Network Security and Threat Detection, Lecture notes of International Business

Various aspects of network security, including defining information security threats, the importance of dmz networks, and the benefits of network monitoring. It covers topics such as detecting security breaches, implementing security measures like firewalls and idss, and managing network resources and performance. Examples of recent security incidents and their consequences, as well as strategies for improving network security through techniques like dmz, static ip, and authentication. It emphasizes the importance of security policies, procedures, and employee awareness in maintaining a secure network environment. The document could be useful for students studying network security, information systems, or cybersecurity, as it covers a range of relevant concepts and practical applications.

Typology: Lecture notes

2021/2022

Uploaded on 04/06/2023

unknown user
unknown user 🇻🇳

1 document

1 / 67

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Perfomed Student: LY NGUYEN TUAN KIET
1
BTEC FPT INTERNATIONAL COLLEGE
INFORMATION TECHNOLOGY
ASSIGNMENT 1
UNIT: Security
STUDENT : LY NGUYEN TUAN KIET
CLASS : IT05101
STUDENT ID : BC00045
SUPERVISOR : NGUYEN MINH TRIET
Can Tho,March 2023
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43

Partial preview of the text

Download Network Security and Threat Detection and more Lecture notes International Business in PDF only on Docsity!

BTEC FPT INTERNATIONAL COLLEGE

INFORMATION TECHNOLOGY

ASSIGNMENT 1

UNIT: Security

STUDENT : LY NGUYEN TUAN KIET

CLASS : IT

STUDENT ID : BC

SUPERVISOR : NGUYEN MINH TRIET

Can Tho,March 2023

ASSIGNMENT 1 FRONT SHEET Qualification BTEC Level 4 HND Diploma in Business Unit number and title Unit: SECURITY Submission date Date received (1st submission) Re-submission date Date received (2nd submission) Student name

LY NGUYEN TUAN

KIET

Student ID BC Class IT05101 Assessor name NGUYEN MINH TRIET Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature: KIET Grading grid P1 P2 P3 P4 M1 M2 D1 D

TABLE OF CONTENT

  • TABLE OF CONTENT
  • LIST OF FIGURES
  • INTRODUCTION
  • RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) TASK1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
    • 1.1 Defining threats:
    • 1.2 Identify threats agents to organizations:
    • List the type of threats that organizations will face:
    • 1.3 What are the recent security breaches? List and give examples with dates:
    • 1.4 Discuss the consequences of this breach
    • 1.5 Suggest solutions to organizations
  • TASK 3 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2).
    • 1.6 Security procedure definition
    • 1.7 Discussion on Incidence response policy
    • 1.8 This sort of policy often contains information about the following:
    • 1.9 Incidents Phases:
    • 1.10 Elements of an incident response policy:
    • 1.11 Discussion on Acceptable Use Policy:
    • 1.12 General Use and Ownership
    • 1.13 Discussion on Remote Access Policy:
    • 1.14 System security process:
  • OF FIREWALL POLICIES AND IDS (P3) TASK 4 - IDENTIFY THE POTENTIAL IMPACT TO ITS SECURITY OF INCORRECT CONFIGURATION
    • 1.15 Discuss briefly firewall and policies, its usage and advantages in a network.
      • Firewall:
    • 1.16 How Does A Firewall Provide Security To A Network?
    • Show with diagrams the example of how firewall works
    • Define IDS, its usage, show with diagrams examples
      • IDS
    • 1.17 How Does IDS Function?
    • configured in a network 1.18 The potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
  • AT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) TASK 5 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND
    • advantage Define and discuss with the aid of a diagram DMZ focus on usage and security function as
    • DMZ
    • as advantage Define and discuss with the aid of a diagram static IP focus on usage and security function
      • Static IP
    • advantage Define and discuss with the aid of a diagram NAT focus on usage and security function as
      • How Does NAT Work
      • Advantages of NAT
      • Types of NAT
  • TASK 2 - PROPOSE A METHOD TO ASSESS AND TREAT IT SECURITY RISKS (M1).
    • Discuss methods required to assess it security threat? E.g. Monitoring tools
      • 1.18.1 What is a security risk?
      • 1.18.2 Establishing a risk management framework:
      • 1.18.3 Security plan – threats, risks and vulnerabilities:
    • Identify risks
    • Analyze risks
      • Select risk treatment options
      • 1.18.4 Calculate Risk Rating:
      • Necessary methods for security threat assessment and some examples.
      • The organization's present vulnerability or threat.
  • SUPPORTING REASONS (M2) TASK 6 - DISCUSS THREE BENEFITS TO IMPLEMENT NETWORK MONITORING SYSTEMS WITH
    • List some of the networking monitoring devices and discuss each.
      • 1.18.5 What is network monitoring?
      • 1.18.6 What can Network Monitor do for you?
      • 1.18.7 Benefits of network monitoring:
  • TASK 7 - Investigate how a ‘trusted network’ may be part of an IT security solution.(D1) - 1.18.8 What is a Trusted Network? - 1.18.9 On-premises web applications: - 1.18.10 Trusted Network connect (TNC): - 1.18.11 IP Unreachable, Redirects, and Mask Replies:
  • CONCLUSION
  • EVALUATION
  • REFERENCES
  • Figure 1 : Threats LIST OF FIGURES
  • Figure 2 : APT
  • Figure 3 : DDOS attack
  • Figure 4 : Viruses
  • Figure 5 :Worms
    • Figure 6 : Ransomware
  • Figure 7 : Botnet
  • Figure 8 : SPAM
  • Figure 9 :Internet access is not secure
  • Figure 10 : security and lost USB stick
  • Figure 11 : the convenience of information technology
  • Figure 12 :Data Breaches
  • Figure 13 : Security Procedures
  • Figure 14 : Firewall
  • Figure 15 : Diagram How Firewall work
  • Figure 16 : IDS Diagram
  • Figure 17 : How IDS Work
  • Figure 19 : DMZ
  • Figure 20 : How DMZ Work
  • Figure 21 : Static IP
  • Figure 22 : NAT
  • Figure 23 : NAT Working
  • Figure 24 : Security planning.
  • Figure 25 : Risk management
  • Figure 26 : Risk Assessment Table
  • Figure 27 : Example of Solarwinds
  • Figure 28 : Solarwinds summary
  • Figure 29 : Example Microsoft network monitor.

