ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 22/02/2022 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Le Duc Huy Student ID GBH200353

Class GCH0906 Assessor name Omar

Student declaration
I certify that the assignment submission is entirely my work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading gr
P1 P2 P3 P4 M1 M2 D1

1
Table of Contents
I. Introduction ............................................................................................................................................ 6
II. Identify types of security threats to organizations. Give an example of a recently publicized security
breach and discuss its consequences (P1) ...................................................................................................... 7
II.1. What is the security........................................................................................................................... 7
II.2. What is a security risk ......................................................................................................................... 8
II.3. Identify threats .................................................................................................................................... 9
II.4. Identify threats agents to organizations ............................................................................................ 10
II.4.1. Nation States .............................................................................................................................. 10
II.4.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses
perpetrated by vandals and the general public) .................................................................................... 10
II.4.3. Employees and contractors ........................................................................................................ 10
II.5 List types of threats that organization will face ................................................................................. 10
II.5.1 Computer Viruses ....................................................................................................................... 10
II.5.2. Trojans Horse ............................................................................................................................. 11
II.5.3. Adware ....................................................................................................................................... 12
II.5.4. Spyware ..................................................................................................................................... 13
II.5.5. Worm ......................................................................................................................................... 14
II.5.6. Denial of Service (DoS) Attack ................................................................................................. 15
II.5.7. Phishing ..................................................................................................................................... 16
II.5.8. Malware ..................................................................................................................................... 16
II.5.9. Ransomware............................................................................................................................... 17
II.5.10. Data breach .............................................................................................................................. 18
II.5.11. Zero-day attack ........................................................................................................................ 19
II.6 An example of a recently publicized security breach ........................................................................ 20
III. Describe at least 3 organizational security procedures (P2) ............................................................. 22
III.1. What are security procedures .......................................................................................................... 22
III.2 Anti-virus procedures ....................................................................................................................... 22
III.2.1 Purpose of anti-virus procedures ............................................................................................... 22
III.3. Password procedures ....................................................................................................................... 23
III.3.1 Purpose ...................................................................................................................................... 23
III.3.2. The password policies and best practices that every system administrator should implement:
.............................................................................................................................................................. 24
III.4. Physical Security Procedures .......................................................................................................... 24

1
 III.4.1 Purpose ...................................................................................................................................... 24
III.4.2. Procedures of physical security ................................................................................................ 25
IV. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS
(P3) 26
IV.1. Firewall............................................................................................................................................ 26
IV.1.1. Definition ................................................................................................................................. 26
IV.1.2. How does a firewall work?....................................................................................................... 26
IV.1.3 The usage of firewall ................................................................................................................. 27
IV.1.4. Advantage of firewall ............................................................................................................... 28
IV.1.5. How does a firewall provide security to a network? ............................................................... 29
IV.1.6. Show with diagrams the example of a firewall work ............................................................... 29
IV.2 IDS ................................................................................................................................................... 30
IV.2.1. Definition ................................................................................................................................. 30
IV.2.2. Type of IDS .............................................................................................................................. 31
IV.2.3. How do IDS work .................................................................................................................... 32
IV.2.4. Usage of IDS ............................................................................................................................ 33
IV.2.5. Advantage of IDS ..................................................................................................................... 33
IV.2.6 How do an IDS provide security to a network? ........................................................................ 34
IV.2.7. Show with diagrams the example of how IDS works .............................................................. 34
IV.3. The potential impact (Threat-Risk) of a Firewall and IDS if they are incorrectly configured in a
network ..................................................................................................................................................... 35
IV.3.1. The potential impact of a Firewall ........................................................................................... 35
IV.3.2. The potential impact of IDS ..................................................................................................... 36
V. SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP, AND
NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) .................................................. 38
V.1. DMZ ............................................................................................................................................... 38
V.1.1 Purpose of DMZ ......................................................................................................................... 38
V.1.2. How does DMZ work? .............................................................................................................. 38
V.1.3. Usage of DMZ ........................................................................................................................... 39
V.1.4. Advantage of DMZ .................................................................................................................... 39
V.2. Static IP............................................................................................................................................. 40
V.2.1. Purpose of Static IP ....................................................................................................................... 40
V.2.2. How does static IP work? .......................................................................................................... 41
V.2.3. Usage of static IP ....................................................................................................................... 42
V.2.4. Advantage of static IP................................................................................................................ 42
V.3. NAT .................................................................................................................................................. 43
V.3.1. Purpose of NAT ......................................................................................................................... 43
V.3.2. How does NAT work? ............................................................................................................... 44
V.3.3. Usage of NAT............................................................................................................................ 44
V.3.4. Advantage of Nat ....................................................................................................................... 45

2
VI. Propose a method to assess and treat IT security risks. (M1)........................................................... 45
VI.1. Discuss the approaches needed to assess the threat to its security. Tools monitoring, for example.
.................................................................................................................................................................. 45
VI.1.1. Security risk assessment ........................................................................................................... 46
VI.1.2. Importance of regular IT security assessments ........................................................................ 46
VI.1.3. What is a cyber risk (IT risk)? .................................................................................................. 46
VI.1.4. IT risk assessment components and formula ............................................................................ 47
VI.1.5. How to perform a security risk assessment .............................................................................. 48
VI.1.6. Ex: Monitoring tools ................................................................................................................ 49
VI.2. What is the current weakness or threat of the organization? ........................................................... 51
VI.3. What tools will you propose to treat the IT security risk? .............................................................. 52
VII. Discuss three benefits to implement network monitoring systems with supporting reasons. (M2) . 53
VII.1. Some networking monitoring devices and describe each. ............................................................. 53
VII.2. Why do you need to monitor network?.......................................................................................... 57
VII.3. The benefits of using a network monitoring system for and organization are next: ...................... 57
VIII. Conclusion ........................................................................................................................................ 60
IX. Reference list .................................................................................................................................... 61

3
Table of figures
Figure 1: Security ...................................................................................................................6
Figure 2: Network security .....................................................................................................7
Figure 3: Security risk ............................................................................................................8
Figure 4: Security threats .......................................................................................................9
Figure 5: Computer Viruses .................................................................................................11
Figure 6: Trojans Horse ........................................................................................................12
Figure 7: Adware ..................................................................................................................13
Figure 8: Spyware ................................................................................................................14
Figure 9: Worm ....................................................................................................................15
Figure 10: DoS Attack..........................................................................................................16
Figure 11: Malware ..............................................................................................................17
Figure 12: Ransomware........................................................................................................18
Figure 13: Data breach .........................................................................................................19
Figure 14: Zero-day attack ...................................................................................................20
Figure 15: Kaseya Ransomware Attack ...............................................................................21
Figure 16: Anti-virus ............................................................................................................22
Figure 17: Password procedures...........................................................................................23
Figure 18: Physical Security.................................................................................................25
Figure 19: Firewall ...............................................................................................................27
Figure 20: The example of a firewall work ..........................................................................30
Figure 21: IDS ......................................................................................................................31
Figure 22: Type of IDS ........................................................................................................32
Figure 23: IDS work .............................................................................................................35
Figure 24: Potential of firewall ............................................................................................36
Figure 25: Intrusion Detection System .................................................................................37
Figure 26: DMZ....................................................................................................................38
Figure 27: DMZ Network.....................................................................................................40

4
Figure 28: Static IP ...............................................................................................................41
Figure 29: NAT ....................................................................................................................44
Figure 30: Security risk assessment .....................................................................................46
Figure 31: Cyber risk............................................................................................................47
Figure 32: XpoLog ...............................................................................................................50
Figure 33: Imperva ...............................................................................................................50
Figure 34: Hoxhunt ..............................................................................................................51
Figure 35: Octave .................................................................................................................52
Figure 36: Smartext Monitoring ...........................................................................................53
Figure 37: The Elastic Stack ................................................................................................54
Figure 38: Zabbix .................................................................................................................55
Figure 39: SolarWinds Server & Application monitor.........................................................55
Figure 40: Datadog Infrastructure Monitoring .....................................................................56
Figure 41: ManageEngine OpManger ..................................................................................56
Figure 42: Benchmarking standard performance .................................................................58
Figure 43: Identifying security threats .................................................................................59

5
I. Introduction
FIS advises and implements technological solutions to possible IT security concerns for medium-sized
businesses in Vietnam. Due to a lack of technological competence in-house, the majority of clients
have outsourced their security issues. Your boss, Jonson, has requested that you produce an interesting
presentation to teach junior staff members about the tools and procedures involved with detecting and
analyzing IT security threats, as well as the organizational policies to secure business-critical data and
equipment, as part of your job.
When the internet and networks were not yet a concern, the security measure was initially deployed
for computers in 1960. Many businesses at the time were focusing on a physical security mechanism
to safeguard their computer-implemented passwords from those who knew how computers worked.
This report explains the Octave method for assessing IT security risks in an IT organization, the
impact of incorrect firewall and third-party VPN configuration on the IT organization, the benefits and
reasons for network monitoring systems, as well as how to improve network security using DMZ,
static IP, and NAT, and finally, the explanation of risk assessment and risk management in an
organization and the impact of the organization after a SWOT evaluation of an internal project.
Investigate a "trusted network" and evaluate how it may be used as part of FIS' security system by
analyzing its positive and negative aspects.

Figure 1: Security

6
II. Identify types of security threats to organizations. Give an example of a
recently publicized security breach and discuss its consequences (P1)
II.1. What is the security
Network security refers to a wide range of technology, equipment, and procedures. Its most basic
form is a system of rules and settings that use both software and hardware to safeguard the integrity,
confidentiality, and accessibility of computer networks and data. Regardless of its size, sector, or
infrastructure, every company needs network security solutions to defend itself from the ever-
increasing panorama of cyber threats that exist today.
Today's network architecture is complicated, and it's up against a constantly evolving threat
environment, as well as attackers that are always looking for and exploiting weaknesses. These flaws
may be found in a variety of places, including devices, data, apps, people, and places. As a result,
today's network security management tools and software target both individual threats and exploits as
well as regulatory non-compliance. When even a few minutes of the outage may cause widespread
inconvenience and significant harm to a company's financial line and reputation, these safeguards are
critical.

Figure 2: Network security

7
II.2. What is a security risk
A computer security risk is anything on your computer that might harm or steal your data, or allow
someone else to use your computer without your permission. Malware, a broad word used to describe
various sorts of harmful software, is one of the numerous things that can put your computer in danger.
We usually think of computer viruses, but viruses, worms, ransomware, spyware, and Trojan horses
are all examples of harmful software that may compromise computer security. Computer product
misconfigurations, as well as risky computing practices, are additional dangers. Let's take a closer look
at these.
Some researchers have studied that the efficacy of risk communication depends not only on the
nature of the risk but also on the alignment between the conceptual model embedded in the risk
communication and the user’s mental model of the risk. (Asgharpour, Liu and Camp, 2007)

Figure 3: Security risk

8
II.3. Identify threats
IETF defines threats as a potential for violation of security, which exists when there is an entity,
circumstance, capability, action, or event that could cause harm. And NIST defines it that an event or
condition that has the potential for causing asset loss and the undesirable consequences or impact from
such loss. Anything that can exploit a vulnerability to breach security and negatively change, delete, or
injure an item or objects of interest is considered a threat. The effects of various threats vary
considerably: some affect the confidentiality or integrity of data while others affect the availability of a
system. (Asgharpour, Liu and Camp, 2007)
Cyber threats and vulnerabilities are frequently misunderstood. The keyword, according to the
definitions, is "potential." The threat does not stem from a security flaw in the implementation or
organization. Instead, it is anything that has the potential to compromise security. A vulnerability, on
the other hand, is a real flaw that may be exploited. Regardless of any precautions, the threat always
exists. Countermeasures, on the other hand, can be implemented to reduce the likelihood of it
occurring.

Figure 4: Security threats

9
II.4. Identify threats agents to organizations
II.4.1. Nation States

Companies in specific industries, such as telecommunications, oil and gas, mining, power generation,
national infrastructure, and so on, may become targets for other countries, either to disrupt operations
today or to provide that nation a future grip in times of crisis.
We've heard many examples of this, from alleged Russian meddling in the US presidential election to
Sony claiming North Korea was responsible for their websites being hacked in 2014, and more
recently, concerns about Huawei providing 5G networks because of the possibility of them passing
information to the Chinese government.

II.4.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses
perpetrated by vandals and the general public)

Companies have told me several times, "Oh, we're not going to be a target for hackers because..."
However, because the number of random assaults that occur every day is so large (and there are no
exact numbers to give here), any organization can become a victim.
The WannaCry ransomware assault, which infected over 200,000 machines in 150 countries, is the
most well-known example of a non-target-specific attack. It caused the NHS in the United Kingdom to
be shut down for many days. Of course, there's the bored teenager in a loft someplace who's just
looking for a weak link on the internet.

II.4.3. Employees and contractors

Unless it's a Zero-day virus, machines and software programs are rather effective at protecting
themselves against malware. Humans are frequently the weakest link in the security system, whether
intentionally or unintentionally.
We all make errors, such as sending an email to the wrong person, but we typically catch ourselves
and can correct the issue promptly. Simple safeguards, such as password-protecting data, can assist to
limit the consequences of such errors.
Unfortunately, some unhappy employees intentionally destroy organizations from the inside. A
dissatisfied internal auditor at Morrison’s supermarket recently obtained payroll and other HR personal
data and released it on the internet. Morrison was penalized because the company did not have the
required technological and organizational procedures in place to prevent the ex-employee from
committing the crime (note that Morrison is currently appealing against the fine).

II.5 List types of threats that organization will face

II.5.1 Computer Viruses
A virus is a piece of software that may travel from one computer to another, or from one network to
another, without the user's awareness and carry out hostile activities. It can corrupt or harm important
data in organizations, as well as delete files and format hard drives.

10
 Figure 5: Computer Viruses

A virus can propagate or attack in a variety of ways, including:

• Double-clicking a malicious executable file
• Downloading and installing free software and programs
• Visiting a website that is contaminated and unsafe
• Clicking on a commercial
• Infected portable storage devices, such as USB drives, are being used.
• Clicking on a URL link in a scam email or opening a spam email
• Free games, toolbars, media players, and other applications may be downloaded.

II.5.2. Trojans Horse

A Trojan horse is a harmful code or program created by hackers to impersonate genuine software to
gain access to a company's computer systems. It is programmed to remove, change, damage, block, or
otherwise destroy your data or network.

11
 Figure 6: Trojans Horse

A group of authors talked about Trojan Horse that Trojan-horse attacked quantum-key-distribution
systems, i.e., attacks on the system via the quantum channel, are analyzed. We illustrated the power of
such attacks with today’s technology and conclude that all systems must implement active
countermeasures. (Gisin et al., 2006)
Trojan Horse's attack method:
• The victim receives an email with an attached file that seems to be an official email from the
sender. When the victim clicks on the attached file, it may include malicious code that is run
immediately.
• In this situation, the victim has no idea or doesn't realize that the attachment is a Trojan horse.

II.5.3. Adware
Adware is a type of software that displays commercial and marketing-related adverts on your
computer screens, such as pop-up windows or bars, banner ads, and video.
Its major goal is to make money for its creator (Adware) by presenting various forms of adverts to
internet users.
Adware attack:
• When you click on that sort of advertisement, it will take you to a website that will gather
information about you.

12
• By monitoring your online actions and selling that information to a third party, it may also be
used to steal all of your personal information and login passwords.

Figure 7: Adware

II.5.4. Spyware
Spyware is a sort of unwanted security threat to businesses that installs itself on a user's computer
and gathers sensitive data such as personal or company information, login passwords, and credit
card information without the user's knowledge.
This sort of attack keeps track of your online activities, logs your login credentials, and snoops on
your personal information.
As a result, every company or individual should use anti-virus, firewall, and only download
software from reputable sources to protect themselves against spyware.

13
 Figure 8: Spyware

According to Roger Thompson, Spyware is annoying and negatively impacts the computing
experience. Even worse, there are real and significant threats to corporate and even national
security from those who use and abuse spyware. (Thompson, 2005)

II.5.5. Worm
A computer worm is a sort of malicious software or program that spreads through an organization's
network and replicates itself from one machine to another.

Worm spreads:
It may propagate without the help of humans, exploiting software security flaws and attempting to
get access to steal sensitive data, alter files, and install a back door allowing remote access to the
system.

14
 Figure 9: Worm

II.5.6. Denial of Service (DoS) Attack

Denial-of-Service (DoS) is an attack that causes a system or network to go offline or become
unreachable to users. It generally floods a targeted system with requests until regular traffic cannot
be handled, causing users to experience denial-of-service.

Some authors talk about DoS that attackers could easily hack the IoT devices that can be used to
form botnets, which can be used to launch distributed denial of service (DDoS) attacks against
networks. The DDoS attack is the major attack on the network, which made the entire network
down so that normal users might not avail of the services from the server.

15
 Figure 10: DoS Attack

DoS Attack:
• When an attacker prohibits legitimate users from accessing certain computer systems,
devices, or other resources, this is known as a denial-of-service attack.
• The attacker sends too much bandwidth to the target server, overloading it, causing
websites, email servers, and other Internet-connected services to go down.

II.5.7. Phishing
Phishing is a sort of social engineering attack that tries to steal personal information such as
usernames, passwords, credit card numbers, login credentials, and so on.

Phishing attack:
• In a phishing email assault, an attacker sends phishing emails to victims that appear to be
from their bank, asking them to disclose personal information.
• The message contains a link that will take you to another insecure website where your
information will be stolen.
• As a result, it's best to avoid, don't click, or read such emails, and don't send any important
information.

II.5.8. Malware
Malware is computer software that is often composed of a program or code that is created by
cybercriminals. It is a class of cyber security risks aimed at causing significant harm to systems or
gaining unauthorized access to a computer. According to Divya, the purpose of Malware is to
cause damage or penetrate a user's computer by hacking personal data for illegal activity such as
financial crimes. (Divya, 2013)

16
 Figure 11: Malware

Malware attack:
• Malware may infect a device in a variety of methods. For example, it might be transmitted
by email as a link or file, requiring the user to click on the link or open the file to run the
malware.
• Computer viruses, worms, Trojan horses, and spyware are examples of this form of assault.

II.5.9. Ransomware
Ransomware is a form of security threat that prevents users from accessing their computer systems
and demands bitcoin in exchange for access. WannaCry, Petya, Cerber, Locky, and Crypto Locker
are among the most dangerous ransomware outbreaks.
Some security specialists research that this type of malware has direct financial implications,
which has promoted an ecosystem of cybercriminals, who employ it as a business model.
Ransomware as a service (RaaS) is a service that allows the easy acquisition of ransomware codes
at a price. (Mohurle and Patil, 2017)

17
 Figure 12: Ransomware
Threats of various kinds are commonly implanted in a computer system in the following ways:
• When you open and download a malicious email attachment, be cautious.
• Install a virus-infected program or app
• When a person visits a website that is harmful or susceptible
• Untrustworthy web links or graphics should be avoided.

II.5.10. Data breach

A data breach is a security concern in which sensitive or protected information is exposed and
accessed from a system without the owner's permission. Credit card numbers, customer data, trade
secrets, and other sensitive, proprietary, or private information may be included.

18
 Figure 13: Data breach

II.5.11. Zero-day attack

A zero-day attack is a type of cyber security threat that exploits an undiscovered security flaw in a
computer program or application. When a company plans to launch an application, they don't know
what kinds of vulnerabilities to expect.
Zero-day attack:
When a patch hasn't been issued, or when software developers are ignorant of or don't have enough
time to resolve an application's vulnerability.
If the developer does not address the vulnerability, it may have an impact on computer programs,
data, or a network.

