



































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
It contains the study notes on Network Security
Typology: Study notes
1 / 43
This page cannot be seen from the preview
Don't miss anything!




































This report includes an assessment of IT security risks in organizations which are very important to be assessed before implementing IT security measure in our Civil Bank. It includes various risks like unauthorized access of the system and data, naturally occurring hazards, host, application and network risks etc. This report also covers organizational security procedures like business continuance, backup/restoration, audits etc.
There are several threats to an organization's system nowadays. Before the Internet and the millions of devices connected together, there were just physical threats (coming into the organization's territory without permission, vandalism, robbing, etc.). However, security risks are no longer limited to physical threats. Attacks are also carried out over networks, which is a major issue. Similarly, businesses are still unsure of what to do next and what preventative measures to take. We should establish IT security so that we can protect our company's sensitive data from attacks, weaknesses, and hazards. So, in order to improve our bank's IT security, we must first examine various IT security concerns.
Today's crime is out of hand. An excellent example is when someone sets out to be malicious and begins stealing information from websites or causing computer or computer network harm. Unauthorized access happens when someone gains access to a site, service, program, service, or
other system by using another person's account or other means. For example, suppose a hacker guesses many usernames and passwords for any account until they are unable to gain access to an account that is not theirs. It could be presumed unauthorized access. Unauthorized access occurs when a user attempts to access a system that they are not authorized to access. Some administrators set up alarms to notify them when someone tries to get unauthorized access. They can investigate such attempts after receiving notifications. These alerts are quite helpful in keeping hackers from gaining access to our sensitive information and data. We can make our system really safe. When too many incorrect login credentials are entered, certain systems lock accounts. With several login attempts, our Civil Bank can also prohibit some dubious accounts.
Outsiders may be given access to sensitive data or organizational code by some workers. Those unauthorized individuals will exploit the data in a way that will cause problems for our own enterprises. This is referred to as data theft. Every corporation has highly sensitive data, such as information about business plans, the code for a new product, and so on. We must maintain this information safe and secure; it must not fall into the wrong hands. Otherwise, the wrong hands (for example, our competitors) may utilize the duplicated data to gain a competitive advantage, resulting in a direct loss to the business from which the data was taken. Similarly, if any organization’s data are removed then it is a huge loss to them. What if all our bank’s data like personal information of customers and employees, their savings, their loans, their salaries, their contact details gets lost. Our bank would not be able to function.
Some individuals may wish to cause harm to an organization's computer hardware. Hard disks and solid-state drives (SSDs) hold massive amounts of data. If these gadgets are broken, businesses such as our Civil Bank may suffer significant losses. We don't have access to our own information.
For our website, we should choose a secure web server. Our organizations may face security threats as a result of web hosting. They have a significant impact on the website of our organization. As a result, if we select a poor web host, our site may be exploited. Many firms now use shared hosts because of the low prices, however there are some drawbacks in terms of IT security. In shared hosting, multiple websites use a single infrastructure, which poses a security risk. If the file and directory permissions on our site aren't strong enough, it could be exploited by something from other websites on the same hosts. Because shared hosting is used, one site can be affected by the messes of others. If other sites on the shared server uses weak security measures or they do not update their plugins, other sites will be affected. They may get slow, downtime and even may be injected to codes or added attack files.
Websites are becoming one of an organization's most valuable assets. However, they can also be the most significant source of vital data exposure for a business. Applications and even networks might pose security risks on occasion. As a result, we must protect our websites from these threats. Because network security hazards are only recognized after they have attacked our sites, they can cause more problems. Different types of computer viruses, malfunctioning software, hackers, employee breaches, and so on are the main causes of these dangers. Computer viruses have been increasingly popular in recent years due to their ability to wreck network security around the world. Viruses have the ability to distort our data and even eliminate vital information, causing disruption in our businesses' day-to-day operations. Some viruses have the capability of erasing entire hard disks. As a result, we should instruct our employees not to read any emails or websites they are unfamiliar with. Similarly, when we get security updates while we are working, we just normally click remind me later but we do not come back later. We put our company at risk by not updating our computers’ software regularly. Old software is one of the reason that slows down the whole network to that
point where it is will be impossible to work. This may result in our site crash, and we may lose our customers. Computer network security threats aren't limited to our machines. Computer hackers can breach network security from any location on the planet. When hackers gain access to our files, they can steal them and eventually reveal our sensitive information to the rest of the world and our competitors. Hackers may be thousands of kilometers away, but if we want our data to be secure, we must consider them. Likewise, even our employees also pose threat to our network security. They may not intentionally put our company in vulnerable condition but it may be caused due to the lack of proper knowledge about proper security practices.
Our Civil bank should also impose security procedures or rules if we want our important data be secured. Some of the organizational policies we should follow are: Only those who are authorized to access the system should be allowed to access the system. The system should have access limitations such as viewing, modifying, destroying of information. The person who uses the system are held accountable for their actions they do within the system. There should be access limitation based on the certain criterion.
Even after and during a tragedy, all organizations should be able to function normally. This is referred to as business continuity. For example, our bank's system should continue to function even if natural disasters strike and cause damage to our infrastructure. Otherwise, we will not be able to continue our operations. Business continuity planning aids in the development of risk
requirements, and OS controls. Other policies are also mentioned in the policy, such as how access and use of the cooperative system should be monitored, how unattended workstations should be safeguarded, and what to do with an employee's access when he or she departs the business.
Any company should have a disaster recovery plan in place. Because disasters do not always strike without warning, there should be plans in place for what to do in the event of one. Companies are protected from catastrophic consequences via disaster recovery. There should be contingency plans in place in the event of a calamity. The cybersecurity and IT teams' input is typically included in an organization's recovery strategy. It assists in resuming operations as soon as feasible after a calamity. Disasters may not have to be natural; they could be anything that disrupts an organization's operations, such as device failures or foreign cyber-attacks. For catastrophe recovery, planning and testing are carried out. Furthermore, there may be some separate site for restoring operations.
Methods to assess security risks
In qualitative risk analysis individual project risk are prioritized for further risk analysis. In this risk analysis the risk is not mathematically Civil to identify the probability and likelihood. In this method the impact likelihood is evaluated by using some established method.
In this risk analysis the project outcomes in term of time and money required is predicted. The further risk in a project is consider in this risk analysis method. In this risk analysis the risk is mathematically Civil to identify the probability and likelihood.
In this post, we will discuss on different types of security threats to organizations, which are as follows:
A virus is a software program that can spread from one computer to another computer or one network to another network without the user’s knowledge and performs malicious attacks. It has capability to corrupt or damage organization’s sensitive data, destroy files, and format hard drives.
There are different ways that a virus can be spread or attack, such as: Clicking on an executable file Installing free software and apps Visiting an infected and unsecured website Clicking on advertisement Using of infected removable storage devices, such USB drives Opening spam email or clicking on URL link Downloading free games, toolbars, media players and other software.
The victim receives an email with an attachment file which is looking as an original official email. The attachment file can contain malicious code that is executed as soon as when the victim clicks on the attachment file. In that case, the victim does not suspect or understand that the attachment is actually a Trojan horse.
It can spread without any human assistance and exploit the security holes of the software and trying to access in order to stealing sensitive information, corrupting files and installing a back door for remote access to the system.
It occurs when an attacker prevents legitimate users from accessing specific computer systems, devices or other resources. The attacker sends too much traffic to the target server. Overloading it with traffic and the server is overwhelmed, which causes to down websites, email servers and other services which connect to the Internet.
In a phishing email attack, an attacker sends phishing emails to victim’s email that looks like it came from your bank and they are asked to provide your personal information. The message contains a link, which redirects you to another vulnerable website to steal your information. So, it is better to avoid or don’t click or don’t open such type of email and don’t provide your sensitive information.
It is an application security weakness and when an application fails to properly sanitize the SQL statements then attacker can include their own malicious SQL commands to access the organization database. Attacker includes the malicious code in SQL statements, via web page input.
It can be infected in a computer either by sharing infected disks or drives. It is typically installed through a stolen password or installed through by exploiting system vulnerabilities, social engineering tactics, and phishing techniques without the victim’s knowledge.
There are different ways that a malware can infect a device such as it can be delivered in the form of a link or file over email and it requires the user to click on that link or open the file to execute the malware. This type of attack includes computer viruses, worms, Trojan horses and spyware.
addition to malicious attacks, careless employees are other types of cyber security threats to organizations. Example of a recently publicized security breach and discuss its consequences. Sina Weibo Date: March 2020 Impact: 538 million accounts Details: With over 500 million users, Sina Weibo is China’s answer to Twitter. However, in March 2020 it was reported that the real names, site usernames, gender, location, and -- for 172 million users -- phone numbers had been posted for sale on dark web markets. Passwords were not included, which may indicate why the data was available for just ¥1,799 ($250). Weibo acknowledged the data for sale was from the company, but claimed the data was obtained by matching contacts against its address book API. It also said that since doesn't store passwords in plaintext, users should have nothing to worry about. This, however, doesn’t tally as some of the information being offered such as location data, isn’t available via the API. The social media giant said it had notified authorities about the incident and China’s Cyber Security Administration of the Ministry of Industry and Information Technology said it is investigating.
Some preventive measures are given below: There is not a single industry anywhere in the world who are immune from the threat of some form of cyber-attack. Any attacks on your organization’s IT Network will be unpredictable in terms of the exact method of attack, but you can at least be poised to deflect and protect your company from such cyberattacks with these 8 easy to follow steps.
Create a security strategy and ensure that your company's directors and management are aware of the necessity of IT network security. Knowing the threats and recognizing what has to be secured, specifically what are your valuables/assets, are the most important aspects of security.
A proper security strategy can only be established and implemented once a thorough risk assessment has been completed. The necessity of cyber-security should be understood and supported by senior management, resulting in a top-down strategy to implementation.
Once management understands the seriousness of security challenges, they can begin to develop and implement policies on how to use, manage, and distribute firm resources to address cyber security. The following step is to create and enforce policies and procedures for workers to follow, which will have an impact on: The distribution of corporate IT resources – permissible and forbidden expenditures Change management procedures and rules must be adopted across all IT systems. Review your risk and security posture on a frequent basis.
Make a network design that prioritizes cyber-security. Isolate/segregate important business systems and apply network security measures to them by segmenting your network into logical system-based zones and firewalling/inspecting traffic between those zones. Protect not only your Internet edge, but also internal traffic (east-west) and the most common attack vectors (email, web) Use robust authentication based on individual credentials or personal certificates, strong encryption (AES), and suitable guest/BYOD access when it comes to wireless connectivity. Home and remote users should have the same security measures as users on corporate networks, so plan beforehand. Have a central point for system monitoring (SIEM) that is integrated within your environment and provides a single point that holds all relative logs/events for your systems. Monitor your network/user activity with qualified staff. Fine tune your IPS systems to use relative to your network environment security rules/signatures and to produce relevant alarms. Act on the alarms promptly. Secure both user/management and physical access to your network assets. Apply only secure configuration using the vendor/standard recommended best practices. Have a lifecycle policy in place – aka review/renew security controls/equipment at regular intervals. Finally, ensure you have an up to date network diagram with HLD/LLD documents.
Access risks for remote corporate users and create a policy on how to mitigate their usage. Use strong/two-factor authentication. Educate remote users on the importance of security and how to work with all security control mechanisms without sacrificing productivity. Create and regularly update manuals on how to use and configure different security controls (aka VPN Clients etc.) Have a support and escalation procedure in place – this is done so users can work with all security controls in place and do not try to circumvent them. Protect data in transit and rest. Use a common security build for all remote workers – more secure, easier to operate and troubleshoot.
We cannot stress enough on the importance of constant monitoring. No environment is bullet proof and buying best of breed products does not guarantee top level of security. There is a lot of factors in play in every complex environment that has many cogs and bolts. The only predictable aspect about security is the unpredictability of the threats they pose (for example the human factor or administrator laziness). A link as strong as its weakest chain. A company should concentrate on having all protection/prevention mechanisms in place but should never forget to have visibility and monitoring tools in place. Detect attacks and abnormal behavior – both from outside and inside attacks. React to attacks – in a timely response to stop the spread of damage, can ensure that the attack is blocked in the future and could assist with a forensic investigation. Account for activity – you should have a complete understanding of how systems run, and how data and information is being used by users. Only then will you be able to detect deviations from the norm and act on them.
The only way to really know your security level is protecting your organization, is to regularly test it! Security tests should cover all parts of your environment and should be performed on procedures/processes, network equipment, endpoint systems and personnel. Formal security audits that look at procedures and if they are being followed/enforced Automated vulnerability assessments – usually performed every 2-3 months and done internally Penetration tests – external annual security tests that usually give the most accurate information for the company’s security posture and effectiveness of all security measures deployed Social engineering tests on personnel – attempts to get employees to discard sensitive information to none-authorized people either via phone or in person or to get physical access to company restricted areas.
We can backup the Bank’s data to recover it.
The popular data backup method in the early days of personal computers (PC) was to download data from a computer's hard drive onto a collection of tiny floppy disks, which were then stored in physical containers. Since then, solid-state technologies, wireless systems, and other advancements have allowed IT managers to back up data remotely or download large volumes of data onto small portable devices. Cloud services and associated alternatives make distant data storage simple, ensuring data security even if a whole facility or location is hacked, while RAID, or mirror, technologies offer automated backup solutions. In addition to remote data backup, there are new methods, such as failback and failover systems that automatically switch the destination of data when a primary destination is negatively affected in any way. All of these new options help make data security stronger as many business and government operations become increasingly reliant on various types of stored data.