ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Le Tan Trong Student ID GCD18787

Class Assessor name Đặng Quang Hiển

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
Table of Figures
Figure 1. Classes of Threats ........................................................................................................................... 2
Figure 2. Some types of Threats Agents ......................................................................................................... 4
Figure 3. Network with Firewall .................................................................................................................. 12
Figure 4. IDS Architecture............................................................................................................................ 13
Figure 5. DMZ Network Architecture ........................................................................................................... 16
Figure 6. Static IP & DYNAMIC IP ................................................................................................................. 17
Figure 7. OCTAVE PROCESS ......................................................................................................................... 22
Figure 8. Network Monitoring Process ......................................................................................................... 23
Figure 9. Layered Security-Enterprise Architecture....................................................................................... 25
Figure 10. TNC Architecture......................................................................................................................... 28
Table of Contents
I. Introduction.......................................................................................................................................................... 1
II. SECURITY THREAT TO ORGANIZATIONS. (P1) ..................................................................................................... 2
1. Define Threat ........................................................................................................................................ 2
2. The Threats Agents to Organizations ...................................................................................................... 3
3. A Recently Publicized Security Breach .................................................................................................... 4
4. Some of Solutions to Organizations........................................................................................................ 6
III. ORGANIZATIONAL SECURITY PROCEDURES. (P2) ........................................................................................... 7
1. What are Security Procedures? .............................................................................................................. 7
2. The Relationship between Security Policies and Security Procedures ...................................................... 7
3. Some of Organizational Security Procedures .......................................................................................... 7
IV. FIREWALL POLICIES AND IDS ARE MISCONFIGURED (P3) ............................................................................. 10
1. What is a Firewall and What this is doing? ........................................................................................... 10
2. What is an IDS and What this is doing?................................................................................................. 12
3. Potential Impact of Firewall Policy and IDS Incorrect Configuration ...................................................... 14
V. DMZ, STATIC IP AND NAT IN NETWORK SECURITY SYSTEM (P4) ..................................................................... 16
1. DMZ .................................................................................................................................................... 16
2. STATIC IP ............................................................................................................................................. 17
3. NAT..................................................................................................................................................... 17
VI. A METHOD TO ASSESS AND TREAT IT SECURITY RISKS. (M1) ....................................................................... 19
1. Overview ............................................................................................................................................ 19
2. Propose a method to assess and treat IT security risks. ......................................................................... 20
VII. NETWORK MONITORING SYSTEMS (M2) ...................................................................................................... 23
1. Network Monitoring System ................................................................................................................ 23
2. The Key Network Monitoring Features ................................................................................................. 23
3. The Network Monitoring System Benefits ............................................................................................ 24
VIII. A ‘TRUSTED NETWORK’ IN AN IT SECURITY SOLUTION. (D) ......................................................................... 25
1. Introduction ........................................................................................................................................ 25
2. The need for a Trusted Network .......................................................................................................... 26
3. Trusted Network Communications (TNC) ............................................................................................. 27
4. How does the TNC Architecture Work? ................................................................................................ 27
5. Summary ............................................................................................................................................ 28
IX. Evaluation ....................................................................................................................................................... 29
X. Conclusion .......................................................................................................................................................... 30
References .................................................................................................................................................................. 31
I. Introduction
In today's modern life, data is the most important thing for every individual or business, so it is
essential to protect network security from possible dangers in today's network security system. In this
report, I will provide a methodology for assessing and addressing IT security risks, highlight the
weaknesses and threats of the organization, and provide some solutions to handle them. I can also show
how much impact it would be if the Firewall and IDS systems were misconfigured. The benefits of
deploying DMZ, static IP, and NAT in improving network security.

pg. 1
II. SECURITY THREAT TO ORGANIZATIONS. (P1)
1. Define Threat
According to (Intechopen), A threat is a potential risk that utilizes a security breach weakness and
causes expected harm to the stored/offered data throughout computer systems or via data
transmission. A threat to computer systems arises when the confidentiality of information on systems
(preventing dissemination to unauthorized parties), credibility (not updated without authorization) and
availability (readily accessible upon request by approved parties) are impacted.
Physical threats affect hardware impairment or theft of sensitive data on the device or network
connection. By destroying the data or by leveraging the errors in the software, nonphysical threats
attack the data and the software mostly on computer systems.

Figure 1. Classes of Threats

Some of threats that organization will face:

• Email that carry threats: In businesses today, email has an almost central function, being a
key part of contact with clients, suppliers, services, etc. It also encourages employees to
exchange data inside the organization. Corporate email accounts are typically one of the key
outlets for the reception of malicious code, and instances of the dissemination of different
types of threats using this means of communication have already been investigated.
• External devices that can make files disappear: Misuse of direct access links (LNK) is the key
mechanism for this form of infection, where all files and directories vanish when the USB
interface is connected to an infected machine and are replaced by direct access links. When

pg. 2
 the same USB gadget is linked to a new network, it infects the computer when the user
double-clicks certain connections (and the folders open so the victim does not realize).
• Exploits: Another way that malicious software is distributed, primarily by office apps,
browsers, and websites, is to exploit software vulnerabilities.
• Ransomware: Ransomware is one of the most frustrating risks to big, medium and small
enterprises worldwide. An attack of this nature suggests that, based on what information is
stolen, the very continuation of the operation of the organization has been under danger.
• Unprotected mobile devices: With smart phone malware and other challenges, the mobile
threat landscape is constantly evolving as cybercriminals adapt their strategies to reach the
smartphones.

