

























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS
Typology: Assignments
1 / 33
This page cannot be seen from the preview
Don't miss anything!


























Student Name/ID Number:
Unit Number and Title: Unit 5 : Security
Academic Year: 2021 – 2022
Unit Assessor: Van Ho
Assignment Title: Security Presentation
Issue Date: April 1 st, 2021
Submission Date:
Internal Verifier Name:
Date:
Submission Format:
Format:
● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system.
Submission
● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor. ● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/. ● Remember to convert the word file into PDF file before the submission on CMS.
Note:
● The individual Assignment must be your own work, and not copied by or from another student. ● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style. ● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this requirement will result in a failed assignment.
Unit Learning Outcomes:
LO1 Assess risks to IT security.
LO 2 Describe IT security solutions.
Assignment Brief and Guidance:
Assignment scenario
You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS.
FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment.
Tasks
In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation.
Your presentation should:
Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach. Propose a method that FIS can use to prioritize the management of different types of risk Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons. Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show through examples how different techniques can be implemented to improve network security. Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine how it can be part of a security system used by FIS.
Your detailed report should include a summary of your presentation as well as additional, evaluated or
critically reviewed technical notes on all of the expected topics.
2. Static IP: .................................................................................................................. 28 3. NAT: ..................................................................................................................... 29
M2 Discuss three benefits to implement network monitoring systems with supporting reasons: ................................................................................................................ Error! Bookmark not defined.
D1 Investigate how a ‘trusted network’ may be part of an IT security solution: ................ Error! Bookmark not defined.
3. Types of security risks: 3.1 Malware: + It’s been around since the internet’s inception and continues to remain a consistent problem. Malware is when an unwanted piece of programming or software install itself on a target system, causing unusual behavior. This ranges from denying access to programs, deleting files, stealing information, and spreading itself to other systems
3.2 Password Theft:
3.3 Traffic Interception:
3.4 Phishing Attacks:
3.7 Zero-Day Exploits:
3.8 SQL Injection:
3.9 Social Engineering:
3.10 MitN Attack:
3.11 Ransomeware:
3.14 Drive-By Attack:
3.15 Trojan Virus:
1. Security procedures: + Security procedures are detailed step-by-step instructions on how to implement, enable, or enforce security controls as enumerated from your organization's security policies. Security procedures should cover the multitude of hardware and software components supporting your business processes as well as any security related business processes themselves (e.g. onboarding of a new employee and assignment of access privileges. 2. Process to protect network security for businesses: 2.1 Protect computers and electronic devices of the business: Update software to the latest version: Older software often contains many security holes. These vulnerabilities are the loopholes for hackers to exploit and break into the network. To minimize the risk of attack from hackers, software developers researched and updated vulnerability patches to new version software. After updating the new version, enterprises can operate without worrying about hackers watching.
Data encryption is backed up on the cloud: Most businesses today back up data on a cloud computing platform. However, do not be so subjective. Enterprises should ask administrators to encrypt important files. This helps businesses not have to depend too much on the security of cloud computing and still use it with peace of mind.
Use SSL certificate & HTTPS protocol to protect website security: Customer information on the website can be easily stolen if the business does not use any security measures. The best way to protect is to use SSL certificates and HTTPS protocol on the website. This ensures customer information is encrypted as it travels from their servers to the business computers.
Improved security for user passwords: Passwords are very vulnerable to hacking. If the password is weak, hackers can find it and break into the system in just a few minutes.
2.3 Improve employee knowledge: The human factor is extremely important in enterprise security process. Therefore, it is very important to train employees on cyber security awareness. However, in order to avoid training situation that differs from reality, enterprises need to develop training programs suitable to the roles of each employee. For non-IT staff, the training scope should only revolve around basic knowledge. With IT staff, make sure they are proficient with advanced knowledge and tasks.
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. Firewalls can be software, hardware or cloud based, each of which has its own unique advantages and disadvantages.
Policy of Firewall:
A firewall policy dictates how firewalls should handle network traffic for specific IP addresses andaddress ranges, protocols, applications, and content types (Ex: active content) based on the organization’s information security policies. Firewall policy should be documented in the system security plan and frequently maintained and updated as new attack classes and vulnerabilities occur or as the organization changes network app needs.
These are some types of Firewall Policies:
Policies Based on IP Addresses and Protocols Policies Based on Application Policies Based on User Identity Policies Based on Network Activity Usage of Firewall:
Usage of Firewall:
There are 7 usage of firewall:
Prevents the Passage of Unwanted Content Prevents Unauthorized Remote Access Prevents Indecent Content Guarantees Security Based on Protocol and IP Address Protects Seamless Operations in Enterprises Protects Conversations and Coordination Contents Prevents Destructive Content from Online Videos and Games A firewall is a cybersecurity tool that protects systems when operating on the internet. With so much malicious content being floated across the web of the internet, it is very important to keep the systems secure. It doesn’t matter in which form firewalls exist, only that they protect the systems effectively.
Advantaged of Firewall:
A major responsibility of a firewall is to monitor the traffic passing through it. Whatever the information traveling through a network is in the form of packets. Firewall inspects each of these packets for any hazardous threats. If any chance the firewall happens to find them it will immediately block them.