Network Security Assignement 1 Level 3 Btec, Essays (university) of Network security

Level 3 btec foundation assignment 1 security

Typology: Essays (university)

2019/2020

Uploaded on 01/03/2023

yoonyaticho
yoonyaticho 🇲🇲

5

(1)

5 documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security
Yoon Yati Cho
Unit 5
Term 2
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download Network Security Assignement 1 Level 3 Btec and more Essays (university) Network security in PDF only on Docsity!

Security

Yoon Yati Cho

Unit 5

Term 2

Table of Contents

Potential Impact to the IT security of incorrect configuration of firewall policies and third party Vpns

Computer security is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. Security risks Security risks are possible dangers that can possibly hamper the normal functioning of your computer. In the present age, cyber threats are constantly increasing, as the world is going digital. These are some of the security risks

**1. Internal Security Threats

  1. Distributed Denial-Of-Service (DDoS) Attacks
  2. Rogue Security Software
  3. Malware
  4. Ransomware
  5. Phishing Attacks
  6. Viruses Internal Security Threats** Over 90% of cyberattacks are caused by human error. This can take the form of phishing attacks, careless decision-making, weak passwords and many more. Phishing is disguising as a trustworthy person or business; phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing in unfortunately very easy to execute. You are deluded into thinking it is the legitimate mail and you may enter your personal information. Distributed Denial-Of-Service (DDoS) Attacks A DDoS attack causes websites to crash, malfunction, or experience slow loading times. In these cases, cybercriminals infect internet-connected devices (mobile phones, computers, etc.) and convert them into bots. Hackers send the bots to a victim's IP address.

This results in a high volume of internet traffic bombarding the website with requests and causing it to go offline. These attacks make it difficult to separate legitimate and compromised traffic. Rogue Security Software Rogue security software tricks businesses into believing their IT infrastructure is not operational due to a virus. It usually appears as a warning message sent by a legitimate anti-malware solution. Once a device is infected with a rogue program, the malware spams the victim with messages, forcing them to pay for a non-existent security solution, which is often malware. Rogue security software can also corrupt your pre-existing cyber security programs to prolong their attack. Malware Malware are malicious software programs used to gather information about victims through compromised devices. After successful deployments, hackers can mine devices for classified information (email addresses, bank accounts, passwords, etc.) and use them to commit identity theft, blackmail, or other business-damaging actions. Malware includes:  Worms – exploits weaknesses in computer systems to spread to other devices.  Rootkits – grants unauthorized access to systems in the form of false access privilege without the victim's knowledge.  Trojan viruses – slips under a network's radar by hitchhiking on other software and provides hackers with unprecedented access to systems.  Spyware – gathers information on how devices are used by their owners. Ransomware Ransomware is a type of malware that encrypts files within infected systems and holds them for ransom, forcing victims to pay a decryption key to unlock the data. This can take the form of ransomware-as-a-service (RaaS). RaaS is like software-as-a-service (SaaS), specifically for ransomware. RaaS dealers develop codes that buyers can use to develop their own malware and

Organisational Security Procedures Computer security threats are becoming relentlessly inventive these days. There is much need for one to arm oneself with information and resources to safeguard against these complex and growing computer security threats and stay safe online. It is also important to maintain our computer security and its overall health by preventing viruses and malware, which would impact on the system performance. Some preventive steps you can take are:

  1. Use strong passwords
  2. Control access to data and systems
  3. Put up a firewall
  4. Having a DMZ network
  5. Use security software
  6. Update programs and systems regularly
  7. Monitor for intrusion Use strong passwords Strong passwords are vital to good online security. Make your password difficult to guess by:  using a combination of capital and lower-case letters, numbers and symbols  making it between eight and 12 characters long  avoiding the use of personal data  changing it regularly  never using it for multiple accounts  using two-factor authentication

Control access to data and systems Make sure that individuals can only access data and services for which they are authorised. For example, you can:  control physical access to premises and computers network  restrict access to unauthorised users  limit access to data or services through application controls  restrict what can be copied from the system and saved to storage devices  limit sending and receiving of certain types of email attachments Put up a firewall A firewall is a network security device that keeps out unauthorized users and hackers. Antivirus software helps to protect files from viruses. Firewalls help to keep out intruders by blocking them from accessing your computer in the first place. Firewalls protect your computer system from viruses and other harmful software. You should install them on every system in your network Network firewalls are designed to protect computers from outside threats such as viruses, malware, spyware, and other malicious software. They also prevent unauthorized access to your company’s internal network resources. Having a DMZ network A DMZ, or demilitarized zone , network is a perimeter network that protects your local area network (LAN) by assuming all users are untrusted by default. A DMZ network prevents attackers from carrying out investigation and scraping activities of personal or core targets. It also helps protect an organization from being attacked through IP spoofing. Consider using a 4th-generation or above firewall as a service (FWaaS) to help protect your cloud or cloud-hybrid environments. DMZs have a zero-trust policy with everything configured to require explicit, and not inferred, trust to work. This means that even if an attacker gets into a DMZ, they then have to find a way from this location to attack the rest of your network.

The IPS is the advanced version of the Intrusion Detection System – the latter leaves it off at detection, whereas the former will go beyond blocking and preventing the app from gaining entry again. Potential Impact to the IT security of incorrect configuration of firewall policies and third party Vpns Firewall A network firewall is essential for organisations because it can stop hackers from accessing sensitive information and either disrupting operations or holding the company ransom for its own data. A firewall, however, does not end with installation; it must be supplemented with dedicated firewall policies and processes that are controlled and managed by an expert. Without this extra step, your firewall is very likely to fail, exposing your network to hackers, viruses, and other harmful traffic. Misconfigured firewalls might result in these serious consequences for your clients:  Breach paths: A misconfigured firewall that allows unauthorized access can lead to data breaches, data loss, and stolen or ransomed IP.  Unplanned outages: A misconfiguration may prevent a customer from engaging with a firm, resulting in lost income. Large e-commerce companies, for example, could lose thousands or even millions of dollars until the error is addressed. Firewall Policies A firewall policy dictates how firewalls should handle network traffic for specific IP addresses and address ranges, protocols, applications, and content based on the organization’s information security policies. Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured including which types of traffic can traverse a firewall under what circumstances.

Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) allow organisations to provide secure connectivity between devices in physically separate locations. This guidance helps administrators within choose , deploy and configure VPNs for their organisation. VPNs are encrypted network connections. These allow remote users to securely access an organisation's services. VPNs are one way to guarantee the security of 'data in transit' across an untrusted network, but they also provide several other benefits. For example, an organisation with offices in multiple locations can use VPNs to provide its remote users with access to corporate email and file services. There are two types of VPNs:  Remote Access VPNSite to Site VPNRemote Access VPN: Remote Access VPN permits a user to connect to a private network and access all its services and resources remotely. The connection between the user and the private network occurs through the Internet and the connection is secure and private. Remote Access VPN is useful for home users and business users both. Site to Site VPN: A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the network of one office location to the network at another office location. Fig. 1: Remote Access VPN Fig. 2: Site-to-Site VPN

A DMZ network acts as a shield between an organization’s private network and the internet. Security doorways, including firewalls, filter activity between the DMZ and the LAN to isolate the DMZ from the LAN. Another security gateway, which monitors traffic from external networks, protects the default DMZ server. Ideally, a DMZ is situated between two firewalls. The setup of the DMZ firewall guarantees that incoming network packets are inspected by a firewall or some other security protocols before reaching the DMZ servers. This implies that even if an attacker breaches the very first firewall, they will need admission to the reinforced services in the DMZ to inflict significant harm to a company. Assume that an attacker breaches the outer firewall and hacks a DMZ system. In this situation, they will also need to breach an internal firewall to get access to all sensitive corporate information. A competent attacker may be able to infiltrate a protected DMZ. There are Servers in the DMZ. Here are six examples of the systems deployed within a DMZ include:

  1. Web Servers
  2. File Transfer Protocol Server (FTP)
  3. Email Servers
  4. DNS Servers
  5. Proxy Servers
  6. VoIP Servers Implementing a Static IP An IP address refers to a unique number allocated to devices connected over a network. Network devices to communicate with each other use it. There are four types of IP addresses: private, public, dynamic, and static. A static IP address is a permanent non-changeable IP address. A static IP address can be described as a non-changing network address. Fig. 3: Network Scheme using DMZ

A static IP address is beneficial for organizations with internet-related needs, including FTP servers, hosting a webcam, videoconferencing applications, or email. There are many advantages to using a static IP address in network security these are:  Better DNS support : Static IP addresses are much easier to set up and manage with DNS servers.  Server hosting : If you are hosting a web server, email server, or any other kind of server, having a static IP address makes it easy.That means it's quicker for clients to get to your websites and services if they have a static IP address.  Convenient remote access : A static IP address makes it easier to work remotely using a VPN or other remote access programs.  More reliable communication : Static IP addresses make it easier to use Voice over Internet Protocol (VoIP) for teleconferencing or other voice and video communications. Implementing a NAT (Network Address Translation) Fig.4 : Configuring a static IP

Improved Privacy: NAT makes an organization’s internal network structure opaque from outside of the network. External systems see a single IP address or a set of frequently changing ones, making it difficult to create a map of an organization’s internal network for use in later attacks. Method to access and treat to security risks Security Risk A security risk assessment identifies, assesses, and implements key security controls in applications. It also focuses on preventing application security defects and vulnerabilities. An IT risk assessment involves four key components.  Threat — A threat is any event that could harm an organization’s people or assets. Examples include natural disasters, website failures and corporate espionage.  Vulnerability — A vulnerability is any potential weak point that could allow a threat to cause damage.  Impact — Impact is the total damage the organization would incur if a vulnerability were exploited by a threat  Likelihood — This is the probability that a threat will occur. It is usually not a specific number but a range. Methods to perform a security risk assessment Step 1# : Identify and Prioritize Assets Assets include servers, client contact information, sensitive partner documents, trade secrets and so on. For each asset, gather the following information, as applicable:  Software  Hardware

 Data  Interfaces  Users  Support personnel  Mission or purpose  Criticality  Functional requirements  IT security policies  IT security architecture  Network topology  Information storage protection  Information flow  Technical security controls  Physical security environment  Environmental security Step 2# : Identify Threats A threat is anything that could cause harm to your organization. While hackers and malware probably leap to mind, there are many other types of threats:  Natural disasters : Floods, hurricanes, earthquakes, fire and other natural disasters can destroy not just data, but servers and appliances as well. When deciding where to house your servers, think about the chances of different types of natural disasters. For instance, your area might have a high risk of floods but a low likelihood of tornadoes.  Hardware failure : The likelihood of hardware failure depends on the quality and age of the server or other machine. For relatively new, high-quality equipment, the chance of failure is low. But if the equipment is old or from a “no-name” vendor, the chance of failure is much higher. People can accidentally delete important files, click on a malicious link in an email or spill coffee on a piece of equipment that hosts critical systems.  Malicious behavior : There are three types of malicious behavior: o Interference is when somebody causes damage to your business by deleting data, engineering a distributed denial of service (DDOS) against your website, physically stealing a computer or server, and so on. o Interception is theft of your data. o Impersonation is misuse of someone else’s credentials, which are often acquired through social engineering attacks or brute-force attacks, or purchased on the dark web.

  1. Preventing Downtime
  2. Network visibility
  3. Identify security threats Preventing Downtime Downtime is a productivity killer and its expensive. A recent survey reported that 40% of enterprise companies said an hour of downtime would cost between $ million and $5 million. Monitoring can help you prevent unexpected outages. One significant aspect of network monitoring solutions is to identify warning signs that might indicate a device failure or network problem. This helps you identify the problem and prevent downtime from occurring. Not only does network monitoring help prevent downtime but performance monitoring allows IT teams to optimize performance for more efficient operations. Network Visibility Network visibility is essential in the modern age. Many agree that to manage application performance and network traffic, for example, you need a clear map. You need to see all the pieces to the puzzle to be able to solve it. Not everyone knows how to resolve complex network problems. However, help is at hand. With a simple network management protocol, you may not even need to understand how everything works. Without clear network visibility, your business may be at risk of repeat problems and errors. This is made worse if you are unsure where to start fixing them Identify Security Threats Network monitoring is primarily used to monitor performance, but it can also help uncover security threats within your system. By continuously monitoring for unusual or suspicious activity, you may be able to detect even small threats before

they become big ones. For example, malware or viruses may be undetectable at a glance, but your network monitoring solution can flag unusual activity, such as suspicious use of network resources. You’ll also be able to proactively identify unauthorized access or security threats such as DDoS attacks or unauthorized downloads. Networking monitoring tools can drill down and spot weak links. It could identify areas for improvements and upgrades, too.