Asm1 Security

ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Le Vinh Hung Student ID GCD191237
Class GCD1001 Assessor name Nguyen Trong Minh
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature Hung
Grading grid
P1 P2 P3 P4 M1 M2 D1
❒ Summative Feedback: ❒ Resubmission Feedback:
Grade: Assessor Signature: Date:

Lecturer Signature:
Table of Contents
Task 1 Identify types of security threat to the organization. Give an example of a

recently publicizedsecurity breach and discuss its consequences (P1) ........................ 5
I. Identify types of security threat to the organization: ...................................... 5
1. Define threats ......................................................................................................................... 5
2. Identify threats agents to organizations .............................................................................. 5
3. List type of threats that organizations will face .................................................................. 8
II. Example of a recently publicized security breach anddiscussion
of its consequences: ..................................................................................................... 11
1. The recent security breaches .............................................................................................. 11
2. The consequences of this breach ........................................................................................ 16
3. Suggest solutions to organizations...................................................................................... 20
Task 2 Describe at least 3 organisational security ....................................................... 21

I. What are the security procedures: ................................................................... 21
II. Three organizational security procedures: ..................................................... 21
Task 3 Identify the potential impact to it security of incorrect configuration of
Firewall policies andIDS (P3) ......................................................................................... 24
I. Firewalls and policies: ....................................................................................... 24
1. Usage: .................................................................................................................................... 25
2. Advantages in a network: ................................................................................................... 34
II. Firewall provide security to a network: .......................................................... 36
III. Diagrams the example of how firewall works: ............................................... 37
IV. IDS and IPS ........................................................................................................ 39
1. Define IDS: ........................................................................................................................... 39
2. IDS usage and diagrams ...................................................................................................... 39
3. Define IPS: ............................................................................................................................ 40
4. Usage and diagrams ............................................................................................................. 41
V. The potential impact (Threat-Risk) of a firewall and IDS ifthey
are incorrectly configured in a network: .................................................................. 42
Task 4 - Show, using an example for each, howimplementing a DMZ, static IP and
NAT in a network can improve Network Security (P4) .............................................. 44
I. DMZ: ................................................................................................................... 44
1. Define: ................................................................................................................................... 44
2. Usage: .................................................................................................................................... 45
3. Advantage:............................................................................................................................ 46
4. Disadvantage: ....................................................................................................................... 47
II. Static IP: ............................................................................................................. 48
1. Define: ................................................................................................................................... 48
2. Usage: .................................................................................................................................... 48
3. Advantage:............................................................................................................................ 49
4. Disadvantage: ....................................................................................................................... 50
III. NAT: .................................................................................................................... 51
1. Define: ................................................................................................................................... 51
2. Usage: .................................................................................................................................... 52
3. Advantage:................................................................................ Error! Bookmark not defined.
4. Disadvantage: ........................................................................... Error! Bookmark not defined.
References .............................................................................................................. 53
Figure 1 Types of hacker ........................................................................................................................................................................... 5
Figure 2 Insider threats .............................................................................................................................................................................. 9
Figure 3 Viruses and worms .................................................................................................................................................................... 10
Figure 4 Botnets ...................................................................................................................................................................................... 11
Figure 5 Accenture .................................................................................................................................................................................. 12
Figure 6 Verizon ...................................................................................................................................................................................... 14
Figure 7Kaseya Ransomware Attack ...................................................................................................................................................... 16
Figure 8 Breach ....................................................................................................................................................................................... 17
Figure 9 Usage firewall ........................................................................................................................................................................... 26
Figure 10 Usage firewall ......................................................................................................................................................................... 27
Figure 23 Firewall ................................................................................................................................................................................... 36
Figure 24 Diagrams firewall .................................................................................................................................................................... 38
Figure 25 Diagrams IDS .......................................................................................................................................................................... 40
Figure 26 IPS diagrams ........................................................................................................................................................................... 41
Figure 27 Threat-Risk of a firewall and IDS ........................................................................................................................................... 44
Figure 28 diagrams DMZ ........................................................................................................................................................................ 45
Figure 29 Diagrams Static IP................................................................................................................................................................... 48
Figure 30 Diagrams NAT ........................................................................................................................................................................ 51
Task 1 Identify types of security threat to the
organization. Give an example of a recently publicized
security breach and discuss its consequences (P1)
I. Identify types of security threat to the organization:
1. Define threats:
➢ Although the terms security threat, security event, and security incident are
alllinked, they have diverse connotations in the field of cybersecurity.
➢ A security threat is a harmful act that seeks to corrupt or steal data, as well as
disrupt the systems or the entire business. A security event is an occurrence in
which a company's data or network is potentially exposed. A security incident is
anoccurrence that results in a data or network compromise.
➢ Enterprise IT must be cautious in securing its data and networks as
cybersecuritythreats continue to change and become more sophisticated. To do
so, they must first comprehend the many sorts of security dangers they face.
2. Identify threats agents to organizations:
➢ Attack come in many different forms and include the following 5 types of
attack:
Figure 1 Types of hacker

• Malware attack
▪ Malware is created with an objective in mind. While it could be said
that the objective is “limited only to the imagination of its creator,” this
will focus on some of the most common objectives observed in
malware.
▪ Stealing data, credentials, payment information, etc. is a recurring
theme in the realm of cybercrime. Malware focused on this type of theft
can be extremely costly to a person, company, or government target
that falls victim.
▪ There are three main types of malware attack vectors:
o Trojan Horse: This is a program which appears to be one thing but is
really a delivery mechanism for malware
o Virus: A virus is a type of self-propagating malware which infects
other programs/files of a target via code injection.
o Worm: Malware designed to propagate itself into other systems is a
worm.
• Social engineering attack

