IT Security: Firewall Policies, DNS Configuration, and Network Security Measures, Schemes and Mind Maps of Computer Security

This assignment is made by my own strength

Typology: Schemes and Mind Maps

2022/2023

Uploaded on 03/06/2023

ngohoang
ngohoang 🇻🇳

2 documents

1 / 29

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Student ID
Class Assessor name
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d

Partial preview of the text

Download IT Security: Firewall Policies, DNS Configuration, and Network Security Measures and more Schemes and Mind Maps Computer Security in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Student ID Class Assessor name Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid

P1 P2 P3 P4 M1 M2 D

❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date: Lecturer Signature:

    1. Introduction.............................................................................................................................................
    1. Types of security threats to organizations...............................................................................................
    • 2.1. Define threats...................................................................................................................................
    • 2.2. Identify threats agents to organizations...........................................................................................
    • 2.3. Example of a security breach............................................................................................................
    1. 3 organizational security procedures.......................................................................................................
    • 3.1. Password Selection.........................................................................................................................
    • 3.2. Procedures for Changing Passwords...............................................................................................
    • 3.3. Encrypted data information...........................................................................................................
    • 3.4. Two-step authentication.................................................................................................................
    1. Identify the potential impact to IT security of incorrect configuration of firewall polices and DNS......
    • 4.1. Firewall...........................................................................................................................................
      • 4.1.1. What is the firewall?................................................................................................................
      • 4.1.2. Policies of firewall....................................................................................................................
      • 4.1.3. Why we need firewall ?............................................................................................................
      • 4.1.4. How does Firewall work? The effect and role of the firewall...................................................
    • 4.2. IDS...................................................................................................................................................
      • 4.2.1. What is the IDS.........................................................................................................................
      • 4.2.2. How do instruction detection system (IDS) work?...................................................................
      • 4.2.3. The potential impact to IT security of incorrect configuration of IDS......................................
    1. DMZ, static IP and NAT in a network can improve Netrork Security......................................................
    • 5.1. DMZ................................................................................................................................................
    • 5.2. Static IP...........................................................................................................................................
    • 5.3. Network Address Translation (NAT)................................................................................................
  • Conclusion.................................................................................................................................................
  • Evaluation..................................................................................................................................................
  • Powerpoints slides.....................................................................................................................................
  • References.................................................................................................................................................
  • Figure 1 Ronin network hacked for more than $600 milion.......................................................................
  • Figure 2: Passwork Selection.....................................................................................................................
  • Figure 3: TrueCrypt software....................................................................................................................
  • Figure 4: Two-step authentication............................................................................................................
  • Figure 5: Firewall......................................................................................................................................
  • Figure 6: Policies of Firewall.....................................................................................................................
  • Figure 7:How does Firewal work...............................................................................................................
  • Figure 8: How do IDS work........................................................................................................................
  • Figure 9:DMZ with one Firewall................................................................................................................
  • Figure 10: Static IP....................................................................................................................................

1.Introduction Nowadays, with the development of technology, the internet has become an indispensable part of work and daily life. Lots of documents and information and data of many organizations and individuals are stored and exchanged on the internet, so it is extremely important to keep information secure. Information security is fundamentally about preventing unauthorized access, use, disruption, disclosure, or destruction of information. Our company is the leading security consulting firm in Vietnam working with medium- sized companies in Vietnam. As a small part of the company, I was tasked with preparing a presentation to train subordinates on the tools and techniques involved in identifying and evaluating security risks. The following issues will be explored in this report:

  • Identify the threats that FIS may face if there is a security breach.
  • Describe the procedures an organization can establish to reduce the business performance of a security breach
  • Provide an approach that FIS can use to manage different risks
  • Analysis of 3 benefits for FIS when implementing a network monitoring system
  • Investigate network security, identify problems with firewall and IDS configured incorrectly
  • Investigates a ‘trust network’ and through analysis of positive and negative issues 2.Types of security threats to organizations

2.1. Define threats

According to Wikipedia, in the field of computer security, threats are potentially negative actions or events that are exploited from a security vulnerability that can have an undesirable impact on a computer organization. or application. Threats can be negative with intent to attack or negative but random without intentionally attacking. In a 2009 Microsoft document titled: The STRIDE Threat Model, Microsoft proposed a threat model called STRIDE. The name is derived from the acronyms for the following six threat categories:

Anyway sadly there are additionally disappointed individuals out there who deliberately hurt associations from within. A case involving a disgruntled internal auditor who downloaded payroll and other HR personal data and published it online recently occurred at Morrisons supermarket. The ex-employee was found guilty and sentenced to prison; however, Morrisons was also fined for failing to implement the necessary organizational and technical safeguards to prevent this behavior (note that Morrisons is currently appealing the fine). Additionally, there are times when businesses require specialized assistance and engage contractors or other external agencies that require access to their data or systems. Because their devices that have access to the controller's data may not have the same levels of security, these third parties frequently present a challenge. (Lamb, 2019)

