Assignment 1 - security for pass, Assignments of Information Technology

Assignment 1 security for pass

Typology: Assignments

2022/2023

Uploaded on 09/30/2023

nguyen-van-truong-fgw-hn
nguyen-van-truong-fgw-hn 🇻🇳

5

(1)

19 documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
04/08/2023
Date Received 1st submission
04/08/2023
Re-submission Date
Date Received 2nd submission
Student Name
Nguyễn Minh Phụng
Student ID
GBH211058
Class
GCH1106
Assessor name
Trọng Thắng
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download Assignment 1 - security for pass and more Assignments Information Technology in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 04/08/2023 Date Received 1st submission 04/08/ Re-submission Date Date Received 2nd submission Student Name Nguyễn Minh Phụng Student ID GBH Class GCH1106 Assessor name Hà Trọng Thắng Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

Table of Contents

  • Introduction
  • and discuss its consequences I. Types of security threat to organizations. Give an example of a recently publicized security breach
      1. Threat and threat agents to organization
      1. Type of threats that organizations will face
      • a. Virus
      • b. Worms
      • c. Spyware
      • d. Adware
      1. Recent security breach, its consequence
      • a. T-Mobile (January and May 2023)
      • b. Yum! Brands (KFC, Taco Bell, Pizza Hut) (April 2023)
      • c. MOVEit (June 2023)
      1. Solution
      • a. Limit to the most important data
      • b. Update software security
      • c. Develop a cyber breach response plan
      • d. Difficult to decipher password
  • II. Organizational security procedures...........................................................................................................
      1. Definition of security procedures
      1. 3 security procedures
      • a. IEEE 802. 1x
      • b. Sequence of change control procedure
      • c. Decrypted and encrypted document
  • III. The potential impact to IT security of incorrect configuration of firewall policies and IDS
      1. Firewall and policies, their usage and advantages in a network
      • a. Firewalls
      • b. Policy
      1. How does a firewall provide security to a network
      1. Intrusion detection system (IDS)
      1. Potential impact of a firewall and IDS if they are incorrectly configured in a network
      • a. Firewall
      • b. IDS
  • improve Network security IV. Show using an example for each, how implementing a DMZ static IP and NAT in a network can - 1. Define and discuss with the aid of Demilitarized Zone (DMZ) - a. Definition - b. The importance of DMZ - c. How does a DMZ work - d. Benefit of using DMZ
      1. Define and discuss with the aid of diagram static IP.........................................................................................
      1. Define and discuss with the aid of diagram with network address translation (NAT).............................
  • Conclusion

Terrorists and hacktivists: Similar to the threat posed by national governments, the degree of harm these actors can cause depends on our actions. However, there is always a chance of being the victim of a random assault because some terrorists may target particular businesses or countries. Organized crime: Criminals seek personal data for a variety of reasons, including bank account fraud, identity theft, and credit card fraud. Unfortunately, these illegal actions have spread widely. While their methods may differ, the end result is always the same: malevolent individuals gather and use your data for their own sinister ends. Corporates: The fear of competitors stealing our intellectual property is real, but as we work more closely with different partner companies to fill skill and resource gaps or provide services, new dangers start to surface. These partner companies might make an attempt to steal or reveal the intellectual property or personal information that we have protected.

2. Type of threats that organizations will face a. Virus A computer virus (virus) is malicious computer code that, like its biological counterpart, reproduces on the same computer. Strictly speaking a computer virus replicates itself (or an evolved copy of itself) without any human intervention. Types of viruses: Macro: A macro virus is a series of instructions that can be grouped together as a single command. Often macros are used to automate a complex set of tasks or a repeated series of tasks. Marcos can be written by using macros language and are stored within the user document. Once the document is opened, the Marco instructions then execute, whether those instructions have begun or a Marco virus. File viruses : A file-infecting virus is a type of malware that infects executable files with the intent to cause permanent damage or make them unusable. A file-infecting virus overwrites code or inserts infected code into an executable file. Boot sector viruses: An infection of the computer storage sector containing startup files by malware is known as a boot sector virus. All of the files necessary to launch the operating system (OS) and other bootable programs are located in the boot sector. b. Worms A worm is a malicious program that uses a computer network to replicate (worms are sometimes called network viruses). A worm is designed to enter a computer through the network and then take advantage of vulnerability in an application or an operating system on the host computer. Once the worm has exploited the vulnerability on one system, it immediately searches for another computer on the network that has the same vulnerability

