Asm1 Ngo Xuan Duy Bh00213 Security Compressed

lOMoARcPSD|25742948
ASM1-NGO XUAN DUY-BH00213-Security compressed
Computer Architecture (Trường Đại học FPT)
Studocu is not sponsored or endorsed by any college or university

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)
lOMoARcPSD|25742948
ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security Presentation
Submission date 10/03/2023 Date Received 1st submission
Re-submission Date Date Received 2nd submission
Student Name Ngo Xuan Duy Student ID BH00213
Class IT0504 Assessor name Le Van Thuan
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature Duy
Grading grid
P1 P2 P3 P4 M1 M2 D1

lOMoARcPSD|25742948
Table of Contents
I. Introduction................................................................................................................................................... 4
II. Assess risks to IT security ............................................................................................................................... 4
A. Identify types of security threat to organizations. Give an example of a recently publicized security breach
and discuss its consequences. (P1) ................................................................................................................. 4
1. Define threats........................................................................................................................................ 4
2. Threats agents to organizations .............................................................................................................. 4
3. Threats that organizations will face ......................................................................................................... 5
B. Organizational procedures an organization can set up to reduce the effects to the business of a security
breach (P2) ................................................................................................................................................. 17
1. Security procedure definition................................................................................................................ 17
2. Organizational security procedures. ...................................................................................................... 17
III. Describe IT security solutions ...................................................................................................................... 20
A. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.(P3).......... 20
1. Firewall ............................................................................................................................................... 20
2. Intrusion Detection System (IDS)........................................................................................................... 23
4. Potential impact (Threat-Risk) of FIREWALL and misconfigured IDS on the network. ................................ 28
B. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security. (P4) ................................................................................................................................. 29
1. DMZ .................................................................................................................................................... 29
2. Static IP ............................................................................................................................................... 31
3. NAT..................................................................................................................................................... 32
IV. Conclusion................................................................................................................................................. 33
V. Evaluation................................................................................................................................................... 34
1. Strengths ................................................................................................................................................ 34
2. Weaknesses ............................................................................................................................................ 34
VI. References................................................................................................................................................. 34
VI. Slides......................................................................................................................................................... 35

lOMoARcPSD|25742948
Table of Figure
Figure 1 Viruses ................................................................................................................................................ 5
Figure 2 Trojans Horse....................................................................................................................................... 6
Figure 3 Adware ................................................................................................................................................ 7
Figure 4 Spyware............................................................................................................................................... 8
Figure 5 worm................................................................................................................................................... 9
Figure 6 Ransomware ...................................................................................................................................... 10
Figure 7 Social Engineering .............................................................................................................................. 11
Figure 8 LinkedIn............................................................................................................................................. 14
Figure 9 Starwood (Marriott) ........................................................................................................................... 15
Figure 10 Sociallarks ........................................................................................................................................ 16
Figure 11 Firewall ............................................................................................................................................ 20
Figure 12 How does a firewall work? ................................................................................................................ 21
Figure 13 Intrusion Detection System (IDS) ....................................................................................................... 24
Figure 14 Network Intrusion Detection System (NIDS) ....................................................................................... 25
Figure 15 Host Intrusion Detection System (HIDS) ............................................................................................. 25
Figure 16 Application Protocol-based Intrusion Detection System (APIDS) .......................................................... 26
Figure 17 Hybrid Intrusion Detection System .................................................................................................... 27
Figure 18 Demilitarized Zone (DMZ) ................................................................................................................. 29
Figure 19 Example operation princeple............................................................................................................. 30
Figure 20 Static IP............................................................................................................................................ 31
Figure 21 NAT ................................................................................................................................................. 32
Figure 22 NAT Types........................................................................................................................................ 33

lOMoARcPSD|25742948
I. Introduction
I am currently working as an intern IT security specialist at FPT Information Security (FIS), a
prominent security consulting company in Vietnam that specializes in providing technical solutions to
mitigate potential IT security risks for medium-scale businesses. Many of our clients have outsourced
their security needs to us due to their lack of technical expertise and concerns about security. As part of
my responsibilities, my manager Jonson has tasked me with creating a presentation to train our junior
staff in identifying and assessing security risks using various tools and techniques, as well as educating
them on our organization's policies to safeguard data and devices.
II. Assess risks to IT security

A. Identify types of security threat to organizations. Give an example of a recently publicized security
breach and discuss its consequences. (P1)
Due to the high importance of security issues for companies today, any information that companies
possess can cause significant personal data breaches if they are attacked by hackers. Therefore, we need
to have a clear understanding of the security issues that companies and organizations must face
1. Define threats
Security threats can cause significant and irreparable damage to the finances and reputation of an
organization. No company should take these threats lightly. It only takes one vulnerability or lapse to
destroy everything a business worked hard to build from the ground up. So, awareness is an
important advantage for these types of security threats for organizations. Knowing how the network
works and their motivations will be essential insights in creating a strong defense.
2. Threats agents to organizations
A Threat Actor or Threat Agent is a party that is responsible for, or attempts to bring about, harm to an
organization. Threat actors may be internal, external, or partners in relation to their target, and their
motives may vary. Security encyclopedia (no date)
Threat actors can be persons, groups, or entities and they are sometimes referred to as malicious actors.
External threat actors are the most common and the most serious since the security incidents they bring
about are almost always intentional, which is not the case for all actors. Security encyclopedia (no date)
There are differences between the terms threat actor, attacker, and hacker. Attackers are individuals,
groups, or entities that attempt to cause harm with whatever tools they have available, including non-
technical methods such as property descriptions to destroy data. Hackers attack their targets with
technology such as vulnerabilities and exploits. Security encyclopedia (no date)

