





































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
assignment 1 security and security
Typology: Study notes
1 / 45
This page cannot be seen from the preview
Don't miss anything!






































Security Assignment No.
Assignment Brief 1 (RQF) Higher National Certificate/Diploma in Computing Student Name/ID Number: Nguyễn Hoài Nam Unit Number and Title: Unit 5: Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1st, 2021 Submission Date: Internal Verifier Name: Date: Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission
In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:
Learning Outcome Pass Merit Distinction LO1 P1 Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences. P2 Describe at least 3 organisational security procedures. M1 Propose a method to assess and treat IT security risks. D1 Investigate how a ‘trusted network’ may be part of an IT security solution. LO 2 P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS. P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security. M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
P2 Describe at least 3 organisational security procedures M1. Method to assess and treat IT security risks ..................................................................................................................................................... P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS P4. How different techniques can be implemented to improve network security 4.1. DMZ ................................................................................................................................................................................................................. 4.1.1. Definition of DMZ ..................................................................................................................................................................................... 4.1.2. How DMZ works ....................................................................................................................................................................................... 4.1.3. Real situation ........................................................................................................................................................................................... 4.2. Static IP ............................................................................................................................................................................................................ 4.2.1. Definition of static IP ............................................................................................................................................................................... 22 4.2.2. How static IP works .................................................................................................................................................................................. 4.2.3. Real situation ........................................................................................................................................................................................... 22
4.3. NAT – Network Address Translation .............................................................................................................................................................. 4.3.1. Definition of NAT ..................................................................................................................................................................................... 23 4.3.2. How NAT works ........................................................................................................................................................................................ 4.3.3. Real situation ........................................................................................................................................................................................... 24 M2. Three benefits of implement network monitoring systems with supporting reasons 2.1. Ensuring the system against hackers/attackers 2.2. Keeping educated without in-house staff ...................................................................................................................................................... 2.3. Advancing and checking the system ............................................................................................................ D1. How a ‘trusted network’ can be part of a security system ................................................ Conclusion Presentation – Slides ................................................................................................................................................................................................. 27 References .................................................................................................................................................................................................................. 30
FIGURE 18 SHOWING SECURITY AUTOMATION 26 FIGURE 19 INTRODUCTION - SLIDE 27 FIGURE 20 TEN COMMON SECURITY RISKS - SLIDE 28 FIGURE 21 COMPUTER VIRUS - SLIDE 28 FIGURE 22 ROGUE SECURITY SOFTWARE - SLIDE 28 FIGURE 23 TROJAN HORSE - SLIDE 29 FIGURE 24 SPYWARE AND ADWARE - SLIDE 30 FIGURE 25 COMPUTER WORM - SLIDE 30 FIGURE 26 DOS AND DDOS ATTACK - SLIDE 31 FIGURE 27 PHISHING - SLIDE 31 FIGURE 28 ROOTKIT - SLIDE 32 32 FIGURE 29 SQL INJECTION ATTACK - SLIDE FIGURE 30 MAN-IN-THE-MIDDLE ATTACKS - SLIDE 33 FIGURE 31 AN EXAMPLE OF PUBLICIZED SECURITY BREACH - SLIDE
34 FIGURE 32 DEFINITION OF SECURITY PROCEDURES - SLIDE 34 FIGURE 33 WHY SECURITY PROCEDURES ARE IMPORTANT - SLIDE 35 FIGURE 34 METHOD TO ACCESS AND TREAT IT SECURITY RISKS - SLIDE FIGURE 35 THE POTENTAIL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND THIRD-PARTY VPNS - SLIDE 35 FIGURE 36 DMZ - SLIDE 36 FIGURE 37 STATIC IP - SLIDE 36 FIGURE 38 NAT – NETWORK ADDRESS TRANSLATION - SLIDE 37 FIGURE 39 THE FIRST BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 37 FIGURE 40 THE SECOND BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 38 FIGURE 41 THE THIRD BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 38 FIGURE 42 A TRUSTED NETWORK - SLIDE 39 33
Assignment 1: Security Introduction They are everywhere and have become the most necessary thing in human life. These devices he world is involving critically. Nowadays, many electronic devices have been used by humans. are not only easy to use but also have many functions making life simpler. In the other hand, technology involved in the bad side. More and more security threads come up when people using the internet. Phone number, the web's history, even people's identity might be stolen for such purposes, etc. IT security is important because threads are not something to play with. They are harmful to computers or can bring great break down to organizations. With great awareness, NorthStar Secure carry the great mission in the field of security, provide high protection and prevent thief identity. As a trainee IT Security Specialist in NorthStar Secure, this report will include full details of IT security and ways to deal with it. LO1. Assess risks to IT security P1. Identify types of security risks to organizations.
Assignment 1: Security program is opened. Interestingly, viruses may contain directions that reason issues running from showing an irritating message to eradicating documents from a hard drive or making a computer crash over and again. In some particular cases, viruses will spread from one computer to others. ( Novetta Threat Research Group. (2016, February 24). Operation Blockbuster:
Assignment 1: Security Source: www.google.com Rogue security software is vindictive programming that deceives clients to accept there is a computer infection introduced on their PC or that their safety efforts are not cutting-edge. At that point, they offer to introduce or refresh clients' security settings. They'll either request that you download their program to evacuate the claimed infections, or to pay for an instrument. The two cases lead to real malware being installed on the computer. ( securitytrails.com ) 1.3. Trojan horses Figuratively, a "Trojan horse" alludes to fooling somebody into welcoming an assailant into a safely secured zone. In computing, it holds a fundamentally the same as importance — a Trojan horse, or "Trojan," is a malevolent piece of assaulting code or programming fooling clients into running it eagerly, by holing up behind a genuine program. ( securitytrails.com ) 1.4. Adware and spyware Spyware is a general term used to depict programming that furtively keeps an eye on clients by gathering data without their assent.
Assignment 1: Security
Assignment 1: Security Adware conveys promoting content in a way that is surprising and undesirable by the client. Once the adware malware moves toward becoming installed, it regularly shows promoting pennants, popup advertisements, or opens new internet browser windows aimlessly interims ( searchsecurity.techtarget.com ) 1.5. Computer worm Figure 6 Showing symbolic of computer worm Source: www.google.com Computer worms are bits of malware programs that imitate rapidly and spread starting with one computer then onto the next. A worm spreads from a tainted computer by sending itself to the majority of the computer's contacts, at that point promptly to the contacts of others. Interestingly, they are not constantly intended to cause hurt; there are worms that are made just to spread. Transmission of worms is additionally regularly done by misusing programming vulnerabilities. ( securitytrails.com ) 1.6. DOS and DDOS assault A DoS assault is performed by one machine and its web association, by flooding a site with bundles and making it incomprehensible for genuine clients to get to the substance of the overflowed site. Luckily,
you can't generally over-burden a server with a solitary other server or a computer any longer. In the previous years, it hasn't been that normal in the event that anything, at that point by blemishes in the convention. Source: www.google.com A DDoS assault, or appropriated forswearing of-administration assault, is like DoS yet is progressively powerful. It's harder to conquer a DDoS assault. It's propelled from a few computers, and the number of computers included can run from only a few them to thousands or significantly more. Since almost certainly, not those machines have a place with the aggressor, they are undermined and added to the assailant's system by malware. These computers can be circulated around the whole globe, and that system of traded off computers is known as a botnet. Since the assault originates from such a large number of various IP addresses all the while, a DDoS assault is considerably harder for the unfortunate casualty to find and safeguard against. ( securitytrails.com ) 1.7. Phishing Phishing is a strategy for social designing with the objective of acquiring delicate information, for example, passwords, usernames, Mastercard numbers.