btec level 5 hnd diploma in computing unit 5 security 1

Cyber threats also refer to the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer networ

ASSIGNMENT 1 FRONT SHEET

Unit number and title Unit 5: Security

❒ Summative Feedback: ❒ Resubmission Feedback:

Lecturer Signature:

Task 1 - Identify types of security threat to organisations Give an example of a recently publicized

security breach and discuss its consequences (P1) 2

I Cyber threat definition 2

II Identify threats agents to organizations 2

III List type of threats that organizations will face 3

IV What are the recent security breaches? List and give examples with dates 6

V Discuss the consequences of this breach 8

VI Suggest solutions to organizations 9

Task 2 - Describe at least 3 organisational security procedures (P2) 10

I Access Control 10

II Encryption 11

III Security Awareness Training 11

Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 12

I Discuss briefly firewalls and policies, their usage and advantages in a network 12

II How does a firewall provide security to a network? 14

III Show with diagrams the example of how firewall works 15

IV Define IDS, its usage, and show it with diagrams examples 15

V Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network 17

Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a

network can improve Network Security (P4) 18

I Define and discuss with the aid of diagram DMZ Focus on its usage and security function as advantage 18II Define and discuss with the aid of diagram static IP Focus on its usage and security function as advantage 20III Define and discuss with the aid of diagram NAT Focus on its usage and security function as advantage 22

References 24

Figure 1 Insider threats 5

Figure 2 Virus and worm 6

Figure 3 Botnet attack 6

Figure 4 Phishing attacks 7

Figure 5 DDoS attack 8

Figure 6 Firewall 14

Figure 7 Example of how firewall works 17

Figure 8 Example of IDS with diagram 19

Figure 9 Example of DMZ diagram 21

Figure 10 The diagram illustrates a typical network setup using static IP addresses 23

Figure 11 The diagram illustrating how NAT works 25

Task 1 - Identify types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences (P1)

I.Cyber threat definition

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors.

Cyber threats also refer to the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property, or any other form of sensitive data Cyber threats can come fromwithin an organization by trusted users or from remote locations by unknown parties.[CITATION Abi22 \l 1033 ]

II.Identify threats agents to organizations

The agents that can cause risk to the organization are known as threat agents Before suggesting the required methods for protecting the information from these agents, they should

be detected first If they are detected well, the measures that should be taken against them can be more effective.[CITATION Kho17 \l 1033 ]

Some type of threat agents:

Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the

risk to the infrastructure of the organization’s information system These threat agents are considered the natural threat agents.

Workforces: Organizations have to engage their workforces to perform their respective

jobs following the policies of the organization When an employee makes a critical mistake in data entry, releases proprietary data, or deceives the organization, he or she becomes a major threat to the concerned organization.

Malicious Hackers: Information systems if interlinked with other systems or even the

Internet are exposed to thousands of potential hackers through social engineering, modem connections, or physical attacks They do not care about the interface, be it public or private.

Industrial Spies: Industrial espionage is a dangerous threat to most organizations It can

result in loss of profits, competitive advantage, or even the business itself.

Foreign Government Spies: Foreign spies can be involved in espionage with a view to

enhancing the capabilities of their own government, reducing the native government’s abilities Their activities can even include foreign-sponsored industrial espionage

III.List type of threats that organizations will face1 Insider threats

An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems.

Careless employees who don't comply with their organizations' business rules and policies cause insider threats For example, they may inadvertently email customer data to external parties, click on phishing links in emails or share their login information with others Contractors, business partners and third-party vendors are the source of other insider threats.

Some insiders intentionally bypass security measures out of convenience or ill-considered attempts to become more productive Malicious insiders intentionally elude cybersecurity

protocols to delete data, steal data to sell or exploit later, disrupt operations or otherwise harm the business.

Figure 1 Insider threats

2 Viruses and worms

Viruses and worms are malicious software programs (malware) aimed at destroying an organization's systems, data and network A computer virus is a malicious code that replicates by copying itself to another program, system or host file It remains dormant untilsomeone knowingly or inadvertently activates it, spreading the infection without the knowledge or permission of a user or system administration.

A computer worm is a self-replicating program that doesn't have to copy itself to a host program or require human interaction to spread Its main function is to infect other

computers while remaining active on the infected system Worms often spread using parts of an operating system that are automatic and invisible to the user Once a worm enters a system, it immediately starts replicating itself, infecting computers and networks that aren't adequately protected.

Figure 2 Virus and worm

3 Botnets

A botnet is a collection of Internet-connected devices, including PCs, mobile devices, servers and IoT devices that are infected and remotely controlled by a common type of malware Typically, the botnet malware searches for vulnerable devices across the internet The goal of the threat actor creating a botnet is to infect as many connected devices as possible, using the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices The threat actors often cybercriminals that control these botnets use them to send email spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-service attacks

Figure 3 Botnet attack

4 Phishing attacks

Phishing attacks are a type of information security threat that employs social engineering totrick users into breaking normal security practices and giving up confidential information, including names, addresses, login credentials, Social Security numbers, credit card information and other financial information In most cases, hackers send out fake emails that look as if they're coming from legitimate sources, such as financial institutions, eBay, PayPal and even friends and colleagues.

In phishing attacks, hackers attempt to get users to take some recommended action, such as clicking on links in emails that take them to fraudulent websites that ask for personal information or install malware on their devices Opening attachments in emails can also install malware on users' devices that are designed to harvest sensitive information, send out emails to their contacts or provide remote access to their devices.

Figure 4 Phishing attacks

5 Distributed denial-of-service (DDoS) attacks

In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable The flood of connection requests, incoming messages or malformed packets forces the target system to slow down or to crash and shut down, denying service to legitimate users or systems.

Figure 5 DDoS attack

IV.What are the recent security breaches? List and give examples with dates1 What is security breach?

A security breach is any unauthorized access to a device, network, program, or data Security breaches happen when network or device security protocols are penetrated or otherwise circumvented Hacking attacks and data leaks are examples of security breaches[ CITATION Oli22 \l 1033 ]

2 List some recent security breaches and their dates

T-Mobile Breach (August 2021): T-Mobile reported a data breach that affected over

40 million current and former customers The attackers were able to access sensitive data, including names, dates of birth, Social Security numbers, and driver's license information T-Mobile has stated that no financial information or passwords were compromised.

Kaseya Breach (July 2021): Hackers exploited a vulnerability in the Kaseya VSA

software, a remote monitoring and management tool used by managed service providers(MSPs), to launch a ransomware attack that affected hundreds of organizations worldwide The attack encrypted the data of the affected organizations and demanded a ransom in exchange for the decryption key.

Colonial Pipeline Ransomware Attack (May 2021): Hackers used a ransomware

attack to disrupt the operations of the Colonial Pipeline, a major US fuel pipeline operator The attack caused widespread fuel shortages and panic buying in several states Colonial Pipeline paid a ransom of $4.4 million in Bitcoin to the attackers to regain control of its systems.

Microsoft Exchange Server Vulnerability (March 2021): Hackers exploited a

vulnerability in the Microsoft Exchange Server software to gain access to email accounts and steal sensitive data from several organizations The attack affected tens of thousands of organizations worldwide, including government agencies, healthcare providers, and financial institutions.

V.Discuss the consequences of this breach

Some consequences of data breach:

T-Mobile Breach: The consequences of this breach could include identity theft, financial

loss, and reputational damage to T-Mobile The sensitive data stolen by the attackers couldbe used for a variety of malicious purposes, such as opening fraudulent accounts or accessing personal information T-Mobile has offered free identity theft protection servicesto affected customers and has stated that it is investigating the breach.

Kaseya Breach: The consequences of this breach included financial loss and reputational

damage to the affected MSPs and their customers The ransomware attack encrypted the data of the affected organizations, which could result in significant business disruption andfinancial losses The attackers demanded a ransom in exchange for the decryption key, which some organizations may have paid to regain access to their systems.

Colonial Pipeline Ransomware Attack: The consequences of this breach included

significant disruption to fuel supplies in several states and potential financial losses for

Colonial Pipeline The company paid a ransom to the attackers to regain control of its systems, which has raised concerns about the ethics of paying ransoms to cybercriminals The attack also highlighted the vulnerability of critical infrastructure to cyber-attacks.

Microsoft Exchange Server Vulnerability: The consequences of this breach included

potential data theft and reputational damage to the affected organizations The attackers were able to access sensitive email data, which could include confidential business information or personal data The attack also highlighted the importance of keeping software and systems up to date to prevent vulnerabilities that can be exploited by attackers.

VI.Suggest solutions to organizations

Some suggest solutions for organizations to prevent data breach:

Multi Factor Authentication: Multi Factor authentication (MFA) protects your account,

even if your password is compromised It combines something you know (your password) with something you have (your phone) When you log into your account, it will send your phone a code If a cyber-criminal cracks your password but doesn't have your phone, then they can't access your account The best part of MFA is that it's already built into most of your accounts like Microsoft Office 365, Facebook or LinkedIn You just need to enable it.If there's one thing that you take away from this blog, make sure that you enable MFA for your personal banking account You're only one shaky password away from a cyber-criminal draining your life savings

User Security Training: Humans are your weakest link in your defense against cyber

security attacks They love to open up attachments and links in email, which is one of the easiest ways for a cyber-criminal to harvest their credentials The best way to mitigate this risk is to implement a cyber security training plan for your entire organization A strong plan should include hands on learning on what not to click, followed by simulated phishing attempts that look just like current attacks from cyber criminals This learning \ testing process should repeat on a consistent basis, which will continually help to strengthen your human firewall.