Types of worms: Email: Carried inside files sent as email attachments Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads Downloads & FTP Servers: May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server and thus all outbound FTP transmissions Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network c. Spyware Spyware: spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge. It invades the device, steals sensitive information and internet usage data, and relays it to advertisers, data firms or external users. (Gills, 2023) d. Adware Adware: adware is a type of malware that triggers nuisances such as popup ads and banners when user visits certain websites. Affect productivity and may combine with active background activities. It collects and tracks information about applications, websites and internet activity.

3. Recent security breach, its consequence a. T-Mobile (January and May 2023) It was announced in May that T-Mobile suffered its second data breach of 2023, after a hack revealed the PINs, full names, and phone numbers of over 800 customers. This is the company’s ninth data breach since 2018 and second this year. In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems last November and stole personal information – including names, emails, and birthdays – from over 37 million customers. Once they identified the data breach, they were able to track down the source and contain it within a day. (July 10,

Consequence: T-Mobile claims they may “incur significant expenses” from this data breach, which will be on top of the $350 million they agreed to pay customers in a settlement related to an August 2021 data breach. Not only has T-Mobile lost hundreds of millions of dollars because of security vulnerabilities, they have also lost customers’ trust after multiple breaches of personal information. (July 10, 2023) b. Yum! Brands (KFC, Taco Bell, Pizza Hut) (April 2023) Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April of 2023 that a cyber-attack had occurred in January. They initially believed the attack only

b. Update software security Professionals advise routinely updating all operating systems and application software. When patches are available, install them. When programs aren't constantly patched and updated, your network is exposed. Baseline Security Analyzer, a product from Microsoft, can now be used to periodically check that all programs are patched and current. This is a simple and affordable way to fortify your network and thwart attacks before they start c. Develop a cyber breach response plan Few companies have a sound breach response plan in place. Employers should be very transparent concerning the scope of the breach. Developing a comprehensive breach preparedness plan enables both the employees and the employer to understand the damages that could occur. The government's OPM break-in was handled very poorly. d. Difficult to decipher password Businesses rarely intervened in the frequency of password changes required of their employees in the past. Recent cyberattacks have altered everything. One thing that security professionals will emphasize when they visit your organization to train your staff is the importance of routinely changing all passwords. Most people are now aware of how crucial it is to make passwords challenging to crack. We have mastered the use of capital letters, numbers, and special characters when creating passwords, even on our home PCs. Make it as difficult as you can for burglars to enter and steal your belongings e. Conduct employee security awareness training. It is necessary to train employees on security knowledge on a regular basis. This will help businesses take preventive measures right from the start instead of having to go through the consequences after the incident occurs. II. Organizational security procedures

1. Definition of security procedures Security procedures are comprehensive, step-by-step guides for carrying out, enabling, or enforcing the security measures listed in your company's security policies. Both the numerous hardware and software elements that support your business processes and any security-related business processes themselves should be covered by security procedures. 2. 3 security procedures a. Disaster recovery plan

A disaster recovery plan (DRP) specifies the steps to be taken in order to restore resources following a disaster. A BCP includes a DRP. The return of resources to a state where they are usable, as required by the BCP, must be ensured. By recognizing potential events that could harm resources required to sustain crucial business processes, the DRP enhances and supports the BCP. A list of the resources required to support each business function is already present in the BCP. The next stage in creating a DRP is to think about potential outcomes for each resource. A business continuity plan (BCP) is a written plan for a structured response to any events that result in an interruption to critical business activities or functions. Threats analysis: A threat analysis involves identifying and documenting threats to critical resources. Before you can recover from a disaster, you need to consider what types of disasters are possible and what types of damage they can cause. For example, recovering from a data-center fire is different from recovering from a flu epidemic. Some common threats include the following:

