Tarpit Firewall Implementation for Network Security Optimization in the IT Service Division of PT Pusri Palembang Using the NIST SP 800-86 Forensic Method

Abstract

The KP Room of the IT Service Division at PT Pusri Palembang has experienced recurring network disruptions that frequently lead to downtime, adversely impacting the performance of interns and employees. The underlying cause of these disturbances had not been determined, necessitating an investigation using an Intrusion Detection System (IDS) through Snort IDS. This study applies the NIST SP 800-86 forensic method consisting of collection, examination, analysis, and reporting to identify the source of attacks. The collection phase successfully detected indications of Distributed Denial-of-Service (DDoS) attacks. Subsequent examination and attack simulations validated that these vulnerabilities resulted from DDoS activities. To address this issue, a Tarpit Firewall was implemented on the router. The Tarpit Firewall effectively reduced the impact of DDoS attacks by slowing incoming malicious connections and terminating attack attempts, thereby improving the network’s resilience against DDoS, brute-force, and port-scanning attacks.