TASK1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A

RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1)

1.1 Defining threats: Examples of information security threats include software attacks, intellectual property theft, identity theft, equipment or information theft, sabotage, and information extortion. A threat is defined as something that can exploit a vulnerability to breach security and negatively modify, remove, or harm an item or object of interest. We'll define a threat in this tutorial series as a prospective hacker attack that permits someone to get unauthorized access to a computer system (garg, 2021). Figure 1 : Threats 1.2 Identify threats agents to organizations: Nation States: Businesses in specialized industries, such as telecommunications, oil and gas, mining, power production, national infrastructure, and so on, may become targets for other countries, either to disrupt operations today or to give a future grasp in times of crises. Non-target specific (vandals' and the general public's ransomware, worms, Trojans, logic bombs, backdoor, and viruses):

Some companies have informed me, "Well, we're not going to be a target for hackers because..." Yet, due to the vast number of random assaults that occur every day (there are no credible figures to provide), any organization can become a victim.Expressing algorithms The most well-known example of a non-target specific attack is the Wanna Cry ransomware outbreak, which infected over 200,000 PCs in 150 countries. It forced the NHS in the United Kingdom to close for several days. Of course, there's the bored teenager in a loft somewhere seeking for a poor internet connection.Criteria to create a good algorithm Employees and Contractors: Morrison was fined because it did not have the necessary technological and organizational measures in place to prevent the ex-employee from committing the crime (it should be noted that Morrison is presently appealing the punishment). When a company need specialist expertise, it may employ contractors or other entities that require access to its systems or data. These third parties are typically the source of issues since their technology may not be as secure as the controller's data. Terrorists and hackers: (political parties, media, enthusiasts, activists, vandals, general public, extremists, religious followers) The level of harm presented by these actors, like the threat posed by nation-states, is depending on your action. But, because some terrorists prefer to target certain sectors or nations, you may be always afraid of a random attack. Wikileaks' dumps of diplomatic cables and other documents related to the wars in Iraq and Afghanistan in 2010 are possibly the most visible example of this. Local, national, international, and specialized organized crime Personal information is sought after by criminals for a variety of reasons, including credit card fraud, identity theft, and bank account fraud. These crimes are now being committed on a big scale. The tactics used vary, ranging from phishing efforts to 'Watering Hole' websites, but the end result is the same: your data and you are being stolen and exploited for bad reasons. Local, national, international, and specialized organized crime Personal information is sought after by criminals for a variety of reasons, including credit card fraud, identity theft, and bank account fraud. These crimes are now being committed on a big scale. The tactics used vary,ranging

 The user has violated the security policy.  Employee extortion or blackmail.Disgruntled employee waging war on the organization or creating sabotage.  Malicious human activity:  APT (Advanced Persistent Threats).  When it comes to hacking a corporation, hackers who deploy Advanced Persistent Threats (APTs) intend to play the long game.  They infiltrate a computer network quietly and in tight synchrony, seeking for entry and exit points that will allow them to go unnoticed. Figure 2 : APT Once within a company, they probe about, install specialized malicious programs, and steal vital data and sensitive information (RSI, 2021). Below are the five most frequent progressions that an Advanced Persistent Threat goes through to increase its damage: Access Infiltration: APT attackers utilize phishing, Trojan horses, and malware to obtain access to the system. Grip Strengthening: An Advanced Persistent Threat's capacity to get a foothold inside a firm is its strength.

