Implementasi Dan Analisa Security Auditing Menggunakan Open Source Software Dengan Framework Cyber Kill Chain

Authors

  • Reza Nugroho Telkom University
  • Avon Budiyono Telkom University
  • Adityas Widjajarto Telkom University

Abstract

Abstrak Security Auditing merupakan evaluasi sistematis keamanan sistem informasi dengan mengukur seberapa baik dan sesuai dengan seperangkat kriteria yang ditetapkan. Salah satu framework dari Security Auditing adalah Cyber Kill Chain , framework ini memungkinkan seorang security analyst untuk fokus pada berbagai tahap pada sebuah serangan. Maka dari itu, dibuat implementasi dan analisa security auditing berdasarkan framework Cyber Kill Chain guna memberikan informasi tentang manfaat dari Security Auditing. Penelitian ini dilakukan dengan menggunakan vulnerability operating system sebagai objek yang dilakukan scanning dengan aplikasi open source OpenVAS untuk melakukan vulnerability scan. Dari hasil penelitian yang dilakukan terhadap 10 walkthrough didapatkan hasil analisis berupa activity diagram dan dataflow diagram kemudian akan dilakukan pengelompokan berdasarkan perhitungan resiko yang didapat. Sehingga akan didapatkan klasifikasi berupa hubungan antara tools dan vulnerability berdasarkan framework Cyber Kill Chain. Kata kunci : Security Auditing, framework Cyber Kill Chain, attack tree, tools, Vulnerable. Abstract Security Auditing is a systematic evaluation of information system security by measuring how well and in accordance with a set of established criteria. One of the frameworks of Security Auditing is Cyber Kill Chain, this framework allows a security analyst to focus on various stages of an attack. Therefore, security auditing implementation and analysis is made based on the Cyber Kill Chain framework to provide information about the benefits of Security Auditing. This research was conducted by using the operating system vulnerability as an object that was scanned with the OpenVAS open source application to conduct a vulnerability scan. From the results of research conducted on 10 walkthroughs obtained the results of the analysis in the form of activity diagrams and data flow diagrams will then be grouped based on the calculation of the risks obtained. So that the classification will be obtained in the form of a relationship between tools and vulnerability based on the Cyber Kill Chain framework.. Keywords : Security Auditing, framework Cyber Kill Chain, attack tree, tools, Vulnerable.

Downloads

Published

2020-08-01

Issue

Vol. 7 No. 2 (2020): Agustus 2020

Section

Program Studi S1 Sistem Informasi