Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 10/23/2019 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Do Minh Ngoc Student ID BHAF180239

Class BHAF-1810-2.1 Assessor name Le Van Thuan

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a
false declaration is a form of malpractice.

Student’s signature Ngoc

Grading grid

P1 P2 P3 P4 M1 M2 D1

1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:

2
Contents
I. Introduction. ......................................................................................................................................... 4
II. Identify types of security risk to organizations. .................................................................................... 5
1. Internet and network attacks. .......................................................................................................... 5
1.1. Malware: ................................................................................................................................... 5
1.2. Botnets. ..................................................................................................................................... 9
1.3. Backdoors.................................................................................................................................. 9
1.4. Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS). ............................ 10
1.5. Spoofing. ................................................................................................................................. 11
2. Unauthorized access and use. ........................................................................................................ 11
3. Hardware theft................................................................................................................................ 15
4. Software theft. ................................................................................................................................ 15
5. Information theft. ........................................................................................................................... 16
6. System failure. ................................................................................................................................ 16
III. Describe organizational security procedures.................................................................................. 17
IV. Propose a method to assess and treat Information Technology (IT) risks. .................................... 19
V. Identify the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs................................................................................................................................................... 21
1. Definition: ....................................................................................................................................... 21
2. The purpose of firewall and VPN: ................................................................................................... 21
3. The impact of incorrect configuration of firewall policies and third-party VPNs to IT security. .... 21
VI. Show, using an example for each, how implementing a demilitarized zone (DMZ), static IP and
Network Address Translation (NAT) in a network can improve Network Security. ................................... 22
1. DMZ: ................................................................................................................................................ 22
2. Static IP: .......................................................................................................................................... 25
3. NAT:................................................................................................................................................. 25
VII. Discuss three benefits to implement network monitoring systems with supporting reasons. ...... 27
1. Definition. ....................................................................................................................................... 27
2. The benefits. ................................................................................................................................... 27
VIII. Investigate how a ‘trusted network’ may be part of an IT security solution. ................................. 28
IX. Conclusion. ...................................................................................................................................... 30
X. References. ......................................................................................................................................... 31

3
I. Introduction.
Nowadays, with the rapid development speed of information technology, most of the
information of organizations and individuals is stored on computer and server systems. The
increasingly demanding practice of operating environment needs to share its information
with others online. However, new problems arise that are important information that is
located on servers or on the transmission line that can be stolen, modified or counterfeited.
The ways of network attacks are increasingly sophisticated and complex. That can seriously
affect the activities of agencies, organizations and individuals.
In this assignment, a variety types of security risks to organization are identified. Moreover,
the descriptions of organizational security procedure are also shown. In addition, this
assignment also identifies the potential impact to IT security of incorrect configuration of
firewall policies and third-party VPNs. Finally, this assignment shows, how implementing a
DMZ, static IP and NAT in a network can improve Network Security with examples.

4
II. Identify types of security risk to organizations.
Security risks are anything that can negatively affect the confidentiality, integrity or
availability of data. Hackers can use various methods to negatively impact the organization's
data or network. These negative effects may be: access, use, disclosure, disruption,
modification, inspection, recording or destruction of data.
The security risks to organization can be caused by damage to or destruction of data or code
from inside or outside the system. For examples: unauthorized use of the system,
unauthorized manipulation with data in the system (add, delete, edit data or drop
database), illegal destruction or manipulation of physical system assets and environment. In
addition, naturally occurring risks can also cause damage to organizational system.
There are many types of security risks, including: Internet and network attacks,
unauthorized access and use, hardware theft, software theft, data theft and system failure.
1. Internet and network attacks.
Information transmitted over the network has a higher security risk rate than
information stored within the organization.

Fig. II.1.1. Various internet and network attack.

According to https://grayshelter.wordpress.com/2014/09/30/various-internet-network-
attacks-along-with-their-safeguards/, “An internet or network attack is when someone
accesses another person’s computer via the internet or their network to gain
information for their own personal agenda or just to destroy their data. Information that
is transmitted over networks has a higher degree of security risk than information kept
on an organization’s or home premises. Network administrators are the ones who take
measures to protect a network from security risks, and on the internet, because of the
lack of a central administrator, the security risk is even higher.”
Types of internet and network attacks:
1.1. Malware:
A malware (also known as malicious software) is any software or malicious code
intentionally designed to cause damage to a server, client or a computer network.
Some common types of malware include: Computer viruses, worms, trojan horses,
rootkit, backdoor and spyware.

5
 Fig. II.1.1.2. Malware is a potential danger for a computer network.
- Viruses.

Fig. II.1.1.3. Computer viruses.

Computer virus (or virus) is a term which is used to describe a type of malicious
code or unwanted program that automatically installs on victim computers.
A virus operates by inserting or attaching itself to a legitimate program or document
that supports macros in order to execute its code.
Viruses are designed to cause damage, steal personal information, change data,
send emails, messages, auto-replicate ... or some combination of the above and is
they can spread from one computer to another on a local area network.
The most famous computer viruses: CryptoLocker, ILOVEYOU, MyDoom, Storm
Worm and Slammer (For detail view https://uk.norton.com/norton-
blog/2016/02/the_8_most_famousco.html).

Fig II.1.1.4. The 8 most famous computer viruses.

6
- Worm.

Fig. II.1.1.5. Computer worms.

Computer worms are similar to computer viruses in their ability to replicate. The
differences between worms and viruses are: While a computer virus needs to be
inserted or attached to a program or document in order to operate, a computer
worm is an independent program and does not necessarily become part of another
computer program in order to be infected. Another difference is worms always
cause damage to the network, even if only by consuming bandwidth, whereas
viruses almost always corrupt or modify files on a targeted computer.
List of top 10 worm of all time: Morris worm, ILOVEYOU, Nimda, Code Red, Melissa,
MSBlast, Sobig, Storm Worm, Michelangelo and Jerusalem (For details, visit
https://www.secpoint.com/top-10-worms.html).
- Trojan horses.

Fig. II.1.1.6. Computer trojan horses.

A Trojan horse is defined as a "malicious program disguised as something deemed
to be safe". For example, you download simple programs like a movie or music file,
but when you click on it, you can open a dangerous program that erases your hard
disk, sends credit card numbers and Give your password to a stranger, allow a
stranger to take control of your computer or become a botnet element to
contribute to a DDoS attack.
- Rootkits.

7
 Fig. II.1.1.7. Rootkits.
A rootkit is a set of software built with the primary purpose of hiding malicious code
that can endanger our computers. Once installed, the rootkit will "disguise" itself so
that regular antivirus software will only see it as a harmless application when
scanning. Usually, the longer a rootkit stays in a device, the more it affects the
security of the device as well as the user 's information security. In addition, rootkits
become even more dangerous when they hide additional malware, and this is a
common attack used by hackers.
- Spyware and adware.

Fig. II.1.1.8. Adware and spyware

Adware, or advertising supported software, is a software designed to display
unwanted advertisements on a user's device screen, often disguised as a legitimate
program or hidden in another program to trick users into installing it. By that way,
they are profitable for their developers.
Spyware (also known as spy software) is a software written to track and collect
information and data on the infected device.
Adware and spyware can work together and support each other. When your device
is infected, they can perform all kinds of unwanted tasks. The adware program will
tend to serve user pop-up ads, may change the browser's home page, add spyware
to collect data (The data could be the location and website visited, then showing ads

8
 that match the type of goods or services you see - or worse, bank card information,
credit card information) and harass infected device with ads.
Adware and spyware can infect user device when they download and install free
software (freeware) or trial software (shareware) or they visit an adware-infected
website.
1.2. Botnets.

Fig. II.1.2.1. Botnets.

Botnets (also known as Bots network) refers to a network of computers (including
many computers infected with malware or installed with software created by
hackers) that is controlled by someone (using another remote computer called bot
herder) to perform a certain task.
1.3. Backdoors.

Fig. II.1.3.1. Backdoors.

9
 Backdoors are defined as means to access computer systems or encrypted data,
bypassing the system's usual security mechanisms.
Developers can create backdoors to gain access to the application or operating
system, and to troubleshoot problems or for various purposes. In contrast, attackers
often use the backdoor they detect or install as a tool for exploits. In some cases,
worms or viruses are designed to take advantage of backdoors and perform attacks.
1.4. Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS).

Fig. II.1.4. Denial of Service.

DoS is a deliberate attempt to overload the operating system, consume resources
that render it unresponsive, provide services to users, or respond slowly. The most
common trick is from a hacker machine sending a large number of requests or
requests to access the server simultaneously; overloading the server of the Website,
unable to display the results or taking a long time to response.

Fig. II.1.5. Distributed Denial of Service.

10
 DDoS is a variant of DoS attack type. In DDoS attack, instead of sending requests
directly from your computer, hackers will use the compromised devices to send a
large number of requests and request access to the server.
DDOS attack is stronger than DOS, the advantage of this form is that it is dispersed
from many different IP ranges, so the attacker will be difficult to detect and prevent.
1.5. Spoofing.
According to https://www.forcepoint.com/cyber-edu/spoofing, spoofing is “the act
of disguising a communication from an unknown source as being from a known,
trusted source. Spoofing can apply to emails, phone calls, and websites, or can be
more technical, such as a computer spoofing an IP address, Address Resolution
Protocol (ARP), or Domain Name System (DNS) server.”
Spoofing can be used to gain access to a target’s personal information, spread
malware through infected links or attachments, bypass network access controls, or
redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a
bad actor gains access in order to execute a larger cyberattack such as a relay attack
or a man-in-the-middle attack.
2. Unauthorized access and use.

Fig. II.2.1 Unauthorized access and use.

2.1. Unauthorized access.
Unauthorized access is when someone gain access to a computer, website, server or
network by using a legitimate account or other methods.
For example: If someone try to access a website by guessing administrator
username and password until they gain access, it is considered as an unauthorized
access.
Unauthorized access could also occur if a user attempts to access an area of a
system they should not be accessing.
For example: When an employee tries to access the administrator page with his/her
account with employee role of a website, it is also called an unauthorized access.
2.2. Unauthorized use.
Unauthorized use is the use of a computer or its data for illegal activities.
For examples: Hackers gain access to a bank computer and performing an
unauthorized bank transfer.
Hackers can use some of the following methods to gain unauthorized access to and
use of computers or data:

11
- Using spyware: Spyware is designed to hide and steal personal information, thereby
gaining access to and use of the system.
Keylogger is the most common spyware used by hackers to gain access to and use
the system.

Fig. II.2.2.1. Keylogger software.

- Using Man-In-The-Middle attack type: In this attack type, hackers act as a middle
man in the session between the victim and server. All packets from the victim to the
server and in opposite, from the server to the victim will go through the attacker, if
forwarded.

Fig. II.2.2.2. Man-In-The-Middle attacks.

Some of the types of Man-In-The-Middle attack:
+ DNS spoofing.
+ HTTP spoofing.
+ IP spoofing.
+ ARP spoofing.
+ SSL hijacking.
+ Access point spoofing.
- Using Phishing attack type:

12
 Fig. II.2.2.3. Phishing attacks.
Phishing is a form of cyberattack that the attacker impersonates as a reputable unit
to trick users into giving them personal information.
Typically, hackers will impersonate employees of reputable organizations such as
banks, online transaction websites, e-wallets, credit card companies to trick users
into sharing sensitive information such as: Login account & password, transaction
password, credit card and other valuable information.
This attack is usually done by hackers via email and text message. Users who open
the email and click on the fake link will be asked to login and enter personal
information. If successful, hackers will gain information immediately.
Phishing method was known in 1987. The origin of the word Phishing is a
combination of the words Fishing (fishing) and Phreaking (a joke about crimes
related to the telephone system). Fishing in this case means "fishing" the user's
information.
- Using SQL injection attack:

Fig. II.2.2.4. SQL injection.

SQL injection is a technique that allows an attacker to take advantage of the
vulnerability of input testing in web applications and error messages returned by
the database management system for transmission and execution illegal SQL
statements.

13
SQL injection can allow attackers to perform operations as a web administrator on
the database.
SQL injection is commonly known as an attack vector for web applications using
database management systems such as SQL Server and MySQL.
For example: Using a keyword which is provided in https://cybersguards.com/2019-
latest-google-dorks-sql-injection-list-collection-sql-dorks-2017-2019/, you can find a
website in Google (I choose “view_items.php?id=” and search in google).

Fig. II.2.2.5. The search results. I choose

“http://www.belbana.com/our-products-detail.php?id=7”.
You can enter this site and in the URL you add a single click (‘) and press Enter.

Fig. II.2.2.6. Before changing URL.

14
 Fig. II.2.2.7. After changing URL.
This website is vulnerable and can be attacked.
3. Hardware theft.

Fig. II.3.1. Hardware theft and vandalism.

3.1. Hardware theft.
Hardware theft is the act of stealing computer equipment.
3.2. Hardware vandalism.
Hardware vandalism is the act of destroying computer equipment.
4. Software theft.

15
 Fig. II.4.1 Software theft.
According to https://www.techopedia.com/definition/22203/software-theft, software
theft is “the unauthorized or illegal copying, sharing or usage of copyright-protected
software programs. Software theft may be carried out by individuals, groups or, in some
cases, organizations who then distribute the unauthorized software copies to users”.
Software theft includes the following actions:
- Steal software media.
- Intentionally erases programs.
- Illegally copies a program.
- Illegally registers and/or activates a program.
5. Information theft.

Fig. II.5.1. Information theft.

Data theft is the term used to refer to the act of copying or illegally obtaining
information from a business or individuals. Typically, this information is user
information such as accounts, passwords, social security numbers, credit card
information, bank cards or other confidential information. If stolen, the loss of
information can cause greater damage than hardware or software theft.
6. System failure.

16
 Fig. II.6.1. System failure.
System failure, or system error, is a prolonged problem of the computer. A system
failure can occur because of a hardware failure or a severe software issue, causing the
system to freeze, reboot, or stop functioning.
A variety of factors can lead to system failure, including:
- The hardware is outdated.
- Electrical power problems.
- Errors in computer program or operation system.
- Natural disasters.
III. Describe organizational security procedures.
Organizational security procedures are set sequence of necessary activities which perform a
specific security task of function for organization. In other words, these procedures are
described as a series of steps need to be followed as a consistent and repetitive approach or
cycle to accomplish an end result. After implemented, organizational security procedures
provide a set of established actions for conducting the security affairs of the organization,
which increases control of security within the organization.
Security policies and procedures are a mandatory requirement of any organization’s security
for implementing IT security management. The final goal of organizational security
procedures is to protect these three attributes of information:
- Confidential - Information is only viewed by authorized people. The reason for keeping
the information confidential is because this information is the product of the
organization's ownership and sometimes is the information of the organization's
customers. This information must be kept confidential or based on terms between the
organization and its customers.
- Integrity - Information must not be destroyed or altered. This information that needs to
be processed to isolate from accidents or intentional changes.
- Availability - Information must always be available to authorized people when needed.

17
 Fig. III.1. The goal of security procedure.
An attack on confidentiality exposes unauthorized access, an attack on integrity destroys or
destroys information, and an attack on availability breaks causing a denial of service of the
system. Information security protects these properties by:
- Protect the confidential.
- Ensure the integrity.
- Maintain the availability.
An organization that wants to succeed in protecting the above attributes of information
must have appropriate security procedures. They will minimize the risk of an attack and
minimize the time needed to detect and respond if an attack occurs.
These procedures include:
- Operation system (OS) patch update: All networked devices must install all currently
available OS security patches in a timely fashion. Exceptions can cause serious damage
to the usability of important applications as well as create security holes for hackers to
exploit.
For examples: Hackers can use nessus to scan Window OS 7 and discover the MS17-010
vulnerability. They can use Kali Linux to attack the victim computer.
- Antivirus software: A strong anti-virus installation is important for organizational
network security as it can detect most malware. Anti-virus software must be running
and up-to-date on devices connected to the network.
The famous antivirus software: Kaspersky, Norton, Avira, Bitdefender, …
- Host-based firewall software: Host-based firewall software such as Windows Firewall
must be running and configured to block unnecessary and unwelcome connections.
- Password: Organizational systems must identify users and authenticate access by both
ID and passwords. The password must be encrypted with the following methods:
Message Digest 5 (MD5), Secure Hash Algorithm (SHA), Data Encryption Standard (DEA
or Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES), Rivest
Cipher (RC), International Data Encryption Algorithm (IDEA), …

18
 - Encrypted communications: Traffic across the Internet may be surreptitiously
monitored, rendering information vulnerable to compromise. Encryption shall be used
when possible and at all times for communications containing personal information.
- Unnecessary services: If a service is not needed for the purpose or operation of the
device, that service will be disabled or removed with the network administrator's
approval and supervision. If not, that deletion could have a negative impact on network
security.
- Physical security: Unauthorized physical access to an unattended device can cause
potentially dangers.
Some physical security recommendations:
+ Lock the door when leaving the office.
+ Make sure your doors, windows and data storage area are secure when you
leave, even if only for a short time and carry your key.
+ Lock the USB port of the employee computer to prevent data or software
copying.
+ Configure port security on switch to prevent MAC flooding attack.
+ Report any suspicious activity or individuals to administrator.
- Ready to respond to incidents: The organization should have appropriate policies in
place to prepare for possible incidents, such as earthquakes, fires, electrical incidents.
Possible measures are: backup data, redundant data, …
IV. Propose a method to assess and treat Information Technology (IT) risks.
Risk treatment is a term used to describe strategies that are used to manage an
organization's risk. It includes steps to identify, analyze, evaluate and then handle risks.
Specific treatment strategies have been created to address specific risks that have been
identified. Depending on the risk context, treatment strategies may be different.
Based on the definition of risk treatment:
- Identify the potential risks.
The first step of risk treatment process is “Risk identification”. In this step, all potential
risk must be determined, including intentional and unintentional risks.
- Risk assessment and analysis.
The risk assessment evaluates an organization's exposure to uncertain events that may
affect the organization and estimate the damage that they may cause.
An effective organization's risk assessment and analysis helps protect assets, improve
decision making, and optimize operational efficiency across the board to save money,
time and resources.
- Risk evaluation.
After the risk assessment and analysis has been completed, a risks evaluation process
can take place. This process is performed to compare the estimated risks against the risk
criteria established by the organization.
- Risk treatment and response.
Risk treatment is the implementation of policies and procedures that will help avoid or
minimize risks. It can also be extended to risk transfer and risk financing. You have to
choose the risk treatment options to implement:

19
 + Avoid: If risk is considered a critical danger to the organization, then you only
need to avoid the activity that creates risk.
+ Transfer: In many cases, you can pass on the risk you take to another party (for
example: insurance companies). You can also outsource the process in which
the risk is present to another provider, thereby transferring the risk to the
outsource provider.
+ Reduce: With this option, the range and impact level are reduced as much as
possible. The risk reduction option is selected and when the risk is unavoidable
and untransferable.
+ Accept: For some cases, there is no option but to accept the risk. Risks
avoidance, transfer or reduction cannot be done or done at a high cost. The
acceptable risks must be low or easily handled.
Beside the risk treatment process above, the following simple measures should also be
taken to improve security for the organization:
- Use secure passwords: Passwords should be complex enough to be difficult for others to
guess but easy to remember for the owner. In addition, the owner should actively
change the password regularly. Moreover, owner do not use only one password for
every account.
- Instruct all customers and staff to be cautious of suspicious messages: Phishing emails
often include suspiciously attached documents and links. If an email is suspected of
being a scam, users should not open it.
- Using Public Key Infrastructure (PKI): A PKI is a system for managing private and public
key pairs, and digital licenses. Because the keys and licenses are issued by a trusted
third-party tool, the security of the license platform that this system provides is quite
strong.
We can secure the data we want to share with others by encrypting this data with a
Public Key and the person being shared. All users on the network will see this data, but
only users with the Private Key corresponding to the Public Key can decrypt it.
- Use safety measures on social networks: Users must know what information can be
shared on their social networks, set up mechanisms to help users restrict access to data
allowed people that users want to share.
- Using anti-virus software: While it may not be the most effective solution and may not
prevent all threats, it is still a useful tool needed to ensure the security of your
organization's devices. Make sure that the antivirus software on the device is always
active and updated regularly.
- Update the operating system and application software regularly: The benefit of updates
is to fix security holes, so the operating system as well as the software must be
constantly updated. Many operating systems provide methods for automatic software
updates while application software must be updated manually.
- Backup data timely and regularly: A backup of all the contents of the device without
being infected will definitely save users a lot of time and effort when restoring. A recent
copy will be very helpful in risk treatment process.
- Set up an Information Security Policy: An information security policy is necessary to
protect and maintain the organization by providing provisions for enforcement.

20
V. Identify the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs.
1. Definition:
A firewall is a network security system that can be based on hardware, software or both,
using rules to control traffic coming in and out of the system. Firewalls act as a barrier
between trusted and untrusted networks. It controls access to network resources through
an active control model. That is, only traffic that conforms to the firewall defined policy can
access the network, all other traffic will be denied.
VPN, stands for Virtual Private Network, is a network technology that allows users to create
a connection to another network when connected to any public Internet as if their
computer devices are connected directly to this network.
VPN is divided into three types:
- First-party VPN: This VPN is built by users for themselves.
- Second-party VPN: This VPN is built by employer to access their internal network.
- Third-party VPN: This is a general-purpose VPN sold as a service to customer.
By using a VPN to connect to the Internet, all users' data will be encrypted when transmitted
over the Internet so hackers and spies cannot gain important user data.
2. The purpose of firewall and VPN:
The purpose of the firewall is to filter traffic from dangerous traffic sources such as
hackers, some viruses attack so that they cannot sabotage or cripple your system as well
as monitor traffic flows. and decide what to do about suspicious traffic (such as blocking
certain data sources that do not allow access or tracking a suspicious transaction).
The purpose of a VPN is to:
+ Hide your real IP address and turn your IP address into VPN IP.
+ Encrypt data, thus protecting from "snoopers" when using public Wifi.
+ Choose the IP location depending on the purpose.
+ Access the company or home intranet remotely.
3. The impact of incorrect configuration of firewall policies and third-party VPNs to IT
security.
A misconfigured firewall and third-party VPNs can cause great damage on your organization.
Base on the purpose of firewalls and VPN, if the configuration is incorrect, the purposes are
not achieved.
There are three main potential impact to IT security:
+ They might lead to a data breach and hackers could take advantages of that breach and
steal the sensitive data.
Firewall are often set up with open policies which permit data packet transmission from
any source to any destination because the IT administrators do not know exactly the
needs of organization. This leaves the network always in open state and hackers can
access the system, take control, perform illegal actions to the system as well as data
without detection.
Although VPN is considered to be secure, hackers still take advantages of some security
holes based on the incorrect configuration. For example: Misconfiguration of VPN
clients for security breaches can occur when manipulating Phase 1 and/or Phase 2
proposals of IPsec (Internet Protocol Security) connections on the classic client-based. If

21
 the client is configured to work with AES128, for example, and the user changes the
encryption algorithm to DES (assuming the gateway allows DES as a valid security
proposal), this would constitute a severe reduction in overall security because DES has
much lower encryption strength and can be easily compromised
(https://searchnetworking.techtarget.com/answer/How-can-incorrectly-configuring-
VPN-clients-lead-to-a-security-breach).
+ Data packets are not transmitted to the destination.
+ Data packets are transmitted to wrong destination.
If the configuration of the firewall is wrong:
• If the organization has a public server inside the firewall ( mail server, web server,
etc.), the public outside the firewall will not be able to access those servers.
• Users inside the firewall are not able to access some websites (or even all websites)
on the public internet.
If VPN configuration is incorrect:
• Often an organization has multiple offices in various cities that communicate with
each other through VPNs set up in a firewall at each office. Misconfiguration could
prevent 2 or more offices from communicating with each other.
VI. Show, using an example for each, how implementing a demilitarized zone (DMZ), static IP
and Network Address Translation (NAT) in a network can improve Network Security.
In computer security, the definitions of these terms are described as follow:
1. DMZ:
- Definition: A DMZ is a neutral network area between the intranet and the Internet,
which contains information that allows users from the Internet to access and accept the
risks of attacks from the Internet. The DMZ is separate from the internal network
because the DMZ uses a different (or subnet) network path than the internal network.
Services commonly deployed in the DMZ are: Web server, Mail server, DNS server, FTP
server, etc.
The use of DMZ has a particularly important meaning in the use of the network,
protecting our intranet. When implemented properly, a DMZ Network gives
organizations extra protection in detecting and mitigating security breaches before they
reach the internal network, where valuable assets are stored.
- How DMZ work:

22
 Fig. The operation of DMZ.
DMZ acts as a kind of buffer between the Internet and the internal network. Deploying a
DMZ between two firewalls means that all incoming network packets are screened by a
firewall or other security device before they reach the servers hosted by the
organization in the DMZ. This is enough to prevent factors that threaten intranet.
If hackers are able to bypass the first firewall, they must gain unauthorized access to
those services before they can cause any damage and thus be able to alert the network
administrator to well prepared for the protection of internal network as well as handling
the consequences.
Finally, assuming that hackers could violate external firewalls and take over a system
stored in the DMZ, they still had to bypass the internal firewall before they could gain
access to the organization's secret resources, such as: Database server, DHCP server, …
Although the DMZ is best secured to be broken by hackers, when the DMZ is hacked the
system should send a warning, providing the system administrator with enough
information to prevent the intrusion into the system.
There are 2 common DMZ topologies in use:
+ Single firewall (or three-legged model): This model only requires a firewall
device with three NICs (network interface card). In particular, one NIC
connected to the external network, the second NIC connected to the DMZ
network, and the other NIC connected to the internal network.

23
 The firewall must be able to control all incoming / outgoing traffic between the
three networks (internal, external and DMZ) and it becomes a single point of
failure for the entire network. If something goes wrong with this firewall, both
the DMZ and the internal network are no longer protected.
+ Dual firewalls:
This model requires two firewall devices, each with two NICs and is arranged as
follows:
The first firewall (called the front-end firewall) has one NIC connected to the
external network (external interface) and the other NIC connected to the DMZ
(internal interface). This front-end firewall is responsible for controlling traffic
from the Internet to the DMZ and the internal network.
The second firewall (called the back-end firewall) has one NIC connected to the
DMZ (external interface) and the other NIC to connect to the internal network
(internal interface). This back-end firewall is responsible for controlling traffic
from the DMZ and the Internet to the internal network.

Compared to a single firewall, this solution is more expensive to deploy when

you need to invest in two separate firewalls, but in terms of performance and
safety for your network will be improved.

- An example of using DMZ.

DMZ is suitable for all businesses that publish some services to the Internet. It protects
the local network by providing an extra layer of security to the computer network by
restricting remote access to internal servers and information, which can be very
damaging if breached.

24
2. Static IP:
- Definition: A static IP address is an IP address manually configured for a device, which is
different from the address assigned by a DHCP server. It is called a "static" address
because it does not change.
- How Static IP work:

Fig. Difference between Dynamic and Static IP address.

Another way to look at static IP addresses is to treat them like home addresses. These
addresses never change and make it easy to contact or find someone. Similarly, a static
IP address will be useful if you host a website at home, have a file server on your
network or are using a networked printer, relaying ports to specific devices, running a
print server. or if you use a remote access program. Because static IP addresses never
change, other devices always know exactly how to contact the device.
- An example of using static IP:
For example, when you configure the servers of the organization, you must set static IP
address for them. In the future, the server will be located in a separate room (server
room) preserved with stable conditions and you cannot come in to change the
configuration when needed. You can only use the SSH protocol to reconfigure.
If you use static IP, you can connect to these servers easily with specific IP addresses. In
contrast, if you use dynamic IP addresses which is provided by DHCP server, this
becomes more difficult when you have to find the IP address of each server.
3. NAT:
- Definition: NAT (Network Address Translation) is a technique that converts from one IP
address to another in the packet being transmitted through a router. Typically, NAT is
commonly used in networks that use local addresses, requiring access to public
networks (the Internet). NAT is done at the router that connects the two networks. NAT
allows the router to act as an intermediary between the internet and the local network.
- How NAT work:

25
 Fig. The operation of NAT.
NAT like a router, it forwards packets between different network layers on a large
network. NAT translates or changes one or both of the addresses within a packet as it
passes through a router, or some other device. Normally, NAT changes the address
(usually the private address) used within a network to the public address.
NAT can also be considered as a basic firewall. To accomplish this task, NAT maintains a
table of information about each packet sent. When a PC on the network connects to a
website on the Internet header of the source IP address is changed and replaced with
the Public address that has been configured on the NAT server, after the packet has
returned to NAT based on the record table. It stores the packets, changes the
destination IP address to the address of the PC on the network, and forwards it. Through
this mechanism, network administrators can filter packets sent to or from an IP address
and allow or ban access to a specific port.

26
 In addition, NAT hide the IP address of the device in local area network. Although every
computer within the local network has a specific private IP address, external devices can
only be able to use a public IP address when communicating with any computer on this
network.
- An example of using NAT:
For large businesses with thousands of devices that need to connect to the network as
well as have lots of data that need to be secured, NAT is necessary to:
+ Hide the IP address in the internal network before the packet is transmitted to
the Internet to reduce the risk of attacks on the network.
Hackers can only see the public IP address provided by the ISP (that is, the IP
address of the NAT gateway outside), so they cannot attack the internal
network.
+ Save the IPv4 address space.
For large businesses with multiple devices, buying entire public IPv4 addresses
for each device is useless. Instead, administrators will use private IPv4
addresses, thereby saving IP address space.
VII. Discuss three benefits to implement network monitoring systems with supporting reasons.
1. Definition.
Network monitoring system is a system that monitors incidents, performance, and
status of devices and computers in the network. The system includes a software to
record information and help system administrators to record and track information
through it. The software also has the ability to send notifications or alerts to system
administrators when there is a risk or a problem is occurring.
Monitoring system helps administrators can monitor the system (for example: hardware
information of devices, performance, network bandwidth). In addition, it is able to
notify about incidents, early diagnosis of possible problems and system responsiveness,
thereby offering solutions to optimize, upgrade and minimize incidents affecting the
operation of the network.
2. The benefits.
There are three benefits of implementing network monitoring systems:
- Ensure the organization security:
The network monitoring system is used to track events, use logs recorded by different
software to analyze and send alerts when risks occur. In addition, many systems have
the ability to prevent attacks that they detect when attacks are occurring by connecting
to an organization's other security system like a firewall and transmitting them to the
configuration section to prevent malicious attacks.
- Automatically send notifications and operate:
A network monitoring service will automatically send notification to the IT administrator
when risks occur. Moreover, they can also be self-operated without full-time IT staff
supervision – which can reduce costs for organization.
- Optimize, monitor your network and enable remote connections:
An organization can hardly grow with poor information infrastructure (overloaded, slow
or insecure). Network monitoring services examine the network infrastructure of the
organization, show which areas can be improved, and any issues that currently need to

27
 be treated. In addition, it allows owners as well as network administrators to remotely
access from anywhere.
VIII. Investigate how a ‘trusted network’ may be part of an IT security solution.
1. Investigate.
A trusted network is a network where devices are connected, allowing data to be
transmitted is transparent and access to this network is controlled and restricted. Devices
that use trusted networks are usually managed by administrators to ensure privacy, security
and no data leakage. All computer using trusted network are more secure because of this.
A trusted network should have the following features:
- Authentication: Only logged-in and authenticated users are allowed to use the network.
This helps improve the security of the organization because the use of organization is
limited.
- Encryption: The data should be encrypted so that important data cannot be intercepted
and transmitted to unauthorized users. The integrity and confidential aspects of data
are improved with this feature of trusted network.
- Firewall: To monitoring the incoming and outgoing traffic of a trusted network, a
firewall needs to be set up and configured some necessary rules for the packet
transmission process.
- Private network: Devices within a trusted network should be equipped with software
like VPN, which allows for remote access with secure data transfer, control the traffic
and distinguish the unauthorized user clients for getting to the information.
2. Example:
A common example of a trusted network is WPA2-Enterprise. It is also known as RADIUS,
802.1X, 802.11i or EAP (Extensible Authentication Protocol). WPA stands for Wi-Fi Protected
Access. This mode provides a more efficient security solution, better key management and
supports other enterprise functions such as VLAN and NAP (Network Access Point). This
mode requires a Remote Authentication Dial In User Service (RADIUS) server, which is an
authentication server to manage user 802.1X authentication.

28
 Fig. VIII.2.1. WPA2-Enterprise diagram.
RADIUS (Remote Authentication Dial in User Service) is a common network protocol that
provides for the AAA (Authentication, Authorization and Accounting) needs of modern IT
environments. RADIUS provides facilities to better manage network access by providing a
higher level of security, control and monitoring. Basically, RADIUS allows remote users to
connect to wireless networks by identifying an account and then getting access to the
system.
WPA2-Enterprise provides a variety of benefits, includes:
+ Prevents traffic snooping.
In WPA2 Personal, everyone connected to the wireless network uses only one same
password. If this password is stolen or leaked, hackers can snoop on all traffic on the
wireless network. WPA2-Enterprise provides a dynamic authentication to the user and
can be revoked when necessary, so it prevents snooping.
+ Enables enhanced security methods.
WPA2-Enterprise allows users to log in to the wireless network with a name and
password or a digital certificate. Both types of certificates can be changed or revoked at
any time on the server when the wireless device is lost or stolen. In contrast, when using
Personal mode, passwords need to be changed manually on all APs and wireless
devices.
+ Eliminates the security risk of shared password.
Because WPA2-Enterprise provides each user with a unique and dynamic encryption
key, it can prevent eavesdropping between users in the network. When using WPA2-
Personal, successfully connected users can see the traffic of other users (passwords,
emails, or other sensitive data).

29
IX. Conclusion.
Ensuring information and data security is always a top concern of agencies, organizations
and individuals. To be able to build a private network that can avoid all attacks is not
possible, but we can build highly secure networks according to specific requirements by
applying methods to limit and prevent attacks.
This assignment has identified the security risks to organization as well as shown the
description of organization security procedures. In addition, this report has also identified
the potential impact to IT security of incorrect configuration of firewall policies and third-
party VPNs. Finally, the impact of DMZ, static IP and NAT to the Network Security with
examples.

30
X. References.
- https://grayshelter.wordpress.com/2014/09/30/various-internet-network-attacks-
along-with-their-safeguards/
- https://www.cisco.com/c/en/us/products/security/advanced-malware-
protection/what-is-malware.html
- https://www.avg.com/en/signal/what-is-a-computer-virus
- https://uk.norton.com/norton-blog/2016/02/the_8_most_famousco.html
- https://malware.wikia.org/wiki/Trojan
- https://www.iconfinder.com/icons/1691871/app_computer_infect_infest_malware_ro
otkit_virus_icon
- https://blogs.manageengine.com/desktop-mobile/desktopcentral/2018/06/27/zacinlo-
adware-windows-10-spyware-twist.html
- http://www.iamwire.com/2017/04/botnet-attack/151324
- https://www.researchgate.net/figure/Denial-of-Service-DoS-attack-A-DDoS-Distributed-
Denial-of-Service-attack-as-shown-in_fig2_324562008
- https://www.f5.com/labs/articles/education/what-is-a-distributed-denial-of-service-
attack-
- http://www.torymcbroom.com/stay-classy/
- https://www.geckoandfly.com/17868/best-free-keylogger-for-windows-mac-android-
ios-to-monitor-your-kids-facebook/
- https://www.cloudflare.com/learning/security/threats/man-in-the-middle-attack/
- https://paymentspring.com/blog/protect-your-business-customers-from-phishing/
- https://towardsdatascience.com/being-aware-of-malicious-data-corruption-as-a-data-
scientist-sql-injection-attack-63f235fb2a97
- https://www.iol.co.za/pretoria-news/vandalism-and-theft-at-cellphone-towers-poses-a-
risk-to-networks-33556644
- https://sites.google.com/site/augustusslavik/hardware-and-software-theft
- https://www.consumerjungle.org/jungle-talk/-what-is-id-theft-care
- https://www.123rf.com/photo_71581234_stock-vector-system-failure-background-
.html
- https://searchsecurity.techtarget.com/definition/DMZ
- https://techdifferences.com/difference-between-static-and-dynamic-ip-address.html
- https://security.stackexchange.com/questions/13556/public-dmz-network-architecture
- https://www.bukovac.si/wpa2-enterprise-wireless-security-with-synology-radius-server-
and-dd-wrt/
- https://searchnetworking.techtarget.com/answer/How-can-incorrectly-configuring-
VPN-clients-lead-to-a-security-breach

31