Professional Documents
Culture Documents
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Grading grid
P1 P2 P3 P4 M1 M2 D1
❒ Summative Feedback: ❒ Resubmission Feedback:
References .............................................................................................................. 53
Figure 1 Types of hacker ........................................................................................................................................................................... 5
Figure 2 Insider threats .............................................................................................................................................................................. 9
Figure 3 Viruses and worms .................................................................................................................................................................... 10
Figure 4 Botnets ...................................................................................................................................................................................... 11
Figure 5 Accenture .................................................................................................................................................................................. 12
Figure 6 Verizon ...................................................................................................................................................................................... 14
Figure 7Kaseya Ransomware Attack ...................................................................................................................................................... 16
Figure 8 Breach ....................................................................................................................................................................................... 17
Figure 9 Usage firewall ........................................................................................................................................................................... 26
Figure 10 Usage firewall ......................................................................................................................................................................... 27
Figure 11 Usage firewall ......................................................................................................................................................................... 28
Figure 12 Usage firewall ......................................................................................................................................................................... 29
Figure 13 Usage firewall ......................................................................................................................................................................... 29
Figure 14 Usage firewall ......................................................................................................................................................................... 30
Figure 15 Usage firewall ......................................................................................................................................................................... 30
Figure 16 Usage firewall ......................................................................................................................................................................... 31
Figure 17 Usage firewall ......................................................................................................................................................................... 31
Figure 18 Usage firewall ......................................................................................................................................................................... 32
Figure 19 Usage firewall ......................................................................................................................................................................... 33
Figure 20 Usage firewall ......................................................................................................................................................................... 33
Figure 21 Usage firewall ......................................................................................................................................................................... 34
Figure 22 Usage firewall ......................................................................................................................................................................... 34
Figure 23 Firewall ................................................................................................................................................................................... 36
Figure 24 Diagrams firewall .................................................................................................................................................................... 38
Figure 25 Diagrams IDS .......................................................................................................................................................................... 40
Figure 26 IPS diagrams ........................................................................................................................................................................... 41
Figure 27 Threat-Risk of a firewall and IDS ........................................................................................................................................... 44
Figure 28 diagrams DMZ ........................................................................................................................................................................ 45
Figure 29 Diagrams Static IP................................................................................................................................................................... 48
Figure 30 Diagrams NAT ........................................................................................................................................................................ 51
Task 1 Identify types of security threat to the
organization. Give an example of a recently publicized
security breach and discuss its consequences (P1)
I. Identify types of security threat to the organization:
1. Define threats:
➢ Although the terms security threat, security event, and security incident are
alllinked, they have diverse connotations in the field of cybersecurity.
➢ A security threat is a harmful act that seeks to corrupt or steal data, as well as
disrupt the systems or the entire business. A security event is an occurrence in
which a company's data or network is potentially exposed. A security incident is
anoccurrence that results in a data or network compromise.
➢ Enterprise IT must be cautious in securing its data and networks as
cybersecuritythreats continue to change and become more sophisticated. To do
so, they must first comprehend the many sorts of security dangers they face.
2. Identify threats agents to organizations:
➢ Attack come in many different forms and include the following 5 types of
attack:
c. Botnets:
➢ A botnet is a group of Internet-connected devices, such as PCs, mobile devices,
servers, and IoT devices, that have been infected with malware and are
controlled remotely. Typically, botnet malware scans the internet for vulnerable
devices. The purpose of a threat actor that creates a botnet is to infect as many
connected devices as possible, then use the computational power and resources
of those devices to perform automated operations that are typically hidden from
the devices' users. The threat actors who manage these botnets, most of whom
are fraudsters, utilize them to send spam emails, conduct click fraud operations,
and create malicious traffic for distributed denial-of-service assaults.
Figure 4 Botnets
a. Accenture:
In its Cyber Risk survey, the world's first Cyber Resilience startup UpGuard
discovered that Accenture left at least four AWS S3 storage buckets unsecured in
2017.
The breach included unbridled authentication details, confidential API data, digital
certificates, decryption keys, user data, and meta info.
The security analysis by UpGuard discovered 137GB of data was available for
public access. As a result, cyber attackers used this data to defame and extort money
from users. Some compromised information also found its way onto the dark web.
Figure 5 Accenture
In August 2021, Accenture again fell prey to an attack via the LockBit ransomware.
This time, the enterprise was savvy enough to discover the infiltration during 2021's
final quarter audits.
Accenture suspected chain attacks on client systems due to the 2021 data breach: this
included misconstrued critical systems, inadvertent disclosure, and subsequent
malware infections.
The culprits, the LockBit ransomware themselves, claimed that they stole 6TB worth
of data from this attack, which they held at a ransom of $50 million.
b. Verizon:
In 2017, Verizon's third-party cohort, Nice Systems, erroneously exposed user PPI
due to a faulty AWS S3 configuration. The attack was made possible due to Nice's
error that further collected customer call data.
In 2020, Verizon uncovered 29,207 security incidents, while 5,200 of these cases
were confirmed breaches. The telecom giant fell prey to DDoS attacks; social
engineering and client-side web app infections fueled each attack, leading to server-
side system breaches.
Figure 6 Verizon
The telecom agency attributes the pandemic-induced remote productivity model as
the primary reason behind the creation of loopholes and the proliferation of
cyberattacks. The organization categorizes these attacks as a result of errors
committed by the 'human element,' a side product of social engineering.
Verizon released a 2021 audit of their cyber-security strategy in alignment with their
VERIS framework, which serves as a case study for other enterprises and users.
Roughly 61% of these attacks involved using unauthorized credentials, while
phishing rose from 25% to 36% in 2019.
In July 2021, IT solutions provider Kaseya suffered a massive attack on their unified
remote monitoring and network perimeter security tool. A supply chain ransomware
attack aimed to steal administrative control of Kaseya services from managed
service providers and their downstream customers.
As reported by ZDNet, the attack crippled the company's SaaS servers and affected
on-premise VSA solutions used by Kaseya customers across ten countries. Kaseya
proactively responded to the attack by immediately alerting its customers. The
company rolled out the Kaseya VSA detection tool, allowing business users to
analyze their VSA services and manage endpoints for signs of vulnerabilities.
Figure 7Kaseya Ransomware Attack
The incident and Kaseya's response gave the world vital lessons in a modern
cyberattack mitigation, which include:
Figure 8 Breach
• Reputational damage
Loss of customer and stakeholder trust can be the most harmful impact of
cybercrime, since the overwhelming majority of people would not do business with a
company that had been breached, especially if it failed to protect its customers' data.
This can translate directly into a loss of business, as well as devaluation of the brand
you've worked so hard to build. Although on a case-by-case basis it’s difficult to
quantify the erosion of reputation due to a data breach, according to one industry
insider speaking with ITPro, “we see a 60% failure rate among SMBs after a
company discloses a breach within 6-12 months, partly due to confidence issues and
partly due to recovery challenges.” (7)
• Theft
While a cyber-raid on a big-name bank may net the attacker a sizeable haul, smaller
businesses' defenses are typically less sophisticated and easier to penetrate, making
them a softer target. Cyber-enabled fraud leads to monetary losses, but stolen data
can be worth far more to hackers, especially when sold on the Dark Web. A report
by The Digital Shadows Photon Research team found that the average price for
commercially traded logins on the Dark Web was a ‘modest’ $15.43; when it came
to domain administrator accounts that give access to internal business networks,
(typically sold by auction because of their value to hackers), the price spiked to an
average of $3,139 and, in select cases, reached an eye-popping price of $120,000. (8)
Intellectual property theft may be equally damaging, with companies losing years of
effort and R&D investment in trade secrets or copyrighted material – and their
competitive advantage.
• Financial losses
• Fines
• Below-the-surface costs
In addition to the economic costs of incident response, there are several intangible
costs that can continue to blight a business long after the event itself. The impact of
operational disruption tends to be woefully underestimated – especially among firms
that have little in the way of formal business resilience and continuity strategies –
and small organizations that already struggle to manage cash flow may face
crippling rises in insurance premiums or see an increased cost to raise debt.
