Organizations are at risk from some cyber security attacks that aim to severely harm systems or obtain unauthorized access to a computer.HOW DOES MALWARE ATTACK?Malware can infect a devi
Trang 1ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Submission date 12/8/2022 Date Received 1st submission
Trang 3❒ Summative Feedback: ❒ Resubmission Feedback:
Lecturer Signature:
Trang 5Table of Contents
Table Of Figures 4
P1 Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences 5
1.IT threats 5
1.1 Malware Attacks 5
1.2 social engineering 9
1.3 network attack 12
1.4 Application attack 13
1.5 internal attack 14
P2 Describe at least 3 organisational security procedures 15
1.Acceptable Use (AUP) 15
2.Access Control (ACP) 15
3 Change Management 16
4 Information Security 16
5 Incident Response (IR) 16
6 Remote Access 16
7 Email/Communication 17
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS 21
1.Firewall defined: 21
2.Intrusion Detection System (IDS) 22
3.Firewall threat-risk 24
Trang 61) Insider Attacks 24
2) Missed Security Patches 25
3) Configuration Mistakes 25
4) A Lack of Deep Packet Inspection 25
5)DDoS Attacks 26
4.IDS threat-risk 26
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security 27
Trang 71.DMZ(demilitarized zone) 27
2.Static IP 29
3.NAT(Network Address Translation) 30
References 32
Trang 8Table Of Figures
Trang 9Figure 1 Computer virus 6
Figure 2 Trojans Horse 7
Figure 3 Computer Worm 8
Figure 4 Firewall 21
Figure 5 Firewall Diagram 22
Figure 6 IDS 24
Figure 7 DMZ Diagram 28
Figure 8 Static IP 30
Figure 9 NAT diagram 31
Trang 11P1 Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences.
1.IT threats
A threat is an occurrence that has the potential to take advantage of a vulnerability (an attack just waiting
to happen) and harm the network Those in the digital sphere frequently resemble threats in the real sphere Threats including theft, vandalism, and eavesdropping have all spread from the physical world intocyberspace, usually through the Internet However, there are some notable distinctions in terms of the range of these attacks' applicability, the degree of automation required, and the spread (or propagation) of attack methods
1.1 Malware Attacks
Malware is computer malware that is created by online attackers and typically consists of a program or code Organizations are at risk from some cyber security attacks that aim to severely harm systems or obtain unauthorized access to a computer
HOW DOES MALWARE ATTACK?
Malware can infect a device in a variety of ways, including through email attachments that contain links or files that must be opened by the user in order for the malware to run
This category of assault includes: computer viruses,Trojan horses, worms and spyware
1.1.1 Computer viruses
A malicious software program that secretly loads into a user's computer and carries out malicious deeds is known as a computer virus
Trang 12Figure 1 Computer virus
Trang 13They are usually brought on by humans However, since they are produced and dispersed, no one has direct control over how they diffuse A virus that has infected a computer attaches itself to another software so that when the host program runs, the virus's actions are also activated It has the ability to replicate itself, attaching to other files or programs and infect them in the process However, not all computer infections are harmful However, the majority of them carry out malicious acts, like erasing data.Some viruses wreak remain dormant until a specific event (as intended) is started, which triggers their code to run in the computer Some viruses cause havoc as soon as their code is executed, while others waittill that event is initiated When software or documents with viruses are moved from one computer to another over a network, a disk, file-sharing protocols, or through contaminated email attachments, viruses are disseminated Different stealth techniques are employed by some infections to evade detection by anti-virus software Some viruses, for instance, can infect files without making them larger, while others attempt to avoid detection by terminating the processes connected to antivirus software before they are discovered When they infect a host file, some vintage viruses make certain that the "last changed" date stays the same.
There are different ways that a virus can be spread or attack, such as:
Downloading free games, toolbars, media players and other software.
Visiting an infected and unsecured website
Clicking on advertisement
Clicking on an executable file
Using of infected removable storage devices, such USB drives
Opening spam email or clicking on URL link
Installing free software and apps
Trang 141.1.2 Trojans Horse
The term "trojan" or "trojan horse" refers to a computer virus It is a sort of computer program that conceals itself as common applications like utilities, games, and occasionally even antivirus software Once it has been installed on the computer, it can damage file allocation systems, delete data from the hard disk, and kill background system operations
Figure 2 Trojans Horse
Trang 15Trojans are typically introduced through email attachments These emails have been altered to make them appear genuine As soon as the user opens the connected file and downloads it, the system is harmed A Trojan can also be included as part of online shareware and freeware downloads Even though not all freeware contains Trojans, only downloading software and freeware from reliable sources is advised Additionally, it is essential that you choose carefully while having the installation done Trojans can be used in a variety of ways, depending on the attacker's goals Identity theft, data theft, computer crashes, espionage, and user activity monitoring are a few examples Trojans are typically recognized by the majority of anti-virus programs and do not affect the computer unless they are executed Additionally, theyare not self-replicating but can join a virus that spreads to other machines on the network One may maintain a computer safe and secure by installing reputable anti-virus software, updating computer virus definitions, being cautious when opening email attachments, even if they appear to be legitimate, and paying attention to system security popup notifications.
HOW DOES TROJANS HORSE ATTACK?
The victim gets an email with a file attachment that appears to be an authentic official email When
Trang 16the victim clicks on the attachment file, any malicious code contained in it could begin to run immediately.
In that situation, the victim is not aware of or suspects that the attachment is a Trojan horse
Trang 17In many aspects, it satisfies the definition of a computer virus It can, for instance, duplicate itself and propagate throughout networks For this reason, worms are frequently referred to as viruses as well Computer worms, however, vary from computer viruses in a few ways First, worms exist as distinct entities or freestanding software, in contrast to viruses, which must latch onto files (host files) before they can spread inside a computer They don't require host applications or files Second, unlike viruses, worms only live in active memory and replicate themselves rather than altering files Worms make use of automatic and frequently unnoticeable operating system components Only when their unchecked replication uses up system resources and slows down or stops other tasks does their presence in the systembecome obvious Worms employ one of two methods to spread: they either take advantage of the target system's vulnerability or deceive people into running them Once they are within a system, they use its file-transport or information-transport capabilities to move around on their own Recently, a computer virus known as the "Stuxnet worm" made headlines around the globe when it attacked Iran's nuclear facilities.
HOW DOES WORM SPREADS?
It can propagate automatically, take advantage of software security flaws, and attempt to get access in order to steal confidential data, corrupt files, and install a back door allowing remote access to the system
1.1.4 Spyware
The term "spyware" refers to a class of software that seeks to steal confidential or organizational data It is accomplished by carrying out a series of activities without the necessary user permissions, occasionally
Trang 18even discreetly Advertising, gathering personal data, and altering user configuration settings of the computer are all common activities of spyware.
Adware, tracking cookies, system monitors, and Trojans are the most common categories for spyware Freeware and shareware bundles with hidden components are the most popular ways for spyware to enter
a computer A spyware program that has been installed successfully begins sending data from that machine
in the background to a different location
Trang 19Spyware is frequently used today to serve pop-up ads depending on user behavior and search history However, spyware that is employed maliciously is hard to distinguish since it is buried in the computer's system files.
Keyloggers are one of the easiest and most common but harmful It is used to capture keystrokes that might be fatal because it can capture passwords, credit card numbers, and other sensitive data It is also purposefully installed on some business computers and shared networks to monitor user activity.When spyware is present on a computer, it can change user settings, permissions, and administrative rights This can lock users out of their own computers and, in rare situations, result in complete data loss Spyware is designed to monitor a computer Background-running spyware can also lead to an increase in processes and more frequent crashes A computer is frequently slowed down as well
The best method to stay safe is to use reliable antivirus and antispyware programs More importantly, exercise caution when installing freeware programs by properly eliminating the pre-checked settings
HOW DOES SPYWARE ATTACK?
It may automatically set up shop on your computer, be a secret component of software packages, or be installed as regular malware like misleading advertisements, emails, and instant messaging
1.2 social engineering
The term "social engineering" is used to describe a wide range of malevolent behaviors carried out through interactions with other people Users are duped into divulging critical information or committing security blunders via psychological manipulation
Attacks by social engineers may involve one or more steps To prepare for an assault, a perpetrator first
Trang 20looks into the target in order to learn background details like probable points of entry and lax security measures The attacker next makes an effort to win over the victim's trust and offer incentives for later security-breaking activities, such disclosing confidential information or allowing access to vital resources.Attacks using social engineering can be carried out anywhere there is a chance of human interaction The five most typical types of digital social engineering attacks are listed below.
