Information Technology Assignment 1 Unit Security 2.Pdf

BTEC FPT INTERNATIONAL COLLEGE

INFORMATION TECHNOLOGYASSIGNMENT 1

ASSIGNMENT 1 FRONT SHEET

QualificationBTEC Level 4 HND Diploma in Business

Unit number and titleUnit 9: Software Development Life Cycle

Submission date Date received (1st submission)

Re-submission dateDate received (2nd submission)

Student name Nguyen Cong Hau Student ID BDAF200013

Class IT16101 Assessor name Nguyen Hoang Anh Vu

❒Summative Feedbacks: ❒Resubmission Feedbacks:

Grade:Assessor Signature:Date:Internal Verifier’s Comments:

Signature & Date:

Besides, I would also like to thank my classmates at BTEC FPT International College for allowing me to exchange knowledge and helping me to understand the issues in this course.

In the end, I also express my gratitude to the authors, brothers, sisters, and friends for providing a wealth of knowledge used as references throughout this exercise.

1.2 Identify threats agents to organizations 8

1.3 Some types of threats that the organization will face 10

1.4 Some examples of recent cybersecurity breaches 13

2 Describe at least 3 organisational security procedures (P2) 16

CHAPTER 2 IT SECURITY SOLUTIONS 20

3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 20

3.2 How does a firewall provides a security to a network 23

3.3 Show with diagrams the example of how firewall works 24

3.4 Intrusion detection system (IDS) 25

3.5 The potential impact of FIREWALL and IDS incorrect configuration to the network 27

4 Show, using an example for each, how implementing a DMZ, static IP and NAT ina network can improve Network Security (P4) 28

4.1 How implementing a DMZ in a network can improve Network Security 28

4.2 How implementing diagram static IP in a network can improve Network Security 30

Conclusion 38Reference 39

LIST OF TABLES AND FIGURES

Figure 7: Procedures for human training 19

Figure 8: Encrypt customer information 19

Figure 16: Placed between router and firewall 27

Figure 17: IDS Diagram 27

Figure 26:Step 5 33Figure 27:NAT 36

INTRODUCTION

1.Identify types of security threat to organisations(P1)

1.1 Define threats

A cybersecurity threat is a targeted and malicious attack by an individual or organization to gain unauthorized access to another individual or organization's network todamage, disrupt, or steal IT assets , computer networks, intellectual property or any other form of sensitive data

Network attacks often lie to access, change or destroy sensitive, important information to moi users or interrupt business activities or business organizations and organizations

Figure 1: Threats

1.2 Identify threats agents to organizations

In the ICT security chain Human is the weakest link This is a very old phrase, but it still applies every day Systematic management faces human elements every day.

IT security and spam/scams

The most classic loopholes in IT security are still variable Curiosity about attachments from unknown senders or touch input at the top of the field is not intended for this purpose These acts cause considerable damage to companies every year

Download and play online not protected

continuous improvement of ICT security systems and web filters, experienced IT colleagues still have access to unsafe content We probably don't need to explain to the system administrators of us about how it works.

Security IT and lost USB bar

Have you ever had a sticky USB found? I am not something that has lost yourself, but a strange stick lying around somewhere? It's correct? Are you curious and have you given it to your computer? If so, you are in a good company As part of the study, nearly 300 USB has been "accidentally" lost to find out what will happen Nearly all rods are chosen by searchers, with 45% of cases opening a saved file.

Convenience beats IT security

After installing the latest Windows updates, we have to restart the computer However, the virus scanner slows down the computer in such and other cases Easygoing employees prefer to shut down such processes completely If there is an opportunity for anupdate or a virus scanner to deactivate it, it happens too This is a huge cost for IT security.

IT security and CEO fraud

In the so-called CEO scam, the criminal conducts himself by phone or e-mail as a director of the company They ensure that an employee transfers a large amount of moneyto another country The employee becomes confused by the other party's authority and approves the transaction This scam can easily cause millions of dollars in damage with dire consequences for those involved.

Sell business data

Everyone who has ever worked in a development department knows how valuable corporate data can be Selling blueprints, recipes, designs, or other trade secrets to competitors can be very lucrative A disgruntled coworker, with the criminal impulse and the right to transmit enough data to bring a company into crisis.

Steal customer data if you change jobs

In some industries, it seems standard practice to pass on sensitive customer data to new employers Everyone knows salespeople who have switched to competitors Soon

classical theft No less serious if the employee retains a company laptop at the end of his employment contract.

Hide IT security issues

Employees wipe out ICT security incidents in 40% of companies worldwide This is the result of a survey conducted by Kaspersky in collaboration with B2B International Employees of 5,000 companies were asked.

These security incidents include phishing or malware attacks The malware was transferred to the employee's computer If affected employees remain silent about such an incident, malicious code can spread across the corporate network.

Many attackers like to take advantage of people's trust Have you ever called a fellow system administrator because you lost your password? Your co-workers may also have it wachtwood also launched But what if that stranger is the attacker? This example works thousands of times a day.

Carelessness leads to IT security problems

Indifferent employees are poison for any company They rarely contribute to productivity and are also a potential vulnerability in IT security We can reflect an “I don't care” attitude in all matters related to safety This may include, for example:

The loose handling of passwords.Distributing sensitive information.

Authorization issue.

The distribution of files to external parties.

In all of these cases, such employees can always compromise security.

1.3 Some types of threats that the organization will face1 Malware

Malware is malicious software such as spyware, ransomware, viruses, and worms Malware is activated when a user clicks on a malicious link or attachment, resulting in the installation of dangerous software Cisco reports that the malware, once activated, can:

Install more harmful software

Completely get information by transferring data from hard drive (spyware)Disrupting individual components, rendering the system inoperable

2 Emotet

The Cybersecurity and Infrastructure Agency (CISA) describes Emotet as “an advanced modular banking Trojan that primarily acts as a downloader or dropper of other banking Trojans Emotet continues to be among the most destructive and high-cost malware.”

3 Denial of service

Denial of Service (DoS) is a type of cyber attack that floods a computer or network so that it cannot respond to requests Distributed DoS (DDoS) does the same thing, but the attack originates from a network of computers Cyber attackers often use a flood attackto disrupt the "handshake" and perform a DoS Several other techniques can be used, andsome cyber attackers use the time the network is disabled to launch other attacks According to Jeff Melnick of Netwrix, an information technology security software company,a botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a single hacker Botnets, sometimes referred to as zombie systems, target and overwhelm the target's processing power Botnets are located in different geographicallocations and are difficult to track.

4 The man in the middle

A man-in-the-middle (MITM) attack occurs when a hacker inserts themselves into a two-party transaction After disrupting traffic, they can filter and steal data, according to Cisco MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network Attackers insert themselves between the visitor and the network, then use malware to install software and use data maliciously.

5 Scams

Phishing attacks use spoofed contact information, such as an email, to trick the recipient into opening it and performing instructions inside, such as providing a credit card

install malware on the victim's machine," Cisco reported.

6 SQL Injection

The introduction of structured query language (SQL) is a type of cyber attack that results in the injection of malicious code into a server using SQL When infected, the server releases the information Sending malicious code can be as simple as typing it into the search box of a vulnerable website.

7 Password Attack

With the right password, a cyber attacker can gain access to a lot of information Social engineering is a type of password attack that Data Insider defines as "a strategy that cyber attackers use that relies heavily on human interaction and often involves trickingpeople into violating violate standard security rules” Other types of password attacks include password database access or outright guessing

8.Insider Threats

Insider threats occur when individuals close to an organization gain access to that organization's network in an unintentional or intentional way to abuse that access negatively affecting data or systems important system of the organization Careless employees who do not comply with organization regulations and business policies pose insider threats For example, they may accidentally send out email customer data, click on phishing links in emails, or share their login information with others Contractors, business partners, and third-party suppliers are the source of other interior insect threats Some concertgoers bypass security measures for reasons of convenience or in an unconscious attempt to be more efficient Malicious actors deliberately evade cybersecurity protocols to delete data, steal data for later sale or exploitation, disrupt operations, or harm

9 Distributed Word of Service (DDoS) Attack Tool

In a distributed word-of-service (DDoS) attack, multiple classified machines attack alimited target such as a server, website, or other network resources, rendering the target completely inoperable Okay Inundation of connection requests, incoming messages, or erroneous packets targeting the system has to be slowed down or attempted and shutdown, from service to user or legitimate systems.

1.4 Some examples of recent cybersecurity breaches1 Attack targeting corporate Accenture

In a survey of its cybersecurity risks, UpGuard - Startup Research on network data recovery - Accenture re-released at least 4 unsecured AWS S3 storage in 2017.

The company has been targeting detailed unchecked enforcement, data API secrecy, digital certificates, key decryption, user data, and informational meta tags.

UpGuard's active data security discovered 137GB of data available for public access Attack tools used these data with the goal of smearing and blackmailing users Some information has been posted on the dark web.

In August 2021, Accenture again became the criminal of an attack via the LockBit ransomware In this attack, the company has enough "experience" to release when performing math tests in late 2021.

This is an antra range of this public company is part of LockBit ransomware, they stole 6TB worth of data from the attacking company and paid up to 50 million USD.

Figure 2:Accenture

2 Convert is aimed at Verizon

In 2017, Verizon's third group, Nice Systems, exposed user PPIs that caused the AWS S3 configuration to fail Nice bug attack formula when collecting more client call data.

as scope The information stretching giant becomes a prey for DDoS attacks They argue that the reason behind vulnerabilities and the proliferation of attack networks is to model working remotely during the pandemic.

In 2021, Verizon released an audit of its cybersecurity strategy, in line with the VERIS framework - a case study for businesses and other users About 61% of these hacking companies involved unauthorized use of credentials, as phishing scams increasedfrom 25% to 36% in 2019.

