ASM 1: SECURITY (BTEC), Assignments of Computer Security

You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the too

Typology: Assignments

2021/2022
On special offer
30 Points
Discount

Limited-time offer


Uploaded on 06/12/2022

KhoaLd
KhoaLd 🇻🇳

4.9

(53)

13 documents

1 / 38

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Higher Nationals in Computing
Unit 5: Security
ASSIGNMENT 1
Assessor name: NGUYEN NGOC TU
Learner’s name: LE DONG KHOA
ID: GCS200218
Class: GCS0904A
Subject code: 1623
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
Discount

On special offer

Partial preview of the text

Download ASM 1: SECURITY (BTEC) and more Assignments Computer Security in PDF only on Docsity!

Higher Nationals in Computing

Unit 5: Security

ASSIGNMENT 1

Assessor name: NGUYEN NGOC TU

Learner’s name: LE DONG KHOA

ID: GCS

Class: GCS0904A

Subject code: 16 23

ASSIGNMENT 1 FRONT SHEET Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name LE DONG KHOA Student ID GCS Class GCS0904A Assessor name NGUYEN NGOC TU Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

Assignment Brief 1 (RQF) Higher National Certificate/Diploma in Computing Student Name/ID Number: Le Dong Khoa/GCS Unit Number and Title: Unit 5: Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1st, 2021 Submission Date: Internal Verifier Name: Date: Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission ● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor. ● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/. ● Remember to convert the word file into PDF file before the submission on CMS. Note: ● The individual Assignment must be your own work, and not copied by or from another student. ● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style.

● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this requirement will result in a failed assignment. Unit Learning Outcomes: LO1 Assess risks to IT security. LO 2 Describe IT security solutions. Assignment Brief and Guidance: Assignment scenario You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. Tasks In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:

  • Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences
  • Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach.
  • Propose a method that FIS can use to prioritize the management of different types of risk
  • Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
  • Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show through examples how different techniques can be implemented to improve network security.
  • Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine how it can be part of a security system used by FIS.

Contents Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences (P1)

  1. What is threat(computer)? ................................................................................................................... 1
  2. Identify threats agents to organizations ............................................................................................... 2
  3. Type of threats that organizations will face ........................................................................................ 4
  4. What are the recent security breaches? Examples with dates. The consequences of this breach and solutions to organizations ........................................................................................................................... 9 Task 2 - Describe organisational security procedures (P2)
  5. What is security procedures............................................................................................................... 16
  6. Three organisational security procedures .......................................................................................... 16 Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)
  7. Definition – Policy – Usage – Advantaged of Firewall ..................................................................... 18
  8. How a firewall provide security to a network with diagrams ........................................................... 20
  9. Define IDS, its usage and with diagrams examples .......................................................................... 22
  10. Threat-risk of firewall and IDS incorrect configuration to the network ........................................... 24 Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4)
  11. DMZ................................................................................................................................................... 25
  12. Static IP .............................................................................................................................................. 27
  13. NAT ................................................................................................................................................... 28 References .................................................................................................................................................... 30

1

Assignment

Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences (P1)

1. What is threat(computer)?

A computer threat is a term that relates to the security of a computer system being compromised. This threat can lead to cyber-attacks and data being stolen, lost or edited. The threat could be caused by poor information security practices or a ‘backdoor’ in the code of the system. Examples of computer threats include botnets, unethical hacking, ransomware, DoS attacks.

3

  • Terrorists and Hacktivists Similarly to the threat posed by nation states, the amount of threat posed by these actors is dependent on your actions. However, some terrorists choose to target certain sectors or nations, so you may face a constant fear of a random assault. The Wikileaks dumps of diplomatic cables and other documents linked to the combat in Iraq and Afghanistan in 2010 are perhaps the most prominent example of this.
  • Organised crime Criminals are targeting personal data for a number of different reasons; credit card fraud, identity theft, bank account fraud and so on. These crimes are now being perpetrated on an industrial scale. Methodologies vary from phishing attacks to ‘Watering Hole’ websites, but the end result is the same; you and your data are being extracted and used for nefarious means. According to the Credit Industry Fraud Avoidance (Cifas) 2018 Fraudscape report, the number of identity frauds increased once again in 2017, with almost 175,000 cases recorded. Although this was only a 1% increase compared with 2016, it’s a 125% increase compared with 10 years ago and 95% of these cases involved the impersonation of an innocent victim.
  • Natural disasters Whilst not a cyber attack, these events can have the same net effect to your ability to do business. If you cannot access your offices, data centres, or files stored on the cloud, then you are still experiencing a data disaster, and this must be taken into account. In the UK the threat of earthquake is very low, but every year we see pictures of a town or city under water.
  • Corporates The threat from a competitor stealing your intellectual property is obvious, but we are increasingly working with many partner organisations to fill gaps in skills and resources, or simply to provide services. These partner companies may steal, or reveal, your intellectual property, or the personal data you are storing, either unwittingly, or maliciously, depending on their motives. The attack on the US retailer Target in 2013 is perhaps the best example of how partner organizations may be the source of a breach. The hackers targeted (pardon the pun!!) suppliers and discovered a weak link with Fazio Mechanical, an HVAC contractor. The hackers gained access to Target's point-of-sale systems by