Cyber security and cyber incident recovery isn't an IT problem. Instead, it's a
business imperative. Adopting a comprehensive security strategy today can help you
avoid having to shut up shop if hackers strike tomorrow.
• Make a database of cards and access points. Any wireless Access Points /
Base Stations connected to the network must be registered and authorized
by the Information Security Officer. These Access Points / Base Stations
are subjected to regular penetration testing and audits. Any wireless
Network Interface Cards (PC cards) used in laptops or desktop computers
must be reported to the Information Security Officer. A device register is
maintained by the Information Security Officer.
• Database user names and passwords can be saved in a separate file from the
program's code.
• This file should only be accessible to authorized users.
• Database credentials may be saved by the database server. In this case, the
running body of the program's code might keep a hash number identifying
the credentials.
• An authentication server (i.e., an entitlement directory), such as an LDAP
server that is used for user authentication, may keep database credentials. In
this case, there's no need to use database credentials programmatically.
• Database credentials should not be kept in the documents tree of a web
server.
• Pass through authentications (such as Oracle OPS$ authentication) should
not allow access to the database only based on a remote user's
authentication on the distant system.
• Passwords or pass phrases used to access a database must adhere to the
[Organization's] Password Procedures.
• Keeps a close eye on the traffic is a firewall monitors all traffic entering and
leaving your computer network. A two-way firewall monitors data leaving
your network as well as entering it. Data is sent in packets through
networks. The firewall analyses the packets to see whether they include
anything that could compromise your network's security. Even you, as the
sender, could unintentionally send anything malicious, which is why a
firewall that analyzes the contents is essential.
• Keyloggers are less likely to follow your activity when your computer is
protected by a firewall. A keylogger is spyware that scammers try to install
on your computer to record your keystrokes. After they find out what you're
putting in and where you're putting it, they may use that information to do
the same thing. They could use this information to get access to your
personal online accounts.
• Malware, particularly Trojans, can be extremely harmful to a person. A
Trojan lurks in the background of your computer, watching everything you
do with it. All of the information they gather will be sent to a web server.
Obviously, you won't realize they're there until your machine starts acting
weirdly. A firewall will swiftly block Trojans from causing damage to your
system in this instance.
1. Usage:
➢ To enable Window Firewall, do the following:
➢ Step 1: Open Command Prompt by pressing the Start menu button, then enter
cmd in the Search box.
Figure 9 Usage firewall
➢ Step 2: In the list of results, find Command Prompt and click "Run as
administrator" to be able to open Command Prompt with Admin rights.
Figure 10 Usage firewall
➢ Step 3: Enter the command “etsh advfirewall set allprofiles state on” into the
Command Prompt window as shown below.
Note: You can also use the command "netsh advfirewall set domainprofile state
on" instead of the above command when you want to activate Windows Firewall.
Figure 11 Usage firewall
➢ Step 4: If no errors occur, the Command Prompt window displays the message
"on" and has the word OK at the end of the line.
Figure 12 Usage firewall
➢ Next, you set up the firewall for Windows. In the following example,
Vietnamese Hosting will guide on Windows 8 version.
➢ You press the Windows key + C or drag your mouse to the right corner of the
screen and then type "Firewall" in the search box.
➢ For each program, the firewall gives the option of connecting to them via a
public or private network. You only have to tick the desired network type.
➢ In case there are applications that are not listed, click the "Change Setting"
button, then select the application in the list that appears or press the Browse
button to find the program.
Figure 16 Usage firewall
➢ Back in the Firewall dialog box, click the "Turn Windows Firewall On or Off"
link. The options panel will now appear. According to this table, the system
allows you to turn on or off the firewall. It is even possible to aggregate
connections to computers. This is extremely useful and handy when you are on
public networks, because they will give you a secure connection.
➢ Then, select the port you want to block. Suppose, if you want to block outgoing
connections on HTTP port (port 80), ie access to website through IE browser,
then click Next and enter the port number.
