IT Security Risks and Solutions, Lecture notes of Computer science

An overview of the various it security risks faced by modern companies, including system failures, improper data use, denial of service attacks, and human errors. It discusses the process of risk management, including identifying, analyzing, controlling, transferring, and reducing risks. The document also covers it security solutions such as firewalls, virtual private networks (vpns), and network monitoring tools. It delves into the importance of iso 31000 risk management standards and the benefits of it security audits for organizations. A wide range of topics related to it security, making it a valuable resource for understanding the challenges and best practices in this field.

Typology: Lecture notes

2020/2021

Uploaded on 11/29/2022

ukkuddi-paulraj
ukkuddi-paulraj 🇱🇰

2 documents

1 / 51

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
security
[DATE]
J. SUWISHANA
N954446
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33

Partial preview of the text

Download IT Security Risks and Solutions and more Lecture notes Computer science in PDF only on Docsity!

[DATE]

J. SUWISHANA

N

Acknowledgement

The achievement and result of this assignment work required a lot of guidance and help from many individuals and I am extremely fortunate to have this all along the completion of my assignment work. whatever I have done is only due to such guidance and help and I would not forget to gratitude them. I respect and thank Mr T.Suresh for giving me an opportunity to do this assignment work on time, I extremely grateful to him for providing such a nice support and guidance. I am grateful because I managed to complete this assignment work within the time given by my lecturer. This assignment work cannot be complete without the effort and co- operation from my classmates. I would like to express my gratitude to my friends, family and respondents for support and willingness to spend some time with me.

Table of Contents

List of tables

Table 1 IT security risk............................................................................................................... 14 Table 2 advantages................................................................................................................... 23

Task 1: Assess risks to IT security

Coronavirus's Effect on the IT Services Industry

The coronavirus (COVID-19) is already affecting the global economy and market. Conferences and activities are being cancelled by companies. Outsiders are being barred from their campuses. The ability to travel is limited. Companies can also enforce a work-from-home policy in certain cases. Decision-making in the IT and BPO services sectors is stalled, and clients are still canceling expected contracts. What is the extent of the services industry's disruption? It will have a detrimental effect on sales growth in the coming years, and possibly for many more. New ventures will be scrapped or postponed. This is due to the fact that, first and foremost, businesses cannot purchase complex services without traveling. Second, any major project necessitates executive support and resources, and they won't have the time to move contracts forward in the coming months. the best-case scenario is that the effect would last only one or two years, with programs and new ventures being postponed and only a small number of new contracts being cancelled.

Definition of security

Security is the prevention of illegal or unwanted penetration intentional or unintentional interference with the proper and intended operation or inappropriate access to confidential information in industrial automation and control systems

Definition of Risk

An uncertain event, activity or situation that can have a positive or a negative effect on any objective.

Type of Risk

 Physical risk  Electronic risk  Technical risk  Infrastructure risk  Human risk

Figure 3 technical risk example Example: computer parts failure

Infrastructure risk

This could happen though the network connection Figure 4 infrastructure risk example Example: loss of data’s

Human risk

The risk of people doing things they shouldn't, or not doing things they should" is described as "the risk of people doing things they shouldn't, or not doing things they should."

Figure 5 human risk example Example: rules mistakes

Which risks are faced by IT companies?

 System failures  Improper use of data  More and more companies are competing attract customers  Denial of service  Hacker’s problem  Natural disasters  Software failure  Spam, viruses and malicious attacks  Human error

For most modern companies’ threats and risks to IT systems and information are an everyday reality. this should put in place safeguards against fraud and hackers to secure your systems and data  Computers, servers, and wireless networks should all be safe.  Anti-virus and anti-spyware software, as well as firewalls, should be used.  Update applications to the most recent versions on a regular basis.  Off-site or remote data backups are recommended.  Keep your passwords secure.  Staff should be trained on IT policies and procedures.  Recognize your legal duties as an online business owner.

Assess the IT security risks

Type of risk Example of risks Risk solutions Impact Physical Risk Flood, human error We can provide a backup system to keep our data secure Loss of stock and assets Electronic risk System failures It is possible to provide a power supply unit that can hold the power on for 24 hours. Missing or corrupted data Technical risk Computer parts failures Having a backup system in place is beneficial Lost custom and market share Infrastructure risk Loss of data can have a strong network link that does not slow down Impact on technology team productivity Human risk Rules mistakes More Training, Create a solid recovery strategy. System block Table 1 IT security risk

Task 2-Describe IT security solution

Firewall

A firewall is a network security mechanism that tracks and controls incoming and outgoing network traffic, allowing or disallowing data packets based on security rules. Figure 7 firewall

Benefits of firewall

 Block trojans: a firewall is helping to project horses from trojan. such form of intruders lock onto computer files and then they go along for the ride to do more harm to the destination when it sends out a file  Monitor’s traffic: a firewall controls the entire traffic that reaches the computer network  Stop hackers: it prevents hackers out of the network getting a firewall  Stop keyloggers: protection of the firewall reduces the risk of tracking by keyloggers

Misconfiguration of firewalls

 Configuration of a broad policy  Dangerous rouge facilities and management  Security methods that aren't industry standard  Security methods that aren't industry standard  the outputs of security devices' logs

Misconfiguration of VPN

 Connection is not possible due to a firewall configuration error.  There would be less encryption.  Using the incorrect ports.  The server relation is incorrect.

Impact of VPN misconfigured

Increased Network Latency A longer time for a page to load might mean a higher network latency. Application Unavailability High packet losses on the VPN server would have a negative impact on application efficiency.

DMZ (Demilitarized Zones)

A DMZ is known as a perimeter network or a screened sub network It is a physical or logical subnet that distinguishes the local internal network from other untrusted networks. DMZ are meant to act as a kind of buffer zone between the private network and the public internet. Figure 9 DMZ

Benefits of DMZ

 Access Control for Organizations.  Prevent attackers from performing network reconnaissance.  Protection against IP spoofing

Security Features of DMZ

 When connecting hosts to an untrusted external network interface, this command is used  The DMZ is isolated using a security gateway to filter traffic between the DMZ and the private network.  The DMZ also has a security gateway in front of it to filter incoming traffic from the outside network.  The primary purpose of a DMZ is to enable untrusted access to resources while maintaining a secure private network.  Web servers, mail servers, FTP servers, and VoIP servers are all popular DMZ services.

Static IP

Static IP address is a 32-bit number allocated to a device as its internet address. There is no improvement in a static IP address and the ISP would cost an additional charge in most instances for a limited number of IP addresses, static IP addresses must be reserved. no matter what the user does, static IP addresses will remain the same unless they ask their ISP to modify it. Figure 10 static IP