Define threats
A cybersecurity threat is a targeted and malicious attack by an individual or organization to gain unauthorized access to another individual or organization's network to damage, disrupt, or steal IT assets , computer networks, intellectual property or any other form of sensitive data
Network attacks often lie to access, change or destroy sensitive, important information to moi users or interrupt business activities or business organizations and organizations
Identify threats agents to organizations
In the ICT security chain Human is the weakest link This is a very old phrase, but it still applies every day Systematic management faces human elements every day.
IT security and spam/scams
The most classic loopholes in IT security are still variable Curiosity about attachments from unknown senders or touch input at the top of the field is not intended for this purpose These acts cause considerable damage to companies every year
Download and play online not protected
Perfomed Student: Nguyen Cong Hau 8
Despite advanced ICT security systems and web filters, many workplace employees can access inappropriate online content This issue persists for experienced IT professionals, underscoring the need for effective cybersecurity measures.
Security IT and lost USB bar
Have you ever had a sticky USB found? I am not something that has lost yourself, but a strange stick lying around somewhere? It's correct? Are you curious and have you given it to your computer? If so, you are in a good company As part of the study, nearly
300 USB has been "accidentally" lost to find out what will happen Nearly all rods are chosen by searchers, with 45% of cases opening a saved file.
After installing the latest Windows updates, we have to restart the computer However, the virus scanner slows down the computer in such and other cases Easygoing employees prefer to shut down such processes completely If there is an opportunity for an update or a virus scanner to deactivate it, it happens too This is a huge cost for IT security.
IT security and CEO fraud
In the so-called CEO scam, the criminal conducts himself by phone or e-mail as a director of the company They ensure that an employee transfers a large amount of money to another country The employee becomes confused by the other party's authority and approves the transaction This scam can easily cause millions of dollars in damage with dire consequences for those involved.
Everyone who has ever worked in a development department knows how valuable corporate data can be Selling blueprints, recipes, designs, or other trade secrets to competitors can be very lucrative A disgruntled coworker, with the criminal impulse and the right to transmit enough data to bring a company into crisis.
Steal customer data if you change jobs
In some industries, it seems standard practice to pass on sensitive customer data to new employers Everyone knows salespeople who have switched to competitors Soon after, he contacted us to get back into business In such a case, however, we speak of classical theft No less serious if the employee retains a company laptop at the end of his employment contract.
Employees wipe out ICT security incidents in 40% of companies worldwide This is the result of a survey conducted by Kaspersky in collaboration with B2B International Employees of 5,000 companies were asked.
These security incidents include phishing or malware attacks The malware was transferred to the employee's computer If affected employees remain silent about such an incident, malicious code can spread across the corporate network.
Many attackers like to take advantage of people's trust Have you ever called a fellow system administrator because you lost your password? Your co-workers may also have it wachtwood also launched But what if that stranger is the attacker? This example works thousands of times a day.
Carelessness leads to IT security problems
Indifferent employees are poison for any company They rarely contribute to productivity and are also a potential vulnerability in IT security We can reflect an “I don't care” attitude in all matters related to safety This may include, for example:
The loose handling of passwords.
The distribution of files to external parties.
In all of these cases, such employees can always compromise security.
Some types of threats that the organization will face
Malware is malicious software such as spyware, ransomware, viruses, and worms Malware is activated when a user clicks on a malicious link or attachment, resulting in the installation of dangerous software Cisco reports that the malware, once activated, can:
Perfomed Student: Nguyen Cong Hau 10
Block access to key network components (ransomware)
Completely get information by transferring data from hard drive (spyware)
Disrupting individual components, rendering the system inoperable
Emotet, classified as a highly destructive banking Trojan by the Cybersecurity and Infrastructure Agency (CISA), operates primarily as a downloader or dropper, introducing additional banking Trojans into infected systems Its modular nature and ability to facilitate the deployment of other malware continue to make Emotet a significant threat, resulting in substantial financial losses.
Denial of Service (DoS) is a type of cyber attack that floods a computer or network so that it cannot respond to requests Distributed DoS (DDoS) does the same thing, but the attack originates from a network of computers Cyber attackers often use a flood attack to disrupt the "handshake" and perform a DoS Several other techniques can be used, and some cyber attackers use the time the network is disabled to launch other attacks According to Jeff Melnick of Netwrix, an information technology security software company, a botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a single hacker Botnets, sometimes referred to as zombie systems, target and overwhelm the target's processing power Botnets are located in different geographical locations and are difficult to track.
4 The man in the middle
A man-in-the-middle (MITM) attack occurs when a hacker inserts themselves into a two-party transaction After disrupting traffic, they can filter and steal data, according to Cisco MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network Attackers insert themselves between the visitor and the network, then use malware to install software and use data maliciously.
Phishing attacks use spoofed contact information, such as an email, to trick the recipient into opening it and performing instructions inside, such as providing a credit card number "The intent is to steal sensitive data such as credit card and login information or to install malware on the victim's machine," Cisco reported.
The introduction of structured query language (SQL) is a type of cyber attack that results in the injection of malicious code into a server using SQL When infected, the server releases the information Sending malicious code can be as simple as typing it into the search box of a vulnerable website.
With the right password, a cyber attacker can gain access to a lot of information Social engineering is a type of password attack that Data Insider defines as "a strategy that cyber attackers use that relies heavily on human interaction and often involves tricking people into violating violate standard security rules” Other types of password attacks include password database access or outright guessing
Insider threats originate from individuals with authorized access to an organization's network, potentially exploiting their access to negatively impact the organization's data and systems Negligence among employees, such as accidentally sharing data via emails or clicking malicious links, can create insider threats Additionally, external parties, such as contractors or suppliers, may also pose risks if they breach security protocols Malicious insiders intentionally circumvent cybersecurity measures to disrupt operations, steal data, or inflict harm on the organization, while unintentional insiders may compromise the organization's security due to convenience or efficiency measures.
9 Distributed Word of Service (DDoS) Attack Tool
DDoS attacks, characterized by distributed, coordinated attacks from numerous compromised machines, bombard their targets with overwhelming traffic These attacks aim to exhaust the target's resources, such as bandwidth or processing power, effectively disabling them and disrupting service to legitimate users The flood of requests and packets overwhelms the target, causing service failures and potentially leading to complete inoperability.
Perfomed Student: Nguyen Cong Hau 12
Some examples of recent cybersecurity breaches
In a survey of its cybersecurity risks, UpGuard - Startup Research on network data recovery - Accenture re-released at least 4 unsecured AWS S3 storage in 2017.
The company has been targeting detailed unchecked enforcement, data API secrecy, digital certificates, key decryption, user data, and informational meta tags. UpGuard's active data security discovered 137GB of data available for public access Attack tools used these data with the goal of smearing and blackmailing users Some information has been posted on the dark web.
In August 2021, Accenture again became the criminal of an attack via the LockBit ransomware In this attack, the company has enough "experience" to release when performing math tests in late 2021.
LockBit ransomware, a notorious group linked to anantra range of a public company, recently executed a successful cyberattack, stealing 6TB of sensitive data from the target organization The incident resulted in a hefty ransom payment of approximately 50 million USD This attack serves as a stark reminder of the growing threat posed by ransomware and the need for organizations to prioritize cybersecurity measures to safeguard their data and financial assets.
2 Convert is aimed at Verizon
In 2017, Verizon's third group, Nice Systems, exposed user PPIs that caused the AWS S3 configuration to fail Nice bug attack formula when collecting more client call data.
In 2020, Verizon released 29,207 security incidents, 5,200 of which were confirmed as scope The information stretching giant becomes a prey for DDoS attacks They argue that the reason behind vulnerabilities and the proliferation of attack networks is to model working remotely during the pandemic.
In 2021, Verizon released an audit of its cybersecurity strategy, in line with the VERIS framework - a case study for businesses and other users About 61% of these hacking companies involved unauthorized use of credentials, as phishing scams increased from 25% to 36% in 2019.
