Analysis Server Security Assessment of Staffing Management Information System Using the NIST SP 800-115 Method at UIN Ar-Raniry Banda Aceh

Authors

  • Irfan Murti Raazi Universitas Islam Negeri Ar-Raniry Banda Aceh http://orcid.org/0000-0003-3761-6602
  • Malahayati Malahayati Universitas Islam Negeri Ar-Raniry Banda Aceh
  • Basrul Basrul IAIN LHOKSEUMAWE
  • Rezqi Malia Universitas Teuku Umar
  • Mulkan Fadhli Universitas Islam Negeri Ar-Raniry Banda Aceh

DOI:

https://doi.org/10.22373/crc.v8i1.20808

Keywords:

Penetration Testing, NIST SP 800-115, Server Security

Abstract

Ar-Raniry State Islamic University management information system has been implemented based on technology. It becomes vulnerable to attacks brought on by weaknesses (vulnerabilities). The degree to which institutions are able to improve their access to authority inside the system is gauged by this research. To evaluate the server's dependability based on confidentiality, integrity, and availability, penetration testing is necessary. The NIST SP 800-115 approach, which comprises of four testing stages—planning, discovery, attack, and reporting—is used to conduct the server security assessment. The findings demonstrate the Security Management Information System contains nine vulnerabilities in various ways with varying improvements. Two of these vulnerabilities are classified as high threat: DNS Server Spoofed Request Amplification DDoS by blocking access from the public network or rejecting the query; and Interception Attack by enhancing the SSL/TLS protocol through a stunnel. The remaining seven vulnerabilities are classified as medium threat. However, Ar-Raniry's campus server vulnerability level is categorized as medium threat

Downloads

Published

2024-02-02

Issue

Vol. 8 No. 1 (2024)

Section

Articles

License

Authors who publish in this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. The Journal uses license CC-BY-SA or an equivalent license as the optimal license for the publication, distribution, use, and reuse of scholarly works. 

  3. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  4. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).