
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
security pass, security pass, security pass, security pass, security pass, security pass,
Typology: Thesis
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 03/06/2022 Date Received 1st submission 06/06/ Re-submission Date Date Received 2nd submission Student Name Bui Thi Huong Student ID GCH Class GCH200638 Assessor name Michael Omar Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D
❒ Summative Feedback: ❒ Resubmission Feedback: Grade: Assessor Signature: Date: Lecturer Signature:
Today with the explosive development of information technology, most of the information of organizations and individuals is stored on computer systems. Along with the development of the organization are the increasing requirements of the operating environment in sharing its information with many different objects over the network. The loss or leakage of information can seriously affect information sources, finance and reputation of organizations and individuals. Cyberattack methods are increasingly sophisticated and complex, which can lead to information loss or even complete collapse of an organization's information system. Therefore, information security is an important, heavy and unpredictable task for information systems: Types of security threats to organizations and gives an example of a recently published security breach and discusses its consequences. Also, describe the organization's security procedures. Then determine the potential impact on IT security of firewall and IDS policy misconfiguration. Show, using an example for each, how implementing DMZ, Static IP and NAT in a network can improve Network Security.
Define threats: A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed. Identify threats agents to organizations:
1. Nation States: Companies operating in certain sectors, e.g. telecommunications, oil and gas, mining, power generation, national infrastructure may find themselves targeted for foreign countries to do business. Interrupt operations now, or let the country hold its future in times of adversity. We have heard a
sending a phishing email to a Fazio employee, the hackers were eventually able to access Target’s point- of-sale systems. This gave them access to up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season. This has cost Target over $200m. ( Lamb & Director,
List type of threats that organizations will face:
installs itself on your computer or hidden component of software packages or can be install as traditional malware such as deceptive ads, email and instant messages. (Touhid, 2019)
actors, including: full names, email addresses, phone numbers, workplace information, and moreover. (Anon., 2021)
information that can be used to identify an individual including directly or indirectly anything from name to email address, IP address and picture. The reality is that if a critical patient has their medical records deleted due to a data breach, it can seriously affect their medical treatment and their life. The consequences of these data breaches can be catastrophic and exceed any short- or long-term damages. (Hill & Swinhoe, 2021) Suggest solutions to organizations: Limit access to your most valuable business data: As companies grow, it's always important to get rid of all segregated records so that only those who specifically need access have it. (Anon.,
Third-party vendors must comply: One mistake employer make is thinking that one cyber security training class is enough. If you're serious about protecting business-critical data, schedule classes as often as quarterly or even monthly. Conduct security awareness training for employees. (Anon., 2022) Regular software updates: strengthen your network and stop attacks before they happen. Develop a breach response plan: start with assessing exactly what was lost and when. Find who is responsible by taking quick, decisive action, you can limit damage and restore public and employee trust. (Anon., 2022) Hard-to-Decrypt Passwords: Most of the public has discovered the importance of making passwords difficult to decipher. The solution must use uppercase letters, numbers and special characters when creating passwords. (Anon., 2022) Reassure your customers: Recent surveys of consumers across the US show that 56% have cut back on internet purchases due to fear of their personal information being stolen. If customers see that your company is doing its best to prevent online theft, they may feel better about buying from you. (Anon., 2022)
Organizational security procedure: A secure process is the use of encryption technology, which promotes collaboration and enhances productivity, implemented for the purposes of protecting integrity, confidentiality or confidentiality and preventing, corrupting, using unauthorized access or access to any data or information transmitted via ICS. Formal statement of rules by which people given access to an organization's technology and information assets must abide:
storage media, network accounts that provide email, WWW browsing and FTP are the property of [COMPANY NAME] These systems will be used for business purposes only. interests of the company as well as our customers and clients in the course of normal operations. The purpose of this policy is to outline the acceptable use of computer equipment at [COMPANY NAME]. These rules are in place to protect employees and [NAME OF COMPANY]. Inappropriate use exposes [COMPANY NAME] to risks including virus attacks, intrusion into network services and systems, and legal problems. (Anon.,
Discuss briefly firewalls and policies, their usage, and advantages in a network: Firewall: Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. At one time, most firewalls were deployed at network perimeters. This provided some measure of protection for internal hosts, but it could not recognize all instances and forms of attack, and attacks sent from one internal host to another often do not pass-through network firewalls. Firewall policies specify how firewalls handle network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the organization's information security policy. Before creating a firewall policy, some form of risk analysis should be performed to develop a list of the types of traffic an organization needs and categorize how they should be secured — including what types of traffic. Risk analysis should be based on threat assessment; vulnerabilities; countermeasures to mitigate security vulnerabilities; and the impact if the system or data is compromised. The firewall policy must be documented in the system security plan and maintained and updated regularly as new classes of attacks or security vulnerabilities arise or as a result of the organization's network-related needs application changes. The policy should also include specific instructions on how to address changes to the rule set. (Scarfone & Hoffman, 2009) Firewall usage: Firewalls filter network traffic in a private network analysing what traffic should be allowed or restricted based on a set of rules. A firewall is like a gatekeeper at a computer entry point, it only allows trusted
sources or IP addresses to enter the network. Accept only incoming traffic configured to accept. And be able to differentiate between good and malicious traffic and allow or block specific data packets based on pre-established security rules. These rules are based on some aspects indicated by the packet data, like their source, destination, content, etc. They block traffic coming from suspicious sources to prevent cyberattacks. In this way, the firewall performs rapid assessments to detect malware and other suspicious activities. Firewall advantages in network: It provides enhanced security and privacy from vulnerable services. It prevents unauthorized users from accessing a private network connected to the internet. Firewalls provide faster response times and can handle more traffic loads, easily handling and updating security protocols from a single authorized device. Control Internet usage. It protects your network from phishing attacks. Block attacks on your private network forced by other networks. Identify channels and remove unauthorized users. Security firewall monitors the network and computers and when suspicious activity occurs, it automatically generates an alert.
Show with diagrams the example of how firewall works: Figure 2 : How firewalls works Define IDS, its usage, and show it with diagrams examples: Figure 3 : The usage of IDS
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. USAGE: An IDS can be used to help analyse the quantity and types of attacks. Organizations can use this information to change their security systems or implement more effective controls. An intrusion detection system can also help companies identify bugs or problems with their network device configurations. HOW DOES IDS WORK: The detection system is a monitoring application designed solely to identify and report anomalies before hackers can damage your infrastructure. IDS is installed on your network or client system (server-based IDS). The detection system looks for attack tools that signal or deviate from established standards. This sample is any sample in the quality network that has been subsequently submitted in ratings for further study of the application protocols and layers of the OSI (Open Systems Interconnection) model. These deviations or anomalies are pushed onto the stack and checked at the application and protocol layer. The IDS: The IDS is placed out of band in real time (the path between the sender and receiver of information) in your network infrastructure to act as a detection system for network monitoring and star analysis of network content packets (found through port reflection responses) to ensure streaming traffic has not been malicious or tampered with in any way. IDS detects the performance of elements that have the potential to affect the overall network effect, such as malformed packet information, malicious DNS, Xmas scans. (Lutkevich, 2021) Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network: Both IDSs and Firewalls are essential packet filtering devices used to monitor the incoming and outgoing traffic or traffic on the network based on a set of appropriately defined rules. But it should never be seen as a universal solution for all network security needs, and this is the potential impact (Threat-Risk) of firewalls and IDS if they are misconfigured in the network. Firewalls prevent malware from entering your system, while antivirus software removes damaged files and software from your computer and network.
external networks to the DMZ, while connections from the DMZ are only allowed to the external network Servers within the DMZ may not connect to the internal network. This allows the DMZ's servers to provide services to the external network while also protecting the internal network in the event that intruders infiltrate the servers in the DMZ. For someone on the outside network who wants to illegally connect to the internal network, the DMZ is a dead end. for example, a computer, located outside of a firewall or other security measures on the network. (Anon., 2021) The DMZ contains accessible devices for storing internet traffic, such as Web servers (HTTP), FTP servers, SMTP (e-mail) servers, and DNS servers. The DMZ can be generated by the router. It provides protection for the web server and externally accessible servers without exposing the internal network. Because the DMZ reduces risk, provides harmonization, and provides maximum benefits with the lowest risk for most DMZ institutions. This network protection provided by the DMZ depends largely on the configuration of the firewall. DMZ usage and security function as advantage: DMZ is used for providing external controlled access to services used by external personnel to the control system network control system equipment to ensure secure application of system updates and upgrades. The DMZ configuration is widely used and is simply DMZ with a firewall. Building a DMZ involves placing a firewall between the organization's edge router and the internal network, creating a new network partition that is accessible only through the DMZ device. The web server is located in this new network partition, along with other server and network infrastructure components needed to be accessible from the outside. The router acts as a basic firewall. Below figure...., use a router with an access control list (ACL) to restrict certain types of network traffic going to and from the DMZ. The DMZ also offers security advantage: Allow access control: It is possible to provide users with access to services outside of their network via the public internet. The DMZ allows access to these services while performing network segmentation to make it harder for unauthorized users to access the private network. Prevent cyber espionage: By providing a buffer between the internet and a private network, the DMZ prevents attackers from doing the spying work they do in search of potential targets. The servers in the DMZ are publicly visible but are firewalled to provide another layer of security to prevent attackers from seeing inside the internal network.
Block Internet Protocol (IP) spoofing: The DMZ can detect and prevent such spoofing attempts when another service verifies the legitimacy of an IP address. The DMZ also provides network segmentation to make space for organized traffic and public services that can be accessed from the internal private network. (Anon., 2022) Figure 5 : DMZ Define and discuss static IP. Figure 6 : Static IP A static IP address is an IP address that was manually configured for a device instead of one that was assigned by a DHCP server. It's called static because it doesn't change vs. a dynamic IP address, which does change. It is provided by ISP (Internet Service Provider). While it is provided by DHCP (Dynamic Host Configuration Protocol). Devices designed by static IP address can be tracked. Static IP addresses are less