  • Fire
  • Flood
  • Hurricane
  • Tornado
  • Disease
  • Earthquake
  • Cyberattack
  • Sabotage
  • Utility outage
  • Terrorism Impact scenarios: Documenting anticipated impact scenarios is the next stage in developing a thorough DRP after defining potential risks. The DRP is built on these principles. Most firms create a more thorough plan by preparing for the worst-case scenario rather than concentrating on smaller problems. A DRP that focuses exclusively on smaller concerns may overlook a more comprehensive approach. To recover from the loss of numerous resources at once, a bigger approach is required. An impact scenario like "Loss of Building" will most likely include all essential business operations and the worst-case scenario resulting from any given danger. If an organization has multiple buildings, a DRP might incorporate more impact scenarios. Additionally, a strong DRP could include additional, more detailed impact scenarios. Your plan might contain a scenario that deals with the loss of a particular floor in a building, for instance. The resources required to migrate from one place to another are often underestimated in plans. Don't forget the tools you'll need to carry out each phase of your plan. A recovery strategy that falls short simply because you couldn't get your equipment to a different location with a vehicle big enough for the job isn't a very good strategy.

Change control procedures ensure that a change does not happen without following the right steps. This helps you avoid problems such as scope creep, which allows unauthorized changes to sneak into a system. It also helps avoid problems caused by lack of oversight, by lack of testing, or by making changes without proper authorization

  1. Request: all proposed changes are described in writing and submit the change request to the change control committee for review.
  2. Impact assessment: The impact assessment step assesses how the modification would affect the system's or project's budget, resources, and security.
  3. Approval: The approval (or, in some cases, disapproval) stage is the formal review and acceptance (or rejection) of the change by the change control committee.
  4. Build/test: The build/test stage is the actual development or building of the change according to the approved change document. You then must test the change to ensure that it does not cause unexpected problems for other systems or components. This testing might include regression testing and an in-depth review of the security of the modified product.
  5. Implement: the installation process can be scheduled when testing and improving the change for release. This is where adequate separation of duties ensures that no one person can make the change without proper review and oversight. The final hurdle is notifying management that you have made the change successfully.
  6. Monitor: in this stage, all systems must be monitored to ensure that the system, program, network, and other resources are working correctly. Any user issues or requests are addressed by using the organization’s problem solution procedures. c. Decrypted and encrypted document
  7. After creating a memo, Bob generates a digest on it.
  8. Bob then encrypts the digest with his private key. This encrypted digest is the digital signature for the memo.
  9. Bob sends both the memo and the digital signature to Alice.
  10. When Alice receives them, she decrypts the digital signature using Bob’s public key, revealing the digest. If she cannot decrypt the digital signature, then she knows that it did not come from Bob (because only Bob’s public key is able to decrypt the digest generated with his private key).
  11. Alice then hashes the memo with the same hash algorithm Bob used and compares the result to the digest she received from Bob. If they are equal, Alice can be confident that the message has not changed since he signed it. If the digests are not equal, Alice will know the message has changed since it was signed.

d. Remote access control A written document defining rules for connecting to a network from off-site is known as a remote access policy. As remote work continues to gain popularity, it is one technique to help secure corporate data and networks. It is especially helpful for large firms with geographically distributed people logging in from unsafe sites like their home networks. Ensuring policy compliance is a joint responsibility of IT management and workers. Remote work has introduced new challenges, such as potential computer and network security risks. Guidelines for remote access, as well as other rules, are desperately needed. When remote users join the network, a remote access policy directs them. It broadens the rules that control how computers and networks are used at work, including the password policy. As long as their devices comply with the rules, it helps ensure that only those users who need network access are permitted access. It assists in defending the network against potential security issues when properly deployed. An exhaustive list of everything that should be covered by a remote access policy, from the kinds of people who might be allowed network access from outside the office to the kinds of devices that can connect to the network. Employees are required to sign a written acceptance of the remote access policy. The policy should also have any other documents that are mentioned in it attached. A combination of automatic and manual methods can be used to enforce strict implementation, which is a requirement. III. The potential impact to IT security of incorrect configuration of firewall policies and IDS

