btec level 5 hnd diploma in computing unit 5 security 4

How does a firewall provide security to a network?. Hackers dubbed "God Users" have used data scraping techniques to abuse the site''''s and other sites'''' APIs to dump the initial informatio

ASSIGNMENT 1 FRONT SHEET

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand thatmaking a false declaration is a form of malpractice.

Student’s signatureGrading grid

❒Summative Feedback: ❒Resubmission Feedback:

Lecturer Signature:

Table of Contents

I Identify types of security threat to organizations Give an example of a recently publicized security breach and

discuss its consequences (P1) 4

1 Define threats: 4

2 Identify threats agents to organizations (Lamb, n.d.) 4

3 List type of threats that organizations will face (Rosencrance, n.d.) 5

4 What are the recent security breaches? List and give examples with dates (Swinhoe, 2022) 8

5 Discuss the consequences of this breach (AS, 2021) 9

6 Suggest solutions to organizations (Beringer, 2019) 11

II Describe at least 3 organizational security procedures 12

1 Define security procedures 12

2 Security procedures 12

3 Process set up and implementing procedures 13

III Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 14

1 Discuss briefly firewalls and policies, their usage and advantages in a network 14

2 How does a firewall provide security to a network? (kaspersky, n.d.) 15

3 Show with diagrams the example of how firewall works 17

4 Define IDS, its usage, and show it with diagrams examples 17

5 Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network 19

5.1 The potential impact (Threat – Risk) of firewall 19

Network Security (P4) 21

1 Define and discuss with the aid of diagram DMZ (Lutkenvich, 2021) 21

1.1 What is a DMZ? 21

1.2 Why are DMZs important? 22

1.3 How does a DMZ work? 22

1.4 What are the benefits of using a DMZ? 23

1.5 What DMZs are used for 23

2.1 Definition static IP 24

2.2 When a static IP address is necessary 25

2.3 How static IP addresses work 26

2.4 Advantages of static IP 26

2.5 Disadvantages of static IP 27

3 Define and discuss with the aid of diagram NAT (Hanna, 2021) 27

3.1 What is Network Address Translation (NAT)? 27

3.2 How does Network Address Translation work? 28

3.3 What are the various types of NAT techniques? 28

References 30

Table of FiguresFigure 1: Threat 4

Figure 2: Firewall 14

Figure 3: Diagrams the example of how firewall works 17

Figure 4: Intrusion Detection System (IDS) 18

Figure 5: IDS Diagram 19

Figure 6: DMZ 22

Figure 7: Static IP 25

I.Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1).

1 Define threats:

A security threat is a risk that jeopardizes the smooth operation of a computer This could be adware or a harmful Trojan As the world becomes more digital, concerns about computer security are growing

2.Identify threats agents to organizations[ CITATION Mat23 \l 1033 ]

-Nation States: Companies that engage in specific industries, such as telecom, oil and gas, mining,

power production, and national infrastructure, may become targets for foreign countries, either to disrupt operations today or to give that nation a hold in the future during difficult times.

-Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses

perpetrated by vandals and the general public):

o The number of random attacks that take place every day is so large that any organization can become a victim

o The most famous example of a non-targeted attack is the WannaCry ransomware incident, which affected over 200,000 computers in 150 countries In the UK, the NHS has been shutdown for several days And of course there's his teenager bored in an attic somewhere, scouring the internet to find weak links

o Machines and software programs are well protected against malware, as long as it's not a zero-day virus Humans, either maliciously or accidentally, are often the weakest link in security systems

o Common mistakes like sending an email to the wrong person happen, but you can usually spot the mistake quickly and correct the situation Simple measures like password-protecting files can also help reduce the impact of such errors

o In other cases, companies need professional assistance and may hire contractors or external agencies who need access to systems and data In many cases, these third parties may not have the same level of security as the devices that have access to your controller's data, which can cause problems

-Terrorists and Hacktivists (political parties, media, enthusiasts, activists, vandals, general public,

extremists, religious followers): Similar to the threat posed by nation states, the level of threat posed by these agents depends on your activities However, the threat of indiscriminate attacks may continue as some terrorists seek to target specific industries and countries

-Organized crime (local, national, transnational, specialist): Criminals target personal data for a

variety of reasons Credit card fraud, identity theft, bank account fraud, and more These crimes arenow being carried out on an industrial scale Methods vary from phishing attacks to "watering hole" sites, but the end result is the same You and your data are extracted and used for malicious purposes

-Natural disasters (fire, flood, earthquake, volcano): While not cyberattacks, these events can have

the same net impact on your ability to do business A data disaster has occurred Earthquake risk is

very low in the UK, but every year we see images of cities underwater

-Corporates (competitors, partners): The threat of competitors stealing your IP is obvious, but we

are increasingly working with a number of partner organizations to fill skill and resource gaps, or simply provide services Depending on their motives, these partner companies may unknowingly or maliciously steal or disclose your intellectual property or personal information held by you

3.List type of threats that organizations will face[ CITATION Lin23 \l 1033 ]-Insider threats:

o Insider threats occur when people close to your organization who have granted you access to your network intentionally or unknowingly misuse that access to compromise your organization's critical data and systems.

o Careless employees who do not adhere to the organization's business rules and policies create an insider threat For example, a customer's details could be accidentally emailed to an external party, a phishing link in an email could be clicked on, or credentials could be shared with others Contractors, business partners, and third parties are sources of other insider threats.

o Some Insiders deliberately circumvent security measures out of convenience, or make advised attempts to boost productivity Malicious insiders can intentionally circumvent cybersecurity protocols to delete data, steal data for later sale or misuse, disrupt operations, or otherwise compromise an organization or cause damage

o Viruses and worms are malicious software programs (malware) designed to damage an organization's systems, data, and networks A computer virus is malicious code that replicates by copying itself into another program, system, or host file It remains dormant until someone intentionally or accidentally activates it and spreads the infection without theuser's or system administrator's knowledge or permission.

o A computer worm is a self-replicating program that copies itself into a host program and spreads without human intervention Its main function is to infect other computers while continuing its activity on the infected system Worms often spread through automatic, invisible parts of the operating system Once a worm enters a system, it immediately beginsreplicating itself and infecting poorly protected computers and networks

o A botnet is a collection of internet-connected devices, such as PCs, mobile devices, servers,and IoT devices, that are infected and remotely controlled by common types of malware Botnet malware typically scans the entire Internet looking for vulnerable devices The goal of threat actors creating botnets is to infect as many connected devices as possible and use

g y p

the processing power and resources of those devices to perform automated tasks that are normally hidden from the device's users to execute The attackers (often cybercriminals) that control these botnets use them to send spam emails, engage in click-fraud campaigns, and launch malicious attacks for distributed denial-of-service attacks generate traffic.

-Drive-by download attacks:

o A drive-by download attack downloads malicious code from a website through a browser, application, or embedded operating system without the user's permission or knowledge The user does not have to click anything to activate the download Simply visit or browse the website to start the download Cybercriminals can use drive-by downloads to insert

banking Trojans, steal and harvest personal information, deploy exploit kits and other malware to endpoints

-Phishing attacks:

o Phishing attacks use social engineering to trick users into breaking normal security practices and revealing sensitive information such as names, addresses, login information, Social Security numbers, credit card information, and other financial information It is a type of information security threat Most of the time, hackers send fake emails that appear to come from legitimate sources such as financial institutions, eBay, PayPal, and even friends and colleagues.

o In a phishing attack, hackers try to trick users into performing recommended actions such as: Clicking on a link in an email that leads to a fraudulent website that asks for personal information or installs malware on your device Opening email attachments can also install malware on a user's device designed to collect sensitive information, email contacts, or allow remote access to the device

-Distributed denial-of-service (DDoS) attacks:

o In a distributed denial of service (DDoS) attack, multiple compromised machines attack a target, such as A server, website, or other network resource that renders the target completely inoperable A barrage of connection requests, incoming messages, or malformed packets can cause the target system to slow down or crash and shut down, denying service to legitimate users or systems

o In ransomware attacks, the victim's computer is typically locked down using encryption, preventing the victim from using the device or the data stored on it Victims have to pay thehackers a ransom in order to regain access to their devices and data Payments are usually made in cryptocurrencies such as Bitcoin Ransomware can spread through malicious emailattachments, infected software apps, infected external storage devices, and compromised websites

-Exploit kits:

o Exploit kits are programming tools that allow people with no experience writing software code to create, customize, and distribute malware Exploit kits are known by many names, including infection kits, crimeware kits, DIY attack kits, and malware toolkits

Cybercriminals use these toolkits to target system vulnerabilities to propagate malware or engage in malicious activities such as: B Steal company data, launch denial-of-service attacks, or build botnets

-Advanced persistent threat attacks:

o An Advanced Persistent Threat (APT) is a targeted cyberattack in which an unauthorized intruder enters a network and remains undetected for an extended period of time The purpose of APT attacks is not to damage systems or networks, but to monitor network

activity, steal and gain access to information such as exploit kits and malware Cybercriminals typically use APT attacks to target high-value targets, such as large corporations or nation states, and steal data over time

o Malvertising is a technique used by cybercriminals to inject malicious code into legitimate online advertising networks and websites This code usually redirects users to malicious websites or installs malware on their computers and mobile devices A user's computer can be infected without clicking anything to initiate a download Malvertising can be used by cybercriminals to deploy a variety of money-making malware, including cryptomining scripts, ransomware, and banking Trojans.

o Some of his websites for well-known companies such as Spotify, The New York Times and London Stock Exchange falsely display malicious ads that put users at risk

4.What are the recent security breaches? List and give examples with dates [ CITATION Mic221 \l 1033 ]

-LinkedIn (June 2021):

o Professional networking giant LinkedIn discovered a dark web forum posting data on 700 million users in June 2021, affecting over 90% of its user base Hackers dubbed "God Users" have used data scraping techniques to abuse the site's (and other sites') APIs to dump the initial information records of approximately 500 million customers He then boasted that he had sold his entire 700 million customer database LinkedIn argued that the incident was a violation of its terms of service rather than a breach of privacy because no sensitive personal information was disclosed, but the data sample posted by God User included an email address, phone numbers, and geolocation records His social media details, such as gender, could provide malicious attackers with a ton of data and create compelling subsequent social engineering attacks after the leak, according to the UK's NCSC I am warning you

-Facebook (April 2019):

o In April 2019, it was announced that two sets of data from the Facebook app were exposed to the public internet Information related to over 530 million of his Facebook users included phone numbers, account names and Facebook IDs However, two years later (April 2021), the data was made publicly available for free, revealing new and bona fide criminal intent associated with the data In fact, given the sheer number of phone numbers that were affected as a result of the incident and available on the dark web, security researcher Troy Hunt suggested that the HaveIBeenPwned (HIBP) credential verification site could allow users to access their phone Added the ability to check that a exists The numbers were included in the published dataset.

o “It was never our intention to make phone numbers searchable,” Hunt wrote in a blog post "My position on it was that it didn't make sense for many reasons Facebook data changed everything He has over 500 million phone numbers, but only a few million email addresses, so over 99% of people miss it when it should be hit.”

-Alibaba [tie with Aadhaar] (November 2019):

o For eight months, an affiliate marketer developer used crawler software he created to scrape customer data, including usernames and mobile phone numbers, from Taobao, Alibaba's shopping website in China bottom Both of them sentenced him to three years in prison, although the developer and his employer apparently collected the information for their own use and did not sell it on the black market.

o A Taobao spokesperson said in a statement: “Taobao devotes significant resources to combating unauthorized scraping on our platform because privacy and security are paramount We actively detect this unauthorized scraping and It has been remediated and we will continue to work with law enforcement to protect and protect the interests of our users and partners."

-Sina Weibo (March 2020):

o Sina Weibo is one of China's largest social media platforms with over 600 million users In March 2020, the company claimed that an attacker had obtained part of its database, revealing his 538 million Weibo users and personal information such as their real names, website usernames, gender, location and phone number declared to have an impact The attacker allegedly sold the database on the dark web for $250.

o China's Ministry of Industry and Information Technology (MIIT) has ordered Weibo to improve its data security measures to better protect personal information and notify users and authorities in the event of a data security incident In a statement, Sina Weibo said the attackers could collect publicly posted information and passwords using a service designed to help users find their friends' Weibo accounts by entering their phone numbers claimed tobe unaffected However, it acknowledged that the disclosed data could be used to match accounts and passwords if passwords are reused on other accounts.The company has

strengthened its security strategy said it had reported the details to the relevant authorities 5.Discuss the consequences of this breach [ CITATION Sun21 \l 1033 ]

o Losing the trust of customers and stakeholders can be the most damaging effect of cybercrime The overwhelming majority of people will not do business with companies thathave been attacked, especially if they fail to protect their customers' data This can lead not only to lost business, but directly to the erosion of the brand you worked so hard to build.It

is difficult to quantify reputational damage due to a data breach on a case-by-case basis, butindustry relations told his ITPro: It's due to trust issues and partly due to recovery issues "

o A cyberattack on a high-profile bank can present a large loot for the attacker, but the defenses of smaller companies are typically less sophisticated and easier to penetrate, making them less likely to be attacked I'm here Cyber-scams result in financial losses, but stolen data can be far more valuable to hackers, especially when sold on the dark web The Digital Shadows Photon Research team reported that the average price of a login traded commercially on the dark web was a "modest" $15.43 When it comes to domain administrator accounts that grant access to corporate networks (usually auctioned for their value to hackers), prices climb to an average of $3,139, and in some cases to a staggering $120,000 reached Intellectual property theft is as damaging as years of effort and R&D investment in trade secrets and copyrighted material, and loss of competitive advantage for companies There is a possibility

-Financial losses:

o Cybercrime is disproportionately more costly to small businesses than to large corporationsas they scale with the size of their business For large companies, the financial impact of a breach can be in the millions, but at scale, the financial impact is just on the radar According to the latest data breach report from IBM and the Ponemon Institute, the averagecost of a data breach in 2021 will be $4.24 million, up 10% from the average cost of $3.86 million in 2019 The longer a breach goes undetected, the greater its economic impact For example, the average cost of a data breach identified and contained within 200 days was $3.61 million However, breaches that took more than 200 days to identify the ad content resulted in an average cost of $4.87 million, a difference of $1.26 million

o As if direct financial loss wasn't enough, fines are imposed on companies that ignore data protection laws In May 2018, the General Data Protection Regulation (GDPR) came into effect in the EU The enforcement powers attached to the law are important Fines for

violations are €20 million per violation or his 4% of the company's global annual turnover, whichever is greater In 2020, European data authorities imposed fines of US$193 million (€159 million) for breaches of the 2020 General Data Protection Regulation The highest amount imposed is her US$57 million fine imposed on her by French authorities o Although the United States does not have a GDPR equivalent, three states—California,

Colorado, and Virginia—have enacted comprehensive consumer privacy laws The three laws have some common provisions: B Right to access and delete personal information and right to opt out of the sale of personal information

-Below-the-surface costs:

o In addition to the economic costs of incident response, there are a number of intangible costs that can continue to harm a business long after the event has occurred The impact of operational disruptions tends to be regrettably underestimated - especially among companies with few formal business continuity and recovery strategies - and smaller organizations Those who are having difficulty managing cash flow may face increased premiums or increased costs fall into debt

o Cybersecurity and disaster recovery are not IT issues Instead, it is a business imperative Adopting a comprehensive security strategy today can help you avoid downtime if hackers strike tomorrow

6.Suggest solutions to organizations [ CITATION Ber19 \l 1033 ]-Multi Factor Authentication:

o Multi-factor authentication (MFA) protects your account, even if your password is compromised It combines something you know (your password) with something you own (your phone) When you sign in to your account, it sends a code to your phone If cybercriminals crack your password but don't have your phone, they can't access your account.

o The best part of MFA is that it is already integrated with most of your accounts like Microsoft Office 365, Facebook or LinkedIn You just need to enable it If there's one thing you learned from this blog, be sure to enable MFA for your personal bank account You're just one weak password away from cybercriminals who are siphoning off your savings

-User Security Training:

o People are your weakest link against cyber attacks They love opening attachments and links in emails, which is one of the easiest ways for cybercriminals to collect their credentials The best way to mitigate this risk is to implement a cybersecurity training plan for your entire organization A solid plan should include hands-on learning about what not to click, followed by simulated phishing attempts that resemble today's cybercriminal

attacks This learning\testing process should be repeated consistently, this will continuouslystrengthen your human firewall

-Web & eMail Filtering:

o Humans can't capture every attack, so you need additional threat intelligence services to help This service scans email attachments and website hyperlinks, and then safely separates them in the cloud before they reach your users If the attachment or hyperlink is found to be malicious, it will be disabled before your users have a chance to open it You can also set up a filtering service to block certain websites by category and increase productivity by limiting access to social media services

-Threat Detection:

o We all have a lock on our front door, right? This key is the equivalent of your organization'sfirewall and anti-virus software, available to prevent cybercriminals Unfortunately, this key will be activated when a cybercriminal wants to gain access to it The threat detection solution is the equivalent of your organization's alarm system The solution continuously scans your network and PC for threats and sends any suspicious findings to the threat intelligence service for evaluation The service is provided by a team of security and AI experts who will act if it is identified as a threat

II.Describe at least 3 organizational security procedures

1 Define security procedures

A security process is a set of activities that must be performed to perform a certain security task or function Procedures are usually created as a series of actions performed in a consistent, repetitive method or cycle to achieve a desired result Once implemented, security processes lead to a set of activities developed to meet the organization's security challenges, facilitating training and assessment Processes serve as the starting point to apply the consistency needed to eliminate vulnerabilities in security processes, thereby contributing to increased security controls within the company Reducing variance is also a smart approach to reduce waste, improve quality and increase efficiency of the security department

ycommunications are not encrypted.

When using SNMP, the community strings must be configured differently from the normal defaults of "public", "private", and "System", and they must be separate from the password used to interactive login If a keyed hash is available, it should be used (e.g.: SNMPv2).

All systems and user-level passwords must adhere to the guidelines described below

o Rules:

Licensed as an unincorporated security administrator, all administrator computer systems must adhere to consistent user ID naming standards.

The rules for passwords should be similar to the following criteria: Have at least 8 characters

Contains at least 3 of the following 4 password complexity requirementsLowercase letters (for example: a-z)

Capital letters (for example: A-Z)Number (example: 1 - 9)

Characters (example: (!@#$%^&*)

Do not rely on personal information: family names, pets, etc.Do not write or store online

For remote user access, use password and token

Accessing [Organization]'s network by remote access is not secure because the computer is connected to an analog line, has been authorized for a limited time, and will be managed by an authentication system one-time password or public/private key with a strong password

All [Organization] servers and workstations must be installed, supported, and scheduled to regularly run anti-virus software standards Antivirus software and virus signature files are also updated Any infected machine will be disconnected from the network until the information security officer or designee confirms that it is virus-free All incoming and outgoing data and email must be scanned for viruses

3 Process set up and implementing procedures

- Evaluation processes may include what needs to be audited, how audit logs are kept, and the objectives of the content being audited

- Administrative: These procedures can be used to divide tasks between those responsible for operating and monitoring the system These are the techniques by which you can ask the database administrator not to view the firewall logs

- Access Control: These are extensions of administrative procedures that teach administrators how to set up authentication and other access control capabilities of various components

- Incident response: These processes include everything from problem detection to problem resolution These protocols should include information on how to include management in the response as well as when enforcement is required

- Physical and environmental controls include not only air conditioning and other environmental controls in rooms where servers and other equipment are located, but also Ethernet connections to prevent them from being compromised abuse

III.Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)

1 Discuss briefly firewalls and policies, their usage and advantages in a network

- A firewall is a network security device that monitors incoming and outgoing network traffic and decides to allow or block specific traffic based on a defined set of security rules.[ CITATION Cis23 \l 1033 ]

- Firewalls have been the first line of defense in cybersecurity for over 25 years They establish a barrier between secure and controlled internal networks that can be trusted and untrusted external networks, such as the Internet.

- Firewalls can be hardware, software, software as a service (SaaS), public cloud, or private cloud (virtual)

- Firewall policies allow you to group multiple firewall rules together so you can update them all at once, effectively controlled by Identity and Access Management (IAM) roles These policies contain rules that can explicitly deny or allow connections, like the Virtual Private Cloud (VPC) firewall rules [ CITATION Goo23 \l 1033 ]

-Usage: The task of the firewall is very difficult because a lot of valid data must be authorized for

the computer or network connection For example, when we visit Quantrimang.com and read news, tips and new technologies, the information and data must be transported from the website to the computer through the network and completed Firewalls must be able to distinguish between legitimate traffic and different types of data breaches To work with excellent connectivity and eliminate bad connections, firewalls use rules or exceptions In most cases, this process is done offline and is completely impossible for the user to view or interact with

-Advantages of Firewall:

o Promotes Privacy and Security: Firewalls can play an important role in enterprise

security management It provides increased security and privacy from vulnerable services It prevents unauthorized users from accessing a private network associated with the Internet It keeps your data safe Companies spend millions to protect their systems from external malware attacks

o Monitors Network Traffic: Firewalls monitor data from where it enters and leaves your

system It offers faster response times and higher traffic handling capabilities This mediation has predefined rules and associated filters A well-trained and equipped team canensure the security of your system based on data entering and exiting the firewall

o Prevent Virus Attack:

Virus attacks are very dangerous to computer systems and can shut down all digital activities quickly Millions of new threats are growing every day, and it's important to stay alert.

He can update his security protocols from a single authorized device It protects your system against phishing attack Firewalls can completely stop hackers or prevent them from becoming easy targets Firewalls are an important blockade

against malware and spyware It helps you protect your data from the outside 2.How does a firewall provide security to a network?[ CITATION kas23 \l 1033 ]- Firewalls decide which network traffic is allowed through and which traffic is considered

dangerous Basically, it works by filtering the good from the bad, or the reliable from the unreliable Before getting into the details, though, it's helpful to understand the structure of the web.

- Firewalls aim to secure private networks and the endpoints they contain, known as network servers A network server is a device that "chats" with other network servers They send and

receive between internal networks, as well as outgoing and incoming calls between external networks

- Computers and other terminals use the network to access the Internet and access each other However, the Internet is divided into subnets or "subnets" for security and privacy reasons The basic subnet segments are:

o External public networks usually refer to the public/global Internet or various peripheral networks

o Private intranets define home networks, corporate intranets, and other "closed" networks o Perimeter Network details border networks made up of fortress servers - dedicated

computing servers with enhanced security ready for outside attack As a secure buffer between internal and external networks, they can also be used to host any external services provided by the internal network (e.g servers for web, email, FTP) , VoIP, etc.) They are more secure than the external network but less secure than the internal network They are not always present in simpler networks like a home network, but can often be used within an organization's or national intranet

- Filter routers are dedicated gateway computers placed on a network to segment the network Theseare called network-level home firewalls The two most common segmentation models are protectedserver firewalls and protected subnet firewalls:

o Filtered host firewalls use a single filtering router between the external network and the internal network These networks are two subnets of this model

o The protected subnet firewall uses two filter routers: one is called the access router betweenthe outer network and the perimeter network and the other is called the inductor router between the perimeter and the network internal This creates three subnets respectively

- The network perimeter and the server itself can host the firewall To do this, it is placed between a computer and its connection to a private network

o Network firewalls involve the application of one or more firewalls between external networks and internal private networks They regulate network traffic in and out, separatingexternal public networks, such as the global Internet, from internal networks such as home