untuk Penanggulangan Serangan Server dengan SIEM”, doi: 10.37817/ikraith-informatika.v8i3.
R. Aditya, Y. Muhyidin, and D. Singasatia, “Implementasi Security Information And Event Management ( SIEM ) Untuk Monitoring Keamanan Server Menggunakan Wazuh Program Studi Teknik Informatika , Sekolah Tinggi Teknologi Wastukancana , Indonesia penerapan sistem keamanan yang mampu mendeteksi dan men,” vol. 2, no. 5, pp. 137–145, 2024.
D. Lesmideyarti, Q. Hidayati, T. Retno Nugroho, J. Teknik Elektro, J. Perhotelan, and P. Negeri Balikpapan, “Perancangan Infrastruktur dan Implementasi Web Server Untuk Website Sekolah Sebagai Media Informasi dan Komunikasi di SMP PJHI Balikpapan,” 2023.
M. O. Hoshmand, S. Ratnawati, and E. P. Korespondensi, “Analisis Keamanan Infrastruktur Teknologi Informasi dalam Menghadapi Ancaman Cybersecurity,” J. Sains dan Teknol., vol. 5, no. 2, pp. 679–686, 2023, [Online]. Available: https://doi.org/10.55338/saintek.v5i2.2347
M. Hafiz and B. Soewito, “Information Security Systems Design Using SIEM, SOAR and Honeypot,” J. Pendidik. Tambusai, vol. 6, no. 2, pp. 15913–15926, 2022, [Online]. Available: https://jptam.org/index.php/jptam/article/view/4898
H. Khotimah, F. Bimantoro, and R. S. Kabanga, “Implementasi Security Information And Event Management (SIEM) Pada Aplikasi Sms Center Pemerintah Daerah Provinsi Nusa Tenggara Barat,” J. Begawe Teknol. Inf., vol. 3, no. 2, 2022, doi: 10.29303/jbegati.v3i2.752.
S. A. Hidayat, “Implementasi Intrusion Detection System Dalam Upaya Pencegahan Cyber Attack,” 2024.
M. Nas, F. Ulfiah, U. Putri, T. Elektro, P. Negeri, and U. Pandang, “Analisis Sistem Security Information and Event Management (SIEM) Aplikasi Wazuh pada Dinas Komunikasi Informatika Statistik dan Persandian Sulawesi Selatan,” J. Teknol. Elekterika, vol. 20, no. 2, 2023.
E. Aripilahi, Khairil, Abdussalam, and A. Akbar, “Application Of Wazuh To Conduct Monitoring Network Security System (Case Study Of SMK N 1 Bengkulu City) Penerapan Wazuh Untuk Melakukan Monitoring Sistem Keamanan Jaringan (Studi Kasus SMKN 1 Kota Bengkulu).”
W. Abidian and M. A. Setiawan, “Implementasi Splunk dalam Membangun Security Information and Event Management Berdasarkan Log Firewall (studi kasus: Jaringan UII),” Automata, 2021, [Online]. Available: https://journal.uii.ac.id/AUTOMATA/article/view/17329%0Ahttps://journal.uii.ac.id/AUTOMATA/article/viewFile/17329/10908
M. A. Fahrudi and I. M. Suartana, “Integrasi End-point Security Berbasis Agent dan Bot Messenger untuk Deteksi dan Monitoring Serangan pada Web Server secara Real-time,” J. Informatics Comput. Sci., 2023, doi: 10.26740/jinacs.v4n03.p275-282.
H. Dyan Heluka and W. Sulistyo, “Perancangan Dan Implementasi Security Information and Event Management (SIEM) pada Layanan Virtual Server,” J. Ilm. Komput., vol. 19, no. 2, pp. 912–922, 2023.
M. Wahyu, A. S. Fitrani, and H. Hindarto, “Penerapan Bot Telegram untuk Sistem Monitoring Jaringan Intranet Daerah di Instansi Pemerintahan,” Infotek J. Inform. dan Teknol., vol. 7, no. 1, pp. 112–122, Jan. 2024, doi: 10.29408/jit.v7i1.24014.
S. P. Rahayu and I. G. L. P. E. Prismana, “Implementasi Monitoring Manajemen Jaringan Dengan Software The Dude Berbasis Telegram Messenger,” J. Informatics Comput. Sci., vol. 4, no. 01, pp. 19–25, 2022, doi: 10.26740/jinacs.v4n01.p19-25.