ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Nguyễn Thành Đạt Student ID GCH190457

Class Assessor name

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:
Contents
2. Types of security risks ........................................................................................................5
2.2. Types of attacks ..........................................................................................................6
2.3. For example ..........................................................................................................6
2.5. Information system security process step1: Encrypted data information ..........................7
2.6. Router security procedure step1:Turn on encryption .....................................................9
step2: Change the SSID name ..........................................................................................9
step3: Disable SSID broadcast ........................................................................................ 10
step4: Turn on MAC filter ............................................................................................... 10
step5: Change the Web Access password ......................................................................... 10
step6: Disable admin access through the web ................................................................... 10
3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.
10
4. Identify the potential impact to IT security of incorrect configuration of IDS ........................ 11
5. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security. ................................................................................................ 14
-Static IP: ...................................................................................................................... 15
-NAT:
.................................................................................................................................... 16

Figure 1 ......................................................................................................................... 12
Figure 2 ......................................................................................................................... 15
Figure 3 ......................................................................................................................... 16
1. Introduction
Security is the threat posed by malicious actors to organizations or individuals.Security is to
protect the assets, information, data and equipment of individuals and organizations through
measures to prevent security policies, detect vulnerabilities in those security policies, and
correct .This document will provide knowledge about security, and the dangers and security
breaches that will affect individuals and organizations.

2. Types of security risks

2.1. Threats
-Threats are hacked events targeting vulnerabilities that can lead to the loss of
system information or data. they can occur due to the intentional or unintentional
intentions of a person or a group of people.
-Types of security threat:
+Security threat; Data stealing, exploitation of data, virus attack.
+Physical threat ; Loss or physical damage to the system
+Internal; power supply, hardware fault.
+External; lighting, natural disaster such as flood, earthquake+Human; theft, vandalism .
 +Non-physical threat ; Loss of information, data corruption, cyber security breaches .

(https://www.geeksforgeeks.org/threats-to-information-security/)
2.2. Types of attacks
+Virus :Piece of software to steal and damage computer
+Virus : Piece of software to steal and damage computer
+Phishing : Mostly done through email like fraudulent system
+Worms : Self replicating from one system to another
+Spam : Spam emails are computer security threat
+Botnets : Bots used to target and attack systems
+DOS attacks : Bombarding server with traffic to overwhelm the system
2.3. For example
The hacker attack on airports in Vietnam 2016 is the attack of hackers (hacker) on the
afternoon of July 29, 2016 on some screens displaying flight information at the check-in
area of Tan Son Nhat International Airport, Noi Bai International Airport, Da Nang
International Airport, Phu Quoc Airport. The airport screens were filled with images and
text insulting Vietnam and the Philippines, distorting content about the South China Sea.
The airport radio also sent out similar messages. At the same time, the website of
Vietnam Airlines was hacked with 411,000 data of passengers on the plane that was
collected and distributed by hackers. This attack on the website and airport information
system is considered to be the biggest ever on Vietnam's aviation information system.
 - The attack caused economic damage to airlines and flight hunts due to flight delays
than it affected the reputation of airports smeared off Vietnam's sea and island
sovereignty and the philippines. Especially, data theft of Vietnam Airlines passengers
affects the personal information and accounts of customers.
(https://vi.wikipedia.org/wiki/V%E1%BB%A5_tin_t%E1%BA%B7c_t%E1%BA%A5n_c%C
3%B4ng_c%C3%A1c_s%C3%A2n_bay_t%E1%BA%A1i_Vi%E1%BB%87t_Nam_2016)
2.4. 2.4.
-A security procedure is a set sequence of necessary activities that performs a
specific security task or function. Procedures provide a starting point for implementing
the consistency needed to decrease variation in security processes, which increases
control of security within the organization.
2.5. Information system security
process step1: Encrypted data
information
This is the first step in the process of securing an information system. Nowadays, you
are used to reading newspapers, buying goods, and transacting through the Internet. All
online activities on the network have potential risks of data and information security.
One of the answers to this is encrypting important data, listening to encryption can seem
complicated and we don't really care about it yet. You can actually use encryption
software to do this. SecurityBox would like to suggest a software that is TrueCrypt. It
will effectively protect the data in the computer and external hard drive. If you do not
know the password, it is very difficult to penetrate successfully encrypted data.
-step2: use strong passwords
In step 2 of the information system security process, the data encryption in
step 1 will become meaningless if hackers know your password and easily
steal data. Use a strong password, use a long password consisting of letters,
numbers, and special characters. Here are some tools that will help you
create a strong password that even a major attack can hardly break. Tools to
help generate strong passwords include:
PC Tools Random Password Generator
Good Password
Strong Password Generator
GRC Ultra High Security Password Generator
However sometimes using a strong password will make it difficult to
remember. The proposed solution is to use LastPass. This tool will help you
manage your passwords in the safest and most effective way.
-step3: 2-step authentication
Even if you've set a strong password and your data is encrypted, you may
still lose your password when it's transmitted over an insecure wireless
network like a Wifi network in a café or a school network. To be able to
protect your data yourself, in the 3rd step of the information system security
process, use 2-step verification mode, also known as 2-layer authentication.
This means that in addition to your password, you need another information
to log in to the website or service.
-step4: Comprehensive network security
 On the other hand in classified information is how you connect to the outside.
Now, what protocol are you using? Do you often access to low security
systems? When sets the Wifi broadcast, you can totally increase your safety
by shutting out SSIDs, enable the Address Filtering and AP Isolation. Also, let's
make sure you activate the router firewall on the router and the computer to prevent the
applications from doing the non-desire.
-step5: Use antivirus software
The top security steps will all be futile if it is in the 5 step in the process of
preserving this information that has the virus or the poison software that has
entered illegal access to your system that helps the hacker control of your
remote or is either within the remote control of your system. Steal the data
from your computer. Using the anti-virus software is the answer to this
problem. You can use some software that destroys the virus like Avist! or
AVG 8230;
-step6: Using network security risk management solution
The management's threat of security helps the business find a weak spot in
the network. At the same time, there's also a solution to fix those
weaknesses. It's from which to keep the business network standing before
the attacks.
2.6. Router security
procedure step1:Turn
on encryption
Most wireless systems are default to disable encrypt feature. Make sure you
enable the WPA2 encryption or WPA2. Wireless Security option, to turn the
encryption codes and choose password below. Here are different wireless
encryption options:
64-bit and 128-bit: WEP. Wired Equival Protection and then hit. Do not use
this kind of encryption code by pirates who can break them in a few wires.
WPA (Wi-Fi) WPA-PSK or WPA-Personal. This is a new encryption code and
more secure than WEP. Most of the wireless adapters on your laptop support
WPA.
This is the latest encryption code that provides the best security feature.
Always use WPA2 if your router and adapter system is supported.
step2: Change the SSID name
SSID (Service Set Identifier) or also known as your wireless connection
name, you can see it in the list "Available Wireless Connections" from the
laptop when connecting. Changing this name is not a safeguard but will make
hackers aware that you have implemented wireless connection protections.
Wireless -> Basic wireless settings -> Change the "Wireless Network Name
 (SSID) as pictured
step3: Disable SSID broadcast
You can avoid displaying your wireless connection's name in the "Available
Wireless Connections" list of all nearby computers. This can be done by
controlling the router not displaying the name. When you disable SSID
broadcast, anyone who wants to connect to your wireless network will have
to give you the SSID name.
step4: Turn on MAC filter
Even if you have taken steps 1 through 3, the highly skilled hackers can still
access your network. The next security step is to allow wireless access only
on trusted computers, by only allowing connections to specified MAC
addresses.

The Mac (Media access control) address is a unique identifier on the network
adapter. In Linux, execute the Ifconfig command to get the wireless address
of your hardware. In Windows, execute the ipconfig / all command to
determine the MAC address
step5: Change the Web Access password
The default password to access the web interface of the router provided by
the manufacturer is easy to guess. So you need to change the default
password with a strong password
step6: Disable admin access through the web
As a final step, make sure you can disable administrator access via wireless
network. To change anything, you have to connect to the router with a single
cable. (https://routersecurity.org/)

3. Identify the potential impact to IT security of incorrect configuration of

firewall policies and IDS.
-Concept of firewall: A firewall is a network security device that monitors
incoming and outgoing network traffic and decides to allow or block specific
traffic based on a defined set of security rules.
Firewalls have been the first line of defense in cybersecurity in more than 25
years. They establish a barrier between secured and controlled internal networks,
and those outside that can be trusted and not trusted, such as the Internet.
A firewall can be hardware, software, or both.
1

11
(https://www.forcepoint.com/cyber-edu/firewall)
 -Firewall policy: A firewall is a device (a combination of hardware and
software) or an application (software) designed to control the flow of Internet
Protocol (IP) traffic to or from a network or electrical device. death. Firewalls are
used to monitor network traffic and enforce policies based on the instructions
contained in the Firewall Code. Firewalls represent one component of the
strategy to combat malicious activities and attacks on computer resources and
information accessible to the network. Other components include, but are not
limited to, anti-virus software, intrusion detection software, patch manager,
strong passwords / passwords, and spyware detection utilities.

Firewalls are generally classified as "Networks" or "Hosts": A network firewall is

usually a device attached to the network for the purpose of controlling access to
one or more servers or subnets; Server Firewall is usually an application that
addresses a single host (eg personal computers). Both types of firewalls
(Network and Server) can be and are often used together.
-Potential impact of incorrect configuration of firewall policies: Misconfiguring a
firewall that leads to unintended access can open the door to breaches, data loss,
and stolen IP or ransom. Unplanned downtime: Misconfiguration can prevent
customers from interacting with the business, and downtime leads to loss of
revenue.
4. Identify the potential impact to IT security of incorrect configuration of IDS
-Concept of IDS: An Intrusion Detection System (IDS) is a network traffic
monitoring system for suspicious activity and warning issues when that activity is
detected. This is a software application that scans the network or system for
harmful activity or policy violations. Any malicious joint venture or violation is
usually reported to the administrator or collected centrally using the Event
management and Security Information System (SIEM). The SIEM system
 integrates output from multiple sources and uses alert filtering techniques to
distinguish malicious activity from false alerts.

Figure 1

Although intrusion detection systems monitor networks for potentially dangerous

activity, they are also processed for false alarms. Therefore, organizations need
to refine their IDS products when they first install them. It means properly
setting up an intrusion detection system to recognize what normal traffic on the
network looks like compared to malicious activity.

The intrusion prevention system also monitors network packets sent to the
system to check for malicious activities associated with it and at the same time
sends warning messages.
-Potential impact of incorrect configuration of IDS: Ignore the results of the errors often
Normally, when the new IDs apply to new IDS, they'll turn the IDS system on any and all the
exploits can be. In other words, they turned the IDS on its highest levels. This seems to be the
right thing to do; eventually, you want to capture all the infiltration, don't you? Unfortunately, while
this configuration allows IDS to detect a large number of attacks that may occur, it also allows the
system to open a large number of positive positive positive positive positive positive positive
positive positive positive positive positive numbers.
The assumption is the forbidden thing for the IDS world. There are two major faults you'll meet
when you work with IDS: positive and false positive. It's a false assumption that IDS reported a
potential attack but there's really no attack going on. It's false that when IDS didn't report the
attack when an attack was going on. Audio reports indicate errors in IDS itself, while the positive
positive shows the IDS is working exactly as configured to operate.
The problem with the false positive is that the IDS manager began to receive hundreds or
thousands of warning every day, dominate them and make them ignore it when IDS reported a real
attack because it cried a lot of times in the past. A typical example of how this happened was when
you were able to configure your IDS to free the sweeps of the gates were the attacks. Scanning the
portal is happening all the time and most of them don't lead to reality entering. If you decide to
configure your IDS to report every scan of the gate, you may soon find that you're neglecting not
just your security alarms but any other IDS that IDS sent you. It's a human-but it can end.
You shouldn't ignore the false positive or become complacent about them. IDS is conducting his job
as reporting an event. You should investigate the events reported by IDS by analyzing the parcels
or the appropriate server journal and also correlate the data and HIDS. If your analysis determines
that the IDS actually displayed too many false positive, then you should dial the number to the
warning or turn it off completely.
IPSec to support NIDS
We have a tendency to consider encoding as top-secret security measures. For example, many
networks consider the VPN connections are a secure connection because the data inside the tunnels
are encrypted by an MPPE or an IPSec. The problem is that a lot of people confuse tunnels with
access checks. The VPN connection is making contact between two points at the end of the VPN
becomes personal, but once the data moves out of the VPN, it's not safe and not safe.
A very common problem with encrypting wire is that cyber security devices can't perform the status
quo application on the contents of the encrypted data stream. This is a huge problem in the firewall
of the firewall, where the firewall the volcanoes, For example, the ISA Server 2004, can perform
both state packages and application classes. The problem is the higher firewall can only execute the
status package test (not check the application layer) on the encrypted information because the
firewall has no access to the component of the application's contents; therefore, The attackers can
easily hide their exploits from the facility testing the application of firewall by using encrypted
tunnels.
Like with the firewall, so it's with NIDS. NIDS needs the ability to listen to all the traffic in the
transmissions through its interface and compare that access to its code against the code of
communication with illegal and illegal communication. When NIDS has to save the encryption
codes, The only analysis that it can be done is a packet analysis, because the application's contents
can't be accessed. assuming the exploits of these days are mostly targeted for network services
(menus), analyzing the last level of packet at least. To protect our very core business of business.
This incident created in the environment that the NIDS levels have been set up and are looking at
the IPSec using the IPSec quarantine. The Internet control based on the IPDS have provided a
powerful mechanism to control which hosts are allowed to communicate with which hosts. On the
network. However, one of the main features of both encrypted IPSec and no encrypted encryption
is only the source and the destination server can access the contents of the communications
information.
This is causing trouble for the Internet users to run NIDS online, because they believe the IPSec
rates have decreased their network security level because their NIDS devices can't measure the full
of information they have secured the IPDS information on the IPSec. Although they're exactly
covering the nature of the communication information from NIDS, they're not exactly about this to
reduce the online security situation when you use the IPSec. The IPSec claims to isolate the domain
name can only improve the general security of the company.
The solution is to use HIDS to mix NIDS. The HIDS sensors are placed on the IPSec terminal points
and can detect hidden assaults. The lower assailant is using the IPSec IPSec Control. So the last
result is HIDS data will be easier to interpret because the volume of the lower data. Besides, there
will be less false positive.
Just keep an eye on connections
There are two common ways to communicate with the firewall and control the access codes: control
all the flow flow flow in and through the firewall or control the flow to the transporter and allow all
access to the exterior "free card." Unfortunately, even in the world has a sense of security today, A
lot of non-licensed policy groups that are not authorized and do not implement external access to
users and Internet access applications only for resources they require to complete their mission.
The same problems still exist to the IDS systems. A number of IDS administrators are very
interested in supervising external connections, like DMZs before the fire walls or at the defense of
the firewall, but without notice the amount of access to the network generators, Or out on the
Internet or another piece of shit on the company network.
Make sure you put the NIDS sensors in the entire organization. The ideal situation is that NIDS is
connected with a prolonged portal on all transmissions. However, if that's a restricted charge, at
least you should put NIDS at the choke points on the company's network. This allows you to
monitor information outside and contact your network network server. This is an absolute request
for the lives of these days because of the depth and aggressive attacks.
Use the Sharing Network to collect NIDS data
Normally the NIDS administrators will develop NIDS sensors on the NIC devices or maximize the
network with one or several connections with cyber manufacturing images. The meaning of this
configuration is that NIDS sensor will send data through the same as the same as the same as the
same as the interface. The sensor is sensors.
This is the least optimal security configuration because the same interface is used to collect data
and report that data to a centralized reporting database. An attacker can take advantage of this
network configuration to do one of two things:

Turn off IDS and prevent it from sending warnings, or

Block data that is being delivered to the reporting database before it reaches the database. and
changing the nature of the data, this can be done with someone in the middle of an attack.
You can solve this problem by using multi-signal NIDS devices and connecting the no-listening
interface to a dedicated surveillance network. A dedicated surveillance network connects only NIDS
devices, reporting database servers, and monitoring workstations. In the event of a NIDS device
being hacked, an alert can come from the surveillance network interface so you can respond
promptly.

Trust IDS analysis for amateur analysts

This may seem like just a common problem, but it's a situation that we see too often. In this case,
a company has spent quite a bit of money on NIDS, HIDS or both and they expect existing staff to
be able to deploy, manage and interpret IDS alerts and respond to responses. appropriate for these
warnings. Often this belief is based on what IDS vendors have told them in promoting the "turnkey"
nature of their products.

Although the IDS device can do "heavy work" in terms of listening to network traffic, analyzing the
server log file, and matching findings with rules configured on the IDS device, Experienced
intrusion detection practitioners are required to provide meaning for many of the events reported
by IDS.

That's because once a potential threat is detected, a smart operator must be able to review the
warnings about their validity. Many times legitimate communications are understood by IDS as
attacks, and if IDS operators blindly accept these as real attacks, they can deny service to innocent
servers. on both internal and external networks.

An IDS analyst should be a TCP / IP network expert, analyze network logs and packet traces, and
also have very good information about network services and applications running on HIDS-enabled
devices. This level of knowledge is required to correctly interpret IDS alerts in order to validate
them and then perform the correct intrusion response.
(https://www.techrepublic.com/article/avoid-these-five-common-ids-implementation-errors/)
. (https://www.geeksforgeeks.org/intrusion-detection-system-ids/)
5. Show, using an example for each, how implementing a DMZ, static IP and
NAT in a network can improve Network Security.
-DMZ:
+The military wing (DMZ) is an exterior infrastructure of internal security (LAN)
of the organization from the unremarkable access level.
A general meaning of the DMZ is a life between public and network. It allows
external services to approach with non-credible network and add a supplemental
security to protect the sensitive data stored on internal networks, using the
firewall to filter the quantum.
The last objective of the DMZ is to allow an organization to access to
 unremarkable networks, for example, while making sure his own network or LAN
is still safe. The organization usually stored the transactions and resources
outside, As do server servers for domain names (DNS) Communications (FTP),
mail, proxy, protocol via the Internet (VoIP) and web servers, in the DMZ.
These servers and resources are quarantined and authorized to access LAN
network to make sure they can be accessed through the Internet but internal
LAN network. So, the way to get to DMZ makes the hacker difficult to access
directly into the organization's database and internal servers through the
Internet.

Figure 2

+The main benefit of a DMZ is to provide an internal network with an additional security layer
by restricting access to sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the organization's
private network. (https://fr.barracuda.com/glossary/dmz-network)
-Static IP:
 +A static IP simply is an address that does not change. When your device is
designated a static IP address, that usually stays intact until the device shuts or
your network architecture. Static IP address is specified by the Internet service
supplier (ISP).
+The IP is easier to hack: With an IP address, a hacker knows exactly where your server is
on the Internet. That makes them easier to attack it. Avast Internet can help you in this
issue. Higher costs: ISP usually charge more for a single IP address, especially with your
consumer ISP packets.
-NAT:

Figure 3

+Short for "Internet Translation". NAT routes the IP address of the local network
into a single IP address. This address is usually used by a computer connection
to the Internet. The router can be connected to the DSL modem, cable modem,
T1, or even modem dialogue. When other computers on the Internet try to
access computers in the local network, they only see the IP address of the
router. This provides an extra security level, because the router is configured as
a firewall, as a firewall the way around the lines. Only allows the system to
access the computer in the network.
When a network network system has been authorized to access a computer in
the network, the IP address will then be translated from the address to the only
address of the computer. The address was found in a NAT board identified the
internal IP address of the computer in the network. The NAT Board also specifies
the same address that the computer outside can see. Although each computer in
the local network has a specific IP address, all external systems can only see an
IP address connected with any computer in the network.
In order to simply simply simply, the network address makes computers outside
the local network ('LAN LAN) can only see an IP address, while the computers in
the network can see the only address of each system. Although this may support
the network security, it also limits the IP address that the corporations and the
organization need. Use NAT, even the biggest companies with thousands of
computers can use a single IP address to connect the Internet. Now that's gonna
work.
+NAT can provide security and privacy privileges. Because NAT transfers the
data packages from public address to private address, it also prevents anything
else from access to its own device. The navigational fixed data to make sure
everything gets in place, which makes the data impossible to get taken.
(https://fr.barracuda.com/glossary/dmz-network)
(https://quantrimang.com/network-address-translation-nat-hoat-dong-nhu-
the-nao-phan-1-118495)