SMB GLOBAL IPS NOTIFICATION VIA WEBMIN

MUHAMMAD FIKRI BIN A. HAMID

52261212242

BIT (HONS) IN COMPUTER SYSTEM SECURTY

2015

UNIVERSITI KUALA LUMPUR

SEPTEMBER 2015

SMB GLOBAL IPS NOTIFICATION VIA WEBMIN

MUHAMMAD FIKRI BIN A. HAMID

52261212242

Report Submitted to Fulfillment the Partial Requirements

For the Bachelor of Information Technology (Hons)
in Computer System Security
Universiti Kuala Lumpur

SEPTEMBER 2015

DECLARATION

I declare that this report is my original work and all references have been
cited adequately as required by the University.

Date: 31/12/2015

Signature : .................
Full Name : Muhammad Fikri bin A.
Hamid
ID Number: 52261212332

APPROVAL PAGE

We have supervised and examined this report and verify that it meets the
program and Universitys requirements for the Bachelor of Information
Technology (Hons) in Computer System Security.

Date: 31/12/2015

Signature:.
Supervisor: HERNY RAMADHANI
Official Stamp:

Date: 31/12/2015

Signature:.
Assessor: HAN LOCK SIEW
Official Stamp:
4

ACKNOWLEDGEMENT

Bismillahi Ar Rahman Ar Rahim

In the name of Allah, The Most Gracious, The Most Merciful, and Him
alone are worthy of all praise.
It is not possible for me to acknowledge individually the debt that I owe to
who had made their contribution in preparing and writing this research
project proposal. I would like to thank many people who helped me.
Special thank go to my supervisor, Madam Herny Ramadhani bt
Mohd Husny Hamid, Sir Han Lock Siew and Madam Yuhanis for her
wonderful support, guidance and cooperation that had been given to me
through the compilation of this project. I would also express my gratitude
to Madam Hazimah who had been guiding the writing of this report from
the beginning.
I would like to thank my family and my friends for their deepest
concern and investment during the course of this project. All of you are my
strength and thank for everything.

I would like to extend my sincere thanks to my fellow classmates and

housemates, dedicated network lecture and BCSS lectures and the others
for contributing and supporting me directly and indirectly.
Thank you, may Allah SWT bless all of you.

LIST OF TABLES

Page No

Table 2.1 Comparison between Current IPS vs New Proposed IPS

25
Table 3.1 Hardware Requirement....42
Table 3.2 Software Requirement....
..43
Table 4.1 : Software Requirement....
45
Table 4.2: Hardware Requirement...46
Table 5.1: Display SQL Injection test...66
Table

5.2:

Display

Cross-Site

Scripting

test.

...67
Table 5.2: Webmin display test....68
6

LIST OF FIGURES

Page No

Figure

1.1

Current

IPS.............3
Figure 2.1: Type of Attacks by layer..8
Figure
2.2:
Anatomy
of
Web
Attack
Process
........9
Figure 2.3: SQL Injection Process.......11
Figure 2.4: IPS Architecture..
....15
7

Figure

2.5:

Example

of

Signature

based.

....16
Figure 2.6: Example of Rule Base......
..17
Figure

2.7:

Firewall

Process......

.......18
Figure

2.8:

Airsnare

Intrusion

Detection

System.

...20
Figure

2.9:

Airsnare

Intrusion

Detection

System..

Detection

System

.........21
Figure

2.10:

Airsnare

Intrusion

....22

Figure

3.1:

Rapid

Application

Development

(RAD)

....28
Figure 3.2: Penetration Testing using Burp suite...36
Figure 3.3: Schools website..
37
Figure 3.4: System Diagram on How the System Works .
.38
Figure
.39
Figure

3.5:

Flow

chart....
3.7:

Proposed

project

sketches.............................40

Figure

3.8:

Proposed

project

sketches......................41
Figure 4.1: Schools website .
47
Figure 4.2: Virtual Private Server.
.48
Figure 4.3 : Web Application Firewall (WAF)..
.49
Figure

4.4:

Flow

chart

....50
Figure 4.5: Command Installation Voyage Debian Process..
51
Figure

4.6:

Command

ModSecurity/Apache

2....52
Figure 4.7: Create and Modified Base Rules.
.53
Figure 4.8: Reverse Proxy Architecture on IPS .
.60
Figure 4.9: Webmin....62
Figure 5.1: Result of IPS...
.65
Figure

5.2:

Graph:

Usefulness

result...70

ABSTRACT

This project is aimed to have an Intrusion Prevention System notification

via Webmin in the real time in order to detect and prevent all SQL injection
and Cross-Site Scripting attacks. It is one of the good solutions for
improving network security to integrate many kinds of security techniques.
Firewall and intrusion detection system can enforce security of the
network effectively, but there are also drawbacks existing in themselves.
Intrusion prevention system (IPS) is a technique combining the techniques
of the firewall with that of the IDS properly. This project have three
objective to achieve, in order to achieve the project goals, developer
should be study the process or methods of IPS, create new basic rules for
IPS and to test embedded webmin from IPS notification. A typical usage of
a reverse proxy is to provide Internet users access to a server that is
behind a firewall. Reverse proxies can also be used to balance load
among several back-end servers or to provide caching for a slower backend server. SMB IPS will be apply on schools website and developer
used Burp Suite to test the functionality of this IPS. Once attacker inject
the website, IPS will be notification via webmin to show the real time to
detect and block the intrusion. In conclusion, this is the best methods to
improve the security of the website from web attacks.

