BTEC Level 5 HND Diploma in Computing - Unit 5: Security Assignment, Exams of Computer Security

BTEC Level 5 HND Diploma in Computing

Typology: Exams

2021/2022

Uploaded on 03/05/2022

ty-phu-ha
ty-phu-ha 🇻🇳

4.7

(3)

2 documents

1 / 36

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 18/02/2022
Date Received 1st
submission
18/02/2022
Re-submission Date
26/02/2022
Date Received 2nd
submission
26/02/2022
Student Name HA TY PHU Student ID GCC19055
Class GCC0901 Assessor name LE HUYNH QUOC BAO
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24

Partial preview of the text

Download BTEC Level 5 HND Diploma in Computing - Unit 5: Security Assignment and more Exams Computer Security in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 18/02/2022 Date Received 1st submission 18/02/ Re-submission Date 26/02/2022 Date Received 2nd submission 26/02/ Student Name HA TY PHU Student ID GCC Class GCC0901 Assessor name LE HUYNH QUOC BAO Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

Submission Format The submission is in the form of two documents/files:

  1. A ten-minute Microsoft® PowerPoint® style presentation to be presented to your colleagues. The presentation can include links to performance data with additional speaker notes and a bibliography using the Harvard referencing system. The presentation slides for the findings should be submitted with speaker notes as one copy.
  2. A detailed report that provides more thorough, evaluated or critically reviewed technical information on all of the topics. You are required to make use of the font Calibri, Font size 12, Line spacing 1.5, Headings, P aragraphs , S ubsections and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Unit Learning Outcomes LO1 Assess risks to IT security. LO2 Describe IT security solutions. Assignment Brief and Guidance You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:
  3. Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences
  4. Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach.
  5. Propose a method that FIS can use to prioritize the management of different types of risk
  6. Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
  7. Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show

Contents

  • discuss its consequences (P1)...................................................................................................................................... I. Identify types of security threat to organizations. Give an example of a recently publicized security breach and
      1. Definition of network security threats:................................................................................................................
      1. Solutions for organizations when attacked:.......................................................................................................
  • II. Describe at least 3 organizational security procedures (P2):.................................................................................
      1. Definition of security procedures:......................................................................................................................
    1. Describe at least organizational security procedures:...........................................................................................
    • a. Acceptable Use Policy (AUP):.............................................................................................................................
    • b. Access Control Policy (ACP):...............................................................................................................................
    • c. Information Security Policy (ISP):.......................................................................................................................
  • III. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS(P3):...............
      1. Briefly firewall and policies, its usage and advantages in a network..................................................................
      1. How does a firewall provides a security to a network.......................................................................................
      1. Diagrams the example of how firewall works....................................................................................................
      1. Define IDS, its usage, show with diagrams examples.........................................................................................
      1. The potential impact (Threat-Risk) of FIREWALL and IDS incorrect configuration to the network....................
  • Network Security(P4):................................................................................................................................................ IV. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
      1. What is a Demilitarized Zone Network?.............................................................................................................
      1. Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage......
      1. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage............
  • References.................................................................................................................................................................

I. Identify types of security threat to organizations. Give an example of a recently publicized security breach and discuss its consequences (P1).

1. Definition of network security threats:

A computer system threat is anything leading to loss or corruption of data or physical damage to the hardware or infrastructure. A network security threats are an effort to obtain illegal admission to your organization’s network, taking your data without your knowledge, or execute other malicious pursuits. Your network security is at risk or vulnerable if or when there is a weakness or vulnerability within your computer network. Security threat is defined as a risk that which can potentially harm computer systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack. (HSEWatch, 2021) There are 2 main types of security threats: physical threats and non-physical threat.  A physical threat: A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems. A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems. The following list classifies the physical threats into three (3) main categories: o Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware, etc. o External: These threats include Lightning, floods, earthquakes, etc. o Human: These threats include theft, vandalism of the infrastructure or hardware, disruption, accidental or intentional errors. To protect computer systems from the above-mentioned physical threats, an organization must have physical security control measures. o Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out a fire. The unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room. o External: Lightning protection systems can be used to protect computer systems against such attacks. Lightning protection systems are not 100% perfect, but to a certain extent, they reduce the chances of Lightning causing damage. Housing computer systems in high lands are one of the possible ways of protecting systems against floods.

