ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 5: Security Submission date December – 25 – 2021 Date Received 1st submission Re-submission Date December – 25 – 2021 Date Received 2nd submission Student Name Dang Tan Tai Student ID BSAF200013 Class PBIT16101_CNTT1 Assessor name Do Phi Hung Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Tai Grading grid P1 P2 P3 P4 M1 M2 D1 ❒ Summative Feedback: Grade: IV Signature: ❒ Resubmission Feedback: Assessor Signature: Date: Learning Outcomes and Assessment Criteria Pass Merit Distinction LO1 Assess risks to IT security P1 Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences M1 Propose a method to assess and treat IT security risks P2 Describe at least organisational security procedures LO2 Describe IT security solutions P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security M2 Discuss three benefits to implement network monitoring systems with supporting reasons LO1 & D1 Investigate how a ‘trusted network’ may be part of an IT security solution Table of Contents Introduction A Identify types of security threat to organizations I Define threats II Identify threats agents to organizations 10 III List type of threats that organizations will face 16 B Describe at least organizational security procedures 18 I What is security procedures? II Some of organization procedures C Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS 21 I What is firewall? 21 II How does firewall provide security to a network? 21 III The diagram of firewall work 21 IV Firewall policies 21 V What is IDS? 21 D Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security 25 I What is DMZ? 21 II What is DMZ host? 21 III DMZ host IP address 21 IV DMZ in modem 21 V DMZ Router 21 VI What is static IP? 21 VII What is NAT? 21 VIII What does NAT do? 21 Evaluation 21 References 32 Introduction In this security course, we will help us understand the system and security layers and learn about attack activities and how to avoid them A Identify types of security threat to organizations I Define threats Security threats on the network are risks when security is not good or attacked from inside or outside, causing data to be lost, revealing information to the outside, affecting personal privacy data theft and affect national security if the security is not good Photo Threats information II Identify threats agents to organizations We have five biggest cyber security threats agents to organizations: - Malware Attack: Malware is a term that describes malicious programs or codes that have the ability to interfere with the normal operation of the system by infiltrating, controlling, damaging or disabling networks, computers, tablets and devices mobile… and Although it does not cause hardware damage, Malware can steal, encrypt or delete data, change or hijack functions, and monitor computer activities without your permission Friend Photo Malwares attack - Ransomware: Ransomware is a type of malware that, after infecting a computer, encrypts or blocks access to the data on the disk and then informs the victim of the possibility of recovering them Of course, it is not free and it is necessary to transfer funds to the specified account Photo A example of ransomware WannaCry Virus - Insider threats: Insider threats are users who have legitimate access to company assets, using that access, either intentionally or unintentionally to harm the business Insiders don't have to be current employees, they can also be former employees, contractors or partners with access to an organization's systems or data Since Insider threats are the primary vector of 60% of data leaks, organizations need to scrutinize these threats with the same degree of rigor as they would when securing security from outside attackers A business continuity plan (BCP) is a document that outlines how a business will continue to operate during unplanned service interruptions Plans can provide detailed strategies for how the business can be sustained for both short- and long-term downtimes C Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS I What is Firewall? A firewall is a network security system, which can be hardware or software based, that uses rules to inspect traffic entering and leaving the system Firewalls act as a barrier between insecure networks and networks It checks the access to network resources through a master control model That is, only traffic that conforms to the policy defined in the firewall can access the network, all traffic is denied Photo Diagram of Firewall II How does firewall provide a security to a network? Firewalls for networked systems are designed to protect hosts in the network against outside attacks In contrast to the Personal Firewall that only protects one computer, the Network Firewall must ensure the security of the entire computer network In particular, a Network system should have the following main parts: - Packet Filtering (Packet-Filtering Router) - Application Gateway (Application-Level Gateway or Proxy Server) - Circuit Gate (Circuit Level Gateway) These include hardware-based Network Firewalls such as Symantec's Enterprise firewall, Cisco