Social engineering attacks come in many different forms and can be performed
anywhere where human interaction is involved. The following are the five most
common forms of digital social engineering assaults.
o Baiting: As its name implies, baiting attacks use a false promise to pique a victim’s
greed or curiosity. They lure users into a trap that steals their personal information
or inflicts their systems with malware.
o Scareware: Scareware involves victims being bombarded with false alarms and
fictitious threats. Users are deceived to think their system is infected with malware,
prompting them to install software that has no real benefit (other than for the
perpetrator) or is malware itself. Scareware is also referred to as deception software,
rogue scanner software and fraud ware.
o Pretexting: Here an attacker obtains information through a series of cleverly crafted
lies. The scam is often initiated by a perpetrator pretending to need sensitive
information from a victim so as to perform a critical task.
o Phishing: As one of the most popular social engineering attack types, phishing scams
are email and text message campaigns aimed at creating a sense of urgency, curiosity
or fear in victims. It then prods them into revealing sensitive information, clicking on
links to malicious websites, or opening attachments that contain malware.
o Spear phishing: This is a more targeted version of the phishing scam whereby an
attacker chooses specific individuals or enterprises. They then tailor their messages
based on characteristics, job positions, and contacts belonging to their victims to
make their attack less conspicuous.
• Network attack
A network attack is an attempt to gain unauthorized access to an organization’s network, with the
objective of stealing data or perform other malicious activity. There are two main types of network
attacks:
o Passive: Attackers gain access to a network and can monitor or steal sensitive information, but
without making any change to the data, leaving it intact.
o Active: Attackers not only gain unauthorized access but also modify data, either deleting,
encrypting or otherwise harming it.
Following are common threat vectors attackers can use to penetrate your network.
o Unauthorized access: Unauthorized access refers to attackers accessing a network without
receiving permission. Among the causes of unauthorized access attacks are weak passwords,
lacking protection against social engineering, previously compromised accounts, and insider
threats.
o Distributed Denial of Service (DDoS) attacks: Attackers build botnets, large fleets of
compromised devices, and use them to direct false traffic at your network or servers.
o Man in the middle attacks: A man in the middle attack involves attackers intercepting traffic,
either between your network and external sites or within your network.
o Code and SQL injection attacks: Many websites accept user inputs and fail to validate and
sanitize those inputs. Attackers can then fill out a form or make an API call, passing malicious
code instead of the expected data values. The code is executed on the server and allows
attackers to compromise it.
o Privilege escalation: Once attackers penetrate your network, they can use privilege escalation
to expand their reach. Horizontal privilege escalation involves attackers gaining access to
additional, adjacent systems, and vertical escalation means attackers gain a higher level of
privileges for the same systems.
o Insider threats: A network is especially vulnerable to malicious insiders, who already have
privileged access to organizational systems. Insider threats can be difficult to detect and
protect against, because insiders do not need to penetrate the network in order to do harm.
• Application attack
An application attack consists of cyber criminals gaining access to unauthorized areas. Attackers
most commonly start with a look at the application layer, hunting for application vulnerabilities
written within code. Though attacks target certain programming languages than others, a wide
range of applications representing various languages receive attacks: .NET, Ruby, Java, Node.js,
Python, and many more. Vulnerabilities are found in both custom code and open-source
frameworks and libraries.
Most Common Web Application Attacks:
o Cross-site Scripting (XSS) Attack: A cross-site scripting (XSS) attack is on the OWASP Top 10
as one of the most common application attacks around today. Attackers execute this type of
attack by searching for a vulnerability that allows them to access core code, most often
creating a corrupted link and sending it via email or text message.
o SQL Injection Attack: Of all applications with vulnerabilities, 65% of them experienced an
SQL injection attack. SQL statements are used within applications and network
communications, permitting access through authorizations and authentications. When a bad
actor obtains SQL statements and tampers with them, they can manipulate applications into
executing corrupted commands that allow them to ultimately gain access to otherwise
unauthorized areas.
• Internal attack.
An internal attack occurs when an individual or a group within an organization seeks to disrupt
operations or exploit organizational assets. In many cases, the attacker employs a significant
number of resources, tools and skill to launch a sophisticated computer attack and potentially
remove any evidence of that attack as well.
3. List type of threats that organizations will face:

a. Insider threats:
➢ An insider threat happens when someone close to a company who have allowed
access to its network misuse that access, either purposefully or accidentally, to
harm the company's vital data or systems.
➢ Insider dangers are created by careless employees who do not follow their
businesses' business rules and procedures. They may, for example,
unintentionally email customer information to third parties, click on phishing
links in emails, or share their login credentials with others. Other insider
dangers come from contractors, business partners, and third-party vendors.
➢ Some insiders evade security measures on purpose, either out of convenience or
in an ill-advised attempt to increase productivity. Malicious insiders evade
cybersecurity protocols on purpose to erase data, steal data to sell or exploit
later, disrupt operations, or do other harm to the company.
Figure 2 Insider threats
b. Viruses and worms

➢ Viruses and worms are harmful software programs (malware) that are designed
to infect a company's systems, data, and network. A computer virus is a piece of
harmful software that copies itself to another program, system, or host file to
propagate. It remains dormant until it is activated, either intentionally or
accidently, spreading the infection without the knowledge or approval of the
user or system administrator. A computer worm is a self-replicating program
that spreads without the need for a host program or human intervention. Its
primary purpose is to spread infection to other computers while remaining
active on the infected one. Worms frequently spread by exploiting aspects of an
operating system that are automated and unnoticed by the user. When a worm
enters a system, it begins duplicating itself almost immediately, infecting
computers and networks that aren't properly safeguarded.
Figure 3 Viruses and worms
c. Botnets:
➢ A botnet is a group of Internet-connected devices, such as PCs, mobile devices,
servers, and IoT devices, that have been infected with malware and are
controlled remotely. Typically, botnet malware scans the internet for vulnerable
devices. The purpose of a threat actor that creates a botnet is to infect as many
connected devices as possible, then use the computational power and resources
of those devices to perform automated operations that are typically hidden from
the devices' users. The threat actors who manage these botnets, most of whom
are fraudsters, utilize them to send spam emails, conduct click fraud operations,
and create malicious traffic for distributed denial-of-service assaults.
Figure 4 Botnets
II. Example of a recently publicized security breach and

