Đang tải... (xem toàn văn)
Assignment 1 môn Security đại học GW năm 2022, đạt các tiêu chuẩn Pass, có trích dẫn Harvard. Liên hệ zalo 0962986805 or https:www.facebook.comprofile.php?id=100080073517431 nếu muốn support với mức giá rẻ hơn thị trường. IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS. GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1), DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2), IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OFFIREWALL POLICIES AND IDS (P3), SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4)
ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 5: Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Student ID Class Assessor name Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D1 Summative Feedback: Resubmission Feedback: 2.1 Grade: Lecturer Signature: Assessor Signature: Date: Note: Nếu muốn support C, C#, Networking, Database, project web, 1633, security_zalo 0962.986.805 or fb Nguyen Long | Facebook Table of Contents TABLE OF CONTENTS 3.1 LIST OF FIGURES INTRODUCTION: TASK - IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) 1.1 THREATS 1.2 IDENTIFY THREATS AGENTS TO ORGANIZATIONS 1.3 LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE 1.4 WHAT ARE THE RECENT SECURITY BREACHES? LIST AND GIVE EXAMPLES WITH DATES SOME SECURITY BREACHES EXAMPLES WITH DATES 10 THE CONSEQUENCES OF THIS BREACH 10 SUGGEST SOLUTIONS TO ORGANIZATIONS 11 TASK - DESCRIBE AT LEAST ORGANIZATIONAL SECURITY PROCEDURES (P2) ORGANIZATIONAL SECURITY PROCEDURE 11 11 TASK - IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND IDS (P3) 13 3.1 FIREWALLS AND POLICIES, THEIR USAGE, AND ADVANTAGES IN A NETWORK 13 3.2 THE FIREWALL PROVIDE SECURITY TO A NETWORK 15 3.3 SHOW WITH DIAGRAMS THE EXAMPLE OF HOW FIREWALL WORKS 16 3.4 DEFINE IDS, ITS USAGE, AND SHOW IT WITH DIAGRAMS EXAMPLES 17 3.5 THE POTENTIAL IMPACT (THREAT-RISK) OF A FIREWALL AND IDS IF THEY ARE INCORRECTLY CONFIGURED IN A NETWORK 20 TASK - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) 21 4.1 DMZ 21 4.2 DMZ USAGE AND SECURITY FUNCTION AS ADVANTAGE 23 4.3 STATIC IP 24 4.4 STATIC IP USAGE AND SECURITY FUNCTION AS ADVANTAGE 24 4.5 DEFINE AND DISCUSS NAT 25 4.6 NAT ITS USAGE AND SECURITY FUNCTION AS ADVANTAGE 26 CONCLUSION 27 BIBLIOGRAPHY 27 List of figures FIGURE 1: SECURITY THREAT FIGURE 2: TROJAN HORSE FIGURE 3: WANNACRY RANSOMWARE FIGURE 4: ADWARE FIGURE 5: SPYWARE FIGURE 6: WORM FIGURE 7: FIREWALL 13 FIGURE 8: FIREWALL POLICIES 14 FIGURE 9: PACKET FILTERING 15 FIGURE 10: STATEFUL INSPECTION 16 FIGURE 11: HOW FIREWALLS WORKS 17 FIGURE 12: THE USAGE OF IDS 18 FIGURE 13: NIDS 18 FIGURE 14: HIDS 19 FIGURE 15: EXAMPLE FOR IDS 20 FIGURE 16: DMZ 22 FIGURE 17: DEMILITARIZE ZONE DIAGRAM 23 FIGURE 18: STATIC IP 24 FIGURE 19: NAT 25 FIGURE 20: EXAMPLE OF NAT 26 Introduction: Security is a leading important area in the field of information technology, it determines the smooth operation of an application, website or internal system of the company In this assignment, risk will be discussed along with the problems associated with it Some examples of security breaches and ways to overcome security risks will be given At least organizational security procedures will be introduced Firewalls and IDSs will also be introduced and assessed for the potential risk of misconfiguring them DMZ, static IP and NAT will also be discussed and analyzed for advantages Task - Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1) 1.1 Threats A security threat is an act with bad intentions such as "crash" or steal data, user information, damage the system of a company, business or organization The threat may occur in the near or distant future Figure 1: Security threat It can be said that system security is the only method to be able to solve and close the vulnerabilities as well as potential risks of a system Security is a difficult area for developers, especially as more and more bad guys find vulnerabilities to attack there There are two types of risks that often appear: Physical threats and Non-physical threats Hardware-related problems can appear and disrupt the connection and lose data of the server A few examples of physical risks that can come from failure due to time, weather, human or humidity However, the risk of non-physical problems is the main issue to discuss Non-physical issues can cause data loss, data exposure, slow connections, and other security-related issues The main causes are a network attack with different purposes, spreading computer viruses, spyware, unauthorized access to computers to access data, and software containing code other poison These non-physical risks are always difficult problems and can only be solved by system security methods 1.2 Identify threats agents to organizations A threat actor is an active entity having a financial motivation to target an organization's or individual's equipment, operations, or systems Threat actors can be identified as distinct organizations or persons, or they might be classified based on their aims or ways of operation (Anon., 2016) Some of the threat actors are countries, employees, hackers, terrorists Enemy countries, large countries interfere or attack the systems of other countries Employees can also reveal confidential company information for objective or subjective reasons, allowing bad guys to get hold of the information and carry out an attack that bypasses the security layer Some viruses (malicious code) are created with the goal of spreading mass regardless of corporate or personal devices Hackers and terrorists infiltrate and attack the systems of state organizations, flights, for political reasons Most attack actors have monetary or political purposes 1.3 List type of threats that organizations will face Cyber thieves are becoming more sophisticated in their assault techniques and gaining access to companies' networks There are a variety of security issues that might affect an organization's ability to stay in business As a result, there is no way to know for sure whether or not a corporation is under assault The following are the many sorts of security dangers that businesses face, which can help them take preventative measures: A Trojan horse is a malicious program developed by a hacker to become legitimate software with the purpose of accessing the system of a company, business or organization It is designed to delete, modify, corrupt, or intercept data or networks The victim receives an email with an attachment that seems like it came from the government Malicious code may be embedded in attachments, which is run as soon as the victim clicks on it The victim was unaware or had no suspicion that the attachment was a Trojan horse in this case Figure 2: Trojan horse A virus is a type of malicious code that can infect a computer when a user clicks on a link, opens a web page or downloads an unknown file and opens it Users are difficult to detect until signs appear such as slow machine, data loss or worse, locked However, there are many good anti-virus software that can be used to avoid the intrusion and destruction of viruses Figure 3: WannaCry ransomware Adware is a type of software that contains commercial and marketing-related advertisements, such as those that appear on a company's computer screens in the form of plop-ups or bars, banner advertising, or videos Adware is mostly Web-based and collects data from web browsers in order to target advertisements, mainly pop-ups Freeware and pitch ware are two terms used to describe adware Figure 4: Adware Adware operates by redirecting us to an advertising website and collecting information from us when we click on certain types of adverts By monitoring our online actions and selling that information to a third party, it may also be used to steal all of our sensitive information and login passwords Spyware is a sort of unwanted security threat to businesses that installs itself on a user's computer and gathers sensitive data such as personal or company information, login passwords, and credit card information without the user's knowledge This sort of attack keeps track of our online activities, logs our login credentials, and snoops on our personal information Figure 5: Spyware Some actions that can be monitored by spyware are keystrokes, screenshots, reading cookies, passwords, etc Spyware can be installed as typical malware, such as phishing advertising, emails, and instant messaging, or it can be installed automatically or as a hidden element of a software package Worms are similar to viruses in that they replicate themselves, while viruses not The way a computer worm spreads: It may propagate without the help of humans by exploiting software security weaknesses and attempting to get access to steal important information, corrupt files, and install a back door allowing remote access to the system Figure 12: The usage of IDS In order to identify possible intrusions, a network intrusion detection system monitors network traffic and hosts The NIDS system is connected to a network hub, network tap, or network switch that has been configured to facilitate network traffic monitoring Monitoring stations are placed in high-traffic locations of the network to analyse network data packets for possibly harmful behaviors while putting up a network intrusion detection system Figure 13: NIDS Host-based intrusion detection systems (HBIDs) are meant to have a single network host agent that locates network intrusions using application logs, file-system alterations, and system call 18 analysis A software agent is typically used as a sensor in a host-based intrusion detection system (s) OSSEC and Tripwire are two examples of HIDS Figure 14: HIDS As a successor technology to HBIDs, stack-based intrusion detection systems (SIDS) were created SIDS monitor network packets as they pass through the TCP/IP network stack As a result, the SIDS technology does not have to connect with the network interface in promiscuous mode, which saves time and money 19 Figure 15: Example for IDS 3.5 The potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network As for the firewall, misconfiguration can pose many risks to the computer If it is too complicated, it will make accessing and accessing data slow because the security level is too high and takes more time On the contrary, if the configuration is too loose, the security level is also poor, resulting in leaked data affecting the activities of individuals or businesses Therefore, administrators often install appropriate configurations for firewalls to avoid potential threats and risks as above IDS is not really perfect, when misconfigured it can ignore a certain network attack because false positives appear, each system will have its own type of attack Another vulnerability of IDSs that rely on signature files is updating the signature library to include the latest threats When undone, the network can be ready for attack from the most current threats In addition, a fake message attack is also possible Therefore, the administrator must know how to recognize and build the appropriate configuration 20 Task - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) 4.1 DMZ A DMZ Network is a perimeter network that protects an organization's internal local-area network from untrusted traffic and adds an extra degree of protection A DMZ is a subnetwork that connects the public internet to private networks (Webb, 2014) The purpose of a DMZ is to allow an organization to connect to untrusted networks, such as the internet, while maintaining the security of its private network or LAN External-facing services and resources, as well as servers for the Domain Name System (DNS), File Transfer Protocol (FTP), mail, proxy, Voice over Internet Protocol (VoIP), and web servers, are often stored in the DMZ (Webb, 2014) To guarantee that these servers and resources can be accessible through the internet but not the internal LAN, they are segregated and given limited access to the LAN As a result, using a DMZ makes it more difficult for a hacker to acquire direct internet access to an organization's data and internal servers 21 Figure 16: DMZ There are two commonly used DMZ configuration types: Single Firewall DMZ network and Dual Firewall DMZ network A single firewall DMZ network consists of main elements: a firewall, a switch, and a server The firewall is the only place that protects the network, the switch ensures the right movement of traffic to the right space Network Dual Firewall DMZ is a dual firewall system, including firewall, DMZ, LAN After going through the first firewall, you can access the resources in the DMZ, then you have to go through the second firewall to access the LAN Some of the servers that usually put the DMZ are web servers, FTP servers, email servers 22 Figure 17: Demilitarize Zone Diagram 4.2 DMZ usage and security function as advantage DMZ essentially adds another degree of protection to the internal network By putting a cache between external users and the private network, it restricts access to sensitive data, resources, and services Access control, stopping attackers from eavesdropping on possible targets, and safeguarding enterprises from IP spoofing attacks are among the other advantages In addition, the DMZ provides other security benefits, such as: Enable access control: Businesses can utilize the public internet to give consumers with access to services outside of their network's reach The DMZ provides access to these services while also performing network segmentation to prevent unwanted users from gaining access to the private network A proxy server, which centralizes the flow of internal traffic and facilitates monitoring and recording of that traffic, may be included in a DMZ Prevent network espionage: The DMZ acts as a barrier between the internet and a private network, preventing attackers from conducting reconnaissance in search of possible targets Although the servers in the DMZ are accessible to the public, a firewall provides an additional degree of protection by preventing an attacker from viewing the internal network Even if the DMZ system is hacked, the internal firewall will keep the private network distinct from the DMZ, keeping it safe and preventing outside reconnaissance 23 Block IP spoofing: Attackers try to obtain access to the system by spoofing the IP address and impersonating a network-connected device When another service validates the validity of an IP address, the DMZ can identify and prohibit such spoofing efforts The DMZ also acts as a network segmentation zone, allowing for structured traffic and public services to be accessible from within the internal private network 4.3 Static IP A static IP address is a 32-bit number that is issued to a computer to use as an internet address An internet service provider will usually supply this number in the form of a dotted quad (ISP) (Gillis, 2020) Figure 18: Static IP Because a static IP address does not change, it does not necessitate system administration However, because there is a limit to the number of static IP addresses available, obtaining one might be expensive IPv6 is a solution to this problem IPv6 enhances the number of accessible IP addresses by extending them from 32 bits to 128 bits (16 bytes), making static IP addresses easier and less expensive to obtain and maintain (Gillis, 2020) Companies and corporations that host online content or servers frequently utilize static IP addresses 4.4 Static IP usage and security function as advantage The first advantage of using, the security of a static IP address is to have a better target on the web Large websites use static IP addresses so finding them should be easy 24 The second advantage is a higher level of security When you set the static IP layer, the organization gets a layer of security against the problems of network attacks It helps to reduce the breaking of a link Simply put, you're less likely to fail when connecting to your home business via a static IP address because it doesn't change Download and upload speeds will become faster It also provides users with remote access Dynamic IP can lose notifications when moving but static IP does not fear that because its position does not change In businesses and organizations, static IPs can be linked to printers to make work easier Companies usually only have printer per room 4.5 Define and discuss NAT The process of altering source and destination ports and IP addresses is known as NAT (Network Address Translation) Address translation conceals private network addresses and lowers the requirement for IPv4 public addresses A router or a firewall is generally responsible for this operation The main goal of NAT is to reduce the number of public IP addresses that a corporation or organization must utilize, both economically and for security reasons Figure 19: NAT There are three different kinds of NAT: Static NAT is a method of converting a private IP address to a public one The public IP address remains constant Private IP addresses are mapped to a pool of public IP addresses via dynamic NAT 25 Port Address Translation (PAT) - all internal devices have the same public IP address, but each private IP address has a separate port NAT Overload is another name for it Figure 20: Example of NAT For example, a web page is requested from an Internet server by a server The source address of the request must be altered by the router since Server A utilizes a private IP address, which is not routable on the Internet The packet is received by router R1, which converts the source IP address to its public IP address and transmits it to server S1 The transmission is received by server S1, which responds to router R1 The packet is received by Router R1, which converts the destination IP address to Host A's private IP address before sending it to Host A 4.6 NAT its usage and security function as advantage Some of the benefits of NAT when it comes to security: NAT makes network management easier by allowing administrators to utilize any local addressing scheme in IPv4 Every device in a private environment that uses NAT does not require a single public IP address to connect to the public network Local addressing is possible thanks to NAT, which is unaffected by external limitations NAT saves IP addresses on the first two levels by not using global IP addresses in local addressing, while the second level saves IP addresses by not using local addresses in global addressing, mostly in the IPv4 system NAT also adds security to your network by preventing others from seeing your internal address structure 26 Nat additionally adds an added layer of security by not publishing the device's IP address or transmitting adverts to traffic-receiving devices When it comes to setting up a network, NAT gives you more options Address duplication is considerably reduced when using NAT Local devices are independently addressed using NAT, which makes adding a new client in a local network context easy Even if the service provider changes, NAT permits the usage of a private IP address system Conclusion In this assignment, risk will be discussed along with issues related to it such as agent, some possible risk or a cyber attack Some examples of security breaches such as Yahoo, Alibaba and ways to overcome risks and security will be given, consequences are also assessed organizational security procedures were introduced Firewalls and IDSs will also be introduced to their definition, operation methods, users, and potential risk assessment when misconfigured DMZ, static IP and NAT were also introduced to define, work, and find out the advantages of their use and security Bibliography Anon., 2016 cryptosmith [Online] Available at: https://cryptosmith.com/2016/01/31/threatagents-and-levels-of-motivation/ (Accessed 23 February 2022) Hill, M and Swinhoe, D., 2021 The 15 biggest data breaches of the 21st century [online] CSO Online Available at: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-ofthe-21st-century.html (Accessed 23 February 2022) Chadwick, D., 2001 Network