➢ Next, choose a configuration. In this step, you can also select all 3 profiles that
the system displays.
➢ At this point, you are done with the setup to block connections from port 80. To
check if the firewall is working under this new configuration, go to IE and enter
the domain name of the website. If the interface appears the message "This page
can't be displayed", it means you have successfully set up the firewall.
2. Advantages in a network:
➢ Monitor Traffic
A major responsibility of a firewall is to monitor the traffic passing through it.
Whatever the information traveling through a network is in the form of packets.
Firewall inspects each of these packets for any hazardous threats. If any chance
the firewall happens to find them it will immediately block them.
Malwares especially the type Trojans are dangerous to a user. A Trojan silently
sits on your computer spying over all the works you do with it. Whatever the
information they gather will be sent to a web server. Obviously you will not
know their presence until the strange behaviours of your computer. A firewall in
this instance will immediately block Trojans before they cause any damages to
your system.
➢ Prevent Hackers
Hackers on the internet constantly look for computers in order for carrying out
their illegal activities. When the hackers happen to find such computers they will
start to do even malicious activities such as spreading viruses. Apart from those
hackers there can be unknown people such as the neighbours looking out for an
open internet connection. Hence, to prevent such intrusions it is a good idea to be
with a firewall security.
➢ Access Control
Firewalls comes with an access policy that can be implemented for certain hosts
and services. Some hosts can be exploited with the attackers. So the best in case
is to block such hosts from accessing the system. If a user feels that they need
protection from these types of unwanted access, this access policy can be
enforced.
➢ Better Privacy
Privacy is one of the major concerns of a user. Hackers constantly look out for
privacy informations for getting clues about the user. But by using a firewall
many of the services offered by a site such as the domain name service and the
finger can be blocked. Hence, the hackers are with no chance of getting privacy
details. Additionally firewalls can block the DNS informations of the site system.
Due to this the names and the IP address will not be visible to the attackers.
Figure 23 Firewall
➢ Prior to Firewall, network security was managed via router ACLs (Access
Control Lists). ACLs are rules that determine whether a specific information
science address is allowed or denied network access. ACLs, on the other hand,
have no idea what characters are in the packets they are blocking. Furthermore,
ACLs alone will not keep threats out of the network. The Firewall was born as a
result.
➢ Firewalls may enable or restrict network connection between devices based on pre-
configured or created rules by the firewall administrator. Most personal firewalls,
such as Windows Firewall, use a set of pre-configured rules that are most
appropriate in most cases, eliminating the need for the user to configure the
firewallE
➢ End-users choose personal firewalls for their PCs because they are easy to set up and
use. Large networks and businesses, on the other hand, choose firewalls with a wide
range of configuration choices to meet their unique needs.
➢ Firewall rules for FTP servers, Telnet servers, and Web servers, for example, may all
be different. Furthermore, the company can control how its employees access the
Internet by limiting file transfers to other networks or denying access to specific
websites. A firewall can provide a company a lot of control over how users use the
network in addition to providing security.
➢ To regulate incoming and outgoing traffic in a network, firewalls employ one or
more of the following methods:
• Packet Filtering: Different firewall rules may exist for FTP servers, Telnet
servers, and Web servers, for example. Furthermore, the company can control
how its employees access the Internet by limiting file transfers to other networks
or denying access to specific websites. A firewall can provide a company a lot of
control over how users use the network in addition to providing security.
• Stateful Inspection is a newer technique that does not look at the contents of the
packet. Instead, it compares critical packet elements to a reliable source database.
Incoming and outgoing packets are compared against this database, and if a
match is discovered, the packets are allowed to continue on their way. Otherwise,
they'll be discarded.
➢ IDS software can also distinguish between internal attacks (from employees
within the organization) or external attacks (from hackers).
• Suitable for data collection, help to check network problems with the
most convincing evidence.
• Provides a comprehensive and comprehensive view of the entire
network.
• It is a suitable tool to collect evidence for checking network problems.
