Unit 5: Security

ASSIGNMENT 1

Learner’s name: Ninh Xuân Bảo Hưng

ID: GCS200058

Class: GCS0905A

Subject code: 1623

Assessor name: Nguyễn Ngọc Tú

Assignment due: 12/8/2022

Assignment submitted: 12/8/2022

 ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Ninh Xuân Bảo Hưng Student ID GCS200058

Class GCS0905A Assessor name Nguyễn Ngọc Tú

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
 Assignment Brief 1 (RQF)
Higher National Certificate/Diploma in Computing

Student Name/ID Number: Ninh Xuân Bảo Hưng/ GCS200058

Unit Number and Title: Unit 5: Security

Academic Year: 2021 – 2022

Unit Assessor: Nguyễn Ngọc Tú

Assignment Title: Security Presentation

Issue Date: April 1st, 2021

Submission Date:

Internal Verifier Name:

Date:

Submission Format:

Format:

● The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide a bibliography using the Harvard referencing system.

Submission

● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor.
● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/.
● Remember to convert the word file into PDF file before the submission on CMS.

Note:

● The individual Assignment must be your own work, and not copied by or from another student.
● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must
reference your sources, using the Harvard style.
 ● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this
requirement will result in a failed assignment.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

Assignment Brief and Guidance:

Assignment scenario

You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information
security FIS.

FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential
IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in
house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train
junior staff members on the tools and techniques associated with identifying and assessing IT security risks together
with the organizational policies to protect business critical data and equipment.

Tasks

In addition to your presentation, you should also provide a detailed report containing a technical review of the
topics covered in the presentation.

Your presentation should:

 Identify the security threats FIS secure may face if they have a security breach. Give an example
of a recently publicized security breach and discuss its consequences
 Describe a variety of organizational procedures an organization can set up to reduce the effects to
the business of a security breach.
 Propose a method that FIS can use to prioritize the management of different types of risk
 Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
 Investigate network security, identifying issues with firewalls and IDS incorrect configuration and
show through examples how different techniques can be implemented to improve network
security.
 Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine
how it can be part of a security system used by FIS.
Your detailed report should include a summary of your presentation as well as additional, evaluated or critically
reviewed technical notes on all of the expected topics.
Learning Outcomes and Assessment Criteria (Assignment 1):
Learning Outcome Pass Merit Distinction
LO1 P1 Identify types of M1 Propose a method to D1 Investigate how a
security threat to assess and treat IT ‘trusted network’ may
organisations. security risks. be part of an IT security
Give an example of a solution.
recently publicized
security breach and
discuss its
consequences.

P2 Describe at least 3
organisational security
procedures.
LO2 P3 Identify the potential M2 Discuss three
impact to IT security of benefits to implement
incorrect configuration network monitoring
of firewall policies and systems with supporting
IDS. reasons.

P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network Security.
 Table Content

Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized
security breach and discuss its consequences (P1) ......................................................................................... 8
1. Define threats .......................................................................................................................................... 8
3. List type of threats that organizations will face .................................................................................... 10
4. What are the recent security breaches? List and give examples with dates ......................................... 15
5. Discuss the consequences of this breach .............................................................................................. 17
6. Suggest solutions to organizations ........................................................................................................ 17
Task 2 - Describe at least 3 organisational security procedures (P2) ........................................................... 19
7. To answer this section, you need to mention and discuss 3 security procedures that an organization
uses to improve or provide organizations security. .................................................................................. 19
Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS
(P3) ............................................................................................................................................................... 22
8. Discuss briefly firewalls and policies, their usage and advantages in a network ................................. 22
9. Show with diagrams the example of how firewall works ..................................................................... 25
10. Define IDS, its usage, and show it with diagrams examples .............................................................. 26
11. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network ............................................................................................................................ 27
Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security (P4).................................................................................................................... 28
12. Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as
advantage .................................................................................................................................................. 28
13. Define and discuss with the aid of diagram static IP. Focus on its usage and security function as
advantage .................................................................................................................................................. 30
14. Define and discuss with the aid of diagram NAT. Focus on its usage and security function as
advantage .................................................................................................................................................. 32
Figure 1 Cyber Threat ................................................................................................................................. 8
Figure 2 Threats agents................................................................................................................................ 9
Figure 3 Viruses and worms ...................................................................................................................... 11
Figure 4 Botnets .......................................................................................................................................... 12
Figure 5 Ransomware ................................................................................................................................ 14
Figure 6 FireWall ....................................................................................................................................... 22
Figure 7 Firewall......................................................................................................................................... 25
Figure 8 IDS ................................................................................................................................................ 26
Figure 9 DWZ ............................................................................................................................................. 29
Figure 10 Static IP ...................................................................................................................................... 30
Figure 11 NAT ............................................................................................................................................ 32
Introduction
I am an intern from a leading company in information security consulting in Vietnam called FPT
Information security FIS. FIS works with medium-sized companies in Vietnam, consulting and
implementing technical solutions for potential IT security threats. Almost all customers are concerned
about the lack of expertise in home security. So jonson asked me to train my subordinates in the tools and
techniques involved in identifying and assessing IT security risks, along with organizational policies to
protect data and devices. importance.

Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized
security breach and discuss its consequences (P1)

1. Define threats
A cyberthreat refers to anything that has the potential to cause serious harm to a computer system. A
cyberthreat is something that may or may not happen, but has the potential to cause serious damage.

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital
life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks,
and other attack vectors.

Cyber threats also refer to the possibility of a successful cyber attack that aims to gain unauthorized
access, damage, disrupt, or steal an information technology asset, computer network, intellectual property
or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or
from remote locations by unknown parties.

Figure 1 Cyber Threat

2. Identify threats agents to organizations
A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or
the entire organization. A security event refers to an occurrence during which company data or its network
may have been exposed.

Figure 2 Threats agents

Several threat agents :

2.1. Nation States

Those companies that operate in certain sectors, e.g. telecoms, oil & gas, mining, power generation,
national infrastructure etc., may find themselves a target for foreign nations either to disrupt operations
now, or to give that nation a future hold in times of adversity.
2.2. Terrorists and Hacktivists

Rather like the threat caused by nation states, it does depend on your activities as to the level of threat
these agents pose. However some terrorists look to target certain industries or countries so there could be a
persistent threat of a random attack against you.

2.3. Organised crime

Criminals are targeting personal data for a number of different reasons; credit card fraud, identity theft,
bank account fraud and so on.

3. List type of threats that organizations will face

3.1. Insider threats

An insider threat occurs when individuals close to an organization who have authorized access to its
network intentionally or unintentionally misuse that access to negatively affect the organization's critical
data or systems.

Careless employees who don't comply with their organizations' business rules and policies cause insider
threats. For example, they may inadvertently email customer data to external parties, click on phishing
links in emails or share their login information with others. Contractors, business partners and third-party
vendors are the source of other insider threats.

Preventing insider threats

+ Limit employees' access to only the specific resources they need to do their jobs;

+ Set up contractors and other freelancers with temporary accounts that expire on specific dates, such as
the dates their contracts end;

+ Implement two-factor authentication, which requires each user to provide a second piece of identifying
information in addition to a password

3.2. Viruses and worms

Viruses and worms are malicious software programs (malware) aimed at destroying an organization's
systems, data and network. A computer virus is a malicious code that replicates by copying itself to
another program, system or host file. It remains dormant until someone knowingly or inadvertently
activates it, spreading the infection without the knowledge or permission of a user or system
administration.

A computer worm is a self-replicating program that doesn't have to copy itself to a host program or require
human interaction to spread. Its main function is to infect other computers while remaining active on the
infected system. Worms often spread using parts of an operating system that are automatic and invisible to
the user. Once a worm enters a system, it immediately starts replicating itself, infecting computers and
networks that aren't adequately protected.

Figure 3 Viruses and worms

Preventing viruses and worms

To reduce the risk of these types of information security threats caused by viruses or worms, companies
should install antivirus and antimalware software on all their systems and networked devices and keep that
software up to date. In addition, organizations must train users not to download attachments or click on
links in emails from unknown senders and to avoid downloading free software from untrusted websites.
Users should also be very cautious when they use P2P file sharing services and they shouldn't click on ads,
particularly ads from unfamiliar brands and websites.
3.3. Botnets

A botnet is a collection of Internet-connected devices, including PCs, mobile devices, servers and IoT
devices that are infected and remotely controlled by a common type of malware. Typically, the botnet
malware searches for vulnerable devices across the internet. The goal of the threat actor creating a botnet
is to infect as many connected devices as possible, using the computing power and resources of those
devices for automated tasks that generally remain hidden to the users of the devices. The threat actors --
often cybercriminals -- that control these botnets use them to send email spam, engage in click fraud
campaigns and generate malicious traffic for distributed denial-of-service attacks.

Figure 4 Botnets

Preventing botnets

Organizations have several ways to prevent botnet infections:

+ Monitor network performance and activity to detect any irregular network behavior;
+ Keep the operating system up to date;

+ Leep all software up-to-date and install any necessary security patches;

+ Educate users not to engage in any activity that puts them at risk of bot infections or other malware,
including opening emails or messages, downloading attachments or clicking links from unfamiliar
sources; and

+ Implement antibotnet tools that find and block bot viruses. In addition, most firewalls and antivirus
software include basic tools to detect, prevent and remove botnets.

3.4. Distributed denial-of-service (DDoS) attacks

In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a target, such as a
server, website or other network resource, making the target totally inoperable. The flood of connection
requests, incoming messages or malformed packets forces the target system to slow down or to crash and
shut down, denying service to legitimate users or systems.

