The Computer Science Study Programme holds an independent study programme in which each student team makes a project according to their specialization which is then equated with the appropriate courses . The cyber team implemented an IPS (Intrusion Prevention System) which is a security system for servers. This IPS security system can not only prevent attacks from internal or external parties IPS is also equipped with a Honeypot where when hackers can pass through the firewall and internal security, hackers do not go directly to the server but will be trapped in an artificial or simulated server. This project is still in the development and system configuration stage. The security system developed is not just installed but needs to go through a trial stage to ensure that hackers don’t easily get into the original server.
Figure 1. Topology of IPS Security System DesignIn addition to software that can secure servers, hardware is also needed to block suspicious activities. This project uses RouterBoard from Mikrotik which is a network router that can manage and block networks with routing. The goal is to connect other network segments in transmitting data. We need this to deal with network traffic activities, besides that we can connect servers, IPS, and honeypots with Routers. In the configuration of this project, we use a Network-based Intrusion Prevention System (NIPS) which aims to monitor and protect the entire network. In addition to making it easier to monitor the NIPS type, it can also perform a remote system, meaning that it can be monitored and managed remotely because the security system is connected to the internet. For the server we use the Proxmox Virtual Environment operating system from a Debian-based linux distro. The function in the system that we developed is as a virtualization server. The plan is that after the system has been successfully developed for testing, we will use Zenmap software to perform port scanning, this technique can display characteristics to detect open ports and can get important information on the network