Invasion of the System: Once they have total freedom of movement, APT attackers will begin attacking the system by gaining administrator access and cracking passwords left and right. Hackers have turned the corporation into their playground. Deep Machinations: During this phase, the APT attackers have complete control of the firm, erasing all evidence of their breach and constructing a robust backdoor for future use. To breach an organization's cybersquatting, they use cutting-edge technology such as malware and computer infiltration strategies. These noncriminals are vicious, preferring to get entry to an organization and wreak devastation by sneaky means (RSI, 2021).  Distributed Denial of Service (DDoS): The primary goal of fraudsters using Distributed Denial of Service, or DDOS, is to disrupt a website. In a nutshell, they flood a target network with bogus requests in order to overload the system and force it to fail. Legitimate users or clients will be unable to access the website since it will be unavailable. DDoS can cause severe productivity losses as a result of these needless disruptions. Figure 3 : DDOS attack A Distributed Denial-of-Service attack is hard to stop since it does not originate from a single source. Imagine a restaurant where a noisy crowd gathers at the front door to cause a commotion  Phishing:

Figure 5 :WormsRansomware Ransomware is a form of virus from cryptovirology that hackers execute and encrypt to perfection after they have gained a foothold in your network. They steal vital corporate data or sensitive personal information from customers, then threaten to expose the information unless the target firm pays a ransom. Ransomware has turned into a common method of extorting money from businesses over time. Digital attackers weaponize critical information discovered within an infected network. Standard methods for luring employees into the organization include giving an innocent attachment or link. Figure 6 : RansomwareBotnet

The term "botnet" is derived from the phrases "robot" and "network." It is a catch-all word for private computers infected with malware, leaving them exposed to remote access by hackers without the organization's knowledge. This level of precise control and awareness of target networks is required for the transmission of spam, the execution of DDoS barrages, and data theft. Botnets are force multipliers used by hackers to disrupt the complex systems of their targets. Botnet architecture has advanced tremendously in terms of evasion. Its apps pose as clients in order to connect to existing servers. Noncriminals can then remotely operate these botnets using peer-to-peer networks. Figure 7 : Botnet Cryptojacking: Currently, bitcoin is everywhere. To earn additional cash naturally, the mining strategy is required. Noncriminals have employed phishing methods to infect and hijack additional slave PCs that willbe used to mine cryptocurrency. Cryptojacking can cause slower PCs since targets are unawarethat their resources are being exploited to generate bitcoin. Natural Events And Disasters: Natural disasters such as fires, floods, storms, earthquakes, tsunamis, avalanches, and others. This sort of danger comprises losses caused by activities undertaken to recover from the first problem, as well as losses caused by actions undertaken to recover from the first problem.

this is the case, you are in excellent company. Almost 300 USB drives were "accidentally" misplaced as part of the study to determine what would happen. Searchers choose nearly all rods, with 45% of cases opening a previously stored file. Figure 10 : security and lost USB stickConvenience beats IT security We must restart the machine after installing the newest Windows updates. Unfortunately, in such and other circumstances, the virus scanner slows down the machine. Employees that are more laid-back choose to altogether halt such operations. That also happens if there is a chance for an update or a virus scanner to disable it. This is a significant cost for IT security. Figure 11 : the convenience of information technologyIT security and CEO fraud In the so-called CEO scam, the criminal poses as a corporate director over the phone or over e- mail. They guarantee that a huge sum of money is transferred to another nation by an employee. The

employee is perplexed by the authority of the other party and approves the transaction. This fraud has the potential to generate millions of dollars in damage, with serious implications for anyone engaged.  Steal customer data if you change jobs Passing sensitive client data on to new employers appears to be regular practice in several businesses. Everyone knows a salesperson who switched to a competition. Soon later, he called us to resume business. In this scenario, though, we are talking about traditional stealing. It is no less dangerous if the employee keeps a business laptop after his job term expires.  Carelessness leads to IT security problems Employees that are uninterested are toxic to any organization. They seldom add to productivity and are a possible security issue in IT. We can adopt a "I don't care" attitude toward all aspects of safety. This might involve, for example, careless password handling. Sensitive information is being disseminated. The problem with authorization. The transmission of files to third parties. Such personnel can always jeopardize security in any of these situations. 1.3 What are the recent security breaches? List and give examples with dates: Security Breaches are defined as any successful attempt by an attacker to gain unauthorized access to an organization's computer systems. Breach examples include the theft of sensitive data, the corruption or sabotage of data or IT systems, and activities intended to deface websites or destroy reputation (Cassetto, 2019). Figure 12 :Data Breaches Recent Security Breaches, List and give examples with dates: