


















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Assignment 1 security for pass
Typology: Assignments
1 / 26
This page cannot be seen from the preview
Don't miss anything!



















Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 04/08/2023 Date Received 1st submission 04/08/ Re-submission Date Date Received 2nd submission Student Name Nguyễn Minh Phụng Student ID GBH Class GCH1106 Assessor name Hà Trọng Thắng Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid
Terrorists and hacktivists: Similar to the threat posed by national governments, the degree of harm these actors can cause depends on our actions. However, there is always a chance of being the victim of a random assault because some terrorists may target particular businesses or countries. Organized crime: Criminals seek personal data for a variety of reasons, including bank account fraud, identity theft, and credit card fraud. Unfortunately, these illegal actions have spread widely. While their methods may differ, the end result is always the same: malevolent individuals gather and use your data for their own sinister ends. Corporates: The fear of competitors stealing our intellectual property is real, but as we work more closely with different partner companies to fill skill and resource gaps or provide services, new dangers start to surface. These partner companies might make an attempt to steal or reveal the intellectual property or personal information that we have protected.
2. Type of threats that organizations will face a. Virus A computer virus (virus) is malicious computer code that, like its biological counterpart, reproduces on the same computer. Strictly speaking a computer virus replicates itself (or an evolved copy of itself) without any human intervention. Types of viruses: Macro: A macro virus is a series of instructions that can be grouped together as a single command. Often macros are used to automate a complex set of tasks or a repeated series of tasks. Marcos can be written by using macros language and are stored within the user document. Once the document is opened, the Marco instructions then execute, whether those instructions have begun or a Marco virus. File viruses : A file-infecting virus is a type of malware that infects executable files with the intent to cause permanent damage or make them unusable. A file-infecting virus overwrites code or inserts infected code into an executable file. Boot sector viruses: An infection of the computer storage sector containing startup files by malware is known as a boot sector virus. All of the files necessary to launch the operating system (OS) and other bootable programs are located in the boot sector. b. Worms A worm is a malicious program that uses a computer network to replicate (worms are sometimes called network viruses). A worm is designed to enter a computer through the network and then take advantage of vulnerability in an application or an operating system on the host computer. Once the worm has exploited the vulnerability on one system, it immediately searches for another computer on the network that has the same vulnerability
Types of worms: Email: Carried inside files sent as email attachments Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads Downloads & FTP Servers: May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server and thus all outbound FTP transmissions Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network c. Spyware Spyware: spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge. It invades the device, steals sensitive information and internet usage data, and relays it to advertisers, data firms or external users. (Gills, 2023) d. Adware Adware: adware is a type of malware that triggers nuisances such as popup ads and banners when user visits certain websites. Affect productivity and may combine with active background activities. It collects and tracks information about applications, websites and internet activity.
3. Recent security breach, its consequence a. T-Mobile (January and May 2023) It was announced in May that T-Mobile suffered its second data breach of 2023, after a hack revealed the PINs, full names, and phone numbers of over 800 customers. This is the company’s ninth data breach since 2018 and second this year. In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems last November and stole personal information – including names, emails, and birthdays – from over 37 million customers. Once they identified the data breach, they were able to track down the source and contain it within a day. (July 10,
Consequence: T-Mobile claims they may “incur significant expenses” from this data breach, which will be on top of the $350 million they agreed to pay customers in a settlement related to an August 2021 data breach. Not only has T-Mobile lost hundreds of millions of dollars because of security vulnerabilities, they have also lost customers’ trust after multiple breaches of personal information. (July 10, 2023) b. Yum! Brands (KFC, Taco Bell, Pizza Hut) (April 2023) Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April of 2023 that a cyber-attack had occurred in January. They initially believed the attack only
b. Update software security Professionals advise routinely updating all operating systems and application software. When patches are available, install them. When programs aren't constantly patched and updated, your network is exposed. Baseline Security Analyzer, a product from Microsoft, can now be used to periodically check that all programs are patched and current. This is a simple and affordable way to fortify your network and thwart attacks before they start c. Develop a cyber breach response plan Few companies have a sound breach response plan in place. Employers should be very transparent concerning the scope of the breach. Developing a comprehensive breach preparedness plan enables both the employees and the employer to understand the damages that could occur. The government's OPM break-in was handled very poorly. d. Difficult to decipher password Businesses rarely intervened in the frequency of password changes required of their employees in the past. Recent cyberattacks have altered everything. One thing that security professionals will emphasize when they visit your organization to train your staff is the importance of routinely changing all passwords. Most people are now aware of how crucial it is to make passwords challenging to crack. We have mastered the use of capital letters, numbers, and special characters when creating passwords, even on our home PCs. Make it as difficult as you can for burglars to enter and steal your belongings e. Conduct employee security awareness training. It is necessary to train employees on security knowledge on a regular basis. This will help businesses take preventive measures right from the start instead of having to go through the consequences after the incident occurs. II. Organizational security procedures
