Download IT Security Policy: A Comprehensive Guide for Organizations and more Assignments Network security in PDF only on Docsity!
Higher Nationals in Computing
Unit 05: Security
ASSIGNMENT 2
Assessor name: PHAN MINH TAM
Learner’s name: Chu Tiến Đạt
ID:GCS
Class: 0706A
Subject code: 1623
Assignment due: M a y 2 0 2 0 Assignment submitted: M a y 2 0 2 0
ASSIGNMENT 2 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 2/5/2020^ Date Received 1st submission 2/5/
Re-submission Date Date Received 2nd submission
Student Name Chu Tiến Đạt^ Student ID GCS
Class 0706A^ Assessor name Phan Minh Tâm
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P5 P6 P7 P8 M3 M4 M5 D2 D
ASSIGNMENT 2 BRIEF
Qualification BTEC Level 5 HND Diploma in Computing
Unit number Unit 5: Security
Assignment title Security Presentation
Academic Year 2018 – 2019
Unit Tutor
Issue date Submission date
IV name and date
Submission Format Part 1 The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs, subsections and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 2,000–2,500 words, although you will not be penalised for exceeding the total word limit. Part 2 The submission is in the form of a policy document (please see details in Part 1 above). Part 3 The submission is in the form of an individual written reflection. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 250– 500 words, although you will not be penalised for exceeding the total word limit.
Unit Learning Outcomes LO3 Review mechanisms to control organizational IT security. LO4 Manage organizational security. Assignment Brief and Guidance You work for a security consultancy as an IT Security Specialist. A manufacturing company “Wheelie good” in Ho Chi Min City making bicycle parts for export has called your company to propose a Security Policy for their organization, after reading stories in the media related to security breaches, etc. in organizations and their ramifications. Part 1 In preparation for this task you will prepare a report considering:
- The security risks faced by the company.
- How data protection regulations and ISO risk management standards apply to IT security.
- The potential impact that an IT security audit might have on the security of the organization.
- The responsibilities of employees and stakeholders in relation to security. Part 2 Following your report:
- You will now design and implement a security policy
- While considering the components to be included in disaster recovery plan for Wheelie good, justify why you have included these components in your plan. Part 3 In addition to your security policy, you will evaluate the proposed tools used within the policy and how they align with IT security. You will include sections on how to administer and implement these policies. Learning Outcomes and Assessment Criteria Pass Merit Distinction LO3 Review mechanisms to control organisational IT security D2 Consider how IT security can be aligned with organisational policy, detailing the security impact of any misalignment. P5 Discuss risk assessment procedures. P6 Explain data protection processes and regulations as applicable to an organisation. M3 Summarise the ISO 31000 risk management methodology and its application in IT security. M4 Discuss possible impacts to organisational security resulting from an IT security audit.
Table of Contents
- Unit 05: Security ASSIGNMENT Contents
- Part
- Part
- Part
- Part
- Part
- Part
- P5 Discuss risk assessment procedures.
- Steps in a vulnerability assessment
- Detailed actions to be taken for each step
- 2.2 Threat Evaluation.
- 2.3 Vulnerability Appraisal.
- 2.4 Risk Assessment.
- 2.5 Risk Mitigation
- 2.6 Vulnerability assessment actions and steps
- Privacy Policy
- list risk identification step
- 4.1 Reviewing Risk Identification
- 4.2 Asset Identification.
- 4.3 Threat Identification.
- 4.4 Vulnerability Appraisal
- 4.5 Risk Assessment
- P6 Explain data protection processes and regulations as applicable to an organization - 1.2Update your kernel and OS - 1.3 Monitor Logs - 1.4 Backups - 1.5 Limit Access to a Minimum - 1.6 Lock down PHP and use Mod Security with Apache - 1.7 Lock /tmp /var/tmp and /dev/shm partitions - 1.8 Intrusion Detection System (IDS) - 1.9 Review Processes Running and Remove Extra Software - 1.10 Keep an Eye on the Servers Performance
- 2 why host system security is important
- 2.1 Website security
- 2.2 Payment safety
- Some antimalware software
- 3.2 Kaspersky Antivirus
- 3.3 F-Secure Anti-Virus
- 3.4 Norton Antivirus Plus
- Network security
- 4.2 Types of Network Security
- 4.3 Why is network security important?
- P7 Design and implement a security policy for an organization.
- The Security Policy Cycle.
- Types of Security Policies:
- Designing the Security Policy
- P8 List the main components of an organisational disaster recovery plan, justifying the reasons for inclusion.
- Disaster Recovery Planning Process
- 1.1 Human-induced accidents
- 1.2 Unauthorized removal or copying of data or code from a system:
- 1.3 Damage to or destruction of physical system assets and environment:
- 1.4 Unauthorized use of a system:
- Develop a concise, continuous business plan:
- 2.2 Audits:
- 2.3 Testing procedures - operational impact:
- 2.4 Business continuance:
- REFERENCES
P a g e | 2
vulnerability scan, and know the best time and date to conduct the scan. It is necessary to understand
the context of the client industry and to decide whether the scan can be completed all at once or if a
segmentation is needed. An significant move is to re-define and get policy approval to conduct the
vulnerability scan.
For better outcomes, the vulnerability evaluation framework uses similar tools and plug-ins, such as:
Best scan (i.e., popular ports)
CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)
Quick scan
Most common ports best scan (i.e., 65,535 ports)
Firewall scan
Stealth scan
Aggressive scan
Full scan, exploits and distributed denial-of-service (DDoS) attacks
Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks
Payment Card Industry Data Security Standard (PCI DSS) preparation for web applications
Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance
Be sure to customize the credentials on the scanner software to conduct a better and deeper
vulnerability evaluation (if the credentials are shared with the team) if you need to conduct a manual
search for the critical assets to ensure the best performance.
Step 4: Vulnerability Assessment Report Creation
The fourth and most important step is the development of a study. Look out for the specifics and try
to add extra value to the recommendations process. Connect feedback focused on the initial
evaluation criteria to get real value from the final report.
Add risk reduction strategies focused on asset and result criticality as well. Add observations related to
any possible discrepancy between the results and the device baseline concept (deviations made in any
misconfiguration and discoveries), and suggestions to fix the deviations and minimize potential
vulnerabilities. Findings on the risk evaluation are usually very valuable and are organized to ensure
that the result is understood.
However, it is important to keep in mind the following details and to realize that high and medium
vulnerabilities should contain a detailed report that may include:
the name of vulnerability
The date of discovery
P a g e | 3
The score, based on Common Vulnerabilities and Exposures (CVE) databases
A detailed description of the vulnerability
Details about the affected systems Details about the procedure.
A blank field for the vulnerability owner, the time it took to fix, the next revision and countermeasures
between the final solution
The recommendations step would represent a full understanding of the security situation in all the
different aspects of the process. It will also offer a better outcome for something that is, in most cases,
a pure device of enforcement.
- Detailed actions to be taken for each step
2.1 Asset Identification
In a vulnerability assessment, the first step is to evaluate the assets which need protection.
After taking an inventory of the properties, it's necessary to evaluate the relative value of each item.
Some organisations assign a numerical value to each asset (such as 5 being highly valuable, and 1
being the least valuable).
2.2 Threat Evaluation.
_Determine the potential threats against the assets that come from threat agents.
P a g e | 5
2.5 Risk Mitigation
_To determine what to do about the risks.
_Risk can never be entirely eliminated.
_Some risks must simply be accepted by default (war is an example of such a risk that cannot be
protected against, and thus most assets cannot be insured against war).
2.6 Vulnerability assessment actions and steps
3. Privacy Policy
A vulnerability scan searches a system for any known security weaknesses and creates a report of
those potential exposures.
Several standard techniques can be used in mitigating and deterring attacks
P a g e | 6
4. list risk identification step
4.1 Reviewing Risk Identification
The first step in security policy cycle is to identify risks
Involves the four steps:
Inventory the assets.
Determine what threats exist against the assets and by which threat agents.
Investigate whether vulnerabilities exist that can be exploited.
Decide what to do about the risks.
4.2 Asset Identification.
An asset is any item with a positive economic value Many types of assets, classified as follows: Physical assets – Data Software – Hardware Personnel Along with the assets, attributes of the assets need to be compiled After an inventory of assets has been created and their attributes identified, the next step is to determine each item’s relative value.
4.3 Threat Identification.
A threat is not limited to those from attackers but also includes acts of God, such as fire or severe weather. Threat modeling constructs scenarios of the types of threats that assets can face. The goal of threat modeling is to better understand who the attackers are, why they attack, and what types of attacks may occur. A valuable tool used in threat modeling is the construction of an attack tree. An attack tree provides a visual image of the attacks that may occur against an asset.
P a g e | 8
1. Basic steps to secure a host system
1.1 Use a Firewall
_Make sure your server has a firewall running all the time. A firewall is much like a porch screen door.
It blocks insects, mice and other plagues so you can still go out and use your barbecue. If anyone
actually gets into your computer, which is very likely, the first thing they'll try to do is upload
something like an IRC computer to start a daemon or their own program, or use a port to launch
attacks on other systems. A firewall with security against egress and ingress will avoid both incoming
and outgoing attacks even if you are unaware. On Linux systems we suggest using APF or on Windows
Servers using Tiny Firewall. These are firewalls for apps and there's no extra monthly expense like a
firewall for hardware. A hardware firewall is recommended for very busy systems and doing the work
takes the pressure off your system CPU / RAM and the money.
_Know what and why ports are available, know how to block and unblock an IP. These are key things
you need to understand in your system's daily defense. If anyone starts a brute force attack from an
IP, you want to learn how to stop it, right away. Installing APF Firewall, stopping attacks by brute force,
installing KISS firewall.
1.2Update your kernel and OS
_Update your kernel and operating system Make sure your server uses the latest, modified software.
Using the stable version reviewed more than any beta, and upgrade as quickly as possible. An old
kernel will get your server to a simple target. If you aren't sure then ask for the latest update from
your provider.
1.3 Monitor Logs
_Are you aware of what logs record which activities? How frequently are these updated and rotated?
+Log Watch is a great resource for emailing you with the regular reports of your device operation of
something that appears odd, failed logins repeated by EG. In addition to using this you can manually
test your logs to see what's up. Tail f / var / log / messages, and also look at your Apache logs.
Explained Apache log-files.
P a g e | 9
1.4 Backups
_I do cannot understand why nobody backups their data because you spend hundreds of hours
working on your website or application so you simply have to have a second hard drive for backups or
using a remote backup program or a combination of those. Second hard drive Means Death or Life.
1.5 Limit Access to a Minimum
_Do not offer more access to the users than the absolute minimum they need. Never allow them shell
access, limit file access to a bare minimum and leave other services turned off by default unless
expressly requested and you decide it’s safe to do so.
1.6 Lock down PHP and use Mod Security with Apache
_PHP is actually a big security risk but to help lock it down, there are a few things to do. CGI has
Suexec, which helps run processes as the user and PHP has something similar called PHPSuexec but
there are some downtimes. You can also use the security of open base directories, have safe mode on
a large device, turn off register global, enable dl and allow URL open to help lock things up further.
_ With mod security, a web server filter that can monitor all requests to see if they fit a rule and
respond by logging, rejecting the request or other programs, you can use server wide defense. I highly
recommend this on servers based on Apache, which can be extremely useful in blocking attacks which
stopping hackers before they do any harm. Secure mode, Mod Security installation.
1.7 Lock /tmp /var/tmp and /dev/shm partitions
_ Every partition on Linux may have some restrictions on access. Since /tmp / var / tmp and /dev /
shm are directories that can be written worldwide, they are also home to executables for uploads,
sessions, and hackers. Because anyone from these directories can read-write-excute something it
becomes a major security issue. However, you can restrict what can be done at these locations with
/etc / fstab. If you see defaults next to the /tmp line delete it and replace it with noexec, this will
avoid
running any executables. Do the same for /dev / shm, and render /var / tmp and shortcut to /tmp.
Securing the partition with TMP.
1.8 Intrusion Detection System (IDS)
_ An intrusion detection program or IDS on your server is just like a burglar warning. It maintains a
record of can files have been updated and warns you of something new or altered. This is important
because hackers typically attempt to overwrite binary applications such as PS, top, netstat and others.
This means that when you run this new version of PS or top to see processes running they make it so
P a g e | 11
and accept payment through PayPal – a safe payment platform that protects your cash with full
protection. It also provides additional protection for customers when it comes to scamming (like
selling non-existent goods) and refunds.
So – bank information hacks and identity theft are real issues to deal with on ecommerce sites, and as
the owner of such a company, it's your responsibility to ensure that you keep your customers as
secure as possible. It is recommended that you stick to well-known, supported hosting sites, such as
Bluehost, Magento, and Squarespace, well-established and sponsored by major internet companies
such as WordPress.
3. Some antimalware software 3.1 Bitdefender Antivirus Plus
BitDefender Antivirus Plus, the app that uses protection and antivirus technology, allows you to
delete viruses and threats entirely, in particular to identify and avoid viruses. Identify yourself.
BitDefender Antivirus Plus also allows the device to restore and disinfect infected files. In
particular, the speed at which the system, directories and files are scanned is exceptionally fast
and does not slow the system impacting other active applications
Now you can rest assured you can browse the web easily, without thinking about the risks of
stalking your machine from the internet. Furthermore, BitDefender Antivirus Plus protects
sensitive data and prevents leakage of information, protects users from questionable websites and
you can even chat online via Y! M A Complete safety and absolute safety.
3.2 Kaspersky Antivirus
Kaspersky AntiVirus is designed to help you uninstall viruses, malware, device security in a thorough
and efficient way, with all the features and technologies applied. Kaspersky AntiVirus supports alert of
virus-containing websites, malicious code, this feature is very useful for those interested to explore
other websites on the internet without realizing whether they can access the website safely or not. In
addition, Kaspersky AntiVirus automatically identifies and prevents the development of authorun.inf
viruses when the machine has connections to external storage devices such as USB, memory cards, CD
/ DVD
Kaspersky AntiVirus' other important function is to secure addresses, texts ... By depending on your
web browsers, such as Firefox or Google Chrome, you can secure sensitive information. It's necessary
not to discover, stole passwords and email data in your Gmail
3.3 F-Secure Anti-Virus
F-Secure AntiVirus uses the latest technologies to counter malware, hackers, spywares, ... And several
other forms of malicious machine code, and various Internet and device sources. You visit a multitude
of websites that contain viruses and spyware that are difficult to identify when you access the
Internet, and they can enter your device at any moment. And it is really important to have a method
to avoid this situation.
P a g e | 12
F-Secure AntiVirus combines smart virus analysis, identification, identification and prevention
technology, advanced security technology that can delete viruses from e-mail, and block tracking
cookies.It will promptly alert you of unauthorized access to code and will automatically prevent it from
harming the device. They are also detecting and blocking new viruses and particles.
3.4 Norton Antivirus Plus
Norton Antivirus helps users to destroy many viruses which endanger their computers. The tool is designed with the ability to protect the absolute computer system, based on advanced algorithms.In addition, the app can help you search the whole network, download files and secure email, access to the website. If a virus or malicious code is in the file, Norton Antivirus may send a alert to the user Norton Antivirus has extremely high capability of detecting and suppressing viruses. Help users in shielding PCs from Internet attacks, spreading them over USB and other storage devices. The app has a user-friendly interface with the key functions on the program window designed to help users understand every feature quickly and use it without the need for an attachment.
4. Network security
4.1 what is Network security?
Network security is an integration of multiple layers of defenses in the network and at the network.
Policies and controls are implemented by each network security layer. Access to networks is gained
by authorized users, whereas, malicious actors are indeed blocked from executing threats and
exploits. Network security is an organization’s strategy that enables guaranteeing the security of its
assets including all network traffic. It includes both software and hardware technologies. Access to
the network is managed by effective network security, which targets a wide range of threats and
then arrests them from spreading or entering in the network.
4.2 Types of Network Security
Antivirus and Antimalware Software Application Security Behavioral Analytics Data Loss Prevention (DLP) Email Security Firewalls Mobile Device Security Network Segmentation Security Information and Event Management (SIEM) Virtual Private Network (VPN) Web Security Wireless Security