Assessing IT Security Threats: Methods and Solutions, Assignments of Information Technology

An in-depth analysis of methods required to assess it security threats, focusing on fpt information security (fis) in vietnam. It discusses various essential methods, including identifying potential threats, evaluating their impact, and mitigation strategies. The document also explores common it security threats such as malware and incident response planning, and suggests solutions like robust security measures and zero-trust architecture.

Typology: Assignments

2023/2024

Uploaded on 04/04/2024

dragon-tv-troll
dragon-tv-troll 🇻🇳

4

(1)

12 documents

1 / 58

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
ASSIGNMENT 1 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
6/3/2024
Date Received 1st submission
Re-submission Date
Date Received 2nd submission
Student Name
Truong Van Diep
Student ID
BH00666
Class
SE06203
Assessor name
Luu Van Thuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Diep
Grading grid
P1
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a

Partial preview of the text

Download Assessing IT Security Threats: Methods and Solutions and more Assignments Information Technology in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 6/3/2024 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Truong Van Diep Student ID BH Class SE06203 Assessor name Luu Van Thuan Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Diep Grading grid P1 P2 P3 P4 M1 M2 D

 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date: Internal Verifier’s Comments: Signature & Date:

  • I. Introduction
  • II. Body
    • Discuss types of security risks to organisations (P1)
        1. Define IT risks
        1. Discuss types of risks to organizations
        1. Threats that organizations will face
      • 4 Prevention Measures
      • 5 What are the recent security breaches?.........................................................................................................
      • 6 Discuss the consequences of this breach
      • 7 Suggest solutions to organizations
    • Assess organisational security procedures (P2)......................................................................................................
        1. What is a Security Procedure?
        1. Why are Security Procedures Important?
        1. Organizational security procedures
    • Analyse the benefits of implementing network monitoring systems with supporting reasons (M1)
        1. List some of the networking monitoring devices and discuss each of them.
        1. What are the current weakness or threat of the organization?
        1. What are the benefits of monitoring a network?
    • (P3) Discuss the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs
        1. Discuss briefly firewalls and policies,
        1. How does a firewall provide security to a network?
        1. VPN
      • a network 4. Write down the potential impact (Threat-Risk) of a firewall and VPN if they are incorrectly configured in
    • network security (P4) Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
        1. Define and discuss with the aid of diagram DMZ.
        1. Define and discuss with the aid of diagram static IP.
        1. Define and discuss with the aid of diagram NAT
    • Propose a method to assess and treat IT security risks (M2)
      1. Discuss methods required to assess security threats?
      1. What is the current weakness or threats of an organization?
      1. What tools will you propose to treat IT security risks?
  • III. Conclusion
  • IV. Evaluate
  • V.References
  • VI. Slide
  • Figure 1:Worm Table of Figures
  • Figure 2:Virus
  • Figure 3: Trojans
  • Figure 4: Adware
  • Figure 5: Ransomware
  • Figure 6: Phishing
  • Figure 7:Whaling
  • Figure 8: Clickjacking...................................................................................................................................................
  • Figure 9:XSS
  • Figure 10:CSRF
  • Figure 11:SQL injection
  • Figure 12:Sniffing
  • Figure 13:Eavesdropping
  • Figure 14: Spoofing
  • Figure 15:Ddos
  • Figure 16:
  • Figure 17: Firewall.......................................................................................................................................................
  • Figure 18:VPN
  • Figure 19: Network diagram
  • Figure 20:diagram
  • Figure 21:DMZ
  • Figure 22:Security Benefits of DMZ
  • Figure 23:Applications of DMZ
  • Figure 24:Importance of DMZ.....................................................................................................................................
  • Figure 25:NAT

I. Introduction Nowadays, the issue of information security is always a top concern for businesses. Therefore, there are companies specialized in providing information security services, and FPT Information Security (FIS) is one of them. FPT Information Security (FIS) is a leading information security consulting company in Vietnam, specializing in advising and implementing technical solutions to address potential IT security risks for medium-sized companies. Many of our clients have entrusted their security concerns to FIS due to a lack of in-house technical expertise. As an intern for the position of security expert at FIS, my manager, Jonson, has requested me to create a compelling presentation to train subordinates on tools and techniques related to identifying and evaluating IT security risks, along with the organization's policies to protect data and critical business devices. In this article, I will delve into various essential methods for assessing security threats, including discussing the types of security risks that FIS may encounter, security procedures, the consequences of misconfigured VPNs and Firewalls. Furthermore, we will explore three fundamental network security concepts—Demilitarized Zone (DMZ), Static IP addresses, and Network Address Translation (NAT). By providing real-life examples for each of these concepts, this discussion aims to provide valuable insights into the practical application of these concepts, ensuring the protection of the organization's digital assets and ensuring the security, integrity, and availability of its data and services.

need to focus on building savings so that they can maintain a steady cash flow for their operations. They also need to work on creating a budget that is a part of their main business plan with a low overhead that can last them through all economic cycles.

  • Security Risk: There are a lot of threats to the company when it comes to cybersecurity. Businesses need to protect themselves from threats like hacking, data breaches, identity theft, and payment fraud. A breach in the company is bad for the organization’s reputation as well. It affects the company’s image and can lead to a loss in consumer trust.
  • Operational Risk : This risk refers to potential losses from inadequate or failed internal processes, people, and systems, or from external events.
  • Reputational Risk : This is the risk of damage to a company’s reputation, which can lead to loss of revenue or increased operating, capital, or regulatory costs. These risks can be managed through effective risk management strategies4. It’s important for organizations to identify, assess, and prioritize these risks to mitigate their impact. Effective risk management can help organizations anticipate and prepare for potential risks, thereby reducing their potential impact and improving the organization’s resilience. **(Team, 2022)
  1. Threats that organizations will face a, Malware attacks** Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft puts it, “[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.” In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it. This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus). (Fruhlinger, 2019)

Type of malware There are a number of different ways of categorizing malware; the first is by how the malicious software spreads. You’ve probably heard the words virus, trojan, and worm used interchangeably, but as Symantec explains, they describe three subtly different ways malware can infect target computers:

  • Worm Figure 1 :Worm A computer worm is a type of malicious software designed to replicate and spread to other computers while remaining active on the infected systems. A computer worm is a self-replicating malware that propagates to other computers. Worms typically use automated and stealthy methods against the users of the operating system. Usually, worms only attract attention when their uncontrolled replication consumes system resources, slowing down or temporarily halting other tasks How does worm spreads? Computer worms spread without user interaction. All that is needed is for the computer worm to become active on the infected system. Before networks were widely used, computer worms were spread through infected storage media, such as floppy disks, which, when mounted on the system, would infect other connected storage devices. with system. USB remains a popular vector for computer worms.
  • Virus Figure 2 :Virus

A Trojan disguises itself as desirable code or software. Once downloaded by unsuspecting users, the Trojan can take control of victims’ systems for malicious purposes. Trojans may hide in games, apps, or even software patches, or they may be embedded in attachment s included in phishing emails. How does Trojans horse attack? A Trojan disguises itself as desirable code or software. Once downloaded by unsuspecting users, the Trojan can take control of victims’ systems for malicious purposes. Trojans may hide in games, apps, or even software patches, or they may be embedded in attachments included in phishing emails. Here’s a Trojan malware example to show how it works. You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device. When you execute the program, the malware can spread to other files and damage your computer

  • Adware Source: vietnambiz.vn Figure 4 : Adware Adware, which is the common term for advertisement-supporting software, monitors your online activities to serve up targeted ads. This can cause your device to suddenly start displaying a bunch of advertisements that seemingly take over your screen. In many cases, experts consider adware a type of malware because it’s intrusive and often operates without the victim’s knowledge. Adware is a way for unscrupulous advertisers and cybercriminals to make money off you. They use this tool to infiltrate your machine or browser to track your online activities and display ads based on that data. It’s kind of like having a shady person with a camera following you around all the time, recording everything you do. While in some situations it’s “just” an annoyance, in others it can be dangerous and invasive.

As you can imagine, adware can have a significant effect on your device’s performance. Whenever you go online, pop-ups and other unwanted ads may bombard you. And while many of the ads are just annoying, others may contain malware or link to malicious websites. Every time you work online, there will be tons of pop-ups in your browser. Another harmful effect of adware is slower internet browsing speeds. Adware (and all of the pop-ups it creates) eats up your data and bandwidth, thereby affecting your work capabilities. Your personal choices and interests are sent to these shady advertisers for marketing purposes via these ad-promoting malware. Hence, you will find that the ads displayed are customized for you. How does adware work? The adware, which works well with most web browsers, can track which websites users visit and then display ads based on the types of websites that have been viewed. Adware, while sometimes intrusive and annoying, is usually not a threat to computer systems. Computer users are hardly aware of adware and are rarely aware of its existence. In general, adware generates revenue in two ways: displaying ads to users and pay-per-click payments made if the user clicks on the ad. (Hang, 2020)

  • Ransomware Figure 5 : Ransomware Ransomware is an encrypted virus, considered by the US Department of Justice to be a modern model of cybercrime with the risk of damaging the global network system. When ransomware infects a computer, it encrypts or blocks access to data on the disk. To operate normally again, users must transfer money to their account to remove the ransomware. Operation Mechanism: When infecting a user's computer, ransomware encrypts data files into unfamiliar character extensions. For example: *.Doc > *.docm; *.xls > *.cerber, etc. Each time, the encryption extensions vary, posing a challenge for identification. Infected computers do not display notifications from hackers. A computer infected with ransomware increases the likelihood of other systems in the network facing similar issues.

