Information Security Threats and Countermeasures: A Comprehensive Guide, Thesis of Informatics Engineering

security pass, security pass, security pass, security pass, security pass, security pass,

Typology: Thesis

2021/2022

Uploaded on 09/03/2022

nguyen-huy-676
nguyen-huy-676 🇻🇳

13 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
ASSIGNMENT 1 FRONT SHEET
Qualification
BTEC Level 5 HND Diploma in Computing
Unit number and title
Unit 5: Security
Submission date
03/06/2022
Date Received 1st submission
06/06/2022
Re-submission Date
Date Received 2nd submission
Student Name
Bui Thi Huong
Student ID
GCH1001
Class
GCH200638
Assessor name
Michael Omar
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1
P2
P3
P4
M1
M2
D1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Information Security Threats and Countermeasures: A Comprehensive Guide and more Thesis Informatics Engineering in PDF only on Docsity!

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 03/06/2022 Date Received 1st submission 06/06/ Re-submission Date Date Received 2nd submission Student Name Bui Thi Huong Student ID GCH Class GCH200638 Assessor name Michael Omar Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D

Summative Feedback:Resubmission Feedback: Grade: Assessor Signature: Date: Lecturer Signature:

  • TABLE OF FIGURES:
  • INTRODUCTION:
  • PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) TASK 1 - IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS. GIVE AN EXAMPLE OF A RECENTLY
    • DEFINE THREATS:
    • IDENTIFY THREATS AGENTS TO ORGANIZATIONS:
    • LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE:............................................................................................................................................
    • WHAT ARE THE RECENT SECURITY BREACHES? LIST AND GIVE EXAMPLES WITH DATES:
    • DISCUSS THE CONSEQUENCES OF THIS BREACH:
    • SUGGEST SOLUTIONS TO ORGANIZATIONS:
  • TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2)
    • ORGANIZATIONAL SECURITY PROCEDURE:
      • Discussion on Incidence response policy:
      • Discussion on Human resource policy:
      • Discussion on ALIP acceptable use policy:
  • POLICIES AND IDS (P3) TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL
    • DISCUSS BRIEFLY FIREWALLS AND POLICIES, THEIR USAGE, AND ADVANTAGES IN A NETWORK:
    • HOW DOES A FIREWALL PROVIDE SECURITY TO A NETWORK?
    • SHOW WITH DIAGRAMS THE EXAMPLE OF HOW FIREWALL WORKS:
    • DEFINE IDS, ITS USAGE, AND SHOW IT WITH DIAGRAMS EXAMPLES:.........................................................................................................................
    • IDS:
    • USAGE:................................................................................................................................................................................................................................
    • HOW DOES IDS WORK:................................................................................................................................................................................................
    • THE IDS:
  • NETWORK CAN IMPROVE NETWORK SECURITY (P4) TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A
    • DEFINE AND DISCUSS DMZ:..............................................................................................................................................................................................
    • DMZ USAGE AND SECURITY FUNCTION AS ADVANTAGE:
    • DEFINE AND DISCUSS STATIC IP.
    • STATIC IP USAGE AND SECURITY FUNCTION AS ADVANTAGE:
    • DEFINE AND DISCUSS NAT:
    • NAT ITS USAGE AND SECURITY FUNCTION AS ADVANTAGE:
  • CONCLUSION.................................................................................................................................................................................................
  • REFERENCES
  • FIGURE 1: FIREWALL............................................................................................................................................................................................................... Table of Figures:
  • FIGURE 2: HOW FIREWALLS WORKS
  • FIGURE 3: THE USAGE OF IDS
  • FIGURE 4: DEMILITARIZE ZONE DIAGRAM
  • FIGURE 5: DMZ........................................................................................................................................................................................................................
  • FIGURE 6: STATIC IP
  • FIGURE 7: NAT

Introduction:

Today with the explosive development of information technology, most of the information of organizations and individuals is stored on computer systems. Along with the development of the organization are the increasing requirements of the operating environment in sharing its information with many different objects over the network. The loss or leakage of information can seriously affect information sources, finance and reputation of organizations and individuals. Cyberattack methods are increasingly sophisticated and complex, which can lead to information loss or even complete collapse of an organization's information system. Therefore, information security is an important, heavy and unpredictable task for information systems: Types of security threats to organizations and gives an example of a recently published security breach and discusses its consequences. Also, describe the organization's security procedures. Then determine the potential impact on IT security of firewall and IDS policy misconfiguration. Show, using an example for each, how implementing DMZ, Static IP and NAT in a network can improve Network Security.

