Implementasi dan Evaluasi Sistem Keamanan Siber Berbasis Wazuh, Shuffle, dan Yara di Pusat Data Diskominfo Kota Tangerang dengan Metode PPDIOO

Muhammad Ridwan Na'im Ridwan; Yudi Kurniawan

doi:10.62951/router.v3i4.752

Authors

Muhammad Ridwan Na'im Ridwan Universitas Pamulang
Yudi Kurniawan Universitas Pamulang

DOI:

https://doi.org/10.62951/router.v3i4.752

Keywords:

Information Security, PPDIOO, Shuffle, Wazuh, YARA

Abstract

Tangerang City has the most applications in Indonesia, with 222 applications. All of these applications are supported by more than 100 servers located in the data center of the Tangerang City Communication and Information Agency. The large number of servers and applications that are managed brings up new problems in the midst of increasing complex cyber threats, especially in government data centers. One of them is how to monitor and respond quickly when there is an attack on the existing system. The implementation of a cyber security system based on Wazuh, Shuffle, and YARA is able to monitor threats in realtime and automate responses against attacks. Wazuh acts as a log-based monitoring and detection platform and behavior analysis, Shuffle is used to automate incident response through integrated workflow, and YARA is applied for signature-based malware identification. The PPDIOO (Prepare, Plan, Design, Implement, Operate, Optimize) method used in this research is used as a framework in designing and evaluating the system. From the research conducted, it is expected that Wazuh successfully monitors anomalies that occur on the server which will then be forwarded to Shuffle to automate the next steps to be taken. YARA integrated with Wazuh also successfully detects and quarantines malicious files that enter the server automatically based on the available signature list.

Downloads

Download data is not yet available.

References

Arini, A. P., Isworo, M. R. R., & others. (2024). Desain dan manajemen jaringan pada SMA Negeri 15 Surabaya menggunakan Cisco Packet Tracer dengan metode PPDIOO. Prosiding Seminar Nasional Informatika Bela Negara, 4, 26–32.

Cains, M. G., Flora, L., Taber, D., King, Z., & Henshel, D. S. (2022). Defining cyber security and cyber security risk within a multidisciplinary context using expert elicitation. Risk Analysis, 42(8), 1643–1669. https://doi.org/10.1111/risa.13687

DISKOMINFO Kota Tangerang. (2023, December 15). Sukses terapkan smart city, Kota Tangerang miliki 222 aplikasi hingga diburu 47 daerah. https://diskominfo.tangerangkota.go.id/berita/sukses-terapkan-smart-city-kota-tangerang-miliki-222-aplikasi-hingga-diburu-47-daerah

Gustina, D. M. V., & Ananda, A. (2024). Kecerdasan buatan untuk security orchestration, automation and response: Tinjauan cakupan. Jurnal Komputer Terapan, 10(1), 36–47. https://doi.org/10.35143/jkt.v10i1.6247

Habibie, M. N. (2024). Implementasi security orchestration, automation and response (SOAR) sistem menggunakan Shuffle di Politeknik Caltex Riau (Tesis/Skripsi). Politeknik Caltex Riau.

Nafisah, N., & Ujianti Handayani, M. (2024). Perancangan sistem informasi akademik pengolahan data nilai siswa pada SD Negeri Mangunsaren 02 berbasis website. JATI (Jurnal Mahasiswa Teknik Informatika), 9(1), 138–144. https://doi.org/10.36040/jati.v9i1.12231

Ødegårdstuen, F. S. (2020, May 20). Introducing Shuffle—An open source SOAR platform (Part 1). Medium. https://medium.com/shuffle-automation/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12

Patel, P. S., Kunwar, R. S., & Thakar, A. (2023). Malware detection using YARA rules in SIEM. In Advances in cybersecurity analytics (pp. 313–330). IGI Global. https://doi.org/10.4018/978-1-6684-8666-5.ch014

Pemerintah Kota Tangerang. (2022, February 21). Jaga keamanan lembaga, Diskominfo launching Kota Tangerang CSIRT. https://www.tangerangkota.go.id/berita/detail/29867/jaga-keamanan-lembaga-diskominfo-launching-kota-tangerang-csirt

Rijal Kamal, M., & Setiawan, A. (n.d.). Deteksi anomali dengan security information and event management (SIEM) Splunk pada jaringan UII.

Saputra, F. A., Dharmawan, T. R., & Rustianto, A. (2024). Implementasi Wazuh SIEM untuk manajemen log event di Pesantren Teknologi Informasi dan Komunikasi Jombang. Jurnal Informatika Terpadu, 10(2), 146–155. https://doi.org/10.54914/jit.v10i2.1435

Shafiyyah, A., Nama, G. F., & Pradipta, R. A. (2024). Implementasi Wazuh menggunakan metode PPDIOO di sistem keamanan jaringan PSDKU Universitas Lampung Way Kanan sebagai deteksi dan respons serangan siber. Jurnal Informatika dan Teknik Elektro Terapan, 12(2). https://doi.org/10.23960/jitet.v12i2.4074

Suci Amaliah, N., Nusrang, M., & Aswi, A. (2022). Penerapan metode random forest untuk klasifikasi varian minuman kopi di Kedai Kopi Konijiwa Bantaeng. VARIANSI: Journal of Statistics and Its Application on Teaching and Research, 4(3), 121–127. https://doi.org/10.35580/variansiunm31

Van Tony, F., & Yazid, S. (2024). Perancangan tim security operation center di perusahaan sektor finansial: Studi kasus dan analisis. Cyber Security dan Forensik Digital, 7(2), 95–110. https://doi.org/10.14421/csecurity.2024.7.2.4895

VirusTotal. (2024, December 13). YARA in a nutshell. https://virustotal.github.io/yara/

Widyantono, D. P., & Sulistyo, W. (2023). Pemodelan intrusion prevention system untuk pendeteksi dan pencegahan penyebaran malware menggunakan Wazuh. Journal of Information Technology Ampera, 4(1), 113–127.