Download BTEC Level 5 HND Diploma in Computing and more Assignments Computer Security in PDF only on Docsity!
Higher Nationals in Computing
Unit 05: Security
ASSIGNMENT 2
Assessor name: PHAN MINH TAM
Learner’s name: Nguyen Manh Tai
ID: GCS
Class: 0706A
Subject code: 1623
Assignment due: May 2020 Assignment submitted: May 2020
ASSIGNMENT 2 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 2/5/2020 Date Received 1st submission 30/4/
Re-submission Date Date Received 2nd submission
Student Name Nguyễn Mạnh Tài^ Student ID GCS
Class 0706A Assessor name Phan Minh Tâm
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P5 P6 P7 P8 M3 M4 M5 D2 D
ASSIGNMENT 2 BRIEF
Qualification BTEC Level 5 HND Diploma in Computing
Unit number Unit 5: Security
Assignment title Security Presentation
Academic Year 2020
Unit Tutor Phan Minh Tâm
Issue date 30/4/2020 Submission date 2/5/
IV name and date Nguyễn Mạnh Tài
Submission Format Part 1 The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs, subsections and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 2,000–2,500 words, although you will not be penalised for exceeding the total word limit. Part 2 The submission is in the form of a policy document (please see details in Part 1 above). Part 3 The submission is in the form of an individual written reflection. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 250– 500 words, although you will not be penalised for exceeding the total word limit. Unit Learning Outcomes LO3 Review mechanisms to control organizational IT security. LO4 Manage organizational security. Assignment Brief and Guidance
You work for a security consultancy as an IT Security Specialist. A manufacturing company “Wheelie good” in Ho Chi Min City making bicycle parts for export has called your company to propose a Security Policy for their organization, after reading stories in the media related to security breaches, etc. in organizations and their ramifications. Part 1 In preparation for this task you will prepare a report considering:
- The security risks faced by the company.
- How data protection regulations and ISO risk management standards apply to IT security.
- The potential impact that an IT security audit might have on the security of the organization.
- The responsibilities of employees and stakeholders in relation to security. Part 2 Following your report:
- You will now design and implement a security policy
- While considering the components to be included in disaster recovery plan for Wheelie good, justify why you have included these components in your plan. Part 3 In addition to your security policy, you will evaluate the proposed tools used within the policy and how they align with IT security. You will include sections on how to administer and implement these policies. Learning Outcomes and Assessment Criteria Pass Merit Distinction LO3 Review mechanisms to control organisational IT security D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment. P5 Discuss risk assessment procedures. P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security. M4 Discuss possible impacts to organisational security resulting from an IT security audit. LO4 Manage organisational security D3 Evaluate the suitability of the tools used in an organisational policy. P7 Design and implement a security policy for an organisation. P8 List the main components of an organisational disaster recovery M5 Discuss the roles of stakeholders in the organisation to implement security audit recommendations.
Table of Contents
P a g e | 1
P5 Discuss risk assessment procedures.
Describe the steps in evaluating a security vulnerability.
Initial Assessment
_ Identify the assets and identify the risk and critical value for each system (based on client input),
like a vulnerability scanner for security assessment. It is important to at least recognize the value of
the system you have on your network, or at least the devices you will be checking for. It's also
important to understand whether any employee of your organization (such as a public computer or
kiosk) or merely administrators and registered users can access the system (or devices).
_ Understand the strategic factors and have a clear understanding of details, including:
+ Risk appetite
+ Risk tolerance level
+ Risk mitigation practices and policies for each device
+ Residual risk treatment
+ Countermeasures for each device or service
+ Business impact analysis
System Baseline Definition
_ Gather device details before evaluation of vulnerability. At least test whether the system has open
ports, processes, and services that are not to be accessed. In addition, understand the approved
drivers and software (which should be installed on the computer) and the basic configuration of each
system.
_Try to grab a banner or learn what sort of "public" information should be accessible based on the
configuration baseline. Is the system sending logs to a database for the security details and event
management? Are the logs kept in a central archive, at least? Gather public information about system
model, version, vendor and other related details and vulnerabilities.
Perform the Vulnerability Scan
_ To obtain the desired results using the right policies on your scanner. Look for any compliance
criteria based on the structure and industry of your organization before beginning the vulnerability
P a g e | 2
scan, and know the best time and date to conduct the scan. It is necessary to understand the context
of the client industry and to decide whether the scan can be completed all at once or if a
segmentation is needed. An significant move is to re-define and get policy approval to conduct the
vulnerability scan.
_ For the best results, use related tools and plug-ins on the vulnerability assessment platform, such
as:
+Best scan (i.e., popular ports)
+CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)
+Quick scan
+Firewall scan
+Stealth scan
+Aggressive scan
+Most common ports best scan (i.e., 65,535 ports)
+Full scan, exploits and distributed denial-of-service (DDoS) attacks
+Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks
+Payment Card Industry Data Security Standard (PCI DSS) preparation for web applications
+Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance
_ In case you need to perform a manual scan for the critical assets to ensure the best results, be sure
to configure the credentials on the scanner configuration to perform a better and deeper
vulnerability assessment.
Vulnerability Assessment Report Creation
_ The fourth and most significant step is the development of a study. Look out for the specifics and
seek to add additional value to the recommendations process. Connect feedback focused on the
initial evaluation criteria to get real value from the final report.
_Add risk reduction strategies focused on asset and result criticality as well. Add conclusions related
P a g e | 4
Threat Evaluation
_ Determine the potential threats against the assets that come from threat agents.
Vulnerability Appraisal
_ "What are our existing vulnerabilities that could reveal such risks to the assets? "Known as
vulnerability assessment, in essence, this method takes a snapshot of the organization's internal
protection.
_Any asset must be evaluated in light of any threat; it is not enough to restrict the evaluation to only
P a g e | 5
a few of the obvious threats to an asset.
Risk Assessment
_A risk assessment involves determining the damage that would result from an attack and the
likelihood that the vulnerability is a risk to the organization.
Risk Mitigation
_To determine what to do about the risks.
_Risk can never be entirely eliminated.
_Some risks must simply be accepted by default (war is an example of such a risk that cannot be
protected against, and thus most assets cannot be insured against war).
P a g e | 7
_Service-level agreement
+Contract between a vendor and an organization for services.
P a g e | 8
Comments / conclusions in the assessment
_Vulnerability assessment is a comprehensive and methodical assessment of asset vulnerability to
threats, nature forces and any other individual that could potentially cause harm.
_Baseline reporting is a summary of the present state of a program relative to its baseline, and any
variations must be identified and handled accordingly.
_In addition to different methods, tools for evaluating vulnerability can also be used.
_A vulnerability analysis checks for any known security flaws in a system and produces a summary of
those possible exposures. Several common methods can be used to minimize attacks and to prevent
them.
Expect something to make our information system work better and prevent future attacks
_We'll have a little background in securing our own devices after analyzing the security flaws, while
other people won't know about it but will affect us. Really high. Try high. Some small steps but
protecting our information:
+Set a strong password
+Log out of public devices after logging in personal information.
+Should not arbitrarily provide information of yourself.
+Use password classes.
P a g e | 10
Monitor Logs
_Are you aware of what logs record which activities? How frequently are these updated and rotated?
+Log Watch is a great resource for emailing you with the regular reports of your device operation of
something that appears odd, failed logins repeated by EG. In addition to using this you can manually
test your logs to see what's up. Tail f / var / log / messages, and also look at your Apache logs.
Explained Apache log-files.
Backups
_I do cannot understand why nobody backups their data because you spend hundreds of hours
working on your website or application so you simply have to have a second hard drive for backups or
using a remote backup program or a combination of those. Second hard drive Means Death or Life.
Limit Access to a Minimum
_Do not offer more access to the users than the absolute minimum they need. Never allow them shell
access, limit file access to a bare minimum and leave other services turned off by default unless
expressly requested and you decide it’s safe to do so.
Lock down PHP and use Mod Security with Apache
_PHP is actually a big security risk but to help lock it down, there are a few things to do. CGI has
Suexec, which helps run processes as the user and PHP has something similar called PHPSuexec but
there are some downtimes. You can also use the security of open base directories, have safe mode on
a large device, turn off register global, enable dl and allow URL open to help lock things up further.
_ With mod security, a web server filter that can monitor all requests to see if they fit a rule and
respond by logging, rejecting the request or other programs, you can use server wide defense. I highly
recommend this on servers based on Apache, which can be extremely useful in blocking attacks which
stopping hackers before they do any harm. Secure mode, Mod Security installation.
Lock /tmp /var/tmp and /dev/shm partitions
_ Every partition on Linux may have some restrictions on access. Since /tmp / var / tmp and /dev / shm
are directories that can be written worldwide, they are also home to executables for uploads,
sessions, and hackers. Because anyone from these directories can read-write-excute something it
becomes a major security issue. However, you can restrict what can be done at these locations with
/etc / fstab. If you see defaults next to the /tmp line delete it and replace it with noexec, this will avoid
P a g e | 11
running any executables. Do the same for /dev / shm, and render /var / tmp and shortcut to /tmp.
Securing the partition with TMP.
Intrusion Detection System (IDS)
_ An intrusion detection program or IDS on your server is just like a burglar warning. It maintains a
record of can files have been updated and warns you of something new or altered. This is important
because hackers typically attempt to overwrite binary applications such as PS, top, netstat and others.
This means that when you run this new version of PS or top to see processes running they make it so
that it actually HIDES their hacker program, but it won't show up when it runs. Some devices with IDS
include Trip-Wire, Snort and Assist. Chkrootkit update.
Review Processes Running and Remove Extra Software
_If you do not know what's on it you can't secure a device. If a hacker adds an extra phase that you
see in PS but you wouldn't know if you weren't normally aware of what would be there. Know what's
going on your machine and who app. What user does Perl or Apache run under? You can typically test
your processes with top which gives you a view of the tree. Test these whenever you sign on to your
account. Starting with Shell (SSH), Common Commands of Shell.
Keep an Eye on the Servers Performance
_ Know the speed at which your server runs, and the amount of bandwidth it uses everyday. If your
device is hacked by an attacker and you don't know you will probably find the machine responding
slowly or using loads of bandwidth. If you don't normally know what your system is like, how can you
find anything out of the ordinary? This is all common sense, but some people never bother to check
until they question their provider after 2 weeks of slowing a program is normally late.
_ Understanding the device makes an attacker one step ahead. Check this regularly and ask an expert
if you are really over your head. There are several other things you can and should do to make sure
your server is safe, but these are a few basics that should be used by all.
Indicate why host system security is important
_ Because it’s an important attack target and demands the necessary protections. Securing Host
involves:
+Protecting the physical device itself,
+Securing the operating system (OS) software running on the host,