assignment 1 security and security, Study notes of Combinatorics

assignment 1 security and security

Typology: Study notes

2019/2020

Uploaded on 10/07/2021

nam-nguyen-21
nam-nguyen-21 🇻🇳

4.9

(15)

10 documents

1 / 45

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Higher Nationals in Computing
Unit 9
Security
Assignment
No.1
Learner’s name: Nguyen Hoai Nam
Assessor name: Ho Hai Van
Class: GCS0901_NX
Learner’s ID: GCS190817
Subject’s ID: 1623
Assignment due: Assignment submitted: 24/8/2021
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d

Partial preview of the text

Download assignment 1 security and security and more Study notes Combinatorics in PDF only on Docsity!

Higher Nationals in Computing

Unit 9

Security Assignment No.

Learner’s name: Nguyen Hoai Nam

Assessor name: Ho Hai Van

Class: GCS0901_NX

Learner’s ID: GCS1908 17

Subject’s ID: 1623

Assignment due: Assignment submitted: 24/8/

Assignment Brief 1 (RQF) Higher National Certificate/Diploma in Computing Student Name/ID Number: Nguyễn Hoài Nam Unit Number and Title: Unit 5: Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1st, 2021 Submission Date: Internal Verifier Name: Date: Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission

In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:

  • Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences
  • Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach.
  • Propose a method that FIS can use to prioritize the management of different types of risk
  • Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
  • Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show through examples how different techniques can be implemented to improve network security.
  • Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine how it can be part of a security system used by FIS. Your detailed report should include a summary of your presentation as well as additional, evaluated or critically reviewed technical notes on all of the expected topics. Learning Outcomes and Assessment Criteria (Assignment 1):

Learning Outcome Pass Merit Distinction LO1 P1 Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences. P2 Describe at least 3 organisational security procedures. M1 Propose a method to assess and treat IT security risks. D1 Investigate how a ‘trusted network’ may be part of an IT security solution. LO 2 P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS. P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security. M2 Discuss three benefits to implement network monitoring systems with supporting reasons.

P2 Describe at least 3 organisational security procedures M1. Method to assess and treat IT security risks ..................................................................................................................................................... P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS P4. How different techniques can be implemented to improve network security 4.1. DMZ ................................................................................................................................................................................................................. 4.1.1. Definition of DMZ ..................................................................................................................................................................................... 4.1.2. How DMZ works ....................................................................................................................................................................................... 4.1.3. Real situation ........................................................................................................................................................................................... 4.2. Static IP ............................................................................................................................................................................................................ 4.2.1. Definition of static IP ............................................................................................................................................................................... 22 4.2.2. How static IP works .................................................................................................................................................................................. 4.2.3. Real situation ........................................................................................................................................................................................... 22

4.3. NAT – Network Address Translation .............................................................................................................................................................. 4.3.1. Definition of NAT ..................................................................................................................................................................................... 23 4.3.2. How NAT works ........................................................................................................................................................................................ 4.3.3. Real situation ........................................................................................................................................................................................... 24 M2. Three benefits of implement network monitoring systems with supporting reasons 2.1. Ensuring the system against hackers/attackers 2.2. Keeping educated without in-house staff ...................................................................................................................................................... 2.3. Advancing and checking the system ............................................................................................................ D1. How a ‘trusted network’ can be part of a security system ................................................ Conclusion Presentation – Slides ................................................................................................................................................................................................. 27 References .................................................................................................................................................................................................................. 30

FIGURE 18 SHOWING SECURITY AUTOMATION 26 FIGURE 19 INTRODUCTION - SLIDE 27 FIGURE 20 TEN COMMON SECURITY RISKS - SLIDE 28 FIGURE 21 COMPUTER VIRUS - SLIDE 28 FIGURE 22 ROGUE SECURITY SOFTWARE - SLIDE 28 FIGURE 23 TROJAN HORSE - SLIDE 29 FIGURE 24 SPYWARE AND ADWARE - SLIDE 30 FIGURE 25 COMPUTER WORM - SLIDE 30 FIGURE 26 DOS AND DDOS ATTACK - SLIDE 31 FIGURE 27 PHISHING - SLIDE 31 FIGURE 28 ROOTKIT - SLIDE 32 32 FIGURE 29 SQL INJECTION ATTACK - SLIDE FIGURE 30 MAN-IN-THE-MIDDLE ATTACKS - SLIDE 33 FIGURE 31 AN EXAMPLE OF PUBLICIZED SECURITY BREACH - SLIDE

34 FIGURE 32 DEFINITION OF SECURITY PROCEDURES - SLIDE 34 FIGURE 33 WHY SECURITY PROCEDURES ARE IMPORTANT - SLIDE 35 FIGURE 34 METHOD TO ACCESS AND TREAT IT SECURITY RISKS - SLIDE FIGURE 35 THE POTENTAIL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND THIRD-PARTY VPNS - SLIDE 35 FIGURE 36 DMZ - SLIDE 36 FIGURE 37 STATIC IP - SLIDE 36 FIGURE 38 NAT – NETWORK ADDRESS TRANSLATION - SLIDE 37 FIGURE 39 THE FIRST BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 37 FIGURE 40 THE SECOND BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 38 FIGURE 41 THE THIRD BENEFIT OF IMPLEMENT NETWORK MONITORING SYSTEMS - SLIDE 38 FIGURE 42 A TRUSTED NETWORK - SLIDE 39 33

Assignment 1: Security Introduction They are everywhere and have become the most necessary thing in human life. These devices he world is involving critically. Nowadays, many electronic devices have been used by humans. are not only easy to use but also have many functions making life simpler. In the other hand, technology involved in the bad side. More and more security threads come up when people using the internet. Phone number, the web's history, even people's identity might be stolen for such purposes, etc. IT security is important because threads are not something to play with. They are harmful to computers or can bring great break down to organizations. With great awareness, NorthStar Secure carry the great mission in the field of security, provide high protection and prevent thief identity. As a trainee IT Security Specialist in NorthStar Secure, this report will include full details of IT security and ways to deal with it. LO1. Assess risks to IT security P1. Identify types of security risks to organizations.

T

Assignment 1: Security program is opened. Interestingly, viruses may contain directions that reason issues running from showing an irritating message to eradicating documents from a hard drive or making a computer crash over and again. In some particular cases, viruses will spread from one computer to others. ( Novetta Threat Research Group. (2016, February 24). Operation Blockbuster:

Assignment 1: Security Source: www.google.com Rogue security software is vindictive programming that deceives clients to accept there is a computer infection introduced on their PC or that their safety efforts are not cutting-edge. At that point, they offer to introduce or refresh clients' security settings. They'll either request that you download their program to evacuate the claimed infections, or to pay for an instrument. The two cases lead to real malware being installed on the computer. ( securitytrails.com ) 1.3. Trojan horses Figuratively, a "Trojan horse" alludes to fooling somebody into welcoming an assailant into a safely secured zone. In computing, it holds a fundamentally the same as importance — a Trojan horse, or "Trojan," is a malevolent piece of assaulting code or programming fooling clients into running it eagerly, by holing up behind a genuine program. ( securitytrails.com ) 1.4. Adware and spyware Spyware is a general term used to depict programming that furtively keeps an eye on clients by gathering data without their assent.

Assignment 1: Security

Assignment 1: Security Adware conveys promoting content in a way that is surprising and undesirable by the client. Once the adware malware moves toward becoming installed, it regularly shows promoting pennants, popup advertisements, or opens new internet browser windows aimlessly interims ( searchsecurity.techtarget.com ) 1.5. Computer worm Figure 6 Showing symbolic of computer worm Source: www.google.com Computer worms are bits of malware programs that imitate rapidly and spread starting with one computer then onto the next. A worm spreads from a tainted computer by sending itself to the majority of the computer's contacts, at that point promptly to the contacts of others. Interestingly, they are not constantly intended to cause hurt; there are worms that are made just to spread. Transmission of worms is additionally regularly done by misusing programming vulnerabilities. ( securitytrails.com ) 1.6. DOS and DDOS assault A DoS assault is performed by one machine and its web association, by flooding a site with bundles and making it incomprehensible for genuine clients to get to the substance of the overflowed site. Luckily,

you can't generally over-burden a server with a solitary other server or a computer any longer. In the previous years, it hasn't been that normal in the event that anything, at that point by blemishes in the convention. Source: www.google.com A DDoS assault, or appropriated forswearing of-administration assault, is like DoS yet is progressively powerful. It's harder to conquer a DDoS assault. It's propelled from a few computers, and the number of computers included can run from only a few them to thousands or significantly more. Since almost certainly, not those machines have a place with the aggressor, they are undermined and added to the assailant's system by malware. These computers can be circulated around the whole globe, and that system of traded off computers is known as a botnet. Since the assault originates from such a large number of various IP addresses all the while, a DDoS assault is considerably harder for the unfortunate casualty to find and safeguard against. ( securitytrails.com ) 1.7. Phishing Phishing is a strategy for social designing with the objective of acquiring delicate information, for example, passwords, usernames, Mastercard numbers.