The description for Enhancing Cybersecurity Measures: A Study of ASM 1 Security Protocols could be: This study focuses on investigating and improving the cybersecurity measures implemented in ASM 1 (Assembly System Model 1) security protocols. ASM 1 protocols are foundational in ensuring the security and integrity of digital systems, particularly in the realm of information technology. By analyzing the existing ASM 1 security protocols, this research aims to identify vulnerabilities and develop strategies to enhance their effectiveness in safeguarding against cyber threats. The study will delve into various aspects such as encryption methods, access control mechanisms, and intrusion detection systems to propose robust solutions for strengthening ASM 1 security protocols. Through this investigation, the goal is to contribute to the advancement of cybersecurity practices and fortify the resilience of digital systems against evolving threats in todays interconnected world.
Malware Attacks
Malware is computer malware that is created by online attackers and typically consists of a program or code Organizations are at risk from some cyber security attacks that aim to severely harm systems or obtain unauthorized access to a computer.
Malware can infect a device in a variety of ways, including through email attachments that contain links or files that must be opened by the user in order for the malware to run.
This category of assault includes: computer viruses,Trojan horses, worms and spyware.
A malicious software program that secretly loads into a user's computer and carries out malicious deeds is known as a computer virus.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
They are usually brought on by humans However, since they are produced and dispersed, no one has direct control over how they diffuse A virus that has infected a computer attaches itself to another software so that when the host program runs, the virus's actions are also activated It has the ability to replicate itself, attaching to other files or programs and infect them in the process However, not all computer infections are harmful However, the majority of them carry out malicious acts, like erasing data. Some viruses wreak remain dormant until a specific event (as intended) is started, which triggers their code to run in the computer Some viruses cause havoc as soon as their code is executed, while others wait till that event is initiated When software or documents with viruses are moved from one computer to another over a network, a disk, file-sharing protocols, or through contaminated email attachments, viruses are disseminated Different stealth techniques are employed by some infections to evade detection by anti- virus software Some viruses, for instance, can infect files without making them larger, while others attempt to avoid detection by terminating the processes connected to antivirus software before they are discovered When they infect a host file, some vintage viruses make certain that the "last changed" date stays the same.
There are different ways that a virus can be spread or attack, such as:
Downloading free games, toolbars, media players and other software.
Visiting an infected and unsecured website
Clicking on an executable file
Using of infected removable storage devices, such USB drives
Opening spam email or clicking on URL link
Installing free software and apps
The term "trojan" or "trojan horse" refers to a computer virus It is a sort of computer program that conceals itself as common applications like utilities, games, and occasionally even antivirus software
Once it has been installed on the computer, it can damage file allocation systems, delete data from the hard disk, and kill background system operations
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Trojans are typically introduced through email attachments These emails have been altered to make them appear genuine As soon as the user opens the connected file and downloads it, the system is harmed A Trojan can also be included as part of online shareware and freeware downloads Even though not all freeware contains Trojans, only downloading software and freeware from reliable sources is advised Additionally, it is essential that you choose carefully while having the installation done Trojans can be used in a variety of ways, depending on the attacker's goals Identity theft, data theft, computer crashes, espionage, and user activity monitoring are a few examples Trojans are typically recognized by the majority of anti-virus programs and do not affect the computer unless they are executed Additionally, they are not self-replicating but can join a virus that spreads to other machines on the network One may maintain a computer safe and secure by installing reputable anti-virus software, updating computer virus definitions, being cautious when opening email attachments, even if they appear to be legitimate, and paying attention to system security popup notifications.
HOW DOES TROJANS HORSE ATTACK?
The victim gets an email with a file attachment that appears to be an authentic official email When the victim clicks on the attachment file, any malicious code contained in it could begin to run immediately.
In that situation, the victim is not aware of or suspects that the attachment is a Trojan horse.
A computer worm is a hostile, self-replicating software program (often referred to as "malware") that interferes with software and hardware program operations.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
In many aspects, it satisfies the definition of a computer virus It can, for instance, duplicate itself and propagate throughout networks For this reason, worms are frequently referred to as viruses as well Computer worms, however, vary from computer viruses in a few ways First, worms exist as distinct entities or freestanding software, in contrast to viruses, which must latch onto files (host files) before they can spread inside a computer They don't require host applications or files Second, unlike viruses, worms only live in active memory and replicate themselves rather than altering files Worms make use of automatic and frequently unnoticeable operating system components Only when their unchecked replication uses up system resources and slows down or stops other tasks does their presence in the system become obvious Worms employ one of two methods to spread: they either take advantage of the target system's vulnerability or deceive people into running them Once they are within a system, they use its file-transport or information-transport capabilities to move around on their own Recently, a computer virus known as the "Stuxnet worm" made headlines around the globe when it attacked Iran's nuclear facilities.
It can propagate automatically, take advantage of software security flaws, and attempt to get access in order to steal confidential data, corrupt files, and install a back door allowing remote access to the system.
The term "spyware" refers to a class of software that seeks to steal confidential or organizational data It is accomplished by carrying out a series of activities without the necessary user permissions, occasionally even discreetly Advertising, gathering personal data, and altering user configuration settings of the computer are all common activities of spyware.
Adware, tracking cookies, system monitors, and Trojans are the most common categories for spyware Freeware and shareware bundles with hidden components are the most popular ways for spyware to enter a computer A spyware program that has been installed successfully begins sending data from that machine in the background to a different location.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Spyware is frequently used today to serve pop-up ads depending on user behavior and search history However, spyware that is employed maliciously is hard to distinguish since it is buried in the computer's system files.
Keyloggers are one of the easiest and most common but harmful It is used to capture keystrokes that might be fatal because it can capture passwords, credit card numbers, and other sensitive data It is also purposefully installed on some business computers and shared networks to monitor user activity.
When spyware is present on a computer, it can change user settings, permissions, and administrative rights This can lock users out of their own computers and, in rare situations, result in complete data loss Spyware is designed to monitor a computer Background-running spyware can also lead to an increase in processes and more frequent crashes A computer is frequently slowed down as well.
The best method to stay safe is to use reliable antivirus and antispyware programs More importantly, exercise caution when installing freeware programs by properly eliminating the pre-checked settings.
It may automatically set up shop on your computer, be a secret component of software packages, or be installed as regular malware like misleading advertisements, emails, and instant messaging.
social engineering
The term "social engineering" is used to describe a wide range of malevolent behaviors carried out through interactions with other people Users are duped into divulging critical information or committing security blunders via psychological manipulation.
Attacks by social engineers may involve one or more steps To prepare for an assault, a perpetrator first looks into the target in order to learn background details like probable points of entry and lax security measures The attacker next makes an effort to win over the victim's trust and offer incentives for later security-breaking activities, such disclosing confidential information or allowing access to vital resources.
Attacks using social engineering can be carried out anywhere there is a chance of human interaction The five most typical types of digital social engineering attacks are listed below.
Phishing is a type of network assault where the attacker poses as a trustworthy organization in order to deceive users into providing them with personal information.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
In order to deceive customers into disclosing sensitive information including login credentials, transaction passwords, credit card numbers, and other important details, hackers frequently pose as banks, online transaction websites, e-wallets, and credit card firms.
Hackers typically use email and text messaging for this attack technique Users will be prompted to check in if they open an email and click on a fraudulent link If "hooked," the hacker will obtain the data right away.
In 1987, phishing first came to light The term "phishing" is a mix of the phrases "fishing for information" and "phreaking," which refers to a free phone-using fraud The term "phishing" was created as a result of the similarities between "fishing" and "fishing for user information."
In a phishing email assault, an attacker sends phishing emails to the victim's email address that appear to have come from their bank and requests personal data from them.
The message includes a link that takes you to another vulnerable website in order to steal your personal data.
Therefore, it is best to avoid clicking on or opening such emails and to refrain from giving out important information.
As the term suggests, baiting attacks use a fictitious promise to spark a victim's curiosity or sense of avarice In order to steal their personal information or infect their systems with malware, they trick users into falling for a trap.
The most despised type of baiting spreads malware using tangible media Infected flash drives are frequently used as bait by attackers, who place them in plain sight where potential victims are sure to see them (e.g., bathrooms, elevators, the parking lot of a targeted company) The lure has a legitimate appearance, including a label that presents it as the business's payroll list.
Out of curiosity, the victims pick up the bait and place it into their home or office computer, which causes the system to automatically download malware.
Baiting con games don't always have to be played out in the real world Online baiting takes the form of attractive advertisements that direct visitors to harmful websites or prod them to download malware-laden software.
Scareware bombards victims with bogus threats and misleading alarms Users are tricked into believing their computer is infected with malware, which leads them to install software that either serves only to
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn) profit the perpetrator or is malware in and of itself Other names for scareware include fraudware, deception software, and rogue scanner software.
The legitimate-appearing popup ads that show in your browser as you browse the internet and contain language such as "Your computer may be infected with harmful spyware applications" are a frequent type of scareware Either it offers to install the malicious tool for you or it directs you to a malicious website where your machine is infected.
Additionally, spam emails that issue false warnings or urge recipients to purchase useless or hazardous services are another way that scareware is disseminated.
Here, an attacker gathers data by telling a string of deftly constructed lies The con is frequently started by a perpetrator who poses as someone who needs the victim's private information to complete a crucial task.
The assailant typically begins by gaining the victim's trust by posing as a coworker, police officer, bank or tax official, or any person with the authority to know something Through queries that are allegedly necessary to verify the victim's identification, the pretexter collects crucial personal information.
This fraud is used to obtain all kinds of important data and records, including social security numbers, individual addresses and phone numbers, phone records, dates of staff vacation, bank records, and even security data pertaining to a physical plant.
In this more focused variation of the phishing scam, the attacker picks certain people or companies to target Then, in order to make their attack less obvious, they modify their communications based on the traits, positions held, and contacts of their victims Spear phishing is far more difficult to pull off and might take weeks or even months to complete If done expertly, they're significantly more difficult to detect and have higher success rates.
network attack
A network attack is an effort to enter a company's network without authorization with the intent of stealing information or carrying out other destructive behavior Network attacks generally fall into two categories:
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Passive: Attackers who obtain access to a network and are able to monitor or steal sensitive data do so passively, leaving the data unaltered.
Active: Attackers actively alter data, either by deleting, encrypting, or otherwise causing it harm, in addition to gaining illegal access to it.
We differentiate between several other forms of assaults and network attacks.
Endpoint attacks: unauthorized access to user devices, servers, or other endpoints, usually by malware infection.
Malware attacks: introducing malware into IT resources, which enables attackers to take control of systems, steal data, and cause harm Attacks using ransomware are also among them.
Vulnerabilities, exploits and attacks: using software flaws in the organization's software to compromise, sabotage, or obtain illegal access to systems
Advanced persistent threats: These are sophisticated, multi-layered threats that encompass both network and other assault types.
Attackers' main goal in a network attack is to breach the corporate network perimeter and obtain access to internal systems Once inside, attackers frequently mix different attack tactics, such as corrupting an endpoint, dispersing malware, or taking advantage of a flaw in a network system.
Hackers utilize the application layer attack method known as SQL injection to target web-based programs and steal data from corporations.
By taking advantage of poor coding practices or insufficient database credentials granted to the application user who accesses this database, hackers can attack a web application's underlying data storage using SQL injection If user input fields are not properly checked at the application level, SQL statements can pass through and directly query the database, leading to SQL injection This gives attackers the ability to alter or even delete existing data, spoof identities, change administrative rights, and in some cases, void transactions and change balances Consider a standard login page where users can input their usernames and passwords to view or edit their personal information, for illustration Following the user's submission of the information, a SQL query is created using that information and submitted to the database for validation If the user is deemed legitimate, access is granted The attacker can now bypass the login form and view what is behind it by inserting certain specially designed SQL queries through SQL injection This is made feasible by inputs that are improperly sanitized (i.e., rendered invulnerable) and are sent along with the SQL query to the database, which allows the attacker to access the database Because of the prevalence of outdated functional interfaces, SQL injection attacks frequently target PHP and ASP applications However, stronger programmatic interfaces make J2EE and ASP.NET applications less vulnerable to SQL injection attacks The skills, creativity, and intent of the attacker have a greater impact
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn) on the severity of SQL injection This system vulnerability has a high impact severity and has to be fixed right away.
1.3.2 Distributed Denial of Service (DDoS) attacks
Attackers create enormous fleets of hacked devices known as botnets and use them to send erroneous traffic to your servers or network DDoS can happen at the application level, for example by running intricate SQL queries that knock down a database, or at the network level, for example by sending massive amounts of SYN/ACC packets that can overwhelm a server.
Malicious insiders who already have privileged access to organizational systems can take advantage of a network's vulnerability Given that insiders might cause harm without breaking into the network, insider threats can be challenging to identify and defend against In order to detect insider assaults, new technologies like User and Even Behavioral Analytics (UEBA) can assist in identifying suspicious or out- of-the-ordinary behavior by internal users.
Application attack
An application attack involves online criminals entering restricted locations Attackers frequently look at the application layer first, looking for application vulnerabilities included inside the code Attacks target a variety of applications that represent different programming languages, including.NET, Ruby, Java, Node.js, Python, and many more, even if some programming languages are more frequently targeted than others Both custom programs and open-source frameworks and libraries have security flaws.
Session IDs are tampered with during a session hijacking attack A user's online activity is tracked using this special ID, which makes subsequent logins quicker and more effective Attackers may be able to capture and manipulate the session ID, starting a session hijacking attack, depending on the strength of the session ID If successful, attackers will have access to all data transmitted by the server during that session, obtaining user credentials to access private accounts.
SQL injection attacks affected 65% of the programs with vulnerabilities Applications and network communications employ SQL statements to enable access through authentication and permission Bad actors can trick apps into executing corrupted commands that let them eventually acquire access to normally restricted locations when they obtain SQL statements and tamper with them Cybercriminals can take advantage of the complete software environment, dodge security checks and protocols, and go unnoticed until it's too late by having access to core code and manipulating communications between other online applications.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
1.4.3 Cross-site Scripting (XSS) Attack
One of the most frequent application assaults in use today is a cross-site scripting (XSS) attack, which is listed in the OWASP Top 10 Attackers carry out this kind of assault by looking for a weakness that gives them access to the core code, and they frequently do this by making a tainted link and distributing it via email or text message If this application vulnerability is used by cybercriminals, they can control HTTP requests by injecting malicious code on the client side Cybercriminals that have complete control over HTTP executions can access virtually any personally identifiable information (PII), including banking information, Social Security numbers, and even very sensitive government data.
internal attack
When someone or a group inside of an organization tries to sabotage operations or take advantage of organizational resources, it is called an internal attack In many instances, the attacker makes extensive use of resources, tools, and expertise to conduct a complex computer attack and possibly even eradicate any traces of that attack.
Technical users who could profit from sabotaging business operations, such as highly competent and dissatisfied personnel (such as system administrators and programmers), may decide to launch an internal attack against a firm using its computer systems.
Employees have the privilege of accessing a wide range of physical equipment inside of a company, with only trust to prevent them from damaging or stealing it This means that hardware like hard drives, containing lots of important data, can be physically stolen from the company; otherwise, the data on it can be transferred to a USB flash drive and then revealed and duplicated online.
Employees may be able to access portions of these computers they shouldn't because they already have access to a company's system This might happen if a colleague leaves themself signed in or if a room's door is left open and gives access to a server.
Additionally, they might occasionally possess administrative credentials or maliciously acquire them, enabling them to carry out additional administrative tasks including altering other users' access rights or turning off network security mechanisms.
1.5.3 Weak cybersecurity measures and unsafe practices
A corporation increases the likelihood that a vulnerability will be exploited by not having enough physical and digital security, especially in light of the problems raised previously, such as theft.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
For instance, if the network server(s) for a business are left in an unlocked room, anyone can enter and cause harm to or steal from the contents Whether it's a disgruntled employee or a customer who walks into the store without having been thoroughly screened by security.
Furthermore, a regular employee may unknowingly download a virus that might impact the entire network by doing something as simple as accessing a dubious website, exploiting these security flaws.
1.5.4 Accidental loss or disclosure of data
As previously mentioned, the same security flaws that allow malevolent behavior may also allow for simple accidents to happen and inflict significant damage.
A person might transport their laptop, for instance, to and from work When doing so, they might leave it on the train ride home one day, which would give whoever finds the laptop access to all the data it contains and could potentially reveal sensitive information.
Another illustration of this may be if a worker mistakenly deletes information from a folder or spills something on a device.
Some of these mishaps can be the result of inadequate time being spent adequately training and supervising workers Many dangers can be avoided by training employees on how to keep their devices safe and the proper use of the company's IT systems.
P2 Describe at least 3 organisational security procedures
An AUP specifies the rules and procedures that a user of organizational IT resources must accept before being granted access to the company network or the internet For new hires, it is standard procedure during onboarding Before receiving a network ID, they are given an AUP to read and sign The IT, security, legal, and HR departments of an organization should discuss what is covered by this policy SANS has an example that is permissible for fair use.
The ACP describes the access that employees have to the data and information systems of a business Standards for access control, including the Access Control and Implementation Guides published by NIST, are some of the subjects that are often covered in the policy This policy also covers the complexity of corporate passwords, network access restrictions, operating system software controls, and standards for user access The procedures for monitoring how corporate systems are accessed and used, how unattended
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn) workstations should be secured, and how access is terminated when an employee departs the company are other supplementary items that are frequently described IAPP has a fantastic illustration of this policy.
Change Management
A structured procedure for making changes to IT, software development, and security services/operations is referred to as a change management policy A change management program aims to raise organizational knowledge and understanding of proposed changes while ensuring that all changes are implemented methodically to reduce any negative effects on products and clients SANS provides a solid illustration of an IT change management policy that is open for fair use.
Information Security
Information security policies for an organization are typically high-level policies that can cover many different security procedures The corporation issues the primary information security policy to make sure that all employees who use information technology resources throughout the organization's networks adhere to the rules and policies that are outlined in it I've observed businesses request that staff members sign this form to confirm that they have read it (which is generally done with the signing of the AUP policy) With regard to the sensitivity of business information and IT assets, this policy is intended to make employees aware of the expectations they must meet An outstanding example of a cybersecurity policy that is accessible for download is one from the State of Illinois.
Incident Response (IR)
The incident response policy is a systematic way for the business to handle incidents and lessen their negative effects on operations CISOs wish they never had to apply this particular policy The aim of this policy, however, is to outline the procedure for handling an event with a view to minimizing harm to business operations, clients, and minimizing recovery time and costs A high-level IR plan is offered by Carnegie Mellon University as an example, and a plan dedicated to data breaches is provided by SANS.
Remote Access
The permissible means of remotely accessing to an organization's internal networks are outlined and defined in the remote access policy Additionally, I've seen addenda to this policy that contain guidelines for using BYOD assets Organizations that have scattered networks that can reach out into unsafe network spaces, such the neighborhood coffee shop or unmanaged home networks, are required to establish this policy SANS has a sample remote access policy accessible.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Email/Communication
A company's email policy is a written document that specifies how employees can use the electronic communication channel of the company's choice This policy appears to cover chat, social media, blogs, and email This policy's main objective is to give staff instructions on what constitutes appropriate and improper use of any business communication technology SANS offers an example of an email policy.
Standard procedures of securing information systems:
This is the initial stage of the information system security procedure You are all too accustomed to reading newspapers, making purchases, and conducting business online these days The security of data and information is a possible concern for any online activity on the network The encryption of sensitive data is one solution to this Although encoding sounds difficult, we are not yet very interested in it In fact, you can achieve this by using encryption software The software that SecurityBox would like to use is TrueCrypt The data on the PC and external hard disk will be effectively protected If your data is correctly encrypted, no one will be able to access it if you do not know your password.
If hackers know your password and can simply steal it, the data encryption in step one of the information system security process will be useless in step two Make your password strong by making it long and by including letters, numbers, and special characters Here are some resources to aid you in creating a strong password that even a significant attack will likely struggle to guess Tools for creating secure passwords include:
Random Password Generator for PC Tools.
Password Generator with Ultra High Security by GRC
When transmitting over an insecure wireless network, such as a Wi-Fi network at a cafe or a school network, you can still lose your password even if you have a strong password set up and your data is encrypted In step 3 of the information system security process, you employ 2-step verification, also known as 2-factor authentication, to be able to self-secure data This indicates that you must additional information in addition to your password in order to access the website or service.
The large The moniker "2-step verification" is a service supplied by Google In accordance with
SecurityBox study, even if someone were to learn your Google account password, they would not be able to access your account since they would not be able to decipher the 6-digit code that is created at random.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Your method of communication with the outside world is another part of information security Which protocol on the network are you currently using? How frequently do you use networks with low security? When configuring your wifi network, turning off SSID Broadcast, turning on MAC Address Filtering, and turning on AP Isolation can significantly boost security On your network and computer, make sure to enable firewalls as well to stop programs from sending unwanted communications.
Step 5 Use anti-virus software
Will the security measures mentioned above be? If, as determined in step 5 of the system security procedure, this data contains viruses or other harmful software that has unauthorized access to your system, it may enable hackers to remotely manipulate your device or just steal data from it Anti-virus software is the solution to this issue Use antivirus programs such as Avira, Avast!, or AVG.
You may instantly connect to a large number of Wi-Fi routers by simply pressing a button Both you and anyone else who wants to break in and use your router will find this to be incredibly convenient.
2 Change the name of the Wi-Fi Router:
While technically speaking, this doesn't increase the security of your network, it can certainly make things a lot better You won't need to keep track of the confusing Linksys-u8i9o or the name NETGEAR58843 when connecting to Wi-Fi or assisting a guest You can use a name that is more appealing and simpler to remember, like WiFi_1.
3 Change the Wi-Fi Router's login name:
The username and password on brand-new Wi-Fi routers are always pre-configured You can even discover these login details online; depending on the model, some manufacturers will use the username
"admin" or leave it blank, as well as the password As a result, the default configuration is entirely unsafe You should keep in mind to keep the new username and password you created for the device private in order to safeguard your Wi-Fi router Using the password-checking tool from Kaspersky Lab, you can also pick a secure password for yourself.
4 Make sure your Router login page is not accessible from the internet
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
New router models available today offer a capability that enables remote setup and installation over the Internet Naturally, they will be very helpful in some circumstances However, they are not very secure in terms of security; if you do not require them, disable this function Manufacturers will give this feature different names, but you can find them in the settings under a name like "Remote Management" and disable them.
5 Secure with a reliable encryption Protocol (Protocol) and use a strong password.
This environment is crucial To safeguard the router settings, we modify the Wi-Fi credentials in step 3 You will now select a network password Alternatively, the Wi-Fi password we use to login using a computer, laptop, Mac, smartphone, or tablet You obviously don't want your Wi-Fi to be used by neighbors or random people We advise you to encrypt your passwords using the WPA2 - Personal protocol Additionally, you can use a random phrase to make a password that is harder to crack and easier to remember than a complex one.
By using a regular and systematic monitoring approach, an issue might be discovered before it becomes worse Start by reviewing the health of your server and looking for any concerns with its CPU, RAM, disk utilization, running processes, and other metrics, as these are frequently helpful in identifying server security risks.
Network service logs, site access logs, and database logs (Microsoft SQL Server, MySQL, Oracle) should ideally all be kept and checked periodically Then look into the origin of any odd log entries you come across.
Insider Attacks
An external network assault is one that a perimeter firewall is designed to thwart What occurs then if the attack originates from within? Since the attacker is already on your system, the perimeter firewall usually becomes useless.
Firewalls can still be helpful, even if an attack comes from within your network, IF you also have internal firewalls in addition to perimeter firewalls Internal firewalls aid in segmenting specific network assets so
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn) that attackers must exert more effort to transfer from one system to another By doing this, you give yourself additional time to react to the attack while also extending the attacker's breakout time.
Missed Security Patches
When network firewall software isn't correctly handled, this problem occurs Attackers can take advantage of flaws in any software program; firewall programs are no different from other software in this regard When firewall providers find these flaws, they often work to quickly develop a patch to address the issue.
The firewall application at your firm won't automatically receive the patch just because it exists The vulnerability is still present and ready for exploitation by an arbitrary attacker up until the point at which that firewall software fix is actually applied.
The best solution to this issue is to establish and adhere to a rigid patch management schedule According to such a plan, you (or the person in charge of your cybersecurity) should regularly check for firewall software security updates and make sure to immediately install any that are available.
Configuration Mistakes
Even if a firewall is installed on your network and has all the most recent vulnerability fixes installed, conflicts in the firewall's configuration settings might still arise and lead to issues In certain circumstances, this can result in a decrease in network speed for your business, while in others, a firewall may completely stop offering security.
For instance, enabling dynamic routing was once thought to be a negative choice because it leads to a loss of control and lowers security However, some businesses leave it on, leaving a gap in their firewall defense.
The key to the main gate is hidden in a hide-a-key directly close to the entry if your firewall is badly configured; this only makes things easier for attackers while wasting time, money, and effort on your
A Lack of Deep Packet Inspection
In order to approve or refuse a packet's travel to or from a system, next-generation firewalls use the stringent Layer 7 (also known as "deep packet") inspection inspection mode.
An attacker might easily spoof this information to get around a less sophisticated firewall that only checks the data packet's place of origin and destination before allowing or rejecting a request.
Using a firewall that can do deep packet inspection to scan information packets for known malware can be the best solution for this issue.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Attacks using distributed denial of service (DDoS) are common and are known for being very efficient and relatively inexpensive to carry out The primary objective is to deplete a defender's resources and bring about a shutdown or extended inability to provide services Protocol attacks are a type of attack that aim to exhaust the resources of load balancers and firewalls in order to prevent them from processing legal traffic.
Firewalls can reduce some DDoS attacks, however protocol attacks can still cause them to get overwhelmed.
There is no quick answer for DDoS attacks because there are several attack tactics that can take advantage of various network architectural flaws in your firm Some cybersecurity service providers provide
"scrubbing" services, in which they redirect incoming traffic away from your network and separate the DDoS activity from the traffic that is actually trying to get access to your system Then, your network receives this lawful traffic so you may carry on with your regular business.
Firewalls by themselves are unable to shield your network from all attacks However, they might be a crucial component of a more comprehensive cybersecurity plan to protect your company.
Based on the network address connected with the IP packet that is sent into the network, intrusion detection software offers data If the network address in the IP packet is correct, this is advantageous On the other hand, the IP packet's address could be altered or scrambled The IT specialist is left chasing ghosts in either of these situations and helpless to prevent the network invasions.
The intrusion detection program does not process packets that have been encrypted As a result, until more serious network breaches have taken place, the encrypted packet may enable for a network intrusion that goes undetected Once planted into the network, encrypted packets can also be configured to activate at a particular time or date in the future If the intrusion detection program could process encrypted packets, this could prevent the introduction of a virus or other software flaw.
The analytical module's capacity to evaluate the source data gathered during intrusion detection is somewhat constrained This restriction has the effect of only buffering a fraction of the source data Although an IT expert monitoring the system will be informed that strange activity has been seen, they
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn) won't be able to determine where the behavior came from The only appropriate response to this information is to attempt to block the unauthorized network access The IT specialist may adopt a defensive strategy to stop such invasions before they happen if additional information could be collected.
Systems for detecting intrusions can identify behavior that deviates from typical network usage While it is advantageous to be able to recognize unusual network activity, the intrusion detection software has the potential to generate a lot of false alarms On networks with a wide user base, the frequency of these false alerts increases IT professionals need intensive training to be able to distinguish between false alarms and real ones in order to avoid following after these false alarms Another drawback of intrusion detection software that businesses must deal with is the cost of completing this training.
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security
A DMZ (demilitarized zone) in computer networks is a physical or logical subnet that divides an internal local area network (LAN) from other untrusted networks, typically the public internet It is also frequently referred to as a perimeter network or a screened subnetwork The DMZ is where servers, resources, and services with an external focus are housed As a result, they are reachable via the internet, but the remainder of the internal LAN is still inaccessible By preventing a hacker from immediately accessing internal servers and data through the internet, this adds an extra layer of security to the LAN.
Any service offered to internet users should be situated in the DMZ network Web servers, proxy servers, email, domain name system (DNS), File Transfer Protocol (FTP), and voice over IP servers are a few of the most popular of these services (VoIP).
The purpose of DMZs is to act as a form of buffer zone between the private network and the public internet All incoming network packets are checked by a firewall or other security appliance before they reach the servers the company hosts in the DMZ when the DMZ is set up between two firewalls.
A more skilled threat actor would need to get illegal access to those services after getting past the initial firewall before they could cause any harm, and those systems would probably be fortified against such attacks.
Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)
Finally, even if a threat actor with sufficient resources manages to get past the external firewall and take control of a system located in the DMZ, they still need to get past the internal firewall in order to access sensitive company resources Even the best-secured DMZ architecture can be breached by a determined attacker, but alarms should go out when a DMZ is being attacked, allowing security experts ample time to prevent a complete compromise of their enterprise.
How can DMZ improve network security?
The key advantage of a DMZ is to give an internal network a high level of security by limiting access to servers and sensitive data A DMZ creates a barrier between website visitors and the company's private network so they can access some services As a result, the DMZ also provides other security advantages like:
1 Enabling access control: Organizations can give consumers access to services outside the boundaries of their network by using the open internet While providing network segmentation to make it more difficult for an unauthorized user to access the private network, the DMZ allows access to these services A proxy server, which centralizes internal traffic flow and makes it easier to monitor and record that traffic, may also be present in a DMZ.
2 Preventing network reconnaissance: A DMZ inhibits attackers from conducting the reconnaissance work they do in search of possible targets by acting as a barrier between the internet and a private