Task 1 - Identify types of security threat to organizations. Give an

example of a recently publicized security breach and discuss its

consequences (P1)

Define threats: A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed. Identify threats agents to organizations:

1. Nation States: Companies operating in certain sectors, e.g. telecommunications, oil and gas, mining, power generation, national infrastructure may find themselves targeted for foreign countries to do business. Interrupt operations now, or let the country hold its future in times of adversity. We have heard a

sending a phishing email to a Fazio employee, the hackers were eventually able to access Target’s point- of-sale systems. This gave them access to up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season. This has cost Target over $200m. ( Lamb & Director,

List type of threats that organizations will face:

  1. Computer Viruses: A virus is a software program that can spread from one computer to another or from one network to another without the user's knowledge and perform malicious attacks. It is capable of corrupting or corrupting sensitive organizational data, destroying files and formatting hard drives like clicking a malicious executable, install free software and apps, click on ads, visit an infected and unsafe website, download free games, toolbars, media players and other software. (Touhid, 2019)
  2. Trojans Horse: Malicious code or programs developed by hackers that disguise themselves as legitimate software to gain access to an organization's systems. It is designed to delete, modify, corrupt, block or some other harmful action on your data or network. It attacks by: the victim receives an email with an attachment that looks like an original official email. Attachments can contain malicious code that is executed as soon as the victim clicks on the attachment. In that case, the victim did not suspect or understand that the attachment was indeed a Trojan horse. (Touhid, 2019)
  3. Adware: Adware is a software program that contains commercial and marketing related advertisements such as ads displayed through pop-ups or bars, banner ads, videos on your computer screen. .It is to generate revenue for its developer (Adware) by serving different types of advertisements to internet users. It can attack by: when you click on that type of ad, it will redirect you to a website that advertises and collects information from you. It can also be used to steal all your sensitive information and login information by monitoring your online activities and selling that information to third parties. (Touhid,
  1. Spyware: Spyware is unwanted types of security threats to organizations which installed in user’s computer and collects sensitive information such as personal or organization’s business information, login credentials and credit card details without user knowledge. This type of threats monitor your internet activity, tracking your login credentials, and spying on your sensitive information. It can be automatically

installs itself on your computer or hidden component of software packages or can be install as traditional malware such as deceptive ads, email and instant messages. (Touhid, 2019)

  1. Worm: A worm is a type of malicious software or program that spreads within its connected network and replicates itself from one computer to another in an organization. It can spread without any human assistance and exploit security vulnerabilities of software and access attempts to steal sensitive information, corrupt files and install backdoors to remote access to the system. (Touhid, 2019)
  2. Denial-of-Service (DoS) Attacks: Denial-of-Service is an attack that shut down a machine or network or making it inaccessible to the users. It typically flooding a targeted system with requests until normal traffic is unable to be processed, resulting in denial-of-service to users. It occurs when an attacker prevents legitimate users from accessing specific computer systems, devices or other resources. (Touhid, 2019)
  3. Phishing: Phishing is a type of social engineering attack that attempt to gain confidential information such as usernames, passwords, credit card information, login credentials, and so more. In a phishing email attack, an attacker sends phishing emails to victim’s email that looks like it came from your bank and they are asked to provide your personal information. The message contains a link, which redirects you to another vulnerable website to steal your information. (Touhid, 2019)
  4. SQL Injection: SQL injection is type of an injection attack and one of the most common web hacking techniques that allows attacker to control the back end database to change or delete data. It is an application security weakness and when an application fails to properly sanitize the SQL statements then attacker can include their own malicious SQL commands to access the organization database. Attacker includes the malicious code in SQL statements, via web page input. (Touhid, 2019)
  5. Rootkit: Rootkit is a malicious program that installs and executes malicious code on a system without user consent in order gain administrator-level access to a computer or network system. It can be infected in a computer either by sharing infected disks or drives. It is typically installed through a stolen password or installed through by exploiting system vulnerabilities, social engineering tactics, and phishing techniques without the victim’s knowledge. (Touhid, 2019)
  6. Data breach: A data breach is a security threat that exposes confidential or protected information and the information is accessed from a system without authorization of the system’s owner. The information

actors, including: full names, email addresses, phone numbers, workplace information, and moreover. (Anon., 2021)

  1. Bykea (400 million) In this case, it was discovered that Karachi-based company Bykea had disclosed all their production server information and given access to over 200GB of data containing over 400 million display name records. In full, people's locations and other personal information can be exploited by hackers to cause financial and reputational damage. They are publicly exposed with no password protection or encryption, which means that anyone in possession of the server's IP address can access the database and potentially delete data from it. It appears that in September 2020, Bykea suffered a separate breach in which unidentified hackers deleted the company's entire customer database. (SAFETYDETECTIVES, 2021) Discuss the consequences of this breach: According to Identity Theft's Data Theft Center's 2021 Data Breach Report, there were 1,862 data breaches last year, surpassing both 2020's total of 1,108 and the previous record of 1,506 set established in
  2. The number of reported data breaches jumped 68% last year to the highest total ever. The far-reaching consequences a data breach can have on business operations. First, are the short-term consequences of fee losses with the chargeback process, the handling of affected customers' legitimate issues, the establishment of incident response efforts, breach investigation, investment into new security measures, legal fees. Organizations will need to prevent breaches and conduct a thorough investigation into how it happened and what systems were accessed. Operations may have to be shut down. This process can take days, even weeks, depending on the severity of the breach. This can have a major impact on an organization's revenue and resilience. Then there are the long-term consequences: losing trust and losing credibility with customers, they will simply leave and go to a competitor that values more security; if it is permanent and will also affect an organization's ability to attract new customers, future investments and new employees to the company and it can be devastating to a business. A 2019 Verizon study suggests that data security and privacy are essential to maintain customers 69% of survey respondents would avoid a company that had suffered a data breach 29% of those surveyed would never visit that business again. Finally, the loss of sensitive data can be profoundly serious; personal data is any

information that can be used to identify an individual including directly or indirectly anything from name to email address, IP address and picture. The reality is that if a critical patient has their medical records deleted due to a data breach, it can seriously affect their medical treatment and their life. The consequences of these data breaches can be catastrophic and exceed any short- or long-term damages. (Hill & Swinhoe, 2021) Suggest solutions to organizations:  Limit access to your most valuable business data: As companies grow, it's always important to get rid of all segregated records so that only those who specifically need access have it. (Anon.,

 Third-party vendors must comply: One mistake employer make is thinking that one cyber security training class is enough. If you're serious about protecting business-critical data, schedule classes as often as quarterly or even monthly. Conduct security awareness training for employees. (Anon., 2022)  Regular software updates: strengthen your network and stop attacks before they happen.  Develop a breach response plan: start with assessing exactly what was lost and when. Find who is responsible by taking quick, decisive action, you can limit damage and restore public and employee trust. (Anon., 2022)  Hard-to-Decrypt Passwords: Most of the public has discovered the importance of making passwords difficult to decipher. The solution must use uppercase letters, numbers and special characters when creating passwords. (Anon., 2022)  Reassure your customers: Recent surveys of consumers across the US show that 56% have cut back on internet purchases due to fear of their personal information being stolen. If customers see that your company is doing its best to prevent online theft, they may feel better about buying from you. (Anon., 2022)

Task 2 - Describe at least 3 organizational security procedures

(P2)

Organizational security procedure: A secure process is the use of encryption technology, which promotes collaboration and enhances productivity, implemented for the purposes of protecting integrity, confidentiality or confidentiality and preventing, corrupting, using unauthorized access or access to any data or information transmitted via ICS. Formal statement of rules by which people given access to an organization's technology and information assets must abide:

storage media, network accounts that provide email, WWW browsing and FTP are the property of [COMPANY NAME] These systems will be used for business purposes only. interests of the company as well as our customers and clients in the course of normal operations. The purpose of this policy is to outline the acceptable use of computer equipment at [COMPANY NAME]. These rules are in place to protect employees and [NAME OF COMPANY]. Inappropriate use exposes [COMPANY NAME] to risks including virus attacks, intrusion into network services and systems, and legal problems. (Anon.,

Task 3 - Identify the potential impact to IT security of incorrect

configuration of firewall policies and IDS (P3)

Discuss briefly firewalls and policies, their usage, and advantages in a network: Firewall: Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. At one time, most firewalls were deployed at network perimeters. This provided some measure of protection for internal hosts, but it could not recognize all instances and forms of attack, and attacks sent from one internal host to another often do not pass-through network firewalls. Firewall policies specify how firewalls handle network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the organization's information security policy. Before creating a firewall policy, some form of risk analysis should be performed to develop a list of the types of traffic an organization needs and categorize how they should be secured — including what types of traffic. Risk analysis should be based on threat assessment; vulnerabilities; countermeasures to mitigate security vulnerabilities; and the impact if the system or data is compromised. The firewall policy must be documented in the system security plan and maintained and updated regularly as new classes of attacks or security vulnerabilities arise or as a result of the organization's network-related needs application changes. The policy should also include specific instructions on how to address changes to the rule set. (Scarfone & Hoffman, 2009) Firewall usage: Firewalls filter network traffic in a private network analysing what traffic should be allowed or restricted based on a set of rules. A firewall is like a gatekeeper at a computer entry point, it only allows trusted

sources or IP addresses to enter the network. Accept only incoming traffic configured to accept. And be able to differentiate between good and malicious traffic and allow or block specific data packets based on pre-established security rules. These rules are based on some aspects indicated by the packet data, like their source, destination, content, etc. They block traffic coming from suspicious sources to prevent cyberattacks. In this way, the firewall performs rapid assessments to detect malware and other suspicious activities. Firewall advantages in network:  It provides enhanced security and privacy from vulnerable services. It prevents unauthorized users from accessing a private network connected to the internet.  Firewalls provide faster response times and can handle more traffic loads, easily handling and updating security protocols from a single authorized device.  Control Internet usage. It protects your network from phishing attacks. Block attacks on your private network forced by other networks.  Identify channels and remove unauthorized users.  Security firewall monitors the network and computers and when suspicious activity occurs, it automatically generates an alert.

  • Monitor and document services using FTP (File Transfer Protocol), WWW (World Wide Web), and other protocols. (Deshpande, 2022) How does a firewall provide security to a network? It provides firewall installation and monitoring performance, the network "follows the rules" allowed access points, and computers are not prevented from accessing your system. Provide password updates at least quarterly: Program patches keep your firewall up to date against any newly discovered vulnerabilities so keep your firewall up to date as soon as possible. Users can safely update their firewalls instantly. Larger organizations may need to test configuration and compatibility on their networks before updating. Rely on advanced endpoint detection: built into many routers and provides full network leverage placed in a strategic filter that can protect the entire network. At the same time, it is transparent to the end user Firewalls provide virtual private network (VPN) creation: Basically, only available to people who have access to your system, including your wireless network and licensed devices in your network settings. A

Show with diagrams the example of how firewall works: Figure 2 : How firewalls works Define IDS, its usage, and show it with diagrams examples: Figure 3 : The usage of IDS

IDS:

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. USAGE: An IDS can be used to help analyse the quantity and types of attacks. Organizations can use this information to change their security systems or implement more effective controls. An intrusion detection system can also help companies identify bugs or problems with their network device configurations. HOW DOES IDS WORK:  The detection system is a monitoring application designed solely to identify and report anomalies before hackers can damage your infrastructure. IDS is installed on your network or client system (server-based IDS).  The detection system looks for attack tools that signal or deviate from established standards. This sample is any sample in the quality network that has been subsequently submitted in ratings for further study of the application protocols and layers of the OSI (Open Systems Interconnection) model. These deviations or anomalies are pushed onto the stack and checked at the application and protocol layer. The IDS: The IDS is placed out of band in real time (the path between the sender and receiver of information) in your network infrastructure to act as a detection system for network monitoring and star analysis of network content packets (found through port reflection responses) to ensure streaming traffic has not been malicious or tampered with in any way. IDS detects the performance of elements that have the potential to affect the overall network effect, such as malformed packet information, malicious DNS, Xmas scans. (Lutkevich, 2021) Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network: Both IDSs and Firewalls are essential packet filtering devices used to monitor the incoming and outgoing traffic or traffic on the network based on a set of appropriately defined rules. But it should never be seen as a universal solution for all network security needs, and this is the potential impact (Threat-Risk) of firewalls and IDS if they are misconfigured in the network. Firewalls prevent malware from entering your system, while antivirus software removes damaged files and software from your computer and network.

external networks to the DMZ, while connections from the DMZ are only allowed to the external network Servers within the DMZ may not connect to the internal network. This allows the DMZ's servers to provide services to the external network while also protecting the internal network in the event that intruders infiltrate the servers in the DMZ. For someone on the outside network who wants to illegally connect to the internal network, the DMZ is a dead end. for example, a computer, located outside of a firewall or other security measures on the network. (Anon., 2021) The DMZ contains accessible devices for storing internet traffic, such as Web servers (HTTP), FTP servers, SMTP (e-mail) servers, and DNS servers. The DMZ can be generated by the router. It provides protection for the web server and externally accessible servers without exposing the internal network. Because the DMZ reduces risk, provides harmonization, and provides maximum benefits with the lowest risk for most DMZ institutions. This network protection provided by the DMZ depends largely on the configuration of the firewall. DMZ usage and security function as advantage: DMZ is used for providing external controlled access to services used by external personnel to the control system network control system equipment to ensure secure application of system updates and upgrades. The DMZ configuration is widely used and is simply DMZ with a firewall. Building a DMZ involves placing a firewall between the organization's edge router and the internal network, creating a new network partition that is accessible only through the DMZ device. The web server is located in this new network partition, along with other server and network infrastructure components needed to be accessible from the outside. The router acts as a basic firewall. Below figure...., use a router with an access control list (ACL) to restrict certain types of network traffic going to and from the DMZ. The DMZ also offers security advantage:  Allow access control: It is possible to provide users with access to services outside of their network via the public internet. The DMZ allows access to these services while performing network segmentation to make it harder for unauthorized users to access the private network.  Prevent cyber espionage: By providing a buffer between the internet and a private network, the DMZ prevents attackers from doing the spying work they do in search of potential targets. The servers in the DMZ are publicly visible but are firewalled to provide another layer of security to prevent attackers from seeing inside the internal network.

 Block Internet Protocol (IP) spoofing: The DMZ can detect and prevent such spoofing attempts when another service verifies the legitimacy of an IP address. The DMZ also provides network segmentation to make space for organized traffic and public services that can be accessed from the internal private network. (Anon., 2022) Figure 5 : DMZ Define and discuss static IP. Figure 6 : Static IP A static IP address is an IP address that was manually configured for a device instead of one that was assigned by a DHCP server. It's called static because it doesn't change vs. a dynamic IP address, which does change. It is provided by ISP (Internet Service Provider). While it is provided by DHCP (Dynamic Host Configuration Protocol). Devices designed by static IP address can be tracked. Static IP addresses are less