➢ Disadvantage
3. Define IPS:
➢ In fact, IPS stands for Intrusion Prevention Systems, which means a network
intrusion prevention system that is being widely used today. This system of
prevention and intrusion is the world of information technology security. This
system will monitor activities and prevent unwanted network intrusions, ensuring
network security.
➢ When implementing IPS, it can detect and prevent threats and vulnerabilities to
protect the whole system. By using IPS, users can reduce the risk of device attack,
invasion and theft over internal network connections.
I. DMZ:
1. Define:
➢ DMZ is a word that is very commonly used in the military area and in
the field of information technology. DMZ stands for Demilitarized
Zone. It is understood as the demilitarized zone, military demarcation
line, or demilitarized zone. The area has no military activity going on,
so it's also home to peaceful urban areas away from gang territories.
However, DMZ is also an abbreviation used in information technology.
In computing, a DMZ is a networked device (a range of networked or
subnet devices), e.g. a computer, that is located outside of a firewall or
other security measures on a network.
2. Usage:
➢ Businesses with a public website that customers use must make their
web server accessible from the internet. Doing so means putting their
entire internal network at high risk. To prevent this, an organization
could pay a hosting firm to host the website or their public servers on a
firewall, but this would affect performance. So instead, the public
servers are hosted on a network that is separate and isolated.
➢ A DMZ network provides a buffer between the internet and an
organization’s private network. The DMZ is isolated by a security
gateway, such as a firewall, that filters traffic between the DMZ and a
LAN. The default DMZ server is protected by another security
gateway that filters traffic coming in from external networks.
➢ It is ideally located between two firewalls, and the DMZ firewall setup
ensures incoming network packets are observed by a firewall—or other
security tools—before they make it through to the servers hosted in the
DMZ. This means that even if a sophisticated attacker is able to get
past the first firewall, they must also access the hardened services in
the DMZ before they can do damage to a business.
➢ If an attacker is able to penetrate the external firewall and compromise
a system in the DMZ, they then also have to get past an internal
firewall before gaining access to sensitive corporate data. A highly
skilled bad actor may well be able to breach a secure DMZ, but the
resources within it should sound alarms that provide plenty of warning
that a breach is in progress.
➢ Organizations that need to comply with regulations, such as the Health
Insurance Portability and Accountability Act (HIPAA), will sometimes
install a proxy server in the DMZ. This enables them to simplify the
monitoring and recording of user activity, centralize web content
filtering, and ensure employees use the system to gain access to the
internet.
3. Advantage:
➢ The main benefit of a DMZ is to provide an internal network with an
advanced security layer by restricting access to sensitive data and
servers. A DMZ enables website visitors to obtain certain services
while providing a buffer between them and the organization’s private
network. As a result, the DMZ also offers additional security benefits,
such as:
➢ Enabling access control: Businesses can provide users with access to
services outside the perimeters of their network through the public
internet. The DMZ enables access to these services while
implementing network segmentation to make it more difficult for an
unauthorized user to reach the private network. A DMZ may also
include a proxy server, which centralizes internal traffic flow and
simplifies the monitoring and recording of that traffic.
➢ Preventing network reconnaissance: By providing a buffer between the
internet and a private network, a DMZ prevents attackers from
performing the reconnaissance work they carry out the search for
potential targets. Servers within the DMZ are exposed publicly but are
offered another layer of security by a firewall that prevents an attacker
from seeing inside the internal network. Even if a DMZ system gets
compromised, the internal firewall separates the private network from
the DMZ to keep it secure and make external reconnaissance difficult.
➢ Blocking Internet Protocol (IP) spoofing: Attackers attempt to find
ways to gain access to systems by spoofing an IP address and
impersonating an approved device signed in to a network. A DMZ can
discover and stall such spoofing attempts as another service verifies the
legitimacy of the IP address. The DMZ also provides network
segmentation to create a space for traffic to be organized and public
services to be accessed away from the internal private network.
4. Disadvantage:
➢ Setting up the DMZ is something that not everyone knows how to do,
so doing it wrong can lead to the potential loss or copying of all the
information the system has. It will therefore be essential that only
those who are absolutely certain of what they are doing take this
action.
2. Usage:
➢ The most common static IP address use cases are restricting network access
(with IP whitelisting) and enabling remote access (when you host a service
inside your LAN and need to access it regardless of geographical
constraints). Fixed IP address will deliver you a value if you want to:
• Have a unique identification on the Internet and the possibility of IP
whitelisting with no hassle.
• Avoid potential IP address conflicts WAN/LAN - the situation when
two hosts are assigned with the same IP (which usually leads to one
host being unable to communicate).
• Define firewall rules valid indefinitely (using a dynamic IP address
would lead to updating the firewall rule every time the IP changes).
• Have your services hosted inside your LAN accessible from the public
Internet.
• Have full responsibility for your IP reputation. Without a static IP, you
use one of ISP’s shared dynamic IP addresses that don’t uniquely
represent your network, and others might negatively affect your IP
reputation. With Static IP, only you keep an eye on correct (r)DNS
settings, IP reputation, correct IP geolocation and other parameters
which is handy when you, ie. run an emailing service.
3. Advantage:
➢ Speed
➢ Security
➢ Accessibility
• Currently all type of hosting from web server, email server and other
types of servers are accepted by Static IP address. Therefore, if you have
a Static IP address all your customers and clients can easily access your
website. And also, when using Static IP address the devices can easily
locate and find all the servers worldwide.
➢ Stability
• All the Static IP address are known to be stable since they are restricted
from changes. Unlike in a Dynamic IP address, it does nor undergo
frequent lapses. Whenever there is a reboot, the computers will be able to
reconnect quickly to the internet using the same IP address.
4. Disadvantage:
➢ Configure the devices manually:
• As in the examples given above, the home web server and remote access
programs require you to set up an IP address for the device and properly
configure the router to communicate with that IP address.
➢ Network Address Translation (NAT) is generally used to allow multiple source devices to share a single
public address on the Internet. The mechanism is similar to a firewall in setting up temporary incoming
acceptance, but unlike the firewall, the IP address and sometimes the port numbers are modified in outgoing
packets and converted back to the original address and port numbers in responses. A proxy server performs
a similar conversion process to a NAT. Port forwarding allows unsolicited incoming packets arriving on a
specific port on the Internet interface to pass through unblocked.
➢ A Demilitarized Zone (DMZ) bypasses the protection of a firewall or NAT for a specific device behind a such
protection. Any incoming packets that is not covered by any other specific rule is passed through to a specific
device on the network that would otherwise be protected by the firewall or NAT.
2. Improve
Network security improve are tools organizations use to help defend against cybersecurity threats, as well as accidental
damage, physical disasters, and other threats. Here are the main types of security solutions:
➢ Application security—used to test software application vulnerabilities during development and testing, and protect
applications running in production, from threats like network attacks, exploits of software vulnerabilities, and web
application attacks.
➢ Network security—monitors network traffic, identifies potentially malicious traffic, and enables organizations to
block, filter or mitigate threats.
➢ Cloud Security—implements security controls in public, private and hybrid cloud environments, detecting and
fixing false security configurations and vulnerabilities.
➢ Endpoint security—deployed on endpoint devices such as servers and employee workstations, which can prevent
threats like malware, unauthorized access, and exploitation of operating system and browser vulnerabilities.
➢ Internet of Things (IoT) security—connected devices are often used to store sensitive data, but are usually not
protected by design. IoT security solutions help gain visibility and improve security for IoT devices.
➢ Threat intelligence—combines multiple feeds containing data about attack signatures and threat actors, providing
additional context for security events. Threat intelligence data can help security teams detect attacks, understand
them, and design the most appropriate response.
References
By Linda Rosencrance. https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-
information-security-threats-for-IT-teams
Hamidreza Ghafghazi, ... Carlisle Adams, in Wireless Public Safety Networks 2, 2016.
https://www.sciencedirect.com/topics/computer-science/security-procedure
https://wiki.matbao.net/nat-la-gi-huong-dan-cach-ket-noi-mang-nat-de-dang/