Penetration Testing System CERDAS With Brute Force Method

Ronald Merlang; Apri Siswanto

Authors

Ronald Merlang Riau Islamic University Author
Apri Siswanto Riau Islamic University Author

Keywords:

Penetration Testing, , Brute Force, Access Security., System CERDAS

Abstract

Security of access rights is an important aspect so that there is no misuse by individuals seeking profit. The national cybersecurity operations center and the state cyber code agency recorded 88 million cyber-attacks in 2020. In an effort to prevent attacks on CERDAS, the author conducted a study by raising the problem "Can the security system used by CERDAS prevent brute force attacks and how is the brute force attack process carried out". The purpose of this study was to test the login page security system used by CERDAS. The method used was NIST 800-115. The results of the study showed that the login page security system used by CERDAS had a gap against brute force attacks with a success rate of up to 100%. Based on the results of the study, CERDAS must improve the login page security system as an effort to avoid brute force attacks that aim to harm the system.

References

1. Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 65-88.

2. Alkhwaja, I., Albugami, M., Alkhwaja, A., Alghamdi, M., Abahussain, H., Alfawaz, F., ... & Min-Allah, N. (2023). Password cracking with brute force algorithm and dictionary attack using parallel programming. Applied Sciences, 13(10), 5979.

3. Alkhudhayr, F., Alfarraj, S., Aljameeli, B., & Elkhdiri, S. (2019, May). Information security: A review of information security issues and techniques. In 2019 2nd international conference on computer applications & information security (ICCAIS) (pp. 1-6). IEEE.

4. Al Sharaa, B., & Thuneibat, S. (2024). Ethical hacking: real evaluation model of brute force attacks in password cracking. Indonesian Journal of Electrical Engineering and Computer Science, 33(3), 1653-1659.

5. Ayankoya, F., & Ohwo, B. (2019). Brute-force attack prevention in cloud computing using one-time password and cryptographic hash function. International Journal of Computer Science and Information Security (IJCSIS), 17(2), 7-19.

6. Blakley, B., McDermott, E., & Geer, D. (2001, September). Information security is information risk management. In Proceedings of the 2001 workshop on New security paradigms (pp. 97-104).

7. Del-Valle-Soto, C., Briseño, R. A., Valdivia, L. J., & Nolazco-Flores, J. A. (2024). Unveiling wearables: exploring the global landscape of biometric applications and vital signs and behavioral impact. BioData Mining, 17(1), 15.

8. Denis, M., Zena, C., & Hayajneh, T. (2016, April). Penetration testing: Concepts, attack methods, and defense strategies. In 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT) (pp. 1-6). IEEE.

9. Edwards, D. J. (2024). Vulnerability assessment and penetration testing. In Mastering cybersecurity: Strategies, technologies, and best practices (pp. 371-412). Berkeley, CA: Apress.

10. Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2005). A management perspective on risk of security threats to information systems. Information Technology and Management, 6, 203-225.

11. Florencio, D., & Herley, C. (2007, May). A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web (pp. 657-666).

12. Gautam, T., & Jain, A. (2015, November). Analysis of brute force attack using TG—Dataset. In 2015 SAI Intelligent Systems Conference (IntelliSys) (pp. 984-988). IEEE.

13. Inayat, Z., Gani, A., Anuar, N. B., Khan, M. K., & Anwar, S. (2016). Intrusion response systems: Foundations, design, and challenges. Journal of Network and Computer Applications, 62, 53-74.

14. Mohammadi, V., Rahmani, A. M., Darwesh, A. M., & Sahafi, A. (2019). Trust-based recommendation systems in Internet of Things: a systematic literature review. Human-centric Computing and Information Sciences, 9, 1-61.

15. Owens, J., & Matthews, J. (2008, March). A study of passwords and methods used in brute-force SSH attacks. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (p. 8).

16. Sari, D. P., & Pakaja, F. 2024. Carrying Out Website Security Analysis Using the Standard Penetration Testing Method. International Journal of Multidisciplinary Science and Applied Research (IJOMAS). 01, 01, 22-28.

17. Shah, S., & Mehtre, B. M. (2015). An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques, 11, 27-49.

18. Singh, H., & Sharma, H. (2020). Hands-On Web Penetration Testing with Metasploit: The subtle art of using Metasploit 5.0 for web application exploitation. Packt Publishing Ltd.

19. Sowmya, G., Jamuna, D., & Reddy, M. V. K. (2012). Blocking of brute force attack. International Journal of Engineering Research and Technology, 1(6).

20. Yaqoob, I., Hussain, S. A., Mamoon, S., Naseer, N., Akram, J., & ur Rehman, A. (2017). Penetration testing and vulnerability assessment. Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org, 7(8), 10-18.

21. Vishwakarma, R., & Jain, A. K. (2020). A survey of DDoS attacking techniques and defence mechanisms in the IoT network. Telecommunication systems, 73(1), 3-25.