Understanding IT Security Risks: Types, Impacts, and Prevention - Prof. Pham, Lecture notes of Compilers

An in-depth analysis of various IT security risks, their potential impacts, and methods to assess and treat them. Topics covered include rogue security software, organizational security procedures, firewall policies, VPNs, and network security techniques. The document also includes figures illustrating different types of malware and attacks.

Typology: Lecture notes

2018/2019

Uploaded on 10/01/2021

nam-nguyen-15
nam-nguyen-15 🇻🇳

5 documents

1 / 31

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
| P a g e
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
24/08/2021
Date Received 1st submission
24/08/2021
Re-submission Date
26/08/2021
Date Received 2nd submission
26/08/2021
Student Name
Nguyễn Hoài Nam
Student ID
GCS190817
Class
GCS0901
Assessor name
Van Ho
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.
Student’s signature
Nam
Grading grid
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f

Partial preview of the text

Download Understanding IT Security Risks: Types, Impacts, and Prevention - Prof. Pham and more Lecture notes Compilers in PDF only on Docsity!

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 24/08/2021 Date Received 1st submission 24/08/ Re-submission Date 26/08/2021 Date Received 2nd submission 26/08/ Student Name Nguyễn Hoài Nam Student ID GCS 190817 Class GCS 0901 Assessor name Van Ho Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Nam Grading grid P1 P2 P3 P4 M1 M2 D

  • Introduction Table of Contents
  • P1. Identify types of security risks to organizations
    • 1.1. Computer virus
    • 1.2. Rogue security software
    • 1.3. Trojan horses
    • 1.4. Adware and spyware
    • 1.6. DOS and DDOS assault
    • 1.7. Phishing
    • 1.8. Rootkit
    • 1.9. SQL Injection attack
    • 1.10. Man-in-the-middle attacks
  • *. An example of a recently publicized security breach
  • P2. Organisational security procedures
    • 2.1. Definition
    • 2.2. The Purpose of Security Procedures
  • M1. Method to assess and treat IT security risks
  • P3. Identify the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs
  • P4. How different techniques can be implemented to improve network security
    • 4.1. DMZ
      • 4.1.1. Definition of DMZ
      • 4.1.2. How DMZ works
      • 4.1.3. Real situation
    • 4.2. Static IP
      • 4.2.1. Definition of static IP
      • 4.2.2. How static IP works
      • 4.2.3. Real situation
    • 4.3. NAT – Network Address Translation
