Hardening Keamanan Server eOffice Apache dengan TLS 1.3 dan Fail2ban

Parulian Parulian; Baringin Sianipar; Danny Sihombing

doi:10.70340/jirsi.v5i2.348

Authors

Parulian Parulian Universitas HKBP Nommensen
Baringin Sianipar Universitas HKBP Nommensen
Danny Sihombing Universitas HKBP Nommensen

DOI:

https://doi.org/10.70340/jirsi.v5i2.348

Keywords:

Web Security; Apache Hardening; TLS 1.3; Security Headers; Fail2ban; Intrusion Prevention System (IPS)

Abstract

The security of campus digital services has become increasingly critical due to the rising intensity of automated attacks such as brute-force attempts, vulnerability scanning, and file upload exploitation targeting web-based administrative systems. The eOffice server of Universitas HKBP Nommensen, which serves as the central platform for document management and official correspondence, is also exposed to such threats. This study aims to enhance server security by implementing a defense-in-depth hardening strategy on Apache 2.4. The methodology includes the activation of TLS 1.3 for modern encrypted communication, the implementation of OWASP-compliant security headers, directory isolation to restrict malicious file execution, and the deployment of Fail2ban as a log-based Intrusion Prevention System (IPS) using a multi-jail approach. Evaluation was conducted using SSL Labs, SecurityHeaders.com, and attack log analysis. The results demonstrate significant improvements, highlighted by an upgrade in SSL rating from grade B to A+ and an increase in Security Headers rating to Grade A. In addition, the implemented IPS proved effective in detecting and mitigating automated attacks in real time. In conclusion, the combination of Apache hardening, modern TLS configuration, and log-based intrusion prevention significantly enhances the resilience of eOffice services and can be readily replicated by other institutions with limited resources.

Downloads

Download data is not yet available.

References

I. Agranat, D. Steinberg, and D. Zilberman, “Modern approaches to TLS 1.3 deployment in enterprise environments,” Journal of Network Security, vol. 18, no. 4, pp. 221–234, 2021.

M. Al-Faruq and T. Rahman, “Application of reverse proxy for mitigating automated web attacks in higher education institutions,” International Journal of Cybersecurity and Digital Forensics, vol. 11, no. 3, pp. 44–57, 2022.

Apache Software Foundation, “Apache HTTP Server 2.4 Documentation,” 2023. [Online]. Available: https://httpd.apache.org/docs/

R. Baker and T. Johnson, “Evaluation of HTTP security headers for improving web application defense,” Journal of Web Engineering, vol. 19, no. 7, pp. 1125–1141, 2020.

Cloudflare Inc., “Application Security Architecture: Zero Trust and Reverse Proxy Design,” 2024.

R. Dewi and S. Anwar, “Implementation of Fail2ban intrusion prevention system on Linux-based web servers,” Journal of Information System Security, vol. 9, no. 2, pp. 73–82, 2021.

N. Ferguson, Cryptographic Protocols: Understanding TLS 1.3 Modern Security. Addison-Wesley, 2020.

B. Haryanto and A. Nugroho, “Hardening Apache and Nginx web servers using layered security controls,” Indonesian Journal of Information Technology, vol. 7, no. 1, pp. 55–66, 2022.

I. Ristić, Bulletproof SSL and TLS, 2nd ed. Feisty Duck Publishing, 2018.

S. Kumari and R. Ranjan, “Intrusion detection and prevention on public web servers using log-based automation,” International Journal of Computer Networks & Communications, vol. 15, no. 2, pp. 1–15, 2023.

Q. Liu and Y. Chen, “An empirical analysis of TLS 1.3 adoption and performance in production systems,” IEEE Transactions on Network and Service Management, vol. 17, no. 4, pp. 2152–2165, 2020.

OWASP Foundation, “Web Application Security Testing Guide,” 2024.

D. Prasetyo and H. Satria, “Log-based brute-force attack mitigation on Apache using Fail2ban,” Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 8, no. 4, pp. 765–774, 2021.

E. Rahardjo and S. Widodo, “Evaluating university eOffice security hardening using TLS and HSTS,” Journal of Cyber Defense and Education, vol. 5, no. 1, pp. 33–48, 2023.

A. Snyder and R. Patel, “Comparative study of intrusion prevention effectiveness on Linux web stacks,” Journal of Information and Network Security, vol. 14, no. 3, pp. 219–230, 2022.

H. Wang and S. Liu, “Security header configuration and its impact on web server resilience,” The Web Security Review, vol. 12, no. 2, pp. 87–98, 2020.