Network Security: A Comprehensive Guide for Junior Staff Members, Assignments of Security Analysis

Security - Assignment 1 - 1618 - Grade D

Typology: Assignments

2022/2023

Uploaded on 10/22/2023

lazy-peesh-1
lazy-peesh-1 🇻🇳

5

(2)

12 documents

1 / 44

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 22/04/2023 Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Student ID
Class Assessor name Ha Trong Thang
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c

Partial preview of the text

Download Network Security: A Comprehensive Guide for Junior Staff Members and more Assignments Security Analysis in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 22/04/2023 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Student ID Class Assessor name Ha Trong Thang Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date: Lecturer Signature:

Task 4.1 Discuss three benefits to implement network monitoring systems with supporting reasons

  • (M2)............................................................................................................................................................
      1. List some of the networking monitoring devices and discuss each of them...................................
      1. Why do you need to monitor networks?.........................................................................................
      1. What are the benefits of monitoring a network?.............................................................................
  • Task 4.1.1 - Investigate how a ‘trusted network’ may be part of an IT security solution (D1).........
      1. Discuss and explain what are trusted network................................................................................
      1. Give brief details with an example on its uses................................................................................
      1. How can it be a solution in IT security?.........................................................................................
  • CONCLUSION.........................................................................................................................................
  • REFFERENCE.........................................................................................................................................

INTRODUCTION

As technology advances along with the use of Internet, the information system between organizations and business complexity also grows dramatically. Furthermore, many businesses require Internet connection to share information, which exposes vulnerabilities and may be attacked by a hacker. Therefore, it is essential to understand which of the company’s resources must be protected and control system access. This assignment will assist junior staff members to understand system security, demonstrate the methods for identifying and evaluating IT security risks, as well as the organizational policies to protect business critical data and equipment. Task 1 - Identify types of security threat to organizations. Give an example of a recently publicized breach and discuss its consequences (P1)

1. Define Threat A threat refers to any activity that has the potential to damage an asset. Information systems are exposed to different types of threats caused by both natural and human factors. For example, flood, earthquake or severe storms are threats caused by nature which require to plan ahead to ensure business operation can keep going and organization can recover. Computer systems are also vulnerable to human-caused threats such as viruses, malicious code, and unauthorized access. They are thread that can cause damage to a system, an application or data which can introduce error and loss of valuable data. These are the threats that can harm an individual, business, or organization. (2018, David Kim) Examples of physical threats include:  Natural events (floods, earthquakes, and tornados)  Other environmental conditions (extreme temperatures, high humidity, heavy rains, and lightning)  Intentional acts of destruction (theft, vandalism, and arson)  Unintentionally destructive acts (equipment broken down, overloaded electrical outlets, and bad plumbing) Examples of non-physical threats include:  Loss or corruption of system data  Disrupt business operations that rely on computer systems  Loss of sensitive information  Illegal monitoring of activities on computer systems  Cyber Security Breaches

While not a cyber-attack, these occurrences can have a similar impact on your ability to conduct business. If you are unable to access your offices, data centers, or files saved in the cloud, you are still experiencing a data disaster, and this must be considered. 2.7 Corporates (competitors, partners) Although it is evident that the potential of a competitor stealing your intellectual property exists, we are increasingly collaborating with numerous partner organizations to bridge skill and resource gaps or to merely offer services. Depending on their intentions, these partner companies might steal or expose your intellectual property or the personal information you are storing.

3. List type of threats that organizations will face A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization’s systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed. And an event that results in a data or network breach is called a security incident. As cybersecurity threats continue to evolve and become more sophisticated, enterprise IT must remain vigilant when it comes to protecting their data and networks. To do that, they first have to understand the types of security threats and potential attacks they’re up against. 3.1 Insider threats An insider threat arises when people affiliated with an organization who are granted permission to access its network unintentionally or intentionally misuse that access to harm the organization’s vital information or systems. Insider threats are created by negligent employees that don’t follow the business norms and regulations of their firms. For instance, individuals might unintentionally click on phishing links in emails, disclose their login information with others, or email consumer data to other parties. Other insider dangers come from vendors, partners in business, and contractors. Some insiders purposefully evade security precautions out of convenience or inane attempts to increase productivity. Malicious insiders purposefully circumvent cybersecurity measures in order to destroy data, steal data to sell or exploit later, disrupt business operations, or do other harm. 3.2 Viruses and worms

