Docsity Assignment 1 Security P M

Assignment 1 Security P&M
Network security
FPT University
84 pag.
Document shared on www.docsity.com

Downloaded by: hiep-pham-van (kaissken@gmail.com)
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 05: Security
Submission date Date Received 1st

submission
Re-submission Date Date Received 2nd
submission
Student Name Pham Van Long Student ID BHAF200011
Class PBIT17101 Assessor name Le Van Thuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism.
I understand that making a false declaration is a form of malpractice.
Student’s signature
Long
Grading grid
P1 P2 P3 P4 M1 M2 D1
1|Page
Pham Van Long – BHAF200011

❒ Summative Feedback: ❒ Resubmission Feedback:
Grade: Assessor Signature: Date:
Signature & Date:
2|Page

Table of Contents
INTRODUCTION OF SECURITY .......................................................................................................... 9
P1 Identify types of security risks to organisations. ...................................................................... 10
1. What is network security? ................................................................................................... 10
2. What is security risk? ........................................................................................................... 11
3. Identify threats agents to organizations .............................................................................. 11
3.1. Nation States................................................................................................................... 11
3.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses
perpetrated by vandals and the general public). ............................................................ 11
3.3. Employees and Contractors ............................................................................................ 12
4. List type of threats that organizations will face .................................................................. 12
4.1. The Malware ................................................................................................................... 12
4.2. Social engineering attack ................................................................................................ 18
4.3. SQL injected .................................................................................................................... 18
4.4. DdoS ................................................................................................................................ 19
5. An example of a recently publicized security breach .......................................................... 19
P2. Organisational security procedures. ........................................................................................ 21
1. What is the security procedures ? ....................................................................................... 21
2. The purpose of security procedures .................................................................................... 21
3. Anti-virus procedures .......................................................................................................... 22
3.1. Purpose of Anti-virus procedures ............................................................................. 22

3.2. Procedures of anti-virus procedures .............................................................................. 22
4. Password Procedures........................................................................................................... 23
4.1. Purpose of Password procedures ............................................................................. 23
4.2. Procedures ...................................................................................................................... 23
5. Physical Security Procedures ............................................................................................... 24
3|Page
5.1. Purpose of Physical security procedures ........................................................................ 24
5.2. Procedures ...................................................................................................................... 25
P3 Identify the potential impact to IT security of incorrect configuration of firewall policoes and
third-part VPNS. ....................................................................................................................... 25
1. What is Firewall ? ................................................................................................................... 26
1.1. How does firewall work? ................................................................................................ 27
1.2. Advantages of firewall .................................................................................................... 27
1.3. What are the impacts of incorrect firewall configurations? .......................................... 28
2. What is a VPN and a third-party VPN? .................................................................................. 29
2.1. What is Virtual Private Network ? .................................................................................. 29
2.2. Advantages of VPN ......................................................................................................... 30
2.3. What are the impacts of incorrect VPN configurations? ................................................ 31
3.Show with diagrams the example of how firewall works....................................................... 32
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network
can improve Network Security. ............................................................................................... 33
1. DMZ ........................................................................................................................................ 33
1.1.What is DMZ ?.................................................................................................................. 33
1.2.How does it work ? .......................................................................................................... 34
1.3. Advantages of DMZ ......................................................................................................... 34
1.4. Examples of DMZ ............................................................................................................ 35
2. Static IP .................................................................................................................................. 36
2.1. What is static IP ? ............................................................................................................ 36
2.2. Example of Static IP ........................................................................................................ 37
2.3. Advantages of static IP .................................................................................................... 37
3. NAT ....................................................................................................................................... 38
3.1.What is NAT ?................................................................................................................... 38
4|Page
3.2.How does it work ? .......................................................................................................... 39
3.3. Advantages of NAT.......................................................................................................... 39
3.4.Examples of NAT .............................................................................................................. 40
M1 Propose a method to assess and treat IT security risks. Security procedures. ....................... 40
1. Discuss methods required to assess it security threat? E.g. Monitoring tools ................... 40
1.1. What is a security risk assessment? .......................................................................... 40
1.2. Importance of regular IT security assessments ........................................................ 41
1.3. What is a cyber risk (IT risk) definition ...................................................................... 41
1.4. IT risk assessment components and formula............................................................ 42
1.5. The risk equation ....................................................................................................... 42
1.6. How to perform a security risk assessment ................................................................... 43
1.7. E.g. Monitoring tools ...................................................................................................... 48
2. What are the current weakness or threat of the organization? ......................................... 51
3. What tools will you propose to treat the IT security risk? .................................................. 52
M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
.................................................................................................................................................. 53
1. List some of the networking monitoring devices and discuss each. ..................................... 53
2. Why do you need to monitor network? ................................................................................ 58
3. The benefits of using a network monitoring system for and organization are next: ......... 59
3.1.Discovery of Devices ........................................................................................................ 59
3.2.Cost Saving ....................................................................................................................... 59

3.3.Indentify security threats................................................................................................. 60
D1 Investigate how a trusted network may be part of an IT security solutions ........................... 60
1. Discuss and explain what are trusted network ..................................................................... 60
2. Give brief details with an example on how trusted network use. ........................................ 61
3. How can it be a solution in IT security ................................................................................... 61
5|Page
❖ Picture of the presentation ...................................................................................................... 61
REFERENCES ................................................................................................................................... 83
Table of Pictures
Picture 1 Security ............................................................................................................................. 9

Picture 2 Network security threats ................................................................................................ 10
Picture 3 The Malware ................................................................................................................... 13
Picture 4 Trojans ............................................................................................................................ 13
Picture 5 Spyware .......................................................................................................................... 14
Picture 6 Adware............................................................................................................................ 15
Picture 7 Rootkits ........................................................................................................................... 15
Picture 8 Ransomware ................................................................................................................... 16
Picture 9 Worms ............................................................................................................................ 17
Picture 10 Keyloggers .................................................................................................................... 17
Picture 11 SQL injected .................................................................................................................. 18
Picture 12 DdoS.............................................................................................................................. 19
Picture 13 Biometric data .............................................................................................................. 20
Picture 14 Anti-virus procedure..................................................................................................... 23
Picture 15 Password Procedure ..................................................................................................... 24
Picture 16 Physical Security Procedure ......................................................................................... 25
Picture 17 Firewall .........................................................................................................................
26
Picture 18 VPN ............................................................................................................................... 30
Picture 19 Diagram Firewall work .................................................................................................. 32
Picture 20 DMZ .............................................................................................................................. 33
Picture 21 Example of DMZ ........................................................................................................... 36
Picture 22 Static IP ......................................................................................................................... 37
6|Page
Picture 23 Example of Static IP ...................................................................................................... 37
Picture 24 NAT ............................................................................................................................... 39
Picture 25 Document the Results .................................................................................................. 48
Picture 26 Activity Log Analysis — XpoLog .................................................................................... 49
Picture 27 Protecting apps and data – Imperva ............................................................................ 49
Picture 28 Penetration Behavior Testing – Metasploit ................................................................. 50
Picture 29 Prevent phishing attacks - Hoxhunt ............................................................................. 50
Picture 30 The OCTAVE method .................................................................................................... 53
Picture 31 SolarWinds Network Performance Monitor ................................................................ 54
Picture 32 Datadog Network Monitoring ...................................................................................... 54
Picture 33 ManageEngine OpManager.......................................................................................... 55
Picture 34 Paessler PRTG Network Monitor .................................................................................. 56
Picture 35 Auvik ............................................................................................................................. 56
Picture 36 Site24x7 Network Monitoring ...................................................................................... 57
Picture 37 Atera ............................................................................................................................. 57
Picture 38 Discovery of Devices .................................................................................................... 59
Picture 39 Indentify Security threats ............................................................................................. 60
Picture 40 Picture of the presentation .......................................................................................... 61
Picture 48 Picture of the presentation ..........................................................................................
Downloaded by: hiep-pham-van (kaissken@gmail.com) 65
7|Page
Picture 79 Picture of the presentation ..........................................................................................
Downloaded by: hiep-pham-van (kaissken@gmail.com) 81
8|Page
INTRODUCTION OF SECURITY
The security measure was first implemented for computers in 1960 when the internet or
networks was not yet to worry about. Many companies of that time were focused on a
physical measure to protect their computer-implemented the password from the people
with some knowledge of how the computers work. This report presenting in an IT
organization Octave method to assess the IT security risks, the impact of the IT organization
of incorrect Firewall and third party VPNS configuration, benefits and reasons of network
monitoring systems also presenting the improvement of the network security using DMZ,
static IP and NAT and then the explanation of Risk Assessment and Risk Management of an
Organization, the impact of the Organization after a SWOT evaluation of an internal audit
and then implementation of policy and describe the recovery plan measure with the
hierarchy structure of the organization and their role. Vasile-Daniel Alupoae Security.
Picture 1 Security
9|Page
P1 Identify types of security risks to organisations.
1. What is network security?
Network security is a broad term that covers a multitude of technologies, devices and
processes. In its simplest term, it is a set of rules and configurations designed to protect
the integrity, confidentiality and accessibility of computer networks and data using both
software and hardware technologies. Every organization, regardless of size, industry or
infrastructure, requires a degree of network security solutions in place to protect it from
the ever-growing landscape of cyber threats in the wild today.
Today's network architecture is complex and is faced with a threat environment that
is always changing and attackers that are always trying to find and exploit vulnerabilities.
These vulnerabilities can exist in a broad number of areas, including devices, data,
applications, users and locations. For this reason, there are many network security
management tools and applications in use today that address individual threats and
exploits and also regulatory noncompliance. When just a few minutes of downtime can
cause widespread disruption and massive damage to an organization's bottom line and
reputation, it is essential that these protection measures are in place.

Picture 2 Network security threats
10 | P a g e
2. What is security risk?
A computer security risk is really anything on your computer that may damage or steal
your data or allow someone else to access your computer, without your knowledge or
consent. There are a lot of different things that can create a computer risk, including
malware, a general term used to describe many types of bad software. We commonly
think of computer viruses, but, there are several types of bad software that can create a
computer security risk, including viruses, worms, ransomware, spyware, and Trojan
horses. Misconfiguration of computer products as well as unsafe computing habits also
pose risks.
3. Identify threats agents to organizations

3.1. Nation States
Those companies that operate in certain sectors, e.g. telecoms, oil & gas, mining, power
generation, national infrastructure etc., may find themselves a target for foreign nations
either to disrupt operations now, or to give that nation a future hold in times of adversity.
We have heard many examples of this from the alleged Russian interference with the US
Presidential elections, to Sony claiming that North Korea had been responsible for their
sites being hacked in 2014 and more recently the concerns about Huawei providing 5G
networks because of the possibility of them passing information to the Chinese
government.
3.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and
Viruses perpetrated by vandals and the general public).
There are so many times that companies have said to me “Oh we’re not going to be a
target for hackers because….” But the number of random attacks that are going on every
day is so vast (there are no accurate statistics on this to share here) that every and any
organisation can become aDownloaded
victim.by: hiep-pham-van (kaissken@gmail.com)
The most famous example of a non-target specific attack is the WannaCry ransomware
incident that affected over 200,000 computers in 150 countries. In the UK it shut down
the NHS for several days. And, of course, there is the bored teenager in a loft somewhere
just trolling the internet to find a weak link.
11 | P a g e
3.3. Employees and Contractors
Machines and software programmes are quite good at protecting against malware,
unless it is a Zero-day virus. It is humans that are often the weakest link in the security
system, either maliciously or accidentally.
Common mistakes such as sending an email to the wrong person happen but usually we
realise the mistake quickly and are able to rectify the situation. Simple measures such as
password protecting files can also help to mitigate the effects of such mistakes.
However unfortunately there are also disgruntled people out there who purposefully
harm organisations from the inside. Recently Morrisons supermarket faced a case where
a disgruntled internal auditor downloaded payroll and other HR personal data and
published it on the internet. The ex-employee was convicted and sent to prison, but
Morrisons was also fined because it did not have the proper technical and organisational
measures in place to prevent this act (note that Morrisons is currently appealing against
the fine).
4. List type of threats that organizations will face

4.1. The Malware
Malware (a portmanteau for malicious software) is any software intentionally designed
to cause damage to a computer, server, client, or computer network (by contrast,
software that causes unintentional harm due to some deficiency is typically described as
a software bug). A wide variety of malware types exist, including computer viruses,
worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and
scareware.
Programs are also considered malware if they secretly act against the interests of the
computer user. For example, at one point Sony music Compact discs silently installed a
rootkit on purchasers' computers with the(kaissken@gmail.com)
Downloaded by: hiep-pham-van intention of preventing illicit copying, but
which also reported on users' listening habits, and unintentionally created extra security
vulnerabilities.
Some malware such as : computer virus, worm, spyware……
12 | P a g e
Picture 3 The Malware
4.1.1. Trojans
A Trojan (or Trojan Horse) disguises itself as legitimate software with the purpose of
tricking you into executing malicious software on your computer.

Picture 4 Trojans
13 | P a g e
4.1.2. Spyware
Spyware invades your computer and attempts to steal your personal information such as
credit card or banking information, web browsing data, and passwords to various
accounts.
Picture 5 Spyware
4.1.3. Adware
Adware is unwanted software that displays advertisements on your screen. Adware
collects personal information from you to serve you with more personalized ads.

14 | P a g e
Picture 6 Adware
4.1.4. Rootkits
Rootkits enable unauthorized users to gain access to your computer without being
detected.

Picture 7 Rootkits
15 | P a g e
4.1.5. Ransomware
Ransomware is designed to encrypt your files and block access to them until a ransom is
paid.
Picture 8 Ransomware
4.1.6. Worms
A worm replicates itself by infecting other computers that are on the same network.
They’re designed to consume bandwidth and interrupt networks.

16 | P a g e
Picture 9 Worms
4.1.7. Keyloggers
Keyloggers keep track of your keystrokes on your keyboard and record them on a log.
This information is used to gain unauthorized access to your accounts.

Picture 10 Keyloggers
17 | P a g e
4.2. Social engineering attack
In the context of information security, social engineering is the psychological
manipulation of people into performing actions or divulging confidential information.
This differs from social engineering within the social sciences, which does not concern
the divulging of confidential information. A type of confidence trick for the purpose of
information gathering, fraud, or system access, it differs from a traditional "con" in that
it is often one of many steps in a more complex fraud scheme.
It has also been defined as "any act that influences a person to take an action that may
or may not be in their best interests."
4.3. SQL injected

SQL Injection is a technique that benefits the questioning vulnerabilities of the
application. This can be done by inserting a piece of SQL to incorrectly start the query, so
that data can be extracted from the database. SQL injection can allow an attacker to
perform tasks like a web administrator on the database application.

Picture 11 SQL injected
18 | P a g e
4.4. DdoS
A denial of service attack (DoS attack - short for Denial of Service) or a distributed denial
of service attack (DDoS attack - short for Distributed Denial of Service) is an attempt to
get people to User cannot use the resources of a computer. Although the means,
motives, and targets of a denial of service attack can vary, generally it involves
coordination, malicious attempts of one person or more people to a site, or the network
cannot use, interrupt, or slow down the system significantly for the average user, by
overloading the system's resources. The perpetrators of denial of service attacks often
target typical websites or servers such as banks, credit card payment gateways and even
DNS root servers.
One common attack method is often associated with saturating a target machine with
external communications requests, to the point that it cannot respond to legitimate
traffic, or respond too slowly. In general terms, DoS attacks are complemented by forcing
the target machine to restart or by consuming all its resources to the point that it does
not provide service, or obstructs communication between the user and the crash.
multiply.

Picture 12 DdoS
5. An example of a recently publicized security breach

❖ Antheus Tecnologia Biometric Data Breach:
19 | P a g e
• The Story:
In March 2020, SafetyDetectives —a pro bono team of security researchers— revealed

a breach in the data of Antheus Tecnologia, a Brazilian biometric solutions company. The
company had left sensitive information, including data on 76,000 fingerprints, exposed
on an unsecured server.
The server didn't store direct scans of fingerprints, but binary code that hackers could
use to recreate them, with potentially disastrous consequences.
Picture 13 Biometric data
• How the Breach Happened
As we mentioned, the company neglected to password protect a database on the

cloud or properly encrypt it. This is almost certainly the result of human error on the
part of IT staff.
• What Data Was Exposed
Per Biometric Update: "The vulnerable server contained roughly 16 gigabytes of data,
with 81.5 million recordsDownloaded
also including
Document administrator login information, employee
shared on www.docsity.com
by: hiep-pham-van (kaissken@gmail.com)
telephone numbers, email addresses, and company emails."
Antheus Tecnologia responded to the report by insisting that the exposed fingerprints
belonged to their team or were in the public domain. However, they also claimed that
the data was hashed, which was not the case.
• The Lesson for Businesses
20 | P a g e
Password protect all sensitive data when migrating to the cloud and apply the same
controls you would apply on-premises.
Some of the worst data breaches on this list result from misconfiguration errors when
transitioning to the cloud. According to Verizon's 2020 Data Breach Report, errors are
now the second most common source of breaches, ahead of malware and only behind
the hacking. In particular, misconfiguration errors have dramatically increased since
2017, though the researchers acknowledge this is mostly due to "internet-exposed
storage discovered by security researchers and unrelated third parties."
P2. Organisational security procedures.

1. What is the security procedures ?
Security procedures are detailed step-by-step instructions on how to implement, enable,
or enforce security controls as enumerated from your organization’s security policies.
Security procedures should cover the multitude of hardware and software components
supporting your business processes as well as any security related business processes
themselves (e.g. onboarding of a new employee and assignment of access privileges).
2. The purpose of security procedures

The purpose of security procedures is to ensure consistency in the implementation of a
security control or execution of a security relevant business process. They are to be
followed each time the control needs to be implemented or the security relevant
business process followed. Here is an analogy. As part of every aircraft flight, the pilot
will follow a pre-flight checklist. Why do they do this? Simply put, they do it to ensure
that the aircraft is ready to fly and to do everything possible to ensure a safe flight.
Although pilots may have flown thousands of hours, they still follow the checklist.
Following the checklist ensures consistency
Document of behavior each and every time. Even
though they may have executed the checklist hundreds of times, there is risk in relying
on memory to execute the checklist as there could be some distraction that causes them
to forget or overlook a critical step.
21 | P a g e
3. Anti-virus procedures
3.1. Purpose of Anti-virus procedures
The primary purpose of the anti-virus solution or software is to guard against malicious
software or scripts by blocking or quarantining this software that is identified, and
alerting administrators that such action has taken place. The solution would detect and
report on different types of malicious software that may be introduced or attempted to
be installed on the systems and network, including endpoints such as mobile devices,
desktops, laptops, servers, etc.
3.2. Procedures of anti-virus procedures

• Anti-virus software is mandatory.
• Any system which is geographically located on a University of Otago campus or
remotely connected to a University of Otago campus must have up-to-date
antivirus software installed and operating. This includes laptop computers and
computers owned by staff, students or visitors to the University. Anyone
responsible for bringing a system onto a University of Otago Campus is
responsible for ensuring that anti-virus software is installed.
• The AV product installed on desktops and servers must be configured to update
on a daily or more frequent basis.
• All Computers used solely as servers should have an Anti Virus product installed
and operating.
• Only servers where a significant negative impact would result from operating
anti-virus software, or servers running an Operating System with low likelihood
of virus infection such as Solaris or VMS, may be considered for exemption from
this procedure.
• All exemptions must be authorised in writing by the Director of Information
Technology Services.
22 | P a g e
Picture 14 Anti-virus procedure
4. Password Procedures
4.1.Purpose of Password procedures
To prevent unauthorized access and to establish user accountability when using IDs and
passwords to access College information systems.
4.2. Procedures
The successful adoption of a password procedure depends on the ability of the
organization to enforce it. Some school boards/authorities have sophisticated
technologies that can provide substantial automation and support for a large number of
users. Others may have limited resources and will need to develop a procedure that is
manageable in a more manual fashion. It is important to realize that regardless of which
category the school board/authority falls into, password procedures are still a
requirement for effective security management. When creating a password procedure,
it is important to consider elements that can be enforced through software security
settings and those which must be enforced through education of the users. Items such
as the minimum length of a password and expiry cycle for passwords are typically set
through system software. Issues that would be linked to user education include not
having passwords displayed on sticky notes and not sharing passwords. Another
important consideration when developing a password procedure is password retention.
Even with the best procedures in place, passwords will be shared or otherwise become
23 | P a g e
known over time, weakening security, so it is necessary to change them on a regular
basis. Most systems allow the system administrator to set a parameter which causes
passwords to expire and requires them to be reset by the user. This parameter is typically
set for anywhere from 30 days to 90 days, depending on the number of users, level of
risk, and manageability of the procedure. Password expiry does add some additional
workload for technical staff as users often forget their new passwords and need support
to change them. It is also wise to force a password reset the first time a user logs in to
any system.
Picture 15 Password Procedure
5. Physical Security Procedures

5.1. Purpose of Physical security procedures
The purpose of the Physical Security procedures is to:
• establish the rules for granting, control, monitoring, and removal of physical access to
office premises;
• to identify sensitive areas within the organization; and
• to define and restrict access to the same.
24 | P a g e
5.2. Procedures
• Physical access to the server rooms/areas shall completely be controlled and servers
shall be kept in the server racks under lock and key.
• Access to the servers shall be restricted only to designated Systems and Operations
Personnel. Besides them, if any other person wants to work on the servers from the
development area then he/she shall be able to connect to the servers only through
Remote Desktop Connection with a Restricted User Account.
• Critical backup media shall be kept in a fireproof off-site location in a vault.
• Security perimeters shall be developed to protect areas that contain information
system to prevent unauthorized physical access, damage and interference.
• A list of personnel with authorized access to the facilities where information systems
reside shall be maintained with appropriate authorization credentials. The access list
and authorization credentials shall be reviewed and approved by authorized
personnel periodically.

Picture 16 Physical Security Procedure
P3 Identify the potential impact to IT security of incorrect

configuration of firewall policoes and third-part VPNS.
As an organisation, the security of the network and data is the main concern so in the
next section the description of the incorrect configuration of a Firewall and Third-party
25 | P a g e
VPN will be explained and the impact on the organisation. The typical questions fasmany
people are:
1. What is Firewall ?
Firewall- is a piece of software or hardware with the scope of filtering the traffic between
the Internet and network an also between computer to computer into any organization.
For work properly in good parameter, a firewall to can protect the network or computers
of the organization must be installed and configured. The jobs of the firewall in an
organisation once install and configure is to protect the system, resources, files and data
of viruses, hacking and any type of security attacked. For an organization, the impacts if
a Firewall is incorrect install and configure is that the network is exposing of any kind of
attack with the consequences of losing: Files, Data, Confidential data, Staff time,
Reputation. I next section is present the threat and vulnerability with the description for
incorrect firewall configuration of an organisation.
Picture 17 Firewall
Threat and vulnerability Description
DdoS Attack Distributed Denial of Services (DDOS) attacks are used by the attackers
with a highly effective and low-cost to execute. This attack used to
spread malicious software, infected emails and attachments with the
scope to infect the system or computer called botnet. Once the system
or computer is infected the attackers can control the botnet
commanding it to flood a site with traffic.
26 | P a g e
It is a language that the attacker sends a code injection into all
vulnerable servers that use a SQL with the scope of reveal information
SQL injection attack
from the server.
1.1. How does firewall work?

- VPNs provide encrypted and authenticated communication channels or tunnels
between two endpoints on the Internet. Tunnel authentication and encryption
depend on basic VPN technologies such as Point-to-Point Tunnel Protocol (PPTP) or
Layer 2 / IPSec Tunnel Protocol (L2TP / IPSec). VPNs can also use a combination of
independent authentication and encryption techniques. For example, one of the
popular VPN services, OpenVPN uses OpenSSL, TLS, and HMAC for encryption and
certificate-based or username / password-based techniques for authentication. The
choice of VPN technology depends on various factors such as speed, security, OS
compatibility, etc.
- VPNs also come in two distinct types, depending on how the tunnel is set up and the
entities at each end of the tunnel. A site-to-site VPN connects two networks, for
example, a branch office and data center, and uses a VPN gateway. A VPN gateway
manages authentication and encryption and does not require a terminal. Remote
access VPN connects individual independent servers such as desktops and laptops to
a network. The end server needs to add VPN client software to connect to the VPN.
Most operating systems come with native VPN clients. Figure 1 below shows the
difference between a site-to-site VPN and a remote access. Today's blog post will
focus solely on remote access or client-side VPN connections.
1.2. Advantages of firewall

+ Monitors Network Traffic.All of the benefits of firewall security start with the ability to
monitor network traffic. Data coming in and out of your systems creates opportunities
for threats to compromise your operations. By monitoring and analyzing network traffic,
firewalls leverage preestablished rules and filters to keep your systems protected. With
a well-trained IT team, you can manage your levels of protection based on what you see
coming in and out through your firewall.
27 | P a g e
+ Stops Virus Attacks.Nothing can shut your digital operations down faster and harder
than a virus attack. With hundreds of thousands of new threats developed every single
day, it is vital that you put the defenses in place to keep your systems healthy. One of the
most visible benefits of firewalls is the ability to control your system's entry points and
stop virus attacks. The cost of damage from a virus attack on your systems could be
immeasurably high, depending on the type of virus.
+ Prevents Hacking. Unfortunately, the trend of businesses moving more toward digital
operations invites thieves and bad actors to do the same. With the rise of data theft and
criminals holding systems hostage, firewalls have become even more important, as they
prevent hackers from gaining unauthorized access to your data, emails, systems, and
more. A firewall can stop a hacker completely or deter them to choose an easier target.
1.3. What are the impacts of incorrect firewall configurations?

Broad policy configurations :
• Firewalls are often set up with an open policy of allowing traffic from any source
to any destination. This is because IT teams don’t know exactly what they need
at the outset, and therefore start with broad rules and work backwards. However,
the reality is that due to time pressures or simply not regarding it as a priority,
they never get round to defining firewall policies. This leaves the network in a
perpetually exposed state.
• Organizations should follow the principle of least privilege – that is, giving the
minimum level of privilege that the user or service needs to function normally,
thereby limiting the potential damage caused by a breach. It’s also a good idea to
regularly revisit your firewall policies to look at application usage trends and
identify new applications being used on the network and what connectivity they
require. Downloaded by: hiep-pham-van (kaissken@gmail.com)
Risky rogue services and management services:
• Services that are left running on the firewall that don’t need to be is another
mistake I often find. Two of the main culprits are dynamic routing, which typically
should not be enabled on security devices as best practice, and “rogue” DHCP
28 | P a g e
servers on the network distributing IPs, which can potentially lead to availability
issues as a result of IP conflicts. I’m also surprised to see the number of devices
that are still managed using unencrypted protocols like telnet, despite the
protocol being over 30 years old.
• The answer to this problem is hardening devices and ensuring that configurations
are compliant before the device is put into a production setting. This is something
with which a lot of enterprises struggle. But by configuring your devices based on
the function that you actually want them to fulfill and following the principle of
least privileged access, you will improve security and reduce the chances of
accidentally leaving a risky service running on your firewall.
Non-standard authentication mechanisms:
• During my work, I often find organizations that use routers that don’t follow the
enterprise standard for authentication. For example, a large bank I worked with had
all the devices in its primary data center controlled by a central authentication
mechanism, but did not use the same mechanism at its remote office. By not
enforcing corporate authentication standards, staff in the remote branch could
access local accounts with weak passwords, and had a different limit on login failures
before account lockout.
• This scenario reduces security and creates more vectors for attackers, as it’s easier
for them to access the corporate network via the remote office. Organizations should
ensure that all remote offices follow the same central authentication mechanism as
the rest of the company.
2. What is a VPN and a third-party VPN?

2.1. What is Virtual Private Network ?
Virtual Private Network (VPN) - is a security tunnel that encrypts the data that travels
around the networks even geographically is separated. The VPN in an organisation is used
for protecting sensitive data that are unencrypted and vulnerable, providing a second layer
of defence against attacker limiting their access and manage and monitoring all the users'
traffic for legal reasons. A third party VPN is the services provided for customers with no
control of customer devices. The third- party access is the weakest link in an organisation
29 | P a g e
network security where the attackers are looking to access the weak point for establishing
and exploit the critical asset. The third-party VPN access if it is incorrect configures the
impact and consequences for an organisation are: credential theft, compromised devices,
excessive access and exposed servers.
Picture 18 VPN
2.2. Advantages of VPN

• Protected File Sharing. With a VPN at your disposal, you and others can share files
over extended periods of time without having to worry about the data being stolen
or exposed.
• Remote Access. Because a VPN is an actual network, you can access it remotely. This
makes it a great resource for companies, in particular, allowing employees to work
from outside the office. No matter where you are, your data and information stay
protected as long as you’re using the VPN.
• Bypass blockers and filters. In some parts of the world, Internet censorship is real
and that may mean someone more or less controlling the user's worldview. That is
why more and more people are using VPNs, possibly bypassing blocked websites and
Internet filters. Put the power back in your hands.
• Performance improvements. As if online security wasn't enough, a solid VPN can also
improve things like bandwidth and efficiency. Better performance is something that
no Internet user would argue with.
30 | P a g e
2.3. What are the impacts of incorrect VPN configurations?
Risky business
• When a business uses VPNs to provide third-party vendors access to their network,
those vendors either have full access to your network (for example, at the start of a
job) or they don’t (when you revoke access after the job ends) – unless companies
implement strict network segmentation with firewalls and switches, which adds
additional complexity.
• There are no shades of gray, no ability to give partial access only to required
resources. The more servers, applications, and network equipment your vendors can
access, the more you have at risk.
• VPN servers and client software grant a vendor access to everything in your network
unless least privileged access is implemented. Even if you segment your networks
with VLANs (Virtual Local Area Networks), access can still be too broad, or even too
narrow, which requires additional VPN troubleshooting and technician time.
No third-party accountability:
• VPNs typically provide little or no granular audit records, so you can’t monitor and
record the actions of every third-party vendor using the VPN. Usually, all that is
logged in connection times and even then that data is in yet another log to monitor
and watch.
• Without easy, centralized access to all the historical information on a connection
(user, applications accessed, the reason for access, etc.), it is impossible to prove who
or what created an issue, should a breach or mistake occur due to a vendor.
A false sense of security:
• If your third-party vendors Document shared on www.docsity.com

and
Downloaded VPN users
by: hiep-pham-van have access to your network, you may
(kaissken@gmail.com)
believe that your company data and network are safe; after all, the “P” in VPN does
stand for “private”.
• However, history has proven otherwise. The reality is that malicious hackers have
exploited weak VPN protocols and non-secure internet connections to cause data
breaches at major companies such as Home Depot and Target.
31 | P a g e
VPNs are a haven for hackers:
• Hackers often use VPNs to gain access to networks. If your business has many third-
party vendors, and each vendor has full access to your network, a hacker now has
multiple potential routes to break into and exploit your network using VPN traffic.
Let’s face the facts:
• One of the easiest ways a hacker enters a network is through a third-party connection
– and 59% of companies reported that they have experienced a data breach caused
by one of their third parties or vendors.
3.Show with diagrams the example of how firewall works

Picture
Downloaded 19 Diagram
by: hiep-pham-van Firewall work
(kaissken@gmail.com)
32 | P a g e
P4 Show, using an example for each, how implementing a DMZ, static
IP and NAT in a network can improve Network Security.
1. DMZ
1.1.What is DMZ ?
DMZ- is call as a demilitarized zone which is a logical or physical subnet that separates
the organization network from other unsafe networks especially the Internet with the
scope of adding an extra security layer, protecting the most vulnerable host against any
attacks and keeping the organization network separated from the external network. The
configuration of DMZ is happening using one or two firewalls that filter the traffic
between the DMZ and organization network also having a gateway filter for incoming
traffic of the external network, Configuration with one Firewall is when in a LAN network
using three interfaces the DMZ will be placed inside the firewall and for the connection
with the ISP, the external devices make the connection, the internal network device
which is connected by the second device and the connection with DMZ is handled by the
third network devices. Configuration with two Firewalls-the first Firewall is the frontend
firewalls configure to leave the fated traffic for DMZ. The second firewall is the backend
firewall with the responsibility of the traffic that travels from DMZ to the organization
network.

Picture 20 DMZ
33 | P a g e
1.2.How does it work ?
DMZs are intended to function as a sort of buffer zone between the public internet and
the private network. Deploying the DMZ between two firewalls means that all inbound
network packets are screened using a firewall or other security appliance before they
arrive at the servers the organization hosts in the DMZ.
If a better-prepared threat actor passes through the first firewall, they must then gain
unauthorized access to those services before they can do any damage, and those systems
are likely to be hardened against such attacks.
Finally, assuming that a well-resourced threat actor is able to breach the external firewall
and take over a system hosted in the DMZ, they must still break through the internal
firewall before they can reach sensitive enterprise resources. While a determined
attacker can breach even the best-secured DMZ architecture, a DMZ under attack should
set off alarms, giving security professionals enough warning to avert a full breach of their
organization.
1.3. Advantages of DMZ

The main benefit of the DMZ is that it provides users with public internet access to
certain secure services while maintaining a buffer between those users and the
private intranet. The security benefits of this buffer come in a number of ways,
including:
• Access control for organizations. Organizations can provide users with access to
services outside of their network's perimeter through the public Internet. The
DMZ network provides access to these essential services while offering a level of
network segmentation that increases the number of obstacles that unauthorized
users have to overcomeDocument
before they can access an organization's private network.
In some cases, the DMZ includes a proxy server, which centralizes the internal
flow of internet traffic - usually employees - and makes it simpler to record and
monitor that traffic.
• Prevent attackers from performing network reconnaissance. A DMZ, because it
acts as a buffer, prevents an attacker from being able to scope out potential
targets within the network. Even if a system within the DMZ is compromised, the
34 | P a g e
private network is still protected by the internal firewall separating it from the
DMZ. It also makes external reconnaissance more difficult for the same reason.
Although the servers in the DMZ are publicly exposed, they are backed by another
layer of protection. The public face of the DMZ keeps attackers from seeing the
contents of the internal private network. If attackers do manage to compromise
the servers within the DMZ, they are still isolated from the private network by the
DMZ’s internal barrier.
• Protection against IP spoofing. In some cases, attackers attempt to bypass access
control restrictions by spoofing an authorized IP address to impersonate another
device on the network. A DMZ can stall potential IP spoofers while another service
on the network verifies the IP address's legitimacy by testing whether it is
reachable.
1.4. Examples of DMZ

Some cloud services, such as Microsoft Azure, implement a hybrid security approach in
which a DMZ is implemented between an organization's on-premises network and the
virtual network. This hybrid approach is typically used in situations where the
organization's applications run partly on-premises and partly on the virtual network. It's
also used in situations where outgoing traffic needs to be audited, or where granular
traffic control is required in between the virtual network and the on-premises data
center.
The DMZ can also be useful in a home network, where computers and other devices are
connected to the internet using a broadband router and configured as a local network.
Some home routers include the DMZ server feature, which is as opposed to the DMZ
subnet that is typically deployed in organizations with more devices than the feature
found indoors. The DMZ server feature
Document shared onspecifies
www.docsity.coma device on your home network that
works outside of the firewall, where it acts as the DMZ while the rest of your home
network is inside the firewall. In some cases, the game console is chosen as the DMZ
server so that the firewall does not interfere with gameplay. In addition, the console is
also a good candidate for a DMZ server as it is likely to contain less sensitive information
than a PC.
35 | P a g e
Picture 21 Example of DMZ
2. Static IP
2.1. What is static IP ?
Static IP address is an unchanged number configured manually for a device like a
computer or a router or one that was assigned by A DHCP server. To configure any devices
with a static IP that might be done through the device as a router giving out IP addresses
or manually, as a computer or laptop typing the IP address for the device itself. Using a
static IP address there are some benefits such as better DNS support because is easier to
set up and manage, Convenient remote access makes easier to work remotely using any
remote access program, Hosting a server if you hosing a server that using a static IP it is
easier for the customer to find you via DNS server. Also using a static IP Is not ideal for all
the situation because is easy to know exactly by the hackers where your server is on the
internet and is a real security concern for an IT organization because with rights network
tools the organization computers can be located easily.

36 | P a g e
Picture 22 Static IP
2.2. Example of Static IP

- This example applies to all AR routers that support LAN interfaces of V200R003C00 and
later versions:
- The router functions as the DHCP server to dynamically assign IP addresses to clients
on the network segment 10.137.32.0/24. The enterprise obtains the fixed IP address
1.1.1.1/24, gateway address 1.1.1.254/24, and DNS Server address 1.2.2.2/24 from the
carrier. Users in the enterprise connect to the Internet through the router. The IP
addresses of VLANIF 1 and GE0/0/2 are 10.137.32.1/24 and 1.1.1.1/24, respectively. In
this example, GE7/0/1 functions as a Layer 2 interface for intranet user access.

Picture 23 Example of Static IP
2.3. Advantages of static IP

• You have better name resolution across the internet. When you have a static IP
address assigned to a device, then those devices can be reached by their assigned
37 | P a g e
host names in a reliable way. That is why FTP servers, web servers, and similar
components use fixed addresses. Because they are not dynamic, there is never a need
to track their changes to locate them.
• It may provide a better level of protection. Even though a static IP address creates a
fact, whereas a dynamic IP address creates change, you still have an advantage when
using this option over a DHCP address assignment. When you have a static IP in place,
your home network will receive an extra layer of protection against the security
problems which may develop over the network.
• There are reduced lapses in connection.If you’re using a dynamic IP address at home
with your ISP (or with your business), then you may experience lapses in connection to
the internet. Some of these lapses may be momentary, while others may force you to
reboot your equipment. Although this is sometimes called a “ping,” what is happening
is a lack of recognition. When your IP address changes, you become more difficult to
find. Using a static IP address reduces this issue, which is useful for heavy data users,
since the IP never resets.
3. NAT
3.1.What is NAT ?
NAT-Network Address Translation is the process of transforming a public address into
private address used by the organization by using different types of devices firewall and
router. NAT capability using only one router is that it can configure only one address for
the entire network organization with the scope of hiding the entire internal network
behind that address when will be used to the Internet (Public Netwo are implemented in
remote- access environments. Configuration of a NAT is to make on a router at list one
interface for NAT outside and one interface for NAT inside with a set of rules for the IP
addresses to be translated in the packet header configured. The devices as router or
firewall that use a NAT configuration can work in different ways: Static NAT mapping an
unregister address to a registered address on one to one connection, Dynamic NAT
mapping a group of unregistering address to a registered address
38 | P a g e
Picture 24 NAT
3.2.How does it work ?

- NAT acts like a router, forwarding packets between different network layers on a large
network. NAT translates or changes one or both addresses within a packet as the
packet passes through a router, or some other device. Typically, NAT changes the
address that is usually the private IP address of a network connection to a public IP
(Public IP) address.
- NAT can also be considered as a basic Firewall. NAT maintains a table of information
about each packet passed. When a computer on the network connects to a website
on the Internet the source IP address header is replaced by the pre-configured Public
address on the NAT server, after the packet returns to NAT based on the record table
it has. save the packets, change the destination IP address to the PC address on the
network and forward it. Through this mechanism the network administrator is able
to filter packets sent to or from an IP address and allow or prevent access to a specific
port. Downloaded by: hiep-pham-van (kaissken@gmail.com)
3.3. Advantages of NAT

- Reuse private IP address.
- Increase security for private networks by keeping internal addresses private from
outside networks.
39 | P a g e
- Connect a large number of servers to the global Internet using a smaller number of
public (external) IP addresses, thus preserving the IP address space.
3.4.Examples of NAT
- If you only have one registered IP address (A) and you want to have all inbound
traffic go to A, go to your Screen and have all other hosts use that address (A) for
unidirectional, outbound traffic. Then set up NAT as shown in the table below.
-
Destinatio Translated Translated

Index Screen TYPE Source Comment
n Source Destination
1 STATIC * A * A
2 Inside Internet A Internet

DYNAMIC
- Internet addresses are all addresses on the interface sent to A; and Inside are all
internal servers on all other interfaces. With these NAT rules alone, all of the servers
inside Inside communicate with their private, unregistered addresses when
communicating with the Monitor or with each other.
M1 Propose a method to assess and treat IT security risks. Security

procedures.
1. Discuss methods required to assess it security threat? E.g. Monitoring tools
1.1.What is a security risk assessment?
Cybersecurity risk assessment is the process of identifying and evaluating risks for
assets that could be affected by cyberattacks. Basically, you identify both internal and
external threats; evaluate their potential
Document shared on impact on things like data availability,
www.docsity.com
confidentiality and integrity; and estimate the costs of suffering a cybersecurity
incident. With this information, you can tailor your cybersecurity and data protection
controls to match your organization’s actual level of risk tolerance.
To get started with IT security risk assessment, you need to answer three
important questions:
40 | P a g e
• What are your organization’s critical information technology assets — that is, the
data whose loss or exposure would have a major impact on your business
operations?
• What are the key business processes that utilize or require this information?
• What threats could affect the ability of those business functions to operate?
Once you know what you need to protect, you can begin developing strategies.
However, before you spend a dollar of your budget or an hour of your time
implementing a solution to reduce risk, be sure to consider which risk you are
addressing, how high its priority is, and whether you are approaching it in the most cost-
effective way.
1.2.Importance of regular IT security assessments

Conducting a thorough IT security assessment on a regular basis helps organizations
develop a solid foundation for ensuring business success.
In particular, it enables them to:
• Identify and remediate IT security gaps

• Prevent data breaches
• Choose appropriate protocols and controls to mitigate risks
• Prioritize the protection of the asset with the highest value and highest risk
• Eliminate unnecessary or obsolete control measures
• Evaluate potential security partners
• Establish, maintain and prove compliance with regulations
• Accurately forecast future needs
1.3.What is a cyber risk (IT risk) definition

The Institute of Risk Management defines a cyber risk as “any risk of financial loss,
disruption or damage to the reputation of an organization from some sort of failure of its
information technology systems”. Gartner gives a more general definition: “the potential for
an unplanned, negative business outcome involving
Document shared the failure or misuse of IT.”
on www.docsity.com
Examples of cyber risk include:
• Theft of sensitive or regulated information

• Hardware damage and subsequent data loss
• Malware and viruses
• Compromised credentials
• Company website failure
41 | P a g e
• Natural disasters that could damage servers
When taking stock of cyber risks, it’s important to detail the specific financial damage
they could do to the organization, such as legal fees, operational downtime and related
profit loss, and lost business due to customer distrust.
1.4. IT risk assessment components and formula

An IT risk assessment involves four key components. We’ll discuss how to assess each
one in a moment, but here’s a brief definition of each:
• Threat — A threat is any event that could harm an organization’s people or assets.
Examples include natural disasters, website failures and corporate espionage.
• Vulnerability — A vulnerability is any potential weak point that could allow a threat
to cause damage. For example, outdated antivirus software is a vulnerability that can
allow a malware attack to succeed. Having a server room in the basement is a
vulnerability that increases the chances of a hurricane or flood ruining equipment
and causing downtime. Other examples of vulnerabilities include disgruntled
employees and aging hardware. The NIST National Vulnerability Database maintains
a list of specific, code-based weaknesses.
• Impact — Impact is the total damage the organization would incur if a vulnerability
were exploited by a threat. For example, a successful ransomware attack could result
in not just lost productivity and data recovery expenses, but also disclosure of
customer data or trade secrets that results in lost business, legal fees and
compliance penalties.
• Likelihood — This is the probability that a threat will occur. It is usually not a specific
number but a range.
1.5. The risk equation

We can understand risk using the following equation:
Risk = Threat x Vulnerability x Asset
Although risk is represented here as a mathematical formula, it is not about numbers;

it is a logical construct. For example, suppose you want to assess the risk associated
with the threat of hackers compromising a particular system. If your network is very
vulnerable (perhaps because you have no firewall and no antivirus solution), and the
asset is critical, your risk is high. However, if you have good perimeter defenses and
your vulnerability is low, and even though the asset is still critical, your risk will be
medium.
This isn’t strictly a mathematical formula; it’s a model for understanding the
relationships among the components that feed into determining risk:
42 | P a g e
• Threat is short for “threat frequency,” or how often an adverse event is
expected to occur. For example, the threat of being struck by lightning in a
given year is about 1 in 1,000,000.
• Vulnerability is shorthand for “the likelihood that a vulnerability will be
exploited and a threat will succeed against an organization’s defenses.” What
is the security environment in the organization? How quickly can disaster be
mitigated if a breach does occur? How many employees are in the
organization and what is the probability of any given one becoming an
internal threat to security control?
• Cost is a measure of the total financial impact of a security incident. It includes
hard costs, like damage to hardware, and soft costs, such as lost business and
consumer confidence. Other costs can include:
o Data loss — Theft of trade secrets could cause you to lose business to
your competitors. Theft of customer information could result in loss of
trust and customer attrition.
o System or application downtime — If a system fails to perform its
primary function, customers may be unable to place orders, employees
may be unable to do their jobs or communicate, and so on.
o Legal consequences — If somebody steals data from one of your
databases, even if that data is not particularly valuable, you can incur
fines and other legal costs because you failed to comply with the data
protection security requirements of HIPAA, PCI DSS or other
compliance
The risk assessment factors in the relationship between the three elements. For
example, suppose you want to assess the risk associated with the threat of hackers
compromising a particular system. If your network is very vulnerable (perhaps
because you have no firewall and no antivirus solution) and the asset is critical, your
risk is high. However, if you have robust perimeter defenses that make your
vulnerability low, your risk will be medium, even though the asset is still critical.
Note that all three elements need to be present in order for there to be risk — since
anything times zero equals zero, if one of the elements in the equation is not
present, then there is no risk, even if the other two elements are high or critical.
1.6. How to perform a security risk assessment

Step #1: Identify and Prioritize Assets
Assets include servers, client contact information, sensitive partner documents, trade
secrets and so on. Remember, what you as a technician think is valuable might not
43 | P a g e
be what is actually most valuable for the business. Therefore, you need to work with
business users and management to create a list of all valuable assets. For each asset,
gather the following information, as applicable:
• Software
• Hardware
• Data
• Interfaces
• Users
• Support personnel
• Mission or purpose
• Criticality
• Functional requirements
• IT security policies
• IT security architecture
• Network topology
• Information storage protection
• Information flow
• Technical security controls
• Physical security environment
• Environmental security
Because most organizations have a limited budget for risk assessment, you will likely
have to limit the scope of the remaining steps to mission-critical assets. Accordingly,
you need to define a standard for determining the importance of each asset.
Common criteria include the asset’s monetary value, legal standing and importance
to the organization. Once the standard has been approved by management and
formally incorporated into the risk assessment security policy, use it to classify each
asset as critical, major or minor.
Step #2: Identify Threats
A threat is anything that could cause harm to your organization. While hackers and
malware probably leap to mind, there are many other types of threats:

• Natural disasters. Floods, hurricanes,
Downloaded earthquakes, fire and other natural
disasters can destroy not just data, but servers and appliances as well. When
deciding where to house your servers, think about the chances of different
types of natural disasters. For instance, your area might have a high risk of
floods but a low likelihood of tornadoes.
• Hardware failure. The likelihood of hardware failure depends on the quality
and age of the server or other machine. For relatively new, high-quality
equipment, the chance of failure is low. But if the equipment is old or from a
44 | P a g e
“no-name” vendor, the chance of failure is much higher. This threat should be
on your list, no matter what business you are in. People can accidentally
delete important files, click on a malicious link in an email or spill coffee on a
piece of equipment that hosts critical systems.
• Malicious behavior. There are three types of malicious behavior:
o Interference is when somebody causes damage to your business by
deleting data, engineering a distributed denial of service (DDOS)
against your website, physically stealing a computer or server, and so
on.
o Interception is theft of your data.
o Impersonation is misuse of someone else’s credentials, which are
often acquired through social engineering attacks or brute-force
attacks, or purchased on the dark web.
Step #3: Identify Vulnerabilities
A vulnerability is a weakness that could enable a threat to harm your organization.

Vulnerabilities can be identified through analysis, audit reports, the NIST vulnerability
database, vendor data, information security test and evaluation (ST&E) procedures,
penetration testing, and automated vulnerability scanning tools.
Don’t limit your thinking to software vulnerabilities; there are also physical and
human vulnerabilities. For example, having your server room in the basement
increases your vulnerability to the threat of flooding, and failure to educate your
employees about the danger of clicking on email links increases your vulnerability to
the threat of malware.
Step #4: Analyze Controls
Analyze the controls that are either in place or in the planning stage to minimize or
eliminate the probability that a threat will exploit a vulnerability. Technical controls
include encryption, intrusion detection mechanisms, and identification and
authentication solutions. Nontechnical controls include security policies,
administrative actions, and physical and environmental mechanisms.
Both technical and nontechnical controls can further be classified as preventive or

detective. As the name implies, preventive controls attempt to anticipate and stop
attacks; examples include encryption and authentication devices. Detective controls
are used to discover threats that have occurred or are in process; they include audit
trails and intrusion detection systems.
Step #5: Determine the Likelihood of an Incident
45 | P a g e
Assess the probability that a vulnerability might actually be exploited, taking into
account the type of vulnerability, the capability and motivation of the threat source,
and the existence and effectiveness of your controls. Rather than a numerical score,
many organizations use the categories high, medium and low to assess the
likelihood of an attack or other adverse event.
Step #6: Assess the Impact a Threat Could Have
Analyze the impact that an incident would have on the asset that is lost or damaged,
including the following factors:
• The mission of the asset and any processes that depend upon it
• The value of the asset to the organization
• The sensitivity of the asset
To get this information, start with a business impact analysis (BIA) or mission impact
analysis report. This document uses either quantitative or qualitative means to
determine the impact of harm to the organization’s information assets, such as loss
of confidentiality, integrity and availability. The impact on the system can be
qualitatively assessed as high, medium or low.
Step #7: Prioritize the Information Security Risks
For each threat/vulnerability pair, determine the level of risk to the IT system, based
on the following:
• The likelihood that the threat will exploit the vulnerability

• The approximate cost of each of these occurrences
• The adequacy of the existing or planned information system security controls
for eliminating or reducing the risk
A useful tool for estimating risk in this manner is the risk-level matrix. A high
likelihood that the threat will occur is given a value of 1.0; a medium likelihood is
assigned a value of 0.5; and a low likelihood of occurrence is given a rating of 0.1.
Similarly, a high impact level is assigned a value of 100, a medium impact level 50,
and a low impact level 10. Risk is calculated by multiplying the threat likelihood value
by the impact value, and the risks are categorized as high, medium or low based on
the result.
Step #8: Recommend Controls
Using the risk level as a basis, determine the actions needed to mitigate the risk.
Here are some general guidelines for each level of risk:
46 | P a g e
• High — A plan for corrective measures should be developed as soon as
possible.
• Medium — A plan for corrective measures should be developed within a
reasonable period of time.
• Low — The team must decide whether to accept the risk or implement
corrective actions.
As you evaluate controls to mitigate each risk, be sure to consider:
• Organizational policies
• Cost-benefit analysis
• Operational impact
• Feasibility
• Applicable regulations
• The overall effectiveness of the recommended controls
• Safety and reliability
Step #9: Document the Results
The final step in the risk assessment process is to develop a risk assessment report to
support management in making appropriate decisions on budget, policies,
procedures and so on. For each threat, the report should describe the corresponding
vulnerabilities, the assets at risk, the impact to your IT infrastructure, the likelihood of
occurrence and the control recommendations.

47 | P a g e
Picture 25 Document the Results
The risk assessment report can identify key remediation steps that will reduce
multiple risks. For example, ensuring backups are taken regularly and stored offsite
will mitigate both the risk of accidental file deletion and the risk from flooding. Each
step should detail the associated cost and the business reasons for making the
investment.
1.7. E.g. Monitoring tools

• Activity Log Analysis — XpoLog

48 | P a g e
Picture 26 Activity Log Analysis — XpoLog
• Protecting apps and data – Imperva

Picture 27 Protecting apps and data – Imperva
• Penetration Behavior Testing – Metasploit

49 | P a g e
Picture 28 Penetration Behavior Testing – Metasploit
• Prevent phishing attacks - Hoxhunt

Picture 29 Prevent phishing attacks - Hoxhunt
50 | P a g e
2. What are the current weakness or threat of the organization?
6 main weaknesses in ICS systems that hackers can use and exploit to attack an
industrial plant as well as solutions.
• Unauthenticated protocols: When an ICS protocol lacks authentication, any

computer on the network can send commands that alter the physical process.
This can lead to incorrect process operation, damage to goods, destruction of
plant equipment, accidents to employees, or environmental degradation.
• Using outdated hardware: ICS hardware can work for decades. This hardware
may be too simple to operate or lack the processing power and memory to
deal with the threat environment created by modern network technology.
• Weak user authentication: Weaknesses in user authentication for traditional
control systems often include fixed-assigned passwords, passwords that are
easy to detect, passwords stored in easily recoverable formats, and encrypted
passwords. sent in text. Once an attacker has this password, they can
manipulate the control process at will.
• Weak file integrity check: Lack of digital authentication Code Signing (is a
product for software developers who want to ensure the integrity of the
product from the time it is compiled until the user installs it on their computer
or mobile device) ) to ensure the code has not been altered or corrupted
allowing attackers to trick users into installing software that is not sourced
from the vendor. It also allows attackers to replace legitimate files with
malicious ones.
• Using vulnerable Windows operating systems: Industrial systems often run
unpatched Microsoft Windows operating systems so there are known
vulnerabilities.
• Unknown third party relationships: Many ICS vendors may not be fully aware
of the third-party components they use in their ICS systems, making it difficult
for them to notify customers of vulnerabilities. As a result, hackers who are
51 | P a g e
well aware of this dependency can target software that the industrial company
doesn't even know about.
3. What tools will you propose to treat the IT security risk?

- The OCTAVE method is one types of modern that assess and treat IT security risk
explained below. OCTAVE-called Operational Critical Threat is a meaning for an
organization focused on strategic risk assessment and planning technique for security.
The usage of OCTAVE in a organization which is a self-directed approach that manages
the organization evaluation focus on security practice for finding the strategic issues.
Characteristic of the OCTAVE approach in an organization is to manage the process and
evolution of information security risks. The organizational, technological and analysis
aspects of security risk evaluation are composed of three phrased and phases are:
❖ Phase 1 – Build assets – Based threat profile is to determinate what is inportant

in the organization and what was done to protect those assets.
❖ Phase 2 – Identify the infrastructure Vulnerabilities is to evaluate and examines
the classes of information technology to all critical assets.
❖ Phase 3 – Develop Security Strategy and Plans is the decision after the evaluation
and risks identified to create a strategic plan for protection that address the risk
and critical assets.

52 | P a g e
Picture 30 The OCTAVE method
- OCTAVE criteria are a set of attributes, principles and outputs. Principles are the
fundamental concept of defining the philosophy behind the evaluation process, for example
one of the principles of OCTAVE is the self direction. Attributes is the quality evaluation or
characteristic that define the basic elements of OCTAVE approach with the scope of make
the evaluation a success of the process and organization perspective. Outputs are the results
of evaluation that analyse the achievement of the three phases.
M2 Discuss three benefits to implement network monitoring systems

with supporting reasons.
1. List some of the networking monitoring devices and discuss each.
Here is our list of the top network monitoring tools:
• SolarWinds Network Performance Monitor The leading network monitoring system

that uses SNMP to check on network device statuses. This monitoring tool includes
autodiscovery that compiles an asset inventory and automatically draws up a
network topology map. Runs on Windows Server.
53 | P a g e
Picture 31 SolarWinds Network Performance Monitor
• Datadog Network Monitoring Provides good visibility over each of the components
of your network and the connections between them – be it cloud, on-premises or
hybrid environment. Troubleshoot infrastructure, apps and DNS issues effortlessly.

Picture 32 Datadog Network Monitoring
54 | P a g e
• ManageEngine OpManager An SNMP-based network monitor that has great
network topology layout options, all based on an autodiscovery process. Installs on
Windows Server and Linux.
Picture 33 ManageEngine OpManager
• Paessler PRTG Network Monitor A collection of monitoring tools and many of those
are network monitors. Runs on Windows Server.

55 | P a g e
Picture 34 Paessler PRTG Network Monitor
• Auvik This is a cloud-based system that is able to unify the monitoring of many
networks and includes many automated services.

Picture 35 Auvik
• Site24x7 Network Monitoring A cloud-based monitoring system for networks,

servers, and applications. This tool monitors both physical and virtual resources.
56 | P a g e
Picture 36 Site24x7 Network Monitoring
• Atera A cloud-based package of remote monitoring and management tools that

includes automated network monitoring and a network mapping utility.

Picture 37 Atera
57 | P a g e
2. Why do you need to monitor network?
Network monitoring software can analyze performance in real-time, meaning that if a

failure or issue is detected, you can be immediately alerted via methods such as email.
This rapid relay of information means that you can be informed of network problems
wherever you may be, allowing you to instantly take corrective action and minimize
potential downtime.
In addition, network monitoring software eliminates the need for a physical system
administrator and manual checks. This can save your company both time and money,
meaning that the problem is addressed effectively.
Another major benefit is the reporting generated from network monitoring. These
reports can help you identify patterns and trends in system performance, as well as
demonstrating the need for upgrades or replacements. Performance baselines can also
be easily established.
Finally, network monitoring systems can assist you in being able to identify the specific
areas of your network that are experiencing problems. This means that you can quickly
pinpoint the issue, saving you time and money when it comes to addressing the problem.
Here are several other reasons why monitoring your networks is so important:
• To optimize network performance and availability

• Stay informed
• Diagnose issues
• Report issues
• Eliminate the need for manual checks
• Proactive approach
• Track trends
• Benchmark performance and availability data
58 | P a g e
3. The benefits of using a network monitoring system for and organization are
next:
3.1.Discovery of Devices
The most aspect of the network monitoring tool is that it can discover the entire network
including the smaller parts with a click button. In the organization network which is a very
large network, it is very difficult to understand what devices or computers are in the
network and what IP addresses are used. Using a network monitoring system software it
is easy to identify all the devices and computers and all IP address used of the
organization and if any unauthorized devices are added to your organization network you
will be alerted.

Picture 38 Discovery of Devices
3.2.Cost Saving
Number of devices connected in an organization network using the IP enables points
could rising, also devices using wired or wireless are constantly evolving and for a
network administrator it is very important to know what is connected to the organization
59 | P a g e
network and if the infrastructure is ready for handle more devices or gadgets to can keep
the cost under control of the evolving time. Network monitoring system software is
providing full equipment to use on the network, and for all the further member staff that
want to join on the organization network to can use all the future upgrades with a limited
cost.
3.3.Indentify security threats

Network monitoring system is design also for purpose of monitoring and help to find the
security risks of the organization network. In these days some malware or viruses are
design once they gained in the system some initially doing anything and others can
perform action that the human eye cannot see. Using network monitoring system
software that observe and monitoring the network traffic of any suspicious threat, if any
unusual issue of the network will alert the problem to can be fixed the engineers.
PictureDocument
39 Indentify Security threats
D1 Investigate how a trusted network may be part of an IT security

solutions
1. Discuss and explain what are trusted network
A trusted network is a network of devices that are connected to each other, open only to
authorized users, and allows for only secure data to be transmitted.
60 | P a g e
The trusted network should have the following features:
• Authentication: the network should require users to login so that only authenticated
users are allowed to use the network
• Encryption: the data should be encrypted so that secure data cannot be intercepted
and transmitted to unauthorized users
• Firewall: the computers and servers on the trusted network should include hardware
like a firewall, which is a software program or piece of hardware that helps screen
for security
• Private Network: the computers and servers on the trusted network should be
equipped with software like virtual private network (VPN), which allows for remote
work with secure data transmission
2. Give brief details with an example on how trusted network use.

3. How can it be a solution in IT security
❖Picture of the presentation
Picture 40 Picture of the presentation

61 | P a g e

62 | P a g e

63 | P a g e

64 | P a g e

65 | P a g e

66 | P a g e

67 | P a g e

68 | P a g e

69 | P a g e

70 | P a g e

71 | P a g e

72 | P a g e

73 | P a g e

74 | P a g e

75 | P a g e

76 | P a g e

77 | P a g e

78 | P a g e

79 | P a g e

80 | P a g e

81 | P a g e

82 | P a g e
REFERENCES
1. THE DATA GUARDIANS. 7 Threat Agents Your Cyber Security Team Should Be Aware
Of[Online] At available: https://www.thedataguardians.co.uk/2019/02/27/7-threat-
agents-your-cybersecurity-team-should-be-aware-of/ [ Accessed November 4th, 2021]
2. Cyber Threat Portal. COMMON TYPES OF SECURITY THREATS TO ORGANIZATIONS[Online]

At available: https://cyberthreatportal.com/types-of-security-threats-to-organizations/ [
Accessed November 4th, 2021]
3. INFOSEC. 8 ways to improve your organization’s security posture [Online] At available:

https://resources.infosecinstitute.com/topic/8-ways-to-improve-your-organizations-
securityP a g e | 30 Document shared on www.docsity.com Downloaded by: chau-hung
(yne75595@boofx.com) posture/ [ Accessed November 4th, 2021]
4. TECHTARGET NETWORK. intrusion detection system (IDS) [Online] At available:

https://searchsecurity.techtarget.com/definition/intrusion-detection-system [ Accessed
November 4th, 2021]
5. howstuffworks. How Firewalls Work [Online] At available:

https://computer.howstuffworks.com/firewall1.htm [ Accessed November 4th, 2021]
6. Barracuda. What is a DMZ Network?[Online] At available:

https://www.barracuda.com/glossary/dmznetwork [ Accessed November 4th, 2021]
7. PC.How to Set Up a Static IP Address [Online] At available :

https://sea.pcmag.com/news/35583/how-to-set-up-a-static-ip-address [ Accessed
November 4th, 2021]
8. WIKIPEDIA. NetworkDownloadedaddress translation

[Online] At available:
https://en.wikipedia.org/wiki/Network_address_translation [ Accessed November 4th,
2021]
9. WIKIPEDIA. Virtual private network [Online] At available:

https://en.wikipedia.org/wiki/Virtual_private_network [ Accessed November 4th, 2021]
83 | P a g e
10. Cyber Threat Portal. COMMON TYPES OF SECURITY THREATS TO ORGANIZATIONS
[Online] At available: https://cyberthreatportal.com/types-of-security-threats-to-
organizations/ [ Accessed 17 Nov.2020]
11. KU. OCTIVE METHOD OF SECURITY ASSESSMENT [Online] At available:

https://technology.ku.edu/octave-method-security-assessment [ Accessed November
4th, 2021]

84 | P a g e

Docsity Assignment 1 Security P M

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Docsity Assignment 1 Security P M

Uploaded by

Copyright:

Available Formats

Assignment 1 Security P&M

Document shared on www.docsity.com

Unit number and title Unit 05: Security

Submission date Date Received 1st

Class PBIT17101 Assessor name Le Van Thuan

Document shared on www.docsity.com

Grade: Assessor Signature: Date:

Signature & Date:

Document shared on www.docsity.com

P1 Identify types of security risks to organisations. ...................................................................... 10

1. What is network security? ................................................................................................... 10

2. What is security risk? ........................................................................................................... 11

3. Identify threats agents to organizations .............................................................................. 11

3.1. Nation States................................................................................................................... 11

3.3. Employees and Contractors ............................................................................................ 12

4. List type of threats that organizations will face .................................................................. 12

4.1. The Malware ................................................................................................................... 12

4.2. Social engineering attack ................................................................................................ 18

4.3. SQL injected .................................................................................................................... 18

4.4. DdoS ................................................................................................................................ 19

5. An example of a recently publicized security breach .......................................................... 19

P2. Organisational security procedures. ........................................................................................ 21

1. What is the security procedures ? ....................................................................................... 21

2. The purpose of security procedures .................................................................................... 21

3. Anti-virus procedures .......................................................................................................... 22

3.1. Purpose of Anti-virus procedures ............................................................................. 22

4.1. Purpose of Password procedures ............................................................................. 23

4.2. Procedures ...................................................................................................................... 23

5. Physical Security Procedures ............................................................................................... 24

5.2. Procedures ...................................................................................................................... 25

1. What is Firewall ? ................................................................................................................... 26

1.1. How does firewall work? ................................................................................................ 27

1.2. Advantages of firewall .................................................................................................... 27

1.3. What are the impacts of incorrect firewall configurations? .......................................... 28

2. What is a VPN and a third-party VPN? .................................................................................. 29

2.1. What is Virtual Private Network ? .................................................................................. 29

2.2. Advantages of VPN ......................................................................................................... 30

2.3. What are the impacts of incorrect VPN configurations? ................................................ 31

3.Show with diagrams the example of how firewall works....................................................... 32

1.1.What is DMZ ?.................................................................................................................. 33

1.2.How does it work ? .......................................................................................................... 34

1.3. Advantages of DMZ ......................................................................................................... 34

1.4. Examples of DMZ ............................................................................................................ 35

2.2. Example of Static IP ........................................................................................................ 37

2.3. Advantages of static IP .................................................................................................... 37

3.1.What is NAT ?................................................................................................................... 38

3.3. Advantages of NAT.......................................................................................................... 39

3.4.Examples of NAT .............................................................................................................. 40

1.1. What is a security risk assessment? .......................................................................... 40

1.2. Importance of regular IT security assessments ........................................................ 41

1.3. What is a cyber risk (IT risk) definition ...................................................................... 41

1.4. IT risk assessment components and formula............................................................ 42

1.5. The risk equation ....................................................................................................... 42

1.6. How to perform a security risk assessment ................................................................... 43

1.7. E.g. Monitoring tools ...................................................................................................... 48

2. What are the current weakness or threat of the organization? ......................................... 51

2. Why do you need to monitor network? ................................................................................ 58

3.1.Discovery of Devices ........................................................................................................ 59

3.2.Cost Saving ....................................................................................................................... 59

D1 Investigate how a trusted network may be part of an IT security solutions ........................... 60

1. Discuss and explain what are trusted network ..................................................................... 60

3. How can it be a solution in IT security ................................................................................... 61