Cyber threats also refer to the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer networ
Identify threats agents to organizations
The agents that can cause risk to the organization are known as threat agents Before suggesting the required methods for protecting the information from these agents, they should be detected first If they are detected well, the measures that should be taken against them can be more effective.[CITATION Kho17 \l 1033 ]
Some type of threat agents:
Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the risk to the infrastructure of the organization’s information system These threat agents are considered the natural threat agents.
Workforces: Organizations have to engage their workforces to perform their respective jobs following the policies of the organization When an employee makes a critical mistake in data entry, releases proprietary data, or deceives the organization, he or she becomes a major threat to the concerned organization.
Malicious Hackers: Information systems if interlinked with other systems or even the
Internet are exposed to thousands of potential hackers through social engineering, modem connections, or physical attacks They do not care about the interface, be it public or private.
Industrial Spies: Industrial espionage is a dangerous threat to most organizations It can result in loss of profits, competitive advantage, or even the business itself.
Foreign Government Spies: Foreign spies can be involved in espionage with a view to enhancing the capabilities of their own government, reducing the native government’s abilities Their activities can even include foreign-sponsored industrial espionage
List type of threats that organizations will face
An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems.
Careless employees who don't comply with their organizations' business rules and policies cause insider threats For example, they may inadvertently email customer data to external parties, click on phishing links in emails or share their login information with others Contractors, business partners and third-party vendors are the source of other insider threats.
Some insiders intentionally bypass security measures out of convenience or ill-considered attempts to become more productive Malicious insiders intentionally elude cybersecurity protocols to delete data, steal data to sell or exploit later, disrupt operations or otherwise harm the business.
Viruses and worms are malicious software programs (malware) aimed at destroying an organization's systems, data and network A computer virus is a malicious code that replicates by copying itself to another program, system or host file It remains dormant until someone knowingly or inadvertently activates it, spreading the infection without the knowledge or permission of a user or system administration.
A computer worm is a self-replicating program that doesn't have to copy itself to a host program or require human interaction to spread Its main function is to infect other computers while remaining active on the infected system Worms often spread using parts of an operating system that are automatic and invisible to the user Once a worm enters a system, it immediately starts replicating itself, infecting computers and networks that aren't adequately protected.
A botnet is a collection of Internet-connected devices, including PCs, mobile devices, servers and IoT devices that are infected and remotely controlled by a common type of malware Typically, the botnet malware searches for vulnerable devices across the internet The goal of the threat actor creating a botnet is to infect as many connected devices as possible, using the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices The threat actors often cybercriminals that control these botnets use them to send email spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-service attacks
Phishing attacks are a type of information security threat that employs social engineering to trick users into breaking normal security practices and giving up confidential information, including names, addresses, login credentials, Social Security numbers, credit card information and other financial information In most cases, hackers send out fake emails that look as if they're coming from legitimate sources, such as financial institutions, eBay, PayPal and even friends and colleagues.
In phishing attacks, hackers attempt to get users to take some recommended action, such as clicking on links in emails that take them to fraudulent websites that ask for personal information or install malware on their devices Opening attachments in emails can also install malware on users' devices that are designed to harvest sensitive information, send out emails to their contacts or provide remote access to their devices.
5 Distributed denial-of-service (DDoS) attacks
In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable The flood of connection requests, incoming messages or malformed packets forces the target system to slow down or to crash and shut down, denying service to legitimate users or systems.
What are the recent security breaches? List and give examples with dates
A security breach is any unauthorized access to a device, network, program, or data Security breaches happen when network or device security protocols are penetrated or otherwise circumvented Hacking attacks and data leaks are examples of security breaches [ CITATION Oli22 \l 1033 ]
2 List some recent security breaches and their dates
T-Mobile Breach (August 2021): T-Mobile reported a data breach that affected over
40 million current and former customers The attackers were able to access sensitive data, including names, dates of birth, Social Security numbers, and driver's license information T-Mobile has stated that no financial information or passwords were compromised.
Kaseya Breach (July 2021): Hackers exploited a vulnerability in the Kaseya VSA software, a remote monitoring and management tool used by managed service providers(MSPs), to launch a ransomware attack that affected hundreds of organizations worldwide The attack encrypted the data of the affected organizations and demanded a ransom in exchange for the decryption key.
Colonial Pipeline Ransomware Attack (May 2021): Hackers used a ransomware attack to disrupt the operations of the Colonial Pipeline, a major US fuel pipeline operator The attack caused widespread fuel shortages and panic buying in several states Colonial Pipeline paid a ransom of $4.4 million in Bitcoin to the attackers to regain control of its systems.
Microsoft Exchange Server Vulnerability (March 2021): Hackers exploited a vulnerability in the Microsoft Exchange Server software to gain access to email accounts and steal sensitive data from several organizations The attack affected tens of thousands of organizations worldwide, including government agencies, healthcare providers, and financial institutions.
Discuss the consequences of this breach
Some consequences of data breach:
T-Mobile Breach: The consequences of this breach could include identity theft, financial loss, and reputational damage to T-Mobile The sensitive data stolen by the attackers could be used for a variety of malicious purposes, such as opening fraudulent accounts or accessing personal information T-Mobile has offered free identity theft protection services to affected customers and has stated that it is investigating the breach.
Kaseya Breach: The consequences of this breach included financial loss and reputational damage to the affected MSPs and their customers The ransomware attack encrypted the data of the affected organizations, which could result in significant business disruption and financial losses The attackers demanded a ransom in exchange for the decryption key, which some organizations may have paid to regain access to their systems.
Colonial Pipeline Ransomware Attack: The consequences of this breach included significant disruption to fuel supplies in several states and potential financial losses for
Colonial Pipeline The company paid a ransom to the attackers to regain control of its systems, which has raised concerns about the ethics of paying ransoms to cybercriminals The attack also highlighted the vulnerability of critical infrastructure to cyber-attacks.
Microsoft Exchange Server Vulnerability: The consequences of this breach included potential data theft and reputational damage to the affected organizations The attackers were able to access sensitive email data, which could include confidential business information or personal data The attack also highlighted the importance of keeping software and systems up to date to prevent vulnerabilities that can be exploited by attackers.
Suggest solutions to organizations
Some suggest solutions for organizations to prevent data breach:
Multi Factor Authentication: Multi Factor authentication (MFA) protects your account, even if your password is compromised It combines something you know (your password) with something you have (your phone) When you log into your account, it will send your phone a code If a cyber-criminal cracks your password but doesn't have your phone, then they can't access your account The best part of MFA is that it's already built into most of your accounts like Microsoft Office 365, Facebook or LinkedIn You just need to enable it.
If there's one thing that you take away from this blog, make sure that you enable MFA for your personal banking account You're only one shaky password away from a cyber- criminal draining your life savings
User Security Training: Humans are your weakest link in your defense against cyber security attacks They love to open up attachments and links in email, which is one of the easiest ways for a cyber-criminal to harvest their credentials The best way to mitigate this risk is to implement a cyber security training plan for your entire organization A strong plan should include hands on learning on what not to click, followed by simulated phishing attempts that look just like current attacks from cyber criminals This learning \ testing process should repeat on a consistent basis, which will continually help to strengthen your human firewall.
Web & Email Filtering: Humans can't catch every attack, so you should add a threat intelligence filtering service to assist This service scans email attachments and website hyperlinks, then safely detonates them in the cloud before they reach your users If the attachment or hyperlink is deemed malicious, it's disabled before your users have a chance to open it You can also configure a filtering service to block certain websites by category, and increase productivity by limiting access to social media services.
Threat Detection: We all have a lock on our front door That lock is the equivalent of your organization's firewall and antivirus, which is in place to stop the cyber criminals from breaking in Unfortunately, this lock will get kicked in when a cyber-criminal wants access A threat detection solution is the equivalent of your organization's alarm system The solution constantly scans your network and PCs for threats, and sends any questionable discoveries to a threat intelligence service for evaluation This service is powered by a team of security professionals and artificial intelligence, who take action if its determined to be a threat.
Describe at least 3 organisational security procedures (P2)
Access Control
Access control is a security procedure that regulates who can access specific resources or areas within an organization Access control can be implemented at various levels, including physical access control, logical access control, and administrative access control Physical access control involves controlling physical access to areas such as offices, data centers, or warehouses Physical access control measures may include using security badges, biometric identification systems such as fingerprint or facial recognition, or security guards to limit access to authorized personnel only Logical access control involves controlling access to digital resources such as networks, computer systems, and software applications Logical access control measures may include requiring users to provide a login ID and password, using multi-factor authentication methods such as security tokens, smart cards or biometric authentication, or implementing role-based access control (RBAC) to limit users' access to specific areas of a system based on their job responsibilities Administrative access control involves controlling access to administrative functions such as user account management, system configuration, and software installation Administrative access control measures may include requiring multi-factor authentication for administrative accounts, limiting the number of users with administrative privileges, and implementing strict password policies for administrative accounts By implementing access control as a security procedure, organizations can limit access to sensitive information and materials to only authorized personnel, thereby minimizing the risk of unauthorized access, data breaches, and other security incidents.
Encryption
Encryption is a security procedure that involves encoding data to prevent unauthorized access or theft Encryption can be implemented in various ways, such as using encryption software to encrypt files or emails, using a virtual private network (VPN) to encrypt network traffic, or using secure messaging apps that encrypt messages end-to-end Encryption works by using a mathematical algorithm to transform plain text into ciphertext, which can only be deciphered with a key or password By encrypting sensitive data, organizations can ensure that even if it is stolen or intercepted, it will be unreadable and unusable to unauthorized individuals
Encryption is particularly important for data that is stored or transmitted over the internet, as it can be intercepted by hackers or cybercriminals who may use it for malicious purposes.
Security Awareness Training
Security awareness training is a security procedure that involves educating employees and other stakeholders about security threats, best practices, and procedures to follow in the event of a security incident Security awareness training may include training on topics such as password management, phishing attacks, and social engineering scams, as well as policies and procedures related to data protection, access control, and incident reporting Security awareness training can be delivered in various ways, such as classroom training, online courses, or simulated phishing attacks By educating employees and other stakeholders about security threats and best practices, organizations can empower them to be more vigilant and proactive in identifying and reporting potential security incidents Security awareness training can also help organizations develop a security culture that prioritizes security as a key aspect of their operations.
In conclusion, access control, encryption, and security awareness training are three security procedures that organizations can use to improve their security posture and safeguard their data and resources By implementing these procedures, organizations can limit access to sensitive information, protect data from theft or unauthorized access, and educate employees and stakeholders about security threats and best practices These procedures should be implemented as part of a broader security strategy that includes regular risk assessments, security audits, and incident response planning, to ensure that organizations are well-prepared to address potential security incidents and minimize
Identify the potential impact to IT security of incorrect configuration of firewall policies
Discuss briefly firewalls and policies, their usage and advantages in a network
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules It acts as a barrier between a private network and the public internet, preventing unauthorized access to or from the private network while allowing authorized traffic to pass through Firewalls can be either software or hardware-based, and can be configured to block or allow traffic based on criteria such as
IP addresses, ports, protocols, and specific keywords or phrases Firewalls are a fundamental component of network security and are used by organizations of all sizes to protect their networks from external threats.
Firewall policies are a set of rules and criteria that determine what traffic is allowed to pass through a firewall and what is blocked These policies are typically configured based on various factors such as the source and destination IP addresses, port numbers, protocols, and specific keywords or patterns in the data payload The purpose of firewall policies is to protect a network from unauthorized access and potential security threats by filtering traffic based on predetermined security rules Firewall policies can be configured to allow or deny traffic based on various criteria such as the source and destination of the traffic, the protocol being used, or the specific port number that the traffic is using.
For example, a firewall policy could be created to allow traffic from a specific IP address or a range of IP addresses that are known to be trusted, while blocking traffic from unknown or untrusted sources Similarly, a policy could be created to block all traffic using a specific protocol that is known to be insecure, such as the File Transfer Protocol (FTP).
Firewall policies can also be set to monitor traffic for specific keywords or patterns in the data payload, such as credit card numbers or social security numbers If a firewall policy detects this type of data, it can be configured to block or alert the network administrator, depending on the severity of the threat.
Overall, firewall policies are an essential component of network security as they help to protect against unauthorized access, malware, and other security threats Regular monitoring and updates of firewall policies are necessary to ensure that the firewall is effectively protecting the network from security threats.
3 Usage and advantages of firewall in a network
The usage of firewalls and policies in a network has several advantages, including:
Improved Network Security: Firewalls and policies can help improve network security by preventing unauthorized access to the network and protecting it from various cyber threats such as malware, viruses, and phishing attacks A firewall can also be configured to block traffic from suspicious IP addresses or websites, further improving the security of the network.
Control over Network Traffic: Firewalls and policies can be used to control and manage incoming and outgoing network traffic, helping to ensure that only authorized traffic is allowed to access the network By implementing firewall policies, network administrators can define rules that allow or deny specific types of traffic, applications, or services.
Enhanced Network Performance: Firewalls and policies can help enhance network performance by blocking unwanted or malicious traffic that can slow down the network or cause it to crash By filtering out unwanted traffic, firewalls can also help improve network bandwidth and ensure that critical applications and services have adequate resources to operate effectively.
Compliance with Regulations: Many industries and organizations are required to comply with various regulations related to network security, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS) By implementing firewalls and policies, organizations can help ensure that they comply with these regulations and avoid costly penalties and legal consequences.
How does a firewall provide security to a network?
A firewall provides security to a network by controlling and managing incoming and outgoing network traffic based on a set of rules or policies It acts as a barrier between the internal network and the external network or the internet, and monitors and filters all network traffic passing through it
There are several ways in which a firewall provides security to a network:
Network Segmentation: Firewalls can be used to segment a network into different zones, such as internal networks, DMZs (demilitarized zones), and external networks By creating different zones and configuring firewall policies for each zone, network administrators can ensure that traffic flows between zones are properly managed and controlled.
Access Control: Firewalls can be used to control and manage access to the network by allowing or denying traffic based on predefined rules or policies This includes blocking traffic from suspicious IP addresses or websites, limiting access to specific services or applications, and preventing unauthorized access to the network.
Threat Prevention: Firewalls can be configured to prevent various cyber threats, such as malware, viruses, and phishing attacks, from entering the network This includes using intrusion prevention systems (IPS) to detect and block malicious traffic, as well as filtering out spam and other unwanted traffic.
Logging and Monitoring: Firewalls can be configured to log and monitor all network traffic passing through them, providing network administrators with real-time visibility into network activity This includes generating alerts or notifications when suspicious traffic is detected, enabling administrators to take immediate action to address potential security threats.
Show with diagrams the example of how firewall works
Figure 7 Example of how firewall works
The diagram above shows a simplified view of how a firewall can be used to protect a network. The firewall is a device that sits between LAN (left side) and WAN (right side) Its purpose is to monitor and control network traffic passing between the two networks In this diagram, the firewall is a packet filtering firewall, which examines each packet of data passing through it and decides whether to allow or block the packet based on a set of predetermined rules.
Define IDS, its usage, and show it with diagrams examples
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered It is a software application that scans a network or a system for the harmful activity or policy breaching Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms [ CITATION Pan22 \l 1033 ]
IDSs can be used in a variety of ways to improve network security Here are some common examples:
Network security monitoring: IDSs can be used to monitor network traffic for potential security threats They can be set up to detect known patterns of malicious activity, such as port scans, denial-of-service attacks, or attempts to exploit known vulnerabilities.
Incident response: IDSs can generate alerts when potential security threats are detected These alerts can be used to trigger incident response procedures, such as isolating affected systems, blocking suspicious IP addresses, or escalating the incident to security personnel for further investigation.
Compliance monitoring: IDSs can be used to monitor compliance with security policies and regulations They can be set up to detect unauthorized access attempts or other violations of security policies, and generate alerts when such violations are detected This can help organizations ensure that they are meeting compliance requirements and avoid potential fines or legal liabilities.
Vulnerability scanning: Some IDSs can be used to scan systems for known vulnerabilities, such as unpatched software or configuration errors This can help organizations identify and prioritize security risks and take appropriate measures to address them.
3 Example of IDS with diagram
Figure 8 Example of IDS with diagram
In this diagram, the IDS sensor monitors the network traffic and analyzes it for potential security threats, such as suspicious network activity or attempts to exploit known vulnerabilities If the IDS sensor detects a threat, it generates an alert, which is sent to the IDS management system The IDS management system receives alerts from multiple sensors and manages them It can correlate alerts from different sensors to identify patterns of activity or attacks, and prioritize alerts based on severity or other criteria Security personnel can then investigate the alerts and take appropriate action to prevent or mitigate the security threat.
Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
Firewalls and IDSs are important security tools that can help protect networks from various types of cyber-attacks However, if they are not properly configured, they can pose a significant threat to the security of the network Here are some potential impacts (threat-risk) of a misconfigured firewall and IDS:
Unauthorized access: A misconfigured firewall can allow unauthorized access to the network Attackers can exploit vulnerabilities in the firewall configuration to bypass security measures and gain access to sensitive data and systems.