Malicious software such as viruses and worms are designed to harm a company’s systems, data, and network. A computer virus is a piece of malicious software that spreads by copying itself onto a host file, system, or other application. It does not propagate until it is intentionally or unintentionally activated, without the knowledge or consent of a user or system administrator. 3.3 Botnets A botnet is a collection of Internet-connected devices, such as PCs, mobile devices, servers, and IoT devices, that are infected with and controlled remotely by a common type of malware. Typically, botnet malware searches the internet for vulnerable devices across the internet. The threat actor who creates a botnet’s goal is to infect as many connected devices as possible, using the computing power and resources of those devices for automated tasks that are generally hidden from the devices’ users. The threat actors who control these botnets, who are often cybercriminals, use them to send email spam, engage in click fraud campaigns, and generate malicious traffic for distributed denial-of-service attacks. 3.4 Drive-by download attacks In a drive-by download attack, malicious code is downloaded from a website without the user’s permission or knowledge using a browser, application, or integrated operating system. A user doesn’t have to click on anything to activate the download. Simply visiting or browsing a website can initiate a download. Drive-by downloads can be used by cybercriminals to inject banking Trojans, steal and collect personal information, and introduce exploit kits or other malware to endpoints. 3.5 Phishing attacks Phishing attacks are a type of information security threat that uses social engineering to trick users into violating normal security practices and disclosing sensitive information such as names, addresses, login credentials, Social Security numbers, credit card information, and other financial information. Most of the

attack kits, and malware toolkits. These toolkits are used by cybercriminals to exploit system vulnerabilities in order to distribute malware or engage in other malicious activities such as stealing corporate data, launching denial-of-service attacks, or constructing botnets. 3.9 Advanced persistent threat attacks A targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time is known as an advanced persistent threat (APT). An APT attack’s goal, rather than causing damage to a system or network, is to monitor network activity and steal information to gain access, including exploit kits and malware. APT attacks are typically used by cybercriminals to steal data from high-value targets such as large enterprises and nation-states over a long period of time. 3.10 Malvertising Malvertising is a method by which cybercriminals inject malicious code into legitimate online advertising networks and web pages. Typically, this code directs users to malicious websites or installs malware on their computers or mobile devices. Even if users do not click anything to initiate the download, their machines may become infected. Malvertising can be used by cybercriminals to distribute a variety of money-making malware, such as crypto mining scripts, ransomware, and banking Trojans.

4. What are the recent security breaches? List and give examples with dates? Discuss the consequences of this breach, s uggest solutions to organizations Date Organization Data breach Impact of data breach Solution February 4, 2015 Anthem, Inc.: Blue Cross Blue Shield customer database Criminal hackers had broken into its servers and potentially stolen from servers over 37.5 million records that contain personally identifiable information. 20 days later, the number of victims raise to 78. million people whose personal information was affected. The data breach extended into multiple brands Anthem uses to market its health care plans, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Individuals whose data was stolen could have problems resulting from identity theft for the rest of their lives. Anthem had a $ million insurance policy covering cyberattacks from American International Group One.

  • Anthem need to conduct regular security assessments: Regular security assessments, such as penetration testing and vulnerability scanning, can help organizations identify potential security weaknesses and take corrective action.
  • The company should also develop an incident response plan that outlines the steps to take in the event of a security breach. This includes notifying customers, law enforcement, and

Blue Cross and Blue Shield of Georgia, Empire Blue Cross and BlueShield, Amerigroup, Caremore, and UniCare. regulators, as well as steps to contain and mitigate the breach. September 15, 2015 Experian Information Solutions, Inc., and T-Mobile USA, Inc.: Database of T-Mobile customers applying for credit Experian discovered that attackers had breached one North American business unit server containing the personal data of about 15 million T-Mobile customers who had applied for credit. T-Mobile shared this information with Experian to process credit checks or provide financing. Social Security and credit card information was compromised. The Internal Revenue Service (IRS) has confirmed that 13,673 U.S. citizens have been victimized through the filing of $65 million in fraudulent individual income tax returns as a result of this data breach. T-Mobile is suffering reputational and financial damage because of the actions of a third-party partner and not its own, notwithstanding the carrier’s choice of business partners.

  • Experian should conduct background checks on employees and third-party vendors to ensure they have no prior criminal history and that they have proper security measures in place.
  • Organizations can also engage with third-party security experts to assess their security posture and identify potential risks and vulnerabilities.
  • Implement multi-layered security controls, including firewalls, intrusion detection and prevention systems, encryption, access controls, and antivirus software to protect their systems and networks. **Task 2 - Describe at least 3 organizational security procedures (P2)
  1. What are Security Procedures?** A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish an end result. Once implemented, security procedures provide a set of established actions for conducting the security affairs of the organization, which will facilitate training, process auditing, and process improvement. Procedures provide a starting point for implementing the consistency needed to decrease variation in security processes, which increases control of security within the organization. Decreasing variation is
  • Users must not use the same password for company accounts as for other non-company access (for example, personal ISP account, option trading, benefits, and so on).
  • Where possible, users must not use the same password for various company access needs.
  • User accounts that have elevated privileges must have a unique password from all other accounts held by that user.
    1. Password Change  All passwords for user accounts with elevated privileges (for example, root, enable, NT admin, application administration accounts, and so on) must be changed at least every six months.  All user-level passwords (for example, email, web, desktop computer, and so on) must be changed at least once a year. The recommended change interval is every six months.  Password cracking or guessing may be performed on a periodic or random basis by the Security Team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to be in compliance with the Password Construction Guidelines.
    2. Password Protection  Passwords must not be shared with anyone. All passwords are to be treated as sensitive, confidential company information.  Passwords must not be inserted into email messages or other forms of electronic communication.  Passwords must not be left on answering machines, it should be shared with the intended person only.  Do not reveal a password on questionnaires or security forms.  Do not hint at the format of a password (for example, “my family name”).  Do not share company passwords with anyone (superior, peer or subordinate) under any circumstances.  Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on a computer system or mobile devices (phone, tablet) without encryption. Refer to SDCOE encryption procedure for help on encrypting password files.  Do not use the “Remember Password” feature of applications (for example, web browsers).  Any user suspecting that his/her password may have been compromised must report the incident and change all passwords. Compliance The IT team will verify compliance to this procedure through various methods, including but not limited to, business tool reports, internal and external audits, and device monitoring. The team reserves the right to

prevent the transfer of data it finds unsecure. The team will engage in such action if it finds that the data is being used in such a way that puts the company or its employees at risk. Procedure Non-Compliance or Deviation Failure to comply with the password procedures may, at the full discretion of the organization, result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and possibly termination of employment.  Anti-Virus Procedure Purpose: This procedure will provide best practices and guidelines as it pertains to the installation and continued support of anti-virus software installed on all devices connected to the organization data network to ensure effective virus detection and prevention exists on all systems. Scope: This procedure applies to all devices that connect to the organization data network. Procedure: All devices connecting to the organization data network that are capable of running a reputable anti-virus software, must have anti-virus software installed and scheduled to scan the system at regular intervals. In addition, the anti-virus software and the virus pattern files must be kept up-to-date. Virus-infected devices must be removed from the network until they are verified as virus-free. The organization system administrators are responsible for creating procedures that ensure anti-virus software is run at regular intervals for company owned devices, and devices are verified as virus-free. Any activities with the intention to create and/or distribute malicious programs in or on the organization data network (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) are prohibited. Company Owned Devices (Faculty, Staff, and Computer Labs)  All company owned devices are required to have a managed anti-virus solution installed.  Virus definition updates must be configured to install automatically.  The anti-virus software configuration and status may only be changed by IT department personnel. Configuration changes by a system level user (limited user) are prohibited.  Removing or disabling the anti-virus software by users other than approved IT department personnel is prohibited. Non- Company Owned Devices (Customers and Visitors)

Email is intended for communication between individuals and clearly designated groups of individuals and should not be used for mass broadcasting or the wide distribution of large attachments. Only authorized users may send email to all faculty and staff. The company may send official correspondence to members of its community via email. Employee, faculty, and staff are expected to check their company email account regularly. Company employees are expected to use their company email account for all company-related communications. User Responsibilities  Use electronic mail in a responsible manner consistent with other business communications (e.g., phone, correspondence).  Safeguard the integrity, accuracy and confidentiality of company electronic mail.  Only use mail accounts assigned to them.  Remove mail from their mailbox consistent with company, departmental or electronic mail administrator message retention policies and standards. Unacceptable User Behavior  Sending any unsolicited mail or materials that are of a fraudulent, pornographic, defamatory, harassing or threatening nature.  Posting materials that violate existing laws or company codes of conduct, are inconsistent with the company mission, or are commercial advertisements or announcements on any electronic bulletin boards.  Forwarding any other form of unnecessary mass mailing (such as chain letters) to company or external electronic mail users.  Using electronic mail access to unlawfully solicit or exchange copies of copyrighted software. Use Standards  Individuals are prohibited from using an electronic mail account assigned to another individual to either send or receive messages. If it is necessary to read another individual’s message forwarding should be requested from the electronic mail administrator.  Company electronic mail users are encouraged to use these communications resources to share knowledge and information in furtherance of the company’s missions of instruction, research and public service. Occasional and incidental social communications using electronic mail are not prohibited; however, such messages should be limited and not interfere with an employee’s job function.

