SMB GLOBAL IPS NOTIFICATION

VIA WEBMIN

MUHAMMAD FIKRI BIN A. HAMID

BACHELOR OF INFORMATION TECHNOLOGY (HONS) IN COMPUTER SYSTEM SECURTY

2015

52261212242

UNIVERSITY OF KUALA LUMPUR

SEPTEMBER 2015

SMB GLOBAL IPS NOTIFICATION

VIA WEBMIN

MUHAMMAD FIKRI BIN A. HAMID

52261212242

Report Submitted to Fulfill the Partial

Requirements
For the Bachelor of Information
Technology (Hons) in Computer System
Security

University of Kuala Lumpur

SEPTEMBER 2015

DECLARATION

I declare that this report is my original work all references have been cited
adequately as required by the University.

Date: 31/12/2015

Signature
Full Name: MUHAMMAD FIKRI BIN
A. HAMID
ID Number: 52261212242

APPROVAL PAGE

We have supervised and examined this report and verify that it meets the
program and Universitys requirement for the Bachelor of Information
Technology (HONS) in Computer System Security

Date: 31/12/2015

Signature:
Supervisor: Madam Herny
Ramadhani binti
Mohd. Husny
Official Stamp:

Date: 31/12/2015

Signature:
Accessors: Sir Han Lock Siew
Official Stamp:

ACKNOWLEDGEMENT

In the name of Allah, The Most Gracious, The Most Merciful, and Him alone are
worthy of all praise.
It is not possible for me to acknowledge individually the debt that I owe to
who had made their contribution in preparing and writing this research project
proposal. I would like to thank many people who helped me.
Special thank go to my supervisor, Madam Herny Ramadhani bt Mohd
Husny Hamid, Sir Han Lock Siew and Madam Yuhanis for her wonderful
support, guidance and cooperation that had been given to me through the
compilation of this project. I would also express my gratitude to Madam Hazimah
who had been guiding the writing of this report from the beginning.
I would like to thank my family and my friends for their deepest concern
and investment during the course of this project. All of you are my strength and
thank for everything.
I would like to extend my sincere thanks to my fellow classmates and
housemates, dedicated network lecture and BCSS lectures and the others for
contributing and supporting me directly and indirectly.
Thank you, may Allah SWT bless all of you.

LIST OF TABLES
Table 2.1 Comparison between Current IPS vs New Proposed IPS....25
Table 3.1 Hardware Requirement...42
Table 3.2 Software Requirement....43
Table 4.1 : Software Requirement...
45
Table

4.2:

Hardware

Requirement...

...46
Table

5.1:

Display

SQL

Injection

test..66
Table

5.2:

Display

Cross-Site

Scripting

test...67
Table 5.2: Webmin display test...68

LIST OF FIGURES
Figure

1.1

Current

IPS.

..............3
Figure 2.1: Type of Attacks by layer............8
Figure 2.2: Anatomy of Web Attack Process .........9
Figure 2.3: SQL Injection Process......11
Figure 2.4: IPS Architecture.
....15
Figure

2.5:

Example

of

Signature

based....16
Figure 2.6: Example of Rule Base........
..17
Figure

2.7:

Firewall

Process.....

.......18
Figure

2.8:

Airsnare

Intrusion

Detection

System.

Intrusion

Detection

System.

.....20
Figure

2.9:

Airsnare

.........21
Figure 2.10: Airsnare Intrusion Detection System ..
.....22

Figure

3.1:

Rapid

Application

Development

(RAD)

.................28
Figure 3.2: Penetration Testing using Burp suite.....36
Figure

3.3:

Schools

website...

.37
Figure 3.4: System Diagram on How the System Works ..
.38
Figure 3.5: Flow chart...39
Figure
3.7:
Proposed
project
sketches.......................................40
Figure
3.8:
Proposed

project

sketches................................41
Figure 4.1: Schools website
47
Figure 4.2: Virtual Private Server...
.48
Figure

4.3

Web

Application

Firewall

(WAF)

.49
Figure

4.4:

Flow

chart

..

....50
Figure 4.5: Command Installation Voyage Debian Process...51
Figure

4.6:

Command

ModSecurity/Apache

2..

....52
Figure 4.7: Create and Modified Base Rules...
.53
Figure 4.8: Reverse Proxy Architecture on IPS ..
.60
Figure

4.9:

Webmin..

.62

LIST OF FIGURES

Figure 5.1: Result of IPS..

.65
Figure 5.2: Graph: Usefulness result.....
.70

10

ABSTRACT
This project is aimed to have an Intrusion Prevention System notification via
Webmin in the real time in order to detect and prevent all SQL injection and
Cross-Site Scripting attacks. It is one of the good solutions for improving
network security to integrate many kinds of security techniques. Firewall and
intrusion detection system can enforce security of the network effectively, but
there are also drawbacks existing in themselves. Intrusion prevention system
(IPS) is a technique combining the techniques of the firewall with that of the IDS
properly. This project have three objective to achieve, in order to achieve the
project goals, developer should be study the process or methods of IPS, create
new basic rules for IPS and to test embedded webmin from IPS notification. A
typical usage of a reverse proxy is to provide Internet users access to a server
that is behind a firewall. Reverse proxies can also be used to balance load
among several back-end servers or to provide caching for a slower back-end
server. SMB IPS will be apply on schools website and developer used Burp
Suite to test the functionality of this IPS. Once attacker inject the website, IPS
will be notification via webmin to show the real time to detect and block the
intrusion. In conclusion, this is the best methods to improve the security of the
website from web attacks.

