Analysis Server Security Assessment of Staffing Management Information System Using the NIST SP 800-115 Method at UIN Ar-Raniry Banda Aceh

Irfan Murti Raazi, Malahayati Malahayati, Basrul Basrul, Rezqi Malia, Mulkan Fadhli

Abstract


Ar-Raniry State Islamic University management information system has been implemented based on technology. It becomes vulnerable to attacks brought on by weaknesses (vulnerabilities). The degree to which institutions are able to improve their access to authority inside the system is gauged by this research. To evaluate the server's dependability based on confidentiality, integrity, and availability, penetration testing is necessary. The NIST SP 800-115 approach, which comprises of four testing stages—planning, discovery, attack, and reporting—is used to conduct the server security assessment. The findings demonstrate the Security Management Information System contains nine vulnerabilities in various ways with varying improvements. Two of these vulnerabilities are classified as high threat: DNS Server Spoofed Request Amplification DDoS by blocking access from the public network or rejecting the query; and Interception Attack by enhancing the SSL/TLS protocol through a stunnel. The remaining seven vulnerabilities are classified as medium threat. However, Ar-Raniry's campus server vulnerability level is categorized as medium threat


Keywords


Penetration Testing, NIST SP 800-115, Server Security

Full Text:

PDF


DOI: http://dx.doi.org/10.22373/crc.v8i1.20808

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Irfan Murti Raazi, Malahayati, Basrul, Rezqi Malia, Mulkan Fadhli

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

              

 

Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro
P-ISSN 2549-3698
E-ISSN 2549-3701
Published by Electrical and Engineering Education Department, Education and Teacher Training Faculty, Universitas Islam Negeri Ar-Raniry Banda Aceh, Indonesia
Email: jurnal.circuit@ar-raniry.ac.id 

Creative Commons License
Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.