Download Identifying and Mitigating IT Security Risks in Organizations and more Assignments Information Technology in PDF only on Docsity!
ASSIGNMENT FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5 : Security
Submission date Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Do Van Thai Student ID BHAF
Class BH-AF-^19 -^11 - 2.2^ Assessor name Le Van Thuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice.
Student’s signature Thai
Grading grid
P1 P2 P3 P4 M1 M2 D
Summative Feedback: Resubmission Feedback:
Grade: Assessor Signature: Date:
Signature & Date:
Table of Contents
- I. INTRODUCTION
- II. TYPES OF SECURITY RISKS TO THE ORGANIZATION
- Computer virus
- Spyware
- Worms
- SQL Injection
- DOS attacks
- Malware
- Careless employees
- III. DESCRIBE ORGANISATIONAL SECURITY PROCEDURES....................................................
- IV. METHOD TO ASSESS AND TREAT IT SECURITY RISKS
- OF FIREWALL POLICIES AND THIRD-PARTY VPNS......................................................................... V. IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION
- Definition...........................................................................................................................................
- The main purpose of using firewalls and VPNs
- The impact of incorrect configuration of firewall policies and third-party VPNs to IT security......
- AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY VI. SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP
- REASONS VII. DISCUSS THREE BENEFITS TO IMPLEMENT NETWORK SYSTEMS WITH SUPPORTING
- Definition...........................................................................................................................................
- The benefits.
- VIII. CONCLUSION
- IX. PRESENTATION SLIDE
- X. REFERENCE
- Figure 1: Computer virus List of figure
- Figure 2: Spyware
- Figure 3: Worms
- Figure 4: SQL Injection
- Figure 5: DOS attacks
- Figure 6: Malware
- Figure 7: Careless employees
- Figure 8: Man-in-the-Middle Attack
- Figure 9: DMZ..............................................................................................................................................
- Figure 10: DMZ network work
- Figure 11: Static IP
- Figure 12: NAT work
I. INTRODUCTION
Currently the era of digital technology develops, along with the development is the appearance of electronic devices to serve human life.These devices are very useful and have many great contributions to the public job. However, it is also an easy tool for internet users to steal information. Security in IT is extremely important because the data of an individual or a business once stolen by hackers is very dangerous. As a member of NorthStar Secure, in this Assignment I will cover how to identify and evaluate IT security risks along with organizational policies to protect critical data and devices in the business. I will also show how to deploy DMZ, Static IP, and NAT in the network so that it can improve Network Security. II. TYPES OF SECURITY RISKS TO THE ORGANIZATION Every organization is aware of the importance of security risks. Hackers can use a variety of methods to access databases and steal important information, which can lead to the collapse of an entire organization. An organization's data network is the lifeblood that employees rely on to do their jobs. Here are some common security risks:
- Computer virus In IT terms, a computer virus is a type of malicious code or program written to change the way a computer works and designed to spread from one computer to another. Viruses work by inserting or attaching itself to a legitimate program or document.In the process, when the user clicks on a link or file, the virus is capable of causing undesired effects or damage, such as damaging system software by corrupting or destroying data.
Figure 1: Computer virus There are several ways that a virus can attack and spread on a computer:
Accessing websites without security certificates, less secure Exchange data through devices such as USB, hard drive Download software that contains viruses Suspicious emails The software in use has security holes
- Spyware Spyware is malware that infiltrates a computer or mobile device to collect personal information from a user. Spyware often runs underground in the system and silently monitors and collects information to sabotage computers as well as normal Internet access of users. These activities include keystroke tracking, screenshots, email addresses, credit cards, browsing data, and other personal information.
Worms are software programs that, when in contact with a computer (or other information- storing device), have the ability to reside, self-replicate, or reproduce many times their identical copies even though you do not do anything. Copies attempt to spread themselves through other computers on the same network (via email system) using the same operating system without the user's knowledge.
Figure 3: Worms
- SQL Injection SQL Injection is one of the ways to steal web data by injecting SQL query / command code into input before transferring it to web application, hackers can login without username and password, remote execution, remote), dump data and get root of SQL server. Tool used to attack is any web browser, such as Internet Explorer, Netscape, Lynx, ..
Figure 4: SQL Injection To perform Security Testing, hackers will initially find vulnerabilities in the system and then pass them malicious SQL code to the database. If this is possible, malicious SQL code will be sent and malicious action can be performed in the database. Each field on a website is like a gateway to a database. Any data or input that we normally enter into any system or website field goes to the database.
- DOS attacks DoS is an attack aimed at crashing a server or network, making it impossible for other users to access that server / network. An attacker does this by massively transmitting traffic or sending information that could trigger a problem to the target server, system or network, thus rendering the user inaccessible to their services or resources..
