Download IT Security Risks and Solutions and more Summaries Computer science in PDF only on Docsity!
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 08/03/2024 Date Received 1st submission 11/03/ Re-submission Date Date Received 2nd submission Student Name PHAM VIET ANH Student ID BD Class SE06203 Assessor name NGUYEN BAO QUOC Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Viet Anh Grading grid
P1 P2 P3 P4 M1 M2 D
❒ Summative Feedback: ❒ Resubmission Feedback:
Grade: Assessor Signature: Date: Internal Verifier’s Comments: Signature & Date:
ASSURANCE
I declare that this is my work, based on my research, and that I have recognized all materials and sources utilized in its production, including books, papers, reports, lecture notes, and any other type of document, electronic or personal communication. I further declare that I have not previously submitted this assignment for assessment in any other unit, except where explicit permission has been granted by all unit coordinators involved, or at any other time in this unit, and that I h ave not duplicated or stolen ideas from the work of others in any way. Declaration of the learner: I verify that the work I've submitted for this assignment is all my own, and that all research sources have been properly credited. Signature of the student: Date: Viet Anh
TABLE OF CONTENT
INTRODUCTION
Protection of information and data has become crucial for both individuals and organizations in the age of digitization. The need for research and development of efficient cyber security solutions is important given that the basis of cyber assaults—the disclosure of account and personal information—as well as complicated types of attacks. Assuring the security of the systems, data, and applications in the network environment is a key responsibility of the information security discipline in the field of information technology. This course aims to prepare students with the in-depth information and abilities required to counter increasingly sophisticated and varied cyberthreats. ▪ This report consists of the following chapters: ▪ LO1: Assess risks to IT security
- Discuss types of security risks to organizations (P1)
- Assess organizational security procedures (P2) ▪ LO2 Describe IT security solutions
- Discuss the potential impact to IT security of incorrect configuration of firewall policies and third party VPNs (P3)
- Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve network security (P4)
CHAPTER 1: ASSESS RISKS TO IT SECURITY (LO1)
1. Identify types of security threat to organizations (P1)
Information technology risk, commonly known as IT risk or cyber risk, encompasses all potential hazards associated with the use of information technology. With the emergence of the knowledge economy and the Digital Revolution, organizations have increasingly relied on information and IT infrastructure. Consequently, any events or circumstances that compromise IT systems could detrimentally impact the organization's functioning or objectives, ranging from minor disruptions to severe consequences. (Risk to IT, 2023) Figure 1: Information technology risk Let's delve into the various dangers organizations encounter, spanning a spectrum of specific threats to their systems and data, including:
- Ransomware: Malicious software that blocks users from accessing their private data or computer systems and demands payment to restore access.
- Unauthorized Intruders: Individuals or groups who illicitly penetrate computer systems to gain access or manipulate data.
- DDoS assaults involve multiple computers inundating a website or network with excessive traffic, potentially causing system downtime. In one instance, AWS thwarted a large DDoS attack leveraging CLDAP web servers, a common tactic. However, details about the specific target remained undisclosed. A cybersecurity breach can lead to various negative outcomes, such as:
- Financial repercussions: This includes potential expenses for ransom payments or the need to fund recovery efforts.
- Harm to reputation and trustworthiness: When cybersecurity is compromised, it can tarnish an entity's image, leading to the loss of clients, partners, and investors.
- Disruption to operations: Breaches may disrupt normal business activities, causing a decline in revenue and profits.
- Violation of privacy: Such incidents can lead to the exposure of sensitive personal or financial data. 1.2 Suggest solutionsto organizations
- To avoid those bad things happening, companies can use different ways to keep safe from online dangers: Solution Description Employee Awareness and Training Notify staff about cybersecurity risks and best practices, advising against opening files from unfamiliar sources, clicking on suspicious links, or sharing personal data. Endpoint Security Protecting Devices for Email To recognize and block phishing communications, use powerful email filters. To prevent bogus emails, use email authentication techniques (DMARC,DKIM, SPF). Data Recovery and Backup Ensure that all devices are equipped with dependable antivirus and security software. Regularly update both software and hardware to incorporate the latest security patches.
Plan for Responding to Network Security Incidents Make regular copies of crucial data to a safe location. Create a plan for promptly restoring data in the event of a ransomware attack. MFA, or multi-factor authentication Safeguard your network with firewalls, detection systems, and proactive measures. Restrict access and segment the network to deter potential attackers. regular security testing and checks Develop a comprehensive cybersecurity incident response plan. Regularly review and update this strategy to ensure its effectiveness. Employee Awareness and Training For greater security, use various methods to verify your identity while logging into crucial programmersandwebsites Endpoint Security Protecting Devices for Email Regular security checks and testing help identify vulnerabilities and weaknesses within your system. Table 1: Suggest solutionsto organizations
2. Assess organizational security procedures (P2)
In today's technological landscape, information security stands as a paramount concern for all companies. Typically, organizations implement several crucial measures to ensure security and safeguard sensitive data. In our view, three indispensable techniques are commonly employed to enhance and uphold data and system security. 2.1 Access management ITIL The Information Technology Infrastructure Library (ITIL) comprises guidelines aimed at aiding businesses in effectively managing and improving their IT services. Access management, as delineated within the ITIL framework, refers to the process of ensuring that designated IT resources and services are exclusively utilized by authorized users, while concurrently thwarting unauthorized access attempts by individuals lacking proper authorization (McGregor, 2022).
- Access Revocation or Restriction: Access is revoked when no longer necessary, and based on the user's status and circumstances, access may be restricted or terminated.
- For instance , consider a digital library system containing member information and the library's book catalogue. To safeguard against unauthorized access and ensure only authorized staff and librarians can manage the digital library resources, the library might implement an ITIL Access Management process. Evaluate ITIL access management processes in improving or providing security for the organization:
- The system follows strict procedures, essentially rules, to guarantee that only individuals with proper authorization can utilize different IT services. Our aim is to ensure that employees only access what is essential for their job tasks. By adhering to this principle, the business stands to enhance both its safety and productivity.
- Moreover, the system actively monitors IT services to identify any instances of misuse. In order to uphold security standards, access may be revoked from individuals engaging in improper behavior. This measure serves to protect the business by preventing sensitive information from being compromised. Besides, access rights management can be combined with 2FA and MFA: 2.1.1 Two-factor authentication (2FA):
- Two-factor authentication (2FA) is a security measure designed to enhance account security by requiring identity verification during login.
- Advantages: 2FA enhances security by adding an additional layer to access systems. Without a specific item tied to the user, such as their cellphone, access to the account is impossible even if the password is known. 2.1.2 Multi-factor authentication (MFA):
- Multi-factor authentication (MFA) enhances security measures by requiring users to provide multiple forms of identification for login or other transactions. It utilizes various types of authentications sourced from different categories of credentials. MFA typically combines two or more distinct identification factors: biometric verification (such as fingerprints or facial recognition) and possession of something (like a security token or password).
- Benefits of MFA include its ability to greatly impede unauthorized access attempts. By integrating multiple authentication techniques and adding layers of security, MFA substantially heightens the difficulty for attackers to breach systems. In many cases, it renders intrusion attempts extremely challenging or even impossible. Figure 3: 2FA – MFA
- The statement evaluates the effectiveness of two security measures, 2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication), in defending organizational accounts and data. It suggests that while both are powerful and efficient, MFA is often considered more sophisticated due to its use of multiple authentication factors. Additionally, it implies that MFA is particularly suitable for businesses with highly sensitive data or stringent security needs. This evaluation is generally accurate.
- Power and Efficiency: Both 2FA and MFA indeed enhance security by requiring additional verification beyond just a password. By requiring multiple factors for authentication, they add layers of protection, making unauthorized access more difficult.
- Sophistication: MFA typically involves more than two factors for authentication, such as something the user knows (password), something they have (security token), and
▪ Step 3: Recovery, Elimination, and Containment
- Take immediate action upon discovering an issue to prevent further damage.
- Assess the severity of the problem, the importance of affected services, and estimate the time needed for resolution.
- Stop malicious activities and restore compromised systems, removing malware and resetting credentials.
- Resume normal operations promptly after ensuring the threat has been neutralized to prevent future disruptions. ▪ Step 4: Post-event Activities
- Learn from past incidents and improve incident response plans, policies, and processes accordingly.
- Incorporate lessons learned into future incident management strategies to enhance readiness.
- Example: In the e-commerce sector, a business faces a DDoS attack inundating its website with fake traffic. Following NIST cybersecurity recommendations, the response team swiftly limits access and reinforces security measures upon detecting the attack. After halting the attack, they restore systems and data from backups. Subsequently, they analyze the attack to enhance early detection and response capabilities for future DDoS attacks. Evaluate the implementation of the cybersecurity incident response process for improving or providing security to the organization:
- Early Threat Detection: Incident response protocols facilitate the early identification and assessment of cybersecurity threats. This proactive approach enables the organization to avert serious harm by taking appropriate measures promptly. By detecting threats early, potential damage can be minimized or even prevented altogether.
- Quick Reaction: Having a defined incident response procedure in place allows the organization to react swiftly to security incidents. This rapid response reduces the window of opportunity for attackers, mitigating the likelihood of additional attacks and limiting potential damage. Quick reaction times are crucial in containing incidents and minimizing their impact on operations.
- Protecting Critical Data: The incident response process ensures the protection of critical organizational data from theft or unauthorized access. By promptly addressing security incidents, the organization can prevent sensitive information from being compromised. This helps maintain the integrity, confidentiality, and availability of essential data, safeguarding the organization's reputation and trust.
- Identifying and Assessing Risks: Regular tracking and examination of cybersecurity incidents enable organizations to identify and assess risks effectively. By analyzing incidents, organizations gain insights into vulnerabilities and weaknesses in their security systems. This information allows them to prioritize security enhancements and implement measures to address identified risks, thereby strengthening overall security posture. Overall, the implementation of cybersecurity incident response processes contributes significantly to enhancing the organization's security posture by enabling early threat detection, facilitating quick reactions, protecting critical data, and identifying and assessing risks effectively. 2.3 The security awareness training process
- Professionals frequently utilize security awareness training to protect their organizations against security incidents brought on by human error. In order to provide staff members or members with the knowledge, abilities, and awareness regarding information security, security awareness training must be implemented. Figure 4: Security awareness training
▪ STEP 7: Implement Explicit Policy Guidelines: Develop simple, easy-to-follow policy documents to improve security. Supervisors should distribute various policy documents, including email and security rules, to ensure staff members understand and agree to adhere to these directives. The process of implementing security awareness training offers numerous important benefits to organizations in enhancing and delivering security:
- Boost Awareness: Employees and organization members who undergo training gain a better understanding of security threats and the necessary countermeasures. They become more adept at identifying security threats and taking appropriate action to mitigate risks.
- Reduce Risks: Well-trained employees are more capable of spotting and preventing breaches, cyberattacks, and security vulnerabilities. This significantly reduces the likelihood of data loss or financial damages resulting from security incidents.
- Boost Productivity: Employees who receive security training are less likely to be preoccupied with potential security threats, allowing them to focus more effectively on their tasks. This increased sense of security can lead to improved confidence and productivity in the workplace.
- Lower Post-Intrusion Recovery Costs: Investing in security training can lead to lower costs associated with post-intrusion cleanup and recovery efforts. This may include expenses related to data recovery, incident investigation, and managing the aftermath of security incidents.
CHAPTER 2: DESCRIBE IT SECURITY SOLUTIONS. (LO2)
3. Discuss the potential impact to IT security of incorrect configuration of firewall
policies and third-party VPNs (P3)
3.1 Firewall
- Firewalls indeed play a crucial role in information technology security by acting as a barrier between a trusted internal network (such as a company's private LAN) and untrusted external networks like the public Internet. Here's a breakdown of key aspects related to firewalls:
- Regulating Network Traffic: Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules. These rules define which types of traffic are allowed or blocked based on factors like IP addresses, port numbers, protocols, and application types.
- Firewall Policy: The firewall policy comprises a set of rules and guidelines established by an organization to manage and secure network traffic effectively. This policy dictates how the firewall should handle various types of traffic to ensure that only authorized connections are allowed while unauthorized or potentially harmful traffic is blocked. Figure 5: FireWall