Preventing DDoS attacks

To help prevent DDoS attacks, companies should take these steps:

+ Implement technology to monitor networks visually and know how much bandwidth a site uses on
average. DDoS attacks offer visual clues so administrators who understand the normal behaviors of their
networks will be better able to catch these attacks.

+ Ensure servers have the capacity to handle heavy traffic spikes and the necessary mitigation tools
necessary to address security problems.

+ Update and patch firewalls and network security programs.

+ Set up protocols outlining the steps to take in the event of a DDoS attack occurring
3.5. Ransomware

In a ransomware attack, the victim's computer is locked, typically by encryption, which keeps the victim
from using the device or data that's stored on it. To regain access to the device or data, the victim has to
pay the hacker a ransom, typically in a virtual currency such as Bitcoin. Ransomware can be spread via
malicious email attachments, infected software apps, infected external storage devices and compromised
websites.

Figure 5 Ransomware

Preventing ransomware

To protect against ransomware attacks, users should regularly back up their computing devices and update
all software, including antivirus software. Users should avoid clicking on links in emails or opening email
attachments from unknown sources. Victims should do everything possible to avoid paying ransom.
Organizations should also couple a traditional firewall that blocks unauthorized access to computers or
networks with a program that filters web content and focuses on sites that may introduce malware.
4. What are the recent security breaches? List and give examples with dates
4.1. Starwood (Marriott) data breach

Date: November 2018

Impact: 500 million guests

- In November 2018, Marriott International announced that hackers had stolen data about approximately
500 million Starwood hotel customers. The attackers had gained unauthorized access to the Starwood
system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. However, the
discovery was not made until 2018.

- The information that was exposed included names, contact information, passport number, Starwood
Preferred Guest numbers, travel information, and other personal information. Marriott believes that
financial information such as credit and debit card numbers, and expiration dates of more than 100 million
customers were stolen, although the company is uncertain whether the attackers were able to decrypt the
credit card numbers.

4.2. Yahoo data breach 2017

Date: October 2017

Impact: 3 billion accounts

- Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion
accounts. In this instance, security questions and answers were also compromised, increasing the risk of
identity theft. The breach was first reported by Yahoo while in negotiations to sell itself to Verizon, on
December 14, 2016. Yahoo forced all affected users to change passwords and to reenter any unencrypted
security questions and answers to re-encrypt them.

- However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation
revealed that users' passwords in clear text, payment card data and bank information were not stolen.
Nonetheless, this remains one of the largest data breaches of this type in history

4.3. Aadhaar data breach

Date: March 2018

Impact: 1.1 billion people

- In March of 2018, it became public that the personal information of more than a billion Indian citizens
stored in the world’s largest biometric database could be bought online.

- This massive data breach was the result of a data leak on a system run by a state-owned utility company.
The breach allowed access to private information of Aadhaar holders, exposing their names, their unique
12-digit identity numbers, and their bank details.

- The type of information exposed included the photographs, thumbprints, retina scans and other
identifying details of nearly every Indian citizen.

4.4. Facebook data breach 2019

Date: April 2019

Impact: 533 million users

- In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been
exposed to the public Internet. One, originating from the Mexico-based media company Cultura Colectiva,
weighs in at 146 gigabytes and contains over 533 million records detailing comments, likes, reactions,
account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been
cause for concern in the recent past, given the potential uses of such data. Read more about this Facebook
data breach here.

- This database was leaked on the dark web for free in April 2021, adding a new wave of criminal
exposure to the data originally exfiltrated in 2019. This makes Facebook one of the recently hacked
companies 2021, and therefore, one of the largest companies to be hacked in 2021.

4.5. Twitter data breach 2018

Date: May 2018

Impact: 330 million users

- In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in
an internal log, making all user passwords accessible to the internal network. Twitter told its 330 million
users to change their passwords but the company said it fixed the bug and that there was no indication of a
breach or misuse, but encouraged the password update as a precaution. Twitter did not disclose how many
users were impacted but indicated that the number of users was significant and that they were exposed for
several months.
5. Discuss the consequences of this breach
In fact, 93% of successful data breaches occur in less than one minute. Yet, 80% of businesses take weeks
to realize a breach occurred.

There are many costly consequences of compromised data. This is why 86% of business executives
believe cyber security threats, such as weak data security, are concerning.

- Revenue Loss

Significant revenue loss as a result of a security breach is common. Studies show that 29% of businesses
that face a data breach end up losing revenue. Of those that lost revenue, 38% experienced a loss of 20%
or more.

- Damage to Brand Reputation

A security breach can impact much more than just your short-term revenue. The long-term reputation of
your brand is at stake as well.

- Loss of Intellectual Property

Loss of revenue and damaged reputation can be catastrophic. However, in some cases, hackers will also
target designs, strategies, and blueprints.

- Hidden Costs

Surface-level costs are just the beginning. There are many hidden costs related to breaches as well.

For instance, legal fees may come into play. Also, you may need to spend more on PR and investigations,
not to mention insurance premium hikes.

- Online Vandalism

Some hackers fancy themselves as pranksters. In these cases, a security breach might only lead to few
word changes on your website.

6. Suggest solutions to organizations

6.1. Educate your employees

Fighting ignorance is one of the best ways to prevent data breaches. It is important to educate your
employees on how to protect data from being compromised.
6.2. Create and update procedures

You can create procedures related to data security standards and update them consistently. This will make
it clear what your company’s expectations are as it relates to data. This will also show to your employees
that you take data seriously and remind them that they should take it seriously as well.

6.3. Remote monitoring

Remote monitoring provides around-the-clock monitoring of your network.

6.4. Data backup and recovery

Sometimes data breaches can maliciously delete all of your data. It’s important to have your data backed
up so that it can easily be recovered in case of data loss, a server crash, or even a natural disaster.

6.5. Safeguard physical data

Because physical actions can cause data breaches, it is important to safeguard all data, including physical
files.

Make sure physical records are stored in a secured location and that access is restricted to only the
employees that need access.

6.6. Maintain up-to-date security software

It is important to make sure you take proper precautions to avoid a security breach. You can purchase
security software and automate it to run on a continuous basis.

Firewalls, anti-virus software, and anti-spyware software are important tools to defend your business
against data breaches. Work closely with an internet security team or provider to set these up correctly.
6.7. Encrypt data

If you send confidential data by email, make sure that they are encrypted before they are being sent.

If using a Wi-Fi network, ensure you have a dedicated network for your team that the public can’t access.
For the most sensitive data, you may require employees to not use Wi-Fi at all as it can allow cyber
criminals to intercept data.

6.8. Protect portable devices

Flash drives, mobile phones, tablets, and other portable devices are easy to lose or steal. Make sure that
portable devices have hard-to-guess passwords in place, anti-theft apps installed, and other security
measures taken so they can only be accessed by authorized users.

6.9. Hire an expert

Managing a small business is time consuming and thinking about data breaches may not be in your
wheelhouse.

If that is the case, you may want to consider hiring a security expert to run this for you, or simply consult
you on best practices to help you avoid a data breach within your company.

Task 2 - Describe at least 3 organisational security procedures (P2)

7. To answer this section, you need to mention and discuss 3 security procedures that an
organization uses to improve or provide organizations security.
7.1. Security procedure definition

Security procedures are detailed step-by-step instructions on how to implement, enable, or enforce
security controls as enumerated from your organization’s security policies. Security procedures should
cover the multitude of hardware and software components supporting your business processes as well as
any security related business processes themselves (e.g. onboarding of a new employee and assignment of
access privileges).

7.2. Describe at least 3 organizational security procedures

a. Authentication

Authentication is the process of identifying users that request access to a system, network, or device.
Access control often determines user identity according to credentials like username and password. Other
authentication technologies like biometrics and authentication apps are also used to authenticate user
identity.

Why Is User Authentication Important?

User authentication is a method that keeps unauthorized users from accessing sensitive information. For
example, User A only has access to relevant information and cannot see the sensitive information of User
B.

Cybercriminals can gain access to a system and steal information when user authentication is not secure.
The data breaches companies like Adobe, Equifax, and Yahoo faced are examples of what happens when
organizations fail to secure their user authentication.

5 Common Authentication Types

+ Password-based authentication

+ Multi-factor authentication

+ Certificate-based authentication

+ Biometric authentication

+ Token-based authentication

b. Access Control

Access control is a security technique that regulates who or what can view or use resources in a computing
environment. It is a fundamental concept in security that minimizes risk to the business or
organization.There are two types of access control: physical and logical. Physical access control limits
access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to
computer networks, system files and data.

Why is access control important?

The goal of access control is to minimize the security risk of unauthorized access to physical and logical
systems. Access control is a fundamental component of security compliance programs that ensures
security technology and access control policies are in place to protect confidential information, such as
customer data. Most organizations have infrastructure and procedures that limit access to networks,
computer systems, applications, files and sensitive data, such as personally identifiable information and
intellectual property.

Types of access control

+ Mandatory access control (MAC). This is a security model in which access rights are regulated by a
central authority based on multiple levels of security. Often used in government and military
environments, classifications are assigned to system resources and the operating system or security kernel.
MAC grants or denies access to resource objects based on the information security clearance of the user or
device. For example, Security-Enhanced Linux is an implementation of MAC on Linux.

+ Discretionary access control (DAC). This is an access control method in which owners or administrators
of the protected system, data or resource set the policies defining who or what is authorized to access the
resource. Many of these systems enable administrators to limit the propagation of access rights. A
common criticism of DAC systems is a lack of centralized control.

+ Role-based access control (RBAC). This is a widely used access control mechanism that restricts access
to computer resources based on individuals or groups with defined business functions -- e.g., executive
level, engineer level 1, etc. -- rather than the identities of individual users. The role-based security model
relies on a complex structure of role assignments, role authorizations and role permissions developed
using role engineering to regulate employee access to systems. RBAC systems can be used to enforce
MAC and DAC frameworks.

+ Rule-based access control. This is a security model in which the system administrator defines the rules
that govern access to resource objects. These rules are often based on conditions, such as time of day or
location. It is not uncommon to use some form of both rule-based access control and RBAC to enforce
access policies and procedures.

+ Attribute-based access control. This is a methodology that manages access rights by evaluating a set of
rules, policies and relationships using the attributes of users, systems and environmental conditions.

c. Physical security

Physical security is the protection of personnel, hardware, software, networks and data from physical
actions and events that could cause serious loss or damage to an enterprise, agency or institution. This
includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism. While most
of these are covered by insurance, physical security's prioritization of damage prevention avoids the time,
money and resources lost because of these events.

The physical security framework is made up of three main components: access control, surveillance and
testing. The success of an organization's physical security program can often be attributed to how well
each of these components is implemented, improved and maintained.

Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies
and IDS (P3)

8. Discuss briefly firewalls and policies, their usage and advantages in a network
8.1. Fire Wall
A firewall is a system that provides network security by filtering incoming and outgoing network traffic
based on a set of user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the
occurrence of unwanted network communications while allowing all legitimate communication to flow
freely.

Figure 6 FireWall
8.2.Fire Wall policy
A firewall is an appliance (a combination of hardware and software) or an application (software) designed
to control the flow of Internet Protocol (IP) traffic to or from a network or electronic equipment. Firewalls
are used to examine network traffic and enforce policies based on instructions contained within the
Firewall's Ruleset. Firewalls represent one component of a strategy to combat malicious activities and
assaults on computing resources and network-accessible information. Other components include, but are
not limited to, antivirus software, intrusion detection software, patch management, strong
passwords/passphrases, and spyware detection utilities.
Firewalls are typically categorized as either “Network” or “Host”: a Network Firewall is most often an
appliance attached to a network for the purpose of controlling access to single or multiple hosts, or
subnets; a Host Firewall is most often an application that addresses an individual host (e.g., personal
computer) separately. Both types of firewalls (Network and Host) can be and often are used jointly.

This policy statement is designed to:

Provide guidance on when firewalls are required or recommended. A Network Firewall is required in all
instances where Sensitive Data is stored or processed; a Host Firewall is required in all instances where
Sensitive Data is stored or processed and the operating environment supports the implementation. Both the
Network and Host Firewalls afford protection to the same operating environment, and the redundancy of
controls (two separate and distinct firewalls) provides additional security in the event of a compromise or
failure.
Raise awareness on the importance of a properly configured (installed and maintained) firewall.

8.3. How does a firewall provide security to a network?

Backdoors. While certain applications are designed to be accessed remotely, others may have bugs that
give potential hackers a “backdoor,” or a hidden way to access and exploit the program for malicious
purposes. Some operating systems may also contain bugs that provide backdoors for skilled hackers to
manipulate to their own benefit.

Denial of service. This increasingly popular type of cyberattack can slow or crash a server. Hackers utilize
this method by requesting to connect to the server, which sends an acknowledgment and attempts to
establish a connection. However, as part of the attack, the server will not be able to locate the system that
initiated the request. Flooding a server with these one-sided session requests allows a hacker to slow down
server performance or take it offline entirely. While there are ways firewalls can be used to identify and
protect against certain forms of denial of service attacks, they tend to be easily fooled and are usually
ineffective. For this reason, it’s important to have a variety of security measures in place to protect your
network from different types of attacks.
Macros. Macros are scripts that applications can run to streamline a series of complicated procedures into
one executable rule. Should a hacker gain access to your customers’ devices, they can run their own
macros within the applications. This can have drastic effects, ranging from data loss to system failure.
These executable fragments can also be embedded data attempting to enter your network, which firewalls
can help identify and discard.

Remote logins. Remote logins can vary in severity, but always refer to someone connecting to and
controlling your computer. They can be a useful technique for allowing IT professionals to quickly update
something on a specific device without being physically present—but if performed by bad actors, they can
be used to access sensitive files or even execute unwanted programs.

Spam. While most spam is harmless, some spam can also be incredibly malicious. Spam often will include
links—which should absolutely never be clicked! By following links in spam mail, users may accept
cookies onto their systems that create backdoor functionality for hackers. It is important that your
customers receive cybersecurity awareness training in order to reduce vulnerabilities from within their
network.

Viruses. Viruses are small programs that replicate themselves from computer to computer, allowing them
to spread between devices and across networks. The threat posed by some viruses can be relatively small,
but others are capable of doing more damage—such as erasing your customers’ data. Some firewalls
include virus protection, but using a firewall alongside antivirus software is a smarter and more secure
choice.
9. Show with diagrams the example of how firewall works
When your computer has firewall protection, everything that goes in and out of it is monitored. The
firewall monitors all this information traffic to allow ‘good data’ in, but block ‘bad data’ from entering
your computer.

Figure 7 Firewall
Firewalls use one or a combination of the following three methods to control traffic flowing in and out of
the network:
a. Packet filtering
The most basic form of firewall software uses pre-determined security rules to create filters – if an
incoming packet of information (small chunk of data) is flagged by the filters, it is not allowed through.
Packets that make it through the filters are sent to the requesting system and all others are discarded.
b. Proxy service
A firewall proxy server is an application that acts as an intermediary between systems. Information from
the internet is retrieved by the firewall and then sent to the requesting system and vice versa. Firewall
proxy servers operate at the application layer of the firewall, where both ends of a connection are forced to
conduct the session through the proxy. They operate by creating and running a process on the firewall that
mirrors a service as if it were running on the end host, and thus centralise all information transfer for an
activity to the firewall for scanning.
c. Stateful inspection
The most modern method of firewall scanning, that doesn't rely on the memory-intensive examination of
all information packets is ‘stateful inspection’. A ‘stateful’ firewall holds significant attributes of each
connection in a database of trusted information, for the duration of the session. These attributes, which are
collectively known as the ‘state’ of the connection, may include such details as the IP addresses and ports
involved in the connection and the sequence numbers of the packets being transferred. The firewall
compares information being transferred to the copy relevant to that transfer held in the database – if the
comparison yields a positive match the information is allowed through, otherwise it is denied.

10. Define IDS, its usage, and show it with diagrams examples
10.1. IDS
An intrusion detection system (IDS) is software specifically built to monitor network traffic and discover
irregularities. Unwarranted or unexplained network changes could indicate malicious activity at any stage,
whether it be the beginnings of an attack or a full-blown breach. There are two main kinds of intrusion
detection system (IDS):

A network intrusion detection system (NIDS) enacts intrusion detection across your entire network, using
all packet metadata and contents to determine threats.
A host-based intrusion detection system (HIDS) enacts intrusion detection through a particular endpoint,
and monitors network traffic and system logs to and from a particular device.

Figure 8 IDS
10.2. How IDS works
Intrusion detection systems work by either looking for signatures of known attacks or deviations from
normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and
application layer. They can effectively detect events such as Christmas tree scans and Domain Name
System (DNS) poisonings.

An IDS may be implemented as a software application running on customer hardware or as a network

security appliance. Cloud-based intrusion detection systems are also available to protect data and systems
in cloud deployments.
10.3. Importance of IDS
The primary benefit of an intrusion detection system is to ensure IT personnel is notified when an attack or
network intrusion might be taking place. A network intrusion detection system (NIDS) monitors both
inbound and outbound traffic on the network, as well as data traversing between systems within the
network. The network IDS monitors network traffic and triggers alerts when suspicious activity or known
threats are detected, so IT personnel can examine more closely and take the appropriate steps to block or
stop an attack.

11. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network
11.1 Firewall
Many different things can happen due to a poorly configured firewall, but it primarily results in two
negative outcomes.

a. Desired traffic does not reach it’s intended destination.

It was blocked.

It was routed to the wrong destination.

It could not be routed at all.

b. Undesirable traffic reaches a destination it should not.

Number 1 will likely be noticed fairly quickly when processes don’t work as expected. Number 2 is
usually worse. While it’s possible this could cause some negative consequence by accident, it’s also a
possible attack vector for individuals with malicious intent.

Breach avenues: A firewall misconfiguration that results in unintended access can open the door to
breaches, data loss and stolen or ransomed IP.

Unplanned outages: A misconfiguration could prevent a customer from engaging with a business, and that
downtime leads to lost revenues. For example, large e-commerce businesses could lose thousands or even
millions of dollars until the error is corrected.
11.2 IDS

- IDS cannot monitor traffic to and from all devices on the network.

- Easily attacked by malware (worms, ransomware, trojans, viruses, bots, etc.).

- Attacks that send packets into the network cannot be scanned to gather information about open or closed
ports.

- Vulnerable to Protocol Attacks (ICMP, TCP, ARP, etc.): NIDS protocols as they are caught means they
face protocol-based attacks as network hosts. NIDS can be corrupted due to protocol analyzer failure and
invalid data.

- Deviate from regular activities.

- No warning when detecting abnormality from the system.

Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security (P4)

12. Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as
advantage
12.1. DMZ
A DMZ Network is a perimeter network that protects and adds an extra layer of security to an
organization’s internal local-area network from untrusted traffic. A common DMZ is a subnetwork that
sits between the public internet and private networks.
The end goal of a DMZ is to allow an organization to access untrusted networks, such as the internet,
while ensuring its private network or LAN remains secure. Organizations typically store external-facing
services and resources, as well as servers for the Domain Name System (DNS), File Transfer Protocol
(FTP), mail, proxy, Voice over Internet Protocol (VoIP), and web servers, in the DMZ.
 Figure 9 DWZ

12.2. How does a DMZ work

DMZs function as a buffer zone between the public internet and the private network. The DMZ subnet is
deployed between two firewalls. All inbound network packets are then screened using a firewall or other
security appliance before they arrive at the servers hosted in the DMZ.
If better-prepared threat actors pass through the first firewall, they must then gain unauthorized access to
the services in the DMZ before they can do any damage. Those systems are likely to be hardened against
such attacks.
12.3. Why are DMZs important?
DMZs provide a level of network segmentation that helps protect internal corporate networks. These
subnetworks restrict remote access to internal servers and resources, making it difficult for attackers to
access the internal network. This strategy is useful for both individual use and large organizations.
12.4. What are the benefits of using a DMZ?
The primary benefit of a DMZ is that it offers users from the public internet access to certain secure
services, while maintaining a buffer between those users and the private internal network. There are
several security benefits from this buffer, including the following:
+ Access control
+ Network reconnaissance prevention.
+ Protection against Internet Protocol (IP) spoofing.

13. Define and discuss with the aid of diagram static IP. Focus on its usage and security function as
advantage
13.1. static IP
A static IP address is a 32 bit number assigned to a computer as an address on the internet. This number is
in the form of a dotted quad and is typically provided by an internet service provider (ISP).
An IP address (internet protocol address) acts as a unique identifier for a device that connects to the
internet. Computers use IP addresses to locate and talk to each other on the internet, much the same way
people use phone numbers to locate and talk to one another on the telephone. An IP address can provide
information such as the hosting provider and geographic location data.

Figure 10 Static IP
13.2. How static IP addresses work
Because static IP addresses are not the default provided by most ISP companies, if an individual or
organization wants one, they first have to call their ISP and ask to assign their device -- such as router for
example -- a static IP address. Once the device is set up with a new and unchanging IP address, they will
have to restart their device once. Computers or other devices behind the router will use the same IP
address. Once the IP address is in place, it doesn’t require any steps to manage, since it doesn’t change.
There is a limit to the number of static IP addresses available, however, meaning requesting a static IP
address will often cost money. IPv6 is an idea to get around this issue. IPv6 lengthens IP addresses from
32 bits to 128 bits (16 bytes) and increases the number of available IP addresses significantly, making
static IP addresses easier and less expensive to obtain and maintain.

Depending on the lease time set by your ISP you can keep the same dynamic IP for months.
 When the lease expires, or the ISP DHCP sees a different hardware MAC address it will assign another
public WAN IP from its available pool of addresses.

13.3. Pros and cons of static IP addresses

Because they aren't used as often, it may be difficult to see where static IP addresses have advantages.
However, a static IP address can have advantages such as:
- Businesses that rely on IP addresses for mail, FTP and web servers can have one, unchanging address.
- Static IP addresses are preferred for hosting voice over IP, VPNs and games.
- They can be more stable in the case of an interruption in connectivity -- meaning packet exchanges won't
be lost.
- They allow for file servers to have faster file uploads and downloads.
- A static IP will make it easier for any geolocation services to access where a device is.
- Static IPs are better for remote access to a computer.
- A static IP address-enabled device does not need the device to send renewal requests.
- Static IP addresses can be simpler for network administrators to maintain considering running servers.
- And it is easier for administrators to track internet traffic, assigning access to users based on IP address.

Disadvantages of static IP address include some reasons why it isn’t used as often today, such as:
- It limits the amount of IP addresses. A static IP address assigned to a device or website is occupied until
otherwise noted, even when the device is off and not in use.
- Most people do not need a static IP address now.
- Because the IP address is constant and cannot easily be changed, a static IP address is more susceptible
to hackers or follow-up attacks.
- It can be complicated to set up a static IP manually.
-It may be difficult to transfer server settings from a static IP device to a new one if the original device
becomes obsolete.
- Devices with a static IP are easier to track.
- Static IPs are more costly, as an ISP will typically need static IP users to sign up for a commercial
account and pay one-time fees. Monthly internet service costs may go up as well.
- Security concerns with both static and dynamic IP addresses can be addressed by implementing router
firewalls, using a VPN or by using an internet security suite. Although these don't absolutely guarantee
security, they can help significantly.
14. Define and discuss with the aid of diagram NAT. Focus on its usage and security function as
advantage
14.1. What is Network Address Translation (NAT)?
A Network Address Translation (NAT) is the process of mapping an internet protocol (IP) address to
another by changing the header of IP packets while in transit via a router. This helps to improve security
and decrease the number of IP addresses an organization needs.

Figure 11 NAT
14.2. How does Network Address Translation work?
A NAT works by selecting gateways that sit between two local networks: the internal network, and the
outside network. Systems on the inside network are typically assigned IP addresses that cannot be routed
to external networks (e.g., networks in the 10.0.0.0/8 block).
A few externally valid IP addresses are assigned to the gateway. The gateway makes outbound traffic
from an inside system appear to be coming from one of the valid external addresses. It takes incoming
traffic aimed at a valid external address and sends it to the correct internal system.
In NAT, if there is no IP address is available, then the packets are transmitted, and an Internet Control
Message Protocol’s host unreachable packets are delivered to the given destination.

14.3. Advantages :
Lowers the cost :
- When any organization uses NAT with their private IP address, they don’t need to buy a new IP address
for all the computers they have in their organization. They can use the same IP address for multiple
computers out there. This will help to reduce the cost of the organization.
Conserving Address :
- When you use NAT overload, it will allow you to preserve the IPv4 address space which will give access
to all the privatization of intranets. Here, it can be done with the help of Intranet Privatization. In this
process, they used to save all the addresses at the port level in multiple applications.
Connection Flexibility :
- NAT has multiple tools, load balancing tools, and backup tools. These tools will help to increase the
overall reliability and flexibility of the network. It will happen when we establish any connection either in
the public or any of their connections.

Consistency in the Network :

- It has a scheme called consistent network addressing. It has a proper address space assigned for the use
of public IP addresses. This happens because when we enlarge the network, then more IP addresses will
be required.
Network Security :
- In-Network Address Translation all your original source and destination sources will be hidden by them
completely. Without the user’s permission, so that the hosts inside them will not be reached by other hosts
in the network. This proves that they have got additional security.

Private Addressing :
- They have a private IPv4 addressing system that is owned by them. So, if you move to another
addressing system, they will still have their own addressing system. If the user changes the internet service
provider, it will prevent the internal address changes in them.
 Reference
thedataguardians.co.uk tek-tools.com 7 Threat Agents Your Cyber Security Team Should Be Aware .[Online]
Availiable at https://www.thedataguardians.co.uk/2019/02/27/7-threat-agents-your-cyber-security-team-
should-be-aware-of/ [Accessed 10 August 2022]

techtarget.com(2022). Top 10 types of information security threats for IT teams .[Online] Availiable at
https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-
teams[Accessed 10 August 2022]

upguard.com (2022). The 65 Biggest Data Breaches .[Online] Availiable at

https://www.upguard.com/blog/biggest-data-breaches[Accessed 10 August 2022]

paysimple.com (2022). How To Prevent Data Breaches: 12 Best Practices.[Online] Availiable at

https://paysimple.com/blog/how-to-prevent-data-breach/[Accessed 10 August 2022]

idrnd.ai (2022)..[Online] Availiable at https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-

next-breach/[Accessed 10 August 2022]

techtarget.com (2022). access control.[Online] Availiable at

https://www.techtarget.com/searchsecurity/definition/access-control[Accessed 10 August 2022]

techtarget.com (2022). physical security.[Online] Availiable at

https://www.techtarget.com/searchsecurity/definition/physical-
security#:~:text=Items%20such%20as%20fences%2C%20gates,involve%20a%20technology%2Dsupport
ed%20approach. [Accessed 10 August 2022]

fortinet.com (2022). How Does a Firewall Work?.[Online] Availiable at

https://www.fortinet.com/resources/cyberglossary/how-does-a-firewall-work[Accessed 10 August 2022]

techtarget.com (2022). intrusion detection system (IDS).[Online] Availiable at

https://www.techtarget.com/searchsecurity/definition/intrusion-detection-
system#:~:text=Intrusion%20detection%20systems%20work%20by,the%20protocol%20and%20applicati
on%20layer. [Accessed 10 August 2022]

techtarget.com (2022). DMZ in networking.[Online] Availiable at

https://www.techtarget.com/searchsecurity/definition/DMZ#:~:text=How%20does%20a%20DMZ%20wor
k,servers%20hosted%20in%20the%20DMZ. [Accessed 10 August 2022]
techtarget.com (2022). static IP address.[Online] Availiable at
https://www.techtarget.com/whatis/definition/static-IP-address[Accessed 10 August 2022]

geeksforgeeks.org (2022). Advantages and Disadvantages of NAT.[Online] Availiable at

https://www.geeksforgeeks.org/advantages-and-disadvantages-of-nat/[Accessed 10 August 2022]

tek-tools.com(2020). Intrusion Detection System (IDS) – The Fundamentals.[Online] Availiable at

https://www.tek-tools.com/security/what-is-an-intrusion-detection-system-ids [Accessed 10 August 2022]