Figure 3:Verizon

3 Ransomware Attack at Kaseya

In July 2021, IT solutions provider Kaseya suffered a massive attack targeting their system security and remote monitoring tools It is a ransomware attack in the supply chain,hitting the main checker for the Kaseya service.

As reported by ZDNet, the attack did enumerate the company's host SaaS and affected the on-premises solution VSA that was shipped to Kaseya in the country of use Kaseya proactively alerts its customers to limit the risks that an attack can pose The company develops the Kaseya VSA detection tool, which allows business users to analyzetheir VSA services and manage points to look for signs of vulnerabilities.

Kaseya's case has helped the world learn discount lessons to reduce the risk of these attacks, including:

repository, which can be easily detached from network organizations.

- Perform managed manual patching jobs, as soon as available.- Appraisal from customers through damage mitigation works.- Implement multi-factor authentication for business users

- Follows the principle of providing mandatory privileges only on resource network devices

Figure 4: Ransomware attack in Kaseya

4 Tools to attack computers that do not duplicate the Cognyte network

In May 2021, duplicate cybersecurity giant Cognyte made a mistake in a critical case that made it possible for users to access their database without protocol authentication This vulnerability paved the way for attack networks, exposing 5 percentages of users' profiles Ironically, these data are the ones that warn customers about third-party data scopes.

Information leakage is logging of user information including name, email address, password and data points about vulnerability in their system.

This information is publicly available and has even been indexed for search engines In addition, other Cognyte data intelligence is provided by the attackers for free Cognyte took about 4 days to recover and secure the data.

smallest mistakes to carry out unpredictable attacks Even well-known cybersecurity vendors are not safe from these threats; Attack prevention techniques should take precedence over measures to mitigate attacks.

Figure 5: Cognyte

Proposing solutions for the organization:

To be able to have the most effective overall information security plan, businesses and organizations need to pay attention to the following components:

Building information security policies

This is an important step in reducing risks that many business organizations often overlook This policy will be drafted including terms, laws, sharing permissions, data access that all employees in the company need to comply with.

Website system security

Website is the main communication channel of businesses with customers and is also the most vulnerable point Therefore, it is necessary to use security tools and warn of website problems In addition, for organizations in the e-commerce, finance, banking, and online payment industries, they must perform regular pen-tests to prevent hacker attacks.

Customer relationship system (CRM) security

If your business is using CRM software, invest in its own security A simple exampleshows that many businesses in Vietnam have only been suspected of having customer information, but their stock prices have dropped by hundreds of billions.

Devices connected to the internet are also a gateway for hackers to attack your data From wifi modems to printers, security cameras can be hacked easily if businesses do not implement high security forms.

Cloud technology is a trend chosen by many people because of the convenience and safety factor However, they are also not immune to cyber attacks So make sure you are using services from reputable providers like Microsoft Azure, Amazon AWS.

Security of IT/OT systems & intranets (networks)

Just one device infected with a virus or malicious code, the whole system will be at risk of being affected Therefore, it is necessary to take measures to prevent the spread of malicious code in the internal network, operating system, and information technology system to limit risks.

Raising awareness of officers - employees

This is one of the most important factors that businesses often forget Just a small mistake of an employee can cause a business to be attacked, causing a lot of heavy damage Therefore, it is necessary to raise the awareness of employees in the enterprise about the confidentiality of important information.

2 Describe at least 3 organisational security procedures (P2)

Security threats are constantly evolving, and compliance requirements are becoming increasingly complex Organizations must create a comprehensive information security policy to cover both challenges An information security policy makes it possible tocoordinate and enforce a security program and communicate security measures to third parties and external auditors.

To be effective, an information security policy should: Cover end-to-end security processes across the organizationBe enforceable and practical

Be regularly updated in response to business needs and evolving threatsBe focused on the business goals of your organization

1 Secure your business with a firewall

Figure 6:Firewall

Firewalls are one of the basic security measures that any business should use Firewalls act as a barrier between an internal network and another network (eg the Internet) and control the traffic going in and out between these two networks When malicious traffic is detected; firewalls will block access so they can't damage your systems.

2 Back up data regularly

Enterprise data can be stolen at any time because hackers are increasingly advanced in cyberattack techniques Therefore, to avoid all risks, businesses should regularly back up data, especially important data such as customer information, business

other devices to avoid loss in the event of a flood, fire, etc.

3 Building a security policy for businesses

Building an internal network security policy is extremely necessary to improve security for businesses Specifically, businesses should require employees to strictly comply with the following security regulations:

Regulations on storing and sharing company documentsRegulations on the use of network devices

Procedure for reporting and handling network problems

4 Cybersecurity awareness training for employees

The cause of network attacks comes not only from security holes on the system but also from user errors Common errors can be mentioned such as: confusing the official website with a fake website, downloading files containing malicious code, setting passwords that are too easy to guess The reason why users make these basic mistakes is because of awareness in the field Their network security is not good.

Figure 7: Procedures for human training