Đang tải... (xem toàn văn)
ASSIGNMENT 1 Sercurity A threat is defined in the context of security as any circumstance or event that has the potential to cause harm to an organizations operations, assets, reputation, or individuals via an information system via unauthorized access, destruction, disclosure, modification of information, andor denial of service 1. This includes both intentional and unintentional behavior. The term cyber threat refers specifically to threats that originate digitally or online, such as malware, phishing, or hacking 2. Natural disasters, power outages, and physical breaches, among other things, can pose threats 3. Its important for organizations to have a clear understanding of potential threats and the ways in which they can manifest, in order to implement effective security measures and mitigate risk. This includes staying uptodate on emerging threats and vulnerabilities and taking proactive steps to prevent or mitigate them.
ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 5: Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Student ID Class Assessor name Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D1 ❒ Summative Feedback: Grade: Lecturer Signature: ❒ Resubmission Feedback: Assessor Signature: Date: Table of content TABLE OF CONTENT TABLE OF FIGURES _3 I IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) _4 DEFINE THREATS IDENTIFY THREATS AGENTS TO ORGANIZATIONS LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE WHAT ARE THE RECENT SECURITY BREACHES? LIST AND GIVE EXAMPLES WITH DATES _5 FEW SOLUTIONS TO ORGANIZATIONS _6 II DESCRIBE ORGANISATIONAL SECURITY PROCEDURES (P2) SECURITY PROCEDURES THAT ORGANIZATIONS CAN USE TO IMPROVE OR PROVIDE SECURITY: III IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND IDS (P3) FIREWALLS AND POLICIES: USAGE IN A NETWORK: _10 ADVANTAGES IN A NETWORK: 10 HOW DOES A FIREWALL PROVIDE SECURITY TO A NETWORK? 11 WHAT IS IDS? AND USAGE. _11 Incorrect in IDS Configuration: 12 IV HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) 13 THE AID OF DIAGRAM DMZ, ITS USAGE AND SECURITY FUNCTION AS ADVANTAGE _13 HOW DMZS ARE USED FOR SECURITY _14 ADVANTAGE OF STATIC IP: 15 HOW STATIC IPS ARE USED FOR SECURITY: 15 DEFINITION: 16 A NETWORK DEVICE, OFTEN A FIREWALL, WILL ASSIGN A PUBLIC ADDRESS TO A COMPUTER (OR GROUP OF COMPUTERS) 16 INSIDE A PRIVATE NETWORK AS PART OF A PROCESS KNOWN AS NETWORK ADDRESS TRANSLATION (NAT) IN ORDER 16 TO SAVE MONEY AND IMPROVE SECURITY, NAT IS PRIMARILY USED TO REDUCE THE NUMBER OF PUBLIC IP 16 ADDRESSES THAT A BUSINESS OR ORGANIZATION MUST UTILIZE. 16 TYPES OF NETWORK ADDRESS TRANSLATION (NAT) _16 _16 ADVANTAGES OF NETWORK ADDRESS TRANSLATION (NAT) 17 HOW NAT IS USED FOR SECURITY 17 REFERENCES: 18 Table of Figures Figure 1: Threat .4 Figure 2: Data breach Figure 3: Conduct regular risk assessments Figure 4: Raise employee cybersecurity awareness .8 Figure 5: Firewall Figure 6: How firewalls work 10 Figure 7: IDS how it work 11 Figure 8: DMZ diagram .13 Figure 9: Static IP 15 Figure 10: NAT Diagram 16 I Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1) Define threats A threat is defined in the context of security as any circumstance or event that has the potential to cause harm to an organization's operations, assets, reputation, or individuals via an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service [1] This includes both intentional and unintentional behavior The term "cyber threat" refers specifically to threats that originate digitally or online, such as malware, phishing, or hacking [2] Natural disasters, power outages, and physical breaches, among other things, can pose threats [3] It's important for organizations to have a clear understanding of potential threats and the ways in which they can manifest, in order to implement effective security measures and mitigate risk This includes staying up-to-date on emerging threats and vulnerabilities and taking proactive steps to prevent or mitigate them Figure 1: Threat Identify threats agents to organizations In terms of cybersecurity, organizations face a wide range of threats from various threat agents It is critical to identify these threat agents in order to develop effective security strategies The following are some common threat agents that businesses should be aware of: List type of threats that organizations will face Cybercriminals: Individuals or groups who use technology to commit crimes such as stealing personal information, financial data, or intellectual property are referred to as cybercriminals To gain unauthorized access to systems or data, they frequently employ malware, phishing, or social engineering techniques [4] State-sponsored hackers are government-sponsored attackers who seek to steal sensitive data or disrupt critical infrastructure They are frequently well-funded and highly skilled, posing a serious threat to organizations that may be targeted for political, economic, or strategic reasons [5] Insider threats are people who have legitimate access to an organization's systems or data and use that access for malicious purposes They could be employees, contractors, or partners with a grudge or the intent to profit financially Because they already have legitimate access to the organization's resources, insider threats can be difficult to detect [6] Terrorists and hacktivists: Terrorists and hacktivists are individuals or groups who use cyberattacks to achieve political or social goals To disrupt or damage their targets, they frequently use distributed denial of service (DDoS) attacks, defacement, or data breaches The threat level posed by these agents may vary depending on the activities of the organization, industry, or country