discussion of its consequences:
1. The recent security breaches:
➢ Cyber breaches aren't a thing of the past. Ever since the pandemic, the world has
seen massive security attacks, each of which continues to disrupt the functioning of
enterprises and organizations functioning.
➢ Despite moving to the cloud, there has been no respite from these imminent
cyberattacks. The year 2021 promised relief, but it saw some of the biggest,
unforgettable data breaches, which shook the foundation of security practices.
➢ Here's a list of the top five cloud security breaches which can't go without a special
mention:
a. Accenture:
In its Cyber Risk survey, the world's first Cyber Resilience startup UpGuard
discovered that Accenture left at least four AWS S3 storage buckets unsecured in
2017.
The breach included unbridled authentication details, confidential API data, digital
certificates, decryption keys, user data, and meta info.
The security analysis by UpGuard discovered 137GB of data was available for
public access. As a result, cyber attackers used this data to defame and extort money
from users. Some compromised information also found its way onto the dark web.
Figure 5 Accenture
In August 2021, Accenture again fell prey to an attack via the LockBit ransomware.
This time, the enterprise was savvy enough to discover the infiltration during 2021's
final quarter audits.
Accenture suspected chain attacks on client systems due to the 2021 data breach: this
included misconstrued critical systems, inadvertent disclosure, and subsequent
malware infections.
The culprits, the LockBit ransomware themselves, claimed that they stole 6TB worth
of data from this attack, which they held at a ransom of $50 million.
b. Verizon:
In 2017, Verizon's third-party cohort, Nice Systems, erroneously exposed user PPI
due to a faulty AWS S3 configuration. The attack was made possible due to Nice's
error that further collected customer call data.
In 2020, Verizon uncovered 29,207 security incidents, while 5,200 of these cases
were confirmed breaches. The telecom giant fell prey to DDoS attacks; social
engineering and client-side web app infections fueled each attack, leading to server-
side system breaches.
Figure 6 Verizon
The telecom agency attributes the pandemic-induced remote productivity model as
the primary reason behind the creation of loopholes and the proliferation of
cyberattacks. The organization categorizes these attacks as a result of errors
committed by the 'human element,' a side product of social engineering.
Verizon released a 2021 audit of their cyber-security strategy in alignment with their
VERIS framework, which serves as a case study for other enterprises and users.
Roughly 61% of these attacks involved using unauthorized credentials, while
phishing rose from 25% to 36% in 2019.
c. Kaseya Ransomware Attack:
In July 2021, IT solutions provider Kaseya suffered a massive attack on their unified
remote monitoring and network perimeter security tool. A supply chain ransomware
attack aimed to steal administrative control of Kaseya services from managed
service providers and their downstream customers.
As reported by ZDNet, the attack crippled the company's SaaS servers and affected
on-premise VSA solutions used by Kaseya customers across ten countries. Kaseya
proactively responded to the attack by immediately alerting its customers. The
company rolled out the Kaseya VSA detection tool, allowing business users to
analyze their VSA services and manage endpoints for signs of vulnerabilities.
Figure 7Kaseya Ransomware Attack
The incident and Kaseya's response gave the world vital lessons in a modern
cyberattack mitigation, which include:
• Ensuring business continuity with updated backups in an easily retrievable,

air-gapped repository segregated from the organizational network
• Vendor remediation through manual patch management, at the earliest
availability
• Due diligence from customers outlining mitigatory actions
• Implementation of multi-factor authentication for business users
• Follow a principle of providing only required privileges on essential network
resources
2. The consequences of this breach:

➢ 2021 saw a marked upturn in the volume, creativity and audacity of hacks and
mega breaches with CNA Financial, (1) Colonial Pipeline, (2) Kaysea, (3)
Microsoft, (4) JBS USA (5) and even the Houston Rockets (6) all hitting the
headlines as victims of cybercrime. Although such attacks hurt big businesses and
test customer trust, they’re not typically an extinction-level event. For small
businesses, however, the likelihood of some type of cyber incident is just as high,
if not higher and their chances of making a full recovery considerably slimmer.
Figure 8 Breach
➢ The top 5 business impacts of cyber security breaches:
➢ Each organization is unique in terms of the impact of a breach, dependent on the

timing and duration and the industry in which it operates. For example, a data
breach may have more pronounced consequences for the financial sector than, say,
in manufacturing. However, common impacts you should consider when
evaluating your own security posture include:
• Reputational damage
Loss of customer and stakeholder trust can be the most harmful impact of
cybercrime, since the overwhelming majority of people would not do business with a
company that had been breached, especially if it failed to protect its customers' data.
This can translate directly into a loss of business, as well as devaluation of the brand
you've worked so hard to build. Although on a case-by-case basis it’s difficult to
quantify the erosion of reputation due to a data breach, according to one industry
insider speaking with ITPro, “we see a 60% failure rate among SMBs after a
company discloses a breach within 6-12 months, partly due to confidence issues and
partly due to recovery challenges.” (7)
• Theft
While a cyber-raid on a big-name bank may net the attacker a sizeable haul, smaller
businesses' defenses are typically less sophisticated and easier to penetrate, making
them a softer target. Cyber-enabled fraud leads to monetary losses, but stolen data
can be worth far more to hackers, especially when sold on the Dark Web. A report
by The Digital Shadows Photon Research team found that the average price for
commercially traded logins on the Dark Web was a ‘modest’ $15.43; when it came
to domain administrator accounts that give access to internal business networks,
(typically sold by auction because of their value to hackers), the price spiked to an
average of $3,139 and, in select cases, reached an eye-popping price of $120,000. (8)
Intellectual property theft may be equally damaging, with companies losing years of
effort and R&D investment in trade secrets or copyrighted material – and their
competitive advantage.
• Financial losses
Cybercrime costs small businesses disproportionately more than big businesses

when adjusted for organizational size. For a large corporation, the financial impact
of a breach may run into the millions, but at their scale, the monetary implications
are barely a blip on the radar. According to the latest data breach report by IBM and
the Ponemon Institute, the average cost of a data breach in 2021 is $4.24M, a 10%
rise from its average cost of $3.86M in 2019. Even more troubling is the report’s
finding that the longer a breach remains undetected, the higher its financial impact.
For example, data breaches that were identified and contained within 200 days had
an average cost of $3.61 million. But breaches that took more than 200 days to
identify ad contain had an average cost of $4.87 million ― a difference of $1.26
million. (9)
• Fines
As if direct financial losses weren't punishment enough, there is the prospect of

monetary penalties for businesses that fail to comply with data protection legislation.
In May 2018, the General Data Protection Regulation or GDPR went into effect in
the EU. The enforcement powers associated with the law are significant. Fines for
violations can reach up to 20 million Euros or 4% of a firm’s global annual revenue,
per violation, whichever is larger. In 2020 European data agencies issued $193
million (€159 million) in fines in 2020 for violations of the General Data Protection
Regulation where the single highest penalty imposed was a $57 million fine French
authorities issued to Google. (10)
While in the US there is no true counterpart to GDPR, three states — California,

Colorado and Virginia ― have enacted comprehensive consumer data privacy laws.
The three laws have several provisions in common, such as the right to access and
delete personal information and to opt-out of the sale of personal information,
among others. (11)
• Below-the-surface costs
In addition to the economic costs of incident response, there are several intangible
costs that can continue to blight a business long after the event itself. The impact of
operational disruption tends to be woefully underestimated – especially among firms
that have little in the way of formal business resilience and continuity strategies –
and small organizations that already struggle to manage cash flow may face
crippling rises in insurance premiums or see an increased cost to raise debt.
Cyber security and cyber incident recovery isn't an IT problem. Instead, it's a
business imperative. Adopting a comprehensive security strategy today can help you
avoid having to shut up shop if hackers strike tomorrow.
3. Suggest solutions to organizations:
Defending against security breaches

There are various countermeasures to mitigate cyber-attacks. The following list the
most critical ones:
Install security software on network and endpoint devices. Firewalls, IDS/IPS and
antivirus, antimalware can help you detect and stop many threats before they infect
your internal systems and network.
Use two-factor authentication (2FA), so common password security problems like
password reuse avoids weak passwords.
Segment your network and make sure to put all sensitive data in one segment.
Prevent remote employees from accessing sensitive information using their
computing devices.
Enforce different IT security policies concerning data privacy, such as data
classification, data destruction, and retention policies.
Encrypt all sensitive data, both on-premises and in the cloud.
Ensure you train your employees about different cybersecurity attacks and
countermeasure techniques. End-user cybersecurity training is still the primary
defense strategy for any organization.
Adopt the latest technological solutions to protect sensitive data, such as zero-trust
network and adaptive security.
In conclusion, the number of cyberattacks is continuously expanding and shows no

signs of slowing down very soon. To infiltrate the target network, cyber attackers
use a variety of attack tactics and strategies. This article discussed the most common
security breaches and offered broad solutions for preventing them.
Task 2 Describe at least 3 organizational security
procedures (P2)
I. What are the security procedures:
➢ A security procedure is a set sequence of necessary activities that performs a
specific security task or function. Procedures are normally designed as a
series of steps to be followed as a consistent and repetitive approach or cycle
to accomplish an end result.
➢ Secondly, what is Organisational procedure? Policies and procedures are
designed to influence and determine all major decisions and actions, and all
activities take place within the boundaries set by them. Procedures are the
specific methods employed to express policies in action in day-to-day
operations of the organization.
II. Three organizational security procedures:

➢ Additional knowledge about security for employees:
• Make it simple for staff to recognize assaults on businesses.

• Attacks that are simple to debug from home.
• Employees that are knowledgeable about security can assist firms in
lowering costs or
reducing risk when a hacker sends harmful code.
➢ Developing information security policies:

• Take a broad approach to information security.
• To detect and prevent data, network, computer system, and application
security vulnerabilities.
• To detect and prevent data, network, computer system, and application
security vulnerabilities.
• To respect customers' rights, one option is to provide effective mechanisms
for responding to complaints and questions concerning actual or claimed
policy non-compliances.
➢ Wireless Communications Procedures:
• This procedure prohibits unauthorized wireless communication devices
from accessing [Organization] networks. Only wireless systems that meet
the criteria of these procedures or have been granted an exclusive waiver by
the Information Security Officer are allowed access to
[Organizationnetworks].
• Make a database of cards and access points. Any wireless Access Points /
Base Stations connected to the network must be registered and authorized
by the Information Security Officer. These Access Points / Base Stations
are subjected to regular penetration testing and audits. Any wireless
Network Interface Cards (PC cards) used in laptops or desktop computers
must be reported to the Information Security Officer. A device register is
maintained by the Information Security Officer.
• Encryption and authentication At least 128-bit point-to-point hardware

encryption must be used in wireless implementations. All implementations
must offer a hardware address that can be registered and monitored, such as
a MAC address. TACACS+, RADIUS, or similar technologies for strong
user authentication must be supported and used in all deployments.
• SSID (Service Set Identifier) (Service Set Identifier) Any identifying

information about the company, such as the company name, division title,
employee name, or product identification, must be removed from the SSID.
When at all possible, the SSID should not be broadcast.
➢ Database User Names and Passwords:
• Database user names and passwords can be saved in a separate file from the
program's code.
• This file should only be accessible to authorized users.
• Database credentials may be saved by the database server. In this case, the
running body of the program's code might keep a hash number identifying
the credentials.
• An authentication server (i.e., an entitlement directory), such as an LDAP
server that is used for user authentication, may keep database credentials. In
this case, there's no need to use database credentials programmatically.
• Database credentials should not be kept in the documents tree of a web
server.
• Pass through authentications (such as Oracle OPS$ authentication) should
not allow access to the database only based on a remote user's
authentication on the distant system.
• Passwords or pass phrases used to access a database must adhere to the
[Organization's] Password Procedures.
➢ Value data backup:
• Keep financial records for auditors.

• Keep backups according to your funding agreements, quality frameworks,
and needs.
• Keep track of board meetings, resolutions, and other governance-related
details.
• Keep historical records of your practice for future reference.
• Check for misplaced employee information, contact information, payroll
information, and rosters.
• Make that client information is safe and secure, and that you have access to
payment, attendance, and contact information.
• Keep track of program details that will help you reconcile grants and cash.
➢ Create a system firewall:
• Keeps a close eye on the traffic is a firewall monitors all traffic entering and
leaving your computer network. A two-way firewall monitors data leaving
your network as well as entering it. Data is sent in packets through
networks. The firewall analyses the packets to see whether they include
anything that could compromise your network's security. Even you, as the
sender, could unintentionally send anything malicious, which is why a
firewall that analyzes the contents is essential.
• Keyloggers are less likely to follow your activity when your computer is
protected by a firewall. A keylogger is spyware that scammers try to install
on your computer to record your keystrokes. After they find out what you're
putting in and where you're putting it, they may use that information to do
the same thing. They could use this information to get access to your
personal online accounts.
• Malware, particularly Trojans, can be extremely harmful to a person. A
Trojan lurks in the background of your computer, watching everything you
do with it. All of the information they gather will be sent to a web server.
Obviously, you won't realize they're there until your machine starts acting
weirdly. A firewall will swiftly block Trojans from causing damage to your
system in this instance.
Task 3 Identify the potential impact to it security

of incorrect configuration of Firewall policies and
IDS (P3)
I. Firewalls and policies:
➢ A firewall is an appliance (a combination of hardware and software) or an
application (software) designed to control the flow of Internet Protocol (IP) traffic
to or from a network or electronic equipment. Firewalls are used to examine
network traffic and enforce policies based on instructions contained within the
Firewall's Ruleset. Firewalls represent one component of a strategy to combat
malicious activities and assaults on computing resources and network-accessible
information. Other components include, but are not limited to, antivirus software,
intrusion detection software, patch management, strong passwords/passphrases,
and spyware detection utilities.
➢ Firewalls are typically categorized as either “Network” or “Host”: a Network
Firewall is most often an appliance attached to a network for the purpose of
controlling access to single or multiple hosts, or subnets; a Host Firewall is most
often an application that addresses an individual host (e.g., personal computer)
separately. Both types of firewalls (Network and Host) can be and often are used
jointly.
➢ This policy statement is designed to:
• Provide guidance on when firewalls are required or recommended. A Network

Firewall is required in all instances where Sensitive Data is stored or
processed; a Host Firewall is required in all instances where Sensitive Data is
stored or processed and the operating environment supports the
implementation. Both the Network and Host Firewalls afford protection to the
same operating environment, and the redundancy of controls (two separate
and distinct firewalls) provides additional security in the event of a
compromise or failure.
• Raise awareness on the importance of a properly configured (installed and
maintained) firewall.
1. Usage:
➢ To enable Window Firewall, do the following:
➢ Step 1: Open Command Prompt by pressing the Start menu button, then enter
cmd in the Search box.
Figure 9 Usage firewall
➢ Step 2: In the list of results, find Command Prompt and click "Run as
administrator" to be able to open Command Prompt with Admin rights.
➢ Step 3: Enter the command “etsh advfirewall set allprofiles state on” into the
Command Prompt window as shown below.
Note: You can also use the command "netsh advfirewall set domainprofile state
on" instead of the above command when you want to activate Windows Firewall.
➢ Step 4: If no errors occur, the Command Prompt window displays the message
"on" and has the word OK at the end of the line.
➢ Next, you set up the firewall for Windows. In the following example,
Vietnamese Hosting will guide on Windows 8 version.
➢ You press the Windows key + C or drag your mouse to the right corner of the
screen and then type "Firewall" in the search box.

➢ Click on Windows Firewall on the left. At this point, the Windows Firewall
Control Panel dialog box appears. Here, you can adjust the firewall's settings.
➢ For each program, the firewall gives the option of connecting to them via a
public or private network. You only have to tick the desired network type.
➢ In case there are applications that are not listed, click the "Change Setting"
button, then select the application in the list that appears or press the Browse
button to find the program.
➢ Back in the Firewall dialog box, click the "Turn Windows Firewall On or Off"
link. The options panel will now appear. According to this table, the system
allows you to turn on or off the firewall. It is even possible to aggregate
connections to computers. This is extremely useful and handy when you are on
public networks, because they will give you a secure connection.

➢ If you want advanced settings, click “Windows Firewall with Advanced
Security” on the left side of the Firewall dialog box.

➢ In case, you want to block an outgoing connection, click on “Outbound Rules”
in the left column.
Next, select “New rule”.
➢ Then, select the port you want to block. Suppose, if you want to block outgoing
connections on HTTP port (port 80), ie access to website through IE browser,
then click Next and enter the port number.

➢ Continue to click Next and then choose an action, for this example, you choose
“Block the connection”.
➢ Next, choose a configuration. In this step, you can also select all 3 profiles that
the system displays.
➢ At this point, you are done with the setup to block connections from port 80. To
check if the firewall is working under this new configuration, go to IE and enter
the domain name of the website. If the interface appears the message "This page
can't be displayed", it means you have successfully set up the firewall.
2. Advantages in a network:
➢ Monitor Traffic
A major responsibility of a firewall is to monitor the traffic passing through it.
Whatever the information traveling through a network is in the form of packets.
Firewall inspects each of these packets for any hazardous threats. If any chance
the firewall happens to find them it will immediately block them.
➢ Protection against Trojans
Malwares especially the type Trojans are dangerous to a user. A Trojan silently
sits on your computer spying over all the works you do with it. Whatever the
information they gather will be sent to a web server. Obviously you will not
know their presence until the strange behaviours of your computer. A firewall in
this instance will immediately block Trojans before they cause any damages to
your system.
➢ Prevent Hackers
Hackers on the internet constantly look for computers in order for carrying out
their illegal activities. When the hackers happen to find such computers they will
start to do even malicious activities such as spreading viruses. Apart from those
hackers there can be unknown people such as the neighbours looking out for an
open internet connection. Hence, to prevent such intrusions it is a good idea to be
with a firewall security.
➢ Access Control
Firewalls comes with an access policy that can be implemented for certain hosts
and services. Some hosts can be exploited with the attackers. So the best in case
is to block such hosts from accessing the system. If a user feels that they need
protection from these types of unwanted access, this access policy can be
enforced.
➢ Better Privacy
Privacy is one of the major concerns of a user. Hackers constantly look out for
privacy informations for getting clues about the user. But by using a firewall
many of the services offered by a site such as the domain name service and the
finger can be blocked. Hence, the hackers are with no chance of getting privacy
details. Additionally firewalls can block the DNS informations of the site system.
Due to this the names and the IP address will not be visible to the attackers.
II. Firewall provide security to a network:

➢ A firewall is a network security device that monitors all incoming and outgoing
traffic and applies a set of security rules to allow, refuse, or block certain types of
communication.
• Allow traffic to flow freely.
• Reject: "unreachable error" is used to deny traffic.
• Drop: no response, black the traffic.
➢ A firewall, like the internet, serves as a barrier between safe internal networks and
untrusted networks on the outside.
Figure 23 Firewall
➢ Prior to Firewall, network security was managed via router ACLs (Access
Control Lists). ACLs are rules that determine whether a specific information
science address is allowed or denied network access. ACLs, on the other hand,
have no idea what characters are in the packets they are blocking. Furthermore,
ACLs alone will not keep threats out of the network. The Firewall was born as a
result.
➢ For organizations, internet connectivity is no longer a choice. Web access, on the

other hand, benefits the firm because it allows the skin world to connect with the
company's internal network. The internal network must be secured from illicit
traffic, therefore this creates a risk to the company.
III. Diagrams the example of how firewall works:

➢ Firewalls act as a barrier between your computer (or network) and the outside
world (the Internet). A firewall is similar to a security guard who stands at your
front door and filters visitors. Some visitors may be admitted, but others who he
suspects of being intruders may be turned away. A firewall, on the other hand, is
a piece of software or hardware that filters data (packets) sent over the Internet
to your computer or network.
Figure 24 Diagrams firewall
➢ Firewalls may enable or restrict network connection between devices based on pre-
configured or created rules by the firewall administrator. Most personal firewalls,
such as Windows Firewall, use a set of pre-configured rules that are most
appropriate in most cases, eliminating the need for the user to configure the
firewallE
➢ End-users choose personal firewalls for their PCs because they are easy to set up and
use. Large networks and businesses, on the other hand, choose firewalls with a wide
range of configuration choices to meet their unique needs.
➢ Firewall rules for FTP servers, Telnet servers, and Web servers, for example, may all
be different. Furthermore, the company can control how its employees access the
Internet by limiting file transfers to other networks or denying access to specific
websites. A firewall can provide a company a lot of control over how users use the
network in addition to providing security.
➢ To regulate incoming and outgoing traffic in a network, firewalls employ one or
more of the following methods:
• Packet Filtering: Different firewall rules may exist for FTP servers, Telnet
servers, and Web servers, for example. Furthermore, the company can control
how its employees access the Internet by limiting file transfers to other networks
or denying access to specific websites. A firewall can provide a company a lot of
control over how users use the network in addition to providing security.
• Stateful Inspection is a newer technique that does not look at the contents of the
packet. Instead, it compares critical packet elements to a reliable source database.
Incoming and outgoing packets are compared against this database, and if a
match is discovered, the packets are allowed to continue on their way. Otherwise,
they'll be discarded.
IV. IDS and IPS:

1. Define IDS:
➢ IDS (Intrusion Detection Systems) is a software or tool that helps to secure the
system and warn of errors when suspicious behavior enters the system. The main
purpose of IDS is to prevent and detect actions that undermine the security of the
system or behaviors such as port detection and scanning.
➢ IDS software can also distinguish between internal attacks (from employees
within the organization) or external attacks (from hackers).
2. IDS usage and diagrams:

Intrusion detection systems offer organizations several benefits, starting with the
ability to identify security incidents. An IDS can be used to help analyze the
quantity and types of attacks. Organizations can use this information to change
their security systems or implement more effective controls. An intrusion
detection system can also help companies identify bugs or problems with their
network device configurations. These metrics can then be used to assess future
risks.
Figure 25 Diagrams IDS
➢ Advantage
• Suitable for data collection, help to check network problems with the
most convincing evidence.
• Provides a comprehensive and comprehensive view of the entire
network.
• It is a suitable tool to collect evidence for checking network problems.
➢ Disadvantage
• If not properly configured, it is easy to cause false alarms.

• The ability to analyze encrypted traffic is relatively low.
➢ The cost of deploying, developing and operating the system is relatively
large.
3. Define IPS:
➢ In fact, IPS stands for Intrusion Prevention Systems, which means a network
intrusion prevention system that is being widely used today. This system of
prevention and intrusion is the world of information technology security. This
system will monitor activities and prevent unwanted network intrusions, ensuring
network security.
➢ When implementing IPS, it can detect and prevent threats and vulnerabilities to
protect the whole system. By using IPS, users can reduce the risk of device attack,
invasion and theft over internal network connections.
4. Usage and diagrams:

➢ The use of participants in the architecture has different functions. If used
correctly, these components will bring high efficiency to users. In particular, IPS
is one of the important components used to protect the system against intrusion.
When implementing IPS can bring to the system the following benefits:
• Helps to monitor abnormal activities in the system

• Helps determine how and where an object affects the system and where it
occurs in the network structure.
• IPS can interact with the firewall system to help prevent untrusted activities
and penetration into the system.
Figure 26 IPS diagrams

➢ Advantages and disadvantages of IPS intrusion prevention system
➢ As mentioned, the components used in the system all have their own advantages
and disadvantages. The use of IPS intrusion system will bring advantages and
disadvantages as follows:
• About the advantage: It can help to comprehensively protect system

resources. It will bring prevention and timely prevention of attack activities
to the network.
• About the disadvantage: IPS systems can also cause false positives, which
may prevent users from other devices from accessing the system.
➢ So, with the information we have just provided, you can answer what is an IPS
system? Using this IPS intrusion system will help you a lot in information
security. Hope the above sharing can bring useful information to you.
V. The potential impact (Threat-Risk) of a firewall and IDS if

they are incorrectly configured in a network:
➢ To detect network attacks, we must search for any syspect system activity. This
could help with the detection of real-world attacks. Let's take a closer look at the
symptoms so we can find the invaders.
➢ When the network is configured incorrectly, the impact of firewall policies is as
follows:
• A firewall policy error either creates security holes that let hostile traffic into a
private network or blocks authorized traffic and disrupts normal business
operations, perhaps causing irrevocable, if not disastrous, consequences.
Policy changes are a major source of policy errors. Firewall policies must be
changed on a regular basis as networks evolve and new threats emerge. This
paper introduces the concepts and tools for analyzing the impact of firewall
policy changes. Our algorithms take a firewall policy and a suggested change
as input and output the exact impact of the change. As a result, before making
a permanent change, a firewall administrator can double-check it.
• For example, if you use a third-party VPN, the servers are normally exposed
to everyone who registers up for the service. If someone infects all of the users
and you don't have a firewall, your computer will be infected with malicious
viruses and malware.
• Hackers can simply infect a system with malicious malware, causing the
device to be cracked.
• Hackers may gain access to sensitive information by using a user's name and
password.
➢ Impact of IDS when network configuration is incorrect:

• Personal: Hackers can employ viruses and malware to get remote access to
computers, then extract data and send it to them in the form of text,
photographs, and video. They'll either encrypt the entire machine and demand
a ransom to restore the data, or they'll broadcast private video photographs on
the internet.
• Companies in business: Internal, confidential corporate information such as
budgets, strategies, or all encrypted data will be seized, resulting in a loss of
millions or billions of dollars, if not completely destroyed. Competition will
steal individual growth plans if private data is provided with them, resulting in
huge financial losses for the company.
• Country: National classified information covers a wide range of themes,
including the military, politics, and so on. State secrets are revealed when
hackers deploy malicious code to attack holes in firewall and IDS policies,
culminating in a national tragedy that drives countries to distrust, blame, and,
in the worst-case scenario, worldwide war.
• Because encrypted packets are uncontrollable, they do not provide the
information required for intrusion detection.
• Make it difficult to upgrade new attack kinds.
• Protocol-based assaults are possible.
• Because the analytic module uses limited resources (just buffers), its detection
is limited as well.
Figure 27 Threat-Risk of a firewall and IDS
Task 4 - Show, using an example for each, how

implementing a DMZ, static IP and NAT in a
network can improve Network Security (P4)
I. DMZ:
1. Define:
➢ DMZ is a word that is very commonly used in the military area and in
the field of information technology. DMZ stands for Demilitarized
Zone. It is understood as the demilitarized zone, military demarcation
line, or demilitarized zone. The area has no military activity going on,
so it's also home to peaceful urban areas away from gang territories.
However, DMZ is also an abbreviation used in information technology.
In computing, a DMZ is a networked device (a range of networked or
subnet devices), e.g. a computer, that is located outside of a firewall or
other security measures on a network.
Figure 28 diagrams DMZ
2. Usage:
➢ Businesses with a public website that customers use must make their
web server accessible from the internet. Doing so means putting their
entire internal network at high risk. To prevent this, an organization
could pay a hosting firm to host the website or their public servers on a
firewall, but this would affect performance. So instead, the public
servers are hosted on a network that is separate and isolated.
➢ A DMZ network provides a buffer between the internet and an
organization’s private network. The DMZ is isolated by a security
gateway, such as a firewall, that filters traffic between the DMZ and a
LAN. The default DMZ server is protected by another security
gateway that filters traffic coming in from external networks.
➢ It is ideally located between two firewalls, and the DMZ firewall setup
ensures incoming network packets are observed by a firewall—or other
security tools—before they make it through to the servers hosted in the
DMZ. This means that even if a sophisticated attacker is able to get
past the first firewall, they must also access the hardened services in
the DMZ before they can do damage to a business.
➢ If an attacker is able to penetrate the external firewall and compromise
a system in the DMZ, they then also have to get past an internal
firewall before gaining access to sensitive corporate data. A highly
skilled bad actor may well be able to breach a secure DMZ, but the
resources within it should sound alarms that provide plenty of warning
that a breach is in progress.
➢ Organizations that need to comply with regulations, such as the Health
Insurance Portability and Accountability Act (HIPAA), will sometimes
install a proxy server in the DMZ. This enables them to simplify the
monitoring and recording of user activity, centralize web content
filtering, and ensure employees use the system to gain access to the
internet.
3. Advantage:
➢ The main benefit of a DMZ is to provide an internal network with an
advanced security layer by restricting access to sensitive data and
servers. A DMZ enables website visitors to obtain certain services
while providing a buffer between them and the organization’s private
network. As a result, the DMZ also offers additional security benefits,
such as:
➢ Enabling access control: Businesses can provide users with access to
services outside the perimeters of their network through the public
internet. The DMZ enables access to these services while
implementing network segmentation to make it more difficult for an
unauthorized user to reach the private network. A DMZ may also
include a proxy server, which centralizes internal traffic flow and
simplifies the monitoring and recording of that traffic.
➢ Preventing network reconnaissance: By providing a buffer between the
internet and a private network, a DMZ prevents attackers from
performing the reconnaissance work they carry out the search for
potential targets. Servers within the DMZ are exposed publicly but are
offered another layer of security by a firewall that prevents an attacker
from seeing inside the internal network. Even if a DMZ system gets
compromised, the internal firewall separates the private network from
the DMZ to keep it secure and make external reconnaissance difficult.
➢ Blocking Internet Protocol (IP) spoofing: Attackers attempt to find
ways to gain access to systems by spoofing an IP address and
impersonating an approved device signed in to a network. A DMZ can
discover and stall such spoofing attempts as another service verifies the
legitimacy of the IP address. The DMZ also provides network
segmentation to create a space for traffic to be organized and public
services to be accessed away from the internal private network.
4. Disadvantage:
➢ Setting up the DMZ is something that not everyone knows how to do,
so doing it wrong can lead to the potential loss or copying of all the
information the system has. It will therefore be essential that only
those who are absolutely certain of what they are doing take this
action.
➢ In general, setting up a DMZ is very beneficial for business

environments where it is essential to provide security in the concept of
networking. Therefore, you must have IT professionals correctly
configure the DMZ.
➢ Otherwise, if the DMZ validation is not done in a neat and detailed

manner, it can be very dangerous and could lead to the loss of our
team's information or the attraction of malicious outside intrusions.
We recommend getting professional computer security support if you
are thinking of solving this problem.
II. Static IP:
1. Define:
➢ Static IP address is a manually configured IP address for the device compared
to the one assigned through the DHCP server. It's called static because it
doesn't change, the exact opposite of a dynamic IP address that changes.
➢ Routers, phones, tablets, desktops, laptops, and any other device that can use
an IP address can be configured with a static IP address. This can be done
through devices that generate IP addresses (like routers) or by manually
entering an IP address into the device from the device itself.
➢ Static IP addresses are sometimes called fixed IP addresses or dedicated IP
addresses.
Figure 29 Diagrams Static IP
2. Usage:
➢ The most common static IP address use cases are restricting network access
(with IP whitelisting) and enabling remote access (when you host a service
inside your LAN and need to access it regardless of geographical
constraints). Fixed IP address will deliver you a value if you want to:
• Have a unique identification on the Internet and the possibility of IP
whitelisting with no hassle.
• Avoid potential IP address conflicts WAN/LAN - the situation when
two hosts are assigned with the same IP (which usually leads to one
host being unable to communicate).
• Define firewall rules valid indefinitely (using a dynamic IP address
would lead to updating the firewall rule every time the IP changes).
• Have your services hosted inside your LAN accessible from the public
Internet.
• Have full responsibility for your IP reputation. Without a static IP, you
use one of ISP’s shared dynamic IP addresses that don’t uniquely
represent your network, and others might negatively affect your IP
reputation. With Static IP, only you keep an eye on correct (r)DNS
settings, IP reputation, correct IP geolocation and other parameters
which is handy when you, ie. run an emailing service.
3. Advantage:
➢ Speed
• Since Static IP addresses are with less contradictions, the devices

assigned with a Static IP address tends to perform faster. Only if you are
a broadband user, the speed difference is extremely noticeable. Not for
the DSL connections. This is especially beneficial if you are constantly
uploading and downloading files.
➢ Security
• The security level offered by a Static IP address is always up to a greater

extent. Static IP address is equipped with an additional layer of protection
which makes sure that most of the security problems are prevented.
➢ Accessibility
• Remote access is made possible in Static IP address using programs like

Virtual Private Network (VPN). Meaning that, devices can be accessed
from any part of the world. As long as the device is connected to the
internet, all the information are made accessible.
➢ Hosting
• Currently all type of hosting from web server, email server and other
types of servers are accepted by Static IP address. Therefore, if you have
a Static IP address all your customers and clients can easily access your
website. And also, when using Static IP address the devices can easily
locate and find all the servers worldwide.
➢ Stability
• All the Static IP address are known to be stable since they are restricted
from changes. Unlike in a Dynamic IP address, it does nor undergo
frequent lapses. Whenever there is a reboot, the computers will be able to
reconnect quickly to the internet using the same IP address.
4. Disadvantage:
➢ Configure the devices manually:
• As in the examples given above, the home web server and remote access
programs require you to set up an IP address for the device and properly
configure the router to communicate with that IP address.
• These operations certainly require more work than simply plugging in a

router and allowing it to issue dynamic IP addresses via DHCP.
• Furthermore, if you assign your device with an IP address like

192.168.1.110, but then you move to another network that only provides
addresses like 10.X.X.X, you will not be able to connect to your static IP ,
you'll have to reconfigure the device to use DHCP instead (or choose a
static IP that works with that new network).
• Security can be something you will have to be wary of if you use static IP
addresses. An IP address that never changes will give hackers a long
enough time frame for them to find a vulnerability in the device's network.
Using dynamic IP addresses will cause the attacker to change the way they
communicate with the device.
III. NAT:
1. Define:
➢ NAT is a technique that allows one or more intra-domain IP addresses to
convert to one or more out-of-domain IP addresses.
➢ What is the abbreviation of NAT? NAT or Network Address Translation

makes local network addresses (Private) accessible to public networks
(Internet). The location to implement NAT technique is the edge router,
where these two types of networks are connected.
Figure 30 Diagrams NAT

2. Usage:
➢ NAT is responsible for transmitting packets from one network layer to
another in the same system. NAT will change the IP address inside the
packet. Then pass through the router and network devices.
➢ During the phase when the packet is transmitted from the internet (public)
back to the NAT, the NAT will perform the task of changing the
destination address into an IP address within the local network and
forwarding it.
➢ NAT can act as a firewall. It helps users secure computer IP information.
Specifically, if the computer has problems connecting to the internet, the
public IP address (previously configured) will be displayed instead of the
local network IP.
3. Advantage:
➢ Saving IPv4 addresses: The number of users accessing the internet is
increasing day by day. This leads to the risk of IPv4 address shortage. The
NAT technique will help reduce the number of IP addresses that need to be
used.
➢ Helps to hide IP inside LAN.
➢ NAT can share the internet connection for many different computers and
mobile devices in the LAN with only a single public IP address.
➢ NAT helps network administrators filter incoming packets and approve
public IP's access to any port.
4. Disadvantage:
➢ When using the NAT technique, the CPU will have to check and spend
time to change the IP address. This increases the delay during switching.
Affects internet connection speed.
➢ NAT has the ability to hide IP addresses in the LAN, so technicians will
have a hard time checking the IP origin or tracing traces of packets.
➢ NAT hides the IP address, so it will make some applications that need to
use the IP inoperable.
IV. How DMZ, NAT and static IP can IMPROVE network
security.
1. explain
NAT and Firewalls provide levels of security. Static IP addresses generally are fairly neutral. A DMZ reduces security.
➢ A firewall is a hardware or software tool that blocks certain connections, possibly using specific protocols
and is certain directions (inwards or outwards). Some firewalls associate temporary access paths on different
ports or in different directions when an accepted packet is allowed through a different port or direction.
Some firewalls block specific applications or certain IP addresses. A typical home PC firewall will allow
outgoing packets, but block unsolicited incoming packets. Typically, such a firewall will accept a response
packet using the same IP addresses and port numbers as a recent outgoing packet. After a few tens of seconds
of inactivity, the firewall will start blocking these incoming packets again.
➢ Network Address Translation (NAT) is generally used to allow multiple source devices to share a single
public address on the Internet. The mechanism is similar to a firewall in setting up temporary incoming
acceptance, but unlike the firewall, the IP address and sometimes the port numbers are modified in outgoing
packets and converted back to the original address and port numbers in responses. A proxy server performs
a similar conversion process to a NAT. Port forwarding allows unsolicited incoming packets arriving on a
specific port on the Internet interface to pass through unblocked.
➢ A Demilitarized Zone (DMZ) bypasses the protection of a firewall or NAT for a specific device behind a such
protection. Any incoming packets that is not covered by any other specific rule is passed through to a specific
device on the network that would otherwise be protected by the firewall or NAT.
2. Improve
Network security improve are tools organizations use to help defend against cybersecurity threats, as well as accidental
damage, physical disasters, and other threats. Here are the main types of security solutions:
➢ Application security—used to test software application vulnerabilities during development and testing, and protect
applications running in production, from threats like network attacks, exploits of software vulnerabilities, and web
application attacks.
➢ Network security—monitors network traffic, identifies potentially malicious traffic, and enables organizations to
block, filter or mitigate threats.
➢ Cloud Security—implements security controls in public, private and hybrid cloud environments, detecting and
fixing false security configurations and vulnerabilities.
➢ Endpoint security—deployed on endpoint devices such as servers and employee workstations, which can prevent
threats like malware, unauthorized access, and exploitation of operating system and browser vulnerabilities.
➢ Internet of Things (IoT) security—connected devices are often used to store sensitive data, but are usually not
protected by design. IoT security solutions help gain visibility and improve security for IoT devices.
➢ Threat intelligence—combines multiple feeds containing data about attack signatures and threat actors, providing
additional context for security events. Threat intelligence data can help security teams detect attacks, understand
them, and design the most appropriate response.
References
By Linda Rosencrance. https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-
information-security-threats-for-IT-teams
BY GAURAV SIYALPUBLISHED JAN 23, 2022. https://www.makeuseof.com/top-recent-cloud-

security-breaches/
October 11, 2021 | By Sungard AS. https://www.sungardas.com/en-us/blog/the-consequences-of-a-

cyber-security-breach/
Craig Wright, in The IT Regulatory and Standards Compliance Handbook, 2008.

https://www.sciencedirect.com/topics/computer-science/security-procedure
Richard F. Schmidt, in Software Engineering, 2013.

Hamidreza Ghafghazi, ... Carlisle Adams, in Wireless Public Safety Networks 2, 2016.
https://wiki.matbao.net/nat-la-gi-huong-dan-cach-ket-noi-mang-nat-de-dang/

Asm1 Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Asm1 Security

Uploaded by

Copyright:

Available Formats

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Le Vinh Hung Student ID GCD191237

Class GCD1001 Assessor name Nguyen Trong Minh

Student’s signature Hung

Grade: Assessor Signature: Date:

Task 1 Identify types of security threat to the organization. Give an example of a

Task 2 Describe at least 3 organisational security ....................................................... 21

Figure 1 Types of hacker

• Social engineering attack

3. List type of threats that organizations will face:

b. Viruses and worms

II. Example of a recently publicized security breach and

c. Kaseya Ransomware Attack:

• Ensuring business continuity with updated backups in an easily retrievable,

2. The consequences of this breach:

➢ The top 5 business impacts of cyber security breaches:

➢ Each organization is unique in terms of the impact of a breach, dependent on the

Cybercrime costs small businesses disproportionately more than big businesses

As if direct financial losses weren't punishment enough, there is the prospect of

While in the US there is no true counterpart to GDPR, three states — California,

3. Suggest solutions to organizations:

Defending against security breaches

In conclusion, the number of cyberattacks is continuously expanding and shows no

II. Three organizational security procedures:

• Make it simple for staff to recognize assaults on businesses.

➢ Developing information security policies:

• Encryption and authentication At least 128-bit point-to-point hardware

• SSID (Service Set Identifier) (Service Set Identifier) Any identifying

➢ Database User Names and Passwords:

➢ Value data backup:

• Keep financial records for auditors.

➢ Create a system firewall:

Task 3 Identify the potential impact to it security

➢ This policy statement is designed to:

• Provide guidance on when firewalls are required or recommended. A Network

Figure 13 Usage firewall

Figure 14 Usage firewall

Figure 15 Usage firewall

Figure 17 Usage firewall

Figure 18 Usage firewall

Figure 19 Usage firewall

Figure 20 Usage firewall

Figure 21 Usage firewall

Figure 22 Usage firewall

➢ Protection against Trojans

II. Firewall provide security to a network:

➢ For organizations, internet connectivity is no longer a choice. Web access, on the

III. Diagrams the example of how firewall works:

IV. IDS and IPS:

2. IDS usage and diagrams:

• If not properly configured, it is easy to cause false alarms.

4. Usage and diagrams:

• Helps to monitor abnormal activities in the system

Figure 26 IPS diagrams

• About the advantage: It can help to comprehensively protect system

V. The potential impact (Threat-Risk) of a firewall and IDS if

➢ Impact of IDS when network configuration is incorrect:

Figure 27 Threat-Risk of a firewall and IDS

Task 4 - Show, using an example for each, how