Skripsi
SISTEM DETEKSI SERANGAN INSIDER PADA GERAKAN LATERAL SSH MENGGUNAKAN METODE RULE BASED
Insider threat is one of the most challenging security threats to detect because the attacker possesses legitimate access rights to the system. This research aims to analyze an insider attack scenario that exploits legal access through the Secure Shell (SSH) service in the process of data acquisition and privilege escalation on a Linux system. The research method involves simulating insider activities starting from service scanning, SSH access using valid credentials, system configuration, log file transfer, and privilege escalation. The results show that insider activities can be detected through system log analysis, network traffic monitoring, and alerts generated by Snort, even without involving brute-force attacks. Furthermore, mitigation measures such as firewall configuration, access control restrictions, and continuous monitoring are proven to reduce the risk of insider access misuse. This research is expected to serve as a reference for improving system security against insider threats through more effective detection and mitigation approaches.
No other version available