PENGGUNAAN WIRESHARK DAN NESSUS UNTUK ANALISIS SSL/TLS PADA KEAMANAN DATA PENGGUNA WEBSITE

Penulis

  • Alfin Syarifuddin Syahab Universitas Teknologi Yogyakarta, Badan Meteorologi Klimatologi dan Geofisika
  • Erik Iman Heri Ujianto Universitas Teknologi Yogyakarta image/svg+xml
  • Rianto Rianto Universitas Teknologi Yogyakarta image/svg+xml

DOI:

https://doi.org/10.31000/jika.v7i2.7566

Abstrak

Perkembangan website di Indonesia meningkat signifikan dikarenakan bertambahnya pengguna layanan internet. Di sisi lain website yang memiliki data pengguna memiliki kerentanan. Serangan pada website dapat mengekploitasi sistem. Serangan tersebut dilakukan untuk mengetahui username, password, dan file sensitif. Protokol SSL/TLS merupakan bentuk keamanan pada web untuk komunikasi jaringan aman antara client dan server melalui koneksi terproteksi. Penelitian ini bertujuan untuk menganalisis SSL/TLS pada data pengguna website Badan Meteorologi Klimatologi dan Geofisika (BMKG) daerah X yang memberikan informasi cuaca dan iklim kepada masyarakat. Pengujian dilakukan menggunakan metode penelusuran paket data dengan aplikasi Wireshark dan menggunakan metode pemindaian website berupa vulnerability assessment dengan aplikasi Nessus. Hasil penelusuran paket data menunjukkan web server sudah diverifikasi sertifikat SSL/TLS dan server public key dengan protokol TLS 1.2 sehingga mampu melindungi data pengguna menggunakan enkripsi client dan server menggunakan algoritma hash SHA256. Hasil analisis pemindaian berupa vulnerability assessment menunjukkan level resiko keseluruhan adalah medium. Vulnerability priority rating (VPR) score menemukan tiga informasi kerentanan SSL/TLS yang membutuhkan tindakan evaluasi dan tindak lanjut dalam mengurangi resiko kerentanan website. Hasil penelusuran paket data dan vulnerability assessment pada SSL/TLS dapat membantu mengidentifikasi kelemahan sistem informasi website sehingga dapat menentukan langkah dalam penguatan performa keamanan website untuk melindungi dari serangan siber.

Referensi

Adeenze-Kangah, J., & Chen, Y. (2019). Detecting Proper SSL/TLS Implementation with Usage Patterns. Journal of Physics: Conference Series, 1176, 1-7.

Agustiara, W., Pratama, A., & Junaidi, S. (2022). Analisis Keamanan Protokol Secure Socket Layer terhadap Serangan Packet Sniffing pada Website Portal Berita Harian Umum Koran Padang. JTIK (Jurnal Teknik Informatika Kaputama), 6(1), 10-15.

Ali, I. (2021). Examining cyber security implementation through TLS/SSL on academic institutional repository in Indonesia. Berkala Ilmu Perpustakaan dan Informasi, 17(2), 238-249.

Aristian, & Cholil, W. (2022). Analisis Vulnerability Terhadap Website Lembaga Bahasa LIA Palembang Menggunakan Nessus, Netsparker dan Acunetic. Jurnal Pendidikan dan Konseling, 4(4) , 2459-2473.

Arshad, M., & Ali Hussain, M. (2016). Secure Framework to Mitigate Man-in-the-Middle Attack over SSL Protocol. Indian Journal of Science and Technology, 9(47), 1-5.

Budihardjo, E. W., Dewi, L. P., & Noertjahyana, A. (2021). Pembuatan Konfigurasi SSL yang Aman untuk Diimplementasikan pada Apache dan Nginx . Jurnal Infra , 9(2), 1-6.

Budiman, A., Ahdan, S., & Aziz, M. (2021). Analisis Celah Keamanan Aplikasi Web E-Learning Universitas ABC dengan Vulnerability Assesment. Jurnal Komputasi , 9(2) , 1-10.

Dastres, R., & Soori, M. (2020). Secure Socket Layer in the Network and Web Security. International Journal of Computer and Information Engineering, 14(10), 330-333.

Dewa, D. H., Pramukantoro, E. S., & Kartikasari, D. P. (2018). Analisis Mekanisme Keamanan Antara TLS/SSL Dan Crypto Pada Komunikasi IoT Middleware Dengan Subscriber Berbasis Protokol HTTP. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 2(10), 4027-4033.

Gultom, L. M., & Harahap, M. (2015). Analisis Celah Keamanan Website Instansi Pemerintah di Sumatra Utara. Jurnal Teknovasi, 2, 1-7.

Gunawan, D., Sitorus, E. H., Rahmat, R. F., & Hizriadi, A. (2018). SSL/TLS Vulnerability Detection Using Black Box Approach. Journal of Physics: Conference Series , 978, 28-30.

Kumari, N., & Mohapatra, A. (2022). A comprehensive and critical analysis of TLS 1.3. Journal of Information and Optimization Sciences, 43(4), 689-703.

Pranata, H., Abdillah, L. A., & Ependi, U. (2015). Analisis Keamanan Protokol Secure Socket Layer (SSL) Terhadap Proses Sniffing di Jaringan. Student Colloquium Sistem Informasi & Teknik Informatika, I, 1-6.

Riadi, I., Yudhana, A., & Yunanri. (2020). Analisis Keamanan Website Open Journal System menggunakan Metode Vulnerability Assessment. Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), 7, 853-860.

S, G., Govindaraju, & Elango. (2019). An Approach to Implement Cryptographic Protocol Version Downgrade Within a Secure Internal Network: TLS 1.x to SSL. International Journal of Interactive Mobile Technologies (iJIM), 13, 179-187.

Sahren. (2021). Implementasi SSL untuk Pencegahan Man in the Middle Attack pada FTP Server. Journal of Science and Social Research, IV(1), 28 - 33.

Wahanani, H. E., Aditiawan, F. P., & Mumpuni, R. (2020). Uji Coba Serangan Man in The Middle pada Keamanan SSL Protokol HTTP. Jurnal Sistem Informasi Dan Bisnis Cerdas, 13(1), 21-26.

Unduhan

Diterbitkan

2023-05-14

Terbitan

Vol 7 No 2 (2023): JIKA (Jurnal Informatika)

Bagian

Articles

Lisensi

License and Copyright Agreement

In submitting the manuscript to the journal, the authors certify that:

  • They are authorized by their co-authors to enter into these arrangements.
  • That it is not under consideration for publication elsewhere,
  • That its publication has been approved by all the author(s) and by the responsible authorities – tacitly or explicitly – of the institutes where the work has been carried out.
  • They secure the right to reproduce any material that has already been published or copyrighted elsewhere.
  • They agree to the following license and copyright agreement.

Copyright

Authors who publish with International Journal of Advances in Intelligent Informatics agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal. 
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

Licensing for Data Publication

International Journal of Advances in Intelligent Informatics use a variety of waivers and licenses, that are specifically designed for and appropriate for the treatment of data:

Other data publishing licenses may be allowed as exceptions (subject to approval by the editor on a case-by-case basis) and should be justified with a written statement from the author, which will be published with the article.

Open Data and Software Publishing and Sharing

The journal strives to maximize the replicability of the research published in it. Authors are thus required to share all data, code or protocols underlying the research reported in their articles. Exceptions are permitted but have to be justified in a written public statement accompanying the article.

Datasets and software should be deposited and permanently archived inappropriate, trusted, general, or domain-specific repositories (please consult http://service.re3data.org and/or software repositories such as GitHub, GitLab, Bioinformatics.org, or equivalent). The associated persistent identifiers (e.g. DOI, or others) of the dataset(s) must be included in the data or software resources section of the article. Reference(s) to datasets and software should also be included in the reference list of the article with DOIs (where available). Where no domain-specific data repository exists, authors should deposit their datasets in a general repository such as ZENODO, Dryad, Dataverse, or others.

Small data may also be published as data files or packages supplementary to a research article, however, the authors should prefer in all cases a deposition in data repositories.