Information Security: Threats, Protection, and Policies, Assignments of Computer Security

You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tool

Typology: Assignments

2020/2021

Uploaded on 02/18/2021

nguyen-manh-tai
nguyen-manh-tai 🇻🇳

4.8

(20)

7 documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Presentation
Full Name: Nguyễn Mạnh Tài
ID:GCS17579
Class:0706A
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download Information Security: Threats, Protection, and Policies and more Assignments Computer Security in PDF only on Docsity!

Presentation

Full Name: Nguyễn Mạnh Tài

ID:GCS

Class:0706A

Presentation FRONT

SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 3/5/2020 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Nguyễn Mạnh Tài^ Student ID GCS

Class 0706A Assessor name Phan Minh Tam

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false

declaration is a form of malpractice.

Student’s signature

P1 P2 P3 P4 P5 P6 P7 P

Grading grid

ntify types of security risks to organization.

_ Cybersecurity problems are increasingly moving in a negative direction, creating numerous drawbacks

and challenges for businesses and organisations. IT protection is necessary to conduct as in most

organisations it can avoid problems such as attacks, vulnerabilities and risks that can impact sensitive

information. Here are some kinds of protection threats to organizations

What is information security?

_Definite: Information security (IS) is designed to protect the confidentiality, integrity and availability of

computer system data from those with malicious intentions. Confidentiality, integrity and availability

are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is

commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity,

authenticity, availability and utility.

_Explain: Information security handles risk management. Anything can act as a risk or a threat to the

CIA triad or Parkerian hexad. Sensitive information must be kept - it cannot be changed, altered or

transferred without permission. For example, a message could be modified during transmission by

someone intercepting it before it reaches the intended recipient. Good cryptography tools can help

mitigate this security threat. Digital signatures can improve information security by enhancing

authenticity processes and prompting individuals to prove their identity before they can gain access to

computer data.

Risks from malicious code

_ Malicious code is a type of software that is secretly created and inserted into the system for the

purpose of penetrating, sabotaging the system or stealing information, interrupting or damaging the

confidentiality, integrity and availability of victim computers. The malware has been identified as the

leading cyber security threat to businesses today.

_ Malicious code is classified into many categories according to its function, mode of infection and

infection: viruses, worms, trojans, rootkits ... and now it is strongly spread through the internet.

_ In general, people are often confused with another computer virus term. Computer viruses are only

just a tiny part of the idea of malware. Computer viruses are just a type of malicious code, but the

difference is computer viruses can spread themselves.

Security risks from human factors and Access control

_Individuals are also the weakest link in the safety chain of an organization, and people cause many

attacks.

_It can easily trick workers into visiting bogus websites and downloading malicious software. Malicious

software may also penetrate corporate networks as strangers connect their phones, laptops, and

storage devices to the company's network or computers.

_Organizations and organizations can also need to have network access, administration for many

outsiders such as freelancers, workers working remotely ... A lot of risks will happen if there is no

decentralization process, strict control of access, these would be the risks that can steal sensitive

business information or spread malicious code.

scribe organizational security procedures.

Encryption information

_ Encryption is a method of protecting

information, by converting information from

ordinary readable and understandable forms

into information that is incomprehensible to

ordinary ones. Doing this helps us to better

protect information and secure data

transmission. Even if the bad guys get the

packets, it's hard to understand its contents. Accountability

_Every user should be responsible for her

own accounts. This implies that any activity

under a particular user ID should be the

responsibility of the user whose ID it is.

_Don' click on link within email from

strangers

_Regularly scan new files, drive and connect

new devices to the computer for virus- Uses

strong password such as use multiple

characters.

Audit trails

_ There should be an audit trail recorded of all activities

under a user ID. For example, all login, logout activities

for 30 days should be recorded. In addition, all

unauthorized attempts to access, read, write, and delete

data and execute programs should be logged. Backups

_There should be a clearly defined backup policy. Any

backups should be kept in a secure area. A clear policy

regarding the frequency of backups and their recovery

should be communicated to appropriate personnel.

Disposal of media

_A specific policy on media disposal should be established. This involves a ban on damaging hardware

and storage devices, such as disk drives, diskettes, and CD-ROMs. The extent and method of

destruction of no longer-needed business-critical information should be well described and recorded.

Staff will be routinely informed on the standards to obey.

_Business information systems require well-defined policy guidelines for communication. These include

email messages, instant messaging…

Information ownership

_ All data and information available in the organization should have an assigned owner. The owner

should be responsible for deciding about access rights to the information for various personnel.

Equipment

-An organization should have specific guidelines about modems, portable storage, and other devices.

These devices should be kept in a secured physical environment.

-Regularly update, test, repair, and maintain equipment and software.

Work procedures and processes

_An organization’s staff should be qualified while not in use to protect their workstations. The policy

could enforce a logging-off procedure before you leave a workstation. This may also involve

quarantining any computer carried from outside the enterprise (such as a laptop) before plugging this

into the network.

P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and third-party

What is a firewall?

_ Most people will understand that a firewall is a hardware or software term created as a powerful

protection for a device to defend against viruses, trojans, malware,...

_To be clearer about the firewall, we should understand whether it is a wall or a fence between the

internal network and another network, or a network protection device. The firewall uses an adaptive

control model to manage access to network resources. Only traffic can be accessed which match the

policies specified in the firewall. Inappropriate traffic is identified and avoided. The potential impact to IT security of incorrect configuration of firewall policies

_ Firewalls are an integral part of the protection of your network and a misconfigured firewall can harm

your organization and give an attacker easy access. With cyber-attacks on the rise, more important now

than ever before is proper firewall setup. Because most breaches arise from configuration errors, the

firewall is vital to keeping the information secure whether it's for a company or a home. Although

several network security professionals concentrate on finding and repairing

vulnerabilities, the true emphasis should be on configuring the firewall. A misconfigured firewall not only

leaves your data vulnerable to attack but in many other ways it can also harm your business.

Lack of Firewall Rules

_ The most common firewall configuration that leaves systems at risk is to miss setting the initial rules

for firewalling. They are also left in a 'all to all' state when firewalls are initially set up, meaning traffic

can come from any destination and go to anyone. Such transparent traffic requires little use of a

firewall. When setting up new firewalls, security teams frequently leave open access to the firewall, as

they assess device and user needs.

_Prevention: firewalls should only allow the minimum access needed by each user. It’s easy to expand

Manual Updates vs Automation

_ Since most breaches and attacks are caused by misconfiguration, automation may reduce

configuration errors, making your network more safe than manual updates would be. You can also

extend the automation into other areas of your network that can automate the network and provide a

better network experience for those concerned. Issues with Security Logging

_ Security logs document the Network's incoming and outgoing network traffic. This log can show you

any security problems and will also explain any changes that might have been made to your firewall

settings.

_Prevention: In addition to monitoring traffic and evaluating risk in your firewall, logs may also show you

which rules are most commonly used and which rules you might be able to delete. Removing rules will

help improve the efficiency of your firewall and network, which is key to efficiencies.

The relationship between the firewall and VNP

_Geography is extremely important when configuring and

handling VPN connections going through the firewall. It will

help you know which interfaces may appear on the firewall

and will need the filters assigned to them to allow traffic on

VNP.

_What to understand about geography and firewalls is that

filters occur on the external interface of the firewall, the

interface that connects to the Internet.

_Placing the server in front of the firewall may lead to higher

security in some cases. Always remember that VNP allows

users outside the network to feel learning is sitting on a

computer inside the network. Being attacked by hackers can

have serious consequences. However, remember that VNP

and firewall can help limit the damage that hackers can bring.

This option also allows you to limit resources that

authenticated VPN users can access on the local network by

filtering their traffic at the firewall. However, a flaw with this

scenario is that the traffic between the firewall and the VPN

server is not encrypted.

Set the VPN server behind the Firewall

_ Some parts of the company put VPN

servers behind the wall network for the

purpose of learning to connect LAN or

DMZ servers of businesses like

demilitarized zones. The types of

geography will be analyzed in the most

profound way. VPN firewall rules will help

firewall access to filters when VPN allows

traffic.

Set the server in front of the firewall

_ There will be some instances of placing

the server in front of the firewall to help

bring the most secure traffic, if you use

VPN, you will be monitored from outside

the firewall. This VPN firewall rule will

limit the damage of hackers through the

VPN server.

Set the VPN server with the firewall

This largely depends on the usage and

capabilities of both functions in routing,

the VPN server will operate in the

evening and the firewall operates during

the day, especially in the business

space.

P4 Show, using an example for each, how

implementing a DMZ, static IP and NAT in a network

can improve Network Security.

_ Before we need to consider what a DMZ, Static IP and NAT will boost for network security, we need to

have a better understanding of what a DMZ is, what features Static IP and NAT have.

DMZ

_In computer networks, a DMZ ,also sometimes

known as a perimeter network or a screened

subnetwork, is a physical or logical subnet that

separates an internal local area network (LAN)

from other untrusted networks usually the public

internet. External-facing servers, resources and

services are located in the DMZ. Therefore, they

are accessible from the internet, but the rest of

the internal LAN remains unreachable. This

provides an additional layer of security to the

LAN as it restricts a hacker's ability to directly

access internal servers and data through the

internet.

_A neutral network area between intranet and

internet.

_The DMZ contains information that allows users

from the internet to access and accept attacks

Network performance

Redundant array of inexpensive disks (RAID)

_Hard disk fault tolerance is implemented

according to different RAID levels.

_RAID allows you to store the same data

redundantly (in multiple paces) in a balanced way

to improve overall performance. RAID disk drives

are used frequently on servers but aren't generally

necessary for personal computers.

_With RAID technology, data can be mirrored on

one or more disks in the same array, so that if one

disk fails, the data is preserved. Thanks to a

technique known as striping (a technique for

spreading data over multiple disk drives), RAID

also offers the option of reading or writing to more

than one disk at the same time in order to improve

performance.

Main/Standby

_Standby servers are a fault-tolerance measure in

which a second server is identically configured to

the first one.

_The second server can be stored remotely or

locally and set up in a failover configuration.

_In a failover configuration, the secondary server

connects to the primary and is ready to take over

the server functions at a moment's notice. If the

secondary server detects that the primary has

failed, it automatically cuts in.

_Network users will not notice the transition,

because little or no disruption in data availability

occurs.

_The primary (Main) server communicates with the

secondary server by issuing special notification

notices called heartbeats.

DUAL LAN

_Combining two or more physical Ethernet links into a single logical link.

_If two 1Gb/s ports were aggregated, you would get a total aggregated(group) bandwidth of 2Gb/s.

_If one physical part of the logical link fails, traffic will failover to the remaining active links.

_Consider that if you're transferring a file from one PC to another over a 2Gb aggregated link, you'll find

that the total maximum transfer rate will top out at 1Gb/s.

_Start two file transfers, however, and you'll see the benefits of aggregated bandwidth.

_In simple terms, link aggregation increases the number of lanes on a highway but it doesn't increase

the speed limit.

Server balancing

_Network servers are the workhorses of the

network. They are relied on to hold and distribute

data, maintain backups, secure network

communications, and more.

Vulnerability testing

_A software program that contains a database of

known vulnerabilities against your system to identify

weaknesses.

_It is highly recommended that you obtain such a

vulnerability scanner and run it on your network to

check for any known security holes.

_It is always preferable for you to find them on your

own network before someone outside the

organization does by running such a tool against you.

_The vulnerability scanner may be a port scanner

(such as NMAP: http://nmap.org/), a network

enumerator, a web application, or even a worm.

_In all cases it runs tests on its target against a

gamut of known vulnerabilities.

iscuss risk assessment procedures.

Describe the steps in evaluating a security vulnerability.

Initial Assessment

_ Identify the assets and identify the risk and

critical value for each system (based on client

input), like a vulnerability scanner for security

assessment. It is important to at least recognize

the value of the system you have on your network,

or at least the devices you will be checking for. It's

also important to understand whether any

employee of your organization (such as a public

computer or kiosk) or merely administrators and

registered users can access the system (or

devices).

System Baseline Definition

_ Gather device details before evaluation of vulnerability. At

least test whether the system has open ports, processes,

and services that are not to be accessed. In addition,

understand the approved drivers and software (which

should be installed on the computer) and the basic

configuration of each system.

_Try to grab a banner or learn what sort of "public"

information should be accessible based on the

configuration baseline. Is the system sending logs to a

database for the security details and event management?

Perform the Vulnerability Scan

_ To obtain the desired results using the

right policies on your scanner. Look for any

compliance criteria based on the structure

and industry of your organization before

beginning the vulnerability scan, and know

the best time and date to conduct the

scan. It is necessary to understand the

context of the client industry and to decide

whether the scan can be completed all at

once or if a segmentation is needed. An

significant move is to re-define and get

policy approval to conduct the vulnerability

scan.

Vulnerability Assessment Report Creation

_ The fourth and most significant step is

the development of a study. Look out for

the specifics and seek to add additional

value to the recommendations process.

Connect feedback focused on the initial

evaluation criteria to get real value from

the final report. Add risk reduction

strategies focused on asset and result

criticality as well. Add conclusions related

to any possible discrepancy between the

results and the reference description of the