11

12

CONTENT
DECLARATION...................................................................................................iii
APPROVAL PAGE....iv
ACKNOWLEDGEMENT....v
LIST OF TABLES...
vi
LIST

OF

FIGURES...

..vi
ABSTRACT...vii
CHAPTER 1: INTRODUCTION
1.1

Introduction....

.....1
1.2 Project Background.......2-3
1.3 Problem statement.3-4
1.3.1
Application
layer
attacks
are
increase
..3
1.3.2
Current

IPS

not

very

efficiency

...........................4
1.4 Problem Solving..
...4
1.4.1

Produce

IPS

and

used

reverse

proxy

methods...4
1.4.2 Create updated rules and new signature of attacks ..
.4
1.5 Objectives...5
1.6 Project Scope......56
13

1.6.1 Target User......5

1.6.2 Key Functions of Intrusion Prevention System Technologies..
.6
1.7

Project

Significant......7

1.8 Conclusion......7

14

CHAPTER 2: LITERATURE REVIEW

2.1

Introduction

of

Literature

Review.....................................8
2.2 Web attack.812
2.2.1 Anatomy of web attack..910
2.2.2 Type of web attack...1012
2.2.2.1 SQL injection...11
2.2.2.2
Cross-site
scripting.....12
2.3 Method to protect from Web Attack.....1214
2.3.1 Firewall...13
2.3.2 Anti-virus....13
2.3.3 Intrusion Prevention System.....
..14
2.4 Information of Intrusion Prevention System....1519
2.4.1

Technique

that

be

used

on

IPS.......15
2.4.2 IPS Methods to Detect and Prevent Attacks ..1618
2.4.3 Advantages using IPS..19
2.5 Type of Current IPS...20-22
2.5.1 Airsnare......20
2.5.2 Metaflow Management Application....21
15

2.5.3 Malware Defender....22

2.6 Typical component of IPS.....2324
2.6.1 Hardware component ..
23
2.6.1.1 Raspberry Pi ...
23
2.6.2. Software Component........................24
2.6.2.1 Snort....24
2.6.2.2 ModSecurity....24
2.6.2.3

Virtual

Private

Prevention

System

Server.24
2.7

Comparison

of

Different

Intrusion

..........25
2.8 Conclusion......................26

16

CHAPTER 3: METHODOLOGY
3.1

Introduction....

...27
3.2 Rapid Application Development......27-37
3.2.1 Phase 1: Analysis Design and Quick Design .....2932
3.2.2 Phase 2: Development (Build, Demonstrate and Refin..3335
3.2.3 Phase 3: Testing ......36
3.2.4 Phase 4: Implementation and release.
...37
3.3 System Architecture.
38
3.4 Flow chart.....39
3.5 Proposed project sketches.......4041
3.6 Budget / Cost Estimation...4243
3.6.1 Hardware Requirement....
42
3.6.2 Software Requirement.....43
3.7 Conclusion....43

17

CHAPTER 4: PROTOTYPE AND DEVELOPMENT

4.1

Introduction....

...44
4.2
Overview

of

Product

Development

..

.....44
4.3 System Requirement ....4146
4.4 New proposed SMB IPS.............................4649
4.4.1 System Module Structure.
46
4.4.1.1 Web Client.....
..47
4.4.1.2 Virtual Private Server.48

4.4.1.3 Web Application Firewall..........49

4.5 Flow Chart..............5051
4.6 System Development.5162
18

4.6.1 Installation Voyage Debian..51

4.6.2
Installation
Modsecurity/
Apache
2.....52
4.6.3 Create and Modified base Rules.....
53
4.6.3.1 Example of SQL Operator rules...
.54
4.6.3.2 Example of SQL Tautologies rules..
.55
4.6.3.3 Example of Blind SQL Injection rules..
.56
4.6.3.4 Example of XSS: Detect Event Handler Name rules.......57
4.6.3.5
Example
of
XSS
Filters
rules...............58
4.6.3.6 Example of XSS: Detect Usage of Common URL
Attributes..........59
4.6.4 Reverse Proxy use on SMB IPS....6061
4.6.5 Make Webmin....
62
4.7 Conclusion....62

19

CHAPTER 5: TESTING AND RESULT

5.1 Introduction......63
5.2 Testing .........63
5.3 Testing Method ..64-70

5.3.1 Functional System......64-68

5.3.2 Usability Testing......69-70
5.3.2.1 Selection of Participant..
...........69
5.3.2.2 Testing Procedure......69
5.3.2.3 Analysis Data......70
5.3.2.4 Testing Result Based on Questionnaires...
.70
5.4 Conclusion....71
CHAPTER 6: CONCLUSION AND RECOMMENDATION
6.1 Introduction...........72
6.2 Objective Achievement......72-73
6.2.1 Project Objectives.72-73

20

6.3 Strengths and Limitations......7374

6.3.1 Project Strength......74
6.3.2 Project Limitation....74
6.4 Future Enhancement (Recommendations)......75
6.5

Conclusion..

...75

REFRENCES...76-79
APPENDICE A: Questionnaire...................80
APPENDIX B: Gantt Chart8183

21