Simulation and Analysis of Network Security using Port Knocking and Intrusion Prevention System on Linux Server

Abstract

This research aims to design and simulate a network security system using port knocking and an intrusion prevention system (IPS) on a Linux-based server and analyze its security using port scanning, brute force, and DoS attacks. IPS uses inline snort mode with DAQ NFQ. The test results show that port knocking successfully opens and closes the port according to the knock sequence so that only those who know the knock sequence can access the port. The port scanning, SSH, and FTP Brute Force test results were successfully detected by IPS so that the attacker could not obtain any information. DoS testing with LOIC increased server CPU and memory usage, but after IPS rules were applied, usage stabilized. DoS testing with slowhttptest makes the webserver inaccessible to users, but after the IPS rule is applied, web access runs normally. In conclusion, IPS was successful in preventing all attacks because the attack packets complied with IPS rules so they were detected as threats and dropped by IPS. Test results of the Telegram monitoring system show that the system succeeded in sending real-time attack notifications with an average time difference of 2.9 seconds, and the report, start, and stop features worked as expected.