Assessing and Mitigating IT Security Risks, Exercises of Computer Security

An in-depth analysis of various types of security threats to organizations, including viruses, worms, rootkits, and botnets. It discusses the potential impact of incorrect configuration of firewall policies and third-party vpns, and demonstrates how implementing techniques like dmz, static ip, and nat can improve network security. The document also covers it security risk assessment and management, including the identification of assets, threats, and vulnerabilities, as well as the selection and implementation of appropriate security controls. Additionally, it highlights the benefits of implementing a network monitoring system and the importance of keeping software up-to-date with security patches. Overall, this document serves as a comprehensive guide for organizations to assess and mitigate it security risks, ensuring the protection of their critical data and assets.

Typology: Exercises

2019/2020

Uploaded on 03/08/2023

alexsanderking
alexsanderking 🇻🇳

7 documents

1 / 38

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security
ASM1
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26

Partial preview of the text

Download Assessing and Mitigating IT Security Risks and more Exercises Computer Security in PDF only on Docsity!

Security

ASM

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Student ID

Class Assessor name

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that

making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D

Assignment Brief 1 (RQF) Higher National Certificate/Diploma in Computing Student Name/ID Number: Unit Number and Title: Unit 5: Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1st, 2021 Submission Date: Internal Verifier Name: Date:

Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission

● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor. ● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/. ● Remember to convert the word file into PDF file before the submission on CMS.

Note:

The individual Assignment must be your own work, and not copied by or from another student. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must

reference your sources, using the Harvard style. Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this requirement will result in a failed assignment.

Unit Learning Outcomes:

LO1 Assess risks to IT security. LO2 Describe IT security solutions. Assignment Brief and Guidance: Assignment scenario You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. Tasks In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:

 Identify the security threats FIS secure may face if they have a security breach. Give an example

of a recently publicized security breach and discuss its consequences

 Describe a variety of organizational procedures an organization can set up to reduce the effects

to the business of a security breach.

 Propose a method that FIS can use to prioritize the management of different types of risk

 Discuss three benefits to FIS of implementing network monitoring system giving suitable

reasons.

 Investigate network security, identifying issues with firewalls and IDS incorrect configuration

and show through examples how different techniques can be implemented to improve network

security.

 Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine

how it can be part of a security system used by FIS.

Your detailed report should include a summary of your presentation as well as additional, evaluated or critically reviewed technical notes on all of the expected topics.

Learning Outcomes and Assessment Criteria (Assignment 1): Learning Outcome Pass Merit Distinction LO1 P1 Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences. P2 Describe at least 3 organisational security procedures.

M1 Propose a method to assess and treat IT security risks.

D1 Investigate how a ‘trusted network’ may be part of an IT security solution.

LO 2 P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS. P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security.

M2 Discuss three benefits to implement network monitoring systems with supporting reasons.

Table of Contents

I. Introduction

In this document we will talk

about types of security risks to

organisations, describe

organizational security

procedure, Identify the potential

impact to IT security of

incorrect

configuration of firewall

policies and third-party VPNs

and Show, using an example for

each,

how implementing a DMZ,

static IP and NAT in a network

can improve Network Security.

In this document we will talk about types of security risks to organisations, describe

organizational security procedure, Identify the potential impact to IT security of incorrect

configuration of firewall policies and third-party VPNs and Show, using an example for each,

how implementing a DMZ, static IP and NAT in a network can improve Network Security.

II. Identify types of security risks to organisations......................................................................................

1. Viruses.............................................................................................................................................

A computer virus is a type of computer program that, when executed, replicates itself by

modifying other computer programs and inserting its own code. When this replication succeeds,

the affected areas are then said to be "infected" with a computer virus. Virus writers use social

engineering deceptions and exploit detailed knowledge of security vulnerabilities to initially

infect systems and to spread the virus. The vast majority of viruses target systems running

Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using

complex anti-detection/stealth strategies to evade antivirus software. Motives for creating viruses

can include seeking profit (e.g., with ransomware), desire to send a political message, personal

amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of

service, or simply because they wish to explore cybersecurity issues, artificial life and

evolutionary algorithms

4. Rootkit.............................................................................................................................................