to which they belong [7] By identifying these threat agents, organizations can gain a better understanding of the nature of the risks they face and take appropriate protective measures This includes putting in place security policies, training employees to be aware of potential threats, and monitoring systems for any unusual activity Organizations should also create incident response plans that can be used to detect and respond to security incidents as soon as possible They can minimize the damage caused by successful attacks and the impact on their operations by doing so What are the recent security breaches? List and give examples with dates According to the web search results, several recent security breaches have affected various companies and organizations Here is a list of some of the most notable security breaches, along with the dates they occurred: News Corp: In January 2022, News Corp, the publisher of the Wall Street Journal, disclosed that it had been the victim of a cyberattack, with some data compromised [8] U.S Marshals Service and Activision: A series of high-profile data breaches were reported in February 2023, including attacks on the U.S Marshals Service and Activision AT&T: In March 2023, AT&T notified million customers that their personal information had been compromised Amazon Ring: In March 2023, a ransomware group claimed to have stolen Amazon Ring data Figure 2: Data breach Few solutions to organizations o Conduct regular security assessments: Organizations should regularly assess their security vulnerabilities and identify areas that need improvement They can hire external security consultants to perform security assessments and recommend measures to strengthen their security posture o Implement multi-factor authentication (MFA): Multi-factor authentication is an effective way to prevent unauthorized access to sensitive data By requiring a user to provide two or more authentication factors, such as a password and a biometric factor like a fingerprint or facial recognition, MFA makes it more challenging for hackers to gain access to systems and data o Regularly update software and patch vulnerabilities: Organizations should ensure that all software and systems are updated regularly with the latest security patches and updates to address known vulnerabilities o Train employees on cybersecurity best practices: Employees are often the weakest link in an organization's security posture Organizations should provide regular training and education on cybersecurity best practices to all employees to prevent phishing attacks, social engineering, and other security risks o Encrypt sensitive data: Encryption is a crucial method for protecting sensitive data from unauthorized access Organizations should encrypt all sensitive data both in transit and at rest o Backup data regularly: Organizations should regularly backup all critical data to a secure location to ensure that it can be recovered in the event of a security breach or other data loss o Implement access controls: Access controls, such as role-based access and privilege management, can help organizations limit access to sensitive data and systems only to authorized personnel I Describe organisational security procedures (P2) Security procedures that organizations can use to improve or provide security: Conduct regular risk assessments: Organizations should conduct regular risk assessments to identify and mitigate potential security risks A risk assessment can help an organization develop a security strategy that includes plans for recovering from attacks and system downtime It can also identify areas where technology infrastructure control activities need to be established By regularly conducting risk assessments, organizations can stay ahead of potential security threats and improve their overall security posture [9] Figure 3: Conduct regular risk assessments Raise employee cybersecurity awareness: The obvious way to create and nourish a healthy security culture! Organizations of all sizes and industries are vulnerable to cyberthreats; therefore, safekeeping information assets from phishing and ransomware, for example, will require users’ awareness of these threats and the ability of the workforce to mitigate risks Building a cyber-aware staff means addressing the resilience of the human element of cybersecurity It is vital for employees to be prepared to handle threats that slip through the network perimeter controls, so it is beneficial to implement a security awareness and training program for the members of staff by following guides such as the NIST Special Publication 800-50 As mentioned in The Components of Top Security Awareness Programs, “an effective cyber security strategy and implementation plan to sustain security operations from preincident to post-incident starts with educating personnel in data breach prevention and response.” [9] Figure 4: Raise employee cybersecurity awareness Implement an XDR security solution: Extended Detection and Response (XDR) security solutions monitor an organization's entire infrastructure, including endpoints, the cloud, mobile devices, and more These systems actively search and respond to threats in real-time to protect organizations from advanced cyberattacks XDR can help an organization detect and respond to threats before they can cause damage to the organization's data and systems Implementing an XDR security solution can help an organization improve its overall cybersecurity posture [10] Conduct penetration testing: Penetration testing is the process of simulating an attack on an organization's network or system to identify potential vulnerabilities Penetration tests can help organizations learn how to handle any type of break-in from a malicious entity and examine whether their security policies are genuinely effective Penetration testing can also serve as a type of fire drill for organizations, providing a way to test their security policies and procedures in a controlled environment By conducting regular penetration testing, organizations can identify vulnerabilities and take steps to address them, improving their overall security posture [11] Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) II Firewalls and policies: - Firewalls are an essential component of network security that play a crucial role in protecting networks from unauthorized access and other malicious activities They work by filtering incoming and outgoing network traffic based on a set of user-defined rules The purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely [12] - In addition to deploying firewalls, it is also essential to establish clear firewall policies to ensure that the firewall is configured correctly and that it is operating effectively Firewall policies should outline the rules for allowing or blocking specific types of network traffic, as well as the procedures for managing and updating the firewall It is also important to regularly review and update firewall policies to ensure that they remain effective against emerging threats [13] Figure 5: Firewall Usage in a network: - In a network environment, firewalls can be deployed in various ways depending on the organization's security requirements For example, a network may have multiple firewalls in place to control the flow of traffic between different network segments or to protect specific servers or applications Firewalls can also be used in conjunction with other security technologies, such as intrusion detection systems (IDS) and virtual private networks (VPNs), to provide a comprehensive security solution [14] Figure 6: How firewalls work Advantages in a network: - One of the most significant benefits of network firewalls is their adaptability Firewalls can be upgraded and adapted in real time, giving network administrators a great deal of flexibility in managing network security [15] - Firewall provides intelligent port control, which goes beyond the traditional single-layer port approach They provide advanced security features such as intrusion detection and prevention, content filtering, and VPN support [16] - Another significant benefit of firewalls is their ability to restrict access to sensitive resources, preventing unauthorized users from accessing critical information Network firewalls that only allow traffic that has been explicitly authorized to pass can support Zero Trust security architectures in which only the necessary and authorized users, devices, and applications are granted access - Firewalls also provide a simple infrastructure for network security, which reduces the complexity of network security management Firewalls can reduce the number of threats that a network faces by blocking unauthorized traffic, making network security easier to manage [16] How does a firewall provide security to a network? - A firewall safeguards a network by filtering incoming and outgoing network traffic according to a set of user-defined rules [17] A firewall functions essentially as a filter, scanning data that attempts to enter a network and preventing anything that appears suspicious from passing through [18] It is placed between a network or a computer and the internet to prevent unauthorized access to or from the network [19] Firewalls can also enforce access privileges to reduce the risk of unauthorized access, limit access to sensitive resources, and support Zero Trust security architectures, which only allow traffic that has been explicitly authorized to pass, increasing security [17][19] What is IDS? And Usage - An Intrusion Detection System (IDS) is a piece of security software or hardware that monitors network traffic for potential security threats and suspicious activity It analyzes the network data to detect patterns and signs of abnormal behavior [20] An IDS can be used for the following uses: Detecting and reporting any suspicious activity: The primary function of an intrusion detection system (IDS) is to detect and report any malicious activity or suspicious traffic When the IDS detects such activity, it notifies the IT and security teams, allowing them to take appropriate action [21] Preventing network attacks: Some intrusion detection systems (IDS) can take action when malicious activity is detected For example, the IDS can prevent further damage by blocking the attacker's IP address or restricting access to the targeted system or network [22] To detect security threats, an IDS typically employs two methods: signature-based detection and anomaly-based detection Signature-based detection uses a pre-defined database of known threats to match traffic against in order to detect malicious activity Anomaly-based detection, on the other hand, detects activity that deviates from normal network behavior and generates alerts when unusual patterns are detected Here is an example diagram that shows how an IDS works: Figure 7: IDS how it work Incorrect in IDS Configuration: - Ignoring frequent false positives: When firms implement a new IDS, the IDS device is triggered to hunt for any potential vulnerabilities In other words, they adjust the IDS to its maximum sensitivity Although this architecture allows the IDS to detect a greater number of potential attacks, it also exposes the system to more false positives False positives cause IDS managers to receive hundreds or thousands of notifications each day, which is an issue People appear to overlook any other signals that the IDS sends you in addition to port scan warnings as a result It may have terrible consequences - Avoiding IPsec to support NIDS: We believe that encryption provides the maximum level of security Many network administrators, for example, assume VPN connections are secure because MPPE or IPsec are used to encrypt data inside the tunnel The problem is that access control and tunnel encryption are frequently combined Conversations between the two VPN endpoints can be kept private and secure while using a VPN link, but once the data leaves the VPN endpoints, it is no longer secure - Monitoring solely inbound connections: In reality, many businesses not adhere to the least privilege principle and not employ outward access limits, which limit what resources Internet users and apps may access to what they truly require to their jobs This is a critical issue in the IDS configuration since network worms and other automated assaults may target your system III How implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) The aid of diagram DMZ, its usage and security function as Advantage Definition: The Demilitarized Zone, or DMZ, is an internal local area network (LAN) that is separated from other untrusted networks DMZ increases the security of a company's local area network The DMZ content can be accessed by a secured and monitored network node that faces away from the organization's internal network, while the rest of the network is secure behind a firewall When properly configured, a DMZ Network provides enterprises with added security by detecting and limiting security breaches before they reach the internal network, which houses irreplaceable assets Figure 8: DMZ diagram Advantages of DMZ The main benefit of a DMZ is to provide an internal network with an additional security layer by restricting access to sensitive data and servers A DMZ enables website visitors to obtain certain services while providing a buffer between them and the organization’s private network As a result, the DMZ also offers additional security benefits, such as: - Enable access control: Through the internet, an organization can provide users with access to services that are not available within its network's borders The DMZ allows access to these services while also implementing network segmentation to make it more difficult for unauthorized users to access the private network A DMZ may include a proxy server that centralizes internal traffic flow and makes it easier to monitor and record that traffic - Preventing network reconnaissance: By establishing a barrier between the internet and a private network, a DMZ prevents attackers from conducting reconnaissance in order to source future targets Servers in the DMZ are open to the public, but a firewall that prevents an attacker from seeing inside the internal network adds an extra layer of security The internal firewall separates the private network from the DMZ to keep it safe and make external reconnaissance difficult, even if a DMZ system is compromised - IP spoofing protection: Attackers occasionally attempt to circumvent access control limits by spoofing a valid IP address and impersonating another device on the network A DMZ can stall a potential IP spooler while another network service validates the IP address by seeing if it can be accessed How DMZs are used for security - Because DMZ networks and firewalls are both used to secure sensitive business systems and resources, they have become an essential component of network security for organizations DMZ networks are designed to host organizational resources while also making some of them accessible to approved external users They can be used to separate prospective target systems from internal networks, as well as to restrict and regulate access to such systems outside the business - Businesses have decided to use virtual machines (VMs) or containers to isolate specific applications or network segments from the rest of the corporate environment Because of cloud technologies, many businesses no longer require in-house web servers SaaS apps are only one example of externally visible technology that has migrated to the cloud from the enterprise's DMZ - Recently, DMZs have shown to be effective in reducing security concerns provided by operational technology (OT) systems and Internet of Things (IoT) devices, which improve production and manufacturing but also generate a huge attack surface This is due to the fact that OT equipment has not been built to handle or recover from cyberattacks in the same manner that IoT devices have, posing a serious danger to enterprises’ vital data and resources A DMZ offers network segmentation to reduce the possibility of an assault that might harm industrial infrastructure The aid of diagram static IP, its usage and security function as advantage: Definition: Simply said, a static Internet Protocol Address (IP address) is a constant address Once an IP address is assigned to a device, it normally doesn't change unless the device is decommissioned or the network architecture is altered Shared resources like Web servers, printers, etc require static IP addresses Figure 9: Static IP Advantage of static IP: Because IP addresses are static, they represent a security risk because it is easier to identify the system to which they are attached Static IP addresses are also difficult to change after a hacking attempt, leaving the system susceptible to future attacks This security danger, however, can be easily avoided by employing an effective and up-to-date internet security suite or firewall Static IP addresses, in any case, aid in identifying the device seeking to connect to the network, allowing authorized users to access the network, and prohibiting unauthorized users from doing so How Static IPs are used for security: Static IP addresses must be used for devices that require continuous access If your company wants to support the flow of a large amount of data, a static IP address is recommended so that your stakeholders can connect to your server with trust Furthermore, it ensures that your domain name and related emails will have little downtime For example, if you want to ensure that users can always reach your computer to download files, you must choose a static IP address that never changes The aid of diagram Network Address Translation (NAT), its usage and security function as advantage: Definition: A network device, often a firewall, will assign a public address to a computer (or group of computers) inside a private network as part of a process known as network address translation (NAT) In order to save money and improve security, NAT is primarily used to reduce the number of public IP addresses that a business or organization must utilize Figure 10: NAT Diagram Types of Network Address Translation (NAT) > PAT (Port Address Translation): This translates many local (private) IP addresses into a single public IP address To identify the traffic, or which traffic comes from which IP address, port numbers are employed Since thousands of individuals may connect to the Internet using just one genuine global (public) IP address, this is the method that is most usually utilized > Static NAT occurs when a private IP address is precisely mapped to a public IP address Static NAT (Network Address Translation) is useful when a network device within a private network has to be accessible from the internet > Dynamic NAT involves mapping a pool of public IP addresses to a set of private IP addresses We use it when we know how many fixed users wish to use the Internet at a certain time Advantages of Network Address Translation (NAT) - The main advantage of NAT is that it can prevent the depletion of IPv4 addresses - NAT (Network Address Translation) can provide an additional layer of security by making the original source and destination addresses hidden - NAT provides increased flexibility when connecting to the public Internet. NAT allows to use your NAT allows to use your own private IPv4 addressing system and prevent the internal address changes if you change the service provider How NAT is used for Security A NAT firewall only allows internet traffic to pass through the gateway when a private network device request it The internet is secured from interactions with potentially hazardous devices by rejecting any unwanted requests or data packets If the NAT firewall does not have a private IP address to forward to outside the gateway, it recognizes the inbound internet traffic as unsolicited and should be disregarded Internet-connected computers and servers can only see the public IP address of the router, they cannot see the private IP addresses of specific devices such as smartphones, laptops, smart TVs, internet-ofthings gadgets, and gaming consoles This is also known as IP masquerading References: [1] Available at: https://csrc.nist.gov/glossary/term/threat (Accessed: April 2023) [2] Available at: https://csrc.nist.gov/glossary/term/Cyber_Threat (Accessed: April 2023) [3] Available at: https://debricked.com/blog/what-is-security-threat/ (Accessed: April 2023) [4] Threat Modeling - OWASP Cheat Sheet Series (2023) Available at: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html (Accessed: April 2023) [5] How SOCs can identify the threat actors behind the threats | TechTarget (2023) Available at: https://www.techtarget.com/searchsecurity/post/How-SOCs-can-identify-the-threat-actorsbehind-the-threats (Accessed: April 2023) [6] Threat Modeling - OWASP Cheat Sheet Series (2023) Available at: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html (Accessed: April 2023) [7] Threat Agents Your Cyber Security Team Should Be Aware Of (2019) Available at: https://www.thedataguardians.co.uk/2019/02/27/7-threat-agents-your-cyber-security-team-should-beaware-of/ (Accessed: April 2023) [8] [Rob Lever] U.S News & World Report(2022) Available at: https://www.usnews.com/360-reviews/privacy/recent-data-breaches (Accessed: April 2023) [9] ways to improve your organization’s security posture | Infosec Resources (2019) Available at: https://resources.infosecinstitute.com/topic/8-ways-to-improve-your-organizationssecurity-posture/ (Accessed: April 2023) [10] Three Ways to Improve Your Organization’s Cybersecurity (2021) Available at: https://www.yeoandyeo.com/resource/three-ways-to-improve-your-organizationscybersecurity (Accessed: April 2023) [12] What is a Firewall and How Does It Work? | DigitalOcean (2023) Available at: https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-itwork (Accessed: 18 April 2023) [13] Scarfone, K and Hoffman, P (2009) Guidelines on Firewalls and Firewall Policy, NIST Available at: https://www.nist.gov/publications/guidelines-firewalls-and-firewall-policy (Accessed: 18 April 2023) [14] Services, P (2023) What Is a Firewall?, Cisco Available at: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html (Accessed: 19 April 2023) [15] What are the Benefits of a Firewall? | Fortinet (2023) Available at: https://www.fortinet.com/resources/cyberglossary/benefits-of-firewall (Accessed: 19 April 2023) [16] What are the Benefits of a Firewall? | Fortinet (2023) Available at: https://www.fortinet.com/resources/cyberglossary/benefits-of-firewall (Accessed: 19 April 2023) [17] What is a Firewall and How Does It Work? | DigitalOcean (2023) Available at: https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-itwork (Accessed: 19 April 2023)