Professional Documents
Culture Documents
ASSIGNMENT 1
1623
Student declaration
I certify that the assignment submission is entirely my work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
Summative Feedback: Resubmission Feedback:
List of Figures.......................................................................................................................................................................4
INTRODUCTION ..............................................................................................................................................................5
TASK 1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) .........................6
1. Define threats: Software assaults, loss of intellectual property, identity theft, theft of equipment or information,
sabotage, and information extortion are all examples of information security threats....................................................6
2. Identify threats agents to organizations ....................................................................................................................6
3. List the type of threats that organizations will face...................................................................................................8
4. What are the recent security breaches? List and give examples with dates............................................................12
5. Propose a method to assess and treat IT security risks (M1) ..................................................................................18
TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2) ..............................20
1. Definition .................................................................................................................................................................20
2. Discussion on Incidence response policy ................................................................................................................20
3. Discussion on Acceptable Use Policy .....................................................................................................................23
4. Discussion on Remote Access Policy ......................................................................................................................24
TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO ITS SECURITY OF INCORRECT CONFIGURATION
OF FIREWALL POLICIES AND IDS (P3) ..................................................................................................................25
A. Firewall ...................................................................................................................................................................25
1. Firewall Definition ..............................................................................................................................................25
2. How Does A Firewall Provide Security To A Network? ......................................................................................28
B. IDS ..........................................................................................................................................................................29
1. IDS Definition ......................................................................................................................................................29
2. IDS Usage ............................................................................................................................................................30
3. How Does IDS Work ............................................................................................................................................30
C. The Potential Impact (Threat-Risk) Of A Firewall And IDS If They Are Incorrectly Configured In A
Network .31
TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND
NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) ..................................................................32
A. DMZ ........................................................................................................................................................................32
1. Definition .............................................................................................................................................................32
2. How Does DMZ Work..........................................................................................................................................32
3. Advantages Of DMZ ............................................................................................................................................33
4. Service of DMZ ....................................................................................................................................................34
5. The Importance Of Dmz Networks.......................................................................................................................34
B. Static IP ..................................................................................................................................................................34
1. Definition .............................................................................................................................................................34
2. How static IP addresses work..............................................................................................................................35
3. Advantages of Static IP ........................................................................................................................................36
C. NAT .........................................................................................................................................................................36
1. Definition .............................................................................................................................................................36
2. How Does NAT Work ...........................................................................................................................................37
3. Types of NAT........................................................................................................................................................37
4. NAT security ........................................................................................................................................................38
D. Discuss Three Benefits To Implement Network Monitoring Systems With Supporting Reasons (M2)........38
CONCLUSION .................................................................................................................................................................39
References .........................................................................................................................................................................39
List of Figures
Figure 1:Security Threats .....................................................................................................................................................6
Figure 2: Data Breaches ....................................................................................................................................................12
Figure 3: Security Procedures ...........................................................................................................................................20
Figure 4: Firewall ..............................................................................................................................................................25
Figure 5: Diagram How Firewall work .............................................................................................................................29
Figure 6: How IDS Work ...................................................................................................................................................30
Figure 7: DMZ ...................................................................................................................................................................32
Figure 8: How DMZ Work .................................................................................................................................................33
Figure 9: Static IP ..............................................................................................................................................................35
Figure 10: NAT...................................................................................................................................................................36
Figure 11: NAT Working ....................................................................................................................................................37
INTRODUCTION
In today's data-driven and globally connected culture, data routinely moves freely
between individuals, groups, and businesses. Data is very valuable, and hackers are well
aware of this. As a result of the ongoing growth in cybercrime, there is a growing need
for security specialists to protect and defend an organization against attack. This report
will cover some fundamentally basic security theories, such as identifying different
kinds of security threats to organizations, organizational security procedures, firewall
policies, and the use of IDS, DMZ, static IP addresses, and NAT in networks, in order
to aid my quest for in-depth knowledge in this field.
TASK 1 - IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1)
1. Define threats: Information security risks include things like software attacks, intellectual property theft, identity
theft, equipment or data theft, sabotage, and information extortion.
Threats include everything that has the potential to breach security, alter, destroy, or harm a particular item or
object of interest. For the purposes of this instructional series, a threat is defined as a prospective hacker attack
that would provide someone access to a computer system without authorization (garg, 2021).
Figure 2: APT
+ They snoop about, install specialized harmful programs, and acquire essential data and sensitive
information once inside an organization (RSI, 2021).