A rootkit is a collection of computer software, typically malicious, designed to enable access to a

computer or an area of its software that is not otherwise allowed (for example, to an

unauthorized user) and often masks its existence or the existence of other software. The term

rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix-like

operating systems) and the word "kit" (which refers to the software components that implement

the tool). The term "rootkit" has negative connotations through its association with malware.

Rootkit installation can be automated, or an attacker can install it after having obtained root or

Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting

a known vulnerability (such as privilege escalation) or a password (obtained by cracking or

social engineering tactics like "phishing"). Once installed, it becomes possible to hide the

intrusion as well as to maintain privileged access. The key is the root or administrator access.

Full control over a system means that existing software can be modified, including software that

might otherwise be used to detect or circumvent it

5. Spyware.........................................................................................................................................

Spyware is a software that aims to gather information about a person or organization, sometimes

without their knowledge, and send such information to another entity without the consumer's

consent. Furthermore, spyware asserts control over a device without the consumer's knowledge,

sending confidential information to another entity with the consumer's consent, through cookies.

6. Adware..........................................................................................................................................

Adware, or advertising-supported software, is software that generates revenue for its developer

by automatically generating online advertisements in the user interface of the software or on a

screen presented to the user during the installation process. The software may generate two types

of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if

the user clicks on the advertisement. The software may implement advertisements in a variety of

ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some

other form.

other condition is met. This technique can be used by a virus or worm to gain momentum and

spread before being noticed.

Some viruses attack their host

systems on specific dates, such

as Friday the 13th or April

Fools'

Day. Trojans and other

computer viruses that activate

on certain dates are often called

"time

bombs".

To be considered a logic bomb,

the payload should be unwanted

and unknown to the user of the

software. As an example, trial

programs with code that

disables certain functionality

after a set

time are not normally regarded

as logic bombs.

Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools'

Day. Trojans and other computer viruses that activate on certain dates are often called "time

bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the

user of the software. As an example, trial programs with code that disables certain functionality

after a set time are not normally regarded as logic bombs.

9. Back doors.....................................................................................................................................

A backdoor is a typically covert method of bypassing normal authentication or encryption in a

computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a

cryptosystem, algorithm, chipset, or even a "homunculus computer" —a tiny computer-within-a-

computer such as that found in Intel's AMT technology).[1][2] Backdoors are most often used

for securing remote access to a computer, or obtaining access to plaintext in cryptographic

systems. From there it may be used to gain access to privileged information like passwords,

corrupt or delete data on hard drives, or transfer information within autoschediastic networks. A

backdoor may take the form of a hidden part of a program, a separate program (e.g. Back Orifice

may subvert the system through a rootkit), code in the firmware of the hardware, or parts of an

operating system such as Windows. Trojan horses can be used to create vulnerabilities in a

device. A Trojan horse may appear to be an entirely legitimate program, but when executed, it

changed by the user. Some

debugging features can also act

as backdoors if they are not

removed

in the release version.

Many systems that store information within the cloud fail to create accurate security measures. If

many systems are connected within the cloud, hackers can gain access to all other platforms

through the most vulnerable system. Default passwords (or other default credentials) can

function as backdoors if they are not changed by the user. Some debugging features can also act

as backdoors if they are not removed in the release version.

10.Zombie and botnet

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks (DOS attacks). Most owners of "zombie" computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

A botnet is a number of Internet-connected devices, each of which is running one or more bots.

Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data,

send spam, and allows the attacker to access the device and its connection. The owner can

control the botnet using command and control (C&C) software. The word "botnet" is a

combination of the words "robot" and "network". The term is usually used with a negative or

malicious connotation.

III. How to prevent security risks..............................................................................................................

1. Install Anti-Virus/Malware Software.............................................................................................

This tip may go without saying, and I almost just casually mentioned it in my opening paragraph.

However, I have seen many computers—especially home computers—that don’t have anti-

virus/malware protection. This protection is a must-have first step in keeping you computer virus

free.