10

11

TABLE OF CONTENT
DECLARATION.........................................................................................iii
APPROVAL PAGE..iv
ACKNOWLEDGEMENT..v
LIST OF TABLESvi
LIST OF FIGURES..vi
ABSTRACT.vii
CHAPTER 1: INTRODUCTION
1.1 Introduction......1
1.2 Project Background.....2-3
1.3 Problem statement...34
1.3.1 Application layer attacks are increase..
..3
1.3.2

Current

IPS

not

very

efficiency

.................4
1.4
Solving...4
1.4.1
Produce
IPS
and
used
reverse

Problem
proxy

methods....4
1.4.2 Create updated rules and new signature of attacks
.4
1.5 Objectives.5
1.6 Project Scope...5-6
1.6.1 Target User....5

12

1.6.2

Key

Functions

of

Intrusion

Prevention

System

Technologies.6
1.7 Project Significant.......7

1.8 Conclusion.......7

13

CHAPTER 2: LITERATURE REVIEW

2.1

Introduction

of

Literature

Review............................8
2.2 Web attack..8-12
2.2.1 Anatomy of web attack910
2.2.2 Type of web attack....1012
2.2.2.1 SQL injection....11
2.2.2.2 Cross-site scripting.
.....12
2.3 Method to protect from Web Attack...1214
2.3.1 Firewall.13
2.3.2 Anti-virus......13
2.3.3 Intrusion Prevention System...
..14
2.4 Information of Intrusion Prevention System.1519
2.4.1

Technique

that

be

used

on

IPS........15
2.4.2 IPS Methods to Detect and Prevent Attacks ....1618
2.4.3 Advantages using IPS
19
2.5 Type of Current IPS.2022
2.5.1 Airsnare.......20
14

2.5.2 Metaflow Management Application.....21

2.5.3 Malware Defender....
..22
2.6 Typical component of IPS...2324
2.6.1 Hardware component ...23
2.6.1.1 Raspberry Pi
23
2.6.2. Software Component.........................24
2.6.2.1 Snort.....24
2.6.2.2 ModSecurity.....24
2.6.2.3 Virtual Private Server.
.24
2.7

Comparison

of

Different

Intrusion

Prevention

System

........25
2.8

Conclusion.

...........26

15

CHAPTER 3: METHODOLOGY
3.1 Introduction........27
3.2 Rapid Application Development....27-37
3.2.1 Phase 1: Analysis Design and Quick Design ...2932
3.2.2 Phase 2: Development (Build, Demonstrate and Refine)..33-35
3.2.3 Phase 3: Testing ....36
3.2.4
Phase
4:
Implementation
and
release..37
3.3 System Architecture..38
3.4
Flow
chart...
....39
3.5 Proposed project sketches........40-41
3.6 Budget / Cost Estimation....4243
3.6.1 Hardware Requirement..
42
3.6.2 Software Requirement...43
3.7 Conclusion.....43

16

CHAPTER 4: PROTOTYPE AND DEVELOPMENT

4.1 Introduction........44
4.2 Overview of Product Development ...
.....44
4.3 System Requirement .....41-46
4.4 New proposed SMB IPS...................4649
4.4.1 System Module Structure..46
4.4.1.1 Web Client........47
4.4.1.2 Virtual Private Server...
48

4.4.1.3 Web Application Firewall........49

4.5 Flow Chart...............50-51
4.6 System Development..5162
4.6.1 Installation Voyage Debian
51
4.6.2 Installation Modsecurity/ Apache 2.
.....52
17

4.6.3 Create and Modified base Rules......

53
4.6.3.1

Example

of

SQL

Operator

rules.54
4.6.3.2 Example of SQL Tautologies rules....55
4.6.3.3 Example of Blind SQL Injection rules...
.56
4.6.3.4 Example of XSS: Detect Event Handler Name
rules......57
4.6.3.5 Example of XSS Filters rules..
...............58
4.6.3.6 Example of XSS: Detect Usage of Common URL
Attributes..59
4.6.4 Reverse Proxy use on SMB IPS.6061
4.6.5 Make Webmin.....62
4.7 Conclusion.....62

18

CHAPTER 5: TESTING AND RESULT

5.1 Introduction........63
5.2 Testing .........................63
5.3 Testing Method ...64-70

5.3.1 Functional System........6468

5.3.2 Usability Testing........69-70
5.3.2.1 Selection of Participant..........69
5.3.2.2 Testing Procedure...69
5.3.2.3 Analysis Data.....70
5.3.2.4 Testing Result Based on Questionnaires..
.70
5.4 Conclusion.....71
CHAPTER 6: CONCLUSION AND RECOMMENDATION
6.1

Introduction......

...72
6.2 Objective Achievement.......72-73

19

6.2.1 Project Objectives...7273

6.3 Strengths and Limitations....7374
6.3.1 Project Strength...
.74
6.3.2 Project Limitation..74
6.4

Future

Enhancement

(Recommendations)

....75
6.5 Conclusion......75

REFRENCES....76-79
APPENDICE
A:
Questionnaire..
...................80
APPENDIX B: Gantt Chart.8183

20