Linux Operating System Security Testing Case Study: FTP Security in Metasploitable2

Muhammad Anis Al Hilmi; Fauziah  Herdiyanti

Authors

Muhammad Anis Al Hilmi Politeknik Negeri Indramayu
Fauziah Herdiyanti Politeknik Negeri Indramayu

Keywords:

Metasploitable2, Backdoor, Linux, FTP, NMap, Kali Linux

Abstract

Linux is an operating system like Unix that uses a kernel and includes applications and other support-ing modules to be used properly. Linux is free to use and includes open-source code to be used and devel-oped by all parties. The Linux operating system is widely used as a server, for example, for hosting web applications or used in cloud computing infrastructure. No wonder Linux is one of the targets of cyberat-tacks. In this study, a simulation of attacks on the Linux operating system was carried out, and one type of Linux distribution tested as a target was Metasploitable2. Metasploitable2 is a Linux operating system that is intentionally made vulnerable to attack; the aim is to be experimental material. In testing, Metasploitable2 was treated as the target of the attack and Kali Linux as the attacker. The initial stage of the attack simulation, carried out using NMap, Metasploitable2 security vulnerabilities can be identified and exploited for later attacks with exploits. The type of exploit used is a backdoor because a backdoor can function to penetrate systems, programs, or networks without going through the authentication pro-cess. In this case, Metasploitable2 has a security hole in its FTP port. The loophole is tried to be exploited. In this case, the way to overcome the attack is by closing all possible entry points to be an attack loop-hole; in this case, Metasploitable2 is port 6200 and disabling anonymous account permissions to upload files using FTP.

Downloads

Download data is not yet available.

References

K. A. CAHYANTO, M. A. AL HILMI, and M. MUSTAMIIN, ‘Pengujian Rule-Based pada Dataset Log Server Menggunakan Support Vector Machine Berbasis Linear Discriminat Analysis untuk Deteksi Malicious Activity’, Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 9, no. 2, 2021.

Z. R. Mair, Teori Dan Praktek Sistem Operasi. Deepublish, 2018.

R. Watrianthos and I. Purnama, Buku Ajar Sistem Operasi. Uwais Inspirasi Indonesia, 2018.

D. Ruwaida and D. Kurnia, ‘Rancang Bangun File Transfer Protocol (FTP) dengan Pengamanan Open SSL pada Jaringan VPN Mikrotik di SMK Dwiwarna’, CESS (Journal of Computer Engineering, Sys-tem and Science), vol. 3, no. 1, pp. 45–49, 2018.

M. Arman, ‘Rancang Bangun Pengamanan FTP Server dengan Menggunakan Secure Sockets Layer’, Jurnal Integrasi, vol. 9, no. 1, pp. 16–23, 2017.

T. Radivilova, L. Kirichenko, D. Ageyev, M. Tawalbeh, and V. Bulakh, ‘Decrypting SSL/TLS traffic for hidden threats detection’, in 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), 2018, pp. 143–146.

P.-B. Bök, A. Noack, M. Müller, and D. Behnke, ‘Internet Protocol Version 4’, in Computernetze und Internet of Things, Springer, 2020, pp. 125–155.

G. Lencse and Y. Kadobayashi, ‘Comprehensive survey of IPv6 transition technologies: A subjective classification for security analysis’, IEICE Transactions on Communications, vol. 102, no. 10, pp. 2021–2035, 2019.

S. Khadafi, S. Nurmuslimah, and F. K. Anggakusuma, ‘Implementasi Firewall Dan Port Knocking Se-bagai Keamanan Data Transfer Pada Ftp Server Berbasiskan Linux Ubuntu Server’, Network Engi-neering Research Operation, vol. 4, no. 3, pp. 180–188, 2019.

G. Bagyalakshmi et al., "Network Vulnerability Analysis on Brain Signal/Image Databases Using NMap and Wireshark Tools," in IEEE Access, vol. 6, pp. 57144-57151, 2018, doi: 10.1109/ACCESS.2018.2872775.

S. Sinha, ‘Setting Up a Penetration Testing and Network Security Lab’, in Beginning Ethical Hacking with Kali Linux, Springer, 2018, pp. 19–40.

G. Johansen, L. Allen, T. Heriyanto, and S. Ali, Kali Linux 2–Assuring Security by Penetration Test-ing. Packt Publishing Ltd, 2016.

F. R. Mahtuf, P. Hatta, and E. S. Wihidiyat, ‘Pengembangan Laboratorium Virtual untuk Simulasi Uji Penetrasi Sistem Keamanan Jaringan’, JOINTECS (Journal of Information Technology and Computer Science), vol. 4, no. 1, pp. 17–22, 2019.

E. Cozzi, M. Graziano, Y. Fratantonio and D. Balzarotti, "Understanding Linux Malware," 2018 IEEE Symposium on Security and Privacy (SP), 2018, pp. 161-175, doi: 10.1109/SP.2018.00054.

Y. Xie, D. Feng, Z. Tan, and J. Zhou, ‘Unifying intrusion detection and forensic analysis via prove-nance awareness’, Future Generation Computer Systems, vol. 61, pp. 26–36, 2016.