- Terrorists and hackers: The degree of threat posed by these agents is determined by your actions, much like the threat posed by nation states. Anyway a few psychological militants hope to focus on specific ventures or nations so there could be an industrious danger of an irregular assault against you. The 2010 Wikileaks revelations, which revealed diplomatic cables and other documents pertaining to the Iraqi and Afghan conflict, may be the most well-known illustration of this. (Lamb, 2019) - Organised crime: Lawbreakers are focusing on private information for various reasons; identity theft, fraud on a bank account, credit card fraud, and so on. These crimes are currently being committed on a large scale. Phishing attacks and "Watering Hole" websites all use different techniques, but the end result is the same: Both you and your data are being taken and put to bad use. (Lamb, 2019) - Natural disasters: Even though they aren't cyberattacks, these things could have the same effect on your ability to conduct business. You must take into consideration that you are still experiencing a data disaster if you are unable to access your offices, data centers, or cloud-based files. Although there isn't much of a chance of an earthquake in the UK, we see pictures of towns and cities submerged every year. (Lamb, 2019) - Corporates (competitors, partners): It is obvious that a competitor could steal your intellectual property, but we are collaborating with a growing number of partner organizations to fill in skills and resources gaps or simply provide services. Depending on their motives, these partner companies may steal or reveal your intellectual property or personal data, either unwittingly or maliciously. (Lamb, 2019)

2.3. Example of a security breach

Talking about security breaches, Over $600 million in cryptocurrency was stolen from the Ronin network, which was developed for the Axie Infinity video game. On March 29, Ronin Network announced via Twitter that the system had been attacked and was vulnerable. The hacker sent two funds, totaling 25.5 million USDC and 173,600 Ethereum. This cryptocurrency has a value of 615 million USD for each ETH, which is equivalent to 3.4 thousand USD. According to the recorded data, the attack took place on March 23. After receiving a report that they were unable to withdraw 5,000 ETH from the system, the development team made the discovery. CoinDesk describes it as the largest DeFi hack ever, with more money stolen than from Poly Network in August, when hackers stole $611 million in digital currency before returning it all. The price of a number of cryptocurrencies associated with Axie Infinity also dropped after the incident was made public, including AXS coin, which fell 8% to $65 USD/AXS, RON, which fell 27%, and SLP coin, which fell 7%. (Dat, 2022) Figure 1 Ronin network hacked for more than $600 milion Even though multi-signature wallets or platforms provide more decentralized options, as the preceding two examples show, there are issues with these options. By simply monitoring secondary results and limiting the number that can appear via request per unit of time, attacks on the Ronin network and wormhole requests can be mitigated. Through an open, decentralized, and trustless protocol, Flare aims to mitigate issues associated with multi- signature transactions. The concept of a monetary "Bandwidth Provider (BP)" is introduced by Flare's LayerCake model in an effort to address the issue of multi-signatures. These BPs have the contracting authority to transfer a specified amount of value across the bridge per unit of time, initially designated as one hour, for bridging purposes. “Bandwidth” is the value that can be passed on to a request in any time unit thanks to smart contracts. Flare's LayerCake model, in contrast to conventional multi-signature verification, requires BPs to deposit tokens into the smart contract with the same value as the underlying token being bridged. Due to the fact that the contract will contain the same amount of value to cover the loss, BPs will not be able to

is the goal of security procedures. They must be followed each time a security-related business process or control needs to be followed. Here's a comparison. The pilot will go through a pre- flight checklist before each flight. Why are they doing this? To put it simply, they do it to guarantee a safe flight and to ensure that the aircraft is ready to fly. Despite having flown for thousands of hours, pilots still adhere to the checklist. When the checklist is followed, behavior is always consistent. Even though they may have completed the checklist hundreds of times, using memory to complete it poses a risk because they may be distracted and forget or overlook a crucial step. Security procedures, like pre-flight checklists, direct the person carrying out the procedure to an anticipated outcome. Server hardening is one example. Even if a system administrator has built and hardened hundreds of servers, he or she still needs to follow the hardening procedure to ensure that the server is hardened correctly and to a level that still allows it to work with the system it is a part of. The system administrator could miss a step that would cause the server or data to be exposed in an unacceptable way if the hardening procedure was not followed, such as leaving unneeded ports open on the server or allowing unauthorized users to access directory permissions. The best choice would be to use scripts or other automation tools like Puppet or Chef to automate the hardening process. This will guarantee that the "procedure" for hardening will be carried out consistently. Your company's security policies are the foundation for security procedures. The security program of your business is built on top of its security policies. The focus on directing behavior is an essential tenet of security policies. Security procedures, like security policies, focus on directing behavior. Security procedures inform individuals within your organization of the when, where, and how relating to security, whereas security policies address the who, what, and why. Standards and baselines should also be established within your organization to assist in focusing the security procedures there. Policies and procedures, on the other hand, are more concerned with directing behaviors than standards and baselines are with the technology that an organization uses. There are a number of security procedures to include such as:

3.1. Password Selection

This procedure and procedure is designed with the aim of further consolidating and establishing the security of accounts to improve the quality of security. Often when attacking a certain organization, the first vulnerability that hackers want to exploit is the password. Wherever the computer system is secured, with malicious programs, they can be exploited if users set weak passwords. Users must have a good password set rule in order to improve the quality of their passwords. There are several guiding rules for choosing a password for a user eg:

  • Do not use the username as a password.
  • Do not use your real name as a password.
  • Do not use the names of your husband, wife or children.
  • Do not use your date of birth.
  • Do not use a password shorter than 6 characters.
  • Should set a password with both upper and lower case letters.
  • Should set up a password that can be entered quickly without looking at the keyboard. The system should ask users to change their password periodically, about every 6 months. This increases the security of the account, when the intruder has predicted the last password, changing the password will invalidate the password that the hacker had just obtained. Figure 2 : Passwork Selection

3.2. Procedures for Changing Passwords

It is very important to change your password for the security of your password. The correct process is for the user to set a new password provided that the user must enter the old password before changing the password. This is to ensure that the correct account holder is using instead of the password. After changing a new password, you must verify the new password again. However, there are some special cases, when a user forgets the password or loses access to the account, it is impossible to change the password. The system will then send authentication code to the phone or call to authenticate the user. Then the user can set a new password. In case, the system is hacked by hacker and steals data and passwords out of the system, it is necessary to change all passwords on the system.

3.3. Encrypted data information

Data encryption is one of the basics of information security. This is an essential organizational procedure. Data encryption is converting data into a different format that can only be read by someone with access or a password. Currently, encryption is one of the popular and effective data security methods chosen by many organizations. Nowadays, everyone is accustomed to buying, selling, trading or anything on the internet, so these online activities have potential risks for information and data theft.

4. Identify the potential impact to IT

security of incorrect configuration of

firewall polices and DNS

4.1. Firewall

4.1.1. What is the firewall?

A firewall is a system that secures a network by monitoring network traffic to and from a predefined rule. In short, the firewall blocks unwanted network communications, but at the same time allows valid network communications to function properly. There are 3 basic types of firewalls are: packet filtering (stateless), stateful, and application layer. Packet filtering, or stateless, firewalls work by inspecting individual packets in isolation. Stateful firewalls are able to determine the connection state of packets, which makes them much more flexible than stateless firewalls. Application firewalls go one step further by analyzing the data being transmitted (Mark Ciampa, 2014) Figure 5 : Firewall

4.1.2. Policies of firewall

Many network administrators are concerned about network security as they expose personal information and the organization's network infrastructure to intruders. To ensure this level of security, organizations need a security policy that prevents users from unauthorized access to resources and in turn leaking personal information out. The firewall policy allows you to block or accept certain types of network traffic that are not in exception. A firewall enforces a security policy, so without a policy, a firewall is useless. There are a few default firewall policies that can be mentioned such as: All permissions, Cisco Trust Agent for Cisco NAC,…….. (Mark Ciampa, 2014)

Figure 6 : Policies of Firewall

4.1.3. Why we need firewall?

If a computer or system of an organization or individual is connected to the internet, that computer will be the potential target of network security threats, such as malware or Trojans through vulnerabilities. Security has not been patched. A firewall is like a shield or wall separating computers from cyberspace. When the computer or system communicates with the internet, the firewall will filter incoming data to see if it meets the rules set out in the firewall's policy, thereby deciding whether to block or allow. data access. In addition, the firewall features an up-to-date list of detected malware and applications, thus enhancing computer protection and keeping up to date with timely containment measures. (Mark Ciampa, 2014) The potential IT security impact of misconfiguring a firewall policy is: it will let unwanted traffic reach the intended destination. When having unauthorized or unwanted access, the entire information technology system and infrastructure will be compromised and destroyed. It can cause damages to organizations or businesses with serious consequences leading to bankruptcy, data leakage, extortion, litigation, etc

4.1.4. How does Firewall work? The effect and role of the firewall

Filters in your firewall prevent harmful data from entering your computer. Backdoors, denial of service (DoS) attacks, macros, remote logins, spam, and viruses are among the most significant threats that a firewall eliminates from your computer. Backdoors are the "entrance" that attackers use to gain access to vulnerable applications. This includes operating systems that hackers might use to get into your computer and cause problems.

Although it is essential to include a firewall in your security strategy, firewalls may contain vulnerabilities. An error made during the design, implementation, or configuration of a firewall that can be used to attack the trusted network it is meant to protect is known as a firewall vulnerability. A firewall system has the following drawbacks:

  • A network cannot be protected by a firewall against internal threats like backdoors. A disgruntled employee, for instance, collaborates with an external attacker.
  • There may be a bottleneck if the firewall allows all connections to pass through it.
  • A firewall will not be able to protect the network from infected external devices like USB drives, laptops, and other similar devices that are already connected to the network.
  • The network cannot be completely protected from all types of zero-day malware by the firewall.
  • If the configuration and design of the network are flawed, a firewall will be useless.
  • It's possible that a firewall won't be able to stop threats from applications or common ports.
  • Tunneled traffic may be difficult to comprehend for a firewall. 7 firewall vulnerabilities and threats are as follows:  DDoS Attacks  Insider Attacks  Outdated Firewall Software  Failure to Activate Controls  Lack of Documentation  Basic Inspection Protocols  Improper Configuration

4.2. IDS

4.2.1. What is the IDS

An IDS is an intrusion detection system in the form of a device or software application. Typically, these breaches and activities are centrally reported or collected by confidential information and event management systems. Some IDS systems can intervene as soon as they are detected, and are then called intrusion prevention systems (IPS). There are countless IDS systems. Among the different types of IDS systems we have found:  Network Intrusion Detection System (NIDS), capable of analyzing incoming network traffic.

 The Intrusion Detection System (HIDS) host, capable of monitoring sensitive operating system files (Kim & Solomon, n.d.)

4.2.2. How do instruction detection system (IDS) work?

An intrusion detection system is a monitor-only application designed to identify and report on anomalies before hackers can damage your network infrastructure. IDS is either installed on your network or a client system (host-based IDS). Typical intrusion detection systems look for known attack signatures or abnormal deviations from set norms. These anomalous patterns in the network traffic are then sent up in the stack for further investigation at the protocol and application layers of the OSI (Open Systems Interconnection) model. (Lutkevich, 2021) Figure 8 : How do IDS work

4.2.3. The potential impact to IT security of incorrect configuration of IDS

The potential impact on IT security of misconfiguring an IDS policy is: it will let unauthorized intrusions into the system without notifying the administrator. When having unauthorized or unwanted access, the entire information technology system and infrastructure will be compromised and destroyed. It can cause damages to organizations or businesses with serious consequences leading to bankruptcy, data leakage, extortion, litigation, etc

5.2. Static IP

The Internet and private networks are connected by an Internet protocol (IP) address. Static IP is a fixed, immutable address. When the Internet connects to a device, it will be assigned a static IP address, this IP number will be kept until the device stops working or the network architecture changes. IP addresses are commonly used for major devices. The static IP address will be given by your network service provider. Static IP has many advantages:

  • Better DNS support: easier setup and control with DNS servers
  • Server hosting: It will be easier for customers to find you if you are hosting on any server that uses IP.
  • Convenient remote access: Static IP makes working remotely easier.
  • Reliable communication: Static IP addresses make it easier to use Voice over Internet Protocol (VoIP) for remote conferencing or other voice and video communications.
  • In short, a static IP address is best for businesses hosting their own websites and internet services. Static IP addresses also work well when you have a remote employee logged into work through a VPN Figure 10 : Static IP

5.3. Network Address Translation (NAT)

Network address translation (NAT) is a technique that allows private IP addresses to be used on the public Internet. There are a number of private IP addresses that are not assigned to a particular user or organization, but can be used by anyone on the private intranet. NAT replaces private IP addresses with public IP addresses. If a packet leaves the network, NAT removes the private IP address from the sender's packet and replaces it with an alias. A device that uses NAT, such as a NAT router, can also provide a level of security. Because all outgoing traffic passes through the NAT router, it knows what packet was sent and what it expects to receive. If the original request does not come through the NAT router, the router will discard all unsolicited packets so they never enter the internal network. In this way, the NAT router acts like a firewall by discarding unwanted packets. NAT has one element of security that is masking the IP addresses of local devices. The attacker was unable to determine the IP address of the

sender. Without that address, it will be more difficult to attack your computer. (Mark Ciampa,

Conclusion

This assignment has assessed risks to information security. This report first identified the types of security threats and provided examples. The report describes three organizational security processes. Then Identify the potential IT security impact of misconfiguring the IDS and firewall policies. And finally this report shows, using an example for each, how deploying DMZ, static IP, and NAT in the network can improve Network security

Evaluation

I think security is of utmost importance for companies and organizations. The articles in this report have been studied by me in the academic papers and gathered from the correct research results.

Powerpoints slides