In July 2021, IT solutions provider Kaseya suffered a massive attack targeting their system security and remote monitoring tools It is a ransomware attack in the supply chain, hitting the main checker for the Kaseya service.
Threat actors exploited a vulnerability in Kaseya's VSA software, which impacted both the company's hosted SaaS and on-premises VSA solutions To mitigate risks, Kaseya swiftly notified its clients and developed the Kaseya VSA detection tool to assist businesses in monitoring their VSA services and detecting potential vulnerabilities.
Kaseya's case has helped the world learn discount lessons to reduce the risk of these attacks, including:
Perfomed Student: Nguyen Cong Hau 14
- Continually secure business operations with up-to-date backups in an air-gapped repository, which can be easily detached from network organizations.
- Perform managed manual patching jobs, as soon as available.
- Appraisal from customers through damage mitigation works.
- Implement multi-factor authentication for business users
- Follows the principle of providing mandatory privileges only on resource network devices
Figure 4: Ransomware attack in Kaseya
4 Tools to attack computers that do not duplicate the Cognyte network
In May 2021, duplicate cybersecurity giant Cognyte made a mistake in a critical case that made it possible for users to access their database without protocol authentication This vulnerability paved the way for attack networks, exposing 5 percentages of users' profiles Ironically, these data are the ones that warn customers about third-party data scopes.
Information leakage is logging of user information including name, email address, password and data points about vulnerability in their system.
This information is publicly available and has even been indexed for search engines In addition, other Cognyte data intelligence is provided by the attackers for free Cognyte took about 4 days to recover and secure the data.
The incident once again opened up to the world how attackers can exploit even the smallest mistakes to carry out unpredictable attacks Even well-known cybersecurity vendors are not safe from these threats; Attack prevention techniques should take precedence over measures to mitigate attacks.
Proposing solutions for the organization:
To be able to have the most effective overall information security plan, businesses and organizations need to pay attention to the following components:
This is an important step in reducing risks that many business organizations often overlook This policy will be drafted including terms, laws, sharing permissions, data access that all employees in the company need to comply with.
Website is the main communication channel of businesses with customers and is also the most vulnerable point Therefore, it is necessary to use security tools and warn of website problems In addition, for organizations in the e-commerce, finance, banking, and online payment industries, they must perform regular pen-tests to prevent hacker attacks.
Customer relationship system (CRM) security
If your business is using CRM software, invest in its own security A simple example shows that many businesses in Vietnam have only been suspected of having customer information, but their stock prices have dropped by hundreds of billions.
Perfomed Student: Nguyen Cong Hau 16
IoT (Internet-of-Things) device security
Devices connected to the internet are also a gateway for hackers to attack your data From wifi modems to printers, security cameras can be hacked easily if businesses do not implement high security forms.
Cloud technology is a trend chosen by many people because of the convenience and safety factor However, they are also not immune to cyber attacks So make sure you are using services from reputable providers like Microsoft Azure, Amazon AWS.
Security of IT/OT systems & intranets (networks)
Describe at least 3 organisational security procedures (P2)
Security threats are constantly evolving, and compliance requirements are becoming increasingly complex Organizations must create a comprehensive information security policy to cover both challenges An information security policy makes it possible to coordinate and enforce a security program and communicate security measures to third parties and external auditors.
To be effective, an information security policy should:
Cover end-to-end security processes across the organization
Be regularly updated in response to business needs and evolving threats
Be focused on the business goals of your organization
1 Secure your business with a firewall
Figure 6:Firewall Firewalls are one of the basic security measures that any business should use Firewalls act as a barrier between an internal network and another network (eg the Internet) and control the traffic going in and out between these two networks When malicious traffic is detected; firewalls will block access so they can't damage your systems.
Enterprise data can be stolen at any time because hackers are increasingly advanced in cyberattack techniques Therefore, to avoid all risks, businesses should regularly back up data, especially important data such as customer information, business
Perfomed Student: Nguyen Cong Hau 18 secrets or intellectual property Businesses should also back up on the cloud instead of other devices to avoid loss in the event of a flood, fire, etc.
3 Building a security policy for businesses
Building an internal network security policy is extremely necessary to improve security for businesses Specifically, businesses should require employees to strictly comply with the following security regulations:
Regulations on storing and sharing company documents
Regulations on the use of network devices
Procedure for reporting and handling network problems
4 Cybersecurity awareness training for employees
Network attacks can stem from both system vulnerabilities and user errors Common user mistakes include mistaking phishing websites for legitimate ones, downloading malware-laden files, and using weak passwords These errors often result from a lack of cybersecurity awareness among users.
Figure 7: Procedures for human training
To avoid the creation of network risks by users; Enterprises need to organize training sessions on cybersecurity knowledge for all employees Training content must be developed in accordance with the roles and orientations of each department; Avoid information that is too heavy and far from reality.
Protecting customer information is critical for businesses to maintain their reputation Disclosing customer data can swiftly destroy a business's reputation, prompting the need for businesses to prioritize the security of customer information Encrypted information ensures that data breaches cannot expose the entire customer database, minimizing the potential for reputational damage.
Perfomed Student: Nguyen Cong Hau 20
IT SECURITY SOLUTIONS
Identify the potential impact to IT security of incorrect configuration of firewall
of firewall policies and IDS (P3)
Firewalls, borrowed from construction design, are network security systems that prevent unauthorized access and external intrusion They act as a barrier, protecting computers and devices from internet-borne threats By implementing firewalls, organizations and individuals can safeguard their sensitive information and data, ensuring the integrity and security of their systems.
Figure 9:Firewall Policy: The firewall acts as a security guard that monitors or analyzes the traffic going to and from/to your network It analyzes the information sent or received and allows or blocks that information, depending on the rules established in the firewall.
Step 1: First you open the Start menu up and type Control Panel, where we will access the Control Panel section to turn on the firewall.
Figure 10:Step 1 Step 2: In all Control panel Items, go to Windows Defender Firewall
Figure 11:Step 2 Step 3: In the Windows Defender FireWall section, simply click Turn on or off Windows FireWall to proceed with enabling FireWall, the first step before using the firewall to block unauthorized access.
Perfomed Student: Nguyen Cong Hau 22
Figure 12:Step 3 Step 4: Here, whether it is a private or a Public value, you can also turn on Windows Defender FireWall and then click OK.
Cloud Firewall is capable of handling the amount of network information at peak hours to secure even the most complex environments.
Firewalls in cloud power are more modular than regular firewalls By it is designed to handle various types of information communication with each other.
Cloud Firewall is architected with a system driven approach to ensure the highest level of availability.
Cloud Firewall provides VPN power to eliminate requests for multiple devices.
In short, firewalls play an important role in preventing malicious sources of access to your system In the current digital transformation period, imagine that cloud computing (Cloud Firewall) plays an even more important role in protecting business data Therefore, businesses should choose a reputable and experienced cloud computing service provider to deploy more effectively.
3.2 How does a firewall provides a security to a network
Firewall is a software or hardware based system that prevents unauthorized access to a private network It acts as a barrier and inspects data packets entering or from a private network It is commonly used to prevent unauthorized internet users from accessing private networks from connecting to an Internet network.
So much harm can be done if a hacker gets access to an organization's private network to steal information Therefore, in order for policies and information to always be secure and safe, firewall and network security are put in place to prevent network attacks from happening.
Firewalls filter incoming information, through an internet connection, into a network or personal computer system It acts as a security checkpoint.
Firewalls give companies or organizations control over how people connect and use their internet connection You can prevent them from logging in to certain websites or restrict certain users' connections Companies can do this by setting up cybersecurity policies.
Customizable firewall You can set policies and can remove other policies It all depends on what you want.
An IP (Internet protocol) address is a digital label assigned to each computing device that connects to the internet If a certain IP address is suspected, firewalls can
Perfomed Student: Nguyen Cong Hau 24 block all traffic coming from the IP address A company can block certain domains or allow access to specific domains.
Servers make their service available to the internet using numbered ports. The firewall separates from a secure area and from a less secure area it controls communications between the two.
3.3 Show with diagrams the example of how firewall works
Firewalls serve as gatekeepers for network traffic, determining which data is safe for transmission and which poses potential threats By filtering out malicious or unreliable traffic, firewalls protect networks from external vulnerabilities To comprehend how firewalls operate, it's crucial to understand the structure of web-based networks, which involve the exchange of data between devices through established connections.
Firewalls aim to secure private networks and the endpoint devices within, known as network servers A network server is a device that "talks" to other servers on the network They send and receive between internal networks, as well as to and from external networks.
Your computer and other endpoint devices use the network to access the internet However, the internet is divided into subnets or 'subnets' for security and privacy.
As a security buffer between internal and external networks, they can also be used to accommodate any service-oriented externals provided by the network suite (i.e servers for web, mail, FTP, VoIP ,…).
This network is more secure outside the network but less secure inside the network.
We are not at any time also be surface in the simple network as network family but also be used in the content of the network of Organization or country.
Linear filters are specialized in using a computer port placed on a network to segment it We are called network-level content firewalls The two most common segmentation models are screened server firewalls and screened network firewalls.Filtered host firewalls use a single filter-ready router between external and internal networks, known as a congestion router This network is two network child of this model.
The subnet firewall is filtered and uses two filters, one called the router between the external and peripheral networks, and the other labeled the router between the peripheral and content networks This is create a match con network.
Figure 14: How the firewall works
IDS (intrusion detection system) is an intrusion detection system to detect attacks on computers or computers in the network.
The system always listens for information on the transmission to detect packets based on signs in the packet content, or anomalies in network traffic When detected, the system will alert the administrator or signal to another system to proceed further
Perfomed Student: Nguyen Cong Hau 26
Depending on the intended use as well as the existing network structure, IDS can be located in many different locations to make the best use of the system's capabilities such as:
Placed between router and firewall
Show, using an example for each, how implementing a DMZ, static IP and NAT in
4.1 How implementing a DMZ in a network can improve Network Security
A Demilitarized Zone (DMZ) is a segregated network segment designed to provide an additional layer of security by isolating external-facing systems from internal network resources Located between the public Internet and an organization's internal network, the DMZ hosts systems and services that require external access, such as web servers, email servers, and firewalls By isolating these systems in the DMZ, organizations can minimize the potential for unauthorized access to sensitive internal data.
The DMZ (Demilitarized Zone) is also known as the Ring Network The DMZ (Demilitarized Zone) adds an extra layer of security to an organization's internal network, and an external attacker only has access to network devices and servers within the DMZ (Demilitarized Zone) By creating a DMZ (Demilitarized Zone), an external user needs to take at least one step within the DMZ (Demilitarized Zone) before he can access sensitive information inside the trusted network.
DMZ (Demilitarized Zone) usually contains Web servers, FTP servers, name servers (DNS), E-mail servers, Honeypots.
Ways to set up the DMZ network area:
Method 1: Set DMZ between 2 firewalls, one to filter information from the internet and one to check information flows into the local network
Figure 19:Method1 Method 2: Use a router with multiple ports to put the DMZ in a separate branch separate from the local network.
Perfomed Student: Nguyen Cong Hau 30
Prevention of Network Reconnaissance: A DMZ also prevents an attacker from being able to find potential targets in the network Even if a system in the DMZ is compromised, the internal firewall protects the private network, separating it from the DMZ. This setup makes active reconnaissance from the outside more difficult Although the servers in the DMZ are publicly visible, they are backed by another layer of protection The public face of the DMZ prevents attackers from seeing the contents of the internal private network If attackers try to penetrate servers in the DMZ, they are still isolated from the private network by the DMZ's internal barrier.
Internet Protocol (IP) spoofing protection: In some cases, attackers try to bypass access control restrictions by spoofing an authorized IP address to impersonate another device Online One DMZ can stop potential IP spoofers, while another service on the network verifies the legitimacy of an IP address by checking if it is accessible.
