Active IDS Firewall Using MikroTik


  • Nadzirah Binti Ramli Universiti Kuala Lumpur


Nowadays, network vulnerabilities getting more advance and complex. Some small business or enterprise company will buy third party Advance Firewall such as Cisco, WatchGuard and Sangfor for their network protection because not all integrated service router can perform firewall function very well. So this project Active IDS Firewall Using MikroTik, perform Intrusion Detection System (IDS) to detect intrusion or attack and prevent it from intruder to enter the network. Active IDS Firewall is the rule set that will react to block intrusion from getting in from certain condition. When the attacker attack network, it will send alert to admin via e-Mail and then the MikroTik itself will solve the detection and prevent it without admin action. The attack that are going to be prevent using this Intrusion Detection System are SSH Brute Force attack, Port Scanning attack, and DDoS attack. Port scanning attack is very dangerous because attacker can trace all open ports in the organization especially Port NAT Forwarding and DMZ. By using this Active IDS Firewall, protocol like SSH can improve their level of security by slowing down the attacker to attack the network and also can block from DDoS attack that can cause slow network performance and high network utilization.