Cybercriminals masquerade as legitimate entities (retailers, service providers, or government agencies) to extract seemingly benign information like email addresses, phone numbers, or family members’ names. Phishing remains one of the most prevalent cyberattacks, especially during events like the COVID- 19 pandemic.

  • Whaling Figure 7 :Whaling A cyber attack known as “whaling” occurs when a hacker uses spear phishing techniques to target a significant, high-profile target, such as the executive suite. They may have received extensive security awareness training due to their public profile, and the security team may have more stringent policies and robust tools in place to protect them. How Do Whaling Attacks Work? The attacker first conducts thorough research on the key players of the targeted organization and their executives. They collect information from various sources, including social media and the company’s website, to better understand the company culture and the targeted person’s roles and responsibilities. Attackers then craft a convincing email that appears to come from a legitimate source and someone that the victim trusts. They use social engineering methods to create a sense of urgency regarding their demand. They do this by using persuasive language and convincing the attacker to do things needing immediate action. To ensure they look credible, hackers spoof emails and phone addresses to make it seem like they are communicating from a legitimate source. They can impersonate the characteristics of the company’s CEO or Executive to deceive the target. The attackers can exploit the vulnerability of the attacker by playing on their trust. Once the victim falls into the trap, they can ask the victim to share personal information or install Malware on their device to steal confidential data. If the phishing attempt is successful, the attacker gains access to confidential information, can hack into the target’s account, and even steal the financial assets of an organization. Not only does the victim

experience financial loss, but the company’s reputation also gets damaged.Operation: Users unknowingly

install malicious software while seeking the promised reward. For example, a user might download a fake movie file that contains malware c. Web application attacks

A web application is software that runs on a web server and can be accessed by a user through a web browser with an active internet connection. This differs from local software apps, which run directly on a user’s device. Web applications are usually easy to install on the user’s end, and can often be customized to meet a business’s specifications. Web application examples include hosted email and messaging, content management systems and e-commerce services. When a user accesses a web application, it triggers a request to the web server over the internet. The web application queries a content database, then generates content according to the client’s (user’s machine’s) request. The web application server sends the results back to the web server, which interprets and runs the scripts and displays the requested content on the user’s display. Types of Web Application Attacks:

  • Clickjacking: Figure 8 : Clickjacking Clickjacking, also known as UI (User Interface) redress attack or UI confusion attack, involves tricking users into clicking on something different from what they perceive. This is often achieved by overlaying malicious content on top of legitimate content or by transparently positioning clickable elements. The goal is to deceive users into performing actions without their knowledge. Objective: Clickjacking can be used for various malicious purposes, including stealing sensitive information, capturing clicks for fraudulent activities, or initiating unintended actions on web pages. Prevention: Mitigating clickjacking involves implementing security headers like X-Frame-Options to control how a web page is embedded into an iframe. Content Security Policy (CSP) can also help prevent clickjacking by specifying approved sources for content.
  • Cross-Site Scripting (XSS):

CSRF exploits the trust a web application has in a user's browser. An attacker tricks a logged-in user into unknowingly submitting a request, such as changing account settings or making a financial transaction, on a site where the user is authenticated. Prevention: Implementing anti-CSRF tokens, which are unique, unpredictable values associated with each user session, can prevent CSRF attacks. Additionally, ensuring that sensitive actions require explicit user authentication helps mitigate CSRF risks.

  • SQL Injection: Figure 11 :SQL injection SQL Injection is a code injection technique where attackers insert malicious SQL statements into input fields or parameters that are later processed by a database. This can lead to unauthorized access, manipulation, or deletion of data. Prevention: Prepared statements and parameterized queries are effective measures against SQL injection. Input validation, least privilege principles, and regularly updating and patching software can also help prevent SQL injection attacks. d. Networking based attacks Network-based attacks are attacks designed to compromise network security by either eavesdropping on or intercepting and manipulating network traffic. These may be active attacks, wherein the hacker manipulates network activity in real-time; or passive attacks, wherein the attacker sees network activity but does not attempt to modify it.