4.2 How implementing diagram static IP in a network can improve Network Security
A static IP address is an address that is permanently assigned to your network devices by your ISP, and does not change even if your device reboots Static IP addresses typically have two versions: IPv4 and IPv6 A static IP address is usually assigned to a server hosting websites and provides email, VPN and FTP services In static IP addressing, each device on the network has its own address with no overlap and you'll have to configure the static IP addresses manually When new devices are connected to a network, you would have to select the "manual" configuration option and input the IP address, the subnet mask, the default gateway and the DNS server.
Steps to deploy static IP on windows 11:
Step 1: Right-click the Ethernet or WI-Fi icon on Windows 11 in the bottom right corner of the screen => select Network and internet settings
Perfomed Student: Nguyen Cong Hau 32
Step 2: At the Network & internet panel, select Properties under the Ethernet or WI-
Fi icon (depending on the state you are connecting to the network).
Step 3: In the new attribute table that appears, click Edit of the IP assignment entry.
Step 4: Switch from Automatic (DHCP) to Manual and IPv4 to On.
Step 5: Set the specific data boxes as follows: - IP Address: Enter the static IP address 192.168.1.x (where x is any number from 1 to 250 in the provided WiFi range, this number does not overlap with another machine because If someone used this number, you will not be able to access the network) + example: The illustration below Set the static
IP address as 192.168.1.145 - Subnet Mask: Enter 255.255.255.0 - Gateway: 192.168.1.1
Perfomed Student: Nguyen Cong Hau 34
=> Click Save to save information
After the static IP is set up on Windows 11, all the information will be displayed as follows
Static IP addresses simplify and expedite connections by eliminating the need for reissuing new IP addresses Users benefit from the stability of a static IP, comparable to a permanent home or email address, which remains consistent over time This consistency facilitates seamless communication and accessibility.
Static IP is well suited for environments where multiple computers, business fax machines, or systems are used It will minimize the risk of data loss Static IP will help computers work together more stably For example, if the company has set up a static IP, the machines in the company will connect according to that IP to be able to fax and print easily For dynamic IP, when the server starts, the IP will change This causes the connections to become interrupted and to have to reset the IP for each machine, which is very time consuming.
Not only that, static IP also helps the company to observe the camera, fax machine from outside.
Static IP also works for games that need a static IP.
4.3 How implementing diagram NAT in a network can improve Network Security
NAT is the term shortcuted from the phrase Network Address Translation is a packet filter used in firewall product applications to protect the network from all external intrusion effects or hackers Network address (NAT) also eliminates the organization needs to have a unique set of IP addresses worldwide, thus helping to maintain the IPv4 address source available for the Internet.
Perfomed Student: Nguyen Cong Hau 36
Establish a conversion relationship between the internal internal address and the external agent address.
Router (config) # ip nat inside source static [local ip] [global ip]
(Determine the ports to connect to the internal network and execute the command) Router (config-if) # ip nat inside
(Determine the ports to connect to the external public network to execute the command)
Router (config-if) # ip nat outside
Defines a representative external (public) address range: NAT addresses
Router (config) # ip nat pool [name start ip] [name end ip] netmask [netmask]/prefix- lenght [prefix-lenght]
(Setting the ACL allows which internal addresses are converted: NATed addresses) Router (config) # access-list [access-list-number-permit] source [source-wildcard] (Establishes the relationship between the source address specified in the ACL and the external address range.)
Router (config) # ip nat inside source list pool
(Determine the ports to connect to the local network)
Router (config-if) # ip nat inside
(Specify the ports to connect to the outside)
Router (config-if) # ip nat outside
Hide the structure inside the network from outside hackers and therefore network security is enhanced.
Unlimited unlimited IP address range, because the general address is only connected to the Internet when the computer requires.
Help maintain the same IP only IP of the internet internal network connected to the computer.
Perfomed Student: Nguyen Cong Hau 38
After completing the report, I had a clear understanding of some of the security risks that the organization will face, the prevention measures and solutions when faced with the risks I also know more about the applications and ways to secure critical data in an organization.