IT Security Threats and Organizational Security Procedures, Papers of Computer Security

1623 - Security - Assignment 1

Typology: Papers

2020/2021

Uploaded on 04/05/2022

unkaeciique
unkaeciique 🇻🇳

4.7

(174)

29 documents

1 / 30

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 | H o N g o c K h a n h
ASSIGNMENT 1 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
Date Received 1st submission
Re-submission Date
Date Received 2nd submission
Student Name
Hồ Ngọc Khánh
Student ID
GCS200074
Class
GCD0901
Assessor name
Trần Trọng Minh
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Khanh
Grading grid
P1
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e

Partial preview of the text

Download IT Security Threats and Organizational Security Procedures and more Papers Computer Security in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Hồ Ngọc Khánh Student ID GCS Class GCD0901 Assessor name Trần Trọng Minh Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Khanh Grading grid

P1 P2 P3 P4 M1 M2 D

 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date: Lecturer Signature:

  • and discuss its consequences (P1) A. Identify types of security threat to organizations. Give an example of a recently publicized security breach
    • I. Threats and threats agents to organizations.....................................................................................................
    • II. Security breaches
    • III. Solutions to organizations
        1. Educate Employees on Data Security, Security Policies, and Common Security Threats (Kirk, 2020)
        1. Protect Your Infrastructure (Kirk, 2020)
        1. Implement Operations Activities & Controls Efficiency Audits (Kirk, 2020)
  • B. Describe at least 3 organizational security procedures (P2)
    • I. Encrypt data information (Anon., 2019)
    • II. Use strong passwords (Empey, 2018)
    • III. Backup and Recovery
  • C. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)
    • I. Firewalls
    • II. Policies
    • III. IDS (Intrusion Detection System)
    • IV. Potential impact of a firewall and IDS if they are incorrectly configured in a network
  • Network Security (P4) D. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
    • I. The aid of diagram DMZ
    • II. The aid of diagram static IP
    • III. The aid of diagram NAT
  • E. References
  • Figure 1: MALWARE....................................................................................................................................................... FIGURES
  • Figure 2: EMOTET
  • Figure 3: DENIAL OF SERVICE
  • Figure 4: MAN-IN-THE-MIDDLE
  • Figure 5: PHISHING
  • Figure 6: SQL INJECTION
  • Figure 7: PASSWORD ATTACKS
  • Figure 8: ENCRYPTED DATA
  • Figure 9: BRUTE FORCE ATTACK
  • Figure 10: DICTIONARY ATTACK
  • Figure 11: PHISHING
  • Figure 12: STRONG PASSWORD GENERATOR
  • Figure 13: BACKUP AND RECOVERY DATA
  • Figure 14: FIREWALL
  • Figure 15: HOW FIREWALLS WORK
  • Figure 16: SECURITY POLICY
  • Figure 17: THE FUNCTIONALITIES OF IDS
  • Figure 18: HOW IDS WORKS
  • Figure 19: DMZ DIAGRAM
  • Figure 20: STATIC IP DIAGRAM
  • Figure 21: NAT DIAGRAM

A. Identify types of security threat to

organizations. Give an example of a recently

publicized security breach and discuss its

consequences (P1)

I. Threats and threats agents to organizations

DEFINITION: Security Threat means any threat or series of connected threats to intentionally attack Network Systems in order to demand money, including virtual, digital, and electronic currency, securities, or other valuable property from an Insured; provided, however, that Security Threat does not include any such threat made by any governmental entity or public authority. (Anon., 2017) TYPES OF SECURITY THREATS: (Anon., 2019)

1. Malware : Malware is defined as malicious software, which includes spyware, ransomware, viruses, and worms. Malware is triggered when a user clicks on a malicious link or attachment, which causes hazardous software to be installed. Figure 1 : MALWARE

Figure 3 : DENIAL OF SERVICE

4. Man-in-the-middle: When hackers inject themselves into a two-party transaction, this is known as a man-in-the-middle (MITM) assault. According to Cisco, after disrupting traffic, they may filter and take data. MITM attacks are common when a visitor connects to an unprotected public Wi-Fi network. Attackers place themselves between the visitor and the network, then use malware to install software and steal data. Figure 4 : MAN-IN-THE-MIDDLE 5. Phishing: Phishing attacks employ forged communication, such as an email, to mislead the recipient into opening it and following the instructions contained inside, such as

entering a credit card number. According to Cisco, the objective is to "take sensitive data such as credit card and login credentials or to install malware on the victim's system." Figure 5 : PHISHING