2. The Threats Agents to Organizations

A threat agent is a person or element that has the power to carry out a threat.
Following here are some types of threats agents which could harm to your organizations:
• Cybercriminals: Cybercriminals is often used to describe individuals who launch
attacks against other users and their computers (another generic word is simply
attackers). However, strictly speaking cybercriminals are a loose network of
attackers, identity thieves, and financial fraudsters who are highly motivated, less
risk-averse, well-funded, and tenacious.
• Script Kiddies: Script kiddies are people who do want to attack computers, they lack the
computer and network knowledge needed to do so. Through downloading automated attack
software (scripts) from internet sites and using that to implement harmful attacks.
• Broker: Broker are individuals who uncover vulnerabilities but do not report it to the software
vendor, instead sell them to the highest bidder. These attackers sell their knowledge of a
vulnerability to other attackers or even governments.
• Insiders: Insiders attacker are another serious threat agent to an organization actually comes
from an unlikely source: its employees, contractors, and business partners.
• Cyberterrorists: Cyberterrorists may be the attackers that are most feared, for it is almost
impossible to predict when or where an attack may occur. Unlike cybercriminals who

pg. 3
 continuously probe systems or create attacks, cyberterrorists can be inactive for several years
and then suddenly strike in a new way.
• Hacktivists: Hacktivists (a combination of the words hack and activism) are generally not as
well-defined. Attacks by hacktivists can involve breaking into a website and changing the
contents on the site as a means of making a political statement against those who oppose their
beliefs.
• State-Sponsored Attacker: These attackers target foreign governments or even citizens of the
government who are considered hostile or threatening.

Figure 2. Some types of Threats Agents

3. A Recently Publicized Security Breach

a) Equifax

Date: July 2017

Impact: 147 million customers
Detail: On Sept. 7, 2017, Equifax, one of the largest credit bureaus in the US, said that an
application flaw on one of its platforms resulted in a data breach that compromised about 147.9
million customers. On July 29, the violation was found, but the company claims that it actually

pg. 4
 began in mid-May. The hack compromised the personal records of 143 million customers
(including Social Security numbers, birth dates, addresses and in some cases, driver's license
numbers); 209,000 consumers were also exposed to their credit card details. In October 2017,
the figure was increased to 147.9 million.
b) Canva

Date: May 2019

Impact: 137 million user account
Detail: Canva's Australian graphic design tool website experienced an attack in May 2019 that
revealed 137 million users' email addresses, usernames, names, cities of residence, and salted
and hashed with passwords (about 61 million for users not using social logins). Canva reports the
hackers have managed to view incomplete credit card and payment details data, but not steal
them.
The company acknowledged the incident and alerted customers afterwards, urged them
to update codes, and reset OAuth tokens. A list of around 4 million Canva profiles containing
compromised user credentials, however was later decrypted and posted online, according to a
post by Canva, causing the firm to invalidate unchanged passwords and inform users of
unencrypted passwords throughout the list.
c) Zynga

Date: September 2019

Impact: 218 million user account
Detail: A Pakistani hacker who goes by the name Gnostic players claimed to have broken into the
Draw Anything and Words with Friends players database of Zynga in September 2019 and
obtained access to the 218 million accounts registered there. Zynga later reported that Facebook

pg. 5
 and Zynga accounts' email addresses, salted SHA-1 hashed passwords, phone numbers, and user
IDs were stolen.

4. Some of Solutions to Organizations

a) Secure Access

Any employee had access to all the files on their computer in the old days. Businesses are
learning the hard way these days, to restrict access to their most sensitive data. This access to the
network and data is essentially limited and controlled by Network Access Management solutions.
Another level of protection is applied to the network and to its data by deciding which users and
computers have allowed permissions.

b) Email security

For both organizations, email attacks raise security problems. Your strongest defense
against phishing, company e-mail compromise (BEC), malware, and ransomware is Cisco
Protected Email. It defends attachments from stealthy ransomware, and industry-leading
vulnerability analysis battles malicious connections.

c) Behavioral analytics.

In order to block attacks and proactively track suspicious incidents before they turn into a
hack, security analytics is the method of gathering, optimizing, and reviewing data from various
sources. Using various computational approaches, such as behavioral simulation, machine
learning, mathematical modeling, and more, our solutions will block risks instantly and recognize
easily those who could have invaded the company.

d) Develop an Information Security Policy.

The implementation and publishing of an Information Management Strategy is essential

to ensuring that the organization's information security receives the identity it deserves and is
the first crucial step in protecting the networks and data of the organization. It is critical that the
Information Security Policy is endorsed by senior management and all users are made aware of
their positions and obligations under this policy.

pg. 6
III. ORGANIZATIONAL SECURITY PROCEDURES. (P2)
1. What are Security Procedures?
Security procedures are comprehensive step-by-step instructions on how to implement, allow, or
enforce security controls as listed in the security policies of your organization. The multitude of hardware
and software components supporting your business processes and all security-related business
processes themselves should be covered by security procedures.

The purpose of security procedures is to ensure the rigorous maintenance of performing security
checks or performing security-related procedures. To ensure that they are followed each time controls
are implemented or security related business processes are followed.

2. The Relationship between Security Policies and Security Procedures

A vital component of the overall security policy of a company is security policies and procedures.
With defined security policies, individuals will understand the who, what, and why of the security
program of their organization, but the actual implementation or clear execution of security policies will
suffer without the corresponding security procedures.

Security policies outline security needs in a general or high-level fashion. Security procedures, on the
other hand, must provide sufficient detail that an individual who is not familiar (or mildly familiar) with
the process or technology can successfully reach the desired outcome for the procedure.

3. Some of Organizational Security Procedures

Building and managing a security program is an effort that most organizations grow all the time to
reduce the effects to the business of a security breach. This section will discuss some of the
organizational security procedures that need for organizations.

a) Acceptable Use Policy [AUP]

According to (Biomel, 2020), An Acceptable Use Policy (AUP) is a document that specifies
mandatory requirements from which the user must agree to access the Internet. Many
businesses and educational institutions require employees or students to sign an acceptable
usage policy before being issued a network ID.

pg. 7
 An Acceptable Use Policy is an essential document that in the case of a breach or
regulatory audit, will show due diligence with regard to the security of your IT network and
the safety of sensitive data. This protects the company from civil proceedings in a substantial
way.
There are six key elements of an AUP, we recommend every company policy include these
sections:
• Overview - a high-level overview of the intent of the document and essential
takeaways.
• Definitions - describe any terms that may be ambiguous and clarify words or
phrases that are specific to your business.
• Scope - What does and doesn't cover the regulation and what conditions it refers
to
• Compliance - effects of failure to comply with requirements and how to keep
workers responsible
• Revisions and monitoring - create a schedule for revisiting the document and make
sure to monitor any adjustments
b) Incident Respond [IR] Policy
According to (Exabeam), Incident response (IR) is a systematic approach to addressing
security incidents, violations, and cyber-attacks. A well-defined incident response plan (IRP)
helps you to detect, mitigate the harm and lowering the risk of a cyber-attack effectively
while identifying and repairing the cause for potential threats to be prevented.
Optimal management of incident response should include:
• A comprehensive plan: The team should be prepared to deal with threats in an
incident response plan, demonstrate how to isolate attacks and define their
seriousness, how to avoid the attack and eliminate the underlying cause.
• The right people in place: For the incident response team, hire the following roles:
incident response manager, safety analyst, IT engineer, threat researcher, legal
officer, corporate communications, human resources, risk management, C-level

pg. 8
 executives, and forensic specialists in external security. Let all workers know in the
event of an attack what their duties will be.
• Tools: Alongside existing protection policies, incident management tools work.
They collect response information through NetFlow, device logs, endpoint
notifications, and identity systems to determine network security-related
anomalies.
c) Business Continuity Plan [BCP]
According to (Kenton, 2020), Business continuity planning (BCP) is the mechanism
involved in developing a protection and recovery system for an organization from future
threats. In the case of a disaster, the plan ensures that workers and properties are safe and
are able to work rapidly. The BCP is normally formulated in advance and requires reviews
from key stakeholders and staff.
There are several steps many companies must follow to develop a solid BCP. They include:
• Business Impact Analysis: The organization will define time-sensitive tasks and
associated resources.
• Recovery: In order to restore essential business functions, the organization must
define and enforce initiatives.
• Organization: A continuity team needs to be formed. To handle the disturbance,
this team will formulate a strategy.
• Training: It is important to train and test the continuity team. Exercises that go
over the strategy and tactics should also be done by team members.

pg. 9
IV. FIREWALL POLICIES AND IDS ARE MISCONFIGURED (P3)
As an organization, the security of the network and data is the main concern so in this section the
description of the incorrect configuration of a Firewall and IDS will be explained and the impact on the
organization.

1. What is a Firewall and What this is doing?

a) Firewall Definition

According to Forcepoint (2020), A firewall is a network security device that monitors incoming and
outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is
to establish a barrier between your internal network and incoming traffic from external sources (such as
the internet) in order to block malicious traffic like viruses and hackers.
For an organization, if a firewall is installed and configured improperly, the effect is that the network
is exposed to every type of attack with the effects of loss: files, data, sensitive data, staff time, credibility.

b) Firewall Policies

A firewall policy governs how firewalls filter network traffic for specific objects include IP addresses
and address ranges, protocols, applications, and content types based on the organization’s information
security policies. Any kind of risk analysis should be done before a firewall policy is developed to create a
list of the types of traffic requested by the company and categorize how they need to be protected,
including under what conditions which types of traffic will cross a firewall. In the device protection
strategy, firewall protocols should be reported and preserved, and modified regularly when new types of
threats or bugs emerge or when the needs of the enterprise shift with respect to network applications.
Clear instructions on how to handle modifications to the collection of regulations should also be included
in the regulation.

pg. 10
 Figure 3. Firewall Policies Example

c) Advantages of Firewall in A Network

Firewalls can be used in a network environment to block any incoming and outcoming traffic that has
not been permitted by the firewall regulation. It eliminates the risk of either hurting networks or using the
systems as an entrance point for unauthorized penetration into other systems by outsiders. By contrast,
refusing is a safer solution than authorizing all traffic that is not expressly banned because of the complex
existence of hosts, networks, protocols, and applications.
d) How does Firewall Work?

Firewalls search packages which have already been marked as proven vulnerabilities for malicious code
or possible attacks. The firewall prohibits it from accessing the network or hitting your computer if a data
packet is flagged and determined to be a security risk.
There are many different ways in which safety firewalls can detect and manage network traffic. Those
strategies can include:

• Packet filtering: Packets are small quantities of information. If a firewall uses deep packet
inspection, it runs a group of filters against packets trying to reach the network. These filters
delete packets that lead to some threats listed and allow others to enter their desired target.
• Proxy service: These firewalls are extremely stable, but they arrive with their own
disadvantages. They function more slowly than other firewall types and are therefore
constrained in terms of the kinds of applications that they can serve. Proxy servers act as go-

pg. 11
 betweens instead of acting as a filtration device through which data travels. They block direct
communications between the client system and the incoming packets, shielding the network
location from possible malicious actors, by effectively creating a replica of the server behind
the firewall.
• Stateful inspection: Where the packet headers are inspected by static filtering, stateful
inspection firewalls analyze a number of elements of each data packet and compare them to a
trustworthy knowledge database. These components include IP addresses, ports, and programs
from the input and output. To be enabled through the firewall, incoming data packets are
expected to adequately fit the trustworthy information. Stateful testing is a more recent way
of filtering firewalls

Figure 4. Firewall Diagram

2. What is an IDS and What this is doing?

a) IDS definition

According to Barracuda (2020), An Intrusion Detection System (IDS) is a network security technology
originally developed against a target application or device to detect vulnerability exploits. By incorporating
the ability to block threats in addition to detecting them, Intrusion Prevention Systems (IPS) expanded IDS

pg. 12
solutions and became the dominant deployment option for IDS/IPS technologies. The configuration and
functions that characterize the IDS deployment will be explained in this article.
The primary benefit of an intrusion detection system is to ensure IT personnel is notified when an
attack or network intrusion might be taking place. However, the potential impact to IT security of
incorrect configuration of an IDS will cause the network intrusion detection system (NIDS) do not monitors
both inbound and outbound traffic on the network, as well as data traversing between systems within the
network. Without the trigger alerts when suspicious activity or known threats have detected that lead to
IT personnel cannot examine more closely and take the appropriate steps to block or stop an attack.

b) How does IDS work?

Intrusion detection systems use two methods: signature-based detection, which takes data activity
and compares it to a signature or pattern in the signature database. Signature-based detection has a
constraint whereby a new malicious activity that is not in the database is ignored. The other way of
detection is statistical anomaly-based or behavior-based detection, which detects any anomaly and gives
warnings, unlike signature-based, and thus detects new forms of attacks. When it knows what normal
activity in the environment is, it is referred to as an expert system.

Figure 5. IDS Architecture

c) Types of IDS
• Network-based Intrusion Detection System (NIDS): Network intrusion detection systems
operate at the network level and monitor traffic from all devices going in and out of the
network. NIDS performs analysis on the traffic looking for patterns and abnormal
behaviors upon which a warning is sent.

pg. 13
 • Host-based Intrusion Detection System (HIDS): The HIDS tracks device data and checks for
suspicious behavior on an individual host, unlike the NIDS that monitors the entire
network. Snapshots may be taken by HIDS, and if they alter maliciously over time, an
alarm is raised. The change control of operating system archives, logs, as well as
applications and many more was evaluated by A HIDS.
d) Advantages of IDS
• The network or computer is constantly monitored for any invasion or attack.
• The system can be modified and changed according to the needs of specific clients and
can help outside as well as inner threats to the system and network.
• It effectively prevents any damage to the network.
• It provides a user-friendly interface which allows easy security management systems.
• Any alterations to files and directories on the system can be easily detected and reported.

3. Potential Impact of Firewall Policy and IDS Incorrect Configuration

a) Incorrect in Firewall Policy Configuration & Potential Impacts
All network systems are based on finding and fixing vulnerabilities, especially by configuring network
security engineers to configure firewalls. But due to a misconfigured firewall, there are a lot of network
system targeted, not only makes your data vulnerable to attack, but it can also hurt your business in many
other ways. Here are some of the firewall design failures and possible impacts that are most common.
For example: Threats and vulnerability
DDoS Attack are used by the attackers with a highly effective and low-cost to execute. This attack
used to spread malicious software, infected emails and attachments with the scope to infect the
system or computer called botnet. Once the system or computer is infected the attackers can control
the botnet commanding it to flood a site with traffic.
Potential Impact: There are several risks from wrong firewall protocols. A firewall has not been
adequately designed to breach details by accessing security holes in the network, so hackers can enter the
network infrastructure and harm the enterprise. One effect of an inaccurate firewall is that DoS is quickly
targeted by the system, thereby damaging the network stability. A typical flaw in the design of the firewall
that thereby raises the traffic by allowing all devices to enter the network, resulting in the slowing down
of the server, otherwise there are a number of other possible impacts.

pg. 14
 b) Incorrect in IDS Configuration
As useful as an IDS/IPS can be in proactively and reactively protecting your network, the IDS will only
be as useful and effective as your implementation allows it to be. There is a tremendous amount of
confusion in the IDS space today regarding what an IDS should detect, how the IDS should detect, and
what an IDS actually is.
There are several common blunders, or implementation errors, that administrators make when setting
up their IDS/IPS. These can prevent you from getting the level of protection that you need and expect from
your IDS software or device.
• Avoiding IPSec to support NIDS:
The problem is that many people are confused tunnel encryption with access control. A
VPN link allows communications between the two VPN endpoints private, but once the
data passes beyond the VPN endpoints, it is no longer private and therefore not secure
• Ignoring frequent false positives
When companies implement a new IDS, the IDS device will be turned on to detect any and
all potential vulnerabilities. They transform the IDS, in other words, to the degree of its
greatest sensitivity. Although this design allows a higher number of potential attacks to be
detected by the IDS, it also leaves the device vulnerable to further false positives.
• Monitoring only inbound connections
In fact, many organizations do not subscribe to the concept of least privilege and do not
implement outbound access controls that allow Internet users and applications to access
only those tools that they need to perform their duties.
This is an absolute mistake in IDS configuration because your system may be attacked by
network worms and another automated attack

For example: Threats and vulnerability

DDoS Attack are used by the attackers with a highly effective and low-cost to execute. This attack
used to spread malicious software, infected emails and attachments with the scope to infect the
system or computer called botnet. Once the system or computer is infected the attackers can control
the botnet commanding it to flood a site with traffic.

pg. 15
V. DMZ, STATIC IP AND NAT IN NETWORK SECURITY SYSTEM (P4)
1. DMZ
Demilitarized Zone, also abbreviated as DMZ, is an area located between the Local Area Network and
the Internet. This is a place to host servers and provide services for hosts on the LAN as well as other hosts
coming from outside LAN. The last step that data packets pass before being transmitted out to the
Internet. This is also the first place where packets arrive before they are entered on the LAN.
• Use the DMZ to secure the local network
The DMZ will have different network lines or subnets from the local network, so hosts from
other LANs will not be able to access the LANs, but they can still use the services that the DMZ
provides.
In between the DMZ and the external network, we can put a firewall. It will control the
connections from the external network to the DMZ. As for the internal network and the DMZ,
we can add another firewall to control the traffic from the DMZ to the internal network.
Summary: DMZ is created to secure the LAN network with two roles that are to provide services to the
host of the LAN and other hosts from other LANs, as well as to protect the hosts on the LAN from being
damaged by Hackers attack from other LAN hosts.

Figure 6. DMZ Network Architecture

pg. 16
 2. STATIC IP
A static IP address is an IP address that is manually configured for the device, as opposed to an IP
address assigned through a DHCP server. It is called a "static" address because it doesn't change. This is
the complete opposite of dynamic IP addresses, which can be changed.
One of the main reasons for using a static IP address is to ensuring that unique devices can be located
on your network without any hassle. If you administer a media server, you can reduce the risk of link errors
by attaching a static IP address to the computer.
Summary: Static IP addresses are useful if you are hosting a website from home with a file server on
the Internet, using a printer connected to a WIFI network, forwarding ports to a specific device, running a
print server or using programs to control remote computers (such as TeamViewer). Since a static IP address
never changes, other devices always know the correct way to connect to a device that uses the IP address.

Figure 7. Static IP & DYNAMIC IP

3. NAT
Nat (Network Address Translation) is a technique that allows the conversion from one IP address to
another. Typically, NAT is commonly used in networks using local addresses, requiring access to the public
network (Internet). The place where NAT is performed is the edge router connecting two networks.

pg. 17
 Figure 7. NAT Technique

NAT can also be considered as a basic Firewall. NAT maintains a table of information about each packet
passed. When a computer on the network connects to a website on the Internet the source IP address
header is replaced by the pre-configured Public address on the NAT server, after the packet returns to NAT
based on the record table it has. save the packets, change the destination IP address to the PC address on
the network and forward it. Through this mechanism, the network administrator is able to filter packets
sent to or from an IP address and allow or prevent access to a specific port.
Some benefits of NAT include:
• Reuse of private IP addresses

• Enhancing security for private networks by keeping internal addressing private from the
external network

• Connecting a large number of hosts to the global Internet using a smaller number of
public (external) IP address, thereby conserving IP address space

pg. 18
VI. A METHOD TO ASSESS AND TREAT IT SECURITY RISKS. (M1)
1. Overview
a) What is Rick Assessment?
Risk assessments are used to define, quantify, and prioritize risks arising from the operation and
usage of information systems for corporate activities and properties.
Just three considerations are used in simple risk assessment: the value of the properties at risk,
how serious the threat is and how sensitive the device is to that threat.

There are different ways to gather the data you need to determine risk. You may for instance:

• Interview management, data owners and other employees

• Analyze your systems and infrastructure

• Review documentation

b) Steps to Assess IT Security Ricks

Step 1: Find all valuable assets.
Find any valued properties that may be affected by attacks within the company in a
fashion that results in a monetary loss. There are a couple of references here:
▪ Server
▪ Website
▪ Client contact information
▪ Partner documents
Step 2: Identify potential consequences.
Determine whose financial damages if a given commodity is harmed, the company would
suffer. Here are some of the ramifications that you may think about:
▪ Data loss
▪ System or Application downtime
▪ Legal consequences

pg. 19
 Step 3: Identify threats and their level.
Anything that might leverage a weakness to breach your protection and causing your
properties harm is a threat. Here are some threats that are common:
▪ Natural Disaster
▪ System failure
▪ Accidental human interference
Step 4: Identify vulnerabilities and assess the likelihood.
A vulnerability is a vulnerability that makes it possible to breach your protection with a
threat and inflict damage to an asset. Think what defends the devices against a specific threat
Step 5: Assess risk.
Assess the risk according to the above-mentioned logical formula and give it a high,
moderate or low value. Then design a solution, along with an estimation of the expense, for every
high and moderate risk.
Step 6: Create a risk management plan.
Build a risk assessment plan using the gathered details.
Step 7: Create a strategy.
To eliminate the most critical vulnerabilities and have management sign-off, build a plan
for IT infrastructure upgrades.
Step 8: Define mitigation processes.
You repair what happened, evaluate why it happened, and attempt to keep it from
happening again anytime a catastrophe occurs, or at least make the effects less negative.

2. Propose a method to assess and treat IT security risks.

To ensure the security and security of important data from malicious actors such as hackers, following
here is a method to assess and address the risks that can attack organizations or businesses:
➢ OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation)

According to (Cio, 2019), OCTAVE is a framework for identifying and managing information security
risks for both individual users and corporate organizations. OCTAVE describes a systematic method of
evaluation that helps an organization to recognize data properties that are vital to the mission of the

pg. 20
organization, risks to those assets, and vulnerabilities that may cause that property to be at stake. An
organization will start to understand what data is at risk by aggregating information properties, risks, and
vulnerabilities. An organization can design and execute a security approach for this information to
reduce the overall threat level for its data resources.

o How it works

OCTAVE is a risk management approach that is versatile and self-directed. To meet the
security needs of the company, a small number of people from the organizational (or business)
divisions and the IT department work together. In order to assess the current security situation,
identify threats to critical assets, and develop a security plan, the research team draws on the
expertise of several employees.
+ Direct and manage information security risk assessments for themselves
+ Make the best decisions based on their unique risks
+ Focus on protecting key information assets
+ Effectively communicate key security information

o The structure of OCTAVE

The organizational, technological, and analysis aspects of security risk evaluation are
composed of three phrased and the phases are:
Phase 1: Organizational View
This is an organizational assessment. What is essential to the company (information-
related assets) and what is currently being done to secure those assets is decided by the
research team. The team then identifies those assets (resource dependency) which are
most essential to the organization and defines safety criteria for each critical asset. Finally,
risks to each essential asset are established, establishing a threat profile for that asset.
Phase 2: Technological View
This is an information security assessment. The research team looks at network
access routes, defining groups of components of information technology linked to each
valued resource. The team, therefore, decides the degree to which security breaches are
immune to each class of the component.

pg. 21
 Phase 3: Develop Security Strategy and Plans
The research team identifies risks to the vital assets of the company during this
phase of the assessment and determines what to do about them. Based on an overview of
the information obtained, the team establishes a security policy for the company and
mitigation strategies to deal with the threats to the critical assets.

Figure 8. OCTAVE PROCESS

pg. 22
VII. NETWORK MONITORING SYSTEMS (M2)
1. Network Monitoring System
According to (Cisco), A network monitoring system (Network monitoring) is a system to monitor the
problems, performance, status of devices, and computers in the network system. The system includes
recording software and helps system administrators to record and track the information passed through
it. This software also has the ability to send notices, warnings to the system administrator when there is a
risk of a problem, or an ongoing problem.

Figure 9. Network Monitoring Process

Some of the Network Monitoring:

• SolarWinds Network Performance Monitor:
According to (Wilson, 2020), The SolarWinds Network Performance Monitor is a platform that
automatically identifies and deploys network equipment within an hour.
• ManageEngine OpManager:
According to (Wilson, 2020), ManageEngine OpManager is software for infrastructure
maintenance, network control, and APM (with APM plug-in) server performance management.

2. The Key Network Monitoring Features

According to (Murphy, 2017), for the purposes of enforcement and security maintenance, network
monitoring systems are designed to identify and disclose faults in devices and connections. This includes
many key roles, including:

pg. 23
 ➢ Monitoring Network Devices:
Network devices that are unreliable pose significant risks to networks. Networks can be
slowed to a grinding halt by anything from hardware problems and errors to high Processor
use. These vulnerabilities can be detected and rectified rapidly with a network management
system. Similarly, the monitoring software will add new devices automatically, map the
topology of the network, and identify insider threats.
➢ Network Alerts:
When the network monitoring detects any problems, warnings are immediately sent it to
the service's support staff for verification.
➢ Network Reporting:
Network monitoring tools will produce and report on observations on top of the actual
device monitoring.

3. The Network Monitoring System Benefits

According to (Murphy, 2017), The key advantages that network surveillance systems offer when we
deploy them. This versatile and scalable framework can work for any organization and can easily integrate
into existing workflows.
➢ Optimal Performance:
Network monitoring systems allow administrators to improve the efficiency of a network,
attack issues as they arise and prevent potential problems from emerging by detecting
slowdowns and problem areas and gathering performance data.
➢ Minimized Risk:
The ability to detect malicious activity is one of the major advantages of a network
monitoring system. Network monitoring systems, from unauthorized downloads to access
controls, can keep track of network threats, and report any suspicious activity to ensure that
violations can be detected and mitigated as soon as possible.
➢ Maintained Compliance:
Many of these regulations require some form of network monitoring as both a best practice
and security measure like HIPAA, ISO 27001, and PCI DSS system.

pg. 24
VIII. A ‘TRUSTED NETWORK’ IN AN IT SECURITY SOLUTION. (D)
1. Introduction
In the past and even now, many people still have an incomplete and inaccurate concept of network
security. Just buy a firewall product, change a few configurations for it, and make their network secure. If
their organization is more concerned with network security, an intrusion detection/prevention system (IDS
/ IPS) along with an antivirus system will be deployed.
According to (Conrad, 2011) of the book Eleventh Hour CISSP, Trusted networks provide security limit
access to network resources by controlling information passing to, from, and between the resources. For
example, information transfer may be controlled by user identification and authentication, access security
levels, and physical measures.
Network security can be defined as securing (including confidentiality, integrity, and availability) of
network communications and protecting the periphery of the network.
Note: To depict a trusted network, the figure below shows layers of defense to protect the periphery
of the network:

Figure 10. Layered Security-Enterprise Architecture

pg. 25
 2. The need for a Trusted Network
To explain why "trusted network" is such an important part of the concept of an information security
solution, this section will be discussing the features that form a Trusted network system.
The following are the services that a trusted network needs to comply with:
• Identification:
As the first step in the authentication process, an object will provide some data used to
identify it (such as user name, password, PIN, fingerprint) for the authentication service.
• Authentication:
It's the process of deciding if the person (or thing) it claims to be is really someone or
something. This is in other words, verifying a person's identity, a computer, a program.
• Authorization:
Authorization is the role of defining resource access rights/privileges that apply to general
information security and computer security and in particular, access control.
• Confidentiality:
Ensure the confidentiality of information, information is only allowed to access (read) by
authorized objects (people, computer programs). Confidentiality of information can be
achieved by physically restricting access, e.g. direct or logical access to the device storing the
information, e.g. remote access. school network.
• Integrity:
Integrity means that data cannot be edited without being detected. Integrity is
compromised when a message is modified in a transaction. Secure information systems always
provide integrity and confidentiality messages.
• Non-repudiation:
Undeniable means that one party cannot deny that they have performed transactions with
the other parties. For example, during an online purchase, when the customer has sent the
credit card number to the seller, the payment is successful, the seller cannot deny that they
have received the money, (unless the system does not guarantee the security of information in
transactions).

pg. 26
 3. Trusted Network Communications (TNC)
According to (Group), TCG (Trusted Network Group) has developed and published Trusted Network
Communications (TNC) standards since 2005, as an open architecture originally intended as a network
access control standard with a goal of multi-vendor endpoint policy enforcement. Additional real-world
applications of TNC include Industrial Control System (ICS) & SCADA security, as well as endpoint
compliance and continuous monitoring.
The TNC Architecture continues to evolve, from conventional use cases to emerging areas such as
network infrastructure, Internet of Things (IoT), mobility, and cloud applications, extending the current
end-to-end trust fabric. Security components across the endpoint, network, and servers are incorporated
by TNC standards into intelligent, sensitive, organized defense.
➢ Capabilities of TNC and enables efficient network security solutions that are more resistant to
outsider attacks and insider threats.
According to (Bussinesswire, 2017), The TNC architecture enables intelligent policy decisions, dynamic
security enforcement, and communication between security systems. These capabilities offer networks
and endpoints visibility for administrators to assess who and what is on the network and whether devices
are compliant and safe. TNC allows context-based access control for the instrumentation of network and
security systems - granting or blocking access based on authentication, application enforcement, and user
actions - and security automation.
The new TNC Architecture 2.0 separates endpoint compliance and access control, recognizing that
compliance is often is a goal of network security and part of access control decisions. This update further
clarifies the use and implementation of TNC, clearly articulates TNC's key features, explains TNC use
scenarios and demonstrates how the practical building blocks of TNC can be combined to provide solutions
in these scenarios of use. The technological aspects of the TNC architecture are explained by other
changes, increasing interoperability for implementers.

4. How does the TNC Architecture Work?

TNC facilitates the processing of endpoint information and the safe distribution to other areas of the
world of that information. The following high-level functions for organizations involved in trusted network
communication are recognized by the TNC Architecture:
• Endpoints: which is any entity – physical or virtual – that can be connected to a network

pg. 27
 • Enforcement: which consume access control decisions from a policy server and apply them to
endpoint requests
• Policy Server: which collect and evaluate endpoint posture information and/or make access
control decisions based on endpoint context (including role, state, location, behavior, and other
factors) and communicate those decisions to enforcement points
• Configuration Management Databases (CMDBs): which store collected endpoint
measurements
• CMDB Clients: which communicate endpoint information to and consume it from CMDBs
• Metadata Access Points (MAPS): which provide centralized coordination for producers and
consumers of network and security information
• MAP Clients: which publish, search for, and subscribe to updates on endpoint and environment
information via a MAP

Figure 11. TNC Architecture

5. Summary
By setting up a secure network according to the above requirements to ensure it can become a
"Trusted Network" will better ensure the network security of organizations. From there it can be
concluded that a "Trusted Network" will be part of IT solution for businesses or organizations to follow in
order to increase the security of information for the system. Not only that, complying with the Trusted
Network Communication regulations will control the quality that a security system needs.

pg. 28
IX. Evaluation
"Trusted network" is a novel technology of information system security. It has become a new tide in
the worldwide information security area and achieved inspiring accomplishment. In many countries in the
world include Vietnam, the initial research of trusted computing is not late, and the achievements are
plentiful and substantial. "Trusted Network" comprehensively illustrates the recent development in theory
and technology of trusted computing, introduces some improvements in trusted computing in humans'
live, and proposes our opinions and viewpoints towards the existing problems in trusted computing and
its future development.
The Covid-19 pandemic swept only a few short months but caused many small and large businesses to
bitterly "stop the game", at the same time it was an opportunity for many other businesses to become
strong. The common point of businesses that can manage through this pandemic is that they know how
to improve their weaknesses and promote their strengths in time. The right time - the right way. Now the
pandemic is over, but what if there are other potential challenges still waiting?
Research and analyze SWOT on your own to restore growth and improve businesses right below:
SWOT stands for 4 words: Strengths, Weaknesses, Opportunities and Threats - is a famous business
analysis model for businesses. SWOT analysis can be applied to the entire enterprise or organization or
individual projects that the business is implementing or will be implementing.
• Strengths: Characteristics of a business or project that gives a competitive advantage over
competitors.
• Weakness: The characteristics of the business or project that make the business or project
weaker than the competition.
• Opportunities: Environmental factors can be exploited to gain advantages.
• Challenge: Environmental factors can have a negative impact on the business or project.

pg. 29
X. Conclusion
Conclusion of this report after presenting the Octave approach, the effects of incorrect configuration
of Firewall and IDS, benefits of network monitoring systems, security improvements of the Organization
using DMZ, static IPP and NAT and the implementation of Security Procedures in an organization. After
completing this report, I understand the importance of securing passenger and business information, the
risks that businesses may face and some measures to counteract and defend.
Doing this assignment gave me a lot of knowledge about information security concepts from which I
gained more general knowledge about the IT industry, not only that, I also learned how to build a security
system of is based on the "Trusted Network" model.
Link PowerPoint:
https://drive.google.com/drive/folders/1DnomS0d1lAvnSYZr6bCSwOs2P-5yRoQg?usp=sharing

pg. 30
References
Barracuda. (2020). Retrieved from https://www.barracuda.com/glossary/intrusion-detection-system

Biomel. (2020). Retrieved from https://tinyurl.com/y7lbxdbp

Burgess, M. (2017). Retrieved from https://www.wired.co.uk/article/hacks-data-breaches-2017

Bussinesswire. (2017). Retrieved from https://tinyurl.com/y5dmz39z

Cio. (2019). Retrieved from https://tinyurl.com/y25kkxva

Cisco. (n.d.). Retrieved from https://www.cisco.com/c/en/us/solutions/automation/what-is-network-

monitoring.html

Conrad, E. (2011). Retrieved from https://www.sciencedirect.com/topics/computer-science/trusted-network

Exabeam. (2020). Retrieved from https://tinyurl.com/y9sge966

Forcepoint. (2020). Retrieved from https://www.forcepoint.com/cyber-edu/firewall

Group, T. C. (n.d.). Retrieved from https://tinyurl.com/yxwyju33

Intechopen. (n.d.). Retrieved from https://tinyurl.com/yba9nnok

Kenton, W. (2020). Retrieved from https://www.investopedia.com/terms/b/business-continuity-planning.asp

Murphy, R. (2017). Retrieved from https://tinyurl.com/y3t2objx

Wikipedia. (2020). Wikipedia . Retrieved from https://en.wikipedia.org/wiki/Threat_(computer)

Wilson, M. (2020). Retrieved from https://www.pcwdld.com/best-network-monitoring-tools-and-software

pg. 31