Đang tải... (xem toàn văn)
This exercise earns Merit points in cyber security. This exercise covers how to use the network safely, how to write academic papers, security risks, perceptions of cyber attacks, and stakeholders in cyber security solutions.
ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 5: Security Submission date 05/08/2023 Date Received 1st submission 05/08/2023 Re-submission Date 17/08/2023 Date Received 2nd submission 17/08/2023 Student Name Tran Duc Long Student ID GCH210562 Class GCH1106 Assessor name Ha Trong Thang Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D1 Page of 95 Summative Feedback: Resubmission Feedback: 2.1 2.3 Grade: Lecturer Signature: Assessor Signature: 2.4 Page of 95 Date: 2.2 Table of contents Introduction Task - Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences (P1) Define threats Identify threats agents to organizations 2.1 User Domain 10 2.2 Wan Domain 11 2.3 Work Station Domain 12 2.4 Lan Domain 13 2.5 Lan to Wan Domain 13 2.6 Remote Access Domain 14 2.7 System/Application Domain 15 List type of threats that organizations will face 15 3.1 Viruses 15 3.2 Worms 16 3.3 Trojans 16 3.4 Concealment 17 3.5 Collect data 18 What are the recent security breachs? List and give examples with dates 20 4.1 Microsoft were hacked by Lapsus$ extortion group on March, 2022 20 4.2 Block Confirms Cash App Data Breach on April 2022 20 4.3 Former Amazon Employee Convicted for Capital One Breach on June, 2022 21 Discuss the consequences of this breach 21 5.2 Block Confirms Cash App Data Breach on April 2022 22 5.3 Former Amazon Employee Convicted for Capital One Breach on June, 2022 22 Suggest solutions to organizations 23 6.1 Microsoft were hacked by Lapsus$ extortion group on March, 2022 23 Page of 95 6.2 Block Confirms Cash App Data Breach on April 2022 24 6.3 Former Amazon Employee Convicted for Capital One Breach on June, 2022 26 Task - Describe at least organisational security procedures (P2) 28 Change Control Procedures 28 Incident handling Procedures 29 Anti-virus procedures 31 Task 2.1 - Propose a method to assess and treat IT security risks (M1) 33 Discuss methods required to assess security threats? E.g., Monitoring tools 33 1.1 Vendor-provided tools 33 1.2 Breach and attack simulation tool (BAS) 36 1.3 Vulnerability Assessment scanning tools 37 What is the current weakness or threats of an organization? 39 2.1 Leadership Shapes the Cyber Security Culture 40 2.2 Cyber Security Challenges 40 2.3 Cybercriminal Targets 40 2.4 Popular Cyberattacks 41 What tools will you propose to treat IT security risks? 41 3.1 What Is the OCTAVE Threat Model? 42 3.2 Benefits of the OCTAVE Threat Model 42 3.3 How to Implement the OCTAVE Threat Model 43 3.4 The Three Phases of Implementation 43 3.5 Common Techniques to Utilize 44 3.6 Best Practices to Follow 45 Task - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 45 Discuss briefly firewalls and policies, their usage and advantages in a network 45 1.1 Firewalls 45 1.2 Firewall Policies 46 Page of 95 1.3 Firewall benefit 47 How does a firewall provide security to a network? 48 Show with diagrams the example of how firewall works 49 Define IDS, its usage, and show it with diagrams examples 50 4.1 Define Intrusion Detection System (IDS) 50 4.2 IDS filter rules and advantages IDS 50 4.3 Show with diagrams the example of how IDS works 51 Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network 52 5.1 Comparison of IDS with Firewalls 52 5.2 Impact of incorrect configuration of Firewalls 53 5.3 Impact of incorrect configuration of IDS 53 5.4 Conclusion 54 Task - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) 55 Define and discuss with the aid of diagram DMZ Focus on its usage and security function as advantage 55 1.1 Define 55 1.2 How does a DMZ Network work 56 1.3 Diagram of DMZ and explain 56 1.4 Benefit of DMZ 58 1.5 The Importance of DMZ Networks: How Are They Used? 58 1.6 How DMZ can improve network security 59 Define and discuss with the aid of diagram static IP Focus on its usage and security function as advantage 60 2.1 Define 60 2.2 How static IP address work? 60 2.3 Diagram of static IP and explain 61 2.4 Benefit of static IP address 62 Page of 95 2.5 Security 63 2.6 How static IP can improve network security? 63 Define and discuss with the aid of diagram NAT Focus on its usage and security function as advantage 64 3.1 Define 64 3.2 How does Network Address Translation work? 65 3.3 Diagram of NAT and explain 65 3.4 Network Address Traslation (NAT) types 66 3.5 Benefit of NAT 67 3.6 Security 68 Task 4.1 - Discuss three benefits to implement network monitoring systems with supporting reasons (M2) 69 List some of the networking monitoring devices and discuss each of them 69 1.1 What is networking monitoring? 69 1.2 Some of the networking monitoring devices 70 Why you need to monitor networks? 78 2.1 Have visibility and command 78 2.2 Improve network dependability 78 2.3 Increasing profitability 79 2.4 Increase performance through understanding capacity 79 2.5 Maintain corporate compliance 79 What are the benefits of monitoring a network? 79 3.1 Network Visibility 79 3.3 Preventing Downtime 80 3.4 Finding and Fixing Problems Quickly 80 3.5 Uncovering Security Threats 80 3.6 Monitoring Bandwidth Utilization 81 3.7 Capacity Planning 81 Page of 95 3.8 Deploying New Technologies 81 3.9 Freeing Up IT Teams 81 3.10 Producing Return on Investment 82 3.11 Choosing the Right Network Monitoring Solution 82 Task 4.1.1 - Investigate how a ‘trusted network’ may be part of an IT security solution (D1) 82 Discuss and explain what are trusted network 82 Give brief details with an example on its uses 84 How can it be a solution in IT security? 87 Conclusion 89 References 89 Page of 95 Table of figures Figure 1: Threats Figure 2: Seven Domain 10 Figure 3: Windows file types that can be infected 16 Figure 4: Difference between viruses, worms and Trojans 17 Figure 5: Computer infected with rootkit 18 Figure 6: Technologies used by spyware 19 Figure 7: Ransomware message 20 Figure 8: Change control procedures 28 Figure 9: Vender-provided tools 33 Figure 10:Breach and attack simulation tool (BAS) 36 Figure 11: Vulnerability assessment 37 Figure 12: Security scanning process 38 Figure 13: Octave 42 Figure 14: The OCTAVE method 43 Figure 15: Firewall location 46 Figure 16: Border Firewall 49 Figure 17:Screened subnet 50 Figure 18: IDS as a firewall complement 52 Figure 19: Basic NIDS as a firewall complemnt 52 Figure 20: IDS and Firewalls 53 Figure 21: DMZ 55 Figure 22: DMZ with one firewall 57 Figure 23: DMZ with two firewalls 57 Figure 24: Static IP diagram 61 Figure 25: Private IP address 65 Figure 26: Network address translation 66 Figure 27: Network monitoring Systems 69 Figure 28: Auvik 71 Figure 29 LogicMonitor 74 Figure 30 Nagios 76 Figure 31: Trusted network 83 Figure 32: Trusted process Control Network 85 Page of 95 Introduction Security is an essential field that focuses on safeguarding valuables, data, and assets from a variety of potential risks This encompasses both digital security, which deals with the challenges of defending digital systems and information from cyber-attacks, and physical security measures designed to protect important resources The procedures put in place by organizations to ensure security play a crucial role in establishing a strong defense against potential dangers Furthermore, having a grasp of the different types of threats that organizations might face is vital for actively reducing risks This essay will explore a specific facet of security that involves configuring firewall rules and Intrusion Detection Systems (IDS) Mishandling the configuration of these crucial elements can result in vulnerabilities, potentially putting IT security in jeopardy Strengthening network security can be achieved by implementing a Demilitarized Zone (DMZ), using static IP addresses, and employing Network Address Translation (NAT), all of which offer significant advantages A DMZ creates a semi-isolated network for hosting public services, which helps restrict direct access to the secure internal network Static IP addresses provide stability and simplify access to hosted services, while NAT conceals the internal device IP addresses from the public Internet, thereby enhancing overall security By thoroughly addressing these factors, organizations can establish a resilient security stance, effectively safeguarding against the ever-changing landscape of threats and ensuring uninterrupted operations Task - Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences (P1) Define threats The present-day security of data and information stored on computers and digital devices faces an unprecedented array of attack types, with the frequency of threats and assaults steadily increasing each day The sections within this segment delineate these various threats Page of 95 Subsequent chapters will delve into network security principles and tools essential for thwarting or safeguarding against such attacks (Ciampa, 2015) Figure 1: Threats Software attacks encompass viruses, worms, Trojan horses, and other forms of malware Although often confused as interchangeable terms by consumers, it is crucial to recognize that they are distinct entities The only shared trait among them is their malicious nature, as they each operate in unique ways Malware refers to software that infiltrates a computer system without the user's awareness or approval, carrying out undesired and typically detrimental activities In essence, malware utilizes a threat vector to introduce a malevolent "payload," which executes harmful functions upon activation Nevertheless, in common usage, malware serves as a broad term encompassing various destructive software programs (Ciampa, 2015) Identify threats agents to organizations Threat actors encompass individuals or entities that present a risk to an organization It's essential to identify these actors before proposing the appropriate countermeasures The effectiveness of the strategies to counter them largely relies on their accurate identification (Ciampa, 2015) Below are several examples of threat actors that can jeopardize organizations: • Hackers: Hackers refer to individuals or collectives aiming to achieve unauthorized entry into an organization's computer system or network by exploiting security weaknesses These hackers can engage in various activities, such as data theft, causing damage to computer systems or networks, or disrupting business activities • Cyber criminals: Cybercriminals are individuals or groups with the intent to perpetrate unlawful actions through computers or computer networks Their activities encompass a wide range, including financial theft, fraudulent schemes, and the dissemination of malicious software Page of 95