1.2.1 Phishing
Phishing is a type of network assault where the attacker poses as a trustworthy organization in order to deceive users into providing them with personal information
Trang 21In order to deceive customers into disclosing sensitive information including login credentials, transaction passwords, credit card numbers, and other important details, hackers frequently pose as banks, online transaction websites, e-wallets, and credit card firms.
Hackers typically use email and text messaging for this attack technique Users will be prompted to check
in if they open an email and click on a fraudulent link If "hooked," the hacker will obtain the data right away
In 1987, phishing first came to light The term "phishing" is a mix of the phrases "fishing for information" and "phreaking," which refers to a free phone-using fraud The term "phishing" was created as a result of the similarities between "fishing" and "fishing for user information."
HOW DOES PHISHING ATTACK?
In a phishing email assault, an attacker sends phishing emails to the victim's email address that appear to have come from their bank and requests personal data from them
The message includes a link that takes you to another vulnerable website in order to steal your personal data
Therefore, it is best to avoid clicking on or opening such emails and to refrain from giving out important information
1.2.2 Baiting
As the term suggests, baiting attacks use a fictitious promise to spark a victim's curiosity or sense of avarice In order to steal their personal information or infect their systems with malware, they trick users into falling for a trap
The most despised type of baiting spreads malware using tangible media Infected flash drives are frequently used as bait by attackers, who place them in plain sight where potential victims are sure to see them (e.g., bathrooms, elevators, the parking lot of a targeted company) The lure has a legitimate appearance, including a label that presents it as the business's payroll list
Trang 22Out of curiosity, the victims pick up the bait and place it into their home or office computer, which causes the system to automatically download malware.
Baiting con games don't always have to be played out in the real world Online baiting takes the form of attractive advertisements that direct visitors to harmful websites or prod them to download malware-laden software
1.2.3 Scareware
Scareware bombards victims with bogus threats and misleading alarms Users are tricked into believing their computer is infected with malware, which leads them to install software that either serves only to
Trang 23profit the perpetrator or is malware in and of itself Other names for scareware include fraudware, deception software, and rogue scanner software.
The legitimate-appearing popup ads that show in your browser as you browse the internet and contain language such as "Your computer may be infected with harmful spyware applications" are a frequent type
of scareware Either it offers to install the malicious tool for you or it directs you to a malicious website where your machine is infected
Additionally, spam emails that issue false warnings or urge recipients to purchase useless or hazardous services are another way that scareware is disseminated
1.2.4 Pretexting
Here, an attacker gathers data by telling a string of deftly constructed lies The con is frequently started by
a perpetrator who poses as someone who needs the victim's private information to complete a crucial task.The assailant typically begins by gaining the victim's trust by posing as a coworker, police officer, bank or tax official, or any person with the authority to know something Through queries that are allegedly necessary to verify the victim's identification, the pretexter collects crucial personal information.This fraud is used to obtain all kinds of important data and records, including social security numbers, individual addresses and phone numbers, phone records, dates of staff vacation, bank records, and even security data pertaining to a physical plant
1.2.5 Spear phishing
In this more focused variation of the phishing scam, the attacker picks certain people or companies to target Then, in order to make their attack less obvious, they modify their communications based on the traits, positions held, and contacts of their victims Spear phishing is far more difficult to pull off and might take weeks or even months to complete If done expertly, they're significantly more difficult to detect and have higher success rates
Trang 24An attacker could send an email to one or more employees while posing as an organization's IT consultant
in a spear phishing scenario It is written and signed exactly like the consultant would, leading recipients
to believe it is an actual message Recipients of the mail are urged to update their passwords, and a link in the message sends them to a fraudulent page where the attacker can now steal their credentials
1.3 network attack
A network attack is an effort to enter a company's network without authorization with the intent of stealinginformation or carrying out other destructive behavior Network attacks generally fall into two categories: