


















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Assignment 1 Sucurity............
Typology: Thesis
1 / 58
This page cannot be seen from the preview
Don't miss anything!



















































ASSIGNMENT 1 FRONT SHEET Qualification BTEC Level 5 HND Diploma in Business Unit number and title Unit 5 : Security Submission date Date received (1st submission) Re-submission date Date received (2nd submission) Student name
Student ID BC Class IT05101 Assessor name NGUYEN MINH TRIET Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature: Grading grid
Grade: Assessor Signature: Date: Internal Verifier’s Comments: Signature & Date:
I work as an intern IT security specialist at FPT Information Security, one of the top security consulting firms in Vietnam (FIS). The business conducts medium-scale business in Vietnam, providing technical consulting and implementation for potential IT security issues. many of Due to a lack of technical expertise, customers have outsourced due to security concerns. My manager, Jonson, requested that I give a presentation as part of my responsibilities to aid with training educating subordinates on relevant instruments and methods for calculating security risks in addition to your company's standards for protecting your data and devices.
Sometimes, cyber threats are confused with vulnerabilities. Looking at the definitions, "potential" is the key phrase. The threat does not originate from a security hole in a process or organization. Something may choose to bypass security. This may correspond to a vulnerability that is a real defect that can be exploited. In general, the threat persists despite all possible defenses. However, there are ways to reduce the likelihood that it will be understood.
Figure 1 Threat
1.3.4 Botnet Figure 5 Botnet Botnets are a group of Internet-connected devices such as computers, mobile phones, servers, and Internet of Things (IoT) devices that have been infected and relatively restricted by a common form of malware. Botnet malware often searches the internet for vulnerable utilities. Audience of risky entertainers It would be wise to avoid contaminating any similar utilities when building botnets since subscription rights and other features of these services are not usually set by the user. known. These botnets are controlled by dangerous entertainers who are often cybercriminals. They use them to spread denial of service attacks, spam, click fraud, and generate harmful traffic. 1.3.5 IT security and spam/phishing The oldest computer security problems still exist in many places. Businesses experience significant losses as a result of these behaviors every year. Examples include asking about attachments from enigmatic senders or tapping the "Not for this Purpose" section at the top. Figure 6 Spam
1.3.8 Security^ IT^ and^ lost^ USB^ stick Have you ever encountered a stuck USB? Am I merely a strange stick lying around or am I something that has become lost? Correct? Are you wondering and have you added it to your computer? If so, you're not the only one. To see what would happen, more than 300 USBs were "accidentally" misplaced as part of the study. Nearly all sticks were chosen by searchers, and 45% of stored files were opened. Figure 9 security and lost USB stick 1.3.9 IT security loses to convenience The most recent Windows updates must be installed before the computer may be restarted. However, in instances like these and others, the machine lags due to malware scanning. Lazy workers decide to discontinue these operations totally. If an antivirus scanner or update offers the choice to deactivate it, it will also do so. The cost of IT security is very high. Figure 10 the convenience of information technology
1.3.10 IT security and CEO fraud In the so-called CEO scam, the criminal calls or emails the victim posing as the business director. They make sure a worker transfers a big chunk of money to another country. After being confused by the other party's authority, the employee approves the transaction. This deception might easily result in damage worth millions of dollars, with major consequences for everyone concerned. Figure 11 Cheating CEO 1.3.11 If you change employment, steal customer information Providing sensitive customer information to potential employees seems to be standard procedure across several industries. Everyone is aware of salespeople who have changed employers. Soon later, in an effort to resurrect the company, he contacted us. Yet in this case, we're discussing typical thievery. The problem gets even trickier if the employee keeps using the company laptop after his employment ends. Figure 12 Stealing customer information
A data breach might have as many distinct effects as there are types of breaches. It might only involve one worker learning the salary of his coworkers and threatening to file a lawsuit to demand a raise. In contrast, it may be as serious as cybercriminals or Your system's files are accessed by hackers, who then encrypt them before requesting a ransom. If you keep up with the news, you may have noticed that a number of data breaches have recently made the news. These breaches frequently include gaining access to consumer data, including addresses, names, social security numbers, and even credit card numbers. The impacted organizations may have to pay millions of dollars in legal fees and lost revenue as a result of these breaches. After a breach occurs, an organization can have a long and laborious process to identify, identify, and recover from the incident. For larger organizations, the consequences of this type of leaks can be devastating, but they can mark the end for a small business. The best course of action is to plan for it in advance and try to avoid it altogether.
Some solutions for organizations to avoid data breaches: Inform everyone of their role: It is crucial to make sure that every employee is aware of what to do in the event of a security danger. Additional benefits include lowering the risk of information breaches brought on by employee error, as employees will be able to recognize the damage that a mistake may do. Additionally, it's critical to make sure staff members are aware of how to report security issues and who is in charge of following up on security breaches. This will assist the business in identifying and fixing any program flaws so that you can take charge of a breach when it happens. Control access to data sensibly: Take reasonable measures to keep the data secure once you've determined that you have a business need to retain it. Your staff members do not all require unrestricted access to your network and the data stored there. your network, To restrict access to the locations where personal data is held or to Regulate who can use specific databases, take into account measures like creating separate user accounts. A secured file cabinet could serve as an access control for paper documents, external drives,
User provides login information (username and password) or other authentication information (eg PIN code OTP code still hand face voice smart card...). The system or application checks if this login or other credentials is valid. If this information is not valid, the system will deny access and ask the user to provide login information or other authentication information. If the login or other credentials are valid, the system will create a session for the user and allow access to system or application features. During use of the system or application the user may be asked to re-authenticate (for example, after a period of inactivity when performing important operations when logging in from a new device) ...). When the user ends the session, the system will cancel this session and ask the user to re- authenticate the next time he wants to access the system or application. Elements needed for authentication Authentication Password and Pin Password is an extremely simple authentication method, easy to deploy, so it is widely used and popular. Every time a user accesses, each system will save the password in the form of one-way encryption (encryption types can be md5, sha1, or homemade,...). This is a feature that will ensure that even if the password is hacked, it cannot be restored to the original string. This is a method with many different variations such as: designed in the form of a Swipe Pattern PIN or a one-time password (it's specialized for important functions). Figure 13 Authentication process
Biometrics (Biology) Using irises, fingerprints or faces is one of the methods of authentication based on a person's unique factors. This method has the advantage that the “ID” and “password” will always go together so you absolutely do not need to worry about forgetting or losing it. Every time you want to log back in, just actively use these authentication factors easily, without any difficulty. Although there are many methods to authenticate an account, however, you will not be able to avoid risks such as: lost password, stolen fingerprint, lost private key, ... If you apply authentication on the website, the password method is easier to implement and offers more advantages than the screen operations. You can completely improve your own security system with: login habits, locations, browsers, one-time passwords,… Using the key (Public-key cryptography ) This is a method that relies on public and private key encryption algorithms for authentication. To log in to the system, you just need to have the private key on the machine and then log in to the system without having to remember login information such as using a password. Often, server administration systems will often apply this measure. Authentication will be done After understanding what Authentication is and its nature, then how will Authentication perform? The nature of the HTTP request is seen as a message represented by text. It needs an agreed upon signature so that our application can recognize which user it came from. The user's identifiers are anything characteristic such as: username, password, string containing encrypted information, random string of characters. User identification will be anywhere in the HTTP message: URL, Header (cookie header, Authorization header, custom header), body (form field).