information technology assignment 1 unit security

CHAPTER 1Risks to IT security1.1 LO1 Assess risks to IT security.1.1.1 Identify types of security threat to organisations P1Definition of IT Security:Computer security, cybersecurity, or

BTEC FPT INTERNATIONAL COLLEGE

INFORMATION TECHNOLOGYASSIGNMENT 1

ASSIGNMENT 1 FRONT SHEETQualification BTEC Level 4 HND Diploma in Business

Unit number and title Unit: Programming

Submission date Date received (1st sub- mission)

Re-submission date Date received (2ndsubmission)

Student name LE HUU HOANG

Grading grid

iSummative Feedbacks: Resubmission Feedbacks:

Grade: Assessor Signature: Date:Internal Verifier’s Comments:

Signature & Date:

CHAPTER 1 Risks to IT security 2

1.1 LO1 Assess risks to IT security 2

1.1.1 Identify types of security threat to organisations (P1) 2

1.1.2 Describe at least 3 organisational security procedures.(P2) 8

CHAPTER 2 Describe IT security solutions 13

2.1.1 Identify the potential impact to IT security of incorrect configuration of

firewall policies and IDS (P3) 13

2.1.2 Show, using an example for each, how implementing a DMZ, static IPand NAT in a network can improve Network Security (P4) 16

DMZ 16

LIST OF TABLES AND FIGURES

Figure 1IT Security 2

Figure 2 Types of malware 5

Figure 3 SQL Injection 6

Figure 4 Fake attack 7

Figure 5 Attack in the middle 7

Figure 6 Attack denial of service 8

Figure 7 Encrypt data 9

Figure 8 Use a strong password 10

Figure 9 2-Step Verification 10

Figure 10 Firewall 16

Figure 11 IDS 16

Figure 12 DMZ 17

Figure 13 Static IP 19

Figure 14 NAT (Network Address Translation) 19

Figure 15 Static Nat 20

Figure 16 Dynamic NAT 21

Figure 17 NAT Overload 21

LIST OF ACRONYM

ADSL Asymmetric Digital Subscriber LineARCNET Attached Resource Computer NetworkARP Address Resolution Protocol

DHCP Dynamic Host Configuration ProtocolDHCS Dynamic Host Configuration Server

Perfomed Student: xxxxxxx 1

INTRODUCTIONDsasadsada d sad sad sad sa

CHAPTER 1Risks to IT security

1.1 LO1 Assess risks to IT security.

1.1.1 Identify types of security threat to organisations (P1)Definition of IT Security:

Computer security, cybersecurity, or information technology security is theprotection of computer systems and networks from information disclosure, theft ofor damage to their hardware, software, or electronic data, as well as from thedisruption or misdi- rection of the services they provide.

The importance of IT security:

Currently, it is critical to protect an individual's or organization's database system inorder to prevent hackers from entering the system and stealing the database If thesecurity system is inadequate or exposed, that individual's or organization's data willbe taken extremely rapidly.

Figure 1IT SecuritySecurity threats to the organization.

There are 3 threats to network security for an organization:

Cybercrime (Cybercrime): is a group of objects, or individuals, who commit financial crimes or want to shut down the system of any individual or organization.

Cyberattack: Cyberattacks are often aimed at politics.

Cyberterrorism (Cyberterrorism): the main objective is to damage the electronic tem, cause the whole system to paralyze, causing panic and fear by users ororganizations.

sys-Methods that threaten an organization's security:Malware - Malware

Malware (a portmanteau for malicious software) is any software intentionallydesigned to cause disruption to a computer, server, client, or computer net-work, leak private information, gain unauthorized access to information orsys- tems, deprive users access to information or which unknowinglyinterferes with the user's computer security and privacy By contrast, softwarethat causes harm due to some deficiency is typically described as a softwarebug Malware poses serious problems to individuals and businesses.According to Syman- tec’s 2018 Internet Security Threat Report (ISTR),malware variants number has increased to 669,947,865 in 2017, which istwice as many malware vari- ants as in 2016.Cybercrime, which includesmalware attacks as well as other crimes committed by computer, waspredicted to cost the world economy 6 trillion dollars in 2021, and isincreasing at a rate of 15% per year.

