ASM1 Security FPT Comunity, Study notes of Network security

this is an exercise on security subject of btec fpt college in hanoi

Typology: Study notes

2022/2023

Uploaded on 04/05/2023

haianh1123
haianh1123 🇻🇳

3 documents

1 / 46

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
ASSIGNMENT 1 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security Presentation
Submission date
08/03/2023
Date Received 1st
submission
Re-submission Date
Date Received 2nd
submission
Student Name
Nguyen Hai Anh
Student ID
BH00125
Class
IT0502
Assessor name
Le Van Thuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Anh
Grading grid
P1
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e

Partial preview of the text

Download ASM1 Security FPT Comunity and more Study notes Network security in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Presentation Submission date 08 /0 3 /2023 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Nguyen Hai Anh Student ID BH Class IT0502^ Assessor name Le Van Thuan Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Anh Grading grid

P1 P2 P3 P4 M1 M2 D

Table of Contents

A. Introduction

Organizational and network security are critically important in today's digital age, where virtually all organizations rely heavily on technology and electronic data to carry out their operations. The consequences of a security breach can be severe, ranging from financial losses, damage to reputation, loss of sensitive data, and even legal liabilities. Therefore, implementing effective security measures is essential for ensuring the safety and continuity of an organization's operations. My report will be focused on network security. In particular, it involves four parts that require you to:

  • Identify different types of security threats that organizations may face. This likely involves researching and understanding the various ways that malicious actors can attempt to compromise an organization's information and systems. And I give an example of a recently publicized security breach and discuss its consequences.
  • Describe at least three security procedures that organizations can use to help protect themselves from these threats. This may involve discussing things like access control, encryption, and regular backups
  • Identify the potential impact on IT security that can result from incorrect configuration of firewall policies and intrusion detection systems (IDS). This may involve examining how misconfigured security measures can leave an organization vulnerable to attack or result in false positives/negatives.
  • Show, using examples, how implementing a DMZ (demilitarized zone), static IP, and NAT (network address translation) can improve network security. This may involve discussing the specific benefits of each of these measures and how they can work together to create a more secure network.

B. Body

1. Identify types of security threat to organisations (P1) - Definition of Risks, Threats:  Security Risks: Security risk is the likelihood that a threat can exploit a vulnerability to cause harm to a system or data of an organization. Security risks are often assessed by calculating factors such as likelihood, impact, severity, and the ability to prevent.  Security Threats: Security threat is a potential risk to the system or data of an organization. Security threats can include insider or outsider attacks, vulnerabilities or impersonation actions. These threats can cause serious consequences for an organization, including data loss, monetary loss, reputational damage, or violation of information security regulations. - Security risk groups: 1.1. Malware:

Figure 1 Malware is malicious software that can cause harm or malicious code to your computer. This is software created by hackers and hackers to destroy or steal user information for a certain purpose. In the process of using the Internet, the following actions can expose you to Malware:  Accessing malicious websites, downloading Malware-infected games, music files, installing toolbars/software from unknown vendors, opening malicious email attachments or unscanned downloads by security software.  Mistakenly downloading malicious apps disguised as legitimate apps, warning messages when installing apps, especially when the app asks for permission to access email or personal information.  Download apps from untrusted sources.  Accidentally installed additional software that came with the application containing Malware.  Not using security programs is also the reason that makes it easier for Malware to penetrate. When your device is infected with Malware, you may notice the following signs:  The computer runs slow, the operating system's processing speed decreases whether you are navigating the Internet or just using local applications.

Figure 2 Common types of computer viruses:Computer Virus Hijacker (Specializing in browser attacks): A common type of virus because it is often hidden in data files that are downloaded by users for free.  Macro Virus (File Spread): A virus that usually hides in files or files that Macro programs support.  Multipartite Virus: Almost all activities of this Virus will depend on the operating system that the user is using and they are capable of spreading in many different ways and facing a lot of difficulties to deal with. reason when encountered.  Scripting Virus (Web Virus): A type that appears in the programs used to display any web page that the user uses.

Memory virus: When unfortunately encountering this virus, it will be very difficult to fix, and even if it can be fixed, your data has been relatively affected. There are several ways a virus can attack and spread on a computer:  Access a website without a security certificate, less secure.  Exchange data through devices such as USB, hard drive.  Download software containing viruses.  Suspicious emails.  The software in use has security holes. There are several ways to prevent viruses from attacking and spreading on your computer:  Install anti-virus software.  Freeze the system.  Set usage rules.  Data backup. Some popular computer anti-virus software:  ESET Internet Security  ESET NOD32 Antivirus  Kaspersky Anti-Virus - 3 PC  Bitdefender Antivirus Plus  McAfee Antivirus Plus  Trend Micro Antivirus+ Security  Malwarebytes Premium  Kaspersky Anti-Virus  Webroot Secure Anywhere Antivirus  ESET NOD32 Antivirus  Norton Antivirus Plus  Avast Free Antivirus  Emsisoft Anti-Malware  Spyware Spyware is a type of malware designed to secretly observe device activity and send those observations to trackers. That data may be used to track your activity online, and that information may be sold to marketers. Spyware can also be used to steal personal

