IT Security Risks and Solutions: A Comprehensive Guide for Junior Staff - Prof. Tran Trong, Assignments of Security Analysis

The document to talk about some knowledge of Security!

Typology: Assignments

2021/2022

Uploaded on 11/22/2022

phan-minh-tien-fgw-dn
phan-minh-tien-fgw-dn 🇻🇳

4.7

(12)

47 documents

1 / 56

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 SECURITY
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
Date Received 1st submission
Re-submission Date
Date Received 2nd submission
Student Name
Phan Minh Tiến
Student ID
GCD201914
Class
GCD1001
Assessor name
Trần Trọng Minh
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Tiến
Grading grid
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38

Partial preview of the text

Download IT Security Risks and Solutions: A Comprehensive Guide for Junior Staff - Prof. Tran Trong and more Assignments Security Analysis in PDF only on Docsity!

ASSIGNMENT 1 SECURITY

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5 : Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Phan^ Minh Tiến^ Student ID GCD

Class GCD1001 Assessor name Trần Trọng Minh

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice.

Student’s signature Tiến

Grading grid

P1 P2 P3 P4 M1 M2 D

❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:

INTRODUCTION

I work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS.

FIS works with medium-sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking in- house technical expertise. As part of my role, my manager Jonson has asked me to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. And below here is my work.

LO1 Assess risks to IT security

P1 Identify types of security threats to

organizations. Give an example of a recently

publicized security breach and discussed its

consequences.

I. Identify types of security to organization

What is a Security Threat?

Security risk is defined as a threat that might have an impact on organizational and computer systems. The source could be physical or someone snatching a piece of equipment that has priceless data. A viral attack is one example of a non-physical source for the problem. In this tutorial series, we will define a threat as a potential hacker attack that would provide them access to a computer network without authorization.

Figure 1: Security Threat

II. Threat that organization will faces

There are 5 threats basic that organization will be face include:

Malware attack Social engineering attack Network attack Application attack Internal attack

1. Malware attack: A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.

Viruses

 For a virus to infect a computer, the user must take some sort of action, like opening an application or reading an email.

Worms are usually distributed via e-mail attachments as separate executable programs. In many instances, reading the e-mail message starts the worm. If the worm does not start automatically, attackers can trick the user to start the program and launch the worm.

Trojan Horses

Figure 4: Trojan Horses

Programs that hide their true intent and then reveals themselves when activated might disguise themselves as free calendar programs or other interesting software.

Rootkit

Figure 5: Rootkit

A rootkit is a set of software tools used to hide the actions or presence of other types of software. Rootkits do this by changing the operating system to force it to ignore its malicious files or activity. Rootkits also hide or remove all traces of evidence that may reveal the malware, such as log entries

Spyware

Figure 6: Spyware

Spyware is a general term used to describe software that secretly spies on users by collecting information without their consent.

Adware

Figure 7: Adware

 A certain date being reached on the system calendar  A person’s rank in an organization dropping below a specified level Backdoor

Figure 10: Backdoor

The payload of some types of malware attempts to modify the system’s security settings so that more insidious attacks can be made. One type of malware in this category is called a backdoor. A backdoor gives access to a computer, program, or service that circumvents any normal security protections. Backdoors that are installed on a computer allow the attacker to return at a later time and bypass security settings.

2. Social engineering attack: Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks, or physical locations or for financial gain.

Threat actors use social engineering techniques to conceal their true identities and motives, presenting themselves as trusted individuals or information sources. The objective is to influence, manipulate or trick users into releasing sensitive information or access within an organization. Many social engineering exploits rely on people's willingness to be helpful or fear of punishment. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources.

Social engineering is a popular tactic among attackers because it is often easier to exploit people than it is to find a network or software vulnerability. Hackers will often use social engineering tactics as a first step in a larger campaign to infiltrate a system or network and steal sensitive data or disperse malware.

Baiting. An attacker leaves a malware-infected physical device, such as a Universal Serial Bus flash drive, in a place, it is sure to be found. The target then picks up the device and inserts it into their computer, unintentionally installing the malware. Phishing. When a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing financial or personal information or clicking on a link that installs malware. Spear phishing. This is like phishing, but the attack is tailored to a specific individual or organization. Vishing. Also known as voice phishing, vishing involves the use of social engineering over the phone to gather financial or personal information from the target. Whaling. A specific type of phishing attack, a whaling attack targets high-profile employees, such as the chief financial officer or chief executive officer, to trick the targeted employee into disclosing sensitive information.

3. Network Attack: A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of stealing data or performing other malicious activity.

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on the system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.

Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn’t provide direct benefits for attackers. For some of them, it’s enough to have the satisfaction of service denial. However, if the attacked resource belongs to a business competitor, then the benefit to the attacker may be real enough. Another purpose of a DoS attack can be to take a system offline so that a different kind of attack can be launched. One common example is session hijacking, which I’ll describe later.

TCP SYN flood attack

In this attack, an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker’s device floods the target system’s small in-process queue with connection requests, but it does not respond when the target system replies to those requests. This causes the target system to time out while waiting

Figure 11: Zombie and botnet Software that enables remote control of the infected machine by an attacker is one of the most widely used payloads of malware today carried by Trojans, worms, and viruses. The term "zombie" refers to this infected robot (bot) computer. A botnet under the command of the attacker (bot herder) is formed when hundreds of thousands or even hundreds of thousands of zombie machines are assembled into a logical computer network. Zombified computers that have been infected are waiting for orders from the bot herders on which computers to attack and how to do so through a command and control (C&C or C2) framework. The Hypertext Transport Protocol is a typical botnet command and control technique used today (HTTP). By automatically logging into a website that the bot herder manages, a zombie can get its orders. A third-party website that contains information posted on it that the zombie can interpret as orders is another approach to get instructions. Some botnets also employ blogs, tweets on the social networking site Twitter, or Facebook notes to transmit specially coded attack directives.

Man-in-the-middle (MITM) attack

A MITM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks:

Session hijacking

In this type of MITM attack, an attacker hijacks a session between a trusted client and a network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client

IP Spoofing

IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.

Replay

A replay attack occurs when an attacker intercepts and saves old messages and then tries to send them later, impersonating one of the participants. This type can be easily countered with session timestamps or nonce (a random number or a string that changes with time).

4. Application attack: An application attack consists of cyber criminals gaining access to

unauthorized areas. Attackers most commonly start with a look at the application layer, hunting for application vulnerabilities written within code. Though attacks target certain programming languages more than others, a wide range of applications representing various languages receive attacks: .NET, Ruby, Java, Node.js, Python, and many more. Vulnerabilities are found in both custom code and open- source frameworks and libraries.

Injection. As the all-time favorite category of application attacks, injections let attackers modify a back-end statement of command through unsanitized user input. Moynihan takes us through several examples of SQL injections, and he ends up making the application spit out the entire user table, including passwords. Broken Authentication and Session Management. Brazeau discusses several types of programming flaws that allow attackers to bypass the authentication methods that are used by an application. Cross-Site Scripting. Cross-site scripting is a type of vulnerability that lets attackers insert Javascript into the pages of a trusted site. By doing so, they can completely alter the contents of the site to do their bidding — for example, they could send the user’s credentials to some evil server. Insecure Direct Object References. In this video, Fitz-Gerald takes us through a demo of another vicious attack: path traversal. This type of insecure direct object reference allows attackers to obtain data from the server by manipulating file names. You’ll see how Fitz-Gerald patiently downloads file by file until the gets the whole database. Sensitive Data Exposure. This category deals with a lack of data encryption in transport and at rest. If your Web applications do not properly protect sensitive data, such as credit cards or authentication credentials, attackers can steal or modify the data to conduct credit card fraud, identity theft, or other crimes.

V. Solution for Security Breach of Sina Weibo Application

 Enable MFA and review MFA settings to ensure coverage over all active, internet facing protocols.  Review password policies to ensure they align with the latest NIST guidelines and deter the use of easy-to-guess passwords.  Review IT helpdesk password management related to initial passwords, password resets for user lockouts, and shared accounts. IT helpdesk password procedures may not align to company policy, creating an exploitable security gap.  Many companies offer additional assistance and tools the can help detect and prevent password spray attacks, such as the Microsoft blog released on March 5, 2018.

P2 Describe at least 3 organizational security

procedures.

Encrypt data information

This is the first step in the information system security process. Nowadays, you are familiar with reading newspapers, buying goods, and trading via the Internet. All online activities on the network have the potential for data and information security. One of the answers to this problem is to encrypt important data. Listening to encryption sounds complicated and we don't really care about this. You can actually use encryption software to do this. Security Box would like to nominate 1 software that is True Crypt. It will effectively protect the data in the computer and external hard drive. Without knowing the password, no one will be able to gain access to your data when it is successfully encrypted.

Figure 12: Encrypt data information Use strong passwords

In the second step of the information system security process, the data encryption in step 1 will be meaningless if hackers know your password and easily steal data. Use strong password, use a very long password including letters, numbers, special characters. Here are some tools that will help you create a strong password that even a large attack can be difficult to crack. Tools for creating strong passwords include:

 PC Tools Random Password Generator  Strong Password Generator  GRC Ultra High Security Password Generator

However, sometimes using strong passwords will make it harder for you to remember. The solution is to use Last Pass. This tool will help you manage your passwords in the safest and most effective way.

2-step verification