1. Firewall and policies, their usage and advantages in a network

A firewall policy dictates how firewalls should handle network traffic for specific IP addresses and address ranges, protocols, applications, and content types (e.g., active content) based on the organization’s information security policies. Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances. This risk analysis should be based on an evaluation of threats; vulnerabilities; countermeasures in place to mitigate vulnerabilities; and the impact if systems or data are compromised. Firewall policy should be documented in the system security plan and maintained and updated frequently as classes of new attacks or vulnerabilities arise, or as the organization’s needs regarding network applications change. The policy should also include specific guidance on how to address changes to the ruleset. Generally, firewalls should block all inbound and outbound traffic that has not been expressly permitted by the firewall policy—traffic that is not needed by the organization. This practice, known as deny by default, decreases the risk of attack and can also reduce the volume of traffic carried on the organization’s networks. Because of the dynamic nature of hosts, networks, protocols, and applications, denying by default is a more secure approach than permitting all traffic that is not explicitly forbidden. Firewall usage:

  • Prevent the Passage of unwanted Content: There is a lot of unpleasant or poor-quality information available online. Such hazardous content can quickly infect the system without a strong firewall. Fortunately, by 2020, the majority of operating systems will come with reliable firewalls that prevent users from accessing unwanted and dangerous internet information, making online activity safer.
  • Prevent unauthorized remote access: Today's unethical hackers are constantly looking for ways to compromise weak systems. Many computer users are unaware of potential users who have access to their systems. A strong firewall is necessary to protect critical data, transactions, and information. Leaks of confidential information and its exposure in the corporate environment can lead to major losses and even business failure.
  • Prevent indecent content: Due to the internet's extensive user base, particularly teenagers and other young people, have access to immoral material. This information's negative impact is growing quickly. Whatever the form, exposure to explicit content can have negative impacts on young minds, resulting in strange habits and immoral actions.
  • Guarantees security based on protocol and IP address: Hardware firewalls work well for examining traffic patterns depending on particular protocols. When a link is made, they keep track of all actions connected to it, which improves system security. Network Address Translation (NAT), a different kind of firewall, offers strong protection against external attacks aimed at network machines. These machines become independent and protected from any dangers coming from outside the network thanks to NAT, which makes sure that their IP addresses can only be accessed within their own network.
  • Protect seamless operation in enterprise: Enterprise software and systems are becoming increasingly important in the modern corporate environment. Authorized parties can effectively use and alter data to support corporate operations thanks to decentralized distribution techniques and ubiquitous data access. Given the breadth of the network and the enormous amount of data involved, users can log in to their systems using credentials from any machine connected to the network. With this strategy, information is easily accessible and organizational productivity is increased.
  • Protect conversation and coordination content: Companies in the service sector usually keep in constant contact with their external clientele. They routinely transmit crucial information to internal and client teams during various joint endeavors. Since much of the content created during these coordinating efforts is confidential, careful protection is required. No firm can afford the costs incurred by illegal access to such sensitive information. Therefore, it is crucial to uphold strong confidentiality standards in order to protect sensitive data.
  • Prevent destructive content from online videos and games: they can watch movies on a variety of websites, and some even let them download movies or games. Similar to this, there are numerous websites where you can play and download games. With the exception of a few well-known websites, very few websites guarantee access security. Additionally, viruses and harmful software frequently attempt to infect users' computers. A firewall is a necessary component of the system since it protects the user's computer from virus attacks caused by online games or movies. 2. How does a firewall provide security to a network A firewall acts as a barrier between your computer (or network) and the Internet. A firewall is a program or hardware component that filters Internet packets before they reach your computer or computer network. A firewall's ability to let or prohibit network communication between devices depends on the rules that a firewall administrator has set up or configured. Packets can be filtered by a firewall in one of two ways. Stateless packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator. Stateful packet filtering keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions. For example, a stateless packet filter firewall might allow a packet to pass through because it is intended for a specific computer on the network. However, a stateful packet filter would not let the packet pass if that internal network computer did not first request the information from the external server.

