Hardening Keamanan Server eOffice Apache dengan TLS 1.3 dan Fail2ban

Penulis

  • Parulian Parulian Universitas HKBP Nommensen
  • Baringin Sianipar Universitas HKBP Nommensen
  • Danny Sihombing Universitas HKBP Nommensen

DOI:

https://doi.org/10.70340/jirsi.v5i2.348

Kata Kunci:

Web Security; Apache Hardening; TLS 1.3; Security Headers; Fail2ban; Intrusion Prevention System (IPS)

Abstrak

Keamanan layanan digital kampus semakin krusial seiring meningkatnya intensitas serangan otomatis seperti brute force, scanning, dan eksploitasi file upload yang menargetkan sistem administrasi berbasis web. Server eOffice Universitas HKBP Nommensen sebagai pusat dokumentasi dan surat-menyurat kampus juga menghadapi ancaman tersebut. Penelitian ini bertujuan untuk meningkatkan keamanan server melalui penerapan strategi hardening berbasis defense-in-depth pada Apache 2.4. Metodologi yang digunakan meliputi aktivasi TLS 1.3 untuk komunikasi terenkripsi modern, penerapan Security Headers sesuai standar OWASP, isolasi direktori untuk membatasi eksekusi file berbahaya, serta implementasi Fail2ban sebagai Intrusion Prevention System (IPS) berbasis log dengan pendekatan multi-jail. Evaluasi dilakukan menggunakan SSL Labs, SecurityHeaders.com, dan analisis log serangan.

Hasil penelitian menunjukkan peningkatan signifikan, ditandai dengan peningkatan grade SSL dari B menjadi A+ serta peningkatan nilai Security Headers menjadi Grade A. Selain itu, sistem IPS yang diterapkan terbukti efektif dalam mendeteksi dan memitigasi serangan otomatis secara real-time. Kesimpulannya, kombinasi Apache hardening, konfigurasi TLS modern, dan IPS berbasis log mampu meningkatkan ketahanan layanan eOffice secara signifikan serta dapat direplikasi oleh institusi lain dengan sumber daya terbatas.

Unduhan

Data unduhan belum tersedia.

Referensi

I. Agranat, D. Steinberg, and D. Zilberman, “Modern approaches to TLS 1.3 deployment in enterprise environments,” Journal of Network Security, vol. 18, no. 4, pp. 221–234, 2021.

M. Al-Faruq and T. Rahman, “Application of reverse proxy for mitigating automated web attacks in higher education institutions,” International Journal of Cybersecurity and Digital Forensics, vol. 11, no. 3, pp. 44–57, 2022.

Apache Software Foundation, “Apache HTTP Server 2.4 Documentation,” 2023. [Online]. Available: https://httpd.apache.org/docs/

R. Baker and T. Johnson, “Evaluation of HTTP security headers for improving web application defense,” Journal of Web Engineering, vol. 19, no. 7, pp. 1125–1141, 2020.

Cloudflare Inc., “Application Security Architecture: Zero Trust and Reverse Proxy Design,” 2024.

R. Dewi and S. Anwar, “Implementation of Fail2ban intrusion prevention system on Linux-based web servers,” Journal of Information System Security, vol. 9, no. 2, pp. 73–82, 2021.

N. Ferguson, Cryptographic Protocols: Understanding TLS 1.3 Modern Security. Addison-Wesley, 2020.

B. Haryanto and A. Nugroho, “Hardening Apache and Nginx web servers using layered security controls,” Indonesian Journal of Information Technology, vol. 7, no. 1, pp. 55–66, 2022.

I. Ristić, Bulletproof SSL and TLS, 2nd ed. Feisty Duck Publishing, 2018.

S. Kumari and R. Ranjan, “Intrusion detection and prevention on public web servers using log-based automation,” International Journal of Computer Networks & Communications, vol. 15, no. 2, pp. 1–15, 2023.

Q. Liu and Y. Chen, “An empirical analysis of TLS 1.3 adoption and performance in production systems,” IEEE Transactions on Network and Service Management, vol. 17, no. 4, pp. 2152–2165, 2020.

OWASP Foundation, “Web Application Security Testing Guide,” 2024.

D. Prasetyo and H. Satria, “Log-based brute-force attack mitigation on Apache using Fail2ban,” Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 8, no. 4, pp. 765–774, 2021.

E. Rahardjo and S. Widodo, “Evaluating university eOffice security hardening using TLS and HSTS,” Journal of Cyber Defense and Education, vol. 5, no. 1, pp. 33–48, 2023.

A. Snyder and R. Patel, “Comparative study of intrusion prevention effectiveness on Linux web stacks,” Journal of Information and Network Security, vol. 14, no. 3, pp. 219–230, 2022.

H. Wang and S. Liu, “Security header configuration and its impact on web server resilience,” The Web Security Review, vol. 12, no. 2, pp. 87–98, 2020.

Diterbitkan

2026-05-30

Terbitan

Bagian

Articles