Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security P4.. - Static IP addresses can be used in network monitoring because
Trang 1BTEC FPT INTERNATIONAL COLLEGE
INFORMATION TECHNOLOGY ASSIGNMENT 1
Trang 2ASSIGNMENT 1 FRONT SHEET
Grading grid
Unit number and title Unit2: Security
(2nd submission)
Trang 3❒❒❒❒❒ Summative Feedbacks: ❒❒Resubmission Feedbacks:
Internal Verifier’s Comments:
Signature & Date:
Trang 4Performed Student: LE VAN HANH
ACKNOWLEDGMENTS
First of all, allow me to thank my family for giving me so much encouragement, love and timely help They were clearly the most important motivators for me to complete this report
Secondly, I also appreciate Mr Xuan Ly NGUYEN THI because his lectures and instructions are a rich source of knowledge for me to refer to
Third, a big thank you to all my BTEC friends for the memorable times we had
Last but not least, I express my deep gratitude to all the authors who have generously provided excellent wisdom to be used as a reference throughout this document
Trang 5Performed Student: LE VAN HANH
ASSURANCE
I certify that this assignment is my own work, based on my own research and my own acknowledges all materials and sources used in the preparation, whether it is books, articles, lecture notes and any other type of material, electronic or personal communication I also certify that this assignment has not previously been submitted for review in any other unit, unless specifically authorized by all relevant unit coordinators,
or at any other time in this unit and I have not copied in whole or in part plagiarism or otherwise plagiarism of the work of others
Learners declaration
I certify that the work submitted for this assignment is my own and research
sources are fully acknowledged Student signature:
Student signature Date:
Trang 6
Performed Student: LE VAN HANH
TABLE OF CONTENT
BTEC FPT INTERNATIONAL COLLEGE 2
ASSIGNMENT 1 FRONT SHEET 3
ACKNOWLEDGMENTS 5
ASSURANCE 6
Chapter: I ASSESS RISK TO IT SECURITY 14
I Identify types of security threat to organisations (P1) 14
1 Define threats 14
2 Identify threats agents to organizations 14
3 List type of threats that organizations will face 15
4 Give an example of a recently publicized security breach and discuss its consequences 16
5 What are the recent 2018/2019/2020 security breach? List and give examples with dates 16
6 Discuss the consequences of this breach? 17
7 Suggest solutions to organizations 18
II Describe at least 3 organizational security procedures (P2) 19
Chapter: II Describe IT security solutions 23
I Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P2) 23
1 Discuss briefly firewall and policies, its usage and advantages in a network 23
2 How does a firewalls provide a security to a network? 25
3 Define IDS, its usage, show with diagrams examples 26
4 Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the network 29
II Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) 30
1 Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage 30
2 Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage 32
3 Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage 34
III Propose a method to assess and treat IT security risks (M1) 35
1 Discuss methods required to assess it security threat? E.g Monitoring tools 35
2 What are the current weakness or threat of the organization? 38
3 What tools will you propose to treat the IT security risk? 39
Trang 7Performed Student: LE VAN HANH
IV Discuss three benefits to implement network monitoring systems with
supporting reasons (M2) 39
1 List some of the networking monitoring devices and discuss each 39
2 Why do you need to monitor network? 40
3 What are the benefits of monitoring a network? 40
CONCLUSION 42
REFERENCES 43
Trang 89
LIST OF FIGURES Figure 1 Infrastructure of Happy company 11
Figure 2: Photo threat security 14
Figure 3: Photo proceduce of security 19
Figure 4 Definition of firewall 23
Figure 5 Photo diagram of firewalls 26
Figure 6 Photo IDS 28
Figure 7 Photo IDS 28
Figure 8 Photo of DMZ 30
Figure 9 Photo statics IP for server 32
Figure 10 Definition of NAT in security 34
Figure 11 Tool Nessus vulnerability scanner 36
Figure 12 Tool Qualys vulnerability management 37
Figure 13 Tool metaspiloit framework 38
Trang 910
LIST OF THE ACRONYM
Entity relationship Diagram DMZ Demilitarized Zone
IP
NAT
Internet Protocol Network address translation
Trang 1011
INTRODUCTION
In the current 4.0 technology era, information technology develops as fast as the wind, exploiting and ensuring information security is increasingly prioritized and concerned, posing a great concern for data security is quite important of joint enterprises So how and how to ensure good security is not known to everyone, but today McAfee is a company specializing in providing information security solutions for businesses and organizations In Vietnam Our project today has the participation of a company specializing in providing food from rural to urban areas, which is Happy Company
Before going into the analysis, I would like to discuss a few things about Happy Company The company is a four-story building located in the countryside far from the city with the following distribution system:
The 1st, 2nd and 3rd floors are for employees, engineers, marketing, accounting,
Figure 1 Infrastructure of Happy company
Trang 1112
materials, human resources and the 4th floor is for directors and staff, divided into 30 departments There are 28 departments for employees including departments such as engineering, accounting and sales, each with 10-12 computer desks, 1 printer and 1 surveillance camera Each floor has 10 identical rooms A VLAN system is created for each branch The remaining rooms are allocated for private purposes such as storage rooms, document rooms, meeting rooms, event rooms and reception halls The wireless system provides wireless connection for 300 devices at the same time, the access point is installed on the floor between the 1st and 2nd floors in the center of the reception hall The 3rd floor is installed with a separate VLAN Finally, the fourth floor belongs to the company's executive board, which includes the chief executive officer, CEO, CFO, CTO, and their secretary Because this floor is full of people with important company information, when accessing wifi, it is necessary to have high security and reduce IP for it to increase security
At the floor, there are 3 building guards on duty from 6:30 to 23:00, the building
is covered with a surveillance camera system in key areas, many people pass by The control system is located in the security room
The same requirements are required by Happy Company to use services such as FTP, DNS and Web Some additional services are added like VPN, remote access, VoIP
As an employee of the IT Security Specialist of Vietnam's leading security consulting group McAfee Information Security Le Van Hanh, authorized and authorized by Mr Kha Tran, I would like to introduce briefly below summarizes the tools and techniques involved in identifying and assessing IT security risks, along with the organization's policies for data protection equipment and business-critical data, and simulate and provide basic recommendations for the security of your Happy Company
Trang 3233
When usage it?
- Static IP addresses are often used in situations where you need consistent and reliable access to a device or service, such as a website hosting service or email server They are also useful in situations where network administrators want to maintain control over which devices are allowed to access the network The following static IP addresses can be configured for use in the following scenarios:
- First, static IP addresses are often used for hosting services, such as web servers, email servers, or FTP servers, because the service needs to be accessed consistently on the same IP address
- Static IP addresses can be used in network monitoring because they make it easy to identify specific devices and track their activity over time Then it can be more secure to have fewer dynamic IP addresses as they are less susceptible to attacks like IP spoofing
- Static IP addresses can be useful for remote network access because they allow access to devices from anywhere with an internet connection
- Limited availability: Static IP addresses can be more difficult and expensive to obtain than dynamic IP addresses, as they are typically reserved for business and enterprise use
- Configuration and maintenance: Setting up and maintaining a static IP address can be more complicated and time consuming than a dynamic IP address, as each device needs to be manually configured with its own IP address
Disadvantages and Advantages of statics IP
o Advantages of statics IP
- Let's talk about reliability first: it is many times more reliable with DHCP configurable ip because it cannot be changed, making it easier to access devices or services that require a consistent IP address
- About security: set up advanced security measures such as firewalls, access control lists and intrusion detection systems to restrict access to the network
- Easier remote access: remote devices or services are easier because you can access them with the same IP address all the time
- Improve network performance: Static IP addresses can improve network performance as they eliminate the overhead associated with dynamic IP address assignment
o Disadvantages of statics IP
- With many advantages in terms of security, it also has the following disadvantages:
- The first is time consuming: because when we configure with a small number of machines and servers,
it will feel normal, but if the number is large, it is very time consuming and it leads to complications when re-linking and transferring data whether together
Trang 3334
- Difficult to configure as the first drawback because of the large number it cannot remember or do anything
- Next comes the static IP address which is not flexible and cannot be changed easily
- Higher cost: Since a large number of static IP addresses are needed, it can be more expensive than using dynamic IP addresses, which are often included in basic network packages
3 Define and discuss with the aid of a diagram NAT focus on usage and security function
When usage it?
- In a NAT environment, a router or firewall device sits between a private network and the public internet When a device on a private network sends a request to the internet, the router/firewall replaces the private IP address with its own public IP address Hence NAT is used to preserve public IP
Figure 10 Definition of NAT in security.
Trang 3435
addresses, as it allows multiple devices to share one IP address It is also used to add an extra layer of security to the network, as it can prevent unauthorized access to devices on a private network by masking their IP addresses
Advantages and Disadvantages of it
o Advantages of NAT
- NAT is that it allows multiple devices on a private network to share or hide multiple addresses into one public IP address This saves the limited supply of public IP addresses needed for devices to connect to the internet
- It also provides the benefit of increased security for devices, and NAT addresses can add an extra layer
of security to the network by hiding the IP addresses of devices on a private network
- NAT can simplify network management by allowing multiple devices on a private network to share a single public IP address resulting in reduced complexity of routing and addressing, which can help manage network and make troubleshooting easier
- NAT allows devices on a private network to connect to the internet, which is essential for accessing online resources and services
o Disadvantages of NAT
- May cause network performance problems reducing network throughput
- NAT can limit the ability of devices on a private network to receive inbound connections from the internet
- NAT requires additional configuration on the router or firewall device, which can further complicate network setup and increase the risk of misconfiguration
III Propose a method to assess and treat IT security risks (M1)
1 Discuss methods required to assess it security threat? E.g Monitoring tools
Here are some methods that can be used to assess security threats:
- The first method we can use is vulnerability scanning, which uses automated tools to scan the network and identify vulnerabilities in software, hardware or configuration that an attacker can exploit Some software scan for vulnerabilities such as: Nessus, Qualys Vulnerability Management and OpenVAS These tools are used to scan entire networks or specific systems and can be scheduled to run regularly
to keep the network up to date
- The second method of penetration testing: When we do penetration testing it can simulate an attack
Trang 3536
on the network to identify vulnerabilities and test the effectiveness of security controls
- The next method is to review log files and system events to identify suspicious or unusual activity that could indicate a security threat
- Next comes network traffic analysis: When analyzing network traffic to identify anomalies or patterns that could indicate a security threat, such as a denial of service attack or an access attempt illegal
- Next comes malware analysis to determine the behavior, capabilities, and potential impact of malware
on the network
- Threat intelligence monitoring: When we monitor external threat information sources such as security blogs, news feeds and government alerts
To perform security measures, we can use a number of monitoring tools as follows:
- Nessus vulnerability scanner
o Nessus comes in two versions: Nessus Professional and Nessus Essentials Nessus Professional is a commercial product that offers more features and support, while Nessus Essentials is a free, limited version of the tool
o The Nessus Vulnerability Tool can be integrated with other security tools, such as SIEM systems and ticketing systems, to automate the vulnerability management process
o Nessus vulnerability scanning tool provides many options for scanning or scanning such as: server discovery scan, vulnerability scan and authentication scan Scans are more thoroughly authenticated because they allow Nessus to scan the system from within, using administrative credentials Nessus can be used to scan cloud-based assets such as Amazon Web Services (AWS) and Microsoft Azure
o Tool Nessus has a user-friendly web interface that allows users to configure and run scans The interface also provides a dashboard that shows an overview of the organization's security health and
Figure 11 Tool Nessus vulnerability scanner.