19
 Figure 14: Zero-day attack

II.6 An example of a recently publicized security breach

 Kaseya ransomware attack (2021)
• The story
On July 2 at 2:00 PM EDT, as previously reported by ZDNet, Kaseya CEO Fred Voccola
announced "a potential attack against the VSA that has been limited to a small number of
on-premise customers." At the same time, out of an abundance of caution, Voccola urged
clients to immediately shut down their VSA servers. Customers were notified of the breach
via email, phone, and online notices. As Kaseya's Incident Response team investigated, the
vendor also decided to proactively shut down its SaaS servers and pull its data centers
offline. By July 4, the company had revised its thoughts on the severity of the incident,
calling itself the "victim of a sophisticated cyberattack." Cyber forensics experts from
FireEye's Mandiant team, alongside other security companies, have been pulled in to assist.
In a July 5 update, Kaseya said that a fix has been developed and would first be deployed to
SaaS environments, once testing and validation checks are complete.

• The ransomware attack explained

Huntress has tracked 30 MSPs involved in the breach and believes with "high confidence"
that the attack was triggered via an authentication bypass vulnerability. The FBI described
the incident as a "supply chain ransomware attack leveraging a vulnerability in Kaseya
VSA software". Attack began on July 2 with reports of ransomware deployment on
endpoints. Zero-day vulnerabilities exploited by attackers to bypass authentication and for
code execution. Researchers identified several vulnerabilities, tracked as CVE-2021-30116,
which were used in the attacks.

20
 Figure 15: Kaseya Ransomware Attack

• Who has been impacted?

According to reports, 800 Coop supermarket chain stores in Sweden had to temporarily
close as they were unable to open their cash registers. Huntress said in a Reddit explainer
that an estimated 1,000 companies have had servers and workstations encrypted. On July
5, Kaseya revised previous estimates to "fewer than 60" customers, adding that "we
understand the total impact thus far has been too fewer than 1,500 downstream businesses."
Now, on July 6, the estimate is between 50 direct customers, and between 800 and 1,500
businesses down the chain. The number of vulnerable Kaseya servers online, visible, and
open to attackers dropped by 96% from roughly 1,500 on July 2 to 60 on July 8, according
to Palo Alto Networks.

• Solutions for organizations

 Announce our phased recovery strategy, starting with SaaS clients and then moving
on to on-premises customers.
 Kaseya will provide an overview of the assault and the countermeasures we took.
 New security measures will be introduced, such as increased security monitoring of
our SaaS servers utilizing FireEye and the implementation of better WAF
capabilities.
 To ensure a successful service restart, do an external vulnerability scan, verify the
SaaS Database for compromising metrics, and have our code audited by external
security experts.
 The EU's data centers will be restored first, followed by the UK, APAC, then North
American systems.

21
 III. Describe at least 3 organizational security procedures (P2)
III.1. What are security procedures
A security procedure is a collection of steps that must be followed to complete a certain security
duty or function. Procedures are often developed as a set of actions to be performed in a consistent and
repeatable manner to achieve a certain goal. Security procedures, once developed, give a set of defined
steps for performing the organization's security affairs, making training, process auditing, and process
improvement easier. Procedures serve as a starting point for establishing the uniformity required to
reduce variance in security procedures, hence improving security control inside the business. In the
security sector, reducing variance is also an excellent method to reduce waste, enhance quality, and
boost performance.

III.2 Anti-virus procedures

III.2.1 Purpose of anti-virus procedures
Antivirus software is used to protect computers from viruses by scanning, detecting, and removing them.
Antivirus definitions are databases that contain information used to identify viruses. Antivirus scanning
engines are designed to identify specific viruses using the aforementioned definitions and by recognizing
characterized behavior. Antivirus software vendors release a new virus definition (databases) for their
software products when they find new viruses. These vendor-specific database definitions are used by
antivirus software to identify known viruses and/or virus-like behavior. (Osaghae, Egbokhare and
Chiemeke, 2014)

Figure 16: Anti-virus

Procedures of anti-virus procedure

❖ Antivirus software is required.

22
❖ The antivirus software deployed on PCs and servers must be set to update regularly or more often.
❖ Anti-virus software should be installed and running on all computers used purely as servers.
❖ Only servers with a considerable negative impact from running anti-virus software, or servers
running a low-risk operating system like Solaris or VMS, may be considered for an exemption
from this method.
❖ The Director of Information Technology Services must approve any exclusions in writing.
❖ Virus-infected devices must be disconnected from the network until they are virus-free. System
administrators on campus are responsible for developing processes to guarantee that anti-virus
software is executed on university-owned devices at regular intervals and that the devices are
virus-free.
❖ Any acts that aim to produce and/or disseminate dangerous programs (e.g., viruses, worms, Trojan
horses, e-mail bombs, etc.) in or on the New Kensington Data Network are forbidden.
❖
III.3. Password procedures
III.3.1 Purpose
The first line of defense in protecting our financial transactions, personal conversations, and
private information saved online is a password policy. For end-users, having a strong password at
work is just as vital as having one at home; it's like having your bodyguard protecting you from
significant security risks, fraudsters, and hackers. Password policies are a collection of guidelines
designed to improve computer security by encouraging users to develop strong, secure passwords and
then properly store and use them. Passwords are a ubiquitous and critical component of many security
systems. As the information and access guarded by passwords become more necessary, we become
ever more dependent upon the security passwords provide. (Shay, Bhargav-Spantzel and Bertino,
2007)

Figure 17: Password procedures

23
III.3.2. The password policies and best practices that every system administrator should
implement:
• Enforce Password History policy: The Enforce Password History policy determines how
many times an old password may be used. It should be used with a minimum of 10
previously memorized passwords.
• Minimum Password Age policy: This guideline establishes how long users must maintain
their passwords before changing them. The Minimum Password Age prevents users from
circumventing the password system by creating a new password and then reverting to their
old one.
• Maximum Password Age policy: The Maximum Password Age policy establishes how long
users are allowed to maintain a password before being forced to update it. Set the value to
90 days for passwords and 180 days for passphrases to maintain network security.
• Minimum Password Length policy: The minimum number of characters required to
generate a password is determined by this policy. Because long passwords are more
difficult to crack than short ones, you should set the Minimum Password Length to at least
eight characters.
• Passwords Must Meet Complexity Requirements policy: These rules are followed while
creating a password:
➢ Passwords cannot include the user's whole name or portions of it, such as
their first name.
➢ At least three of the four-character kinds are required in passwords:
lowercase letters, uppercase letters, digits, and symbols.
• Reset Password: For further protection, the local administrator password should be changed
every 180 days, and the service account password should be changed at least once a year
during maintenance.
• Use Strong Passphrases: Domain administrator accounts should always be protected with
strong passwords of at least 15 characters.
• Password Audit policy: When you enable the Password Audit policy, you may keep track
of all password changes. This ensures user responsibility and serves as proof in the case of
a security compromise.
• E-Mail Notifications: Create email alerts before password expiration to inform your users
that their passwords are about to expire.

III.4. Physical Security Procedures

III.4.1 Purpose
Physical security measures are intended to keep buildings safe and secure while also protecting the
equipment within. In a nutshell, they keep undesired people out while allowing authorized persons
in. While network and cybersecurity are crucial, physical security breaches and threats must be
avoided to keep your equipment and data secure, as well as any staff or faculty members who have
access to the facility. Physical security concerns include theft, vandalism, fraud, and even
accidents. According to some authors, cyber-physical systems security is better understood, it will
require a risk management framework that includes an integrated approach across physical,

24
information, cognitive, and social domains to ensure resilience. (DiMase, Collier, Heffner and
Linkov, 2015)

Figure 18: Physical Security

III.4.2. Procedures of physical security

General:
• Physical security systems must adhere to all applicable requirements, including but not limited
to building codes and fire protection rules.
• Physical access to all (District/Organization) restricted facilities must be documented and
maintained.
• All Information Resource facilities must be physically safeguarded in proportion to the
criticality or relevance of their operation at (District/Organization).
• Access to Information Resources facilities must be restricted to (District/Organization) support
staff and contractors whose job duties need access to that resource.
• All facility openings where unauthorized individuals might enter the premises must be
controlled.
• Directories and internal phone books indicating the locations of secret information processing
facilities should not be easily accessible to anybody who is not authorized.
• Power outages and other disturbances caused by utility breakdowns must be avoided.
• Card access records and visitor logs for Information Resource facilities must be preserved for
routine inspection based on the criticality of the Information Resources being safeguarded.

25
 • Visitors in restricted sections of Information Resource facilities must be accompanied at all
times by authorized employees.
Access cards:
➢ The permission of a member of the physical security committee is required for the process of gi
ving cards and/or key access to Information Resource facilities.
➢ Each person who is permitted access to an Information Resource facility must execute the nece
ssary access and non-disclosure agreements.
➢ Keys and/or access cards must not be given or lent to others.
➢ Access cards and/or keys that are no longer necessary must be returned to staff in charge of ma
naging the physical facilities of the Information Resource.
➢ Cards must not be transferred to another person to avoid the return procedure.
➢ Lost or stolen access cards and/or keys must be notified as soon as possible to the person in
charge of the Information Resource physical facility management physical security committee.
➢ Individuals who change responsibilities within (District/Organization) or are separated from
their association with (District/Organization) must have their card and/or key access rights
removed by the physical security committee.
➢ Regularly, the physical security committee must examine card and/or key access rights for the
facility and revoke access for those who no longer require access.

IV. Identify the potential impact to IT security of incorrect configuration of

firewall policies and IDS (P3)
IV.1. Firewall
IV.1.1. Definition
A firewall is a computer network security device that controls internet traffic entering, leaving, and
inside a private network. This program, often known as a specialized hardware-software unit, works
by selectively blocking or permitting data packets. It is primarily meant to prohibit anyone—whether
inside or outside of a private network—from engaging in unlawful web activities and to assist in the
prevention of harmful conduct.
According to a journal, a firewall is a security guard placed at the point of entry between a private
network and the outside Internet such that all incoming and outgoing packets have to pass through it.
The function of a firewall is to examine every incoming or outgoing packet and decide whether to
accept or discard it. (Gouda and Liu, 2007)

IV.1.2. How does a firewall work?

A firewall operates based on a set of rules that govern whether or not traffic may enter or depart a
network. These guidelines change depending on what you instruct an application to perform and how
you characterize harmful behavior. Consider a firewall to be a security guard who is aware of
everything going on within the building (network) they are protecting.
When connecting to a website or running an application, you've undoubtedly had to click a "Allow
exception" popup at some time in your life. Firewall permissions are always changing, and different
firewalls operate at various levels. Some firewalls examine the sender's address, while others examine
the transmission's content.

26
 Figure 19: Firewall

IV.1.3 The usage of firewall

A network security firewall is designed to reduce a network's attack surface to a single point of
contact. Instead of every host on a network being directly connected to the internet, all traffic must
first pass via the firewall. Because this operates in reverse, the firewall may filter and stop non-
permitted traffic coming in or going out. Firewalls are also used to provide an audit trail of attempted
network connections to improve security awareness.

❖ Prevents the Passage of Unwanted Content

There is no end to the amount of unpleasant and undesired stuff that can be found on the
internet. Unless a robust firewall is in place, such harmful content can readily infiltrate the
system. Whenever a new system is used, the user must check to see if a firewall is there, and if
not, a third-party firewall can be installed.

❖ Prevents Unauthorized Remote Access

There are several unethical hackers in the world today that are always attempting to get access
to weak systems. The inexperienced user is never aware of who has access to his machine. A
powerful firewall eliminates the risk of a potential unethical hacker gaining remote access to a
system. A powerful firewall is required to secure your data, transactions, and so on; for
businesses, private data and information leaking mean massive loss and failure.

❖ Prevents Indecent Content

The vast network of the internet has exposed individuals, particularly adolescents and
youngsters, to immoral information. With shifting habits and lifestyles, such stuff is causing

27
 harm to the minds of children. A powerful firewall safeguards computer systems by blocking
immoral and obscene information from entering, allowing parents to keep their children secure.

❖ Guarantees Security Based on Protocol and IP Address

Hardware firewalls are handy for inspecting traffic activity based on a specific protocol.
Whenever a connection is formed, a record of activity is preserved from start to finish, which
aids in the protection of the system.

❖ Protects Seamless Operations in Enterprises

It is critical to have a robust firewall in place, and the firewall is the most crucial component in
providing security to all of these components. Decentralized systems allow authorized
stakeholders to access and manipulate data for effective company operations. Organizations
would struggle to run smoothly if they did not have robust firewalls.

❖ Protects Conversations and Coordination Contents

Almost all of the material from these coordinating operations is confidential and must be
adequately secured, and no company can simply afford the expense of such crucial content
leakage. The firewall efficiently protects the systems and provides for the secure and safe flow
of information, instilling confidence in the stakeholders.

❖ Prevents Destructive Content from Online Videos and Games

Malware assaults on websites that provide online games and films frequently go unnoticed
because users are so enthused about the games or movies that they want to discover on the
internet. It is usually a good idea to visit systems professionally and have them checked to see
if the system has an efficient and powerful firewall, either in the form of software or hardware.

IV.1.4. Advantage of firewall

➢ Monitors Network Traffic
Data flowing into and out of your systems opens the door for adversaries to compromise
your operations. Firewalls secure your systems by monitoring and analyzing network traffic
and applying pre-defined rules and filters. The ability to monitor network traffic is the
starting point for all the benefits of firewall protection.

➢ Stops Virus Attacks

You must put safeguards in place to keep your systems safe. Nothing may bring your
digital activities to a halt faster or more forcefully than a viral attack. The ability to restrict
your system's access points and thwart virus attacks is one of the most evident benefits of
firewalls.

➢ Prevents Hacking
Depending on the sort of cyber-attack, a firewall can either entirely halt a hacker or prevent
them from choosing an easier target.

28
 ➢ Stops Spyware
As computer systems get more complicated and resilient, the number of entry points
available to thieves to obtain access to your systems grows. Spyware and malware are
programs that are meant to enter your networks, take control of your machines, and steal
your data. Firewalls are a vital barrier against harmful applications.

➢ Promotes Privacy
Upgrades to data-protection systems can provide a competitive edge as well as a selling
point to customers and clients. The value grows when your company's data becomes more
sensitive, and you have more safeguards in place to secure it. It can also assist you in
creating a private environment in which your clients can put their faith.

IV.1.5. How does a firewall provide security to a network?

❖ Firewalls carefully examine inbound traffic from insecure or questionable sites to thwart
assaults and filter traffic based on previously defined criteria. Firewalls protect traffic
called ports at the computer entry point when information is transferred with external
systems. Only trustworthy individuals (source addresses) are permitted to reach the home
(destination address) at any time, implying that people in the house may only access certain
rooms. "Source address 172.18.1.1, for example, is authorized through port 22 to enter
192.168.2.1."
❖ For all network connections, Comoro Endpoint Firewall Protection is the most secure
alternative. It necessitates that traffic is halted or permitted by the rules. The occupier can
occupy the entire space (all ports), except a specific category of ports for children and
visitors.
❖ For the first time, a PC Security product received a perfect score. Matousec put 33 PC
firewalls through 84 different tests, including Internet Security. The firewall includes
antivirus protection as well as unified maintenance. The Endpoint Security Manager
package also includes simple troubleshooting tools.

IV.1.6. Show with diagrams the example of a firewall work

29
 Figure 20: The example of a firewall work

IV.2 IDS
IV.2.1. Definition
An Intrusion Detection System (IDS) is a system that analyzes network traffic for unusual behavior
and sends notifications when it detects it. It is a software program that analyzes a network or
system for malicious activities or policy violations. Any harmful activity or violation is often
notified to an administrator or centralized via a security information and event management
(SIEM) system.
Intrusion Detection Systems (IDS) is aimed at analyzing and detecting security problems. IDS
based on anomaly detection and, in particular, on statistical analysis, inspect each traffic flow to
get its statistical characterization, which represents the fingerprint of the flow. (Boero, Marchese
and Zappatore, 2017)

30
 Figure 21: IDS

IV.2.2. Type of IDS

➢ Network Intrusion Detection System (NIDS):
Network intrusion detection systems (NIDS) are installed at a predetermined location within the
network to evaluate traffic from all network devices. It monitors every passing traffic on the subnet
and compares it to a database of known threats. When an attack or unusual behavior is detected, an
alarm can be issued to the administrator. Installing a NIDS on the subnet where firewalls are
placed to determine whether somebody is attempting to penetrate the firewall is an example of a
NIDS.

➢ Host Intrusion Detection System (HIDS):

Host intrusion detection systems (HIDS) are network-based intrusion detection systems that run on
separate hosts or devices. A HIDS merely monitors the device's incoming and outgoing packets
and alerts the administrator if unusual or malicious behavior is detected. It takes a snapshot of the
current system files and compares them to the previous snapshot. If the analytical system files are
modified or destroyed, an alarm is issued to the administrator, who is then notified to investigate.

➢ Protocol-based Intrusion Detection System (PIDS):

A protocol-based intrusion detection system (PIDS) is made up of a system or agent that is always
at the front end of a server, regulating and interpreting the protocol between a user/device and the
server. It attempts to protect the website by checking the HTTPS protocol stream regularly and
accepting the associated HTTP protocol. Because HTTPS is not secured, this system would need to
sit in this interface before immediately accessing its web presentation layer to use HTTPS.

31
➢ Application Protocol-based Intrusion Detection System (APIDS):
A system or agent that lives within a collection of servers is known as an Application Protocol-
based Intrusion Detection System (APIDS). It detects intrusions by monitoring and analyzing
application-specific protocol traffic. For example, this would track the SQL protocol as it is
communicated to the middleware by the database in the webserver.

➢ Hybrid Intrusion Detection System:

The hybrid intrusion detection system is created by combining two or more intrusion detection
technologies. The hybrid intrusion detection system combines host agent or system data with
network information to create a comprehensive view of the network system. In comparison to
conventional intrusion detection systems, the hybrid intrusion detection system is more effective.

Figure 22: Type of IDS

IV.2.3. How do IDS work

➢ An intrusion detection system is a stand-alone program that detects and reports
irregularities in your network architecture before hackers may do damage.
➢ The intrusion detection system (IDS) is either deployed on your network or as a client
system (host-based IDS). Typical intrusion detection systems seek out known attack
signatures or aberrant departures from predefined standards.
➢ These aberrant network traffic patterns are subsequently transmitted up the stack for
additional study at the OSI (Open Systems Interconnection) model's protocol and
application levels.
➢ To function as a detection system, an IDS is located outside of the real-time
communication band (a channel between the information transmitter and receiver) inside
your network infrastructure.

32
 ➢ The IDS identifies contaminated elements that have the potential to degrade overall
network performance, such as malformed information packets, DNS poisonings, Xmas
scans, and more.

IV.2.4. Usage of IDS

An IDS will analyze passing traffic and match the traffic that is passed on the subnets to the
library of known attacks when put at a strategic point or location within a network to
monitor traffic to and from all devices on the network. When an attack is detected or
unusual activity is detected, an alarm can be issued to the administrator.
Knowing the strategies accessible to hackers attempting to penetrate a protected network
can assist IT organizations in understanding how IDS systems might be misled into
overlooking actionable threats:
❖ Fragmentation: Sending fragmented packets allows the attacker to remain
undetected by the detection system, allowing the attacker to remain undetected.
❖ Avoiding defaults: A protocol's port does not necessarily correspond to the protocol
that is being delivered. The IDS may not be able to identify the existence of a trojan
if it has been modified to utilize a different port by an attacker.
❖ Low-bandwidth coordinated attacks: coordinating a scan among several attackers,
or even assigning different ports or hosts to different attackers. This makes it
difficult for the IDS to correlate the collected packets and determine whether or not
a network scan is taking place.
❖ Address spoofing/proxying: attackers can obfuscate the origins of an attack by
bouncing an assault around inadequately protected or mistakenly configured proxy
servers. It's quite tough to determine if the source is faked and bounced by a server.
❖ Pattern change evasion: To identify assaults, IDS depend on pattern matching.
Detection can be avoided by making minor changes to the attack architecture.

IV.2.5. Advantage of IDS

o They may be tuned to specific network packet content.
Firewalls may be able to display the ports and IP addresses utilized between two hosts, but
NIDS may be configured to display the particular content included inside the packets. This
can be used to detect intrusions such as exploitation assaults or botnet-related compromised
endpoint devices.
o They can examine data inside the context of the protocol.
The TCP and UDP payloads are examined when a NIDS performs protocol analysis.
Because the sensors understand how the protocols should work, they can identify unusual
behavior.
o They can classify and quantify attacks.
An intrusion detection system (IDS) examines the number and types of assaults. This data
may be utilized to improve your security measures or to establish new, more effective
restrictions. It can also be examined for vulnerabilities or issues with network device
settings. After that, the measurements may be utilized to make future risk evaluations.
o They Make Compliance with Regulations Easier

33
 I’d make it simpler to comply with security rules since they provide better visibility across
your network. To satisfy certain standards, you can also utilize your IDS logs as part of the
documentation.
o They have the potential to increase productivity.
IDS sensors can analyze the data within network packets and identify the services or
operating systems that are being used since they can detect network devices and hosts.
When compared to complete it manually, this saves a lot of time. In addition to decreasing
labor, an IDS may automate hardware inventory. This increased efficiency can help a
business save money on employees while also offsetting the expense of deploying the IDS.

IV.2.6 How do an IDS provide security to a network?

Network intrusion detection systems (NIDS) are critical for comprehensive security, but there
are a few things to bear in mind while using them. There may be false positives and false
negatives when monitoring and analyzing network traffic for suspicious or possibly malicious
activities, thus it's vital to have IT, people, with the expertise and abilities to make choices and
take action based on network IDS warnings.
o False Positives
While signature-based threat detection is often reliable, you will likely experience false
positives when it comes to anomaly-based detection and flagging possibly suspicious or
malicious activities. When a network IDS labels typical or lawful traffic as suspicious or
malicious, this is known as a false positive. The intrusion detection system must have a
good understanding of regular traffic and be correctly adjusted to ignore legal or permitted
traffic.
o Negatives that aren't true
On the other side of false positives, there's also the possibility that suspicious or malicious
behavior won't be identified 100% of the time. This is especially true for zero-day or
emerging threats that use novel flaws and attack methodologies that the IDS isn't familiar
with.
o Experts in Security
Aside from false negatives and false positives, the largest difficulty with a network IDS
might be the sheer number of warnings. One of the most critical aspects of efficiently
employing a network intrusion detection system is having IT security people with the
requisite expertise and abilities to filter out false alarms and identify suspicious or
malicious traffic that the network IDS may have missed.

IV.2.7. Show with diagrams the example of how IDS works

34
 Figure 23: IDS work

IV.3. The potential impact (Threat-Risk) of a Firewall and IDS if they are incorrectly
configured in a network
IV.3.1. The potential impact of a Firewall
Firewalls are core elements in network security. However, managing firewall rules, especially for
enterprise networks, has become complex and error-prone. Firewall filtering rules have to be
carefully written and organized to correctly implement the security policy. In addition, inserting or
modifying a filtering rule requires a thorough analysis of the relationship between this rule and
other rules to determine the proper order of this rule and commit the updates. (Al-Shaer and
Hamed, 2004)
So, the firewall still has some risks, some threats if misconfigured about it:
❖ Broad policy configurations
Firewalls are frequently configured to allow traffic from any source to any destination.
This is because IT teams do not always know exactly what they require. It's also a good
idea to evaluate your firewall settings regularly to examine application use patterns.
❖ Risky rogue services and management services
Unencrypted protocols like telnet are still used to handle equipment that is more than 30
years old. Hardening devices and verifying that configurations are compatible before
they are placed into production are the solutions to this challenge. You may boost
security and lower the risks of leaving a harmful service running on your firewall by
setting your devices depending on the function you want them to perform.

❖ Test systems using production data

35
 According to good governance rules, test systems should not link to production
systems. However, testing teams typically ignore this because they believe that using
production data is the most reliable approach to test. The information may be very
sensitive, and it's also possible that it's subject to regulatory compliance.
❖ Log outputs from security devices
Enterprises must assess the health of their firewall security and identify any potential
vulnerabilities. The cost of logging infrastructure is high, and it's difficult to implement,
analyze, and manage. The costs of being compromised without being notified or tracing
the assault are undoubtedly far higher.
❖ Port blocking is no longer effective
When every service in the globe utilized its TCP/IP port—FTP over 21, SMTP over 25,
and so on—traditional firewalls were more useful. Today, most communication takes
place via ports 80 and 443, with the latter becoming more important. What little
network traffic isn't already carried over 443 will most likely be in the coming years.
❖ Boundaries are fading away
Security domain borders are epitomized by firewalls. A firewall is used to enforce
traffic between two or more security boundaries. Effective, secure borders have been on
the decline for over a decade. They were never ideal, but borders began to fade as we
began to link the internet to other networks and include Wi-Fi routers into the mix.

Figure 24: Potential of firewall

IV.3.2. The potential impact of IDS

Intrusion detection systems (IDS) have become one of the most common countermeasures in the
network security arsenal. But while other technologies such as firewalls and anti-virus provide
proactive protection, most current IDSs are passive; detection of a suspected intrusion typically
triggers a manual response from a system administrator. (Papadaki and Furnell, 2004)

36
❖ Source Addresses
Intrusion detection software can be fooled by forged or scrambled network addresses.
In each of these cases, the IT specialist is left chasing ghosts and powerless to prevent
network attacks. The IP address in an IP packet is used by intrusion detection software
to offer information about a network.
❖ Encrypted Packets
Encrypted packets could be used to facilitate an unnoticed network infiltration. This
might result in the introduction of a virus or other software flaw, which could be
averted if the intrusion detection software could process encrypted packets rather than
un-encrypting them as it presently does.
❖ Analytical Module
Intrusion detection is an effort to prevent unwanted access to a computer network. An
IT expert monitoring the system will be notified that strange activity has been
discovered, but they will be unable to determine where it originated. If further
information could be discovered, the IT expert may take a defensive posture to avoid
future intrusions.
❖ False Alarms
False alerts can be generated by intrusion detection software. IT personnel must acquire
considerable training to distinguish between what is and is not a false alert. Another
downside of intrusion detection software that businesses must deal with is the cost of
completing this training.

Figure 25: Intrusion Detection System

37
V. SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ,
STATIC IP, AND NAT IN A NETWORK CAN IMPROVE NETWORK
SECURITY (P4)
V.1. DMZ
V.1.1 Purpose of DMZ
A DMZ Network is a perimeter network that protects and adds a layer of protection to an
organization's internal local-area network from unauthorized traffic. The DMZ is the public access
network. It contains servers that can be accessed from the outside and the inside network. It can
contain an HTTP server, Mail server, DNS, etc. Its location reduces the network complexity and
increases network security. Local users get credible performance because the latency between
DMZ and them is low. (Rababah, Zhou and Bader, 2018)
The DMZ Network exists to safeguard the most vulnerable hosts to assault. These hosts often
provide services to users outside of the local area network. They are placed in the monitored
subnetwork because of the greater risk of assault. Access permissions to other services within the
internal network are rigorously limited for hosts in the DMZ.

Figure 26: DMZ

V.1.2. How does DMZ work?

According to some authors, the main elements of the Science DMZ include: 1) specialized end
devices, referred to as data transfer nodes (DTNs), built for sending/receiving data at a high speed
over wide area networks; 2) high-throughput, friction-free paths connecting DTNs, instruments,
storage devices, and computing systems; 3) performance measurement devices to monitor end-to-
end paths over multiple domains, and 4) security policies and enforcement mechanisms tailored for
high-performance environments. (Crichigno, Bou-Harb and Ghani, 2018)

Any gadget that is connected to the internet bears the brunt of most attacks and hence bears the
most danger. Companies with public servers that must be accessible by persons outside the
company are often more vulnerable to assaults. DMZs serve as a buffer zone between an external
network and an internal network. Creating a DMZ between two firewalls implies that all incoming

38
traffic is filtered using a firewall or security appliance or firewall before it reaches the
organization's server.

If a competent bad guy breaches the company's firewall and gets unauthorized access to those
systems before engaging in destructive conduct or accessing sensitive data, those systems notify
the host that a breach is ongoing.

V.1.3. Usage of DMZ

The DMZ is where servers and applications that are exposed to the Internet are kept. With a solid
business-related explanation, several of these are needed to be exposed to the Internet. You can't
just block access to your website or you'll lose sales. They are, however, at a far higher danger of
being compromised since they are connected to the Internet. Anyone may gain access to these, and
if you didn't already know, any device that is connected to the Internet is always under assault.

Even if you have a strong security posture, an attacker may be able to hack one of these systems by
exploiting a zero-day vulnerability or failing to install a patch. As a result, you should perceive
these systems as untrustworthy, or at the very least, as posing a greater danger.
A DMZ is a security layer that expects one of these systems will be attacked at some point and
attempts to restrict the amount of damage an attacker may cause. You may effectively restrict the
harm an attacker can accomplish by forcing all traffic from the DMZ to transit via a firewall. Only
approved connections from the DMZ to the internal network should be allowed if this firewall
ACL is configured properly. As a result, an attacker will find it far more difficult to pivot to the
internal network and target internal systems.

V.1.4. Advantage of DMZ

Implementing a DMZ allows a company to set several levels and zones of trust inside its network.
This has a lot of advantages for a company, including:
➢ Protection of Internet-Facing Systems: Email servers, web applications, and other
Internet-facing systems require access to sensitive data, which necessitates their security.
These systems can be accessed from the public Internet while still being secured by the
external firewall by being placed on the DMZ.
➢ Internal System Protection: Some DMZ systems (such as FTP servers) represent a hazard
to internal systems in an organization's network. By putting these systems on a DMZ, an
additional layer of security inspection is added between them and the company's internal
network.
➢ Limited Lateral Movement: Cyber attackers frequently use a system to get a foothold in a
network, then use that foothold to expand their access. Because the most susceptible and
exploitable systems are on the DMZ, using them as a foothold to gain access to and exploit
the interior protected network is more challenging.
➢ Preventing Network Scanning: Attackers frequently scan networks to locate systems and
software that might be exploited. Only systems that are meant to be Internet-facing are
accessible and scannable from the public Internet when a DMZ is implemented.

39
 ➢ Improved Access Control: By putting a firewall between your internal network and your
Internet-facing systems, you can check all connections between them. This enables the
company to create and implement rigorous access rules to secure its internal systems.
➢ Improved Network Performance: Internet-facing systems are built to be regularly used
by external users. By putting these systems on a DMZ, the demand for internal network
infrastructure and firewalls is reduced, and performance is improved.

Figure 27: DMZ Network

V.2. Static IP
V.2.1. Purpose of Static IP
A static Internet Protocol (IP) address (static IP address) is a number that is issued to a computer
by an Internet service provider on an ongoing basis (ISP). A static IP address is the inverse of a
dynamic IP address and is also known as a fixed IP address or dedicated IP address. When a
machine with a static IP address connects to the Internet, it uses the same IP address. Static IP
addresses are important for gaming, website hosting, and Voice over IP (VoIP) services. The
importance of speed and dependability cannot be overstated. Systems using static IP addresses are
subject to data mining and increased security issues since their addresses are constant.

40
The most important factor is to secure the information stored by a user. Information can be easily
copied or erased or modified. This stage implements two important factors of security in the static
IP address and Biometrics. Internet users assigned Static IP addresses is the essential factor.
(Jayakumar and Christopher, 2012)

An IP address range is assigned to an ISP. The Dynamic Host Configuration Protocol (DHCP)
server, which is set to assign static IP addresses to specific machines, is used by the ISP to assign
each address to its networked PCs.
When the Internet was initially conceived, the need for an unlimited number of IP addresses was
not anticipated. The Internet Protocol version 4 (IPv4), which used 32-bit addressing, allowed for
4.2 billion distinct addresses at the time.
IPv6 was a successor to IPv4 that allowed for 128-bit addressing and essentially infinite IP
addresses.

Figure 28: Static IP

V.2.2. How does static IP work?

Static IP addresses are typically utilized by larger businesses or network managers, and
they are assigned on demand. Obtaining a static IP address entails leasing the IP address for
a specified amount of time till the contract expires.

When you connect to the internet using a static IP address, that IP address remains constant
regardless of how many times you reset the connection or the router.

All devices with a normal IP address can be set with a static IP address. A static IP address
is assigned by an Internet Service Provider (ISP). It can take the form of both IPv4 and
IPv6.

41
 Internet Service Providers assign static IP addresses (ISPs). Depending on the terms of your
service agreement, your ISP may or may not assign you a static IP address. We'll go into
your alternatives later, but for now, consider that a static IP address increases the cost of
your ISP subscription.

A static IP address might be IPv4 or IPv6; the crucial attribute, in this case, is static.
Someday, every piece of networked equipment will have a unique static IPv6 address.
We're not quite there yet. For the time being, we use static IPv4 addresses for permanent
addresses.

V.2.3. Usage of static IP

➢ Creating a personal file server.
➢ A second router is added to a network.
➢ Allowing access to a computer when you're not at home or work.
➢ Port forwarding to individual devices.
➢ Using a network to share a printer.
➢ If you're not at home, you could connect to an IP camera.

V.2.4. Advantage of static IP

❖ Speed: Because static IP addresses have fewer inconsistencies, devices assigned to them tend
to function better. Only if you utilize a broadband connection will you notice the difference in
speed. For DSL connections, no. This is particularly useful if you often upload and download
files.
❖ Security: The level of protection provided by a Static IP address is always higher. The use of a
static IP address adds an extra degree of security, ensuring that the majority of security issues
are avoided.
❖ Accessibility: With tools like Virtual Private Network, remote access is feasible with a static IP
address (VPN). That is, gadgets may be accessed from anywhere on the planet. All information
is accessible as long as the device is linked to the internet.
❖ Hosting: Static IP addresses now allow all sorts of hosting, including web servers, email
servers, and other types of servers. As a result, if you have a static IP address, all of your
consumers and clients will be able to visit your website without difficulty. Furthermore, while
utilizing a static IP address, the devices may simply detect and locate all servers throughout the
world.
❖ Stability: Because they are not subject to change, all static IP addresses are known to be stable.
It does not have frequent lapses, unlike a Dynamic IP address. Whenever the machines are
rebooted, they will be able to immediately rejoin the internet using the same IP address.
❖ Accuracy: When it comes to geolocation data, a static IP address is quite accurate. All
geolocational services will be able to pinpoint the exact location of a firm. With this reliable
data, businesses can be confident that they are constantly on the cutting edge. This is
advantageous to businesses in a variety of ways.
❖ Shared resources: Some firms encourage their employees to share workplace supplies. They do
this by utilizing a business network with devices that have a static IP address. It is easier to

42
 locate a device that has been allocated a Static IP address. Devices with dynamic IP addresses,
on the other hand, are notorious for being difficult to locate.

V.3. NAT
V.3.1. Purpose of NAT
Network Address Translation (NAT) is a method of representing an entire group of machines with
a single, unique IP address. NAT saves IP addresses by allowing private IP networks to connect to
the internet using unregistered IP addresses.

As part of this capacity, NAT settings can expose just one IP address for a whole network to the
outside world, essentially masking the entire internal network and adding security. Network
address translation is commonly used in remote-access scenarios because it provides both address
conservation and increased security.

According to some authors, NAT uses mapping to translate packets for each TCP connection. NAT
maintains a state associated with in-progress and established connections. (Guha et al., 2008)

A networking system needs a unique IP address to interact with the internet. This 32-bit number is
used to identify and find the network device so that it may be communicated with.

Although the IPV4 addressing mechanism of previous decades made billions of these unique
addresses available, not all of them could be given to communication devices. Instead, some were
exempted and allowed to be used for testing, transmission, and some restricted military reasons.

As a workaround to this flaw in the IPv4 addressing method, the IPv6 addressing scheme was
devised. IPv6 restructures the addressing system to provide additional alternatives for allocating
addresses, however, the architecture and implementation of IPv6 have required several years. In
the meanwhile, Cisco introduced and extensively used NAT.

43
 Figure 29: NAT

V.3.2. How does NAT work?

A single device, such as a NAT firewall, NAT router, or other network address translation device,
can function as an agent between the public network and private networks—the internet and any
local networks—using network address translation. When a collection of devices does something
outside of its network, they are all represented by a single IP address.

NAT acts as a receptionist for a major corporation, with explicit instructions on whether calls and
guests should be kept out, made to wait, or sent through, as well as where they should go. You may
tell the receptionist, for example, not to transmit any visitors or calls without your permission
unless you're waiting for something specific; you can then leave instructions about allowing that
specific client contact through.

Because that public-facing number is the only one that anyone knows, the client dials the
company's main number. They advise the receptionist that they need to talk with you, and the
receptionist a) double-checks the instructions to ensure that you want the call forwarded, and b)
compares your extension to a list to ensure that the information is sent to the correct location. The
caller is never connected to your line.

Similarly, network address translation works. The request comes at the public IP address and port,
and the NAT instructions direct it to the appropriate destination without disclosing the destinations'
private IP addresses.

V.3.3. Usage of NAT

Through a report on the use of Nat in residential broadband networks, a group of authors has found
the results that they found that more than 90% of DSL lines use NAT gateways to connect to the

44
 Internet and that 10% of DSL lines have multiple hosts that are active at the same time. Overall,
up to 52% of lines have multiple hosts. Our findings point out that using IPs as host identifiers
may introduce substantial errors and therefore should be used with caution. (Maier, Schneider
and Feldmann, 2011)

V.3.4. Advantage of Nat

➢ Address conservation: NAT preserves and prevents the depletion of legitimately registered IP
addresses.

➢ Network address translation security: NAT allows users to use the internet with greater security
and privacy, even when transmitting and receiving traffic. Users can use NAT rate-limiting to limit
the number of concurrent NAT operations on a router. This may also help you avoid worms,
viruses, and denial-of-service (DoS) assaults. The use of dynamic NAT automatically builds a
firewall between the internal network and the internet.

➢ Flexibility: NAT is adaptable; it may, for example, be used in a public wireless LAN setting. In
some circumstances, inbound mapping or static NAT allows external devices to connect to
computers on the stub domain.

➢ Simplicity: When a network changes or merges, there is no need to renumber addresses. You can
construct an inside network virtual host to coordinate TCP load-balancing for internal network
servers using network address translation.

➢ Speed: NAT is transparent to both destination and source computers, unlike proxy servers,
allowing for faster direct communication. Furthermore, proxy servers often operate at the OSI
Reference Model's transport layer or above, making them slower than network address translation,
which operates at the network layer or layer 3.

➢ Scalability: The DHCP server distributes unregistered IP addresses for the stub domain from the
list as needed, and NAT and dynamic host configuration protocol (DHCP) operate effectively
together. Scaling up is easier because instead of requesting new IP addresses from IANA as needs
grow, you may expand the available range of IP addresses that DHCP configures to create a place
for extra network machines right away.

➢ Multi-homing: multi-homing, or having many internet connections, helps maintain a reliable

connection and reduces the likelihood of a shutdown in the event of a lost connection. Multi-
homed networks frequently link to many ISPs, each of which assigns the organization a range of IP
addresses or a single IP address. This minimizes the number of machines that share a single
connection while also allowing load balancing.

VI. Propose a method to assess and treat IT security risks. (M1)

VI.1. Discuss the approaches needed to assess the threat to its security.
Tools monitoring, for example.

45
VI.1.1. Security risk assessment
The process of identifying and analyzing risks for assets that might be harmed by cyberattacks is
known as cybersecurity risk assessment (SRA). In essence, you analyze both internal and external
risks, assess their potential impact on data availability, confidentiality, and integrity, and calculate the
costs of a cybersecurity event. You may customize your cybersecurity and data protection procedures
to fit your organization's real risk tolerance using this information.
SRA tolerates analyzing security risks to act on them as quickly as possible. Today’s SRA must
mandatory face the IoT’ scalability feature, devices’ diversity, and the infrastructures’ interrelation.
Consequently, traditional SRA approaches do not sustain resistance, tolerance, and resilience towards
security risks occurrence. (Abbass, Bakraouy, Baina and Bellafkih, 2019)

VI.1.2. Importance of regular IT security assessments

Regularly conducting a thorough IT security assessment aids firms in laying a solid foundation for
long-term commercial success.
It enables them to do things like:

➢ Gaps in IT security should be identified and closed.

➢ Data breaches should be avoided.
➢ To reduce risks, choose the right methods and safeguards.
➢ Protect the item with the highest value and the greatest danger as a top priority.
➢ Remove any controls that aren't needed or aren't working.
➢ Consider possible security partners.
➢ Regulatory compliance must be established, maintained, and shown.
➢ Predict future demands with accuracy.

Figure 30: Security risk assessment

VI.1.3. What is a cyber risk (IT risk)?

46
Any danger of financial loss, interruption, or harm to an organization's reputation stemming from
the breakdown of its information technology systems is referred to as cyber risk. Cyber risk can
manifest itself in a variety of ways, including:
❖ Intentional and unauthorized security breaches to obtain access to information systems.
❖ Breach of security that is unintentional or unavoidable.
❖ Poor system integrity, for example, poses operational IT hazards.

The authors identify a gap between Enterprise Risk Management (ERM) as a general approach to
risks threatening firms’ objectives on the one hand and Cyber Risk Management on the other hand.
The results suggest that Enterprise Risk Management needs to better understand and describe
emerging IT risks. (Eling, 2018)

Figure 31: Cyber risk

VI.1.4. IT risk assessment components and formula

The four essential elements
There are four main components to an IT risk assessment. We'll go into how to evaluate each one
later, but first, here's a quick rundown:
 Threat: An incident that poses a risk to an organization's personnel or assets is referred to
as a threat. Natural catastrophes, website outages, and corporate espionage are all
examples.

47
  Vulnerability: Any possible weak point that might allow a threat to do harm is referred to
as a vulnerability. The NIST National Vulnerability Database keeps track of particular,
code-based flaws in software and hardware that security specialists should be aware of.
 Impact: The impact is the overall amount of harm an organization would suffer if a threat
exploited a vulnerability. A successful ransomware assault, for example, might result in
lost productivity and data recovery costs, as well as the revealing of client data or trade
secrets, resulting in lost business.
 Likelihood: This is the likelihood of a threat occurring. It is generally a range rather than a
precise number.

VI.1.5. How to perform a security risk assessment

Step 1: Identify and catalog your information assets
Making ensuring you have a full list of your informational assets is the first step in a risk
assessment. It's crucial to note that different roles and departments will have different viewpoints
on what the most significant assets are, so gather feedback from several sources.

You'll need to categories these data assets based on their sensitivity level as well as the strategic
value of the asset to the firm once you've identified all of your information assets and key
stakeholders across all departments.

Step 2: Identify threats

When it comes to dangers to your company's data security, hackers are frequently first to come to
mind, but there are many different forms of hazards. Not just hostile human intervention, but also
unintentional human interference, such as workers mistakenly deleting information or clicking on a
virus link, must be considered. You may also need to factor in the risk of system failure, depending
on the quality of your hardware and information systems. Natural calamities and power outages
may cause just as much devastation as humans, so you must account for them as well.

Step 3: Identify vulnerabilities

A vulnerability is a flaw in your system or operations that might lead to a data security breach.
Audits, penetration testing, security studies, automated vulnerability scanning tools, and the NIST
vulnerability database can all help you uncover flaws. It's also crucial to think about any physical
flaws. For example, much like weaknesses in your software and electronic systems, if your
workers work with physical copies of sensitive information or use corporate equipment outside of
the office, this can lead to information misuse.

Step 4: Analyze internal controls

Following the identification of your systems and processes, the next step is to put controls in place
to reduce or eliminate vulnerabilities and risks. This might be a control that handles threats that
can't be completely eradicated, or it could be a control that addresses vulnerabilities that can't be
completely eliminated. If your company lacks security and compliance subject matter specialists,
it's critical to hire professional services businesses with extensive experience in dealing with IT
security challenges.

48
Step 5: Determine the likelihood that an incident will occur
Many organizations use the terms "high," "medium," and "low" to describe the likelihood of a
danger occurring. On the other hand, if you deal with a lot of personal health data, have automated
mechanisms for encrypting and anonymizing it, and test and review the performance of such
systems regularly, the chances of an incident are slim. To make this conclusion, you'll need to
leverage your understanding of the vulnerabilities and the controls that have been implemented
inside your business.

Step 6: Assess the impact a threat would have

Impact analysis is a phase that should be undertaken for each vulnerability and threat you've
identified, regardless of the possibility of it occurring. Three items should be included in your
impact analysis:
➢ The system's mission, as well as the methods that the system employs
➢ The importance of the system and the value of the data to the organization establish the
system's criticality.
➢ The system's and its data's sensitivity

Step 7: Prioritize the risks to your information security

Prioritizing your security threats can help you figure out which ones require immediate attention
and which ones can wait. For this, a basic risk matrix that allows you to leverage the information
you currently known for each vulnerability/threat pair may be useful. Your risk matrix may be as
basic or as sophisticated as you need it to be.

Step 8: Design controls

You may start building a plan for managing the most pressing risks once you've identified all of
the hazards in your firm. You should engage the persons who will be responsible for implementing
the controls in determining what measures you need to design to successfully reduce or eliminate
the risks. To design a new set of controls, you may need to speak with professional services
organizations with IT and security experience.

Step 9: Document the results

The final stage in your risk assessment is to write a report that describes all of your findings in a
way that makes the proposed budget and policy adjustments easy to understand. Risk assessment
reports can be quite thorough and complex, or they can simply explain the risks and controls that
need be implemented. The appearance of your report is determined by who your audience is and
how well they understand information security. It's crucial to remember that risk assessment is a
continuous process, not a one-time event.

VI.1.6. Ex: Monitoring tools

Activity Log Analysis — XpoLog

49
 Figure 32: XpoLog

Protecting apps and data – Imperva

Figure 33: Imperva

Prevent phishing attacks – Hoxhunt

50
 Figure 34: Hoxhunt

VI.2. What is the current weakness or threat of the organization?

Hackers may leverage and exploit six major flaws in ICS systems to attack an industrial facility,
with remedies.
• Unauthenticated protocols: If an ICS protocol does not need authentication, any computer
on the network can transmit orders to change the physical process. This might result in
faulty process operation, product damage, plant equipment destruction, personnel
accidents, or environmental deterioration.
• Using out-of-date hardware: ICS hardware is designed to last decades. This hardware may
be too easy to use or lack the processing power and memory required to deal with the threat
environment provided by contemporary network technologies.
• Weak user authentication: Fixed-assigned passwords, passwords that are simple to detect,
passwords kept in easily recoverable forms, and encrypted passwords are all common user
authentication flaws in classic control systems. in a text message Once, an attacker knows
this password, they have complete access over the control process.
• Weak file integrity check: There isn't any digital authentication. Code signing (is a product
for software developers who want to ensure the integrity of their product from the time it's
compiled until the user installs it on their computer or mobile device) ensures that the code
hasn't been tampered with or corrupted, allowing attackers to trick users into installing
software that isn't from the vendor. It also allows attackers to substitute harmful files for
legal ones.

51
 • Using insecure Windows operating systems: Unpatched Microsoft Windows operating
systems are frequently used in industrial systems, resulting in known vulnerabilities.
• Unknown third-party relationships: Many ICS providers may be unaware of the third-party
components they utilize in their systems, making it harder for them to alert consumers
about vulnerabilities. As a result, hackers who are aware of the reliance can target software
that the industrial business is unaware of.

VI.3. What tools will you propose to treat the IT security risk?
OCTAVE is a risk assessment approach that is both flexible and self-directed. To handle the
organization's security demands, a small team of employees from the operational (or business)
units and the IT department collaborate. To characterize the present state of security, identify
threats to vital assets, and develop a security plan, the team depends on the expertise of numerous
personnel. It may be modified to fit the needs of almost any company.

The OCTAVE technique, unlike most other risk assessment approaches, is driven by operational
risk and security processes rather than technology. Its purpose is to enable a company to:
➢ Direct and manage their own information security risk assessments
➢ Make the best decisions possible based on their own concerns.
➢ Concentrate on safeguarding critical data assets.
➢ Communicate critical security information effectively.

Figure 35: Octave

52
 The OCTAVE technique is divided into three parts and is based on eight operations. It is
frequently preceded by an exploration phase (known as Phase Zero) in higher education
institutions to define the criteria that will be employed throughout the use of the Octave technique.

OCTAVE is divided into three phases:

❖ Initial security strategies must be developed in phase one.
❖ Phase 2: A technological perspective – Identify infrastructure flaws
❖ Phase 3: Risk assessment and development of security strategies and plans

VII. Discuss three benefits to implement network monitoring systems with

supporting reasons. (M2)
VII.1. Some networking monitoring devices and describe each.
❖ Smartext Monitoring

Figure 36: Smartext Monitoring

Sematext Monitoring is a full-stack IT infrastructure monitoring tool that gives you real-time
visibility into both on-premises and cloud installations. It monitors apps, servers, containers,
processes, inventories, events, databases, and more to assess how healthy your infrastructure is.
This tool detects anomalies in infrastructure and integrates with external notification systems
such as PagerDuty, Opsgenie, Splunk On-Call, and webhooks for infrastructure alerting.

❖ The Elastic Stack

53
 Figure 37: The Elastic Stack
The monitoring solution ELK Stack (ELK Stack) integrates the features of three open-source
projects: Elasticsearch, Logstash, and Kibana. Metricbeat is a module that lets you correlate
data from a variety of sources, including servers, Docker containers, Kubernetes, and more.
You may also use third-party integrations to set up alerts for index/metrics-based thresholds
and send notifications.

❖ Zabbix

54
 Figure 38: Zabbix

One of the most widely used open-source infrastructure monitoring tools is Zabbix. It's a
flexible solution with different network, server, cloud, application, and database monitoring
options. Zabbix collects essential data including CPU, memory, and network utilization across
many platforms (Windows, Linux, Unix, etc.).

❖ SolarWinds Server & Application monitor

Figure 39: SolarWinds Server & Application monitor

SolarWinds Server and Application Monitor (SAM) delivers comprehensive monitoring of

your on-premises and cloud IT infrastructure. You may monitor infrastructure components
using WMI, SNMP, PowerShell, REST API, and other methods. For server hardware from
many suppliers, SAM monitors performance, hard-drive state, fan status, power supply, and
temperature. It also comes with pre-configured OS monitoring options for Windows and Linux,
allowing for speedier onboarding and monitoring.

❖ Datadog Infrastructure Monitoring

55
 Figure 40: Datadog Infrastructure Monitoring

Thousands of out-of-the-box infrastructure metrics are available in Datadog, allowing you to

monitor the health of your application stack, containers, virtualization platform, and more.
More than 450 integrations, including major stacks like Kubernetes, Docker, and Apache
Kafka, are supported by the tool, which employs an open-source agent. It has automatic
anomaly detection as well as an intelligent warning system.

❖ ManageEngine OpManger

Figure 41: ManageEngine OpManger

56
 ManageEngine OpManager is a reliable infrastructure monitoring tool that can monitor
networks, physical and virtual servers, storage devices, and more in real time. The platform
delivers a complete view of overall network performance with customized dashboards that
include over 200 performance widgets. The program may also automatically map availability
and response-time monitoring to all services operating on Windows and Linux servers.

VII.2. Why do you need to monitor network?

Network monitoring software can examine performance in real time, which means that if a
breakdown or issue is found, you will be notified promptly through email. Because of the quick
transmission of information, you may be notified of network problems wherever you are, allowing
you to take immediate remedial action and reduce possible downtime.

Network monitoring software also eliminates the requirement for a physical system administrator
as well as manual inspections. This may save your firm both time and money while also ensuring
that the problem is adequately addressed.

The reporting supplied by network monitoring is another significant benefit. These reports can help
you see patterns and trends in system performance, as well as show that improvements or
replacements are required. It's also simple to develop performance benchmarks.
Finally, network monitoring technologies may help you pinpoint which sections of your network
are having issues. This means you can rapidly identify the problem, saving you time and money
when it comes to solving it.

There are various more reasons why network monitoring is critical:

❖ To improve the performance and availability of the network
❖ Keep yourself updated.
❖ Issues should be diagnosed
❖ Issues should be reported.
❖ Remove the need for manual inspections.
❖ Approach that is proactive
❖ Keep an eye on the latest developments.
❖ Data on performance and availability benchmarks

VII.3. The benefits of using a network monitoring system for and organization are
next:
◆ Benchmarking standard performance
IT outages can result from a variety of factors.
❖ Errors made by humans
❖ Changes to the network that are incompatible
❖ Technology's ever-increasing complexity

Benchmarking benefits of network monitoring

57
 Network monitoring provides you with the insight to assess daily performance and the
foresight to detect any deviations in performance standards, allowing you to detect
abnormalities before they occur.
Effective network monitoring allows IT workers to spot possible problems early and fix
them before they become severe problems that cause system downtime.

Figure 42: Benchmarking standard performance

◆ Effectively allocating resources

IT teams are working with less than optimum time, manpower, and budget needs due to
enormous workloads and projects that never seem to become any less difficult. This implies
that if a network failure goes unnoticed, the already overburdened team will be forced to
move resources from one business-critical project to another with little notice or
preparedness.
It is feasible to reduce the need for the following tasks by implementing good network
monitoring:
❖ Investigate performance manually.
❖ React only in the case of a catastrophic network failure.

The advantages of network monitoring for resource management

Understanding the root of problems allows IT professionals to cut down on time-
consuming troubleshooting and implement proactive steps to keep the company ahead of IT
disruptions. Cracks can be repaired before they cause a leak.

◆ Managing a changing IT environment

As organizations aim to acquire a competitive edge, technology is always evolving,
allowing many crucial operations to become quicker, sleeker, or more autonomous.

With the emergence of internet-enabled sensors, wireless devices, and cloud technologies,
IT teams must better manage how they monitor these technologies for large changes or
suspicious activities.

58
 Another development affecting IT environment management is the rise in the number of
wireless devices connected to the network. IT administrators, especially those working in a
BYOD environment, must keep track of the number and types of devices connected to their
network.

The advantages of network change monitoring

❖ Network monitoring may be done in a number of ways.
❖ Provide a complete inventory of wired and wireless devices to IT teams.
❖ Allow for long-term trend analysis.
❖ maximizing the utilization of existing resources
❖ Spend less money

◆ Identifying security threats

Cybercrime prevention is a big concern for every firm. Detecting and mitigating any type
of network danger before it escalates is crucial as attacks grow more complex and difficult
to trace.

The advantages of network monitoring in terms of cybersecurity

Addressing persistent security threats on a daily basis without network insights may be
exceedingly time-consuming for an IT staff. Maintaining IT network security necessitates
the following:
❖ Security fixes are updated on a regular basis.
❖ On all individual workloads, standardized security settings are maintained.

As a result, network monitoring will help an IT staff defend a company's data and systems
more effectively.

Figure 43: Identifying security threats

◆ Deploying new technology and system upgrades successfully

59
 IT teams may use network monitoring to acquire historical insight into how equipment has
performed over time and decide if present technology can grow to meet business demands
using trend analysis.

This allows IT and personnel to work together:

❖ Create a clear picture of the network's ability to accommodate the introduction of
new technologies.
❖ Monitor performance to mitigate any risks connected with a large shift.
❖ Provide pre- and post-performance measurements to easily demonstrate ROI.

Organizational networks should be set up with monitoring tools that automatically alert IT
teams to potential risks, such as disk space spikes, backup failure, failing hardware, hacker
attempts, and network devices without up-to-date antivirus software, allowing IT to take
corrective action before it's too late.

VIII. Conclusion
This assignment clarifies what network security is and the advantages of network security.
Aside from understanding about security measures to avoid cyber-attacks, I hope to have more
opportunities in the future to study about and practice extensively for this major because of the
benefits it provides.

60
 IX. Reference list
Al-Shaer, E. and Hamed, H., 2004. Modeling and management of firewall policies. IEEE Transactions on
network and service management, 1(1), pp.2-10.
Asgharpour, F., Liu, D. and Camp, L., 2007. Mental models of security risks. International conference on
financial cryptography and data security. Springer, pp.367-377.
Boero, L., Marchese, M. and Zappatore, S., 2017. Support vector machine meets software defined
networking in ids domain. 2017 29th International Teletraffic Congress (ITC 29). pp.25-30.
Crichigno, J., Bou-Harb, E. and Ghani, N., 2018. A comprehensive tutorial on science DMZ. IEEE
Communications Surveys \& Tutorials, 21(2), pp.2041--2078.
DiMase, D., Collier, Z., Heffner, K. and Linkov, I., 2015. Systems engineering framework for cyber
physical security and resilience. Environment Systems and Decisions, 35(2), pp.291-300.
Divya, S., 2013. A survey on various security threats and classification of malware attacks, vulnerabilities
and detection techniques. International Journal of Computer Science & Applications (TIJCSA), 2(04).
Gisin, N., Fasel, S., Kraus, B., Zbinden, H. and Ribordy, G., 2006. Trojan-horse attacks on quantum-key-
distribution systems. Physical Review A, 73, p.022320.
Gouda, M. and Liu, A., 2007. Structured firewall design. Computer networks, 51(4), pp.1106-1120.
Jouini, M., Rabai, L. and Aissa, A., 2014. Classification of security threats in information
systems. Procedia Computer Science, 32, pp.489-496.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack 2017. International
Journal of Advanced Research in Computer Science, 8(5), pp.1938-1940.
Osaghae, O., Egbokhare, F. and Chiemeke, S., 2014. Design of generic antivirus system. Can. J. Pure
Appl. Sci., 2775, p.2775.
Papadaki, M. and Furnell, S., 2004. IDS or IPS: what is best?. Network Security, 2004(7), pp.15-19.
Rababah, B., Zhou, S. and Bader, M., 2018. Evaluation the Performance of DMZ. International Journal of
Wireless and Microwave Technologies, 1(1), pp.1-13.
Shay, R., Bhargav-Spantzel, A. and Bertino, E., 2007. Password policy simulation and analysis.
Proceedings of the 2007 ACM workshop on Digital identity management. pp.1-10.
Thompson, R., 2005. Why spyware poses multiple threats to security. Communications of the ACM, 48(8),
pp.41-43.
Abbass, W., Bakraouy, Z., Baina, A. and Bellafkih, M., 2019. Assessing the Internet of Things Security
Risks. J. Commun., 14(10), pp.958-964.
Eling, M., 2018. Cyber risk and cyber risk insurance: Status quo and future research. The Geneva papers
on risk and insurance-issues and practice, 43(2), pp.175-179.
Guha, S., Biswas, K., Ford, B., Sivakumar, S. and Srisuresh, P., 2008. NAT Behavioral requirements for
TCP. RFC 5382 (Best Current Practice).
Jayakumar, M. and Christopher, T., 2012. E-Mail Security Through Static Ip Address And Biometrics-
Token Card System. International Journal of Advanced Research in Computer Science, 3(2).
Maier, G., Schneider, F. and Feldmann, A., 2011. NAT usage in residential broadband networks.
International Conference on Passive and Active Network Measurement. Springer, pp.32-41.

61