lOMoARcPSD|25742948
3. Threats that organizations will face
a. Malware attacks:
Malware is any type of software created to harm or exploit another piece of software or hardware. Short
for “malicious software,” malware is a collective term used to describe viruses, ransomware, spyware,
Trojans, and any other type of code or software built with malicious intent. Belcic, J.R.& I. (2023)
Types of malwares:
1. Viruses:
A virus is a software program that can spread from one computer to another computer or one
network to another network without the user’s knowledge and performs malicious attacks. It has
capability to corrupt or damage organization’s sensitive data, destroy files, and format hard drives.
Touhid (2021)
Figure 1 Viruses
• How does a virus attack? Touhid (2021)

There are different ways that a virus can be spread or attack, such as:
▪ There are different ways that a virus can be spread or attack
▪ Clicking on a malicious executable file
▪ Installing free software and apps
▪ Visiting an infected and unsecured website
▪ Clicking on advertisement
▪ Using of infected removable storage devices, such USB drives

lOMoARcPSD|25742948
▪ Opening spam email or clicking on URL link

▪ Downloading free games, toolbars, media players and other software.
2. Trojans Horse
Trojan horse is a malicious code or program that developed by hackers to disguise as legitimate software
to gain access to organization’s systems. It has designed to delete, modify, damage, block, or some other
harmful action on your data or network. Touhid (2021)
Figure 2 Trojans Horse
• How does Trojans horse attack? Touhid (2021)

▪ The victim receives an email with an attachment file which is looking as an original official email.
The attachment file may contain malicious code that is executed as soon as when the victim
clicks on the attachment file.
▪ In that case, the victim does not suspect or understand that the attachment is actually a Trojan
horse
3. Adware
Adware is a software program that contains commercial and marketing related advertisements such as
display advertisements through pop-up windows or bars, banner ads, video on your computer screen.
Touhid (2021)

lOMoARcPSD|25742948
Its main purpose is to generate revenue for its developer (Adware) by serving different types
advertisements to an internet user. Touhid (2021)
• How does adware attack? Touhid (2021)

▪ When you click on that type of advertisements then it redirects you to an advertising website
and collect information from to you.
▪ It can be also used to steal all your sensitive information and login credentials by monitoring your
online activities and selling that information to the third party.
Figure 3 Adware
4. Spyware
Spyware is unwanted types of security threats to organizations which installed in user’s computer and
collects sensitive information such as personal or organization’s business information, login credential s
and credit card details without user knowledge. This type of threats monitors your internet activity,
tracking your login credentials, and spying on your sensitive information. Touhid (2021)
So, every organization or individual should take an action to prevent from spyware by using anti-virus,
firewall and download software only from trusted sources. Touhid (2021)

lOMoARcPSD|25742948
Figure 4 Spyware
• How does Spyware install?
It can be automatically installs itself on your computer or hidden component of software packages or can
be install as traditional malware such as deceptive ads, email and instant messages. Touhid (2021)
5. Worm
Computer worm is a type of malicious software or program that spreads within its connected network
and copies itself from one computer to another computer of an organization. Touhid (2021)
• How does worm spreads?
It can spread without any human assistance and exploit the security holes of the software and trying to
access in order to stealing sensitive information, corrupting files and installing a back door for remote
access to the system. Touhid (2021)

lOMoARcPSD|25742948
Figure 5 worm
6. Ransomware
Ransomware is type of security threats that blocks to access computer system and demands for bitcoin
in order to access the system. The most dangerous ransomware attacks are WannaCry, Petya, Cerber,
Locky and CryptoLocker etc. Touhid (2021)
How does Ransomware install? Touhid (2021)
• When download and open a malicious email attachment

• Install an infected software or apps
• When user visit a malicious or vulnerable website
• Click on untrusted web link or images

lOMoARcPSD|25742948
Figure 6 Ransomware
b. Social Engineering
• What is social engineering
Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions. It uses psychological manipulation to trick users into making security
mistakes or giving away sensitive information.
Social engineering attacks happen in one or more steps. A perpetrator first investigates the
intended victim to gather necessary background information, such as potential points of entry and weak
security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s
trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive
information or granting access to critical resources.

lOMoARcPSD|25742948
Figure 7 Social Engineering
• What is a security policy?
A security policy (also called an information security policy or IT security policy) is a document
that spells out the rules, expectations, and overall approach that an organization uses to maintain the
confidentiality, integrity, and availability of its data. Security policies exist at many different levels, from
high-level constructs that describe an enterprise’s general security goals and principles to documents
addressing specific issues, such as remote access or Wi-Fi use
• Security Procedure
A security procedure is a set sequence of necessary activities that performs a specific security
task or function. Procedures are normally designed as a series of steps to be followed as a consistent
and repetitive approach or cycle to accomplish an end result.
• Importance of Social Engineering Training
Social engineering is a difficult cybersecurity threat to protect against because the tactics that
attackers use prey on an individuals’ reasoning. When employees haven’t been trained to recognize
social engineering attacks, the risk of falling victim rises. Because social engineering training plays such a
critical role in minimizing threats, many organizations take cyber awareness training very seriously.
c. Web Applications Attacks

• What Is a Web Application?

lOMoARcPSD|25742948
A web application is software that runs on a web server and can be accessed by a user through a
web browser with an active internet connection. This differs from local software apps, which run directly
on a user’s device. Web applications are usually easy to install on the user’s end, and can often be
customized to meet a business’s specifications. Web application examples include hosted email and
messaging, content management systems and e-commerce services.
• Why Are Web Applications Vulnerable to Attacks?
Web applications can be exposed to attacks for a variety of reasons, including system flaws that
stem from improper coding, misconfigured web servers, application design flaws or failure to validate
forms. These weaknesses and vulnerabilities allow attackers to gain access to databases that can contain
sensitive information. Because web applications must be available to customers at all times, they’re an
easy target for attackers to exploit.
• Common Types of Web Application Attacks
Web applications can be attacked through a variety of vectors. Common types of web attacks
include cross-site scripting, SQL injection, path traversal, local file inclusion and distributed denial of
service (DDoS) attacks.
o Cross-site scripting (XSS): In an XSS attack, an attacker injects a piece of malicious code onto a
trusted website or web-based app. Because the user’s browser thinks the script came from a trusted
source, it will execute the script. XSS attacks can be used to steal data or perform other malicious acts
on the visitor’s computer. While this method is considered unsophisticated, it’s common and can do
significant harm.
o SQL injection (SQLI): SQLIs occur when an attacker meddles with the queries that a web
application makes to its database. An SQLI can allow intruders to get sensitive data from the database.
An attacker might modify or delete this data, or inject code that can change the web a pplication's
content or behavior.
o Path traversal: This attack, also known as directory traversal, allows the bad actor to manipulate
paths to folders outside the web root folder, which can then be used to access web application files,
directories and commands.
o Local file inclusion: This technique tricks the web application into exposing or running its files on
the web server. These attacks occur when the web app treats a malicious attack as “trusted input.” An
attacker may use path or directory traversal to learn about the files on the server, and then prompt
the web app to run the local file. Local file inclusions can lead to information disclosure, XSS and
remote code execution.

lOMoARcPSD|25742948
o DDoS attacks: These attacks happen when an attacker bombards a server with web requests.
Attackers may use a network of compromised computers or bots to mount this attack, which can
paralyze a server and prevent legitimate visitors from gaining access to your services.
o Cross-site request forgery (CSRF): CSRFs occur when an attacker tricks or forces an end user to
execute unwanted actions on an application in which they are already authenticated. This might be
executed through a link via email or chat and, if successful, can result in a transfer of funds or change
in email address, for example.
o XML external entity (XXE): This attack relies on an improperly configured XML parser within an
application’s code. This attack can lead to the disclosure of confidential data like passwords, denial of
service, server-side request forgery and other system impacts.
d.Networking Based Attacks
• What Is a Network Attack?
A network attack is an attempt to gain unauthorized access to an organization’s network, with

the objective of stealing data or perform other malicious activity. There are two ma in types of network
attacks:
o Passive: Attackers gain access to a network and can monitor or steal sensitive information, but
without making any change to the data, leaving it intact.
o Active: Attackers not only gain unauthorized access but also modify data, either deleting,
encrypting or otherwise harming it.
• What are the Common Types of Network Attacks?
Following are common threat vectors attackers can use to penetrate your network.
o Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving permission.
Among the causes of unauthorized access attacks are weak passwords, lacking protection against social
engineering, previously compromised accounts, and insider threats.
o Distributed Denial of Service (DDoS) attacks
Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic
at your network or servers. DDoS can occur at the network level, for example by sending huge volumes
of SYN/ACC packets which can overwhelm a server, or at the application level, for example by
performing complex SQL queries that bring a database to its knees.
o Man in the middle attacks (MITM)
A man in the middle attack involves attackers intercepting traffic, either between your network
and external sites or within your network. If communication protocols are not secured or attackers find

lOMoARcPSD|25742948
a way to circumvent that security, they can steal data that is being transmitted, obtain user credentials
and hijack their sessions.
o Code and SQL injection attacks
Many websites accept user inputs and fail to validate and sanitize those inputs. Attackers can
then fill out a form or make an API call, passing malicious code instead of the expected data values. The
code is executed on the server and allows attackers to compromise it.
o Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand their reach.
Horizontal privilege escalation involves attackers gaining access to additional, adjacent systems, and
vertical escalation means attackers gain a higher level of privileges for the same systems.
o Insider threats
A network is especially vulnerable to malicious insiders, who already have privileged access to
organizational systems. Insider threats can be difficult to detect and protect against, because insiders do
not need to penetrate the network in order to do harm. New technologies like User and Even Behavioral
Analytics (UEBA) can help identify suspicious or anomalous behavior by internal users, which can help
identify insider attacks.
e.example of a security breach.
 LinkedIn Data Breach (2021)
Picture 3 : LinkedIn
Figure 8 LinkedIn
Date: June 2021

Impact: 700 million users
Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June
2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.
The data was dumped in two waves, initially exposing 500 million users, and then a second dump
where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn.