Web & Email Filtering: Humans can't catch every attack, so you should add a threat

intelligence filtering service to assist This service scans email attachments and website hyperlinks, then safely detonates them in the cloud before they reach your users If the attachment or hyperlink is deemed malicious, it's disabled before your users have a chanceto open it You can also configure a filtering service to block certain websites by category, and increase productivity by limiting access to social media services.

Threat Detection: We all have a lock on our front door That lock is the equivalent of

your organization's firewall and antivirus, which is in place to stop the cyber criminals

from breaking in Unfortunately, this lock will get kicked in when a cyber-criminal wants access A threat detection solution is the equivalent of your organization's alarm system The solution constantly scans your network and PCs for threats, and sends any questionable discoveries to a threat intelligence service for evaluation This service is powered by a team of security professionals and artificial intelligence, who take action if its determined to be a threat.

Task 2 - Describe at least 3 organisational security procedures (P2)

In today's digital age, information security has become a crucial aspect for businesses of all sizes Withthe increasing frequency and severity of cyber threats, it is essential for organizations to implement robust security procedures to protect their sensitive information and assets from theft, damage, or unauthorized access I will discuss three security procedures that organizations can use to improve their security posture and safeguard their data and resources.

I.Access Control

Access control is a security procedure that regulates who can access specific resources or areas within an organization Access control can be implemented at various levels, including physicalaccess control, logical access control, and administrative access control Physical access control involves controlling physical access to areas such as offices, data centers, or warehouses Physical access control measures may include using security badges, biometric identification systems such as fingerprint or facial recognition, or security guards to limit access to authorized personnel only Logical access control involves controlling access to digital resources such as networks, computer systems, and software applications Logical access control measures may include requiring users to provide a login ID and password, using multi-factor authentication methods such as security tokens, smart cards or biometric authentication, or implementing role-based access control (RBAC) to limit users' access to specific areas of a system based on their job responsibilities Administrative access control involves controlling access to administrative functions such as user account management, system configuration, and software installation Administrative access control measures may include requiring multi-factor authentication for administrative accounts, limiting the number of users with administrative privileges, and implementing strict password policies for administrative accounts By implementing access control as a security procedure, organizationscan limit access to sensitive information and materials to only authorized personnel, thereby minimizing the risk of unauthorized access, data breaches, and other security incidents.

Encryption is a security procedure that involves encoding data to prevent unauthorized access or theft Encryption can be implemented in various ways, such as using encryption software to encrypt files or emails, using a virtual private network (VPN) to encrypt network traffic, or using secure messaging apps that encrypt messages end-to-end Encryption works by using a mathematical algorithm to transform plain text into ciphertext, which can only be deciphered with a key or password By encrypting sensitive data, organizations can ensure that even if it is stolen or intercepted, it will be unreadable and unusable to unauthorized individuals

Encryption is particularly important for data that is stored or transmitted over the internet, as it can be intercepted by hackers or cybercriminals who may use it for malicious purposes.

III.Security Awareness Training

Security awareness training is a security procedure that involves educating employees and other stakeholders about security threats, best practices, and procedures to follow in the event of a security incident Security awareness training may include training on topics such as password management, phishing attacks, and social engineering scams, as well as policies and procedures related to data protection, access control, and incident reporting Security awarenesstraining can be delivered in various ways, such as classroom training, online courses, or simulated phishing attacks By educating employees and other stakeholders about security threats and best practices, organizations can empower them to be more vigilant and proactive inidentifying and reporting potential security incidents Security awareness training can also helporganizations develop a security culture that prioritizes security as a key aspect of their operations.

In conclusion, access control, encryption, and security awareness training are three security procedures that organizations can use to improve their security posture and safeguard their data and resources By implementing these procedures, organizations can limit access to sensitive information, protect data from theft or unauthorized access, and educate employees and stakeholders about security threats and best practices These procedures should be implemented aspart of a broader security strategy that includes regular risk assessments, security audits, and incident response planning, to ensure that organizations are well-prepared to address potential security incidents and minimize

Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies

yppygpand IDS (P3)

I.Discuss briefly firewalls and policies, their usage and advantages in a network1 What is firewall?

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules It acts as a barrier between a private network and the public internet, preventing unauthorized access to or from the private network while allowing authorized traffic to pass through Firewalls can be either software

or hardware-based, and can be configured to block or allow traffic based on criteria such as IP addresses, ports, protocols, and specific keywords or phrases Firewalls are a

fundamental component of network security and are used by organizations of all sizes to protect their networks from external threats.

Figure 6 Firewall

2 Firewall policies

Firewall policies are a set of rules and criteria that determine what traffic is allowed to pass through a firewall and what is blocked These policies are typically configured based on various factors such as the source and destination IP addresses, port numbers, protocols, and specific keywords or patterns in the data payload The purpose of firewall policies is to protect a network from unauthorized access and potential security threats by filtering traffic