1. Definition of security procedures Security procedures are comprehensive, step-by-step guides for carrying out, enabling, or enforcing the security measures listed in your company's security policies. Both the numerous hardware and software elements that support your business processes and any security-related business processes themselves should be covered by security procedures. 2. 3 security procedures a. Disaster recovery plan
A disaster recovery plan (DRP) specifies the steps to be taken in order to restore resources following a disaster. A BCP includes a DRP. The return of resources to a state where they are usable, as required by the BCP, must be ensured. By recognizing potential events that could harm resources required to sustain crucial business processes, the DRP enhances and supports the BCP. A list of the resources required to support each business function is already present in the BCP. The next stage in creating a DRP is to think about potential outcomes for each resource. A business continuity plan (BCP) is a written plan for a structured response to any events that result in an interruption to critical business activities or functions. Threats analysis: A threat analysis involves identifying and documenting threats to critical resources. Before you can recover from a disaster, you need to consider what types of disasters are possible and what types of damage they can cause. For example, recovering from a data-center fire is different from recovering from a flu epidemic. Some common threats include the following:
Change control procedures ensure that a change does not happen without following the right steps. This helps you avoid problems such as scope creep, which allows unauthorized changes to sneak into a system. It also helps avoid problems caused by lack of oversight, by lack of testing, or by making changes without proper authorization
d. Remote access control A written document defining rules for connecting to a network from off-site is known as a remote access policy. As remote work continues to gain popularity, it is one technique to help secure corporate data and networks. It is especially helpful for large firms with geographically distributed people logging in from unsafe sites like their home networks. Ensuring policy compliance is a joint responsibility of IT management and workers. Remote work has introduced new challenges, such as potential computer and network security risks. Guidelines for remote access, as well as other rules, are desperately needed. When remote users join the network, a remote access policy directs them. It broadens the rules that control how computers and networks are used at work, including the password policy. As long as their devices comply with the rules, it helps ensure that only those users who need network access are permitted access. It assists in defending the network against potential security issues when properly deployed. An exhaustive list of everything that should be covered by a remote access policy, from the kinds of people who might be allowed network access from outside the office to the kinds of devices that can connect to the network. Employees are required to sign a written acceptance of the remote access policy. The policy should also have any other documents that are mentioned in it attached. A combination of automatic and manual methods can be used to enforce strict implementation, which is a requirement. III. The potential impact to IT security of incorrect configuration of firewall policies and IDS
1. Firewall and policies, their usage and advantages in a network
A firewall policy dictates how firewalls should handle network traffic for specific IP addresses and address ranges, protocols, applications, and content types (e.g., active content) based on the organization’s information security policies. Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances. This risk analysis should be based on an evaluation of threats; vulnerabilities; countermeasures in place to mitigate vulnerabilities; and the impact if systems or data are compromised. Firewall policy should be documented in the system security plan and maintained and updated frequently as classes of new attacks or vulnerabilities arise, or as the organization’s needs regarding network applications change. The policy should also include specific guidance on how to address changes to the ruleset. Generally, firewalls should block all inbound and outbound traffic that has not been expressly permitted by the firewall policy—traffic that is not needed by the organization. This practice, known as deny by default, decreases the risk of attack and can also reduce the volume of traffic carried on the organization’s networks. Because of the dynamic nature of hosts, networks, protocols, and applications, denying by default is a more secure approach than permitting all traffic that is not explicitly forbidden. Firewall usage:
IDS usage in network: When placed at a strategic point or points within a network to monitor traffic to and from all devices on the network, an IDS will perform an analysis of passing traffic, and match the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. IDS usage:
transmitted up the stack. They are capable of spotting things like DNS poisonings and Christmas tree scans. A network security appliance or a software program running on client hardware can both be used to construct an intrusion detection system (IDS). There are currently solutions for cloud-based intrusion detection to protect data and systems in cloud deployments.
5. Potential impact of a firewall and IDS if they are incorrectly configured in a network a. Firewall A misconfiguration and harm the organization and provide an attacker with simple access. Firewall misconfigurations can lead to three severe outcomes: