




















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tool
Typology: Assignments
1 / 28
This page cannot be seen from the preview
Don't miss anything!





















Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 3/5/2020 Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Nguyễn Mạnh Tài^ Student ID GCS
Class 0706A Assessor name Phan Minh Tam
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false
declaration is a form of malpractice.
Student’s signature
P1 P2 P3 P4 P5 P6 P7 P
Grading grid
_ Cybersecurity problems are increasingly moving in a negative direction, creating numerous drawbacks
and challenges for businesses and organisations. IT protection is necessary to conduct as in most
organisations it can avoid problems such as attacks, vulnerabilities and risks that can impact sensitive
information. Here are some kinds of protection threats to organizations
What is information security?
_Definite: Information security (IS) is designed to protect the confidentiality, integrity and availability of
computer system data from those with malicious intentions. Confidentiality, integrity and availability
are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is
commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity,
authenticity, availability and utility.
_Explain: Information security handles risk management. Anything can act as a risk or a threat to the
CIA triad or Parkerian hexad. Sensitive information must be kept - it cannot be changed, altered or
transferred without permission. For example, a message could be modified during transmission by
someone intercepting it before it reaches the intended recipient. Good cryptography tools can help
mitigate this security threat. Digital signatures can improve information security by enhancing
authenticity processes and prompting individuals to prove their identity before they can gain access to
computer data.
Risks from malicious code
_ Malicious code is a type of software that is secretly created and inserted into the system for the
purpose of penetrating, sabotaging the system or stealing information, interrupting or damaging the
confidentiality, integrity and availability of victim computers. The malware has been identified as the
leading cyber security threat to businesses today.
_ Malicious code is classified into many categories according to its function, mode of infection and
infection: viruses, worms, trojans, rootkits ... and now it is strongly spread through the internet.
_ In general, people are often confused with another computer virus term. Computer viruses are only
just a tiny part of the idea of malware. Computer viruses are just a type of malicious code, but the
difference is computer viruses can spread themselves.
Security risks from human factors and Access control
_Individuals are also the weakest link in the safety chain of an organization, and people cause many
attacks.
_It can easily trick workers into visiting bogus websites and downloading malicious software. Malicious
software may also penetrate corporate networks as strangers connect their phones, laptops, and
storage devices to the company's network or computers.
_Organizations and organizations can also need to have network access, administration for many
outsiders such as freelancers, workers working remotely ... A lot of risks will happen if there is no
decentralization process, strict control of access, these would be the risks that can steal sensitive
business information or spread malicious code.
Encryption information
_ Encryption is a method of protecting
information, by converting information from
ordinary readable and understandable forms
into information that is incomprehensible to
ordinary ones. Doing this helps us to better
protect information and secure data
transmission. Even if the bad guys get the
packets, it's hard to understand its contents. Accountability
_Every user should be responsible for her
own accounts. This implies that any activity
under a particular user ID should be the
responsibility of the user whose ID it is.
_Don' click on link within email from
strangers
_Regularly scan new files, drive and connect
new devices to the computer for virus- Uses
strong password such as use multiple
characters.
Audit trails
_ There should be an audit trail recorded of all activities
under a user ID. For example, all login, logout activities
for 30 days should be recorded. In addition, all
unauthorized attempts to access, read, write, and delete
data and execute programs should be logged. Backups
_There should be a clearly defined backup policy. Any
backups should be kept in a secure area. A clear policy
regarding the frequency of backups and their recovery
should be communicated to appropriate personnel.
Disposal of media
_A specific policy on media disposal should be established. This involves a ban on damaging hardware
and storage devices, such as disk drives, diskettes, and CD-ROMs. The extent and method of
destruction of no longer-needed business-critical information should be well described and recorded.
Staff will be routinely informed on the standards to obey.
_Business information systems require well-defined policy guidelines for communication. These include
email messages, instant messaging…
Information ownership
_ All data and information available in the organization should have an assigned owner. The owner
should be responsible for deciding about access rights to the information for various personnel.
Equipment
-An organization should have specific guidelines about modems, portable storage, and other devices.
These devices should be kept in a secured physical environment.
-Regularly update, test, repair, and maintain equipment and software.
Work procedures and processes
_An organization’s staff should be qualified while not in use to protect their workstations. The policy
could enforce a logging-off procedure before you leave a workstation. This may also involve
quarantining any computer carried from outside the enterprise (such as a laptop) before plugging this
into the network.
What is a firewall?
_ Most people will understand that a firewall is a hardware or software term created as a powerful
protection for a device to defend against viruses, trojans, malware,...
_To be clearer about the firewall, we should understand whether it is a wall or a fence between the
internal network and another network, or a network protection device. The firewall uses an adaptive
control model to manage access to network resources. Only traffic can be accessed which match the
policies specified in the firewall. Inappropriate traffic is identified and avoided. The potential impact to IT security of incorrect configuration of firewall policies
_ Firewalls are an integral part of the protection of your network and a misconfigured firewall can harm
your organization and give an attacker easy access. With cyber-attacks on the rise, more important now
than ever before is proper firewall setup. Because most breaches arise from configuration errors, the
firewall is vital to keeping the information secure whether it's for a company or a home. Although
several network security professionals concentrate on finding and repairing
vulnerabilities, the true emphasis should be on configuring the firewall. A misconfigured firewall not only
leaves your data vulnerable to attack but in many other ways it can also harm your business.
Lack of Firewall Rules
_ The most common firewall configuration that leaves systems at risk is to miss setting the initial rules
for firewalling. They are also left in a 'all to all' state when firewalls are initially set up, meaning traffic
can come from any destination and go to anyone. Such transparent traffic requires little use of a
firewall. When setting up new firewalls, security teams frequently leave open access to the firewall, as
they assess device and user needs.
_Prevention: firewalls should only allow the minimum access needed by each user. It’s easy to expand
Manual Updates vs Automation
_ Since most breaches and attacks are caused by misconfiguration, automation may reduce
configuration errors, making your network more safe than manual updates would be. You can also
extend the automation into other areas of your network that can automate the network and provide a
better network experience for those concerned. Issues with Security Logging
_ Security logs document the Network's incoming and outgoing network traffic. This log can show you
any security problems and will also explain any changes that might have been made to your firewall
settings.
_Prevention: In addition to monitoring traffic and evaluating risk in your firewall, logs may also show you
which rules are most commonly used and which rules you might be able to delete. Removing rules will
help improve the efficiency of your firewall and network, which is key to efficiencies.
The relationship between the firewall and VNP
_Geography is extremely important when configuring and
handling VPN connections going through the firewall. It will
help you know which interfaces may appear on the firewall
and will need the filters assigned to them to allow traffic on
_What to understand about geography and firewalls is that
filters occur on the external interface of the firewall, the
interface that connects to the Internet.
_Placing the server in front of the firewall may lead to higher
security in some cases. Always remember that VNP allows
users outside the network to feel learning is sitting on a
computer inside the network. Being attacked by hackers can
have serious consequences. However, remember that VNP
and firewall can help limit the damage that hackers can bring.
This option also allows you to limit resources that
authenticated VPN users can access on the local network by
filtering their traffic at the firewall. However, a flaw with this
scenario is that the traffic between the firewall and the VPN
server is not encrypted.
Set the VPN server behind the Firewall
_ Some parts of the company put VPN
servers behind the wall network for the
purpose of learning to connect LAN or
DMZ servers of businesses like
demilitarized zones. The types of
geography will be analyzed in the most
profound way. VPN firewall rules will help
firewall access to filters when VPN allows
traffic.
Set the server in front of the firewall
_ There will be some instances of placing
the server in front of the firewall to help
bring the most secure traffic, if you use
VPN, you will be monitored from outside
the firewall. This VPN firewall rule will
limit the damage of hackers through the
VPN server.
Set the VPN server with the firewall
This largely depends on the usage and
capabilities of both functions in routing,
the VPN server will operate in the
evening and the firewall operates during
the day, especially in the business
space.
_ Before we need to consider what a DMZ, Static IP and NAT will boost for network security, we need to
have a better understanding of what a DMZ is, what features Static IP and NAT have.
_In computer networks, a DMZ ,also sometimes
known as a perimeter network or a screened
subnetwork, is a physical or logical subnet that
separates an internal local area network (LAN)
from other untrusted networks usually the public
internet. External-facing servers, resources and
services are located in the DMZ. Therefore, they
are accessible from the internet, but the rest of
the internal LAN remains unreachable. This
provides an additional layer of security to the
LAN as it restricts a hacker's ability to directly
access internal servers and data through the
internet.
_A neutral network area between intranet and
internet.
_The DMZ contains information that allows users
from the internet to access and accept attacks
Network performance
Redundant array of inexpensive disks (RAID)
_Hard disk fault tolerance is implemented
according to different RAID levels.
_RAID allows you to store the same data
redundantly (in multiple paces) in a balanced way
to improve overall performance. RAID disk drives
are used frequently on servers but aren't generally
necessary for personal computers.
_With RAID technology, data can be mirrored on
one or more disks in the same array, so that if one
disk fails, the data is preserved. Thanks to a
technique known as striping (a technique for
spreading data over multiple disk drives), RAID
also offers the option of reading or writing to more
than one disk at the same time in order to improve
performance.
Main/Standby
_Standby servers are a fault-tolerance measure in
which a second server is identically configured to
the first one.
_The second server can be stored remotely or
locally and set up in a failover configuration.
_In a failover configuration, the secondary server
connects to the primary and is ready to take over
the server functions at a moment's notice. If the
secondary server detects that the primary has
failed, it automatically cuts in.
_Network users will not notice the transition,
because little or no disruption in data availability
occurs.
_The primary (Main) server communicates with the
secondary server by issuing special notification
notices called heartbeats.
_Combining two or more physical Ethernet links into a single logical link.
_If two 1Gb/s ports were aggregated, you would get a total aggregated(group) bandwidth of 2Gb/s.
_If one physical part of the logical link fails, traffic will failover to the remaining active links.
_Consider that if you're transferring a file from one PC to another over a 2Gb aggregated link, you'll find
that the total maximum transfer rate will top out at 1Gb/s.
_Start two file transfers, however, and you'll see the benefits of aggregated bandwidth.
_In simple terms, link aggregation increases the number of lanes on a highway but it doesn't increase
the speed limit.
Server balancing
_Network servers are the workhorses of the
network. They are relied on to hold and distribute
data, maintain backups, secure network
communications, and more.
Vulnerability testing
_A software program that contains a database of
known vulnerabilities against your system to identify
weaknesses.
_It is highly recommended that you obtain such a
vulnerability scanner and run it on your network to
check for any known security holes.
_It is always preferable for you to find them on your
own network before someone outside the
organization does by running such a tool against you.
_The vulnerability scanner may be a port scanner
(such as NMAP: http://nmap.org/), a network
enumerator, a web application, or even a worm.
_In all cases it runs tests on its target against a
gamut of known vulnerabilities.
Describe the steps in evaluating a security vulnerability.
Initial Assessment
_ Identify the assets and identify the risk and
critical value for each system (based on client
input), like a vulnerability scanner for security
assessment. It is important to at least recognize
the value of the system you have on your network,
or at least the devices you will be checking for. It's
also important to understand whether any
employee of your organization (such as a public
computer or kiosk) or merely administrators and
registered users can access the system (or
devices).
System Baseline Definition
_ Gather device details before evaluation of vulnerability. At
least test whether the system has open ports, processes,
and services that are not to be accessed. In addition,
understand the approved drivers and software (which
should be installed on the computer) and the basic
configuration of each system.
_Try to grab a banner or learn what sort of "public"
information should be accessible based on the
configuration baseline. Is the system sending logs to a
database for the security details and event management?
Perform the Vulnerability Scan
_ To obtain the desired results using the
right policies on your scanner. Look for any
compliance criteria based on the structure
and industry of your organization before
beginning the vulnerability scan, and know
the best time and date to conduct the
scan. It is necessary to understand the
context of the client industry and to decide
whether the scan can be completed all at
once or if a segmentation is needed. An
significant move is to re-define and get
policy approval to conduct the vulnerability
scan.
Vulnerability Assessment Report Creation
_ The fourth and most significant step is
the development of a study. Look out for
the specifics and seek to add additional
value to the recommendations process.
Connect feedback focused on the initial
evaluation criteria to get real value from
the final report. Add risk reduction
strategies focused on asset and result
criticality as well. Add conclusions related
to any possible discrepancy between the
results and the reference description of the