Penerapan Hardening Server Linux untuk Meningkatkan Keamanan Sistem Messaging IoT
DOI:
https://doi.org/10.26623/transformatika.v23i2.13776Abstract
Linux-based servers are extensively utilized as core infrastructure for network services, particularly as IoT Messaging Servers based on the MQTT protocol. However, many servers remain vulnerable to security breaches due to misconfigurations or unpatched flaws. This study aims to implement and analyze the effectiveness of Linux server hardening in enhancing system security against network-based attacks. The research was conducted using Ubuntu Server 22.04 running Mosquitto MQTT within a virtualized environment, employing a limited penetration testing approach. Testing scenarios were focused on port scanning, brute-force authentication attacks, and unauthorized access to MQTT services, excluding kernel-level or zero-day exploits. The hardening methodology encompasses system updates, SSH configuration hardening, user management, UFW firewall implementation, Fail2ban integration, Mosquitto-specific hardening, and security log monitoring. Security indicators were measured based on the reduction of open ports, the success rate of automated brute-force blocking, and the improvement in logging quality. The results demonstrate a reduction in vulnerability exposure by up to 75% and a significant improvement in security detection and response. This research contributes a novel measurable integration between hardening automation, firewalling, and IoT applications, thereby minimizing the risk of exploitation vulnerabilities.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Agus Hartanto, Lenny Margaretta Huizen, April Firmandaru, surono surono
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Transformatika is licensed under a Creative Commons Attribution 4.0 International License.