Data breaches: If the firewall is not configured properly, it can allow sensitive data to leak out of the network This can result in data breaches, loss of intellectual property, and damage to the organization's reputation.
Downtime: A misconfigured firewall can also cause network downtime, which can lead to loss of productivity and revenue In some cases, it may also result in legal penalties and regulatory fines.
False positives: A misconfigured IDS can generate a large number of false positives, which can overwhelm security personnel and make it difficult to identify real threats This can lead to alert fatigue and a lack of trust in the security system.
False negatives: On the other hand, a misconfigured IDS can also miss real threats, allowing attackers to infiltrate the network and cause damage before they are detected This can result in data breaches, loss of intellectual property, and other types of cyber- attacks.
Downtime: A misconfigured IDS can also cause network downtime, as it may generate too many alerts or fail to detect real threats This can lead to loss of productivity and revenue, as well as legal penalties and regulatory fines.
Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4)
Define and discuss with the aid of diagram DMZ Focus on its usage and security function as advantage
1 Define and discuss with the aid of diagram DMZ
In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks usually, the public internet DMZs are also known as perimeter networks or screened subnetworks.
Any service provided to users on the public internet should be placed in the DMZ network External-facing servers, resources and services are usually located there Some of the most common of these services include web, email, domain name system, File Transfer Protocol and proxy servers.
Servers and resources in the DMZ are accessible from the internet, but the rest of the internal LAN remains unreachable This approach provides an additional layer of security to the LAN as it restricts a hacker's ability to directly access internal servers and data from the internet [ CITATION Ben21 \l 1033 ]
Figure 9 Example of DMZ diagram
Figure above describe a network DMZ sits between two firewalls, creating a semi safe buffer zone between the internet and the enterprise LAN
2 DM Z’s usage and security function as advantage
DMZ’s usage as an advantage: o One common usage of a DMZ is to host servers or services that need to be accessed from the Internet, such as email, web, or DNS servers By placing these servers in the DMZ, they are isolated from the internal network, reducing the risk of a potential attacker gaining access to sensitive data or systems Additionally, the DMZ allows the organization to apply additional security measures, such as firewalls, intrusion detection systems, and antivirus software, to protect the servers and services hosted in the DMZ. o Another usage of a DMZ is to provide secure remote access to internal resources, such as virtual private networks (VPNs) By placing a VPN server in the DMZ, external users can securely connect to the organization's internal network, while the DMZ acts as a buffer between the Internet and the internal network.
DMZ's security function as an advantage: o The DMZ isolates servers and services that are accessible from the Internet, reducing the risk of a potential attacker gaining access to the internal network By controlling the flow of traffic between the internal and external networks, the DMZ allows the organization to apply additional security measures, such as firewalls and intrusion detection systems, to protect the network infrastructure from attacks. o The use of a DMZ allows an organization to segment its network, limiting the impact of a potential breach By separating servers and services into different zones, the organization can limit the spread of an attack and reduce the risk of sensitive data being compromised. o The use of a DMZ enables an organization to provide secure remote access to internal resources, such as VPNs By placing the VPN server in the DMZ, external users can securely connect to the organization's internal network without compromising the security of the internal network.
Define and discuss with the aid of diagram static IP Focus on its usage and security function as advantage
1 Define and discuss with the aid of diagram static IP
A static IP address is an IP address that was manually configured for a device instead of one that was assigned by a DHCP server It's called static because it doesn't change vs a dynamic IP address, which does change.
Routers, phones, tablets, desktops, laptops, and any other device that can use an IP address can be configured to have a static IP address This might be done through the device giving out IP addresses (like the router) or by manually typing the IP address into the device from the device itself [ CITATION Tim21 \l 1033 ]
Figure 10 The diagram illustrates a typical network setup using static IP addresses
In this example, the router acts as a gateway between the local network and the internet It has a static IP address assigned by the internet service provider (ISP) on its WAN interface, which allows it to communicate with other networks on the internet.
On the router's LAN interface, it has a private IP address of 192.168.1.1, which is used to communicate with devices on the local network The server, printer, and PC 1 all have static IP addresses assigned within the same subnet, 192.168.1.x.
The advantage of using static IP addresses is that it provides a consistent and reliable way to access network devices For example, if the server's IP address was dynamic, it could change at any time, making it difficult to connect to the server remotely With a static IP address, the server's IP address remains the same, making it easier to connect to it from outside the local network.
