Khóa học này cung cấp cái nhìn tổng quan về các thách thức bảo mật và chiến lược đối phó trong môi trường hệ thống thông tin. Các chủ đề bao gồm định nghĩa về các thuật ngữ, khái niệm, thành phần và mục tiêu kết hợp các tiêu chuẩn và thực tiễn của ngành với trọng tâm là các khía cạnh sẵn có, dễ bị tổn thương, tính toàn vẹn và bảo mật của hệ thống thông tin.
Threats definition
A threat is any action that could harm an asset Natural and human-induced threats are the two things that information systems have to face
The threats of a flood, earthquake, or severe storms require companies to create schemes to make sure that business operations continue and that the organization can recover A Business Continuity Plan (BCP) gives priorities to the functions a company needs to keep going
On the other hand, a Disaster Recovery Plan (DRP) defines how a business regains after a massive disaster such as a fire or hurricane
Human-Caused Threats to Computer Systems
Human-caused threats to a computer system include viruses, malicious code, and unauthorized access
• A virus is a piece of software designed with the intent to harm a system, an application, or data
• Malicious code, or malware, is a computer program written to cause a specific action to happen, such as deleting a hard drive
These threats can harm individuals, businesses, or organizations.
Threat agents to organizations
A thread agent is an individual or group that acts or has the power to, exploit a vulnerability or conduct other damaging activities Various types of such threat agents are introduced as follows:
• Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the risk to the infrastructure of the organization’s information system These threat agents are considered the natural threat agents
• Workforces: Organizations have to engage their workforces to perform their respective jobs following the policies of the organization When an employee makes a critical mistake in data entry, releases proprietary data, or deceives the organization, he or she becomes a major threat to the concerned organization
• Malicious Hackers: Information systems if interlinked with other systems or even the Internet are exposed to thousands of potential hackers through social engineering, modem connections, or physical attacks They do not care about the interface, be it public or private
• Industrial Spies: Industrial espionage is a dangerous threat to most organizations It can result in loss of profits, competitive advantage, or even the business itself
• Foreign Government Spies: Foreign spies can be involved in espionage with a view to enhancing the capabilities of their own government, reducing the native government’s abilities Their activities can even include foreign-sponsored industrial espionage.
List type of threats that organizations will face
This category aligns with threats such as Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that impact access or uptime to critical systems, applications, or data
This category can relate to threats such as social engineering attacks, where attackers use coercion or deception to manipulate individuals into divulging sensitive information or performing certain actions, like clicking on malicious URLs or opening suspicious email attachments
This category aligns with various threats such as penetration testing (in the context of unauthorized and malicious penetration testing), unauthorized access, privileged escalation, stolen passwords, data deletion, and data breaches
Figure 1 threats from cyber crime illustration
Recent security breaches
A security breach refers to an incident where unauthorized individuals or entities gain access to sensitive or confidential information, computer systems, networks, or digital resources without proper authorization Such breaches may result in data theft, data exposure, system compromise, or other harmful consequences to the affected individuals or organizations The examples have been described below
1) On July 11th 2023, it was revealed that Chinese hackers infiltrated U.S government agencies using a vulnerability in Microsoft's cloud services The attack was discovered by an unnamed government agency in June, and both Microsoft and the Department of Homeland Security were notified about the incident The group responsible for the attack, known as "Storm-0558" by Microsoft, is believed to have ties to the Chinese government Their targets were State and Commerce department emails, particularly around the time of U.S Secretary of State Antony Blinken's visit to China in June Fortunately, U.S officials have stated that sensitive data was not compromised in this specific email breach
2) On July 2nd 2023, the hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts The group provided a sample of the data, but so far it has not been determined where exactly the data came from A Microsoft spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.”
3) On July 8th 2023, an anonymous hacker posted on an online forum that they had stolen source codes and other data from Razer, a consumer electronics company The hacker offered to sell this data for $100,000 worth of cryptocurrency On July 10, Razer acknowledged that they were investigating this incident.
Consequences of these breaches
Chinese hackers infiltrated U.S government agencies via Microsoft's cloud services, raising concerns about intelligence loss and diplomatic tensions
Hacktivist group Anonymous Sudan claimed to have pilfered data from 30 million Microsoft accounts, leading to data privacy concerns and trust issues for Microsoft
An anonymous hacker stole source codes and data from Razer, risking intellectual property, brand reputation, and potential financial loss for the company
Consquences of breaches in general:
• Data Exposure and Loss: Breaches often lead to unauthorized access and exposure of sensitive or confidential data, resulting in potential data theft or loss
• Financial Loss: Organizations may incur significant financial losses due to the cost of investigating the breach, implementing security improvements, and potential legal fees and fines
• Reputation Damage: A breach can tarnish an organization's reputation, leading to a loss of trust from customers, partners, and stakeholders
• Disruption of Operations: Breaches can cause disruptions to normal business operations, leading to downtime, loss of productivity, and revenue impact
• Intellectual Property Theft: Cybercriminals may target intellectual property, trade secrets, or proprietary information, leading to potential competitive disadvantages
• Loss of Customer Trust: Customers may lose confidence in an organization's ability to protect their data, leading to decreased customer loyalty and potential customer churn.
Solutions to organizations
1 Limit access to your most valuable data
When you limit who is permitted to see particular documents, you limit the group of employees who could accidentally click on a harmful link As organizations move into the future, expect to see all records partitioned off so that only those who need access will have it This is one of those common- sense solutions that companies probably should have been doing all along
2 Third-party vendors must comply
Enterprises that are permitted to see your valuable data, demand transparency Make sure they are complying with privacy rules; don’t just assume Ask for background checks for third-party vendors who must enter your company on a regular basis CEOs need to get tougher on security if they really want to enhance change
3 Conduct employee security awareness training
According to recent surveys, employees are the weakest link in the data security chain Instead of training, employees open suspicious emails every day that have the potential to download viruses One mistake that employers make is thinking that one training class about cybersecurity is enough If you’re serious about safeguarding your important data, schedule regular classes each quarter or even monthly
Experts recommend keeping all application software and operating systems updated often Install patches whenever available Your network is vulnerable when programs aren’t patched and updated regularly Microsoft now has a product called Baseline Security Analyzer that can regularly check to make sure all programs are patched and upgraded This is a fairly easy and cost-effective way to strengthen your network and stop attacks before they occur
Describing at least 3 organisational security procedures (P2)
Data Classification
Data classification is the process of categorizing data based on its sensitivity, value, and criticality to the organization By understanding the type and importance of data they possess, organizations can apply appropriate security measures and controls to protect it effectively
• Data Inventory: Organizations conduct an inventory of all data they store and process to understand the types and locations of sensitive information
• Data Categorization: Data is categorized into different levels (e.g., public, internal, confidential, highly confidential) based on predefined criteria
• Data Handling Guidelines: Policies are established to define how each data category should be handled, stored, transmitted, and accessed
• Focused Security Measures: Data classification allows organizations to allocate security resources based on the sensitivity and importance of the data, making security efforts more effective and efficient
• Compliance: Properly classified data helps organizations meet regulatory requirements related to data protection and privacy
• Risk Management: Identifying and prioritizing sensitive data enables organizations to focus on protecting their most critical assets from potential threats.
Strict Access Controls
Access controls are security measures that limit access to information systems, resources, and data to authorized users only Implementing strict access controls is crucial in preventing unauthorized access and protecting sensitive information
• Role-Based Access Control (RBAC): Employees are assigned specific roles, and access permissions are associated with those roles Users receive access to resources based on their roles
• Multi-Factor Authentication (MFA): MFA requires users to provide multiple forms of identification (e.g., password and one-time code) to access sensitive systems or data
• Access Review and Revocation: Regular reviews are conducted to assess the appropriateness of access rights, and access is promptly revoked when no longer needed
• Reduced Insider Threat: Strict access controls minimize the risk of internal breaches by limiting access to sensitive information
• Prevention of Unauthorized Access: The principle of least privilege ensures that users can only access resources necessary for their job, reducing the likelihood of accidental or intentional data breaches
• Auditability and Accountability: Access controls enable tracking and monitoring of user activities, aiding in investigations and ensuring accountability for actions taken.
Physical Security Monitoring
Physical security monitoring involves using various surveillance and detection techniques to protect the organization's physical assets, premises, and personnel from unauthorized access or threats
• Security Cameras: CCTV cameras are strategically placed to monitor entry points, critical areas, and perimeters
• Intrusion Detection Systems (IDS): IDS sensors detect and alert on unauthorized access attempts or suspicious activities
• Access Logs and Controls: Logging access attempts and using access control systems to restrict entry to authorized personnel
• Security Personnel: Employing security personnel to perform patrols, monitor surveillance feeds, and respond to security incidents
• Deterrence: Visible physical security measures act as a deterrent, discouraging potential attackers or unauthorized individuals
• Rapid Response: Monitoring allows for timely detection of security incidents, enabling quick response and containment
• Forensics and Investigations: Surveillance footage and access logs can aid in post-incident investigations and evidence gathering
Proposing a method to assess and treat IT security risks (M1)
Methods required to access security threats
A security risk assessment identifies security risks in a computing system, evaluates and prioritizes those risks, and suggests security controls that can mitigate the risks Another aspect of security risk assessments is vulnerability assessment—the process of identifying and remediating vulnerabilities across the organization
Performing a risk assessment can provide organizations with a complete view of the exploitability of their infrastructure and application portfolio It helps administrators make informed decisions about resource allocation, tools, and implementation of security controls Therefore, conducting an assessment is an essential part of an organization's risk management process
Common methods required to access security threats include
• Vulnerability Assessment: Conducting vulnerability assessments involves systematically scanning networks, systems, and applications to identify potential weaknesses Vulnerability scanning tools are used to find security flaws like outdated software, misconfigurations, or unpatched systems
• Penetration Testing: Penetration testing, also known as ethical hacking, involves simulating real-world cyber-attacks to assess the security of systems, networks, and applications Skilled professionals attempt to exploit vulnerabilities to understand potential risks and the impact of a successful attack
• Threat Intelligence: Gathering threat intelligence involves monitoring and analyzing data from various sources, including security feeds, dark web forums, and hacker chatter This helps in understanding emerging threats and attack trends
• Log Analysis: Analyzing system logs, network traffic, and event data can help detect suspicious activities and potential security breaches
• Malware Analysis: Studying malware samples to understand their behavior and capabilities can help in developing effective countermeasures
• Define the boundaries of the risk assessment, like specific business units or processes
• Involve relevant stakeholders to identify risks and assess their impacts
• Review frameworks like NIST SP 800-37 and ISO/IEC 27001 for guidance on effective security controls
• GRC (Governance, Risk, and Compliance) Software: Helps organizations manage and assess risks, compliance, and policies across different business units and processes
• Threats are events that can harm an organization's assets or processes
• Vulnerabilities are weaknesses that expose the organization to potential threats
• Use automated scanning, auditing, and testing techniques to find vulnerabilities, both technical and physical
• Assess how risks can affect the organization based on factors like discoverability, ease of exploitability, and historical incidents
• Risk Analysis Tools: Tools like FAIR (Factor Analysis of Information Risk) provide a quantitative framework to assess and prioritize risks based on factors like impact and likelihood
• Use a risk matrix to classify risks based on severity and likelihood
• Define a risk tolerance level and determine actions for each risk scenario: avoid, transfer, or mitigate
• Risk Matrix Template: While not a tool in itself, using a risk matrix template in spreadsheet software (e.g., Excel) can help classify risks based on their severity and likelihood
• Thoroughly document all identified risk scenarios, existing controls, and mitigation plans
• Regularly update risk documentation to maintain visibility of the current risk portfolio
• Security Information and Event Management (SIEM) Software: SIEM tools like Splunk, ArcSight, or LogRhythm help centralize and analyze security event data, providing real-time visibility into security incidents and ongoing risk management.
Current weakness or threats of an organization
weaknesses in an organization can hinder its ability to perform at an optimum level and remain competitive Here are some current common weaknesses that organizations may face:
Weak Brand: A weak brand image or reputation can result in reduced customer trust and loyalty, making it difficult to attract and retain customers compared to competitors with stronger brand recognition
High Employee Turnover: High turnover rates can lead to increased recruitment and training costs, as well as a loss of knowledge and expertise It may also impact employee morale and productivity
High Levels of Debt: Excessive debt can lead to financial strain, increased interest payments, and limited financial flexibility It may impede investment in growth opportunities or necessary upgrades
Inadequate Supply Chain: An inefficient or unreliable supply chain can result in delays, increased costs, and customer dissatisfaction due to product or service disruptions
Lack of Capital: Insufficient financial resources can restrict the organization's ability to invest in expansion, research and development, or new technologies
Outdated Technology and Systems: Using outdated technology and systems can hinder productivity and innovation, limiting the organization's ability to keep up with competitors
Ineffective Marketing Strategies: Poorly executed marketing strategies may lead to low customer acquisition rates, reducing the organization's market share
Limited Product or Service Offerings: A narrow range of products or services may limit the organization's ability to meet diverse customer needs and preferences
Lack of Innovation: Failing to innovate and adapt to market changes can result in the organization falling behind competitors and losing its competitive edge
Inadequate Cybersecurity Measures: Insufficient cybersecurity measures can expose the organization to data breaches, leading to reputational damage and financial losses.
Proposing tools to treat IT security risks
• Firewalls are a network security solution that serve as a protective barrier between an organization's internal network (trusted zone) and the outside world, including the internet and other untrusted networks
• They operate by examining and filtering incoming and outgoing network traffic based on predetermined rules and policies
• By allowing or blocking specific data packets, firewalls prevent unauthorized access to sensitive information, cyberattacks, and other security threats
• Firewalls can be hardware, software, or cloud-based, and they play a crucial role in protecting an organization's network and resources from external threats
Security Information and Event Management (SIEM):
• SIEM tools are designed to collect, aggregate, and analyze log and security event data from various sources within an organization's IT infrastructure
• These sources can include firewalls, servers, network devices, antivirus systems, intrusion detection systems, and more
• SIEM solutions provide real-time monitoring and correlation of events, enabling security analysts to detect and respond to security incidents promptly
• By centralizing security information, SIEM tools help identify patterns and anomalies, aiding in threat detection, incident response, and forensic analysis
• NAC tools are used to regulate and control access to an organization's network resources based on predefined security policies
• Before granting access, NAC solutions verify the identity and security posture of devices attempting to connect to the network
• NAC can enforce measures such as requiring devices to have up-to-date security patches, updated antivirus software, and complying with specific security standards
• By enforcing proper access controls, NAC helps prevent unauthorized devices from accessing sensitive resources, mitigating the risk of potential security breaches
Together, firewalls, SIEM, and NAC contribute to a comprehensive cybersecurity strategy by fortifying an organization's network perimeter, providing real-time threat detection and analysis, and enforcing stringent access controls These tools, when properly implemented and integrated into an organization's security infrastructure, enhance the overall security posture, protect against cyber threats, and help organizations respond effectively to security incidents
Figure 3 Risk assessment criteria illustration
Identifying the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 16 I Firewalls and policies
How firewall provide security to a network
A firewall is a vital cybersecurity solution that safeguards your computer or network by preventing unwanted traffic from entering or leaving It acts as a protective barrier, inspecting and authenticating data packets before allowing them into a secure environment
Protection from Internal and External Threats
By securing the border between your network and the internet, or between different segments of your network, firewalls provide essential protection against both internal and external threats Filtering data in network traffic, they defend your network from a wide range of malicious attacks and malware
Without firewalls to block cyber threats and unauthorized access, your network's computers and devices become susceptible to attack Firewalls serve as your first line of defense, monitoring and filtering all network traffic to ensure only safe content enters your secure environment
Firewalls use pre-programmed rules to block incoming threats and unauthorized access They can also control which users can access specific network areas, adding an extra layer of protection
Acting as vigilant gatekeepers, firewalls monitor and filter all types of network traffic, including outgoing traffic, application-layer data, online transactions, communications, connectivity, and dynamic workflows
With firewalls as your cybersecurity shield, you can rest assured that your network is safeguarded from potential threats, enabling safe and secure operations
Figure 4 Protection from firewall illustration
Diagrams of how firewall works
No one can deny the fact that the dynamic rise of the Internet has brought the world closer But at the same time, it has left us with different kinds of security threats To ensure the confidentiality and integrity of valuable information of a corporate network from outside attacks, we must have some robust mechanism
The firewall acts as a guard It guards a corporate network acting as a shield between the inside network and the outside world All the traffic in either direction must pass through the firewall It then decides whether the traffic is allowed to flow or not The firewall can be implemented as hardware and software, or a combination of both
Figure 5 The working way of firewall illustration
IDS definition, its usage and diagram
An intrusion detection system definition includes installing a monitoring system that helps detect suspicious activities and issue alerts about them Depending upon these alerts, a SOC (security operations center) analyst or the incident responder investigates the issue and takes the required steps to eradicate the threat
While these systems are quite effective for detecting malicious activity, they sometimes generate false alarms So, organizations need to fine-tune them at the time of installation This means you need to properly set up the intrusion detection system to identify what normal traffic on the network looks like
Additionally, the intrusion prevention system also keeps a check on the network packets to detect malicious activity
Intrusion detection systems offer organizations several benefits, starting with the ability to identify security incidents An IDS can be used to help analyze the quantity and types of attacks Organizations can use this information to change their security systems or implement more effective controls An intrusion detection system can also help companies identify bugs or problems with their network device configurations These metrics can then be used to assess future risks
Intrusion detection systems can also help enterprises attain regulatory compliance An IDS gives companies greater visibility across their networks, making it easier to meet security regulations
Additionally, businesses can use their IDS logs as part of the documentation to show they are meeting certain compliance requirements
Intrusion detection systems can also improve security responses Since IDS sensors can detect network hosts and devices, they can also be used to inspect data within the network packets, as well as identify the OSes of services being used Using an IDS to collect this information can be much more efficient than manual censuses of connected systems
An IDS only needs to detect potential threats It is placed out of band on the network infrastructure Consequently, it is not in the real-time communication path between the sender and receiver of information
Network intrusion detection systems are used to detect suspicious activity to catch hackers before damage is done to the network There are network-based and host-based intrusion detection systems Host-based IDSes are installed on client computers; network-based IDSes are on the network itself
An IDS can be implemented as a network security device or a software application To protect data and systems in cloud environments, cloud-based IDSes are also available
Potential impact of a firewall and IDS if they are incorrectly configured
Firewall and IDS misconfigurations can have severe consequences for your clients, leading to three significant outcomes:
1 Compliance Violations: A properly configured firewall is essential for businesses to comply with industry standards and regulations in retail, finance, or healthcare (e.g., PCI DSS) Noncompliance can result in hefty fines and legal liabilities
2 Breach Avenues: Misconfigurations in firewalls or IDS systems that create unintended access points can open the door to cyber breaches, data loss, and theft or ransom of intellectual property This exposes sensitive information and jeopardizes the organization's reputation
3 Unplanned Outages: A misconfigured firewall or IDS could prevent customers from engaging with the business, leading to downtime and lost revenues Large e-commerce businesses may suffer significant financial losses until the misconfiguration is identified and corrected.
Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
DMZ
A DMZ (Demilitarized Zone) is a secure network that protects an organization's internal LAN from untrusted traffic Its purpose is to allow access to external networks, like the internet, while keeping the LAN secure In the DMZ, external-facing services and servers like DNS, FTP, mail, proxy, VoIP, and web servers are placed, isolating them from the internal LAN This approach makes it difficult for hackers to directly access internal data and servers from the internet By using a DMZ, an organization can ensure efficient communication and information sharing while keeping its LAN safe from threats
The main benefit of a DMZ is to provide an internal network with an advanced security layer by restricting access to sensitive data and servers A DMZ enables website visitors to obtain certain services while providing a buffer between them and the organization’s private network As a result, the DMZ also offers additional security benefits, such as:
• Enabling access control: Businesses can provide users with access to services outside the perimeters of their network through the public internet The DMZ enables access to these services while implementing network segmentation to make it more difficult for an unauthorized user to reach the private network A DMZ may also include a proxy server, which centralizes internal traffic flow and simplifies the monitoring and recording of that traffic
• Preventing network reconnaissance: By providing a buffer between the internet and a private network, a DMZ prevents attackers from performing the reconnaissance work they carry out the search for potential targets Servers within the DMZ are exposed publicly but are offered another layer of security by a firewall that prevents an attacker from seeing inside the internal network Even if a DMZ system gets compromised, the internal firewall separates the private network from the DMZ to keep it secure and make external reconnaissance difficult
• Blocking Internet Protocol (IP) spoofing: Attackers attempt to find ways to gain access to systems by spoofing an IP address and impersonating an approved device signed in to a network A DMZ can discover and stall such spoofing attempts as another service verifies the legitimacy of the IP address The DMZ also provides network segmentation to create a space for traffic to be organized and public services to be accessed away from the internal private network
Figure 8 Main benefits of DMZ
Static IP
A static IP address is an IP address that was manually configured for a device instead of one that was assigned by a DHCP server It's called static because it doesn't change vs a dynamic IP address, which does change
Routers, phones, tablets, desktops, laptops, and any other device that can use an IP address can be configured to have a static IP address This might be done through the device giving out IP addresses (like the router) or by manually typing the IP address into the device from the device itself
Static IP addresses can serve a number of useful functions
• Remote access solutions The most common use case for a static IP address involves remote access systems, like VPNs A company can make access to its resources and databases dependent upon the user having a specific IP address Users can then use a VPN application on their device to connect to a company server with a static IP address (the address needed for privileged access), and this will allow them to connect to and use company files and networks
• Server hosting If you’re setting up and hosting a server, using a static IP address can make it easier for devices to find and quickly connect to it
• Faster data transfer from your internet gateway If you set a device to use a static private IP address, data can be sent from your internet gateway (usually a router or modem) to that device a little faster The boost to your speed will be minimal, however
Figure 9 Static IP address illustration
NAT
Network Address Translation (NAT) is the process of reassigning the single IP address space into a further one by altering the network address data in the IP header of the data packet while they are traveling through a network towards the destination node
Generally, NAT works on a router or gateway and interconnects two networks with each other by translating the private addresses into the registered addresses before the data being transmitted to another network
NAT is having the potential to broadcast only one IP address to the public network on behalf of the entire internal network This provisions the feature of security by efficiently hiding the overall IP address of the private network behind that solo address
Figure 10 The working way of NAT illustration
Some of the benefits of NAT are:
• It allows you to rescue the private IP address
• It has got good security features that enhance the security of private networks by separating the internal network from the external network
• It helps to conserve the IP address space You can connect a large number of hosts using a small
IP address to the global internet
Usage and Security Function of NAT:
• IP Address Conservation: NAT allows organizations with private IP address ranges to connect multiple devices to the internet using a single public IP address This helps conserve the limited pool of public IP addresses and enables more efficient use of available IP space
• Privacy and Security: NAT acts as a firewall by hiding internal IP addresses from external networks The public IP address is the only address exposed to the internet, making it more difficult for attackers to identify and target individual devices within the private network
• Inbound Traffic Control: By default, NAT prevents incoming traffic initiated from external sources from reaching devices within the private network This provides an added layer of security by blocking unsolicited inbound connections
• Port Forwarding: NAT can be configured to forward specific incoming traffic to designated devices within the private network This is useful for hosting services such as web servers or gaming servers while still maintaining control over inbound traffic.
Discuss three benefits to implement network monitoring systems with supporting reasons (M2)
Networking monitoring devices
Network monitoring systems include software and hardware tools that can track various aspects of a network and its operation, such as traffic, bandwidth utilization, and uptime These systems can detect devices and other elements that comprise or touch the network, as well as provide status updates
Network administrators rely on network monitoring systems to help them quickly detect device or connection failures or issues such as traffic bottlenecks that limit data flow The ability to detect issues extends to parts of the network traditionally beyond their demarcation boundaries These systems can alert administrators to issues by email or text and deliver reports using network analytics Some
Networking Monitoring Tools which are given below:
It is a widely used comprehensive network monitoring tool that monitors devices with Simple Network Management Protocol (SNMP) It automatically detects network devices connected to the network All devices, services, or applications detected can also be viewed on a network topology map on which users can check how network infrastructure links together It offers the NetPath feature which traces packet transfers hop-by-hop which is helpful to diagnose the origin of network issues more effectively
It has a custom alert system by which users can set trigger conditions for alerts It notifies network faults via trouble tickets, emails, SMS, Slack channels, etc
Features of SolarWinds Network Performance Monitor
• It can create Wifi heat maps
Figure 11 Interface of solarwinds network performance monitor
It is one of the popular cloud-based SaaS infrastructure network monitoring tools for all networks and topologies As it is based on the cloud, there is no need for server maintenance It also has storage space for network monitoring statistics It can monitor cloud resources, single-site LANs as well as multi-site WANs, etc It uses SNMP for live statistics It provides multiple tools like Ping, Proxy Ping, Traceroute, SNMP Ping, WMI Query Tool, CLI Query Tool for troubleshooting network issues
• It provides an auto-discovery feature
• It is AI-based machine learning which offers capacity predictions
Figure 12 Interface of datalog network monitoring tool
It is an open-source network monitoring tool which has a web interface for network monitoring The GUI is color-coded, so features that are inaccessible or corrupted can easily be seen It Monitors performance events via the alerts system, which sends email and SMS updates To see what alerts were generated and when users can check the Alerts History section The alert list is also color-coded, making it easier for important warnings to be prioritized User can use APIs to integrate them with other network services
• Easy to use and simple GUI
Figure 13 Interface of nagios core
Why needs monitor networks
Network monitoring software can analyze performance in real-time, meaning that if a failure or issue is detected, you can be immediately alerted via methods such as email This rapid relay of information means that you can be informed of network problems wherever you may be, allowing you to instantly take corrective action and minimize potential downtime
In addition, network monitoring software eliminates the need for a physical system administrator and manual checks This can save your company both time and money, meaning that the problem is addressed effectively
Another major benefit is the reporting generated from network monitoring These reports can help you identify patterns and trends in system performance, as well as demonstrating the need for upgrades or replacements Performance baselines can also be easily established
Finally, network monitoring systems can assist you in being able to identify the specific areas of your network that are experiencing problems This means that you can quickly pinpoint the issue, saving you time and money when it comes to addressing the problem
Here are several other reasons why monitoring your networks is so important:
• To optimize network performance and availability
• Eliminate the need for manual checks
• Benchmark performance and availability data
Benefits of monitoring a network
Clear visibility into the network
Through network monitoring, administrators can get a clear picture of all the connected devices in the network See how data is moving among them, and quickly identify and correct issues that can undermine performance and lead to outages
Modern enterprises rely on a host of internet-dependent, business-critical services This includes cloud service providers, ISPs, CDNs, as well as SaaS, UCaaS, VPNs and SECaaS providers Each service operates over the internet, making them susceptible to performance fluctuations caused by internet outages or routing issues Visibility into the network components beyond your control allows you to monitor issues that might impact employees or customers
Better use of IT resources
The hardware and software tools in network monitoring systems reduce manual work for IT teams That means valuable IT staff have more time to devote to critical projects for the organization
Early insight into future infrastructure needs
Network monitoring systems can provide reports on how network components have performed over a defined period By analyzing these reports, network administrators can anticipate when the organization may need to consider upgrading or implementing new IT infrastructure
The ability to identify security threats faster
Network monitoring helps organizations understand what "normal" performance looks like for their networks So, when unusual activity occurs, such as an unexplained increase in network traffic levels, it's easier for administrators to identify the issue quickly and to determine whether it may be a security threat
Figure 14 Top 5 benefits of network monitoring
Investigate how a ‘trusted network’ may be part of an IT security solution (D1)
Trusted network
A trust network is a group of people that one person can go to when they need help, support, and safety Everybody has a trust network, even if they don’t know it
Trust networks can be full of a range of different people It could be full of your friends, family members, your colleagues, or even your neighbours Some children might include teachers in their trust network These are all people you could go to get help from
Trust networks are full of people you know, trust, and feel safe around
• When you connect to a new network, it's considered untrusted, and the VPN will automatically turn on But you can specify which networks should be trusted, and then the VPN will turn off when you connect to those trusted networks
• This is useful if you frequently connect to different Wi-Fi hotspots or networks while on the go With trusted networks, you don't have to manually turn the VPN on or off – it does it automatically based on your settings This way, your data stays safe without any extra effort from you
In a smart home security system, you have two Wi-Fi networks: one for trusted devices like smart cameras and locks, and another for guest devices
• Trusted Network: This secure network is exclusively for your smart home devices Only authorized devices can connect, and it has strong security measures like firewalls and regular updates
• Guest Network: Visitors can connect to a separate network with limited access, isolated from your smart home devices
By using trusted and untrusted networks, you protect your smart home from potential risks and ensure that guest devices don't compromise your security system.
How it can be a solution in IT security
Trusted networks are secure networks within a company's security boundary, protecting sensitive information and departmental resources They employ modern standards and hardware devices to establish "trust" and support critical security services like user authentication, access control, and device verification To implement a trusted network, at least two switches with firewalls and an AAA server are required, with additional Policy Validation Servers (PVSs) enhancing security Devices on the network may need software updates and TPM chips for secure authentication Trusted networks help safeguard against cyber threats but require careful testing of patches and updates to ensure smooth operation
Trusted networks are great for keeping your data safe if your devices are often on-the-go, connecting to different hotspots and internet hubs The biggest advantage of this feature is that you don’t have to manually connect or disconnect from your VPN Instead, the VPN app performs this task automatically when internet traffic is detected, depending on the network rules you choose
Kim, D and Solomon, M (2023) Fundamentals of Information Systems Security, Burlington, MA, Jones & Bartlett Learning
Murshid, K I (n.d.) Threat agents that can cause the risk to the organization., LinkedIn, [online]
Available at: https://www.linkedin.com/pulse/threat-agents-can-cause-risk-organization-khondker- ishtiaq-murshid (Accessed 29 July 2023)
Heiligenstein, M X (2023) Recent data breaches – 2023, Firewall Times, [online] Available at: https://firewalltimes.com/recent-data-breaches/ (Accessed 29 July 2023)
Robinson, P (2022) Top 10 security measures every organization should have, Lepide Blog: A Guide to
IT Security, Compliance and IT Operations, [online] Available at: https://www.lepide.com/blog/top-
10-security-measures-every-organization-should-have/ (Accessed 1 August 2023)
Anon (n.d.) 5-step security risk assessment process, HackerOne, [online] Available at: https://www.hackerone.com/knowledge-center/5-step-security-assessment-process (Accessed 1 August 2023)
Pietroluongo, L (2022) What is a Firewall? understanding what they are and which type is right for you, Elegant Themes Blog, [online] Available at: https://www.elegantthemes.com/blog/wordpress/what-is-a-firewall-and-which-type-is-right-for- you?utm_source=Blog&utm_medium=Manual+WordPress+Targets&utm_campaign=Google+Searc h&retargeting=off&gclid=CjwKCAjw_aemBhBLEiwAT98FMpGhZIgZIaNgUoVJuGLAAJWjdOk MRTrhv6C_neG8IL5Cuunvpbk75BoCQUgQAvD_BwE#what-is-a-firewall (Accessed 2 August
Anon (2023) Firewall uses: 7 essential uses of firewall you need to know, EDUCBA, [online] Available at: https://www.educba.com/firewall-uses/ (Accessed 2 August 2023)
Anon (n.d.) What does a firewall do?, Fortinet, [online] Available at: https://www.fortinet.com/resources/cyberglossary/what-does-a-firewall- do#:~:text=Firewalls%20do%20this%20by%20filtering,network%20are%20susceptible%20to%20at tack (Accessed 2 August 2023b)
MyndGame (2021) Packet filter firewall and application level gateway, GeeksforGeeks,
GeeksforGeeks, [online] Available at: https://www.geeksforgeeks.org/types-of-firewall-and- possible-attacks/ (Accessed 3 August 2023)
Anon (n.d.) What is an intrusion detection system?, Palo Alto Networks, [online] Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids (Accessed