Many types of malware exist, including computer viruses, worms, Trojanhorses, ransomware, spyware, adware, rogue software, wiper, andscareware The defense strategies against malware differs according to thetype of mal- ware but most can be thwarted by installing antivirus software,firewalls, ap- plying regular patches to reduce zero-day attacks, securingnetworks from in- trusion, having regular backups and isolating infectedsystems Malware is now being designed to evade antivirus softwaredetection algorithms.

Types of malware:

Virus: We tend to think of all malware as viruses, but that's incorrect A virusmodifies host files and when you execute a file on the victim's system, you execute thevirus as well Nowadays, with different types of malware infecting the networked world,computer viruses have become less common; they account for less than 10% of allmalware.

Remember, viruses infect other files, they are the only malware that infects otherfiles, and as such, it is difficult to clean them up Even the best anti-virus programs live withthis; most of the time they will delete or quarantine the infected file and cannot get rid ofthe virus.

Worm: A worm is malicious software that has the ability to self-replicate and spreadwithout the action of the end user, causing real havoc Viruses need the end user toremove them so they can go on and infect other files and systems Worm does not needany such end user action It simply propagates itself, replicating itself in the process, anddestroying connected systems, devices, networks, and infrastructure.

Worms spread by exploiting other files and programs to do the job of spreading.When one person in an organization opens an email containing a Worm, the entirenetwork in the organization can become infected within minutes.

Trojan: Trojans, reminding you of what happened during the Trojan war, ade as legitimate programs However, they contain malicious instructions Trojans mainlycome via email or spread from infected websites that users visit They only work when thevictim does it.

masquer-Ransomware: Ransomware, as the name suggests, demands ransom from you toget everything back the way it was The main problem with ransomware, which has spreadso quickly across organizations, networks, and countries, is that they encrypt all the files ina system or network, making them inaccessible A ransom note pops up, asking forpayment in crypto, to decrypt the files If the ransom is not paid, the encrypted files mayend up being destroyed and as a result, ransomware will be considered as one of the mostdestructive forms of malware.

Most ransomware are Trojans and spread through social engineering.Unfortunately, in some cases, hackers refuse to decrypt files even after you pay theransom.

Adware: Adware is nothing but trying to expose users to unwanted malicious ads.These ads will most likely infect a user device.

There are adware programs that redirect users, during a browser search, to looking websites that advertise other products Easier adware removal You just need tofind the executable malicious code and remove it.

similar-Spyware: Spyware, as the name suggests, helps hackers to spy on systems andusers This type of malware can be used for key-logging and similar activities, therebygiving hackers access to personal data (including logins) and intellectual property.

Spyware is also used by people who want to check the computer activities of peoplethey personally know Spyware, like adware, is very easy to remove.

Rogue security software: is a form of malicious software and internet fraud thatmisleads users into believing there is a virus on their computer and aims to convince themto pay for a fake malware removal tool that actually installs malware on their computer It isa form of scareware that manipulates users through fear, and a form of ransomware.Rogue security software has been a serious security threat in desktop computing since2008 An early example that achieved infamy was Spy Sheriff and its clones.

Wiper: In computer security, a wiper is a class of malware intended to erase (wipe)the hard drive of the computer it infects, maliciously deleting data and programs.

Scareware: is a form of malware which uses social engineering to cause shock,anx- iety, or the perception of a threat in order to manipulate users into buying unwantedsoftware Scareware is part of a class of malicious software that includes rogue securitysoftware, ransomware and other scam software that tricks users into believing theircomputer is in- fected with a virus, then suggests that they download and pay for fakeantivirus software to remove it Usually the virus is fictional and the software is non-functional or malware itself According to the Anti-Phishing Working Group, the number ofscareware packages in circu- lation rose from 2,850 to 9,287 in the second half of 2008 Inthe first half of 2009, the APWG identified a 585% increase in scareware programs.

Figure 2 Types of malware.

SQL Injection:

SQL injection is a web security vulnerability that allows an attacker to interfere withthe queries that an application makes to its database It generally allows an attacker to viewdata that they are not normally able to retrieve This might include data belonging to otherusers, or any other data that the application itself is able to access In many cases, an at-tacker can modify or delete this data, causing persistent changes to the application'scontent or behavior.

In some situations, an attacker can escalate an SQL injection attack to compromisethe underlying server or other back-end infrastructure, or perform a denial-of-serviceattack.

Figure 3 SQL InjectionFake attack.

Phishing attack is a type of social engineering attack often used to steal user data,including login credentials and credit card numbers It occurs when an attacker, masquer-ading as a trusted entity, dupes a victim into opening an email, instant message, or textmessage.

Figure 4 Fake attackAttack in the middle:

In cryptography and computer security, a man in the middle, monster in the middle,machine in the middle, monkey in the middle, man in the middle (MITM) or man in themiddle (PITM) attack is a A cyber attack in which an attacker secretly relays and can altercommunications between two parties that believe they are communicating directly,because the attacker has stepped in between the two.

Figure 5 Attack in the middleAttack denial of service

In computing, a denial of service attack (DoS attack) is a cyber attack in which theperpetrators seek to make a machine or network resource unavailable to its intended usersby temporarily or indefinitely disrupting services of a host connected to a network.

Figure 6 Attack denial of service

1.1.2 Describe at least 3 organisational security procedures.(P2) Steps to secure information for all businesses and organizations.Step 1: Encrypt data

Data Encryption is the process of transforming information from one form to anotherthrough technical measures to prevent illegal access from unauthorized people.

Encryption is to ensure the safety of information, especially in the current digital age Itcan be said that encryption is the guarantee of confidentiality and integrity of information,when information is transmitted on the internet or when it is attacked by a network and sto-len.

Figure 7 Encrypt dataStep 2: Use a strong password

Encryption helps businesses keep information secure in case of theft However, a newpassword is a step towards protecting information directly from hackers Many businessesknow this, but they often take it lightly Create and manage passwords scientifically accord-ing to the instructions of SecurityBox below:

Set a strong enough password

Factors that make a password strong enough include:The password is long enough

Password includes uppercase, lowercase letters, numbers, strange characters Password does not include basic information such as name, date of birth, username, etc Scientific password management

Do not reveal your password to others

Don't use the same password for multiple platforms.Do not write passwords in unencrypted places.Change your password regularly.

Figure 8 Use a strong passwordStep 3: 2-Step Verification

Figure 9 2-Step Verification

Even if the data is encrypted and the password is set strong enough, it is still possiblefor users to lose their password when using an unsecured wireless network It could be thepublic network at a cafe or school… This is where 2-step authentication protects you Two-step authentication requires that in addition to the password, the user needs another infor-mation to log in to the website or service.

Google has provided this service under the name 2-step verification Even if hackersknow the user's Google account password, they can't gain access Because they don'tknow what is the randomly generated code sent to the user's phone.

Besides Google, there are now many other platforms that offer 2-step authentication.Choose to use them to better protect your account and information.

Step 4: Secure LAN system against outside access

Another aspect of information security is how users connect with the outside world terprises need to control external access to the network

En-When setting up a wifi router, businesses can completely increase their safety by turningoff SSID Broadcast, turning on MAC Address Filtering and AP Isolation Also, make sureyou've enabled firewalls on your router and computer to prevent applications from makingun- wanted communications.

Step 5: Managing network security risks for businesses

SecurityBox 4Network network security risk management solution was developed andperfected to solve all the difficulties of enterprises in protecting internal network security.

SecurityBox will act as an enterprise intranet system monitor The solution helps toensure a safe 24/7 status for the network The device paints an overall picture of thenetwork secu- rity state of the enterprise Helps businesses get a visual view of thenetwork's strengths, weaknesses, and threats More importantly, the device also offerssolutions to help over- come existing vulnerabilities Finally, the productivity functionperiodically reports on the state of network security in the enterprise.