Download Network Security: Firewalls, Intrusion Detection Systems, and DMZs and more Assignments Computer Security in PDF only on Docsity!
Assignment Brief 1 (RQF)
Higher National Certificate/Diploma in Computing
Student Name/ID Number: Unit Number and Title: Unit 5 : Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1 st, 2021 Submission Date: Internal Verifier Name: Date: Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission ● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor. ● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/. ● Remember to convert the word file into PDF file before the submission on CMS. Note: ● The individual Assignment must be your own work, and not copied by or from another student. ● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style. ● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this requirement will result in a failed assignment. Unit Learning Outcomes:
LO1 Assess risks to IT security. LO 2 Describe IT security solutions. Assignment Brief and Guidance: Assignment scenario You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. Tasks In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:
- Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences
- Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach.
- Propose a method that FIS can use to prioritize the management of different types of risk
- Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
- Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show through examples how different techniques can be implemented to improve network security.
- Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine how it can be part of a security system used by FIS. Your detailed report should include a summary of your presentation as well as additional, evaluated or critically reviewed technical notes on all of the expected topics.
Table of contents:
ASSIGNMENT 1 ANSWERS .......................................................................................................... 6
P1. Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences ............................................................................. 6
**1. Define threats..................................................................................................................... 6
- Identify threats agents to organizations .............................................................................. 7
- List type of threats that organizations will face ................................................................... 8
- What are the recent security breaches? List and give examples with dates ........................ 12
- The consequences of those breaches ................................................................................ 14 P2. Describe at least 3 organizational security procedures ........................................................ 15 P3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS. .......................................................................................................................................... 19
- Discuss briefly firewalls and policies, their usage, and advantages in a network ................ 19
- How does a firewall provide security to a network? .......................................................... 21
- Show with diagrams the example of how firewall works ................................................... 23
- Define IDS, and its usage, and show it with diagrams and examples .................................. 23
- Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network........................................................................................................ 27 P4. Show, using an example for each, how implementing a DMZ, static IP, and NAT in a network can improve Network Security. ................................................................................................ 28
- Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as an advantage........................................................................................................................ 28
- Define and discuss with the aid of a diagram static IP. Focus on its usage and security function as an advantage. ..................................................................................................... 30
- Define and discuss with the aid of diagram NAT. Focus on its usage and security function as an advantage........................................................................................................................ 32 REFERENCES ......................................................................................................................... 34**
Table of figures
- Figure 1: Threats
- Figure 2: Threats agents
- Figure 3: List the type of threats
- Figure 4: Dos attacks
- Figure 5: Phishing attack
- Figure 6: SQL injection
- Figure 7: Password manager
- Figure 8: Data backup and recovery
- Figure 9: 6 Phases in the Incident Response Plan
- Figure 10: Firewall
- Figure 11: The firewall allows Good Traffic
- Figure 12: Firewall Blocking Bad Traffic
- Figure 13: Firewall diagram
- Figure 14: IDS diagram
- Figure 15: Network intrusion detection systems (NIDS)
- Figure 16: Host Intrusion Detection Systems (HIDS)
- Figure 17: DMZ diagram
- Figure 18: Security Benefits of DMZ
- Figure 19: Static IP diagram
- Figure 20: NAT diagram
- Figure 21: NAT usage
2. Identify threats agents to organizations:
A security threat is a malicious act that attempts to gain unauthorized access to a control system's equipment and/or network by using a data link that corrupts or steals data or disrupts the network. system segment of an organization or an entire organization. A security event refers to an event that occurs where corporate data or corporate networks may have been exposed. And an event that leads to a data or network breach is known as a security incident. These threats can come from many sources, including governments, terrorist groups, employees, or malicious intruders. Figure 2 : Threats agents Source: (cyber.gc.ca, 2022)
- National governments: One country can become the target of other countries. Their goal is to weaken, disrupt or destroy this country by infiltrating its vital data from within. Their secondary goals include espionage for offensive purposes, stealing technology, and disrupting the economy or defense when attacked by the target country. Companies operating in certain sectors may be targeted by foreign countries to disrupt operations now or give that country a solid future in difficult times.
- Cyber-terrorists: Cyber-terrorists are a contemporary version of a persistent worldwide issue that has affected the majority of nations for decades. These threat actors frequently aim to damage people and interrupt vital services.
- Hacktivists:
Hacktivists prioritize spreading knowledge. They frequently have an activist ideology driving them. One or more politically engaged hacker organizations are considered hacktivists. They represent a moderate threat when they carry out a solitary, destructive strike. The majority of global hacktivist organizations appear to lean more toward propaganda than critical infrastructure damage. To advance their political agenda is their main objective. Propaganda and harm are their secondary objectives in order to harm their target's reputation.
- Natural disasters: While not a cyber attack, these events can have a similar net impact on your ability to do business. These can be floods, earthquakes, tornadoes, extreme temperatures, hurricanes, and hurricanes. Disrupt your business and weaken the machines and keep you from accessing your office, data center, or cloud-hosted files, and you'll have a data disaster and this must be taken into account.
- Organized crime (local, national, transnational, specialist): Criminals seek personal data for a variety of offenses, including bank account fraud, identity theft, and credit card fraud. These crimes are now routinely committed on a large scale. The final consequence is the same whether the methods employed are phishing attacks or websites: your data and you are taken and utilized for evil purposes.
- Corporates (competitors, partners): Although it is evident that a competitor could steal your intellectual property, we are increasingly collaborating with numerous partner organizations to either supply services or address skill and resource shortfalls. Depending on their intentions, these partner companies might steal or expose your intellectual property or the personal information you are storing.
- Hacker: Most of the common cyber scandals, data theft, vandalism of personal or business data, and other incidents are caused by individuals with a hobby of computer hacking, also known as hackers. Such hackers pose a negligible threat of widespread, long-term damage to IT infrastructure. Most hackers don't have the skills or equipment needed to threaten tough targets, and large numbers of hackers worldwide pose a relatively high threat of isolated or short-term disruption causing serious damage. However, there are different types of hackers that work for many purposes including good and bad.
3. List type of threats that organizations will face:
Cybercriminals are constantly adapting their attack strategies and acquiring access to a system within a company. Several security risks might have an impact on an organization's ability to conduct
o Adware can attack by:
- It can also be used to steal all of your sensitive information and login credentials by tracking your online activities and selling that information to a third party.
- Clicking on the ads directs you to an advertising website and collects your information.
- Spyware: Spyware is an unwelcome form of security risk to organizations that is installed on users' computers and stealthily gathers sensitive data, including credit card information, login credentials, and personal or organizational business information. Spyware also monitors internet activity, tracks login credentials, and spies on sensitive information.
- Worm: A computer worm is a form of malicious software or program that replicates itself from one computer in an organization to another computer in the network to which it is connected. o How does the worm spread?
- It has the ability to spread automatically, take advantage of software security flaws, and attempt to access the system remotely in order to access and corrupt files and steal sensitive data.
- Denial-of-Service (DoS) Attacks: A denial-of-service attack disables a computer or network or renders it inaccessible to users. It often bombards a targeted system with requests until regular traffic cannot be processed, denying customers of their services. Figure 4 : Dos attacks
Source: (vnetwork, 2022) o How does DoS attack?
- It happens when an attacker denies authorized users access to particular computer systems, gadgets, or other resources.
- The attacker overloads the target server with traffic by sending an excessive amount of data.
- Overloaded servers crash websites, email servers, and other Internet-connected services.
- Phishing: Phishing is a type of social engineering attack that tries to obtain confidential information such as usernames, passwords, credit card information, login credentials, etc. Figure 5 : Phishing attack Source: (simplilearn, 2022) o How does Phishing attack?
- In a phishing email assault, an attacker sends phishing emails to the victim's email address that seem to be from their bank and requests personal data from them.
- A link in the message links you to another exposed website where your information is stolen.
- So, it is best to avoid clicking on or opening such emails and refrain from giving out important information.
- SQL injection:
- Around 23 terabytes of data in total have been stolen from Alibaba Cloud, the largest Chinese public cloud service provider, which hosts data on cloud servers. A hacker who claimed to have information on the Shanghai police force, whose data was also kept on Alibaba Cloud, first disclosed the intrusion through internet forums. Despite handling incredibly sensitive government data, Alibaba and its founder, Jack Ma, came under heavy fire for leaving crucial servers entirely exposed and without a password lock. (Tunggal, 2023)
- This wasn't Alibaba's first data breach problem; only a year prior, a third-party developer had discovered them after scraping Taobao, Alibaba's e-commerce platform, for user information. Once more, over a billion users were compromised, and despite a developer and his employer receiving a three-year prison sentence, Alibaba demonstrated that they continued to implement poor security practices into 2022. (Tunggal, 2023) Facebook Data Breach (2019)
- Impact: 5 33 million users
- Date: April 2019
- Two datasets from third-party Facebook apps were made available to the general Internet in April 2019 according to the UpGuard Cyber Risk team. One is 146 terabytes in size and contains over 533 million entries, including comments, likes, reactions, account names, Facebook IDs, and more. It comes from the Mexican media organization Cultura Colectiva. Given the potential applications of such data, this same type of collecting in a similarly focused form has been raising concerns recently. Read more about this Facebook data breach here. (Tunggal, 2023)
- In April 2021, this database was freely released on the dark web, exposing the material that had previously been stolen in 2019. This makes Facebook one of the biggest companies to be hacked in 2021 as well as one of the companies that have been hacked the most recently. (Tunggal, 2023) Twitter Data Breach (2018)
- Impact: 330 million users
- Date: May 2018
- The social media behemoth Twitter informed users of a bug in May 2018 that left all user credentials exposed to the internal network and saved unmasked passwords in an internal log. Twitter advised its 330 million users to update their passwords, although the firm said
that the problem had been patched and that there was no evidence of a breach or misuse. Nevertheless, the business still urged users to do so as a precaution. Twitter did not say how many users were affected, but it did say that the number was large and that they had been exposed for a number of months. (Tunggal, 2023)
5. The consequences of those breaches:
- Alibaba Data Breach (2022) A total of about 23 terabytes of data were stolen from Alibaba Cloud, revealing the breach for the first time through internet forums and highly sensitive government data, Alibaba and its founder Jack Ma have been pointed out. heavily extracted because it completely exposes important servers and does not have a password lock.
- Facebook Data Breach (2019) This database had been stolen in 2019 and was publicly distributed on the dark web in April 2021. Facebook is now one of the businesses that have been compromised. the most in 2021 and one of the most recent targets of attacks.
- Twitter Data Breach (2018) Even though Twitter claims the issue has been fixed and there is no evidence of abuse or violation, all user logins to the intranet and stored passwords that were exposed in May 2018 led its 330 million users to update their passwords.
6. Suggest solutions to organizations:
With the use of these cyber security measures, these organizations can stop the theft of information, the leakage of sensitive data, unauthorized system access, and malicious system restore activities that attempt to siphon off any data from a company's databases.
- All employees of a company should understand how to identify cyberattacks as soon as possible so they can secure equipment and correct data in numerous ongoing operations.
- Multi-factor authentication (MFA) is crucial for protecting your device. Random passwords for multi-layer verification are just as crucial as password strength.
- Follow industry standards for hardware and software. Updating your firmware and software enables you to stay safe from known security risks.
- Make software and firmware updates a top priority for all of your devices so they can operate at their best. Critical fixes for recently found vulnerabilities are frequently included in product upgrades.
Figure 7 : Password manager Source: (blog.1password, 2022) Here are the general steps to create a Strong Password: Step 1: Contains at least 8 characters, contains both upper and lower case letters (eg A-Z, a-z), contains at least one numeric character (eg 0-9), contains at least one special character (e.g. ~!@#$%^&*()_-+=) Step 2: Spell a word or series of words that can be found in a standard dictionary, spell a word with a number at the beginning and end, based on any personal information such as user id, last name, animal baby, date of birth, etc. Step 3: Don't share your password with anyone for any reason, change it when there is a sign of being compromised, consider using a passphrase instead of a password, and don't write down your password paper or store it in an unsafe manner. Step 4: Avoid reusing passwords, Avoid using the same password for multiple accounts, and do not use the automatic login function.
2. Data backup and recovery procedures:
In the event of loss or damage, data is duplicated and stored in a secure area. Backup and recovery is the process of relocating the duplicated data to the original location or a secure backup so that it can be utilized once more in operations.
Figure 8 : Data backup and recovery Source: (sqlshack, 2022) Here are the general steps for the data backup and recovery process: Step 1: Backup plan: Server backup will be done after each job and the last backup of each month will be considered as monthly backup and backup will always be done first when upgrading or modifying the server. Step 2: Data Loss: Data loss is usually caused by corrupted files, viruses, security settings, or human error, the problem must be diagnosed to see if it is a hardware or software problem to prevent the file from being corrupted. further damage. Step 3: Data Recovery: After the lost data is detected, evaluated, and remedied, IT staff will perform data recovery from the backup media, determine the date and time the data was lost, and confirm the data recovery. get data recovery. Step 4: Disaster Recovery: If a disaster is detected, the IT Staff will determine the extent of the problem and take appropriate action. If a disaster occurs, such as water, fire, tornado, earthquake, etc., the hardware will be replaced and the server will be restored using external backup media.
3. Incident Response Procedures:
A clear incident response plan must be implemented by the organization. This strategy should specify what is considered a security incident and provide a simple process that the team can use in the event of problems with security information, data, etc. (Ellis, 2022)
Step 6: Lessons Learned: Have an after-action meeting with every member of the Incident Response Team when the investigation is finished to go over the lessons you've learned from the data breach. Find out what aspects of your response strategy were effective and whether there were any gaps.
P3. Identify the potential impact to IT security of incorrect configuration
of firewall policies and IDS.
1. Discuss briefly firewalls and policies, their usage, and advantages in a network:
- Definition: A firewall is a hardware- or software-based network security solution that employs rules to regulate traffic entering and exiting the system. The safe network and the unprotected network are separated by firewalls. Via a preventative control strategy, it regulates access to network resources. In other words, only traffic that complies with the firewall's policy is allowed to access the network; all other traffic is rejected. Figure 10 : Firewall Source: (geekflare, 2022)
- What types of firewalls are there? There are 5 types of firewalls, depending on their mode of operation and features. These include packet filters, circuit gateways, application-level gateways, stateful inspection firewalls, and next- generation firewalls. 1. Packet filtering:
Initially, the firewall just read information from packet headers, such as source and destination addresses. Based on the knowledge gained, a decision can then be made. This is quick and efficient but has a lot of weaknesses.
2. Circuit gateway: The ring gateway manages more than packet header information. Also, they attempt to confirm the validity of a connection forwarding packet. In order to accomplish this, the ring gateway carefully examines the packet data and scans for any modifications, such as an odd source IP address or destination port. A connection may be terminated if it is found to be invalid. Additionally, these firewalls immediately refuse any data that has not been specifically requested by the user. 3. Application Gateway (ALG): These firewalls share ring gateway characteristics. They examine the data passed across the firewall in more detail, though, to see how it relates to particular programs, services, and websites. An application portal, for instance, can look at packets conveying web traffic and identify the pages from which the traffic originates. The firewall can then be configured by the administrator to stop data from specific websites. 4. State Check Firewall: An active network connection's status and the flow of traffic over a specific network are kept track of by a status-checking firewall. Incoming packets' source, IP address, and port are also examined for any security concerns and threats. 5. Next Generation Firewall (NGFW): In order to establish a comprehensive firewall that monitors all network traffic and defends against assaults, the most recent firewall, known as the next-generation firewall, incorporates all the features of earlier firewalls. both inside and out. - Firewall Policy: Based on the information security policies of the company, a firewall policy specifies how firewalls should handle network traffic for particular IP addresses and address ranges, protocols, applications, and content kinds (such as active content). Prior to developing a firewall policy, some sort of risk analysis should be carried out to compile a list of the traffic types that the business requires and classify how they must be secured—including which forms of traffic can pass through a firewall under what conditions. Based on an assessment of risks, vulnerabilities, countermeasures in place to minimize vulnerabilities, and the effects of systems or data being hacked, this risk analysis should be conducted. As new attack types or vulnerabilities emerge or as the organization's
