



















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Level 3 btec foundation assignment 1 security
Typology: Essays (university)
1 / 27
This page cannot be seen from the preview
Don't miss anything!




















Potential Impact to the IT security of incorrect configuration of firewall policies and third party Vpns
Computer security is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. Security risks Security risks are possible dangers that can possibly hamper the normal functioning of your computer. In the present age, cyber threats are constantly increasing, as the world is going digital. These are some of the security risks
**1. Internal Security Threats
This results in a high volume of internet traffic bombarding the website with requests and causing it to go offline. These attacks make it difficult to separate legitimate and compromised traffic. Rogue Security Software Rogue security software tricks businesses into believing their IT infrastructure is not operational due to a virus. It usually appears as a warning message sent by a legitimate anti-malware solution. Once a device is infected with a rogue program, the malware spams the victim with messages, forcing them to pay for a non-existent security solution, which is often malware. Rogue security software can also corrupt your pre-existing cyber security programs to prolong their attack. Malware Malware are malicious software programs used to gather information about victims through compromised devices. After successful deployments, hackers can mine devices for classified information (email addresses, bank accounts, passwords, etc.) and use them to commit identity theft, blackmail, or other business-damaging actions. Malware includes: Worms – exploits weaknesses in computer systems to spread to other devices. Rootkits – grants unauthorized access to systems in the form of false access privilege without the victim's knowledge. Trojan viruses – slips under a network's radar by hitchhiking on other software and provides hackers with unprecedented access to systems. Spyware – gathers information on how devices are used by their owners. Ransomware Ransomware is a type of malware that encrypts files within infected systems and holds them for ransom, forcing victims to pay a decryption key to unlock the data. This can take the form of ransomware-as-a-service (RaaS). RaaS is like software-as-a-service (SaaS), specifically for ransomware. RaaS dealers develop codes that buyers can use to develop their own malware and
Organisational Security Procedures Computer security threats are becoming relentlessly inventive these days. There is much need for one to arm oneself with information and resources to safeguard against these complex and growing computer security threats and stay safe online. It is also important to maintain our computer security and its overall health by preventing viruses and malware, which would impact on the system performance. Some preventive steps you can take are:
Control access to data and systems Make sure that individuals can only access data and services for which they are authorised. For example, you can: control physical access to premises and computers network restrict access to unauthorised users limit access to data or services through application controls restrict what can be copied from the system and saved to storage devices limit sending and receiving of certain types of email attachments Put up a firewall A firewall is a network security device that keeps out unauthorized users and hackers. Antivirus software helps to protect files from viruses. Firewalls help to keep out intruders by blocking them from accessing your computer in the first place. Firewalls protect your computer system from viruses and other harmful software. You should install them on every system in your network Network firewalls are designed to protect computers from outside threats such as viruses, malware, spyware, and other malicious software. They also prevent unauthorized access to your company’s internal network resources. Having a DMZ network A DMZ, or demilitarized zone , network is a perimeter network that protects your local area network (LAN) by assuming all users are untrusted by default. A DMZ network prevents attackers from carrying out investigation and scraping activities of personal or core targets. It also helps protect an organization from being attacked through IP spoofing. Consider using a 4th-generation or above firewall as a service (FWaaS) to help protect your cloud or cloud-hybrid environments. DMZs have a zero-trust policy with everything configured to require explicit, and not inferred, trust to work. This means that even if an attacker gets into a DMZ, they then have to find a way from this location to attack the rest of your network.
The IPS is the advanced version of the Intrusion Detection System – the latter leaves it off at detection, whereas the former will go beyond blocking and preventing the app from gaining entry again. Potential Impact to the IT security of incorrect configuration of firewall policies and third party Vpns Firewall A network firewall is essential for organisations because it can stop hackers from accessing sensitive information and either disrupting operations or holding the company ransom for its own data. A firewall, however, does not end with installation; it must be supplemented with dedicated firewall policies and processes that are controlled and managed by an expert. Without this extra step, your firewall is very likely to fail, exposing your network to hackers, viruses, and other harmful traffic. Misconfigured firewalls might result in these serious consequences for your clients: Breach paths: A misconfigured firewall that allows unauthorized access can lead to data breaches, data loss, and stolen or ransomed IP. Unplanned outages: A misconfiguration may prevent a customer from engaging with a firm, resulting in lost income. Large e-commerce companies, for example, could lose thousands or even millions of dollars until the error is addressed. Firewall Policies A firewall policy dictates how firewalls should handle network traffic for specific IP addresses and address ranges, protocols, applications, and content based on the organization’s information security policies. Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured including which types of traffic can traverse a firewall under what circumstances.
Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) allow organisations to provide secure connectivity between devices in physically separate locations. This guidance helps administrators within choose , deploy and configure VPNs for their organisation. VPNs are encrypted network connections. These allow remote users to securely access an organisation's services. VPNs are one way to guarantee the security of 'data in transit' across an untrusted network, but they also provide several other benefits. For example, an organisation with offices in multiple locations can use VPNs to provide its remote users with access to corporate email and file services. There are two types of VPNs: Remote Access VPN Site to Site VPN Remote Access VPN: Remote Access VPN permits a user to connect to a private network and access all its services and resources remotely. The connection between the user and the private network occurs through the Internet and the connection is secure and private. Remote Access VPN is useful for home users and business users both. Site to Site VPN: A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the network of one office location to the network at another office location. Fig. 1: Remote Access VPN Fig. 2: Site-to-Site VPN
A DMZ network acts as a shield between an organization’s private network and the internet. Security doorways, including firewalls, filter activity between the DMZ and the LAN to isolate the DMZ from the LAN. Another security gateway, which monitors traffic from external networks, protects the default DMZ server. Ideally, a DMZ is situated between two firewalls. The setup of the DMZ firewall guarantees that incoming network packets are inspected by a firewall or some other security protocols before reaching the DMZ servers. This implies that even if an attacker breaches the very first firewall, they will need admission to the reinforced services in the DMZ to inflict significant harm to a company. Assume that an attacker breaches the outer firewall and hacks a DMZ system. In this situation, they will also need to breach an internal firewall to get access to all sensitive corporate information. A competent attacker may be able to infiltrate a protected DMZ. There are Servers in the DMZ. Here are six examples of the systems deployed within a DMZ include:
A static IP address is beneficial for organizations with internet-related needs, including FTP servers, hosting a webcam, videoconferencing applications, or email. There are many advantages to using a static IP address in network security these are: Better DNS support : Static IP addresses are much easier to set up and manage with DNS servers. Server hosting : If you are hosting a web server, email server, or any other kind of server, having a static IP address makes it easy.That means it's quicker for clients to get to your websites and services if they have a static IP address. Convenient remote access : A static IP address makes it easier to work remotely using a VPN or other remote access programs. More reliable communication : Static IP addresses make it easier to use Voice over Internet Protocol (VoIP) for teleconferencing or other voice and video communications. Implementing a NAT (Network Address Translation) Fig.4 : Configuring a static IP
Improved Privacy: NAT makes an organization’s internal network structure opaque from outside of the network. External systems see a single IP address or a set of frequently changing ones, making it difficult to create a map of an organization’s internal network for use in later attacks. Method to access and treat to security risks Security Risk A security risk assessment identifies, assesses, and implements key security controls in applications. It also focuses on preventing application security defects and vulnerabilities. An IT risk assessment involves four key components. Threat — A threat is any event that could harm an organization’s people or assets. Examples include natural disasters, website failures and corporate espionage. Vulnerability — A vulnerability is any potential weak point that could allow a threat to cause damage. Impact — Impact is the total damage the organization would incur if a vulnerability were exploited by a threat Likelihood — This is the probability that a threat will occur. It is usually not a specific number but a range. Methods to perform a security risk assessment Step 1# : Identify and Prioritize Assets Assets include servers, client contact information, sensitive partner documents, trade secrets and so on. For each asset, gather the following information, as applicable: Software Hardware
Data Interfaces Users Support personnel Mission or purpose Criticality Functional requirements IT security policies IT security architecture Network topology Information storage protection Information flow Technical security controls Physical security environment Environmental security Step 2# : Identify Threats A threat is anything that could cause harm to your organization. While hackers and malware probably leap to mind, there are many other types of threats: Natural disasters : Floods, hurricanes, earthquakes, fire and other natural disasters can destroy not just data, but servers and appliances as well. When deciding where to house your servers, think about the chances of different types of natural disasters. For instance, your area might have a high risk of floods but a low likelihood of tornadoes. Hardware failure : The likelihood of hardware failure depends on the quality and age of the server or other machine. For relatively new, high-quality equipment, the chance of failure is low. But if the equipment is old or from a “no-name” vendor, the chance of failure is much higher. People can accidentally delete important files, click on a malicious link in an email or spill coffee on a piece of equipment that hosts critical systems. Malicious behavior : There are three types of malicious behavior: o Interference is when somebody causes damage to your business by deleting data, engineering a distributed denial of service (DDOS) against your website, physically stealing a computer or server, and so on. o Interception is theft of your data. o Impersonation is misuse of someone else’s credentials, which are often acquired through social engineering attacks or brute-force attacks, or purchased on the dark web.
they become big ones. For example, malware or viruses may be undetectable at a glance, but your network monitoring solution can flag unusual activity, such as suspicious use of network resources. You’ll also be able to proactively identify unauthorized access or security threats such as DDoS attacks or unauthorized downloads. Networking monitoring tools can drill down and spot weak links. It could identify areas for improvements and upgrades, too.