o Clicking on advertisement. o Using of infected removable storage devices, such USB drives. o Opening spam email or clicking on URL link. o Downloading free games, toolbars, media players and other software.  TROJANS HORSE Trojan horse is a malicious code or program that developed by hackers to disguise as legitimate software to gain access to organization’s systems. It has designed to delete, modify, damage, block, or some other harmful action on your data or network. HOW DOES TROJANS HORSE ATTACK? The victim receives an email with an attachment file which is looking as an original official email. The attachment file can contain malicious code that is executed as soon as when the victim clicks on the attachment file. In that case, the victim does not suspect or understand that the attachment is actually a Trojan horse.  ADWARE Adware is a software program that contains commercial and marketing related advertisements such as display advertisements through pop-up windows or bars, banner ads, video on your computer screen. Its main purpose is to generate revenue for its developer (Adware) by serving different types advertisements to an internet user. HOW DOES ADWARE ATTACK? When you click on that type of advertisements then it redirects you to an advertising website and collect information from to you. It can be also used to steal all your sensitive information and login credentials by monitoring your online activities and selling that information to the third party.  SPYWARE Spyware is unwanted types of security threats to organizations which installed in user’s computer and collects sensitive information such as personal or organization’s business information, login credentials and credit card details without user knowledge.

This type of threats monitors your internet activity, tracking your login credentials, and spying on your sensitive information. So, every organization or individual should take an action to prevent from spyware by using anti-virus, firewall and download software from trusted sources. HOW DOES SPYWARE INSTALL? It can be automatically installs itself on your computer or hidden component of software packages or can be install as traditional malware such as deceptive ads, email and instant messages.  WORM Computer worm is a type of malicious software or program that spreads within its connected network and copies itself from one computer to another computer of an organization. HOW DOES WORM SPREADS? It can spread without any human assistance and exploit the security holes of the software and trying to access in order to stealing sensitive information, corrupting files and installing a back door for remote access to the system.  DENIAL-OF-SERVICE (DOS) ATTACKS Denial-of-Service is an attack that shut down a machine or network or making it inaccessible to the users. It typically flooding a targeted system with requests until normal traffic is unable to be processed, resulting in denial-of-service to users. HOW DOES DOS ATTACK? It occurs when an attacker prevents legitimate users from accessing specific computer systems, devices or other resources. The attacker sends too much traffic to the target server Overloading it with traffic and the server is overwhelmed, which causes to down websites, email servers and other services which connect to the Internet.  PHISHING

Malware is software that typically consists of program or code and which is developed by cyber attackers. It is types of cyber security threats to organizations which are designed to extensive damage to systems or to gain unauthorized access to a computer. HOW DOES MALWARE ATTACK? There are different ways that a malware can infect a device such as it can be delivered in the form of a link or file over email and it requires the user to click on that link or open the file to execute the malware. This type of attack includes computer viruses, worms, Trojan horses and spyware.  RANSOMWARE Ransomware is type of security threats that blocks to access computer system and demands for bitcoin in order to access the system. The most dangerous ransomware attacks are WannaCry, Petya, Cerber, Locky and CryptoLocker etc. HOW DOES RANSOMWARE INSTALL? All types of threats typically installed in a computer system through the following ways: o When download and open a malicious email attachment. o Install an infected software or apps. o When user visit a malicious or vulnerable website. o Click on untrusted web link or images.  DATA BREACH A data breach is a security threat that exposes confidential or protected information and the information is accessed from a system without authorization of the system’s owner. The information may involve sensitive, proprietary, or confidential such as credit card numbers, customer data, trade secrets etc.  ZERO DAY ATTACK Zero-day attack is the application based cyber security threats which is unknown security vulnerability in a computer software or application. When an organization going to launch an application, they don’t what types of vulnerability is there? HOW DOES ZERO DAY ATTACK?

When the patch has not been released or the software developers were unaware of or did not have sufficient time to fix the vulnerability of the application. If the vulnerability is not solved by the developer, then it can effect on computer programs, data, or a network.  CARELESS EMPLOYEES OF ORGANIZATION Employees are the greatest security risk for any organization, because they know everything of the organizations such as where the sensitive information is stored and how to access it. In addition to malicious attacks, careless employees are other types of cyber security threats to organizations. (gruru99, 2021) Example of a recently publicized security breach and discuss its consequences. Sina Weibo Date: March 2020 Impact: 538 million accounts Details: With over 500 million users, Sina Weibo is China’s answer to Twitter. However, in March 2020 it was reported that the real names, site usernames, gender, location, and -- for 172 million users -- phone numbers had been posted for sale on dark web markets. Passwords were not included, which may indicate why the data was available for just ¥1,799 ($250). Weibo acknowledged the data for sale was from the company, but claimed the data was obtained by matching contacts against its address book API. It also said that since doesn't store password s in plaintext, users should have nothing to worry about. This, however, doesn’t tally as some of the information being offered such as location data, isn’t available via the API. The social media giant said it had notified authorities about the incident and China’s Cyber Security Administration of the Ministry of Industry and Information Technology said it is investigating.

designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish an end result. Once implemented, security procedures provide a set of established actions for conducting the security affairs of the organization, which will facilitate training, process auditing, and process improvement. Procedures provide a starting point for implementing the consistency needed to decrease variation in security processes, which increases control of security within the organization. Decreasing variation is also a good way to eliminate waste, improve quality, and increase performance within the security department. (B.V, 2021)

2. Describe at least organizational security procedures:

a. Acceptable Use Policy (AUP):

An AUP stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the corporate network or the internet. It is standard onboarding policy for new employees. They are given an AUP to read and sign before being granted a network ID. It is recommended that and organizations IT, security, legal and HR departments discuss what is included in this policy. An AUP stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the corporate network or the internet. It is standard on boarding policy for new employees. They are given an AUP to read and sign before being granted a network ID. It is recommended that and organizations IT, security, legal and HR departments discuss what is included in this policy.

b. Access Control Policy (ACP):

The ACP outlines the access available to employees in regards to an organization’s data and information systems. Some topics that are typically included in the policy are access control standards such as NIST’s Access Control and Implementation Guides. Other items covered in this policy are standards for user access, network access controls, operating system software controls and the complexity of corporate passwords. Additional supplementary items often outlined include methods for monitoring how corporate systems are accessed and used; how unattended workstations should be secured; and how access is removed when an employee leaves the organization.

c. Information Security Policy (ISP):

An organization’s information security policies are typically high-level policies that can cover a large number of security controls. The primary information security policy is issued by the company to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines. I have seen organizations ask employees to sign this document to acknowledge that they have read it

(which is generally done with the signing of the AUP policy). This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the corporate information and IT assets (Hayslip, 2018)

c. Change Management Policy:

A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers.

d. Business Continuity Plan (BCP):

The BCP will coordinate efforts across the organization and will use the disaster recovery plan to restore hardware, applications and data deemed essential for business continuity. BCP’s are unique to each business because they describe how the organization will operate in an emergency. III. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS(P3):

1. Briefly firewall and policies, its usage and advantages in a network.

What is a Firewall There are basically two types of Firewalls. They are software and hardware Firewall. A firewall is a software or hardware that filters all network traffic between your computer, home network, or company network and the internet. As shown in figure 1 the firewall usually sits between a private network and a public network or the internet. As shown in figure 1 a firewall is kept in the boundary of the privet network and the public network or internet. Firewall Policies Firewall policies allow you to block or allow certain types of network traffic not specified in a policy exception. A policy also defines which firewall features get enabled or disabled. Assign a policy to one or multiple firewall profiles. OfficeScan comes with a set of default policies, which you can modify or delete. With Active Directory integration and role-based administration, each user role, depending on the permission, can create, configure, or delete policies for specific domains.

All default and user-created firewall policies display on the firewall policy list on the Web console. Uses of Firewall Firewall is an essential component in the system. It can be present in any form, software, hardware or as a cloud computing mechanism. The following are the uses of a firewall that must be understood by a user to guard her/his system. a) Prevents the Passage of Unwanted Content There’s no limitation to bad and unwanted content over the internet. Such unwanted content can easily penetrate the system unless a strong firewall is in place. Most of the operating systems will have a firewall that will effectively take care of undesired and malignant content from the internet. Whenever a new system is employed for use, it must be checked by the user if a firewall exists or not, and if not, then the third-party firewall can be installed. b) Prevents Unauthorized Remote Access Today, in the world, numerous unethical hackers are there, who are making constant efforts to acquire access to vulnerable systems. The ignorant user is never aware of who can access his system. A strong firewall prevents any sort of possibility of a prospective unethical hacker getting remote access into a system. Such remote access is purely unauthorized and can be intended for destructive purposes too. A strong firewall is necessary to protect your data, your transactions, etc. for enterprises a leakage of confidential data and information means a tremendous loss and failure. When it comes to understanding the importance of firewalls to prevent unauthorized remote accesses, the example of banking organizations and national level security agencies comes to one’s mind. c) Prevents Indecent Content The extensive web of the internet has exposed people, especially the adolescent and youth, to immoral content. This content has been spreading its nefarious nexus very fast. With changing trends and lifestyles, such content is harming the minds of youngsters. Given this situation, it becomes extremely important on the part of the guardians to ensure that such content is prevented in their computer systems. Exposure to any sort of content involving obscene can prove harmful to young minds resulting in strange behaviors and immoral conduct. A strong firewall protects the computer systems by preventing the entry of immoral and indecent content, and thus allows parents to keep their children safe. d) Guarantees Security Based on Protocol and IP Address The hardware firewalls are useful for examining traffic activities based on a certain protocol. Whenever a connection gets established, right from the beginning to the end, a track of activities is kept that helps to keep the system protected.

