Asm1 1623 unit 5 security

The description for Enhancing Cybersecurity Measures: A Study of ASM 1 Security Protocols could be: This study focuses on investigating and improving the cybersecurity measures implemented in ASM 1 (Assembly System Model 1) security protocols. ASM 1 protocols are foundational in ensuring the security and integrity of digital systems, particularly in the realm of information technology. By analyzing the existing ASM 1 security protocols, this research aims to identify vulnerabilities and develop strategies to enhance their effectiveness in safeguarding against cyber threats. The study will delve into various aspects such as encryption methods, access control mechanisms, and intrusion detection systems to propose robust solutions for strengthening ASM 1 security protocols. Through this investigation, the goal is to contribute to the advancement of cybersecurity practices and fortify the resilience of digital systems against evolving threats in todays interconnected world.

Trang 1

ASM1-1623 - Unit 5: Security Unit 5: Security (Trường Đại học FPT)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

ASM1-1623 - Unit 5: Security Unit 5: Security (Trường Đại học FPT)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Ton That Quan (FPI DN) (quanttbd00333@fpt.edu.vn)

Trang 2

ASSIGNMENT 1 FRONT SHEET QualificationBTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice.

Grading grid

Trang 3

❒ Summative Feedback: ❒ Resubmission Feedback:

Lecturer Signature:

Trang 4

Table of Contents

Table Of Figures 4

P1 Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences 5

P2 Describe at least 3 organisational security procedures 15

1.Acceptable Use (AUP) 15

2.Access Control (ACP) 15

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security 27

Trang 6

Figure 1 Computer virus 6

Figure 2 Trojans Horse 7

Figure 3 Computer Worm 8

Figure 4 Firewall 21

Figure 5 Firewall Diagram 22

Figure 6 IDS 24

Figure 7 DMZ Diagram 28

Figure 8 Static IP 30

Figure 9 NAT diagram 31

Trang 7

P1 Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences.

1.IT threats

A threat is an occurrence that has the potential to take advantage of a vulnerability (an attack just waiting to happen) and harm the network Those in the digital sphere frequently resemble threats in the real sphere Threats including theft, vandalism, and eavesdropping have all spread from the physical world into cyberspace, usually through the Internet However, there are some notable distinctions in terms of the range of these attacks' applicability, the degree of automation required, and the spread (or propagation) of attack methods.

1.1 Malware Attacks

Malware is computer malware that is created by online attackers and typically consists of a program or code Organizations are at risk from some cyber security attacks that aim to severely harm systems or obtain unauthorized access to a computer.

HOW DOES MALWARE ATTACK?

 Malware can infect a device in a variety of ways, including through email attachments that contain links or files that must be opened by the user in order for the malware to run.

 This category of assault includes: computer viruses,Trojan horses, worms and spyware.

1.1.1 Computer viruses

A malicious software program that secretly loads into a user's computer and carries out malicious deeds is known as a computer virus.

Figure 1 Computer virus

Trang 8

They are usually brought on by humans However, since they are produced and dispersed, no one has direct control over how they diffuse A virus that has infected a computer attaches itself to another software so that when the host program runs, the virus's actions are also activated It has the ability to replicate itself, attaching to other files or programs and infect them in the process However, not all

computer infections are harmful However, the majority of them carry out malicious acts, like erasing data Some viruses wreak remain dormant until a specific event (as intended) is started, which triggers their code to run in the computer Some viruses cause havoc as soon as their code is executed, while others wait till that event is initiated When software or documents with viruses are moved from one computer to another over a network, a disk, file-sharing protocols, or through contaminated email attachments, viruses are disseminated Different stealth techniques are employed by some infections to evade detection by anti-virus software Some anti-viruses, for instance, can infect files without making them larger, while others attempt to avoid detection by terminating the processes connected to antivirus software before they are discovered When they infect a host file, some vintage viruses make certain that the "last changed" date stays the same.

There are different ways that a virus can be spread or attack, such as:

 Downloading free games, toolbars, media players and other software.

 Visiting an infected and unsecured website

 Clicking on advertisement

 Clicking on an executable file

 Using of infected removable storage devices, such USB drives

 Opening spam email or clicking on URL link

 Installing free software and apps

1.1.2 Trojans Horse

The term "trojan" or "trojan horse" refers to a computer virus It is a sort of computer program that conceals itself as common applications like utilities, games, and occasionally even antivirus software

operations

Figure 2 Trojans Horse

Trang 9

Trojans are typically introduced through email attachments These emails have been altered to make them appear genuine As soon as the user opens the connected file and downloads it, the system is harmed A Trojan can also be included as part of online shareware and freeware downloads Even though not all freeware contains Trojans, only downloading software and freeware from reliable sources is advised Additionally, it is essential that you choose carefully while having the installation done Trojans can be used in a variety of ways, depending on the attacker's goals Identity theft, data theft, computer crashes, espionage, and user activity monitoring are a few examples Trojans are typically recognized by the majority of anti-virus programs and do not affect the computer unless they are executed Additionally, they are not self-replicating but can join a virus that spreads to other machines on the network One may maintain a computer safe and secure by installing reputable anti-virus software, updating computer virus definitions, being cautious when opening email attachments, even if they appear to be legitimate, and paying attention to system security popup notifications.

HOW DOES TROJANS HORSE ATTACK?

 The victim gets an email with a file attachment that appears to be an authentic official email When the victim clicks on the attachment file, any malicious code contained in it could begin to run immediately.

 In that situation, the victim is not aware of or suspects that the attachment is a Trojan horse.

1.1.3 Worm

A computer worm is a hostile, self-replicating software program (often referred to as "malware") that interferes with software and hardware program operations.

Figure 3 Computer Worm

Trang 10

In many aspects, it satisfies the definition of a computer virus It can, for instance, duplicate itself and propagate throughout networks For this reason, worms are frequently referred to as viruses as well Computer worms, however, vary from computer viruses in a few ways First, worms exist as distinct entities or freestanding software, in contrast to viruses, which must latch onto files (host files) before they can spread inside a computer They don't require host applications or files Second, unlike viruses, worms only live in active memory and replicate themselves rather than altering files Worms make use of

automatic and frequently unnoticeable operating system components Only when their unchecked

replication uses up system resources and slows down or stops other tasks does their presence in the system become obvious Worms employ one of two methods to spread: they either take advantage of the target system's vulnerability or deceive people into running them Once they are within a system, they use its file-transport or information-transport capabilities to move around on their own Recently, a computer virus known as the "Stuxnet worm" made headlines around the globe when it attacked Iran's nuclear facilities.

HOW DOES WORM SPREADS?

It can propagate automatically, take advantage of software security flaws, and attempt to get access in order to steal confidential data, corrupt files, and install a back door allowing remote access to the system.

1.1.4 Spyware

The term "spyware" refers to a class of software that seeks to steal confidential or organizational data It is accomplished by carrying out a series of activities without the necessary user permissions, occasionally even discreetly Advertising, gathering personal data, and altering user configuration settings of the computer are all common activities of spyware.

Adware, tracking cookies, system monitors, and Trojans are the most common categories for spyware Freeware and shareware bundles with hidden components are the most popular ways for spyware to enter a computer A spyware program that has been installed successfully begins sending data from that machine in the background to a different location.

Trang 11

Spyware is frequently used today to serve pop-up ads depending on user behavior and search history However, spyware that is employed maliciously is hard to distinguish since it is buried in the computer's system files.

Keyloggers are one of the easiest and most common but harmful It is used to capture keystrokes that might be fatal because it can capture passwords, credit card numbers, and other sensitive data It is also purposefully installed on some business computers and shared networks to monitor user activity.

When spyware is present on a computer, it can change user settings, permissions, and administrative rights This can lock users out of their own computers and, in rare situations, result in complete data loss Spyware is designed to monitor a computer Background-running spyware can also lead to an increase in processes and more frequent crashes A computer is frequently slowed down as well.

The best method to stay safe is to use reliable antivirus and antispyware programs More importantly, exercise caution when installing freeware programs by properly eliminating the pre-checked settings.

HOW DOES SPYWARE ATTACK?

It may automatically set up shop on your computer, be a secret component of software packages, or be installed as regular malware like misleading advertisements, emails, and instant messaging.

1.2 social engineering

The term "social engineering" is used to describe a wide range of malevolent behaviors carried out through interactions with other people Users are duped into divulging critical information or committing security blunders via psychological manipulation.

Attacks by social engineers may involve one or more steps To prepare for an assault, a perpetrator first looks into the target in order to learn background details like probable points of entry and lax security measures The attacker next makes an effort to win over the victim's trust and offer incentives for later security-breaking activities, such disclosing confidential information or allowing access to vital resources Attacks using social engineering can be carried out anywhere there is a chance of human interaction The five most typical types of digital social engineering attacks are listed below.

1.2.1 Phishing

Phishing is a type of network assault where the attacker poses as a trustworthy organization in order to deceive users into providing them with personal information.

Trang 12

In order to deceive customers into disclosing sensitive information including login credentials, transaction passwords, credit card numbers, and other important details, hackers frequently pose as banks, online transaction websites, e-wallets, and credit card firms.

Hackers typically use email and text messaging for this attack technique Users will be prompted to check in if they open an email and click on a fraudulent link If "hooked," the hacker will obtain the data right away.

In 1987, phishing first came to light The term "phishing" is a mix of the phrases "fishing for information" and "phreaking," which refers to a free phone-using fraud The term "phishing" was created as a result of the similarities between "fishing" and "fishing for user information."

HOW DOES PHISHING ATTACK?

 In a phishing email assault, an attacker sends phishing emails to the victim's email address that appear to have come from their bank and requests personal data from them.

 The message includes a link that takes you to another vulnerable website in order to steal your personal data.

 Therefore, it is best to avoid clicking on or opening such emails and to refrain from giving out important information.

1.2.2 Baiting

As the term suggests, baiting attacks use a fictitious promise to spark a victim's curiosity or sense of avarice In order to steal their personal information or infect their systems with malware, they trick users into falling for a trap.

The most despised type of baiting spreads malware using tangible media Infected flash drives are frequently used as bait by attackers, who place them in plain sight where potential victims are sure to see them (e.g., bathrooms, elevators, the parking lot of a targeted company) The lure has a legitimate

appearance, including a label that presents it as the business's payroll list.

Out of curiosity, the victims pick up the bait and place it into their home or office computer, which causes the system to automatically download malware.

Baiting con games don't always have to be played out in the real world Online baiting takes the form of attractive advertisements that direct visitors to harmful websites or prod them to download malware-laden software.

1.2.3 Scareware

Scareware bombards victims with bogus threats and misleading alarms Users are tricked into believing their computer is infected with malware, which leads them to install software that either serves only to

Trang 13

profit the perpetrator or is malware in and of itself Other names for scareware include fraudware, deception software, and rogue scanner software.

The legitimate-appearing popup ads that show in your browser as you browse the internet and contain language such as "Your computer may be infected with harmful spyware applications" are a frequent type of scareware Either it offers to install the malicious tool for you or it directs you to a malicious website where your machine is infected.

Additionally, spam emails that issue false warnings or urge recipients to purchase useless or hazardous services are another way that scareware is disseminated.

1.2.4 Pretexting

Here, an attacker gathers data by telling a string of deftly constructed lies The con is frequently started by a perpetrator who poses as someone who needs the victim's private information to complete a crucial task The assailant typically begins by gaining the victim's trust by posing as a coworker, police officer, bank or tax official, or any person with the authority to know something Through queries that are allegedly necessary to verify the victim's identification, the pretexter collects crucial personal information This fraud is used to obtain all kinds of important data and records, including social security numbers, individual addresses and phone numbers, phone records, dates of staff vacation, bank records, and even security data pertaining to a physical plant.

1.2.5 Spear phishing

In this more focused variation of the phishing scam, the attacker picks certain people or companies to target Then, in order to make their attack less obvious, they modify their communications based on the traits, positions held, and contacts of their victims Spear phishing is far more difficult to pull off and might take weeks or even months to complete If done expertly, they're significantly more difficult to detect and have higher success rates.

An attacker could send an email to one or more employees while posing as an organization's IT consultant in a spear phishing scenario It is written and signed exactly like the consultant would, leading recipients to believe it is an actual message Recipients of the mail are urged to update their passwords, and a link in the message sends them to a fraudulent page where the attacker can now steal their credentials.

1.3 network attack

A network attack is an effort to enter a company's network without authorization with the intent of stealing information or carrying out other destructive behavior Network attacks generally fall into two categories:

Trang 14

 Passive: Attackers who obtain access to a network and are able to monitor or steal sensitive data do so passively, leaving the data unaltered.

 Active: Attackers actively alter data, either by deleting, encrypting, or otherwise causing it harm, in addition to gaining illegal access to it.

We differentiate between several other forms of assaults and network attacks.

 Endpoint attacks: unauthorized access to user devices, servers, or other endpoints, usually by malware infection.

 Malware attacks: introducing malware into IT resources, which enables attackers to take control of systems, steal data, and cause harm Attacks using ransomware are also among them.

 Vulnerabilities, exploits and attacks: using software flaws in the organization's software to compromise, sabotage, or obtain illegal access to systems

 Advanced persistent threats: These are sophisticated, multi-layered threats that encompass both network and other assault types.

Attackers' main goal in a network attack is to breach the corporate network perimeter and obtain access to internal systems Once inside, attackers frequently mix different attack tactics, such as corrupting an endpoint, dispersing malware, or taking advantage of a flaw in a network system.

1.3.1 SQL Injection

Hackers utilize the application layer attack method known as SQL injection to target web-based programs and steal data from corporations.

By taking advantage of poor coding practices or insufficient database credentials granted to the application user who accesses this database, hackers can attack a web application's underlying data storage using SQL injection If user input fields are not properly checked at the application level, SQL statements can pass through and directly query the database, leading to SQL injection This gives attackers the ability to alter or even delete existing data, spoof identities, change administrative rights, and in some cases, void transactions and change balances Consider a standard login page where users can input their usernames and passwords to view or edit their personal information, for illustration Following the user's submission of the information, a SQL query is created using that information and submitted to the database for validation If the user is deemed legitimate, access is granted The attacker can now bypass the login form and view what is behind it by inserting certain specially designed SQL queries through SQL injection This is made feasible by inputs that are improperly sanitized (i.e., rendered invulnerable) and are sent along with the SQL query to the database, which allows the attacker to access the database Because of the prevalence of outdated functional interfaces, SQL injection attacks frequently target PHP and ASP

applications However, stronger programmatic interfaces make J2EE and ASP.NET applications less vulnerable to SQL injection attacks The skills, creativity, and intent of the attacker have a greater impact

Trang 15

on the severity of SQL injection This system vulnerability has a high impact severity and has to be fixed right away.

1.3.2 Distributed Denial of Service (DDoS) attacks

Attackers create enormous fleets of hacked devices known as botnets and use them to send erroneous traffic to your servers or network DDoS can happen at the application level, for example by running intricate SQL queries that knock down a database, or at the network level, for example by sending massive amounts of SYN/ACC packets that can overwhelm a server.

1.3.3 Insider threats

Malicious insiders who already have privileged access to organizational systems can take advantage of a network's vulnerability Given that insiders might cause harm without breaking into the network, insider threats can be challenging to identify and defend against In order to detect insider assaults, new

technologies like User and Even Behavioral Analytics (UEBA) can assist in identifying suspicious or out-of-the-ordinary behavior by internal users.

1.4 Application attack

An application attack involves online criminals entering restricted locations Attackers frequently look at the application layer first, looking for application vulnerabilities included inside the code Attacks target a variety of applications that represent different programming languages, including.NET, Ruby, Java, Node.js, Python, and many more, even if some programming languages are more frequently targeted than others Both custom programs and open-source frameworks and libraries have security flaws.

1.4.1 Session Hijacking Attacks

Session IDs are tampered with during a session hijacking attack A user's online activity is tracked using this special ID, which makes subsequent logins quicker and more effective Attackers may be able to capture and manipulate the session ID, starting a session hijacking attack, depending on the strength of the session ID If successful, attackers will have access to all data transmitted by the server during that

session, obtaining user credentials to access private accounts.

1.4.2 SQL Injection Attack

SQL injection attacks affected 65% of the programs with vulnerabilities Applications and network communications employ SQL statements to enable access through authentication and permission Bad actors can trick apps into executing corrupted commands that let them eventually acquire access to

normally restricted locations when they obtain SQL statements and tamper with them Cybercriminals can take advantage of the complete software environment, dodge security checks and protocols, and go

unnoticed until it's too late by having access to core code and manipulating communications between other online applications.

Trang 16

1.4.3 Cross-site Scripting (XSS) Attack

One of the most frequent application assaults in use today is a cross-site scripting (XSS) attack, which is listed in the OWASP Top 10 Attackers carry out this kind of assault by looking for a weakness that gives them access to the core code, and they frequently do this by making a tainted link and distributing it via email or text message If this application vulnerability is used by cybercriminals, they can control HTTP requests by injecting malicious code on the client side Cybercriminals that have complete control over HTTP executions can access virtually any personally identifiable information (PII), including banking information, Social Security numbers, and even very sensitive government data

1.5 internal attack

When someone or a group inside of an organization tries to sabotage operations or take advantage of organizational resources, it is called an internal attack In many instances, the attacker makes extensive use of resources, tools, and expertise to conduct a complex computer attack and possibly even eradicate any traces of that attack.

Technical users who could profit from sabotaging business operations, such as highly competent and dissatisfied personnel (such as system administrators and programmers), may decide to launch an internal attack against a firm using its computer systems.

1.5.1 Employee sabotage and theft

Employees have the privilege of accessing a wide range of physical equipment inside of a company, with only trust to prevent them from damaging or stealing it This means that hardware like hard drives,

containing lots of important data, can be physically stolen from the company; otherwise, the data on it can be transferred to a USB flash drive and then revealed and duplicated online.

1.5.2 Unauthorised access by employees

Employees may be able to access portions of these computers they shouldn't because they already have access to a company's system This might happen if a colleague leaves themself signed in or if a room's door is left open and gives access to a server.

Additionally, they might occasionally possess administrative credentials or maliciously acquire them, enabling them to carry out additional administrative tasks including altering other users' access rights or turning off network security mechanisms.

1.5.3 Weak cybersecurity measures and unsafe practices

A corporation increases the likelihood that a vulnerability will be exploited by not having enough physical and digital security, especially in light of the problems raised previously, such as theft.

Trang 17

For instance, if the network server(s) for a business are left in an unlocked room, anyone can enter and cause harm to or steal from the contents Whether it's a disgruntled employee or a customer who walks into the store without having been thoroughly screened by security.

Furthermore, a regular employee may unknowingly download a virus that might impact the entire network by doing something as simple as accessing a dubious website, exploiting these security flaws.

1.5.4 Accidental loss or disclosure of data

As previously mentioned, the same security flaws that allow malevolent behavior may also allow for simple accidents to happen and inflict significant damage.

A person might transport their laptop, for instance, to and from work When doing so, they might leave it on the train ride home one day, which would give whoever finds the laptop access to all the data it contains and could potentially reveal sensitive information.

Another illustration of this may be if a worker mistakenly deletes information from a folder or spills something on a device.

Some of these mishaps can be the result of inadequate time being spent adequately training and

supervising workers Many dangers can be avoided by training employees on how to keep their devices safe and the proper use of the company's IT systems.

P2 Describe at least 3 organisational security procedures.

1.Acceptable Use (AUP)

An AUP specifies the rules and procedures that a user of organizational IT resources must accept before being granted access to the company network or the internet For new hires, it is standard procedure during onboarding Before receiving a network ID, they are given an AUP to read and sign The IT, security, legal, and HR departments of an organization should discuss what is covered by this policy SANS has an example that is permissible for fair use.

2.Access Control (ACP)

The ACP describes the access that employees have to the data and information systems of a business Standards for access control, including the Access Control and Implementation Guides published by NIST, are some of the subjects that are often covered in the policy This policy also covers the complexity of corporate passwords, network access restrictions, operating system software controls, and standards for user access The procedures for monitoring how corporate systems are accessed and used, how unattended