PIX, Cisco ASA, Juniper NetScreen Firewall, Nokia firewalls And some types of software like Check Point's firewall, Linux-based IPTables, Microsoft ISA Server III The diagram of firewall work Basically, a firewall device (Firewall) is a shield between your computer and the Internet, like a security guard to help you escape from enemies who are trying to attack you When the firewall is active, it is possible to deny or allow network traffic between devices based on rules that have been configured or set by a firewall administrator There are many personal firewalls such as the Windows firewall that operate on a set of pre-installed settings Thus, users not need to worry about how to configure the firewall But in a large network, configuring the firewall is extremely important to avoid possible dangers in the network Photo Firewall work IV Firewall policy Firewall policies define how an organization's firewalls handle inbound and outbound network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the information security policy organization's The table of firewall policies V What is IDS? IDS stands for Intrusion Detection System These are software or tools that help you secure your system and alert you to an intrusion IDSs are often part of security systems or other software, associated with the task of protecting information systems The most important features of IDS include: monitoring network traffic and suspicious activities; issue warnings about anomalies to the system and the network administrator; Combined with a firewall, anti-virus software creates a complete security system Photo IDS Classification of IDS: Network IDS (NIDS): NIDS are often located at vulnerable points in the system Often, they also take control of entire subnets and try to compare all accesses with a database of attack factors NIDS is easy to secure and makes it difficult for intruders In other words, the intruder won't realize he's been detected by the NIDS Network Nod IDS (NNIDS): NNIDS also work like NIDS, but they only apply to one host for a certain time, not on the entire subnet Host IDS (HIDS): HIDS works on all devices in the system that have an Internet connection and all the rest of the enterprise network Compared to NIDS, HIDS is capable of deeper monitoring of internal access HIDS can be considered as a second layer of security, against attacks not detected by NIDS HIDS will examine files system-wide and compare them with previously "taken" "images" to see if there are significant differences (beyond normal business use), then Notify the administrator How does IDS work? Photo How does IDS work? D Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security I What is DMZ? DMZ stands for Demilitarized Zone It is understood as the demilitarized zone, military demarcation line, or demilitarized zone The area has no military activity going on, so it's also home to peaceful urban areas away from gang territories However, DMZ is also an abbreviation used in information technology In computing, a DMZ is a networked device (a range of networked or subnet devices), e.g a computer, that is located outside of a firewall or other security measures on a network II What is DMZ host? Called a DMZ server, it acts as a separator between external users (Internet) and a private server (local area network or wide area network) The DMZ is commonly used by corporations and contains a device that accepts Internet traffic such as DNS, FTP, and Web servers Why corporations use DM host? Because it is a subnet separate from the local area network (LAN) from other untrusted networks, usually the internet External servers, data and services will be located in the DMZ So they are accessible from the internet, but the rest of the internal LAN remains unreachable This provides an extra layer of security to the LAN as it limits the hacker's ability to directly access the server and internal data over the internet Photo 10 DMZ HOST III DMZ host IP address The DMZ host will be reachable by the DMZ host ip address of the WAN interface and the router to locate all unwanted traffic on the WAN interface This is the solution when you need to forward traffic to the LAN server but cannot determine the traffic by UDP or TCP port To add the host ip address to the DMZ, you need to go to NAT >> DMZ Host and go to the WAN interface tab that you want the server to be accessed from: ->For WAN 1, select “Private IP” For other WANs, check the “Enable” box ->Click Choose IP at Private IP and select the IP address of the DMZ server ->Click OK to apply the settings Photo 11 DMZ IP Address IV DMZ in Modem DMZ is the best choice if you want to run a home server that can be accessed from outside your home network (e.g web server, ssh, vnc, or other remote access protocol) Typically, you'll want to run a firewall on the server to make sure only specific ports are allowed access from public computers Another way to use the DMZ in a modem is to set up port forwarding With port forwarding you can only allow specific ports through your router and you can also specify several outgoing ports to different machines if you have multiple servers running behind the router Photo 12 DMZ in Modem V DMZ Router The DMZ router is a host on the internal network that has all UDP and TCP ports open and visible, except for ports that are forwarded otherwise They usually use a simple method to forward all ports to another firewall or NAT device Photo 13 DMZ Router VI What is static IP? A static IP address is one that is manually configured and doesn't change over time, unlike the one through the DHCP server This type of IP would be the exact opposite of a dynamic (changeable) IP Static IP is often used for groups of people or businesses so that many people can access it Currently, devices such as routers, phones, desktop computers, and laptops are all configured to own a static IP The benefits of static IP in use for security in the network Limit the risk of data loss Support for computers to run stably on the network environment Use for IoT device and high security like camera, Fax, Smart home,… The disadvantages of using static IP in the network Manual Configure The security is not going to high same dynamic IP because it never changes and hacker has a lot of time to find the bugs and attack VII NAT ( Network Address Translation ) What is it? In a nutshell, NAT is like a receptionist in a large office If you want to meet someone in the company, you must go through and follow the instructions of the receptionist Or if you want to call and talk to someone but that person is not at the company or they are busy in a meeting, you can leave a message for the front desk, then they will forward the message to the person that you need to talk to notice In another case you can talk to the front desk and ask them to connect you to the person you need to see Or maybe understand when a person wants to talk to you, but they only know the phone number of the office where you work They will call your office and ask the receptionist to forward the call to you At this time, the receptionist will conduct a check on the lookup table to find your name and other extended information And then they will forward the incoming call to you on your extension VIII What does NAT do? NAT can also be considered as a basic Firewall NAT maintains a table of information about each packet sent through When a computer on the network connects to a website on the Internet, the header of the source IP address is replaced with the preconfigured Public address on the NAT server, after the packet returns to the NAT based on the record table that it has received Save the packets, change the destination IP address to the address of the PC in the network, and forward it Through that mechanism, the network administrator has the ability to filter packets sent to or from an IP address and allow or prevent access to a specific port The benefits of NAT in network security ➔ Saving IPv4 addresses: The number of users accessing the internet is increasing day by day This leads to the risk of IPv4 address shortage The NAT technique will help reduce the number of IP addresses that need to be used ➔ Helps to hide IP inside LAN ➔ NAT can share the internet connection for many different computers and mobile devices in the LAN with only a single public IP address ➔ NAT helps network administrators filter incoming packets and approve public IP's access to any port The disadvantages of NAT in network security ➔ When using the NAT technique, the CPU will have to check and spend time to change the IP address This increases the delay during switching Affects internet connection speed ➔ NAT has the ability to hide IP addresses in the LAN, so technicians will have a hard time checking the IP origin or tracing traces of packets ➔ NAT hides the IP address, so it will make some applications that need to use the IP inoperable References Acunetix n.d Weak password - Vulnerabilities - Acunetix [ONLINE] Available at: https://www.acunetix.com/vulnerabilities/web/weakpassword/ [Accessed 16 November 2021] Twitter n.d [ONLINE] Available at: https://twitter.com/Linkus7/status/1445905710856880133 [Accessed 16 November 2021] Itectec.com n.d Networking – What’s DMZ used for in a home wireless router – iTecTec [ONLINE] Available at: https://itectec.com/superuser/whats-dmz-used-for-in-a-home-wireless-router/ [Accessed 16 November 2021] Coursehero.com n.d Loc-day-Unit-5-Assignment-1-brief.docx - Assessment Brief Qualification BTEC Level HND Diploma in Computing Unit number Unit Security Assignment | Course Hero [ONLINE] Available at: https://www.coursehero.com/file/45331365/Loc-day-Unit-5Assignment-1-briefdocx/ [Accessed 16 November 2021] Coursehero.com n.d P4Show.docx - P4Show using an example for each how implementing a DMZ static IP and NAT in a network can improve Network Security DMZ Definition DMZ | Course Hero [ONLINE] Available at: https://www.coursehero.com/file/77553247/P4Showdocx/ [Accessed 16 November 2021] Coursehero.com n.d Define and discuss with the aid of a diagram NAT focus on usage and security | Course Hero [ONLINE] Available at: https://www.coursehero.com/file/p4pidvtd/Define-and-discuss-with-the-aid-of-a-diagram-NAT-focus-on-usage-and-security/ [Accessed 16 November 2021]