6. SQL Injection: A Structured Query Language (SQL) injection is a form of cyber-attack that occurs when malicious code is inserted into a SQL server. When a server is infected, it leaks data. Entering the malicious code into a vulnerable website search box can be as simple as that. Figure 6 : SQL INJECTION

4. Forefront Dermatology – July 9th, 2021: Forefront Dermatology, a U.S. healthcare provider, revealed that unauthorized access to its IT systems exposed the personal data and medical information of up to 2.4 million patients. 5. Guess – July 12th, 2021: Guess alerted an unspecified number of customers of a data breach as a result of a ransomware assault that resulted in a data breach. 6. OneMoreLead – August 4th, 2021: OneMoreLead, a marketing firm, compromised the personal information of 126 million people via an unprotected database accessible online. 7. SeniorAdvisor – August 13th, 2021: Researchers in cyber security discovered an unprotected database holding over 3 million personal records of SeniorAdvisor members. 8. UNM Health – August 17th, 2021: An unauthorized third party got access to the personal and medical information of approximately 637,000 UNM Health patients. 9. Microsoft Power Apps – August 24th, 2021: At least 38 million data were exposed due to a misconfiguration in Microsoft Power Apps, a Microsoft software. American Airlines, Microsoft, J.B. Hunt, and the governments of Indiana, Maryland, and New York City were all affected by the data dumps. 10. GetHealth, FitBit and Apple – September 14th, 2021: Over 61 million records of Apple and Fitbit customers' data connected to fitness trackers and wearables were exposed in an unprotected database belonging to GetHealth, a health and wellness data app.

III. Solutions to organizations

1. Educate Employees on Data Security, Security Policies, and Common Security

Threats (Kirk, 2020)

A consistent, clear communication about organizational policies and procedures can help decrease the likelihood of employees accidentally committing a crime or lash out at the business over a perceived injustice. To be as successful as possible in reducing unintentional insider

cybersecurity threats, your company's data security training program curriculum should include the following information:

  • How to categorize and recognize various sorts of information assets
  • Policies and processes for excellent asset management, risk identification, assessment, and mitigation
  • Choosing appropriate security controls to reduce identified threats
  • The significance of detecting security events and responding to incidents
  • Employees' various roles, duties, and interactions
  • Common risks that employees may face include phishing, viruses, and malware, as well as communication principles both internally and with third parties.

2. Protect Your Infrastructure (Kirk, 2020)

1. Identification: To begin, create a risk universe to identify all potential threats that might influence the security of your organization's assets. Every known situation should be documented, and suggestions should be collected from all departments. Once you've identified potential risks, you'll want to specify the mitigation option(s) for each before you face an insider assault. 2. Prevention: A robust, detailed risk-management plan serves as the cornerstone for effective threat prevention. Check to see whether modifying procedures or activities can lower potential risks or lessen the effect of probable bad occurrences as part of your preventative strategy. As a deterrent to insider assaults, use warning messages such as the message of the day (MOTD), login prompts, and alerts. The MOTD below specifies correct usage to ensure that staff are aware of acceptable behavior. 3. Control: During this phase, your focus is on insider threat management and the solutions you may use to better protect yourself in the event of an attack. Begin by adding the ability to manage accounts and account access centrally. Streamlining access control improves your capacity to examine problems, such as finding an account and limiting its access if required.

B. Describe at least 3 organizational security

procedures (P2)

I. Encrypt data information (Anon., 2019)

Data encryption is a type of security mechanism in which information is encoded and may only be accessed or decoded by a user who has the appropriate encryption key. Encrypted data, also known as ciphertext, seems jumbled or unintelligible to anybody or entity who gains unauthorized access. Figure 8 : ENCRYPTED DATA Data encryption is used to prevent malevolent or careless individuals from gaining access to sensitive data. Encryption, a crucial layer of protection in a cybersecurity architecture, makes it as difficult as possible to use intercepted data. It may be used to secure data ranging from secret government information to personal credit card transactions. Data encryption software, often known as an encryption algorithm or cipher, is used to create an encryption system that can potentially be broken only with massive quantities of computational power.

II. Use strong passwords (Empey, 2018)

Cybercriminals have many password-hacking techniques at their disposal, but the simplest is simply purchasing your passwords on the dark web. The black-market buys and sells login credentials and passwords for a lot of money, and if you've been using the same password for a long time, chances are it's been hacked.

  • Brute force attack: This assault attempts to predict every possible combination in the book until it lands on yours. The attacker uses software to automate the process of trying as many possibilities as possible in as little time as possible, and there has been some terrible progress in the growth of that technology. Figure 9 : BRUTE FORCE ATTACK
  • Dictionary attack: This is exactly what it sounds like: the hacker is assaulting you with a dictionary. Whereas a brute force assault attempts every possible combination of symbols, numbers, and characters, a dictionary attack tries a predetermined list of words from a dictionary. Figure 10 : DICTIONARY ATTACK

Figure 12 : STRONG PASSWORD GENERATOR

III. Backup and Recovery

Backup and recovery refers to the process of backing up data in case of loss and establishing systems that enable data recovery in the event of data loss. Backing up data entails copying and preserving computer data so that it can be accessed in the event of data loss or damage. Data from a previous time period can only be retrieved if it has been backed up. (Anon., 2017) Figure 13 : BACKUP AND RECOVERY DATA THE IMPORTANCE OF BACKUP AND RECOVERY: The backup's aim is to produce a copy of the data that can be retrieved in the case of a main data failure. Primary data failures can occur due to hardware or software failure, data corruption,

or a human-caused incident, such as a hostile attack (virus or malware), or unintentional data deletion. Backup copies enable data to be recovered from a previous point in time, assisting the company in recovering from an unforeseen incident. To achieve the greatest outcomes, backup copies should be produced on a consistent, frequent basis to reduce the amount of data lost between backups. The longer the time between backup copies, the greater the risk of data loss while recovering from a backup. Keeping several copies of data gives you the security and flexibility to restore to a point in time that was not impacted by data corruption or malicious assaults. TYPES OF DATA BACKUP (Anon., 2020)

1. Full Backup: It is a simple and comprehensive backup process that copies all of your data to another media set such as a disk, tape, or CD. As a result, a full copy of all your data is provided in a single media package. 2. Incremental Backup: This procedure copies just the data that has changed since your last backup process. All backup activities will be recorded and tracked by a backup program at the time and date they occur. This procedure is quicker and necessitates less storage space. 3. Differential Backup: This backup, like an incremental backup, will transfer all modified data from a previous episode, but each time it runs, it will continue to copy all data changed since the last complete backup.

Firewalls examine packets for malicious code or attack vectors that have previously been identified as known dangers. If a data packet is identified as posing a security concern, the firewall blocks it from entering the network or reaching your computer. (Anon., 2019) Figure 15 : HOW FIREWALLS WORK ADVANTAGES: (Roor, n.d.)

  • Monitor Traffic: A firewall's primary job is to monitor the traffic that passes through it. The information that travels via a network is in the form of packets. Each of these packets is inspected by the firewall for potentially dangerous threats.
  • Protection against Trojans: Malware, particularly Trojans, can be hazardous to a user. A Trojan sits silently on your computer, snooping on everything you do with it. Whatever data they collect will be transmitted to a web server. Obviously, you will not be aware of their presence until your machine exhibits unusual behavior.
  • Prevent Hackers: Hackers on the internet are constantly looking for computers to use in their illegal activities. When hackers discover such machines, they will begin to engage in harmful activities such as malware distribution. Aside from the hackers, there may be unknown individuals, such as neighbors, seeking for an unsecured internet connection.
  • Access Control: Firewalls provide an access policy that may be configured for certain hosts and services. Some hosts may be abused by attackers. In this scenario, it is advisable to prevent such hosts from accessing the system.
  • Better Privacy: One of the primary concerns of a user is privacy. Hackers are always on the lookout for private information in order to gain information about the user. However, many of the services provided by a site, such as the domain name service and the finger, may be disabled by employing a firewall. HOW FIREWALLS PROTECT DATA:
  • Backdoors: Certain programs are meant to be accessible remotely, while others may have vulnerabilities that allow potential hackers to get access to and abuse the program for malevolent reasons via a "backdoor," or a concealed means to access and exploit the software.
  • Denial of service: Hackers use this approach by requesting to connect to the server, which sends an acknowledgment and attempts to connect.
  • Macros: Macros are scripts that programs may use to combine a number of complex operations into a single executable rule.
  • Remote logins: The severity of remote logins varies, but they always pertain to someone connecting to and managing your computer.
  • Spam: While the majority of spam is innocuous, some spam may be quite harmful.
  • Viruses: Viruses are tiny programs that reproduce themselves from computer to computer, allowing them to spread across devices and networks.

II. Policies

DEFINITION: The Security Policy establishes the policies and procedures for all personnel who access and use an organization's IT assets and resources. An effective IT Security Policy is a model