Crash attacks exploit system or service vulnerabilities. In these attacks, exploiting bugs in the target then causes the system to crash or seriously damage, thus unable to access or suspend its use.
- Malware Malware is a piece of code that can often be in the form of software intentionally designed to affect a computer system. After being installed on the computer system, it can access the resources of the computer system, share data to some remote servers without any user action.
Figure 6: Malware Malware can attack computers in many ways. Here are some popular ways: Exploit Kit: is a set of malicious tools that attackers use to find software vulnerabilities on users' computers or phones. When it finds a vulnerability, it injects malware into the computer through that security hole. Malicious Websites: These sites host the Exploit Kit in readiness to attack the users who visit the website.When users access, immediately these Exploit Kit will search
for vulnerabilities in the browser and inject malware into the device through this vulnerability. Malvertising: Like malicious website, users will be attacked immediately when visiting these websites without any further interaction. Man in the middle (MITM) attack: An intermediary attack is an attack where a bad guy will secretly get in between two parties who are communicating with each other. Man in the browser (MITB) attack: Hacker will infect the user's computer with malware. These malware are then automatically installed into the browser and collect data without the user's knowledge. More about this source textSource text required for additional translation information
- Careless employees Employees are the greatest security risk to any organization, as they know everything about the organization like where sensitive information is stored and how it is accessed. In addition to malicious attacks, careless employees are other types of cybersecurity threats to organizations.
Figure 7: Careless employees Security risks can occur when employees use very simple passwords to memorize their minds and also share passwords. Another common problem is that employees open suspicious email attachments, click on links or visit malicious websites, which can introduce malware into the system.
- Man-in-the-Middle Attack
An organization's security is a set of rules or procedures imposed by an organization over its activities to protect its sensitive data. The organization's security policies required by the configuration are evaluated as follows: Only users who have been granted access to information in the system can access the system. The system must limit access to viewing, modifying and destroying information in protected resources to authorized users who "need to know" that specific information. The user of the system is responsible for their actions in the system. Labeled security only: The system must limit access to information based on the following criteria:
- The sensitivity of the information contained in the objects, as indicated by the tag
- Officially allows users to access that information, which is represented by user profiles
- Enforcement of access rules prevents users from accessing more sensitive information than the one currently using, and prevents users from degrading information to a lower sensitivity. An effective IT security policy is an organization's culture in which rules and procedures are driven by employees' approach to information and their work. Therefore, an effective IT security policy is a single document for each organization, built from the people's point of view of risk tolerance, how they view and value their information as well as the availability with which they maintain that information. The goals of the IT security policy are to maintain the confidentiality, integrity, and availability of the systems and information used by members of the organization. These three principles make up the CIA trilogy: Security is related to the protection of assets from unauthorized entities Integrity ensures content modifications are handled in a specific and authorized manner Availability is the state of the system in which authorized users have continuous access to valid authorized content. An information system is considered safe when it meets at least three basic objectives: Confidentiality: Ensuring confidentiality of information is information that is only accessible to authorized entities. Confidentiality of information can be achieved by physically restricting access, e.g. direct or logical access to the device storing the information. Some solutions to help ensure information confidentiality:
- Lock and seal the device.
- Encrypt information using strong protocols and algorithms such as SSL / TLS, AES.
- Use firewall or ACL on the router to prevent unauthorized access. Integrity: Information integrity is that information can only be deleted or modified by authorized entities and must ensure that bandwidth remains accurate when stored or
transmitted. Solutions to data integrity may include further verification of the origin of this information to ensure it comes from a reliable source. Some cases where information integrity is broken:
- Change the look of a website's home page
- Intercept and change packets sent over the network
- Unauthorized modification of files stored on computer
- Due to a problem in the transmission line, the signal is noisy or weakened, resulting in inaccurate information. Availablility: The availability of data represents the availability of information ensuring that authorized people can access it whenever they want. To increase resistance to attacks such as maintaining system availability we can apply a number of techniques such as:
- Load Balancing
- Clustering, Redundancy
- Failover failover
- Data backup The IT Security Policy is a live document that is constantly updated to adapt to evolving IT and business requirements. Also required for all IT security policies are the sections dedicated to the organization's regulatory compliance with the industry. An organization's security policy will play a large role in its decisions and direction, but it should not change the organization's strategy or mission. Therefore, it is important to write a policy that draws from the existing structural and cultural framework of the organization to support the continuity of good productivity and innovation, rather than a general policy. Commonly hinders the organization and its people from meeting its mission and goals. The process of securing an information system for an organization includes: Data encryption: This is one of the procedures for securing information systems. Nowadays, all online activities on the network have potential risks of data and information security. Therefore, it is very important to encrypt important data. Encryption will effectively protect the data in your computer and external hard drive. Without knowing the password, no one will be able to break into important organizational data files. Network security: Another aspect of information security is how you can connect with the outside world. When setting up a network, pay attention to increasing security by disabling SSID Broadcast, enabling MAC Address Filtering and AP Isolation. In addition, you should enable firewalls on the router and computer to prevent applications from making unwanted communications. Use anti-virus software: In the process of securing information systems, viruses are inevitable. Software containing viruses or malicious software has illegally entered the organization's systems and helped hackers gain control of the organization's equipment remotely or simply steal data from the server. Using anti-virus software is the answer to this problem. Recommended antivirus software like Avira, Avast! or AVG ...
an assessment of the facility's environmental, architectural and structural characteristics, security measures and procedures. A minor weakness is ambiguity and even when discovered by hackers, it is not easy to fix them without discovering the culprit.
- Full security: The adequacy of the tested existing safeguards in relation to the specific threats that may be applicable to the organization.
- Preventive: The degree of redundancy depends on fault tolerance and the way the organization operates.
- Recovery time: Recovery time refers to the time after the occurrence of a threat or attack to the time when normal / core operations are restored at an alternate site or alternative security mode of operation. Impact Assessment is performed to assess the consequences / impacts of possible different identified threats on the assessed establishment. The organization's data damage assessment criteria will consider methods of recovery. The most important thing to note is that the criteria used are here for reference only. Actual metrics used as a criterion for any assessed facility must be co-developed by the head of an organization and owner / equity holders of the establishment. This is because the threshold is subjected to certain impacts (or consequences) possible change from one organization to another, and from grassroots In addition to the data security processes, some of the following methods can also be applied to improve the security of an organization: Data encrypt: is convert data from this format to another format or sang format code but only the people can be access to the key decode or have a new password to read the data was useded. Use strong passwords: The password must be of sufficient complexity (more than 10 characters), including numbers, letters (uppercase, lowercase) and special characters. Absolutely do not use a single password for all accounts. Passwords should be changed regularly and never shared with anyone. Two-step authentication: Two step authentication (two step authentication) based on the information that the user knows (PIN number, password) along with what the user has (Phone, USB ...) to prove identity. With two factors combined simultaneously, hackers will have a lot of trouble to steal this information. If either element is stolen, it is not enough for hackers to use it. Beware of phishing emails and social media invitations: Avoid dealing with emails that have no content or a transparent subject. These emails usually contain malicious code, once the user manipulates all their information, they will be leaked Be cautious with software like "Download and Run": should be interested in middleware that helps to download a software from a provided website, they are in the form of "Download and Run", ie "download and start automatically". These types of software are always hidden inside malicious software, which users can "accidentally" install them upon launch. Select a reputable domain that provides the master files for downloading
Software update: All operating systems have security holes. So you should pay attention to updating because the new updates have partly fixed some security holes and made the device safer. V. IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND THIRD-PARTY VPNS
- Definition A firewall is a software program that prevents unauthorized access from one or more private networks. A firewall is a tool that can be used to increase the security of computers connected to a network, such as a LAN or the Internet. They are an integral part of an organization's comprehensive security framework for the network. The firewall is capable of further enhancing security by allowing detailed control over the types of functions and system processes that have access to network resources. These firewalls can use a variety of host types and conditions to either allow or deny traffic. A virtual private network (VPN), which is an encrypted connection over the Internet from your device to a network. An encrypted connection helps ensure that sensitive data is transmitted securely. It is capable of preventing unauthorized hackers from eavesdropping on access data and allows users to conduct work remotely. VPN technology is widely used in organizational-scale environments. VPN technology can be classified into two basic categories: Site-to-Site VPN and Remote Access VPN: Site-to-Site VPN: is a model used to connect networks in different places to form a unified network. Remote Access VPN: is a model used to connect network systems in different places to the corporate network securely. Also applicable for small, remote offices connected to corporate central offices. The VPN works thanks to a combination of the PPTP, L2TP, IPSec, GRE, MPLS, SSL, TLS encapsulation protocols.
- The main purpose of using firewalls and VPNs The main purpose of the firewall is to improve the security of the computer system, prevent remote unauthorized access, block bad content, and make the experience more secure: There is a firewall feature on each device, which will help prevent attacks from occurring.Usually, the desktop or mobile operating systems have built-in firewall functionality can be activated easily with just a few simple steps. In addition to the main feature of preventing hackers and other types of malware from accessing remotely, firewalls have more capabilities.Often, organizations often use firewalls to block the system. Computers access certain websites or servers, often for the purpose of censoring the Internet. When connecting a computer or another device, all traffic on the network is sent over the secure connection to the VPN, so the purpose of using a VPN is: Access the corporate network while away Browse the web anonymously