      • 4.3.1. Definition of NAT
      • 4.3.2. How NAT works
      • 4.3.3. Real situation
  • M2. Three benefits of implement network monitoring systems with supporting reasons
    • 2.1. Ensuring the system against hackers/attackers
    • 2.2. Keeping educated without in-house staff
    • 2.3. Advancing and checking the system
  • D1. How a ‘trusted network’ can be part of a security system
  • Conclusion
  • Presentation – Slides
  • References
  • FIGURE 1 SHOWING COMPUTER VIRUS TABLE OF FIGURES
  • FIGURE 2 SHOWING ROGUE SECURITY SOFTWARE
  • FIGURE 3 SHOWING SYMBOLIC OF TROJAN HORSE
  • FIGURE 4 SHOWING AN EXAMPLE OF SPYWARE - KEYLOGGER
  • FIGURE 5 SHOWING AN EXAMPLE OF ADWARE
  • FIGURE 6 SHOWING SYMBOLIC OF COMPUTER WORM
  • FIGURE 7 SHOWING HOW DOS AND DDOS ATTACKS
  • FIGURE 8 SHOWING COMPUTER PHISHING
  • FIGURE 9 DETAILS ROOTKIT
  • FIGURE 10 SHOWING ATTACK OVERVIEW OF SQL INJECTION ATTACK
  • FIGURE 11 SHOWING HOW MAN-IN-THE-MIDDLE ATTACKS WORK
  • FIGURE 12 ILLUTRATES THAT YAHOO! HAD BEEN HACKED
  • FIGURE 13 SHOWING HOW VPN WORKS
  • FIGURE 14 SHOWING DMZ NETWORK ARCHITECTURE
  • FIGURE 15 SHOWING THE DIFFERENCE BETWEEN DYNAMIC IP AND STATIC IP
  • FIGURE 16 SHOWING HOW NAT WORKS
  • FIGURE 17 SHOWING NETWORK ACCESS CONTROL
  • FIGURE 18 SHOWING SECURITY AUTOMATION
  • FIGURE 19 INTRODUCTION - SLIDE
  • FIGURE 20 TEN COMMON SECURITY RISKS - SLIDE
  • FIGURE 21 COMPUTER VIRUS - SLIDE
  • FIGURE 22 ROGUE SECURITY SOFTWARE - SLIDE
  • FIGURE 23 TROJAN HORSE - SLIDE
  • FIGURE 24 SPYWARE AND ADWARE - SLIDE
  • FIGURE 25 COMPUTER WORM - SLIDE
  • FIGURE 26 DOS AND DDOS ATTACK - SLIDE
  • FIGURE 27 PHISHING - SLIDE
  • FIGURE 28 ROOTKIT - SLIDE
  • FIGURE 29 SQL INJECTION ATTACK - SLIDE
  • FIGURE 30 MAN-IN-THE-MIDDLE ATTACKS - SLIDE
  • FIGURE 31 AN EXAMPLE OF PUBLICIZED SECURITY BREACH - SLIDE
  • FIGURE 32 DEFINITION OF SECURITY PROCEDURES - SLIDE
  • FIGURE 33 WHY SECURITY PROCEDURES ARE IMPORTANT - SLIDE
  • FIGURE 34 METHOD TO ACCESS AND TREAT IT SECURITY RISKS - SLIDE
  • FIGURE 35 THE POTENTAIL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND THIRD-PARTY VPNS - SLIDE
  • FIGURE 36 DMZ - SLIDE
  • FIGURE 37 STATIC IP - SLIDE
  • FIGURE 38 NAT – NETWORK ADDRESS TRANSLATION - SLIDE
  • FIGURE 39 THE FIRST BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE
  • FIGURE 40 THE SECOND BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE
  • FIGURE 41 THE THIRD BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE
  • FIGURE 42 A TRUSTED NETWORK - SLIDE

an irritating message to eradicating documents from a hard drive or making a computer crash over and again. In some particular cases, viruses will spread from one computer to others. ( Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report.) 1.2. Rogue security software Figure 2 Showing rogue security software Source: www.google.com Rogue security software is vindictive programming that deceives clients to accept there is a computer infection introduced on their PC or that their safety efforts are not cutting-edge. At that point, they offer to introduce or refresh clients' security settings. They'll either request that you download their program to evacuate the claimed infections, or to pay for an instrument. The two cases lead to real malware being installed on the computer. ( securitytrails.com ) 1.3. Trojan horses Figuratively, a "Trojan horse" alludes to fooling somebody into welcoming an assailant into a safely secured zone. In computing, it holds a fundamentally the same as importance — a Trojan horse, or "Trojan," is a malevolent piece of assaulting code or programming fooling clients into running it eagerly, by holing up behind a genuine program. ( securitytrails.com )

Figure 3 Showing symbolic of trojan horse 1.4. Adware and spyware Spyware is a general term used to depict programming that furtively keeps an eye on clients by gathering data without their assent. Figure 4 Showing an example of spyware - keylogger Source: www.google.com

Adware conveys promoting content in a way that is surprising and undesirable by the client. Once the adware malware moves toward becoming installed, it regularly shows promoting pennants, popup advertisements, or opens new internet browser windows aimlessly interims ( searchsecurity.techtarget.com ) 1.5. Computer worm Figure 6 Showing symbolic of computer worm Source: www.google.com Computer worms are bits of malware programs that imitate rapidly and spread starting with one computer then onto the next. A worm spreads from a tainted computer by sending itself to the majority of the computer's contacts, at that point promptly to the contacts of others. Interestingly, they are not constantly intended to cause hurt; there are worms that are made just to spread. Transmission of worms is additionally regularly done by misusing programming vulnerabilities. ( securitytrails.com )

1.6. DOS and DDOS assault A DoS assault is performed by one machine and its web association, by flooding a site with bundles and making it incomprehensible for genuine clients to get to the substance of the overflowed site. Luckily, you can't generally over-burden a server with a solitary other server or a computer any longer. In the previous years, it hasn't been that normal in the event that anything, at that point by blemishes in the convention. Source: www.google.com A DDoS assault, or appropriated forswearing of-administration assault, is like DoS yet is progressively powerful. It's harder to conquer a DDoS assault. It's propelled from a few computers, and the number of computers included can run from only a few them to thousands or significantly more. Since almost certainly, not those machines have a place with the aggressor, they are undermined and added to the assailant's system by malware. These computers can be circulated around the whole globe, and that system of traded off computers is known as a botnet. Figure 7 Showing how DoS and DdoS attacks

1.8. Rootkit A rootkit is a gathering of programming apparatuses that empowers remote control and organization level access over a computer or its systems. When remote access is acquired, the rootkit can play out various malignant activities; they come furnished with keyloggers, secret key stealers and antivirus disablers. Source: www.google.com Rootkits are introduced by stowing away in genuine programming: when people offer authorization to that product to make changes to their OS, the rootkit installs itself in their PC and trusts that the program will actuate it. Different methods for rootkit circulation incorporate phishing messages, malignant connections, documents, and downloading programming from suspicious sites. ( Microsoft. (n.d.). Secure the Windows 8.1 boot process. ) 1.9. SQL Injection attack SQL infusion assaults are intended to target information-driven applications by abusing security vulnerabilities in the application's product. They utilize the pernicious code to get private information, change and even decimate that information and can venture to void exchanges on sites. It has rapidly Figure 9 Details rootkit

turned out to be a standout amongst the most perilous security issues for information privacy. You can peruse more on the historical backdrop of SQL infusion assaults to all the more likely comprehend the danger it postures to cybersecurity. ( securitytrails.com ) Figure 10 Showing attack overview of SQL injection attack 1.10. Man-in-the-middle attacks Man-in-the-middle attacks are cybersecurity assaults that enable the aggressor to listen stealthily on the correspondence between two targets. It can tune in to correspondence which should, in typical settings, be private. ( www.imperva.com ) For instance, a man-in-the-center assault happens when the assailant needs to capture correspondence between individual An an individual B. Individual A sends their open key to individual B, however, the aggressor blocks it and sends a fashioned message to individual B, speaking to themselves as A, yet rather, it has the assailants open key. B trusts that the message originates from individual An and scrambles the message with the assailants open key, sends it back to A, yet aggressor again catches this Source: www.google.com

Figure 12 illutrates that Yahoo! had been hacked Source: www.google.com A few months after the fact, in December, it covered that prior record with the exposure that a rupture in 2013, by an alternate gathering of programmers had bargained 1 billion records. Other than names, dates of birth, email locations, and passwords that were not too ensured as those associated with 2014, security questions and answers were additionally traded off. In October of 2017, Yahoo amended that gauge, saying that, truth be told, every one of the 3 billion client records had been undermined. The ruptures thumped an expected $350 million off Yahoo's deal cost. Verizon, in the end, paid $4. billion for Yahoo's center Internet business. The understanding required the two organizations to share administrative and lawful liabilities from the ruptures. The deal did exclude a revealed interest in Alibaba Group Holding of $41.3 billion and a possession enthusiasm for Yahoo Japan of $9.3 billion. ( www.csoonline.com ) P2. Organisational security procedures. 2.1. Definition Security procedures are nitty gritty step-by-step guidelines on the most proficient method to execute, empower, or authorize security controls as listed from your association's security approaches. Security

procedures should cover the huge number of equipment and programming parts supporting your business forms just as any security-related business forms themselves. ( linfordco.com ) 2.2. The Purpose of Security Procedures The reason for security methods is to guarantee consistency in the usage of security control or execution of a security significant business process. They are to be pursued each time the control should be actualized or the security important business procedure pursued. Here is a similarity. As a feature of each flying machine flight, the pilot will pursue a pre-flight agenda. Basically, they do it to guarantee that the flying machine is prepared to fly and to do everything conceivable to guarantee a sheltered flight. Despite the fact that pilots may have flown a large number of hours, regardless they pursue the agenda. Following the agenda guarantees consistency of conduct every single time. Despite the fact that they may have executed the agenda many occasions, there is a hazard in depending on memory to execute the agenda as there could be some diversion that makes them overlook or disregard a basic advance. Much like pre-flight agendas, security methodology manages the individual executing the technique to a normal result. One model is server solidifying. Despite the fact that a framework head has manufactured and solidified many servers, the method to solidify the server still should be pursued to guarantee the server is solidified effectively and to a dimension that still permits operability with the arrangement of which it is a section. In the event that the solidifying method isn't pursued, the framework manager could forget a stage that outcomes in an inadmissible presentation of the server or information. The best choice is robotized the solidifying system through contents or other computerization devices. This will guarantee the steady execution of the solidifying "procedure." Every company running businesses over the world need to follow these policies and procedures:

  • Security policy
  • Human resources policy
  • Incident response policy Looking at Humans resources policy that personnel management can highly relate to security. This includes all pre-employment, employee maintenance, post-employment. Each employee plays an

LO2. Describe IT security solutions P3. Identify the potential impact to IT security of incorrect configuration of firewall policies and thirdparty VPNs. VPN represents Virtual Private Network which aides in averting the information break. It is a sort of the network which once empowered keeps the information that is shared over the system encoding. This the system builds up a safe association between the gadgets, on which the information is shared. Source: www.google.com A firewall can be characterized as a gadget that is introduced to monitor the traffic visiting or getting to the information, checking if the client is approved to get to the system or not. According to the guidelines set or structured, the firewall can permit or square unapproved clients from getting to the network. If the configuration is not corrected, there could be a security breach that may lead to the case that private file could be stolen. Potential impact to IT security: Figure 13 Showing how VPN works

  • There might lead to a data breach by creating a hole in the network and the third person could take advantage of that breach and steal the sensitive files
  • Desired traffic could not land it’s wanted destination.
  • The traffic reaches a destination it should have not reached. P4. How different techniques can be implemented to improve network security.

4.1. DMZ

4.1.1. Definition of DMZ In computer networks, a DMZ (demilitarized zone), is a physical or legitimate subnet that isolates a local area network (LAN) from other untrusted networks, generally the web. Outer confronting servers, assets, and administrations are situated in the DMZ. Along these lines, they are open from the web, yet the remainder of the interior LAN stays inaccessible. This gives an extra layer of security to the LAN as it confines the capacity of programmers to straightforwardly get to interior servers and information through the web. ( searchsecurity.techtarget.com ) 4.1.2. How DMZ works DMZs are planned to work as a kind of cushion zone between the open web and the organizational network. Conveying the DMZ between two firewalls implies that all inbound network parcels are screened utilizing a firewall or other security machine before they touch base at the servers the association has in the DMZ. This ought to be sufficient to hinder the most easygoing of risk on-screen characters. In the event that a superior arranged risk entertainer can get past the primary firewall, they should then increase unapproved access to those administrations before they can do any harm, and those frameworks are probably going to be solidified against such assaults.