 Monitor your browsing habits  Email address Spyware can infiltrate a computer through a number of common techniques such as:Exploiting security holes: Spyware often enters through security flaws when downloading, opening strange links or attachments in emails; Malicious access to websites; Open trading software, documents, music files,... that contain Spyware.  In scam apps and websites: Hackers often create Spyware as useful tools for download: Internet accelerator, download manager, disk cleaner or solution.  Through Trojan, Adware and System monitor: penetrate devices through Trojan malware, sell data or serve to fraudulent advertisers, monitor your web browsing. There are several ways that prevent spyware on the computer:Always install and use a genuine anti-virus software: The appearance of an anti-virus software may cause us very little to see any malicious code detected or removed, but it helps us to avoid malicious code. prevent long-term threats and give us peace of mind when browsing the web or downloading software.  Policy development with PnP devices: With devices of this type: USB, CD/DVD, ... viruses can be used to execute without the user's permission.  Set rules for treating files: Do not open or download files of unknown origin, especially executable files (files with .exe, .dll, ...).  Safe web access: Do not visit the dark web, malicious websites, have unhealthy content, do not conveniently click on URLs from emails or chat content, on websites, etc. Websites and URLs like

these often contain malicious code and just wait for the user to click, it will automatically download, set up the settings for legal execution on the user's computer.  Update computers and software: Regularly update patches provided from the operating system, patches for applications in use and especially update anti-virus programs.

 Fully update vulnerability patches regularly with Windows computers, to prevent hackers from taking advantage of those vulnerabilities to infiltrate the computer.  Do not visit unsafe websites.  Do not open a link in an email unless you are confident that it comes from a legitimate source.  Do not download or install programs if you do not fully trust the publisher.  Never open a link in an email unless you know exactly what it is. Trojan anti-virus software:  Kaspersky Anti-virus  ESET Nod  AVG  Avast

Worm Worm is spread without user interaction. All that is needed is for the computer worm to work on the infected system. Before networks became widely used, computer worms spread through infected storage media, such as floppy disks, which, when mounted on a system, would infect other connected storage devices. with system. USB is still a popular vector for computer worms. Figure 5 How to prevent computer worms:  Keeping the operating system and all other software updates and patches up to date will help reduce the risk of newly discovered vulnerabilities.  Using a firewall will help reduce the possibility of malware entering the system.  Using anti-virus software will help prevent malware from running.  Be careful not to click on attachments, links in emails or other messaging apps that could expose the system to malware.  Encrypt files to protect sensitive data stored on computers, servers and mobile devices

For example, a login form is as follows: Figure7: Login form And your server handler code: if(isset($_POST['username']) && isset($_POST['password'])){ $sql = "SELECT * FROM tbl_user WHERE username='". $_POST['username']. "' AND password = '" .$_POST['password'] ."'"; } If the user doesn't type normally, but for example, they add an apostrophe ' or ", your code will immediately fail. Or they can fix it to a query that is always correct as follows. SELECT * FROM tbl_user WHERE username = '' OR '1' = '1' and password = '' OR '1' = '1' Or insert a query statement after: SELECT * FROM tbl_user WHERE username = 'admin' and password = 'admin'; Drop table users;

b) XSS Cross Site Scripting hacker will insert malicious code through scripts to execute them on Client side, XSS attacks are used to bypass access and impersonate users. The main purpose of this attack is to eat. Steal user's identity data such as: cookies, session tokens and other information. Figure 7 Example 1: a user enters a simple script like this: Figure 8 Then after pressing the “Search” button, the imported script will be executed.

Figure 10 Types of DDoS attacks:  A bandwidth attack uses traffic to flood the network layer. This type of attack is the most common form of DDoS attack. An example of a bandwidth attack is DNS amplification, which uses open DNS servers to flood a target with DNS response traffic.  The service disruption protocol attack by exploiting a weakness in the Layer 3 and Layer 4 protocol stacks. A SYN attack that consumes all available server resources is an example of this type. this type of attack.  Resource cascade attacks target web application packages and disrupt data transfers between servers. How to prevent DDoS attack:  Develop a denial-of-service strategy to help detect, prevent, and reduce DDoS attacks.  Identify vulnerabilities in security and assess potential threats to your setup.  Update any protection software or technology and make sure everything is working properly.  Introductory training for your team and assigning them roles in case of an attack.

b) Man-in-the-middle A man-in-the-middle attack occurs when someone is between two computers and has the ability to intercept traffic. This is a type of passive attack because the attacker can only be behind to eavesdrop on the information from the victim, but cannot interact in any way between the people exchanging information. Figure 11 How to prevent man-in-the-middle attack:  Install anti-virus software – this way you can avoid man-in-the-middle attacks based on installed malware.  Avoid public WiFi hotspots, especially when they are not password protected.  Sign out when you're done using a page that asks you to sign in.  Use a virtual private network (VPN) to conduct sensitive transactions and communications.  Set up your router by changing to static IP