lOMoARcPSD|25742948
The hackers published a sample containing 1 million records to confirm the legitimacy of the
breach. The data included the following:
• Email addresses
• Full names
• Phone numbers
• Geolocation records
• LinkedIn username and profile URLs
• Personal and professional experience
• Genders
• Other social media accounts and details
The hacker scraped the data by exploiting LinkedIn's API.
LinkedIn claims that, because personal information was not compromised, this event was not a
'data breach but, rather, just a violation of their terms of service through prohibited data scraping.
But the leaked data is sufficient to launch a deluge of cyberattacks targeting exposed users,
which makes the incident heavily weighted towards a data breach classification.
 Starwood (Marriott) Data Breach
Figure 9 Starwood (Marriott)
Date: November 2019
Impact: 500 million guests
In November 2019, Marriott International announced that hackers had stolen data about
approximately 500 million Starwood hotel customers. The attackers had gained unauthorized access to

lOMoARcPSD|25742948
the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in
2016. However, the discovery was not made until 2019.
The information that was exposed included names, contact information, passport number,
Starwood Preferred Guest numbers, travel information, and other personal information. Marriott
believes that financial information such as credit and debit card numbers, and expiration dates of more
than 100 million customers were stolen, although the company is uncertain whether the attackers were
able to decrypt the credit card numbers.
According to the New York Times, the breach was eventually attributed to a Chinese intelligence
group, The Ministry of State Security, seeking to gather data on US citizens. If true, this would be the
largest known breach of personal data conducted by a nation-state.
 Sociallarks Data Breach
Picture 6 : Sociallarks
Figure 10 Sociallarks
Date: January 2021
Impact: 200 million records
Sociallarks, a rapidly growing Chinese social media agency suffered a monumental data leak in
2021 through its unsecured ElasticSearch database.
Sociallarks’ server wasn’t password-protected, wasn’t encrypted, and it was a publicly exposed
asset. This lethal combination meant that anybody with knowledge of the server IP address could access
the leaked sensitive data, and that’s exactly what happened.

lOMoARcPSD|25742948
The breached database stored the scraped data of over 200 million Facebook, Instagram, and
Linkedin users.
Exposed data included:
• Names
• Phone numbers
• Email addresses
• Profile descriptions
• Follower and engagement data
• Locations
• LinkedIn profile links
• Connected social media account login names
B. Organizational procedures an organization can set up to reduce the effects to the business of a
security breach (P2)
1. Security procedure definition
Security procedures are detailed step-by-step instructions on how to implement, enable, or

enforce security controls as enumerated from your organization’s security policies. Security procedures
should cover the multitude of hardware and software components supporting your business processes
as well as any security related business processes themselves. CISA, R.D.(P.A.R.T.N.E.R.| (2019)
The purpose of security procedures is to ensure consistency in the implementation of a security

control or execution of a security relevant business process. They are to be followed each time the
control needs to be implemented or the security relevant business process followed. CISA,
R.D.(P.A.R.T.N.E.R.| (2019)
2. Organizational security procedures.
a. Email security procedures

▪ All email usage must comply with the company's policies and procedures for ethical conduct,
safety, adherence to applicable laws, and proper business practices.
▪ The company's email account should only be used for business-related purposes. Limited
personal communication is allowed, but non-company-related commercial use is strictly
prohibited.
▪ All company data contained in email messages or attachments must be secured according to
the Data Protection Standard.

lOMoARcPSD|25742948
▪ Emails should only be retained if they qualify as a business record. Emails are considered a
business record if there is a legitimate and ongoing business reason to preserve the information
contained in the email.
▪ Any email that is identified as a company business record must be retained in accordance with
the company's Record Retention Schedule.
▪ The company's email system must not be used to create or distribute any disruptive or offensive
messages. This includes offensive comments related to race, gender, hair color, disabilities, age,
sexual orientation, pornography, religious beliefs and practices, political beliefs, or national
origin. Employees who receive such emails from any company employee should report the
matter to their supervisor immediately.
▪ Users are not permitted to automatically forward company email to a third-party email system.
If forwarding individual messages, they must not contain confidential or above information.
▪ Users are prohibited from using third-party email systems and storage servers such as Google,
and MSN Hotmail to conduct company business, create or memorialize any binding transactions,
or store or retain email on behalf of the company. All such communications and transactions
must be conducted through proper channels using company-approved documentation.
▪ The use of a reasonable amount of company resources for personal emails is acceptable.
However, non-work-related email must be saved in a separate folder from work-related email.
Sending chain letters or joke emails from a company email account is strictly prohibited.
▪ Company employees have no expectation of privacy in anything they store, send or receive on
the company's email system.
▪ The company reserves the right to monitor messages without prior notice. The company is not
obliged to monitor email messages.
b. Incident response procedures
▪ Preparation: This phase involves developing an incident response plan that outlines the roles
and responsibilities of the incident response team, communication channels, and response
procedures. The incident response plan should be reviewed and tested regularly to ensure it
remains effective and up-to-date.
▪ Detection and analysis: This phase involve detecting, analyzing, and containing the incident. It is
important to have monitoring systems in place to identify any suspicious activity and quickly
assess the nature and scope of the incident. Once the incident has been identified, the response
team will need to gather information about the incident and take steps to contain it.
▪ Response, recovery, and review: The response phase involves taking immediate actions to stop
the incident from spreading and mitigate any damage. The recovery phase involves restoring
systems and services to their normal state. After the incident has been contained and the
systems have been restored, it is important to review the incident and identify any weaknesses
in the incident response plan or system that may have contributed to the incident. Lessons

lOMoARcPSD|25742948
learned from the incident should be used to update and improve the incident response plan and
the security system as a whole.
c. Password procedures
• Complexity requirements: Passwords should be complex and include a combination of upper -
and lower-case letters, numbers, and special characters. Passwords that are too simple, such
as "duy123", can be easily hacked and compromised.
• Length requirements: Passwords should have a minimum length requirement to make it
harder to guess or hack. A typical minimum length is eight characters, but some organizations
may require longer passwords.
• Regular password changes: Employees should be required to change their passwords on a
regular basis. The frequency of password changes may vary depending on the organization's
security policy.
• Prohibition of password sharing: Employees should never share their passwords with others.
Passwords should be considered confidential information and should only be known by the
account owner.
• Multi-factor authentication: Organizations may require multi-factor authentication, which
involves the use of two or more methods to verify the user's identity, such as a password and
a fingerprint or a security token.
• Password storage: Passwords should be stored securely, such as through encryption or
hashing, to prevent unauthorized access in case of a data breach.
• Password education and awareness: Employees should receive training and education on
password security best practices, such as how to create a strong password, how to avoid
common mistakes, and how to identify and report suspicious activity.

lOMoARcPSD|25742948
III. Describe IT security solutions

A. Identify the potential impact to IT security of incorrect configuration of firewall policies and
IDS.(P3)
1. Firewall
Figure 11 Firewall
a. What is a Firewall?
A firewall is a network security device that monitors incoming and outgoing network traffic and
permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier
between your internal network and incoming traffic from external sources (such as the internet) in order
to block malicious traffic like viruses and hackers.
b. How does a firewall work?

lOMoARcPSD|25742948
Figure 12 How does a firewall work?
Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming
from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry
point, called ports, which is where information is exchanged with external devices. For example, “Source
address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22."
Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people
(source addresses) are allowed to enter the house (destination address) at all— then it’s further filtered
so that people within the house are only allowed to access certain rooms (destination ports), depending
on if they're the owner, a child, or a guest. The owner is allowed to any room (any port), while children
and guests are allowed into a certain set of rooms (specific ports).
c. The purpose of firewall:
Protect information: protect important data in the intranet system, system resources. Help
businesses and organizations keep information secure.
Defense against attacks: In addition to protecting information from within the system, a Firewall
can also protect against attacks from outside such as hackers, Sniff.
d. Firewall Benefits
Understanding the benefits of firewall security is the first step in helping your business grow safely
in the ever-changing digital age. Even if your business only relies on technology and networks for a small
piece of your operations, it is still equally important that you take proactive steps to keep things
protected. Firewalls serve as a first line of defense to external threats, malware, and hackers trying to
gain access to your data and systems.

lOMoARcPSD|25742948
• Monitors Network Traffic
All of the benefits of firewall security start with the ability to monitor network traffic. Data coming
in and out of your systems creates opportunities for threats to compromise your operations. By
monitoring and analyzing network traffic, firewalls leverage preestablished rules and filters to keep your
systems protected. With a well train IT team, you can manage your levels of protection based on what
you see coming in and out through your firewall.
• Stops Virus Attacks
Nothing can shut your digital operations down faster and harder than a virus attack. With
hundreds of thousands of new threats developed every single day, it is vital that you put the defenses in
place to keep your systems healthy. One of the most visible benefits of firewalls is the ability to control
your system's entry points and stop virus attacks. The cost of damage from a virus attack on your
systems could be immeasurably high, depending on the type of virus.
• Prevents Hacking
Unfortunately, the trend of businesses moving more toward digital operations invites thieves and
bad actors to do the same. With the rise of data theft and criminals holding systems hostage, firewalls
have become even more important, as they prevent hackers from gaining unauthorized access to your
data, emails, systems, and more. A firewall can stop a hacker completely or deter them to choose an
easier target.
• Stops Spyware
In a data-driven world, a much-needed benefit is stopping spyware from gaining access and getting
into your systems. As systems become more complex and robust, the entry points criminals can use to
gain access to your systems also increase. One of the most common ways unwanted people gain access
is by employing spyware and malware—programs designed to infiltrate your systems, control your
computers, and steal your data. Firewalls serve as an important blockade against these malicious
programs.
• Promotes Privacy
An overarching benefit is the promotion of privacy. By proactively working to keep your data and
your customers' data safe, you build an environment of privacy that your clients can trust. No one likes
their data stolen, especially when it is clear that steps could have been taken to prevent the intrusion.
e. Disadvantages of a Firewall
Protecting and securing your business's data is one of the most important tasks your company can
undertake to prevent fraud or theft. Intrusion deterrence via firewall can be a reliable defense between

lOMoARcPSD|25742948
your company's network and hackers. However, a firewall should never be your company's only line of
defense.
• Server Resources Performance
When it comes to performance, a software-based firewall has the capability to limit your
computer's overall performance. RAM resources and processing power are some of the factors which
limit the performance. For example, the software firewall constantly running in the background uses
more processing power and RAM resources, which hinders the system performance. However, a
hardware firewall doesn't cause any system performance issues as it is a separate device entirely.
• Hardware Firewall is Higher Cost
A software firewall is cheaper and comes with the latest operating system. There is a myriad of
offerings to choose from ranging in price. Usually, the hardware for a firewall will start somewhere in
the $700 range for a tiny business and can quickly get into the $10,000 range. However, most companies
with 15 to 100 users can expect the firewall's hardware to cost between $1,500 and $4,000.
• User Restrictions
We know that a firewall prevents unauthorized access to our system from the network. However,
this can be a problem for large organizations. The policies used by the firewall can be inflexible,
preventing employees from performing certain operations. Sometimes, this can lead to security
problems since the data passed through a backdoor exploit (a type of malware that invalidates normal
authentication procedures to access a system) is not examined properly. As a result, remote access is
allowed to resources within an application such as files, servers, and databases. It provides the ability to
remotely issue system commands and update malware.
• Complex Operations
Firewalls for a large organization require a different set of staff (a dedicated security team only
to maintain the firewall) for operating and maintaining them. This team will monitor and ensure that the
firewall is safe enough to protect the network from violators.
2. Intrusion Detection System (IDS)

lOMoARcPSD|25742948
Figure 13 Intrusion Detection System (IDS)
a. IDS
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious
activity and issues alerts when such activity is discovered. It is a software application that scans a
network or a system for the harmful activity or policy breaching. Any malicious venture or violation is
normally reported either to an administrator or collected centrally using a security information and
event management (SIEM) system. A SIEM system integrates outputs from multiple sources and uses
alarm filtering techniques to differentiate malicious activity from false alarms.
Although intrusion detection systems monitor networks for potentially malicious activity, they
are also disposed to false alarms. Hence, organizations need to fine-tune their IDS products when they
first install them. It means properly setting up the intrusion detection systems to recognize what normal
traffic on the network looks like as compared to malicious activity.
Intrusion prevention systems also monitor network packets inbound the system to check the
malicious activities involved in it and at once send the warning notifications.
b.Classification of Intrusion Detection System

IDS are classified into 5 types:

lOMoARcPSD|25742948
• Network Intrusion Detection System (NIDS):
Figure 14 Network Intrusion Detection System (NIDS)
Network intrusion detection systems (NIDS) are set up at a planned point within the network to
examine traffic from all devices on the network. It performs an observation of passing tr affic on the
entire subnet and matches the traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behavior is observed, the alert can be sent to the administrator.
An example of a NIDS is installing it on the subnet where firewalls are located in order to see if someone
is trying to crack the firewall.
• Host Intrusion Detection System (HIDS):
Picture 13 : Host Intrusion Detection System (HIDS)

Figure 15 Host Intrusion Detection System (HIDS)

lOMoARcPSD|25742948
Host intrusion detection systems (HIDS) run on independent hosts or devices on the network. A
HIDS monitors the incoming and outgoing packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of existing system files and compares it
with the previous snapshot. If the analytical system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen on mission-critical machines, which
are not expected to change their layout.
• Protocol-based Intrusion Detection System (PIDS):
Protocol-based intrusion detection system (PIDS) comprises a system or agent that would
consistently resides at the front end of a server, controlling and interpreting the protocol between a
user/device and the server. It is trying to secure the web server by regularly monitoring the HTTPS
protocol stream and accept the related HTTP protocol. As HTTPS is unencrypted and before instantly
entering its web presentation layer then this system would need to reside in this interface, between to
use the HTTPS.
• Application Protocol-based Intrusion Detection System (APIDS):
Figure 16 Application Protocol-based Intrusion Detection System (APIDS)
Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that

generally resides within a group of servers. It identifies the intrusions by monitoring and interpreting the
communication on application-specific protocols. For example, this would monitor the SQL protocol
explicit to the middleware as it transacts with the database in the web server.
• Hybrid Intrusion Detection System:

lOMoARcPSD|25742948
Figure 17 Hybrid Intrusion Detection System
Hybrid intrusion detection system is made by the combination of two or more approaches of the
intrusion detection system. In the hybrid intrusion detection system, host agent or system data is
combined with network information to develop a complete view of the network system. Hybrid
intrusion detection system is more effective in comparison to the other intrusion detection system.
Prelude is an example of Hybrid IDS.
c. Comparison of IDS with Firewalls:
IDS and firewall both are related to network security but an IDS differs from a firewall as a
firewall looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access
between networks to prevent intrusion and if an attack is from inside the network it doesn’t signal. An
IDS describes a suspected intrusion once it has happened and then signals an alarm.
d.Advantages and disadvantages of IDS

• Advantages:
o Detects external hackers and network-based attacks.
o Offers centralized management for correlation of distributed attacks.
o Provides the system administrator the ability to quantify attacks.
o Provides an additional layer of protection.
o Provides defense in depth.
• Disadvantages:
o Generates false positives and negatives.
o Require full-time monitoring.
o It is expensive.

lOMoARcPSD|25742948
o Require highly skilled staffs.
4. Potential impact (Threat-Risk) of FIREWALL and misconfigured IDS on the network.
Firewalls are an important aspect of network security, and a misconfigured firewall can harm
your organization and provide an attacker with simple access. Nonetheless, misconfigurations are all too
typical. Human mistake is frequently to blame for misconfigurations. Even if a user configures a firewall
exactly as directed, it may still fail.
Misconfigured firewalls might result in three serious consequences for your clients:
• In order for a business to comply with PCI standards or regulations in retail, banking, or
healthcare, it must have a properly set firewall. Fines are imposed for noncompliance.
• Breach paths: A misconfigured firewall that allows unauthorized access can lead to data
breaches, data loss, and stolen or ransomed IP.
• Unplanned outages: A misconfiguration may prevent a customer from engaging with a firm,
resulting in lost income. Large e-commerce companies, for example, could lose thousands or
even millions of dollars until the error is addressed.
It's difficult to evaluate the header and payload packets when the IDS is misconfigured, and
erroneous messages can lead to harmful data. Hackers will have an opportunity to attack our system
now. Once this occurs, it may be too late to reverse the situation, and data theft or loss will almost
certainly occur. So be careful in configuring firewall and IDS.

lOMoARcPSD|25742948
B. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security. (P4)
1. DMZ
a. What Is a Demilitarized Zone (DMZ)?
A demilitarized zone (DMZ) is defined as an isolated networking space or sub-network that is cut
off from the rest of the organization’s connected footprint using logical or physical blockers to facilitate
access to untrusted connections in a safe space.
Figure 18 Demilitarized Zone (DMZ)
b.Operation principle
DMZs are intended to function as a sort of buffer zone between the public internet and the
private network. Deploying the DMZ between two firewalls means that all inbound network packets are
screened using a firewall or other security appliance before they arrive at the servers the organization
hosts in the DMZ.
If a better-prepared threat actor passes through the first firewall, they must then gain
unauthorized access to those services before they can do any damage, and those systems are likely to
be hardened against such attacks.
Finally, assuming that a well-resourced threat actor can breach the external firewall and take
over a system hosted in the DMZ, they must still break through the internal firewall before they can
reach sensitive enterprise resources. While a determined attacker can breach even the best-secured
DMZ architecture, a DMZ under attack should set off alarms, giving security professionals enough
warning to avert a full breach of their organization.

lOMoARcPSD|25742948
Figure 19 Example operation princeple
c. Security Benefits of DMZ

• Allows access control
Businesses may provide consumers access to services beyond the confines of their network
through the public internet. An increased degree of protection guarantees that only genuine traffic can
enter the DMZ, making it extremely difficult for hackers to penetrate internal networks since they would
have to pass through two firewalls to get access. One may also include a proxy server in a DMZ; this
centralizes internal network flow and simplifies monitoring and recording of that traffic.
• Prevents network reconnaissance

A DMZ network enables a company to access essential internet services securely. It acts as an
intermediary, preventing attackers from conducting reconnaissance activity to hunt for potential
targets. If a DMZ system is hacked, the internal firewall protects the private network and makes external
surveillance difficult. Consequently, compromising a single node in the network does not compromise
the whole system.
• Protects from internet protocol (IP) spoofing
Attackers may try to gain access to systems by counterfeiting an IP address and imitating a
signed-in, approved device. A DMZ may recognize and prevent potential faking attacks while another
service verifies the IP address’s validity. The DMZ also allows network fragmentation to establish a safe
place for traffic organization and public service access away from the enterprise’s private network.

lOMoARcPSD|25742948
2. Static IP
Figure 20 Static IP
a. Definition of Static IP address.
Static IP address is fixed in nature and does not change until it is manually changed by the ISP or
network administrator. Unlike dynamic address, static IP address does not change each time when the
user connects to the network or sends a message. It is usually assigned to the servers, mail servers etc.
When a host is configured with static IP address, the process includes a workstation on a
network using static IP addressing and accessing the desired network element directly. Static IP
addressing provides consistent and immediate access with negligible overheads as associated IP address
never alters. The benefit of using static IP is that it gives less downtime, unlike dynamic IP which creates
overheads when is assigned to a device. It also provides remote access, which means a user can access
his/her own pc from any location.
b.Operation principle.
The working procedure be:
• Your broadband modem will get a public WAN IP address from your ISP. These public IP
addresses are leased in blocks by your ISP and are Internet routable.
• The modem is connected to the WAN port on your router. The router will manage the traffic
between the devices on the LAN and the Internet.
• So, your LAN-connected devices will all have unique private IP addresses assigned by the router
and share the single public WAN IP Internet connection via the router.
• You can change your local LAN IP addresses, however WAN IP addresses are set by the ISP.
• Depending on the lease time set by your ISP you can keep the same dynamic IP for months.

lOMoARcPSD|25742948
• When the lease expires or the ISP DHCP sees a different hardware MAC address it will assign
another public WAN IP from its available pool of addresses.
3. NAT
a. What Is NAT?
NAT stands for network address translation. It’s a way to map multiple local private
addresses to a public one before transferring the information. Organizations that want multiple devices
to employ a single IP address use NAT, as do most home routers.
Figure 21 NAT
b.Operation principle
NAT uses its own IP as the public IP for each client with its own IP. When a client makes a
connection or sends data to a computer on the internet, data is sent to NAT, then NAT replaces the
original IP address of that client and sends the data packet. NAT IP address.
The remote computer or some computer on the Internet, when receiving the signal, will send the
packet back to the NAT computer because they think that the NAT computer is the machine that sent
the data packets. NAT records the information table of the computers that have sent outbound packets
on each service port and sends the received packets to that computer
(client).
c. NAT Types
There are three different types of NATs. People use them for different reasons, but they
all still work as a NAT.
• Static NAT

lOMoARcPSD|25742948
When the local address is converted to a public one, this NAT chooses the same one. This means
there will be a consistent public IP address associated with that router or NAT device.
• Dynamic NAT
Instead of choosing the same IP address every time, this NAT goes through a pool of public IP
addresses. This results in the router or NAT device getting a different address each time the router
translates the local address to a public address.
• PAT
PAT stands for port address translation. It’s a type of dynamic NAT, but it bands several local IP
addresses to a singular public one. Organizations that want all their employees’ activity to use a singular
IP address use a PAT, often under the supervision of a network administrator.
Figure 22 NAT Types
IV. Conclusion
Be an IT Security Expert intern for a leading Security consulting company in Vietnam called FPT
Information security FIS and tasked with giving a compelling presentation to train junior staff on the
tools and techniques involved in risk identification and assessment of IT security risks along with
organizational policies to protect your critical data and business equipment. Above is a detailed report
with technical reviews on the topics covered in the presentations.

lOMoARcPSD|25742948
V. Evaluation
1. Strengths
In this article, I have attempted to highlight the security threats that organizations must face, such
as security breaches, their consequences, and prevention measures. Next, I have discussed and analyzed
three processes that organizations use to improve or provide security for the organization. In addition, I
briefly discussed firewalls, IDS, and policies, how to use them, and their advantages in the network, and
how firewalls and IDS provide network security. Finally, I identified and discussed the benefits of using
DMZ diagrams, static IPs, and centralized NAT for security purposes.
2. Weaknesses
The way I expressed my main and supporting ideas was not very fluent, some ideas were unclear,
and some were too abstract or difficult to understand. Some parts were missing ideas and the solutions
provided were not adequate.
VI. References
13, M. and Watts, S. (2020) It security vulnerability vs threat vs risk: What are the
differences?, BMC Blogs. Available at: https://www.bmc.com/blogs/security-vulnerability-
vs-threat-vs-risk-whats-difference/ (Accessed: March 9, 2023).
CISA, R.D.(P.A.R.T.N.E.R.| (2019) Security Procedures & Your Overall Security

Documentation Library, Linford & Company LLP. Available at:
https://linfordco.com/blog/security-procedures/ (Accessed: March 9, 2023).
Harrington, D. (2023) U.S. Privacy Laws: The complete guide, Varonis. Varonis.
Available at: https://www.varonis.com/blog/us-privacy-laws (Accessed: March 9, 2023).
Malware analysis explained: Steps & examples: CrowdStrike (2023)

crowdstrike.com. Available at: https://www.crowdstrike.com/cybersecurity-
101/malware/malware-analysis/ (Accessed: March 9, 2023).
Mimecast (no date) What is reverse social engineering?, Mimecast. Available at:
https://www.mimecast.com/blog/what-is-reverse-social-engineering/ (Accessed: March 9,
2023).
Privacy Ninja (2022) 9 policies for security procedures examples, Privacy Ninja.
Available at: https://www.privacy.com.sg/resources/9-rules-security-procedures-examples/
(Accessed: March 9, 2023).

lOMoARcPSD|25742948
Security policy templates (no date) Information Security Policy Templates | SANS
Institute. Available at: https://www.sans.org/information-security-
policy/?category=general (Accessed: March 9, 2023).
What is Advanced Malware Protection? (2022) Cisco. Available at:

https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html
(Accessed: March 9, 2023).
What is Social Engineering: Attack Techniques & Prevention Methods: Imperva

(2019) Learning Center. Available at: https://www.imperva.com/learn/application-
security/social-engineering-attack/ (Accessed: March 9, 2023).
VI. Slides

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

lOMoARcPSD|25742948

Asm1 Ngo Xuan Duy Bh00213 Security Compressed

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Asm1 Ngo Xuan Duy Bh00213 Security Compressed

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|25742948

ASM1-NGO XUAN DUY-BH00213-Security compressed

Computer Architecture (Trường Đại học FPT)

Studocu is not sponsored or endorsed by any college or university

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security Presentation

Submission date 10/03/2023 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Ngo Xuan Duy Student ID BH00213

Class IT0504 Assessor name Le Van Thuan

Student’s signature Duy

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

II. Assess risks to IT security

2. Threats agents to organizations

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

3. Threats that organizations will face

• How does a virus attack? Touhid (2021)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

▪ Opening spam email or clicking on URL link

Figure 2 Trojans Horse

• How does Trojans horse attack? Touhid (2021)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

• How does adware attack? Touhid (2021)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

• How does Spyware install?

• How does worm spreads?

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

How does Ransomware install? Touhid (2021)

• When download and open a malicious email attachment

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Figure 7 Social Engineering

• What is a security policy?

• Importance of Social Engineering Training

c. Web Applications Attacks

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

• Why Are Web Applications Vulnerable to Attacks?

• Common Types of Web Application Attacks

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

A network attack is an attempt to gain unauthorized access to an organization’s network, with

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Date: June 2021

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

The hacker scraped the data by exploiting LinkedIn's API.

 Starwood (Marriott) Data Breach

Figure 9 Starwood (Marriott)

Date: November 2019

Impact: 500 million guests

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

 Sociallarks Data Breach

Date: January 2021

Impact: 200 million records

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Exposed data included:

Security procedures are detailed step-by-step instructions on how to implement, enable, or

The purpose of security procedures is to ensure consistency in the implementation of a security

2. Organizational security procedures.

a. Email security procedures

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)

Downloaded by Nguyen Hoang Long (FPI DN) (longnhbd00361@fpt.edu.vn)