 Individuals with email ids on company computer systems are prohibited from sending messages which violate existing laws or Company codes of conduct or policies; are inconsistent with the College mission; or are advertisements or announcements for a commercial business.  Authorized users should not “rebroadcast” information about significant issues obtained from another individual in respect to that individuals’ reasonable expectation of confidentiality.  Authorized users are prohibited from sending, posting or publicly displaying or printing unsolicited mail or materials that is of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature on any company system. The sending of such messages/materials will be handled according to current company codes of conduct, policies and procedures.  The company accepts no responsibility for the content of electronic mail received. If an employee receives electronic mail that they consider harassing, threatening or offensive, they should contact for assistance. Task 2.1 - Propose a method to assess and treat IT security risks (M1)

1. Discuss methods required to assess security threats? A cybersecurity risk assessment can be split into many parts, but the five main parts are scoping, risk identification, risk analysis, risk evaluation and documentation. 1.1 Determine the scope of the risk assessment A risk assessment starts by deciding what is in scope of the assessment. It is vital to have the full support of all stakeholders whose activities are within the scope of the assessment as their input will be essential to understanding which assets and processes are the most important, identifying risks, assessing impacts and defining risk tolerance levels. A third-party specializing in risk assessments may be needed to help them through what is a resource-intensive exercise. 1.2 Identify security risks 1.2.1 Identify assets This part primary focus is to identify and create an inventory of all physical and logical assets that are within the scope of the risk assessment. Creating a network architecture diagram from the asset inventory list is a great way to visualize the interconnectivity and communication paths between assets and processes as well as entry points into the network, making the next task of identifying threats easier. 1.2.2 Identify threats Threats are the tactics, techniques, and methods used by threat actors that have the potential to cause harm to an organization’s assets. To help identify potential threats to each asset use a threat library like the MITRE ATT&CK Knowledge Base and resources from the Cyber Threat Alliance, which both provide

It’s important to document all identified risk scenarios in a risk register. This should be regularly reviewed and updated to ensure that management always has an up-to-date account of its cybersecurity risks. It should include:  Risk scenario  Identification date  Existing security controls  Current risk level  Treatment plan – the planned activities and timeline to bring the risk within an acceptable risk tolerance level along with the commercial justification for the investment  Progress status – the status of implementing the treatment plan  Residual risk – the risk level after the treatment plan is implemented  Risk owner – the individual or group responsible for ensuring that the residual risks remain within the tolerance level A security risk assessment is a large and ongoing undertaking, so time and resources need to be made available if it is going to improve the future security of the organization. As new cyber threats emerge and new systems or activities are implemented, it will need to be repeated. However, if it is done well the first time, it will provide a repeatable process and template for future assessments, decreasing the likelihood that a cyber-attack which will negatively impact business objectives.

2. What is the current weakness or threats of an organization? Unauthenticated protocols: Any computer on the network can send commands to alter the physical process when an ICS protocol does not require authentication. This could lead to faulty process operation, product damage, plant equipment breakdowns, personnel accidents, or environmental deterioration. Weak user authentication: In classic control systems, passwords that are easily detected, saved in easily recoverable formats, and encrypted passwords communicated in text are frequently used for user authentication. Once an attacker has obtained this password, they have complete control over the process. Unknown third-party relationship: Organization may be unaware of the third-party components they employ in their ICS systems, making it harder for them to warn customers of vulnerabilities. As a result, hackers who are aware of this reliance can target software that the industrial business is unaware of. Weak file integrity check: Code signing is a solution for software developers who want to ensure the integrity of their product from the moment it is compiled until the user installs it on their computer or mobile device. Due to the lack of Code Signing, attackers can trick users into giving them permission to replace legitimate files with malicious ones.

Using outdated hardware: Hardware for ICS is built to last for decades. This hardware might not have enough processing power or memory to handle the threat environment created by contemporary network technologies, or it might be too simple to use. Using vulnerable Windows operating systems: Unpatched Microsoft Windows operating systems are widely used in industrial systems, which exposes known vulnerabilities.

3. What tools will you propose to treat IT security risks? One method has been introduced to assess security threats is The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM^ (OCTAVESM) which is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an organization to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats. By putting those together, the organization can understand what information is at risk which will assist in design and implement a protection strategy to reduce the overall risk exposure of its information assets. (1999, Christopher J. Alberts) OCTAVE examines organizational issues and technology issues to assemble a comprehensive picture of the information security needs of an enterprise. It contains the following phases:  Phase 1, Build Enterprise-Wide Security Requirements  Phase 2, Identify Infrastructure Vulnerabilities  Phase 3, Determine Security Risk Management Strategy Each phase of OCTAVE is designed to produce meaningful results for the organization. During phase 1, information assets and their values, threats to those assets, and security needs are identified using standard information catalogs and staff knowledge from multiple organizational levels. For instance, known threat profiles and good organizational and technical practices are used to probe staff members for their knowledge of the organization’s assets, threats, and current protection strategies. This information can then be used to establish the security requirements of the enterprise, which is the goal of the first phase of OCTAVE.