IDS usage in network: When placed at a strategic point or points within a network to monitor traffic to and from all devices on the network, an IDS will perform an analysis of passing traffic, and match the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. IDS usage:

  • The system uses a number of security mechanisms in addition to intrusion detection and prevention to recognize, stop, and recover from intrusions. The functioning of routers, firewalls, key management servers, and crucial files that are necessary for other security procedures are all continuously monitored.
  • Although critical operating system audit trails and other logs may be difficult for non-experts to follow or understand, the system enables administrators to simply change, monitor, and analyze them.
  • Non-expert staff members can effectively assist with system security management thanks to a user- friendly interface. A sizable attack signature database is also incorporated into the system, enabling information from the system to be compared to known attack patterns.
  • The Intrusion Detection System (IDS) immediately creates an alarm to alert the user when a security breach is discovered. When it discovers altered data files, it can take proactive steps to stop attackers or prohibit access to the server, strengthening the system's ability to defend against prospective threats and avert additional damage. How does IDS work: IDS (intrusion detection systems) spot anomalies to apprehend hackers before they seriously damage a network. IDSs may be host-based or network-based. A host-based intrusion detection system is installed on the client computer, whereas a network-based intrusion detection system is present. Systems for detecting intrusions look for indications of previous assaults as well as departures from the norm. At the protocol and application layers, these deviations or abnormalities are investigated and

transmitted up the stack. They are capable of spotting things like DNS poisonings and Christmas tree scans. A network security appliance or a software program running on client hardware can both be used to construct an intrusion detection system (IDS). There are currently solutions for cloud-based intrusion detection to protect data and systems in cloud deployments.

5. Potential impact of a firewall and IDS if they are incorrectly configured in a network a. Firewall A misconfiguration and harm the organization and provide an attacker with simple access. Firewall misconfigurations can lead to three severe outcomes:

  • Compliance violations: A properly configured firewall is necessary for businesses to comply with PCI standards or regulations in retail, finance or healthcare. Noncompliance leads to fines. (Wilson, 2023)
  • Breach avenues: A firewall misconfiguration that results in unintended access can open the door to breaches, data loss and stolen or ransomed IP. (Wilson, 2023)
  • Unplanned outages: A misconfiguration could prevent a customer from engaging with business, and that downtime leads to lost revenues. For example, large e-commerce businesses could lose thousands or even millions of dollars until the error is corrected (Wilson, 2023) b. IDS Susceptible to Protocol Based Attacks: A NIDS analyzes protocols as they are captured, which means that they face the same protocol-based attacks as network hosts. IDS can be crushed by protocol analyzer bugs and invalid data. Will Not Prevent Incidents by Themselves: An IDS don’t impede or forestall assaults; they simply help to uncover them. Along these lines, an IDS should be important for an extensive arrangement that incorporates other safety efforts and staff who know how to respond fittingly. Using Shared Network Resources to gather NIDS data: Often NIDS administrators will deploy NIDS sensors on single NIC or multihomed devices on the network that have one or more connections to production network segments. The implication of this configuration is that the NIDS sensor will send data captures over the same interface on which the sensor is sensing. This is a less than optimal security configuration because the same interface is used to collect data and report it to centralized reporting databases. An attacker can leverage this network configuration to do one of two things:
  • Disable the IDS and prevent it from sending an alert, or
  • Intercept the data being transferred to the reporting database before it reaches the database and change the nature of the data, which could potentially be done with a man in the middle attack