Static IP addresses also offer more control over network traffic and security For example, network administrators can configure the router to allow or block traffic based on the IP address of the device sending or receiving the traffic This can help prevent unauthorized access to the network or specific devices.
2 Static IP’s usage and security function as advantage
Static IP’s usage as an advantage: o Easy remote access: A static IP address allows you to easily access devices or servers from remote locations. o Hosting services: Static IP addresses are essential for hosting websites, FTP servers, email servers, and other services that require a constant connection to the internet. o Reliable communication: Static IP addresses provide a reliable connection for communication between devices, especially in large networks where dynamic IP addresses can cause confusion and connectivity issues.
Static IP’s security function as advantage o Access control: Static IP addresses can be used to restrict access to devices or services based on IP address, which can help prevent unauthorized access and attacks. o Security monitoring: With a static IP address, it's easier to monitor and track network traffic for security purposes Any suspicious activity from a known IP address can be quickly identified and investigated. o Protection against DDoS attacks: Static IP addresses can provide protection against Distributed Denial of Service (DDoS) attacks by allowing network administrators to quickly identify and block malicious traffic from specific IP addresses.
Define and discuss with the aid of diagram NAT Focus on its usage and security function as advantage
1 Define and discuss with the aid of diagram NAT
NAT (Network Address Translation) is a technique used in computer networking to translate private IP addresses to public IP addresses and vice versa The primary function of
NAT is to allow multiple devices to share a single public IP address, conserving public IP address space NAT is typically implemented on a router or firewall device that sits between the private network and the public Internet.
Figure 11 The diagram illustrating how NAT works
In the above diagram, the private network (LAN) contains multiple devices with private IP addresses that are not routable on the public Internet The router/firewall device connects the private network to the public network (Internet) and performs NAT to translate the private IP addresses of the devices to a single public IP address.
2 NAT’s usage and security function as advantage
NAT’s usage as advantage o IP Address Conservation: NAT allows a single public IP address to be used for multiple devices on a private network This conserves the limited supply of public
IP addresses, which are necessary for devices to connect to the Internet. o Enhanced Security: NAT acts as a firewall by hiding the IP addresses of devices on a private network This makes it difficult for attackers to target specific devices on the network because their IP addresses are not visible to the outside world. o Cost-Effective: Using NAT to share a single public IP address among multiple devices on a private network is a cost-effective solution compared to purchasing multiple public IP addresses. o Simplifies Network Configuration: NAT simplifies network configuration by allowing devices with private IP addresses to access the Internet using a single public IP address This eliminates the need for complex routing configurations. o Facilitates Connectivity: NAT enables devices on a private network to communicate with other devices on the Internet, facilitating connectivity and enabling a wide range of online activities.
NAT’s security function as advantage o Hiding internal IP addresses: NAT can conceal the IP addresses of devices on a private network from the public Internet, making them more difficult for potential attackers to target This way, only the NAT router's public IP address is visible to the outside world. o Blocking unsolicited inbound traffic: NAT can be configured to drop unsolicited traffic from the Internet, effectively acting as a firewall This can help to prevent attacks from malicious sources or to reduce the impact of attacks that do get through. o Port forwarding and mapping: NAT can be used to forward incoming traffic to specific devices on a private network, allowing services such as web servers or FTP servers to be accessed from the Internet while keeping the rest of the network hidden By mapping incoming requests to the correct internal device, NAT can also help to ensure that only authorized traffic is allowed to reach the destination. o Conserving IP addresses: Since NAT allows multiple devices on a private network to share a single public IP address, it can help to conserve IP addresses and reduce costs This can be particularly important for organizations with large networks and limited IP addresses available.
Available at: https://www.avast.com/c-what-is-security-breach
Ciampa, M., 2014 Security + Guide to network security fundamentals 5th ed s.l.:Cengage Learning.
Available at: https://www.lifewire.com/what-is-a-static-ip-address-2626012
Available at: https://firewalltimes.com/recent-data-breaches/
Kim, D & Solomon, M G., 2015 Fundamentals of Information Systems Security 3rd ed s.l.:Jones & Bartlett Learning.
Available at: https://www.techtarget.com/searchsecurity/definition/DMZ
Available at: https://www.linkedin.com/pulse/threat-agents-can-cause-risk-organization-khondker- ishtiaq-murshid
Available at: https://www.geeksforgeeks.org/intrusion-detection-system-ids/
Available at: https://www.upguard.com/blog/cyber-threat