Implementation of IPS (Intrusion Prevention System) Fail2ban on Server for DDoS and Brute Force Attacks

Abstract

Server security is an important thing that must be considered so that the server can work well and serve users. Attacks on servers can threaten server performance and data security in it. According to the National Cyber and Crypto Agency 2020 report, ports 22 and 80 were the top ports with the most attacks. One of the attacks on port 22 is brute force and an attack on port 80 is Distributed Denial of Service (DDoS). To solve this problem, a study was conducted to implement fail2ban IPS (Intrusion Prevention System) to increase server security. The attacks tested focused on brute force attacks on port 22 and DDoS attacks on port 80 using the TCP protocol. The fail2ban system is equipped with a website interface and notifications via telegram. The test results show that DDoS attacks have more impact on CPU performance with the highest increase in CPU being 92%, while brute force attacks have more impact on server memory performance with the highest increase in memory by 100%. The increase in server performance results in slowed server performance. The system managed to prevent DDoS attacks with an average speed of 0.5 seconds while brute force attacks were 6.1 seconds. The system managed to prevent DDoS attacks with a total of 88 attacks and brute force attacks with a total of 864 attacks.