4 sending a phishing email to a Fazio employee. This allowed them access to up to 40 million credit and debit cards from customers who visited its stores throughout the holiday season of 2013. Target has spent more than $200 million on this.

3. Type of threats that organizations will face

3.1. Computer Viruses A virus is a software program that can spread from one computer to another computer or one network to another network without the user’s knowledge and performs malicious attacks. It has capability to corrupt or damage organization’s sensitive data, destroy files, and format hard drives. How does a virus attack? There are different ways that a virus can be spread or attack, such as: ▪ Clicking on an malicious executable file ▪ Installing free software and apps ▪ Visiting an infected and unsecured website ▪ Clicking on advertisement ▪ Using of infected removable storage devices, such USB drives ▪ Opening spam email or clicking on URL link ▪ Downloading free games, toolbars, media players and other software. 3.2. Trojans Horse Trojan horse is a malicious code or program that developed by hackers to disguise as legitimate software to gain access to organization’s systems. It has designed to delete, modify, damage, block, or some other harmful action on your data or network.

6 This type of threats monitor your internet activity, tracking your login credentials, and spying on your sensitive information. So, every organization or individual should take an action to prevent from spyware by using anti-virus, firewall and download software only from trusted sources. How does Spyware install? It can be automatically installs itself on your computer or hidden component of software packages or can be install as traditional malware such as deceptive ads, email and instant messages. 3.5. Worm Computer worm is a type of malicious software or program that spreads within its connected network and copies itself from one computer to another computer of an organization. How does worm spreads? It can spread without any human assistance and exploit the security holes of the software and trying to access in order to stealing sensitive information, corrupting files and installing a back door for remote access to the system.

7 3.6. Denial-of-Service (DoS) Attacks Denial-of-Service is an attack that shut down a machine or network or making it inaccessible to the users. It typically flooding a targeted system with requests until normal traffic is unable to be processed, resulting in denial-of-service to users. How does DoS attack? ▪ It occurs when an attacker prevents legitimate users from accessing specific computer systems, devices or other resources. ▪ The attacker sends too much traffic to the target server ▪ Overloading it with traffic and the server is overwhelmed, which causes to down websites, email servers and other services which connect to the Internet. 3.7. Phishing Phishing is a type of social engineering attack that attempt to gain confidential information such as usernames , passwords , credit card information, login credentials, and so more. How does Phishing attack? ▪ In a phishing email attack, an attacker sends phishing emails to victim’s email that looks like it came from your bank and they are asked to provide your personal information. ▪ The message contains a link, which redirects you to another vulnerable website to steal your information. ▪ So, it is better to avoid or don’t click or don’t open such type of email and don’t provide your sensitive information.

9 3.10. Malware Malware is software that typically consists of program or code and which is developed by cyber attackers. It is types of cyber security threats to organizations which are designed to extensive damage to systems or to gain unauthorized access to a computer. How does malware attack? ▪ There are different ways that a malware can infect a device such as it can be delivered in the form of a link or file over email and it requires the user to click on that link or open the file to execute the malware. ▪ This type of attack includes computer viruses, worms, Trojan horses and spyware.

4. What are the recent security breaches? Examples with dates. The consequences
of this breach and solutions to organizations

4.1 What is security breaches? A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms. Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a

10 burglar; the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away. Confidential information has immense value. It's often sold on the dark web; for example, names and credit card numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security breaches can cost companies huge amounts of money. On average, the bill is nearly $4m for major corporations. It's also important to distinguish the security breach definition from the definition of a security incident. An incident might involve a malware infection, DDOS attack or an employee leaving a laptop in a taxi, but if they don't result in access to the network or loss of data, they would not count as a security breach. 4.2 Examples 4.2. 1. Yahoo Date: August 2013 Impact: 3 billion accounts Securing the number one spot – almost seven years after the initial breach and four since the true number of records exposed was revealed – is the attack on Yahoo. The company first publicly announced the incident – which it said took place in 2013 – in December 2016. At the time, it was in the process of being acquired by Verizon and estimated that account information of more than a billion of its customers had been accessed by a hacking group. Less than a year later, Yahoo announced that the actual figure of user accounts exposed was 3 billion. Yahoo stated that the revised estimate did not repr esent a new “security issue” and that it was sending emails to all the “additional affected user accounts.” Despite the attack, the deal with Verizon was completed, albeit at a reduced price. Verizon’s CISO Chandra McMahon said at the time: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats. Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.” After investigation, it was discovered that, while the attackers accessed account information such as security questions and answers, plaintext passwords, payment card and bank data were not stolen. 4.2.2. Alibaba Date: November 2019 Impact: 1.1 billion pieces of user data Over an eight-month period, a developer working for an affiliate marketer scraped customer data, including usernames and mobile numbers, from the Alibaba Chinese shopping website, Taobao, using

12 4.2.5. Facebook Date: April 2019 Impact: 533 million users In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public internet. The information related to more than 530 million Facebook users and included phone numbers, account names, and Facebook IDs. However, two years later (April 2021) the data was posted for free, indicating new and real criminal intent surrounding the data. In fact, given the sheer number of phone numbers impacted and readily available on the dark web as a result of the incident, security researcher Troy Hunt added functionality to his HaveIBeenPwned (HIBP) breached credential checking site that would allow users to verify if their phone numbers had been included in the exposed dataset. “I’d never planned to make phone numbers searchable,” Hunt wrote in blog post. “My position on this was that it didn’t make sense for a bunch of reasons. The Facebook data changed all that. There’s over 500 million phone numbers but only a few million email addresses so >99% of people were getting a miss when they should have gotten a hit.” 4.3 Consequences 4.3. 1. Financial Loss The financial impact of a data breach is undoubtedly one of the most immediate and hard-hitting consequences that organisations will have to deal with. According to a recent study by the Ponemon Institute, the cost of a data breach has risen 12% over the past five years to £3.2m on average globally. Costs can include compensating affected customers, setting up incident response efforts, investigating the breach, investment into new security measures, legal fees, not to mention the eye-watering regulatory penalties that can be imposed for non-compliance with the GDPR (General Data Protection Regulation). Organisations in breach of the GDPR can be fined up to 4% of annual global turnover or 20 Million Euros (whichever is greater). If organisations are under any illusion that these financial penalties will not be enforced, the recent fines imposed on British Airways and Marriot have highlighted just how seriously the ICO intends to take GDPR violations. A breach can also significantly impact a company’s share price and valuation. This is exactly what happened to Yahoo after it was breached in 2013. The breach came to light in 2016 when the company was about to be bought over by US telecoms company Verizon. The acquisition went ahead with the company buying Yahoo for a discounted rate of $4.48 billion, around $350 million less than the original asking price.

13 4.3.2. Reputational Damage The reputational damage resulting from a data breach can be devastating for a business. Research has shown that up to a third of customers in retail, finance and healthcare will stop doing business with organisations that have been breached. Additionally, 85% will tell others about their experience, and 33.5% will take to social media to vent their anger. News travels fast and organisations can become a global news story within a matter of hours of a breach being disclosed. This negative press coupled with a loss in consumer trust can cause irreparable damage to the breached company. Consumers are all too aware of the value of their data and if organisations can’t demonstrate that they have taken all the necessary steps to protect this data, they will simply leave and go to a competitor that takes security more seriously. Reputational damage is long-lasting and will also impact an organisation’s ability to attract new customers, future investment and new employees to the company. 4.3.3. Operational Downtime Business operations will often be heavily disrupted in the aftermath of a data breach. Organisations will need to contain the breach and conduct a thorough investigation into how it occurred and what systems were accessed. Operations may need to be completely shut down until investigators get all the answers they need. This process can take days, even weeks, depending on the severity of the breach. This can have a huge knock-on effect on revenue and an organisation’s ability to recover. According to Gartner, the average cost of network downtime is around $5,600 per minute. This equates to around $300,000 per hour. This will obviously differ depending on the size of organisation and the industry affected, but clearly, it can have a devastating impact and significantly affect business productivity. 4.3. 4. Legal Action Under data protection regulations, organisations are legally bound to demonstrate that they have taken all the necessary steps to protect personal data. If this data is compromised, whether it’s intentional or not, individuals can seek legal action to claim compensation. There has been a huge increase in class action lawsuits in both the US and UK as victims seek monetary compensation for the loss of their data. Equifax’s 2017 data breach affected more than 145 million people worldwide and the company has paid out more than $700 million in compensation to affected US customers. The breach affected an estimated 15