1623 security - omar, Assignments of Security Analysis

asm1- 1623 Identify the types of security threats to organizations.

Typology: Assignments

2021/2022

Uploaded on 11/04/2022

nguyen-van-hoa-fgw-hn
nguyen-van-hoa-fgw-hn 🇬🇧

4.5

(1)

2 documents

1 / 25

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 5th/08/2022 Date Received 1st submission 4rd/08/2022
Re-submission Date -Date Received 2nd submission -
Student Name NGUYEN VAN HOA Student ID GCH200220
Class GCH1002 Assessor name Michael Omar
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
1 | P a g e
Nguyen Van Hoa – GCH200220
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19

Partial preview of the text

Download 1623 security - omar and more Assignments Security Analysis in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 5 th/08/2022 Date Received 1st submission 4 rd/08/ Re-submission Date - Date Received 2nd submission - Student Name NGUYEN VAN HOA Student ID GCH Class GCH1002 Assessor name Michael Omar Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

1 | P a g e

❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date: Lecturer Signature: 2 | P a g e

Spyware can literally be understood as a piece of software that works like a service in a movie, but instead of entering buildings and attaching wiretapping devices, we enter computers. computer or your mobile device. In other words, spyware is one of the malware (BasuMallick, 2022). o Key loggers: A keylogger is a computer program originally written for the purpose of tracking and recording every keystroke performed in a log file for use by its installers. Because of this privacy-infringing function, keyloggers are classified as spyware. It not only recorded keystrokes, but also recorded the images displayed on the screen by taking (screen-shot) or filming (screen-capture). even noted how the mouse pointer on the computer moved (Singh, 2022). o Adware: Adware is understood as all software in which advertising banners are displayed at the same time when the program is running. The creators of these apps have added snippets of code that play ads, which can be viewed through pop-ups or through a bar that appears on the computer screen. Adware generates huge revenue for developers by automatically generating online ads in the software's user interface or on the screen displayed to the user during installation. (BasuMallick, 2022) o Phishing: Phishing is a form of cyber attack in which an attacker masquerades as a reputable unit to trick users into providing them with personal information.

I.4 List type of threats that organizations will face:

Hackers: The word “hacker” brings to mind a cybercriminal who uses their programming expertise to break into corporate and private systems to steal data, you’re probably thinking of a “black hat” hacker. These are hackers who intentionally violate computer security for a variety of reasons, such as theft, fraud, corporate espionage, and even old-fashioned malice. (The terms “white hat” and “black hat” come from the Western movie genre in America because the heroes of those stories often wore white hats, while the 4 | P a g e

villains wore black ones.) Additionally, there are also “gray hat” hackers whose goals are somewhere in between. Malware: Malware attacks are typical types of cyberattacks in which malware (usually malicious software) performs illegal operations on the victim's system. Malicious software (sometimes known as viruses) comprises a wide range of assaults, including ransomware, spyware, command and control, and others. (Enstep Team, 2022). Viruses : A program or code that replicates itself; designed to amend, delete or copy data or files on a user’s computer; often causes the computer to crash or run slowly; could stop hardware from being able to communicate; could spread to other devices on a network (Enstep Team, 2022). 5 | P a g e

o Malware attacks : Malware Attack This is a fairly common network recipe. Malware includes spyware (Spyware), ransomware (Ransomware), viruses, and worms (Fast-spreading malware)… Hackers attack object through a security risk or a malicious path. (Saraie, 2022) o Drive-by downloads : Drive-by Download refers to the automatic downloading of software to a user's device without the user's knowledge or consent. This can happen when a user browses a legitimate website or even a malicious ad is displayed on another secure website. (BÎZGĂ, 2021) o Social engineering : The term "Social Engineering" is a combination of the terms "Social" (society) and "Engineering" (engineering), and it expresses the quality of this sort of work: processing jobs, engineering attacks on human social nature, and something that does not exist on the computer. Non-Technical Attack is another name for Social Engineering Attack. (Tresorit Team, 2022).

2.6 List and give examples with dates:

- Hackers claim to have personal details of 22.5 mil Malaysians on 18 May 2022 7 | P a g e

Details of 22.5 million Malaysians have been stolen from the National Registration Department (NRD), according to reports. Hackers are said to be looking to sell the data for US$10, (RM43,870) in bitcoin. Last September, leaked MyIdentity data was being sold online for 0. bitcoin (about RM35,000). (Thevibes, 2022).

- OpenSea’s Discord channel hacked on 07 May 2022 The most valuable NFT that was stolen was Founders' Pass, valued at 3.33 Ether, equivalent to around $8900. Hacker tried to entice the users on OpenSea by saying that YouTube would offer "insane utilities" for NFTs. Webhooks are gaining increased use as an attack vector for hackers because they facilitate messaging with the official server accounts (Raza, 2022). - A data breach at Australian pension provider Spirit Super has affected 50k people as a result of a phishing assault (30 may2022). Phishing attack at Australian pension provider Spirit Super has resulted in "some personal details being compromised". Spirit Super manages $26 billion worth of funds on behalf of 325,000 members across Australia. Anyone affected by the breach has been notified, and Spirit Super is upgrading its security. 8 | P a g e

An organizational security policy is a collection of rules or procedures that an organization imposes on its activities in order to secure sensitive data. The following organizational security rules are needed by the analyzed configuration: o Only users who have been granted permission to view the system's information can utilize it. o The system must restrict access to viewing, modifying, and destroying information in protected resources to those authorized users who have a "need to know" that information. o The system's users are held responsible for their conduct within the system. o Labeled purely for security: The system must restrict information access based on the following criteria:  Sensitivity to information contained in things, as indicated by a label  Users' formal authorization to access the information, as reflected by user profiles (Privacy Ninja, 2020)

II.2 Describe at least three organizational security procedures.

o Incident Response (IR) Policy An AUP specifies the restrictions and policies that employees who use organizational IT assets must agree to in order to access the business network or the internet. It is a normal new employee onboarding policy. Before being assigned a network ID, they are given an AUP to read and sign. It is advised that firms' IT, security, legal, and human resources departments consider what this policy entails (Privacy Ninja, 2020). o Access Control Policy (ACP) The ACP specifies how employees can gain access to an organization's data and information systems. Access control standards, such as NIST's Access Control and 10 | P a g e

Implementation Guides, are common subjects included in policies. This policy also addresses user access standards, network access restrictions, operating system software controls, and the difficulty of corporate passwords. Methods for monitoring how corporate systems are accessed and utilized, how unattended workstations should be protected, and how access is terminated when an individual departs the firm are all frequently detailed (Privacy Ninja, 2020). o Business Continuity plan The BCP will coordinate activities within the enterprise and use the disaster recovery plan to restore hardware, apps, and data considered critical to business continuity. Because they outline how the organization would work in an emergency, BCPs are unique to each firm. Security rules and procedures are an important part of a company's overall security program (KENTON, 2022) o Email/ Communication Policy 11 | P a g e

How does it accomplish this? A firewall is a type of filter that sits between your computer and another network, such as the internet. Consider a firewall to be a traffic controller. It assists in the protection of your network and information by regulating network traffic. This involves restricting unsolicited incoming network traffic and authenticating access by scanning network traffic for harmful elements such as hackers and viruses (Johansen, 2021) A firewall is normally included with your operating system and security software. It's a good idea to have such functionalities enabled. Check your security settings to ensure that they are set to execute updates automatically (Johansen, 2021).

How the firewall work?

To begin, a firewalled system analyzes network traffic based on predefined criteria. A firewall only accepts incoming connections that have been configured to allow them. It accomplishes this by permitting or rejecting certain data packets — communication 13 | P a g e

units sent across digital networks — based on pre-defined security standards (Johansen,

A firewall functions as a traffic cop at your computer's entrance point, or port. Only trusted sources or IP addresses are permitted. IP addresses are significant because they identify a computer or source in the same way that your postal address indicates where you reside. Diagrams the example of how a firewall works:

What are firewall policies:

Based on the organization's information security standards, a firewall policy specifies how an organization's firewalls should handle inbound and outgoing network traffic for certain IP addresses and address ranges, protocols, applications, and content categories (Johansen, 2021). 14 | P a g e

How IDS in security work:

Security Intrusion Detection System (IDS) During the typical work, IDS check for signatures from known attacks. These irregularities are reported to the stack and then analyzed at the protocol and application layers. An intrusion detection system (IDS) can be employed as a software program or as a network security appliance.

IDS diagrams examples:

What are the most common firewall misconfigurations?

o EC2 instances: Incorrectly configuring security groups might expose you to unneeded danger. According to AWS, "Among the most egregious were AWS Security Groups set to leave SSH wide accessible to the Internet in 73 percent of the firms studied." Any method that relies on frequently changing IP addresses will be prone to errors (Burton, 2022). o VPC access : Of course, The business doesn’t want anyone on the internet to be able to access your VPCs. That said, this is a common mistake. Many businesses use ACLs to manage the problem, but it can be time-consuming and leave blind spots (Burton, 2022). 16 | P a g e

o Permissions for services : It is common for superfluous services to be kept operating on the firewall, exposing organizations to risk and extending the attack surface. This danger is eliminated when devices are designed from the outset with the principles of zero-trust and least privilege. It also assures that gadgets can only perform the functions for which they were designed (Burton, 2022). o Inconsistent authentication: Enterprises frequently have networks that span several regions, locations, and environments. Consistent authentication across these several locations is essential for proper firewall hygiene. If certain needs are weaker than others, the misalignment creates susceptible sections of the company that may be exploited in the same way that an open door can be exploited. As a result, your company will be vulnerable to cyber-attacks (Burton, 2022). IV. Implementing a DMZ, static IP, and NAT in a network can improve Network Security.

4 .1 DMZ.

What is a DMZ network?

A DMZ Network is a perimeter network that protects and secures an organization's internal local-area network from untrusted traffic. A common DMZ is a subnetwork that connects the public internet to private networks. A DMZ's ultimate purpose is to allow an organization to access untrusted networks, such as the internet, while keeping its private network or LAN safe. External-facing services and resources, as well as servers for the Domain Name System (DNS), File Transfer Protocol (FTP), mail, proxy, Voice over Internet Protocol (VoIP), and web servers, are often stored in the DMZ. These servers and resources are segregated and have limited LAN access to guarantee that they can be accessed through the internet but not the internal LAN. As a result, a DMZ strategy makes it more difficult for a hacker to acquire direct internet access to an organization's data and internal systems. 17 | P a g e

danger. To avoid this, a company might pay a hosting company to host the website or its public servers behind a firewall, but this would reduce speed. As a result, the public servers are hosted on a different and separated network. (BasuMallick, 2022) A DMZ network acts as a barrier between the internet and a company's private network. A security gateway, such as a firewall, separates the DMZ from the LAN by filtering traffic between the DMZ and the LAN. Another security gateway that filters traffic from external networks protects the default DMZ server (BasuMallick, 2022). It is best placed between two firewalls, and the DMZ firewall configuration guarantees that incoming network packets are examined by a firewall—or other security tools—before they reach the servers housed in the DMZ. This implies that even if a clever attacker gets past the initial firewall, they must also get access to the hardened services in the DMZ before they can cause harm to a firm (BasuMallick, 2022). If an attacker is successful in breaching the external firewall and compromising a system in the DMZ, they must then breach an internal firewall before getting access to critical business data. A competent bad actor may be able to infiltrate a protected DMZ, but the resources within it should sound alarms that offer ample warning that a breach is taking place (BasuMallick, 2022).

Advantage of using DMZ:

The fundamental advantage of a DMZ is that it adds an additional security layer to an internal network by restricting access to critical data and servers. A DMZ allows website visitors to access specific services while acting as a barrier between them and the organization's private network. As a result, the DMZ provides additional security advantages, such as: o Enabling access control: Businesses can give consumers with access to services outside of their network's boundaries through the public internet. The DMZ allows access to these services while also employing network segmentation to make it more difficult for unauthorized users to get access to the private network. A proxy server may be included 19 | P a g e

in a DMZ, which centralizes internal traffic flow and facilitates monitoring and recording of that traffic (Vajda, 2022) o Prevents network reconnaissance - A DMZ network allows a corporation to safely access critical internet services. It works as a go-between, preventing attackers from performing reconnaissance to find possible targets. If a DMZ system is compromised, the internal firewall protects the private network while making external monitoring impossible. As a result, compromising a single network node does not affect the entire system (Vajda, 2022) o Blocking Internet Protocol (IP) spoofing: Attackers try to obtain access to systems by spoofing an IP address and impersonating an authorized device connected to a network. A DMZ can detect and thwart such attempts while another service checks the authenticity of the IP address. The DMZ also allows network segmentation to establish a zone for traffic organization and access to public services apart from the internal private network (Vajda, 2022).

What is a Static IP?

A static IP address is one that is associated with the player structure and does not vary over time, as opposed to an address obtained from a DHCP server. This IP type will be replaced with IP dynamic (subject to change). Static IP addresses are typically assigned to organizations or corporations so that many individuals may access them. Static IP addresses are now assigned to devices such as routers, phones, desktop computers, and laptops.

Why Use static IP:

A static IP address makes it easier to work remotely using a Virtual Private Network (VPN) or other remote access programs. More reliable communication: Static IP addresses make it easier to use Voice over Internet Protocol (VoIP) for teleconferencing or other voice and video communications.

Advantage of a Static IP by (Roor, 2021) :

20 | P a g e