The more prevalent kinds of network attacks are: Sniffing Figure 12 :Sniffing A sniffing attack involves an attacker getting into the network data-stream and reading, monitoring or capturing full packets of data flowing between a client and a server. A hacker intercepting a network packet containing unencrypted information can cause severe damage to the organization or entity that owns the data. Data compromised may include sensitive information like account credentials, bank details, and different kinds of Personally Identifiable Information (PII). Sniffing attacks can either be active (involving both data access and manipulation) or passive (where the attacker only sees the information but does not actively interfere in its transmission). Examples of tools used for sniffing attacks are Wireshark, tcpdump, dSniff and Debookee. Eavesdropping Figure 13 :Eavesdropping Eavesdropping attacks are similar to sniffing attacks, except that they are usually passive, easier to carry out and may not involve full packets of data. They involve an attacker listening to information flowing between networks to get private information, and often target one-on-one communication. These, too, are difficult to detect. Investopedia describes eavesdropping attacks as involving a weakened connection between client and server that allows the attacking entity to send network traffic to itself. “Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the

traffic at high speed. The attack is faster than DoS, causing the business website to encounter an inaccessible error. DDoS is even more dangerous for business servers when these attacks are sent from many different devices, making it impossible to track and prevent promptly. A Server can only handle a certain number of requests at a time, so when hackers send too many requests at the same time, they will exhaust the server's resources, causing overload and leading to a crash. Loss of ability to handle other requests. As a result, users cannot access your Server while under attack. 4. Prevention Measures Malware :

  • Antivirus Software : Deploy enterprise-grade antivirus solutions that offer real-time protection, heuristic analysis, and regular signature updates to identify and quarantine threats as they emerge.
  • Patch Management : Implement a robust patch management policy to ensure all systems and applications are up-to-date with the latest security patches, reducing the attack surface for malware exploitation.
  • Password Hygiene : Enforce policies for strong, unique passwords that combine letters, numbers, and special characters, and mandate regular password changes.
  • Multi-factor Authentication (MFA) : Integrate MFA across all systems, requiring a combination of something the user knows (password), something the user has (security token), and something the user is (biometric verification).
  • Email Security : Utilize advanced email filtering solutions that can detect phishing attempts, malicious attachments, and suspicious links, alongside user training on recognizing and reporting such emails.
  • Data Backups : Schedule regular, encrypted backups of critical data, stored in multiple locations, including off-site or cloud storage, to ensure recovery in the event of a malware attack. Social Engineering Attack:
  • Comprehensive Training : Develop ongoing security awareness programs that include simulated phishing exercises, workshops, and updates on the latest social engineering tactics.
  • Identity Verification Protocols : Establish strict procedures for verifying the identity of individuals requesting access to sensitive information, especially during phone calls or email correspondence.
  • Email Filtering : Configure email systems with advanced spam filters that can detect and block phishing emails, and encourage users to report any suspicious messages.
  • Password Management : Use password managers to generate and store complex passwords, and change them immediately if there’s any indication of a security incident.
  • Multifactor Authentication : Ensure that MFA is in place for accessing all critical systems, adding an extra layer of defense against credential theft. Web Application Attack:
  • Regular Security Audits : Engage in periodic security audits conducted by external experts to uncover and remediate vulnerabilities within web applications.
  • Thorough Input Validation : Apply strict input validation on both client and server sides to prevent malicious data from affecting database queries or script execution.
  • Adherence to Secure Coding Standards : Follow industry-standard secure coding guidelines, such as the OWASP Top 10, to minimize common web application vulnerabilities.
  • Continuous Monitoring : Implement a security information and event management (SIEM) system for continuous monitoring and real-time analysis of security alerts generated by network hardware and applications.
  • Encryption : Utilize strong encryption protocols like TLS for data in transit and employ encryption-at-rest for sensitive data stored within databases. By meticulously applying these measures, organizations can fortify their defenses against a wide array of cyber threats, ensuring the security and integrity of their digital assets. 5. What are the recent security breaches? Source: Figure 16 : Recent security breaches:
  • Bank of America Data Breach (February 13, 2024 ): Tens of thousands of Bank of America customers had their data exposed in a breach relating to a ransomware attack targeted at Infosys Mccamish Systems, one of the bank’s service providers. The attack occurred at the beginning of November 2023, but the news only hit the headlines after notifications began to be sent around to customers at the start of February. This may have violated state laws determining how long companies have to notify impacted customers. More than 57,000 customers are thought to have been impacted by the breach. Types of information exposed include addresses, names, social security numbers, DOBs, as well as some banking information (account numbers, credit card info).