firewall technologies NATO SCIENCE SERIES SUB SERIES III COMPUTER AND SYSTEMS SCIENCES, 178, pp.149-168 Webb, J., 2014 Network Demilitarized Zone (DMZ) Gillis, A., 2020 static IP address [online] WhatIs Available at: https://whatis.techtarget.com/definition/static-IP-address (Accessed 23 February 2022) 27 Powered by TCPDF (www.tcpdf.org) Index of comments 2.1 The organizational academic Report structure is Recognized # Below are the comments based on your report P1 Identify the types of security threats to organizations Define threats: Identify threats agents to organizations: Threats agents Mother nature Human-agent Natural Agents Nations Corporations Organized crimes Terrorists Employee List type of threats that organizations will face: Crackers Hackers Malware Viruses What are the recent security breaches? List and give examples with dates: Discuss the consequences of this breach: Suggest solutions to organizations: you defined the threat; you identified threats to the organization in the report The recent security breach was listed with the date However, some of the dates provided are not recent You did discuss the consequences and provide solutions for mitigation for the recently published breach P1 Pass P2 Describe at least three organizational security procedures Organizational security procedure: Incidence response policy AUP Acceptable use policy Security Policy Human resource policy BCP Business continuity policy Your report did not iterate the policies However, a few methods under the policy were mentioned and discussed P2 Pass Index of comments P3 Identify the potential impact on IT security of incorrect firewall policies and IDS configuration Discuss firewalls and policies, their usage, and advantages in a network briefly: How does a firewall provide security to a network? Show with diagrams the example of how a firewall works: Define IDS its usage, and show it with diagrams examples: Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network: you discussed firewalls, policy, usage and advantages in a network setting How firewalls provide security to the network was discussed You gave a diagram illustration for the firewall The report did define IDS, usage illustrating with diagram example You mentioned the potential impact of an incorrectly configured firewall and IDS in the information P3 Pass P4 Show, using an example for each, how implementing a DMZ, static IP, and NAT in a network can improve Network Security Define and discuss DMZ: DMZ usage and security function as an advantage: Define and discuss static IP Static IP usage and security function as an advantage: Define and discuss NAT: NAT its usage and security function as an advantage: you defined DMZ with a brief discussion in the report Usages, Security functions and advantages were all detailed in the report The report defined and discussed static IP with the aid of a diagram; you gave an advantage for using static IP in the network environment You provided NAT usage, security functions and advantages in the report P4 Pass M1 Propose a method to assess and treat IT security risks Not implemented Index of comments M2 Discuss three benefits to implementing network monitoring systems with supporting reasons Not implemented D1 Investigate how a ‘trusted network’ may be part of an IT security solution Not implemented 10 minutes of PowerPoint and additional speaker The report contents are missing the PowerPoint presentation Recommendation It would help if you were more focused on your studies; your report has missing components Document formatting Your document format, justification, fonts and size are ok Documents are justified References: References are ok Index of comments The report has references; however, the authorities did not fully conform to the Harvard style FrontPage: Frontpage is ok There are missing components such as submission dates The front page is ok NOTE You must write all questions clearly with the corresponding number, such as P1, P2, P3, P4, followed by the answer All report questions must proceed with P1, P2, P3 etc File naming convention: Your full name and student Id required, with the course name Filename ASM1_Se.pdf is not acceptable; please use the conventions on the right next time 1623-GCH0123-Michael_Omar Introduction/ Contents The report has an introduction The introduction is ok Conclusions / The report has a conclusion Your conclusion is short 3.1 Table of contents must be formal Powered by TCPDF (www.tcpdf.org) ... least organizational security procedures (P2) Organizational security procedure A security process is a collection of steps that must be followed in order to complete a certain security duty or function... Furthermore, security protocols guide the person doing the action to the intended outcome Define data security procedures: Information security is a field that deals with a wide variety of computer security. .. advantages Task - Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1) 1.1 Threats A security threat is an act with