+ Here are commonly five progressions that an Advanced Persistent Threat undergoes to strengthen its
damage:
Infiltration of Access: APT attackers utilize malware, trojan horses, and phishing to
penetrate the system.
Grip Strengthening: The strength of an Advanced Persistent Threat is its capacity to
penetrate an organization.
Invasion of the System: Once APT attackers have full freedom of movement, they will
start targeting the system by gaining administrator access and cracking passwords left and
right.
Lateral Movement: Enterprises have become the playground of hackers.
Deep Machinations: During this stage, the APT attackers have complete authority over
the organization, erasing all traces of their intrusion and creating a reliable backdoor for
future use.
+ They use cutting-edge tools like malware and computer intrusion techniques to undermine the
cybersecurity of a company. These cybercriminals are cunning and like to enter an organization
covertly in order to do damage (RSI, 2021).
Distributed Denial of Service (DDoS)
+ When fraudsters use Distributed Denial of Service, or DDOS, their primary purpose is to disrupt a
website.
+ In essence, they flood a target network with fictitious requests to overwhelm the system and make it
crash. Legitimate users or clients won't be able to visit the website because it will be down. DDoS can
cause considerable productivity losses as a result of these unnecessary interruptions.
+ Because the incoming onslaught does not come from a single source, it is impossible to counter a
Distributed Denial-of-Service assault. Consider a restaurant where a rowdy throng gathers at the front
door to create a ruckus.
Ransomware
+ Ransomware is a form of virus from cryptovirology that hackers execute and expertly encrypt once
they've gained access to your network. Clients' sensitive personal information or important corporate
data is stolen, and the material is then threatened with jeopardy until the target company pays a ransom.
+ Over time, ransomware has evolved into a popular way of extorting money from businesses.
+ Digital attackers weaponize the valuable information they discover inside a network that has been
penetrated. Presenting an innocent file or link is one of the regular methods for recruiting individuals
to the company.
Phishing
+ One of the most popular methods used by hackers to access a system is phishing. Through it, one can
access more complex security issues like Distributed Denial of Service (DDoS) and ransomware
(DDoS).
+ The main tactic of phishing is deceit. Attackers design email campaigns that appear to be from a
reliable source. Without realizing it, clicking on these URLs or attachments might infect a machine
and its network.
+ Hackers frequently impersonate top employees or client organizations. They can pretend to be a bank
request or a business transaction that the victim employee would anticipate. The sophistication of
phishing and its ability to track its targets into realistic communication influence its effectiveness.
Worms
+ Worms are malware that spreads rapidly, particularly after they connect to a computer network.
In order to increase and strengthen their presence and impact, they look for network flaws..
Botnet
+ Robot and network are combined to form the term "botnet." It is a general phrase for privately owned
computers that have been infected by malware, leaving them open to remote access by hackers without
the knowledge of the business.
+ This level of precise control and comprehension of target networks is required for the dissemination
of spam, the execution of DDoS attacks, and data theft. Hackers use botnets as a force multiplier to
interfere with the intricate systems of their target companies.
+ Botnet architecture has progressed significantly in terms of evading detection. Its applications
impersonate clients to connect with existing servers. Cybercriminals can then control these botnets
remotely via peer-to-peer networks.
Cryptojacking
+ Nowadays, cryptocurrency is all the trend. It requires the tactic of mining to generate more currency
organically. Phishing tactics have been used by cybercriminals to infect and hijack more slave
machines that will be used to mine cryptocurrencies.
+ Because targets are unaware that their resources are being used to mine cryptocurrency, cryptojacking
can cause slower computers.
China's Ministry of Industry and Information Technology (MIIT) has requested that Weibo enhance its
data security protocols in order to better protect user data and notify users and authorities when data
security breaches occur. In a statement, Sina Weibo said that no passwords were gained, but that an
attacker used an application intended to help users identify their friends' Weibo accounts by supplying
their phone numbers to collect publicly available information. However, it acknowledged that the exposed
information might be used to link accounts to passwords if passwords are reused on other accounts. The
company claimed that it has improved its security procedures and informed the relevant authorities of the
problem. (Dan Swinhoe and Michael Hill, 2021)
Nintendo reported that a rumored credential stuffing assault resulted in the compromise of 160,000
accounts in April 2020. Using user IDs and passwords that had previously been made public, hackers
were able to access user accounts, purchase digital goods using stored credit cards, and view personal
information like name, email address, date of birth, gender, and nationality.
The gaming giant has been looking into the incident and later revealed that they think 140,000 more
accounts were taken, bringing the total number of compromised accounts to 300,000. Users are cautioned
not to use the same password for various accounts and services, even though all impacted customers'
passwords have been changed.
At the beginning of April, as staff members were getting used to their new work-from-home environment,
it was reported that the virtual conference tool Zoom had experienced a humiliating security breach,
exposing the login information of over 500,000 users.
In yet another credential stuffing attack, hackers appear to have gained access to the accounts by using
username and password combinations that had been obtained in earlier data breaches. Later, the data was
offered for sale on hacker forums on the dark web for as little as one pence.
Login credentials, email addresses, personal meeting URLs, and Host Keys were among the information
stolen. Criminals were able to log in and attend meetings or use the information for other nefarious
reasons, as a result of this.
5. Data on 3.3 Million Audi Customers Exposed in Unsecured Database (June 2021)
In June 2021, Volkswagen said that data on 3.3 million Audi customers, including information about
recent and upcoming purchases, had been posted online. The data cache, which was acquired between
2014 and 2019, contained names, email addresses, phone numbers, and specific vehicle-related
information.
An further 90,000 people were affected, and sensitive data was stolen. Social Security numbers and dates
of birth could be included in this.
According to the company, the data was onlinely accessible at some point between August 2019 and May
2021. To pinpoint a certain timeframe, the organization is still investigating the incident.
According to ZDNet, the attack affected on-premise VSA solutions used by Kaseya clients in ten different
countries as well as Kaseya's SaaS servers. Kaseya immediately informed its customers after the
occurrence. The organization released the Kaseya VSA detection tool, enabling business customers to
evaluate their VSA services and manage endpoints for indications of vulnerabilities..
7. Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August 2021)
In August 2021, Wiz security specialists were able to obtain access to Microsoft Azure account credentials
and client databases thanks to a Cosmos DB vulnerability. Because of the flaws, people were able to
access databases that weren't their own. Numerous Fortune 500 companies were among the many types
of firms that were affected by the issue.
It's unclear if anyone else had access to the information outside the security professionals. On the other
hand, anyone who did gain access to the systems would have had full access to download, delete, and edit
records..
On March 22, Microsoft released a statement in which it acknowledged the attacks. Only one account
was taken over, according to Microsoft, and the company's security personnel were able to stop the attack
before Lapsus$ could further infiltrate their operations.
c. The Consequences Of Those Breaches
Sina Weibo: affecting 538 million Weibo users and their personal data, such as real names, usernames from
the site, gender, location, and phone numbers.
Nintendo: 160,000 accounts had been compromised in a suspected credential stuffing attack, approximately
300,000 accounts had been affected.
Zoom: The embarrassing security breach that Zoom, a virtual conference application, had exposed the login
information for over 500,000 users. On forums on the dark web, the data was sold.
Linkedln: 700 million-person consumer database was sold and released for free on the dark web.
Audi Database: Data on 3.3 million Audi customers, including past and future purchases, had been posted
online and was accessible to anybody. Affected were almost 90,000 people, and critical data was also seized.
Kaseya: A supply chain ransomware attack targeted downstream clients and managed service providers,
seizing administrative control of Kaseya services.
Microsoft Azure: The problem impacted a wide spectrum of businesses, including numerous Fortune 500
enterprises.
Crypto.com: 4,600 ETH valued at roughly $15 million was hacked and moved to ambiguous wallets.
Microsoft: Bing, Cortana, and other Microsoft projects had been hacked.
d. Suggest solutions to organizations:
+ Whether you've experienced a breach or want to develop a strong response capability, we can quickly
deploy a team of cyber security experts with years of expertise and our cutting-edge technologies to your
company. Work to increase visibility, address issues, and put plans in place to stop recurrent accidents.
+ Define, find, defend, and avoid There are four crucial criteria solutions for effective breach management.
Define Businesses must develop a comprehensive strategy and security lifecycle in order to identify
threats and counter them. Planning, risk analysis, policy development, and controls should all be taken
into consideration. The level of resilience required to withstand a concerted attack may be greatly
increased by a solid business and technical architecture. (Zola, 2019).
Define: To identify and defend against threats, businesses must create an entire strategy and security
lifecycle. Planning, risk assessment, policy formulation, and controls should all be addressed. A strong
business and technical architecture may significantly increase the amount of resilience needed to
survive a coordinated attack. By incorporating security into this architecture, businesses can rest certain
that they are as secure as possible in the event of a compromise.
Find: If an attack is discovered quickly, its damage can be minimized. When an organization has a
clear and defined plan, it needs to be able to monitor and recognize potential activities. Understanding
the volumes, types, and performance of the baseline environment is necessary to determine the types
of attacks, attack locations, and attack vectors used. You'll need a combination of people, procedures,
and technology to create a system for gathering situational awareness and actionable security
intelligence that will help you get ready for quick alerting of attacks.
Defend: There are no foolproof methods for preventing attacks, however it is advised that preparations
be made to protect the organization's critical services and data. As part of your defense strategy, you
should eliminate the threat, seal the weakness, and manage the effect. A powerful strategy is a tiered
defense that enables you to identify a breach earlier, respond faster, mitigate the impact of the incident,
and reduce ongoing exposure. Costs are thereby decreased, control is strengthened, and risk exposure
is gradually decreased as a result..
Avoid: By working together and exchanging security intelligence, organizations can recognize and
counter a wide range of attack strategies and sources. Since there are efficient procedures in place for
documenting, reporting, and auditing security breaches, there is support for taking legal action against
intruders.
ISRM process:
Implementation:
Examine the security dangers that have been discovered and the measures that are in place.
New danger detection and containment mechanisms are being developed.
Analyze real and attempted attacks using network security technologies.
Install and use technologies for alarms and unwanted access capture.
Risk Monitoring:
In order to provide a safe environment for your technological assets, you must implement an
information risk management framework.
A sophisticated software-driven system of controls and alert management is an important component
of a risk management strategy (Dobran, 2019).
A set of procedures that must be followed in order to carry out a certain security obligation or function is
known as a security process. Procedures are frequently created as a series of steps to be taken consistently
and repeatedly in order to accomplish a specific purpose. Once established, security procedures provide a
set of detailed methods for carrying out the organization's security operations, simplifying training, process
auditing, and process improvement. The uniformity needed to prevent variation in security operations is
established through procedures, which enhances security control inside the company. Reducing variance
is a great way to cut waste, improve quality, and increase performance in the security industry (Patterson,
2018).
Incident Response (IR) Procedure: In order to make sure that the is ready to respond to cyber security
incidents, secure State systems and data, and prevent a disruption of governmental services, provide the
necessary procedures for incident management, reporting, and monitoring as well as incident response
training, testing, and support.
Incidents Phases:
+ Preparation phase: The preparation phase refers to the teaching and preparing of system users and
the IT staff in responsibility of responding to security issues. Along with identifying potential
incident-related tools and resources, this stage should also adopt preventative measures, such as
conducting regular risk assessments and increasing user awareness.
+ Identification phase: Identifying and detecting a security incident, as well as establishing the
severity and priority level of the discovered problem. This phase entails (i) identifying incidents
that use common attack vectors (e.g., attacks via removable media, the Web, and e-mail); (ii)
recognizing signs of incidents; (iii) identifying detectable precursors; (iv) performing initial
analysis and validation through file integrity checking; (v) running packet sniffers; (vi) filtering
data, and (vii) evidence preservation.
+ Containment phase: instructions on how to isolate systems affected by the attack from other
systems to prevent future damage.
+ Eradication phase: Determining the cause of the occurrence and removing the impacted systems.
+ Recovery phase: Returning afflicted systems to their regular operating environment.
+ Post-incident phase: capturing the entire incident, conducting a thorough investigation, identifying
the cause of the incident, estimating related costs, and developing a plan to prevent such incidents
in the future..
Elements of an incident response policy:
This policy applies to any data produced or stored on the Organization's systems.
+ Before being electronically sent, all information, including non-public personal information,
must be encrypted.
+ In all other situations, sensitive information such as non-public personal information must be
encrypted in accordance with the Information Sensitivity Procedures..
+ All information and data stored on the organization's systems and networks are regarded as the
organization's property for the purposes of this policy..
+ Any information, including data files, emails, and information saved on company-issued
computers or other electronic devices, may be monitored or audited by the organization at any
time, for any reason, with or without warning, in order to test and monitor compliance with
certain security measures..
All sensitive information must be kept private and not shared or made available to anyone without
adequate authorisation. Sensitive information will be used solely and only in the investigation. It
may not be utilized for any other purpose besides managing the receivership.
+ The official website of the organization should not include any sensitive information.
+ According to the organization's information sensitivity policies, information on the systems of
the organization, including public and private websites, should be categorized as either public
or sensitive..
+ Passwords must be kept private and never given out to anyone else. Authorized users are
accountable for the password and account security..
+ Passwords at the user level must be updated by the organization's systems usage policy, but at
the very least every six months. Accounts at the user level include, but are not limited to:
o Email
o Web
o Social
o Media
o Access to sensitive information through application accounts
+ Authorized users should take extreme caution when opening email attachments as they could
include Trojan horse malware, viruses, or e-mail bombs accidentally or on deliberately. All
users must be instructed on how to spot such risks (Anon., 2008).
4. Discussion on Remote Access Policy
The acceptable methods of connecting to an organization's internal networks from a remote location
are covered in detail in the remote access policy. I've also seen amendments to this policy that
specify how BYOD assets must be used. Businesses with dispersed networks that may extend into
unsecure network locations, such as the local coffee shop or unmanaged home networks, are
required to have this policy..
General:
Everyone who has access to the Organization network, including employees, contractors, suppliers,
and others, must agree to keep all access codes and processes private and not share them with
anybody. Employees, independent contractors, vendors, and agents must ensure that their access
connections are protected by security measures that are generally equivalent to those used by
Organization..
Requirements:
Only those employees who have been given permission by the information security officer should
have access to secure remote access, which must be strictly managed. To establish authorized
access, either one-time password authentication or public/private keys with strong passwords must
be utilized.
Authorized users are forbidden from disclosing their login information to third parties and from
writing it down or otherwise keeping a record of it (Anon., 2008).
Authorized users are only permitted to access the network using tools provided by the
Organization, unless the information security officer grants them permission to do otherwise.
Remote connections must adhere to minimum authentication standards like CHAP or DLCI, which
must be ensured by authorized users.
Any remote computer linked to the organization's internal networks must be running antivirus
software with the most updated virus definitions, and authorized users are in charge of making sure
this is the case..
Figure 6: Firewall
Types of Firewalls:
+ Packet filtering: A tiny quantity of data is examined and delivered by the filter's requirements.
+ Proxy service: At the application layer, a network security system protects while filtering
communications.
+ Stateful inspection: Dynamic packet filtering keeps track of current connections to decide which network
packets to let through the Firewall.
+ Next-Generation Firewall (NGFW): Deep packet inspection Firewall with the application-level
inspection.
Firewall Policies:
There are hardware and software appliances that act as firewalls. A lot of hardware-based firewalls furthermore
offer extra services to the internal network they safeguard, like acting as a DHCP server. Several personal
computer operating systems include software-based firewalls to protect against attacks from the public Internet.
Firewall components are found in many routers that transmit data across networks, and many firewalls may
also carry out simple, everyday tasks..
Firewall Usage:
+ Prevents the Passage of Unwanted Content
There is no such thing as unpleasant or subpar stuff online. Such bad content can easily enter the system
without a strong firewall. Most operating systems will include firewalls that effectively shield users from
undesirable and hazardous internet information by the year 2020 (Pedamkar, 2020)..
Today's world is full of unethical hackers that are always striving to gain access to vulnerable systems.
Uninformed users are unaware of who has access to their computers.
To protect your data, transactions, and other sensitive information, you need a strong firewall. For
enterprises, private data and information leaks can lead to considerable loss and failure..
Young minds can be harmed by exposure to obscene material of any type, which can result in odd
behaviors and immoral behavior..
Hardware firewalls work well for examining traffic patterns depending on a particular protocol. A record
of every activity associated with a connection is stored when it is established, aiding in system security.
A type of firewall called Network Address Translation (NAT) effectively defends computers against
assaults coming from outside their network. As a result, these machines' IP addresses are only reachable
within their network, making them autonomous and secure (Pedamkar, 2020).
In today's corporate environment, enterprise software and systems have become increasingly crucial. Due
to decentralized distribution techniques and widespread data access, authorized stakeholders can use and
alter the data for efficient business operations.
Using credentials from any machine on the network, a user may log in to his system. Given the size of the
network and the volume of data.
Companies in the service sector are required to maintain constant contact with external clients. As part of
numerous efforts, they regularly exchange pertinent information with the internal teams and the customer
teams.
Since almost all of the content produced by these coordination efforts is confidential, it must be carefully
protected since no organization can afford the costs associated with such crucial information being
divulged..
Advantages of Firewall:
+ Hackers and remote access are prevented by a firewall.
+ It safeguards information.
+ Enhanced security and network monitoring capabilities
+ It gives you more privacy and security.
+ Assist the VOIP phone's dependability.
+ It guards against trojans (Bradley, 2021).
+ Allow for more advanced network capabilities to be implemented.
+ An OS-based firewall can only protect single PCs, but a network-based firewall, such as a router, can protect
many systems.
The graphic below, for example, depicts how a firewall permits excellent traffic to flow through to a user'sprivate network
+ The firewall in the example below, on the other hand, prevents harmful traffic from accessing the private
network, safeguarding the user's network from a cyberattack (Bradley, 2021).
+ This is how a firewall may do quick analyses to find malware and other questionable behaviour.
+ At different network levels, several types of firewalls are used to read data packets.
B. IDS
1. IDS Definition
An intrusion detection system (IDS) is a network traffic monitoring system that detects suspicious behaviour
and sends out notifications when it is found (Lutkevich, 2021).
While an IDS's primary responsibilities are anomaly detection and reporting, certain intrusion detection
systems also have the ability to take action when malicious behavior or abnormal traffic are found, such as
blocking traffic from suspect IP addresses..
An intrusion prevention system (IPS), which, like an IDS, scans network packets for potentially dangerous
network activity, but concentrates on preventing attacks rather than identifying and documenting them, varies
from an intrusion detection system (IDS).
2. IDS Usage
+ Other security measures aimed at detecting, preventing, or recovering from attacks; keeping an eye on the
performance of routers, firewalls, key management servers, and files necessary for other security measures;
+ Enabling administrators to adjust, monitor, and comprehend pertinent OS audit trails and other logs that may
otherwise be difficult to follow or understand;
+ Giving a user-friendly interface so that non-expert staff members may assist with system security
management; having a sizable attack signature database against which information from the system may
be evaluated.;
+ The IDS creates an alarm and tells the user that security has been breached; attackers are stopped or the
server is blocked when it discovers that data files have been altered..
C. The Potential Impact (Threat-Risk) Of A Firewall And IDS If They Are Incorrectly Configured In A
Network
+ On the same network segment, such as an open/unencrypted wireless network, unencrypted HTTP connections
can be misused by an outsider, allowing anybody on the Internet to reach the firewall. Anti-spoofing
limitations are not activated on the external interface, which opens the door for denial of service and related
attacks. Rules exist without logging, which might be problematic for important systems and services.
+ Any protocol or service can be used to connect internal network segments, which might result in internal
security flaws and compliance violations, especially in PCI DSS cardholder data settings.
+ Anyone on the internal network is able to connect to the firewall via an unencrypted telnet connection. These
connections can be misused by an inside user if ARP poisoning is enabled by a tool like the free password
recovery program Cain & Abel (or malware).
+ Any type of TCP or UDP service has the potential to exit the network, resulting in the proliferation of malware
and spam as well as unauthorized use and policy violations.
+ There is no documentation for the regulations, which might raise security management issues, particularly if
firewall administrators abruptly depart the organization.
+ The default password(s) are used, resulting in every security risk imaginable, including responsibility concerns
when network events occur.
+ Due to its age and lack of support, firewall OS software is susceptible to known flaws including remote code
execution and denial of service attacks. Additionally, if a breach occurs and the system's age is made public,
it could not seem good in the eyes of outsiders..
+ Anyone on the Internet may access internal Microsoft SQL Server databases, which can lead to internal
database access, especially if SQL Server is configured using the default credentials (sa/password) or an
otherwise weak password.
TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND
NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4)
A. DMZ
1. Definition
An organization's internal local-area network is shielded from unauthorized traffic by a perimeter network called
a DMZ Network. A common DMZ is a subnetwork that is situated in between private networks and the public
internet (Ohri, 2021).
Figure 9: DMZ
An enterprise can connect to untrusted networks like the internet via a DMZ while still retaining the security of
its private network or LAN. The Domain Name System (DNS), File Transfer Protocol (FTP), mail, proxy, Voice
over Internet Protocol (VoIP), and web servers are among the external-facing services and resources that are
frequently kept in the DMZ..
3. Advantages Of DMZ
Access control: Companies can use the open internet to provide customers with access to services outside the
bounds of their network. The DMZ permits network segmentation and access to certain services, making it more
challenging for an unauthorized user to get access to the private network. A DMZ may have a proxy server, which
centralizes internal traffic flow and streamlines monitoring and recording of that traffic..
A DMZ serves as a barrier between a private network and the internet, preventing attackers from performing
network reconnaissance in search of appropriate targets. A firewall adds an additional layer of protection by
preventing an attacker from seeing inside the internal network even while servers in the DMZ are accessible to
the general public..
Even if a DMZ system is compromised, the internal firewall protects the private network by separating it from the
DMZ, preventing external reconnaissance.
Blocking IP spoofing: By spoofing an IP address and pretending to be a reputable device that has logged in to the
network, attackers attempt to get access to systems. A DMZ can identify and prevent such spoofing attempts while
another service verifies the IP address's legitimacy. In order to organize traffic and make public services accessible
outside of the private network, the DMZ also functions as a network segmentation zone..
4. Service of DMZ:
− Web servers
− Mail servers
− FTP servers
− DNS servers
− Proxy servers
− VoIP servers
B. Static IP
1. Definition
A static IP address is a 32-bit number that is issued to a computer to use as an internet address. An internet service
provider will usually supply this number in the form of a dotted quad (ISP).
C. NAT
1. Definition
Network Address Translation (NAT) is a process that converts one or more local IP addresses into one or more
global IP addresses and vice versa in order to provide Internet connection to local hosts. In the packet that will be
sent to the destination, it also performs port number translation, masking the host's port number with a different
port number. The appropriate IP address and port number entries are then added to the NAT table. NAT is often
performed via a router or firewall. 2019 (Vaughan-Nichols)
network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters
the local network, the global (public) IP address is converted to a local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and
an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is sent.
3. Types of NAT
+ Static NAT
This NAT chooses the same local address when it is transformed into a public one. This indicates that the
router or NAT device will have a constant public IP address.
+ Dynamic NAT
Instead of always utilizing the same IP address, this NAT employs a pool of public IP addresses. The router
or NAT device thus obtains a different address each time it transforms a local address to a public address
(Vaughan-Nichols, 2019).
+ PAT
PAT stands for port address translation. Although it ties a collection of local IP addresses to a single public
IP address, it is a form of dynamic NAT. Organizations use PATs to route all employee activity through a
single IP address, typically under the supervision of a network administrator..
4. NAT security
NAT might be beneficial for security and privacy. NAT switches data packets from public to private addresses to
block outside access to the private device. Unwanted data has a harder time getting through since the router
arranges the data to make sure it is routed to the right place. Although it isn't flawless, it typically serves as your
device's first line of defense. A NAT firewall alone won't be enough for a corporation to safeguard its data; it also
has to hire a cybersecurity specialist..
This is because network monitoring tools provide us the knowledge to assess regular performance and
the foresight to find any outliers, enabling us to identify issues early. Effective network monitoring
enables IT professionals to identify potential issues before they become serious issues that result in system
outages and repair them.
CONCLUSION
This paper covers the risks and remedies, as well as a variety of tools that can help individuals
and organizations get betterto protect their data when online. List security breaches to help
users understand what has happened in the past and howto avoid danger and safeguard data
if one has occurred. There are risks, but there are also benefits to consider for the consumer.
As a result, the analysis shows that the benefits of such apps have been and continue to be
positively evaluated,allowing consumers to select the best software for their needs.
References
Anon., 2008. [Organization] Information Security Procedures , s.l.: s.n.
Bradley, T., 2021. What Is a Firewall and How Does a Firewall Work?. [Online]
Available at: https://www.lifewire.com/what-is-a-firewall-2487290
Cassetto, O., 2019. Security Breaches: What You Need to Know. [Online]
Available at: https://www.exabeam.com/dlp/security-breach/
Contributor, S., 2020. What is a Data Breach? Ultimate Guide to Cyber Security Breaches. [Online]
Available at: https://www.dnsstuff.com/data-breach-101
Dobran, B., 2019. Information Security Risk Management: Build a Strong Program. [Online]
Available at: https://phoenixnap.com/blog/information-security-risk-management
Michael Hill and Dan Swinhoe, 2021. The 15 biggest data breaches of the 21st century, s.l.: s.n.
Patterson, D., 2018. The Importance of Policies and Procedures, s.l.: s.n.