Network Address Translation (NAT) is a type of firewall that effectively protects systems from those which are outside the network to which they belong. As a result, the IP address of these systems is visible only in their network thus keeping them separated and safe. e) Protects Seamless Operations in Enterprises Nowadays, organizations have become heavily reliant on enterprise software and systems. Decentralized distribution systems coupled with the accessibility of data anywhere across the entire geographical presence is enabling the authorized stakeholders to use and work upon the data for successful business operations. Using credentials, a user can log in to his system from any system within the network. However, given such a vast network system and huge data, having a strong firewall in place is imperative, and the firewall is the most important component in imparting security to all these aspects. Without effective firewalls, it would be very difficult for organizations to have such seamless operations and the activities would be badly hampered. f) Protects Conversations and Coordination Contents Organizations that are into service industries have to constantly interact with third-party clients. As a part of various projects, they keep sharing relevant content with the client and internal teams. Moreover, it just not the contents, but they interact with internal and external stakeholders through meetings, interviews, discussions, and chats. Almost all the content from theses coordination activities is confidential and must be protected effectively and no organization can simply afford the cost of leakage of such important content. Firewall guards the systems effectively and allows a secured and safe flow of information imparting a sense of confidence to the stakeholders. g) Prevents Destructive Content from Online Videos and Games Watching online videos and playing online games has become fairly common nowadays. Numerous sites allow users to watch movies, and some of them also let them download movies. Similarly, a plethora of sites allows playing and downloading games. Barring a few known sites, not all sites guarantee the security of access. And often there’s a huge change of destructive content in the form of malware and virus trying to penetrate the user’s system. A firewall must be present in the system as it keeps the user’s system protected from possible malware attacks through online games or videos. The malware attacks through the sites offering online games and videos often go unrecognized as users are so excited about the games or movies that they intend to explore over the internet. However, it is always good to consult a systems specialist and get it checked if an effective and strong firewall either in the form of software or hardware, whichever suitable exists in the system. Moreover, for online video access and online game playing, one should familiarize oneself with requisite firewall settings to make effective firewall use. Advantages: Monitors Traffic

Proxy service A firewall proxy server is an application that acts as an intermediary between systems. Information from the internet is retrieved by the firewall and then sent to the requesting system and vice versa. Firewall proxy servers operate at the application layer of the firewall, where both ends of a connection are forced to conduct the session through the proxy. They operate by creating and running a process on the firewall that mirrors a service as if it were running on the end host, and thus centralise all information transfer for an activity to the firewall for scanning. Stateful inspection The most modern method of firewall scanning, that doesn't rely on the memory-intensive examination of all information packets is ‘stateful inspection’. A ‘stateful’ firewall holds significant attributes of each connection in a database of trusted information, for the duration of the session. These attributes, which are collectively known as the ‘state’ of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets being transferred. The firewall compares information being transferred to the copy relevant to that transfer held in the database – if the comparison yields a positive match the information is allowed through, otherwise it is denied.  Types of firewalls There are two types of firewalls: software and hardware. Figure 3.1: Firewalls Hardware firewalls are built into network devices such as routers and can protect every single machine on a network and require little configuration to work effectively. They use packet filtering techniques to examine the header of a packet, determining his source and destination and then, comparing the data to a set of predefined rules, they decide whether to drop the packet or forward it to the next step or to its destination. Software firewalls are the most popular network protection method for home users. They usually come as standalone applications or as part of a complete anti virus protection software, such as the one BullGuard provides. Besides providing protection for inbound and outbound

traffic, a software firewall can also protect against Trojan or Worm applications and allows various options of control over its functions and features. A reliable software firewall should run in the background of your computer and leave a small print on overall performance by using few of its resources. The firewall software must be regularly updated to keep up with the latest technological improvements and provide effective protection against the latest network attack tactics. BullGuard Internet Security includes a state-of-the-art firewall protection engine and provides security updated every 2 hours to ensure the safest online experience possible. You can try award-winning firewall protection from BullGuard for free by downloading the BullGuard Internet Security pack.

3. Diagrams the example of how firewall works

Figure 3.2: Diagram firewall

4. Define IDS, its usage, show with diagrams examples

What is an Intrusion Detection System? An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system. Some IDS’s are capable of responding to detected intrusion upon discovery. These are classified as intrusion prevention systems (IPS). IDS Detection Types There is a wide array of IDS, ranging from antivirus software to tiered monitoring systems that follow the traffic of an entire network. The most common classifications are: Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic.