Assessment Brief
Assessment Brief
Unit Tutor
Submission Format
The submission is in the form of two documents/files:
You are required to make use of the font Calibri, Font size 12, Line spacing 1.5, Headings, Paragraphs, Subsections
and illustrations as appropriate, and all work must be supported with research and referenced using the Harvard
referencing system.
1
Unit Learning Outcomes
FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to
potential IT security risks. Most customers have outsourced their security concerns due to lacking the
technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging
presentation to help train junior staff members on the tools and techniques associated with identifying and
assessing IT security risks together with the organizational policies to protect business critical data and
equipment.
In addition to your presentation you should also provide a detailed report containing a technical review of the
topics covered in the presentation.
1. Identify the security threats FIS secure may face if they have a security breach. Give an example of
a recently publicized security breach and discuss its consequences
2. Describe a variety of organizational procedures an organization can set up to reduce the effects to
the business of a security breach.
3. Propose a method that FIS can use to prioritize the management of different types of risk
4. Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.
5. Investigate network security, identifying issues with firewalls and IDS incorrect configuration and
show through examples how different techniques can be implemented to improve network
security.
6. Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine
how it can be part of a security system used by FIS.
Your detailed report should include a summary of your presentation as well as additional, evaluated or
critically reviewed technical notes on all of the expected topics.
2
organisations. and treat IT security risks. D1 Investigate how a ‘trusted
Give an example of a recently publicized network’ may be part of an IT
security breach and discuss its security solution.
consequences.
Table of Contents
Assessment Brief........................................................................................................................................................... 1
INTRODUCTION:............................................................................................................................................................ 5
P1 Identify types of security threat to organisations. Give an example of a recently publicized security breach and
discuss its consequences .............................................................................................................................................. 5
1.1/What is threats? ................................................................................................................................................ 5
1.2/What are threats agents to organizations? [4] ................................................................................................ 6
1.3/ Type of threats that organizations will face .................................................................................................... 8
1.4/What are the recent 2018/2019/2020 security breaches? List and give examples with dates ......................... 9
a) Hack Brief: 885 Million Sensitive Financial Records Exposed Online (24/05/2019) ................................................. 9
b) Facebook Security Breach Exposes Accounts of 50 Million Users (28/09/2018) ............................................. 9
c) Some security breaches in 2020 [17] .............................................................................................................. 10
1.5/ Discuss the consequences of this breach? [18]............................................................................................... 12
1.6/Suggest solutions to organizations. [19] .......................................................................................................... 12
P2 Describe at least 3 organizational security procedures. ........................................................................................ 13
* What are security procedures?................................................................................................................................ 13
*Why organization need procedure: .................................................................................................................. 13
3
1.1/ Acceptable Use Procedures (AUP)[21] [36] [43] ............................................................................................. 13
1.2/ Information Security Procedures (ISP) [22] [46] ............................................................................................. 15
1.3/ Anti-virus Procedures [23] [24] ....................................................................................................................... 16
1/ Discuss briefly firewall and policies, its usage and advantages in a network. ................................................... 18
2/How does a firewall provides a security to a network [31]................................................................................. 20
3/ Show with diagrams the example of how firewall works .................................................................................. 20
4/Define IDS, its usage, show with diagrams examples ......................................................................................... 20
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security ........................................................................................................................................................ 22
*CONCLUSION:............................................................................................................................................................ 24
*EVALUTION: .............................................................................................................................................................. 24
*REFERENCE ............................................................................................................................................................... 24
*LIST OF FIGURE:
4
INTRODUCTION:
These assignments I will present about assess risks and IT security solutions by identify (important parts)
types of security threat to organisations, the potential impact to IT security of incorrect configuration of
firewall policies and IDS. Describe at least 3 organisational security procedures and show, using an
example for each.Finally, how implementing a DMZ, static IP and NAT in a network can improve Network
Security.
P1 Identify types of security threat to organisations. Give an example of a recently publicized security
breach and discuss its consequences
1.1/What is threats?
- Security Threat is defined as a risk that which can potentially harm computer systems and
organization. The cause could be physical such as someone stealing a computer that contains
vital data. The cause could also be non-physical such as a virus attack. In these tutorial series, we
will define a threat as a potential attack from a hacker that can allow them to gain unauthorized
access to a computer system.[1]
- Computer Security Threats are possible dangers that can affect the smooth functioning of your
PC. These may be a small piece of adware or a harmful Trojan malware. In the present age,
computer security threats are constantly increasing as the world is going digital. [2]
- Threat can be anything that can take advantage of a vulnerability to breach security and
negatively alter, erase, harm object or objects of interest. [3]
- It is the common potential which can harm the system.It can be any common thing like worm
which can harm the system. Example of threat is Hacking, Spoofing and many more. It is the
fundamental method which is used to create problem in the system. [4]
- Types of threats are physical (fire), natural (climate), technical (software) and many more. To
know about a threat there will be a common way."[4]
5
1.2/What are threats agents to organizations? [4]
- Threat agent is a person or thing that carries, causes, transmits or assists a threat.
- The specific potential or agent that creates problems in the system
- It is a specific individual or group that create the problem in the system.
- It can be any specific virus, worm, and many more
-Threats include bad hackers, organized crime, terrorism, crackers, script kiddle, spy, employee,
cyberterrorist
- Example of threat agent is Kevin Mitnick (hacker), and Blaster (worm).
- It is the specific fundamental which is used to know about who is trying to create the problem in
the system
- Types of threat agents are hackers, worms and many more.
- To find and remove a specific threat agent there will be a specific way. Like finding hackers and
worms need different approaches
-- Information protection is extremely essential for both businesses and individuals. Enterprises
always have high demands on security, prevent outside intrusions. With today's modern
technology, there are many threats to cybersecurity posed by criminal individuals or
organizations. Here are some prominent threats:
* Malware: malware is software or malicious code generated by Cyber attackers and it's
shorthand for malicious software. This is a threat to organizations and individuals when using this
malicious software, it will harm the device, or invade to take control, often while the victim
remains oblivious to the fact there's been a compromis. Malware will infect your computer in the
form of a virus, worm, Trojan horse, spyware, and adware [5] [10]
a) Viruses [6]
- Virus is a program written to enter to your computer and damage/alter your files/data by attach
to another document or program, execute when that document or program is opened, an
attachment of images, greeting, or audio / video files,downloads on the Internet, hide in a
free/trial softwares or other files that you download, etc.
- A virus might corrupt or delete data on your computer, erasing files from a hard drive or causing
a computer to crash repeatedly. Viruses can also replicate themselves. A computer Virus is more
dangerous than a computer worm as it makes changes or deletes your files while worms only
replicates it with out making changes to your files/data.
6
- Worms get their name from the way they infect systems.The distinctive trait of a worm is that it
can self-replicate and doesn’t require human interaction to create copies and spread quickly and
in great volume on the local drive, network shares, etc. Most worms are spread though tricking
internet users and are designed to exploit known security holes in software, unlike a virus; it does
not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in
operating systems, starting from one infected machine; they weave their way through the
network, connecting to consecutive machines in order to continue the spread of infection.This
type of malware can infect entire networks of devices very quickly. Since many employees use
their phones for work-related tasks when they are not within the perimeter of their corporate
firewall, businesses are at a high risk for potential worms
-If a machine is infected, the worm can: corrupt files, destroying data, steal sensitive data, install
a backdoor giving cybercriminals access to your computer, or modify system settings to make
your machine more vulnerable. Due to its replication nature it takes a lot of space in the hard
drive and consumes more CPU uses which in turn makes the pc too slow also consumes more
network bandwidth.
-The Trojan horse is a destructive program that looks as a genuine application, a form of
malicious software that often disguises itself sneaks into your system as a legitimate tool that
tricks the user into installing it so it can carry out its malicious goals like an update or a Flash
download, giving a malicious program the name of a file associated with a benign program then,
once inside your system, it begins its attacks. Ust like Greek soldiers hid in a giant horse to deliver
their attack, this type of malware hides within or disguises itself as legitimate software. Acting
discretely, it will breach security by creating backdoors that give other malware variants easy
access. His power of Trojan horses makes it a useful tool for everyone from solo hackers, to
criminal gangs to state-sponsored operations engaging in full-scale espionage
- Once installed in the system, depending on its capabilities a Trojan can then potentially access
and capture everything logins include passwords, keystrokes, screenshots, system information,
banking details, etc and secretly send it all to the attackers. Designed to damage, disrupt, steal, or
in general inflict some other harmful action on your data or network. Sometimes a Trojan can
even allow attackers to modify data or turn off anti-malware protection
d) Adware [9]
- Adware programs will tend to serve you pop-up ads, can change your browser’s homepage,
constant crashing, slow Internet connection, add spyware and just bombard your device with
advertisements. Adware uses the browser to collect your web browsing history in order to
’target’ advertisements that seem tailored to your interests and for the purpose of making
advertising dollars. At their most innocuous, adware infections are just annoying. No matter what
the adware or madware is, it’s likely going to slow down your machine and or even make it more
prone to crashing.
8
1.4/What are the recent 2018/2019/2020 security breaches? List and give examples with dates
a) Hack Brief: 885 Million Sensitive Financial Records Exposed Online (24/05/2019)
- On Friday 24 May 2019, independent security journalist Brian Krebs revealed that the real
estate and title insurance giant First American had 885 million sensitive customer financial
records. First American is the top title insurance firm in the United States, which means the
company is often party to both the buyer and lender sides of real estate transactions across the
country. Going back to 2003, exposed on its website for anyone to access. And while there isn't
currently evidence that anyone actually found and stole the information, it was so easy to grab
and so obviously valuable to scammers that it's hard to rule out that possibility.
- Krebs reports that the exposed records included Social Security numbers, driver's license
images, bank account numbers and statements, mortgage and tax documents, and wire
transaction receipts An attacker who figured out the format of the company's document URLs
could have input any "record number" they wanted beginning with "000000075". First American
took down the site that populated the records at 2 pm ET on Friday.
- First American has learned of a design defect in an application that made possible unauthorized
access to customer data. The company took immediate action to address the situation and shut
down external access to the application. [15]
-The breach, which was discovered that week, was the largest in the company’s 14-year history.
The attackers exploited a feature in Facebook’s code to gain access to user accounts and
potentially take control of them.
-The news could not have come at a worse time for Facebook. It has been buffeted over the year
2017 by scandal, from revelations that a British analytics firm got access to the private
information of up to 87 million users to worries that disinformation on Facebook has affected
elections and even led to deaths in several countries.Regulators and lawmakers quickly seized on
the breach to renew calls for more oversight.
-Three software flaws in Facebook’s systems allowed hackers to break into user accounts,
including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two
people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers
could have gained access to apps like Spotify, Instagram and hundreds of others that give users a
way to log into their systems through Facebook.
9
-The software bugs were particularly awkward for a company that takes pride in its engineering:
The first two were introduced by an online tool meant to improve the privacy of users. The third
was introduced in July 2017 by a tool meant to easily upload birthday videos.
- Facebook has been roundly criticized for being slow to acknowledge a vast disinformation
campaign run by Russian operatives on its platform and other social media outlets before the
2016 presidential election.
-In April, Mr. Zuckerberg testified about revelations that Cambridge Analytica, the British
analytics firm that worked with the Trump presidential campaign, siphoned personal information
of millions of Facebook users.
-Outside the United States, the impact of disinformation appearing on Facebook and the popular
messaging service it owns, WhatsApp, has been severe. In countries such as Myanmar and India,
false rumors spread on social media are believed to have led to widespread killing.
- Facebook said the attackers had exploited two bugs in the site’s “View As” feature, which allows
users to check on what information other people can see about them. The feature was built to
give users move control over their privacy.
-The company said those flaws were compounded by a bug in Facebook’s video-uploading
program for birthday celebrations, a software feature that was introduced in July 2017. The flaw
allowed the attackers to steal so-called access tokens — digital keys that allow access to an
account.
-The company forced more than 90 million users to log out early Friday, a common safety
measure taken when accounts have been compromised. [16]
+Ambry Genetics (April 28, 2020): Ambry Genetics, a genetic testing laboratory based in the U.S.,
announced 233,000 medical patients had their personal and medical information accessed by a
third party through an employee email. The unauthorized party accessed names, information
related to customers’ use of the genetic laboratory’s services and medical information as well as
the Social Security numbers of some of the victims.
+ GoDaddy (May 4, 2020): The web hosting site, GoDaddy, announced to its users that an
unauthorized third party was granted access to login credentials. The site is said to have 19
10
million users and possibly 24,000 users had their usernames and passwords exposed. The
company has reset passwords to prevent further access.
+Fresenius Group(May 5, 2020): A reported ransomware attack on the Fresenius Group, a global
healthcare company and one of the largest dialysis equipment providers in the U.S., impacted the
company’s operations around the world. The organization claims their system was affected by a
computer virus, but a source confirmed the hacker held the healthcare’s IT systems and data
hostage in exchange for payment in bitcoin.
+U.S. Marshals (May 13, 2020): The personal information of 387,000 former and current inmates
was access by a hacker who exploited a server vulnerability in a U.S. Marshals Service database.
The information exposed includes names, dates of birth, social security numbers, and home
addresses.
+ Home Chef (May 20, 2020): The information belonging to 8 million users of the home meal
delivery service, Home Chef, was found for sale on the dark web after a data breach. The data
found for sale includes names, email addresses, phone numbers, addresses, scrambled
passwords, and last four digits of credit card numbers.
+ Wishbone (May 20, 2020): Over 40 million users of the mobile app, Wishbone, had their
personal information up for sale on the dark web. Usernames, emails, phone numbers, location
information and hashed passwords were exposed in a data breach before being advertised in a
hacking forum.
+Mathway (May 24, 2020): At least 25 million Mathway app users, a top-rated mobile app
calculator, had their email address and password exposed to data thieves, and the leaked
database was quickly found for sale on the dark web. The breached data also included “back-end
system data,” which wasn’t identified specifically, but is typically the type of data that runs
behind the scenes on a server, powering the application for the end-user but is not visible to the
user.
+ Amtrak (June 2, 2020): In a notification to its users, the passenger railroad service Amtrak
announced an unknown third party accessed an undisclosed number of Amtrak Guest Rewards
accounts. The company claims only usernames, passwords, and some personal information was
exposed and no Social Security numbers or financial data was accessed.
+Claire’s (June 15, 2020): The jewelry and accessories retailer Claire’s announced it was a victim
of a magecart attack, exposing the payment card information of an unknown number of
customers. The retailer has 3,500 locations worldwide and e-commerce operations and claims
the breach onl
11
1.5/ Discuss the consequences of this breach? [18]
- Despite a greater emphasis being placed on data security, cybercriminals are continually finding
new ways to circumvent defences to gain access to valuable corporate data. Through
sophisticated social engineering techniques, malware or supply chain attacks, cybercriminals are
trying every available tactic to infiltrate, expose and profit from this sensitive information. The
aftermath of a breach includes decreased customer loyalty, distrust, a potential loss in revenues,
and a negative brand reputation.
+ Financial loss
+ Reputational damage
+ Operational Downtime
+Legal Action
+Use strong passwords, which combine random strings of upper and lower-case letters, numbers,
and symbols. Don't use passwords that are easy to guess, like family names or birthdays. Use a
Password Manager to keep your passwords secure.
+ Create different passwords on different accounts. If you use the same password, a hacker who
gains access to one account will be able to get into all your other accounts. If they have different
passwords, only that one account will be at risk.
+ Change your passwords regularly. Regular password changes reduce the risk you run from
unannounced data breaches.
+ Wipe the old hard drive properly. Don't just delete files; use a data destruction program to wipe
the drive completely, overwriting all the data on the disk. Creating a fresh installation of the
operating system will also wipe the drive successfully.
+ Secure your computer and other devices by using anti-virus and anti-malware software.
12
P2 Describe at least 3 organizational security procedures.
- This procedure applies to the use of information, electronic and computer devices, and network
resources to conduct [organization] business. All staff, employees and entities working on behalf
of [organization] are subject to this procedure.
-General Use and Ownership – Privacy of Records: Do not transmit personal information about
yourself or someone else without proper authorization.Each of these technologies may create a
"record" and therefore are reproducible and subject to judicial use or a Government Records
Access and Management Act (GRAMA) request for information.
13
-Warnings/Corrective Actions: Each city agency shall review complaints or instances of
unacceptable use brought to its attention. Violators are subject to corrective action and discipline
and may also be prosecuted under city, state and federal statutes.
- This procedure is for your protection. The organization will verify compliance to this procedure
through various methods, including but not limited to: business tool reports, internal and
external audits and feedback to the procedure owner. Violation of this procedure could be
reported to the appropriate supervisor and could be subject to potential disciplinary action, up to
and including termination. [46]
-Organization’s information systems and networks shall be used exclusively for the furtherance of
Organization’s business. Who are granted access privileges shall sign a written acknowledgement
of having received, read organization’s security policy and procedures, agreed to comply with its
provisions agrees to comply with a security policy and procedures substantially
- All data containing non-public personal information must be encrypted before it is electronically
transmitted.
- Organization may at any time monitor or audit any information, including data files, emails, and
information stored on company issued computers or other electronic devices for any reason, at
any time, with or without notice for the purpose of testing and monitoring compliance with these
security procedures.
-All sensitive information shall be kept confidential and shall not be distributed to or made
available to any person without appropriate authorization.
Step 1.All mobile and computer devices that connect to the internal network must comply with
the Minimum Access Procedures.
Step 2.System-level and user-level passwords must comply with the Password Procedures.
Providing access to another individual, either deliberately or through failure to secure its access,
is prohibited.
Step 3.You must lock the screen or log off of any computers or devices when the device is
unattended.
Step 4.Postings by employees from a organization email address to newsgroups should contain a
disclaimer stating that the opinions expressed are strictly their own and not necessarily those of
[organization], unless posting is in the course of business duties. Please review the Social Media
Procedures for information or clarification.
14
Step 5.Employees must use extreme caution when opening email attachments received from
unknown senders as it may contain malware.
- Administrative, technical, and physical safeguards that will be utilized by organization to protect
sensitive information from unauthorized access, disclosure, corruption, or destruction.
- The intention of these procedures is to implement the data security policy enacted, ensure that
organization is in compliance with all applicable regulations regarding data privacy and security,
and to protect sensitive information from foreseeable security threats.
- Organization will apply these procedures to all sensitive information that it owns or control,
which it may disseminate to other authorized persons in the performance of [Organization]’s or
other such person’s business, statutory or regulatory functions
- Create an overall approach to information security, detect and preempt information security
breaches such as misuse of networks, data, applications, and computer systems, maintain the
reputation of the organization, and uphold ethical and legal responsibilities, define the audience
to whom the information security policy applies. You may also specify which audiences are out of
the scope of the policy (for example, staff in another business unit which manages security
separately may not be in the scope of the policy). Guide your management team to agree on
well-defined objectives for strategy and security. Information security focuses on three main
objectives:
+Integrity—data should be intact, accurate and complete, and IT systems must be kept
operational
15
+Your firm must first perform a regulatory review, as all businesses have requirement
coming from oversight bodies. There are also self-imposed industry standards and
expectations that come from external stakeholders.
+In simplest of terms: know what you have. Create an inventory of both hardware and
software and identify existing safeguards and controls you have in place. This step is
crucial, as you can't properly assess your firm's level of risk or adequately protect data and
information unless you understand what systems you have and what data they hold.
- This policy is designed to prevent viruses, malware, or malicious code from infecting computing
devices and network. By preventing infection, data, files, and resources will also be protected.
This policy shall be reviewed for content and compliance by the Network and Computer Services
(NCS) director or designee on an annual basis.
- All staff, employees and entities working on behalf of [organization] along with their
computer/network systems are subject to this procedure.
- The antivirus product installed on desktops and servers must be configured to update on a daily
or more frequent basis.
16
- All Computers used solely as servers should have an Anti Virus product installed and operating.
- Only servers where a significant negative impact would result from operating anti-virus
software, or servers running an Operating System with low likelihood of virus infection such as
Solaris or VMS, may be considered for exemption from this procedure.
-Anti-virus must be active at all times on all devices connected to the organization's network and
the latest version must be installed and scanned periodically for viruses.[45]
- An infected computer device will be disconnected from the organization network until the
infection has been removed or the system has been reimaged.
- Violation of the procedure could be reported to the appropriate supervisor and could be subject
to potential disciplinary action, up to and including termination. Organization will remove
network access if the problem is not corrected and reserves the right to remove any infected
computers at any time should security of organization data or networks be compromised or in
danger of being compromised by said infected machines.
+Antivirus software is the first step towards combating virus and virus attacks and ensures
best virus removal. We need antivirus programs to scan computer and all its files, to check
external devices against any possible threats and to protect PCs from malware coming
through the internet. Other security updates, such as Windows OS updates, should also
be carried out routinely to ensure they can fend off latest virus threats.
+Passwords are one of the most critical links to your security chain. A good way to create
strong passwords is to come up with passphrases; combination of alphanumeric and
special characters to create longer (at least 8 characters), nonsensical string of letters.
+Don’t click on links that emails from unknown sources without verifying their
trustworthiness, no matter how urgent or appealing they might make it sound.
17
+Using a network firewall can help you lay out security policies and regulate what traffic
passes in and out of your network. Some firewalls come with built-in antiviruses, so they
also block viruses, worms and other harmful processes from entering your network. A
very important thing to remember is to keep your firewall program always turned on for
real-time threat detection and combat.
Step 5.Use pop-up blocker and adjust your User Account Control
+Always use a pop-up blocker for your browser for experiencing a secure online session.
Many pop-ups are spywares and adwares that come with malicious payloads and can
damage your system. Likewise, turn on the User Account Control (UAC) option in your
computer to make sure any changes being made in your system requires administrator-
level-permission from you.
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.
1/ Discuss briefly firewall and policies, its usage and advantages in a network.
*Briefly firewall
- A firewall is a network security device that monitors incoming and outgoing network traffic and
permits or blocks data packets based on a set of security rules, prevent unauthorized access to or
from a private network. Its purpose is to establish a barrier between your internal network and
incoming traffic from external sources (such as the internet) in order to block malicious traffic like
viruses and hackers.You can implement a firewall in either hardware or software form, or a
combination of both.[25]
- Firewall policies allow you to block or allow certain types of network traffic not specified in a
policy exception. A policy also defines which firewall features get enabled or disabled. Assign a
policy to one or multiple firewall profiles.[26]
*Policies of firewall
- A firewall is a safeguard one can use to control access between a trusted network and a less
trusted one. A firewall is not a single component, but a strategy for protecting an organization's
Internet-reachable resources. Firewalls can also be used to secure segments of an organization's
intranet, but this tutorial will concentrate on the Internet aspects of firewall policy.
A firewall enforces a security policy, so without a policy, a firewall is useless. This tutorial will help
the responsible manager and firewall administrator create a useful policy for the firewall.
Throughout this tutorial, the term firewall refers to the sum of the hardware, software, policy,
and procedures used to implement the firewall policy. A firewall is not necessarily a single piece
of software sitting on a single computer system.[27]
18
When your computer has firewall protection, everything that goes in and out of it is monitored.
The firewall monitors all this information traffic to allow ‘good data’ in, but block ‘bad data’ from
entering your computer.
Firewalls use one or a combination of the following three methods to control traffic flowing in
and out of the network:
Packet filtering: The most basic form of firewall software uses pre-determined security rules to
create filters – if an incoming packet of information (small chunk of data) is flagged by the filters,
it is not allowed through. Packets that make it through the filters are sent to the requesting
system and all others are discarded.
Proxy service: A firewall proxy server is an application that acts as an intermediary between
systems. Information from the internet is retrieved by the firewall and then sent to the
requesting system and vice versa. Firewall proxy servers operate at the application layer of the
firewall, where both ends of a connection are forced to conduct the session through the proxy.
They operate by creating and running a process on the firewall that mirrors a service as if it were
running on the end host, and thus centralise all information transfer for an activity to the firewall
for scanning.
Stateful inspection: The most modern method of firewall scanning, that doesn't rely on the
memory-intensive examination of all information packets is ‘stateful inspection’. A ‘stateful’
firewall holds significant attributes of each connection in a database of trusted information, for
the duration of the session. These attributes, which are collectively known as the ‘state’ of the
connection, may include such details as the IP addresses and ports involved in the connection and
the sequence numbers of the packets being transferred. The firewall compares information being
transferred to the copy relevant to that transfer held in the database – if the comparison yields a
positive match the information is allowed through, otherwise it is denied.
-Prevent attacks on your private network by the other networks outside the world.
- It allows you to define a funnel, keeping aside the non-authorized users.
-Allow monitoring the security of your network and computer when suspicious activity occurs, it
will generate an alarm.
- Monitor and record services using WWW (World Wide Web), FTP (File Transfer Protocol) and
other protocols ( Monitor Traffic)
- Control the use of Internet. It helps to block or un-block inappropriate or appropriate material.
- Prevent Hackers
- Access Control
19
- Better Privacy
- The Internet will go through the router (networking device) leading to the firewall, through the
inspection of the firewall and continue through a networking device layer that then connects to
the user's electronic device. Each connection has a firewall to ensure the safety and security of
the network
- An Intrusion Detection System (IDS) is a network security technology originally built for
detecting vulnerability exploits against a target application or computer, monitors a network or
systems for malicious activity or policy violations.. Intrusion Prevention Systems (IPS) extended
IDS solutions by adding the ability to block threats in addition to detecting them and has become
the dominant deployment option for IDS/IPS technologies. IDS systems compare the current
20
network activity to a known threat database to detect several kinds of behaviors like security
policy violations, malware, and port scanners.[37]
- Typical intrusion detection systems look for known attack signatures or abnormal deviations
from set norms. These anomalous patterns in the network traffic are then sent up in the stack for
further investigation at the protocol and application layers of the OSI (Open Systems
Interconnection) model.
-IDS is placed out of the real-time communication band (a path between the information sender
and receiver) within your network infrastructure to work as a detection system. It instead
leverages a SPAN or TAP port for network monitoring and analyzes a copy of inline network
packets (fetched through port mirroring) to make sure the streaming traffic is not malicious or
spoofed in any way. The IDS efficiently detects infected elements with the potential to impact
your overall network performance, such as malformed information packets, DNS poisonings,
Xmas scans, and more.
21
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security
1/ DNZ:
- The aims of this research are to design and to implement network security system in internal
web testing. Data analysis techniques that possible to use is descriptive method. The significances
of the study are
1) To avoid the attack of cracker who intend to access the system without permissions
2) To improve network securityon web testing services on Siakad server of STMIK AKBA.
The data are obtained by having literature review and observation. Literature review
assists the researchers to collect the theory on DeMilitarised Zone Method and the
previous studies which were used as comparison to the recent study. Obervation was
carried out directly to the field to observe the running system. Based on the results and
discussion, it is shown that the aplication of DeMilitarized Zone Method on microtic can
secure the web testing on Siakad server of STMIK AKBA and can maintain the whole series
of online services that are available in the server.
2/ Static IP:
- A static IP is an IP address that is fixed, meaning that it never changes. If you are connected to
an Internet connection that is “always on”, most likely you have a static IP address, although
some of the “always on” connections use dynamic IP addressing to make the installation process
easier. Normally connections such as a T1 have a static IP address.[34]
- Static IP addresses limit downtime. When dynamic addresses obtain a new IP address, any user
that's connected to the existing one is removed from the connection and has to wait to find the
new address. This wouldn't be a wise setup to have if the server hosts a website, a file-sharing
service, or an online video game, all of which normally require constantly active connections.[40]
22
-In a local network, such as in a home or place of business, where you use a private IP address,
most devices are probably configured for DHCP and thus use dynamic IP addresses.
-The public IP address assigned to the routers of most home and business users are a dynamic IP
address. Larger companies usually don't connect to the internet via dynamic IP addresses;
instead, they have static IP addresses assigned to them which don't change.
3/ NAT:
- Network Address Translation (NAT) is designed for IP address conservation. It enables private IP
networks that use unregistered IP addresses to connect to the Internet.is the process where a
network device, usually a firewall, assigns a public address to a computer (or group of computers)
inside a private network. NAT operates on a router, usually connecting two networks together,
and translates the private (not globally unique) addresses in the internal network into legal
addresses, before packets are forwarded to another network. The main use of NAT is to limit the
number of public IP addresses an organization or company must use, for both economy and
security purposes.[35]
+To allow a company to merge multiple ISDN connections to form a single Internet connection
- Dynamic NAT refers to the process of translating private IP addresses to public IP addresses
within a specified range (called a NAT pool).
- Static NAT refers to the process of translating private IP addresses one-to-one to the same
public IP address.
-Sometimes called Port Address Translation (PAT) or single address NAT, overloading refers to a
version of dynamic NAT in which all of the private IP addresses are translated to the same public
IP address using different ports.
- Overlapping occurs when the private IP addresses in an internal network (sometimes called a
stub domain) are the same as those in an external network, meaning the NAT router must keep a
lookup table so it can compare the two and translate accordingly.
23
*CONCLUSION:
This assignment is give to know about threat and threat agent the organizations would face. I give
some example about security breach and consequences. Moreover I give some information about
firewall, IDS. From there user can know more about security, they can protect the network system and
know what happen if they have wrong configured.I describe some information about DMZ, static IP and
NAT with their advantages and disadvantages. Thereby, we can develop a solid security network system,
prevent hackers pervade and damage the system
*EVALUTION:
1. Strength: This assignment provides details, example, some policies and procedures about assess risks,
threat and threat agent, firewall the organizations would face.
2. Weakness: The information is only generalized such as I don’t have much information about
organizational security procedures in this report
3. Opportunities: This report can be documentation for someone want to know about threat, threat
agent, security procedures.The main components of an organisational disaster recovery plan, justifying
the reasons for inclusion, Design and implement a security procedures and policies for an organisation
*REFERENCE
[1] Guru99.com. 2020. Potential Security Threats To Your Computer Systems. [online] Available at:
<https://www.guru99.com/potential-security-threats-to-your-computer-systems.html#2v> [Accessed 14
August 2020].
[2] REVE Antivirus. 2020. What Are Computer Security Threats?. [online] Available at:
<https://www.reveantivirus.com/bd/computer-security-threats> [Accessed 14 August 2020].
[3] GeeksforGeeks. 2020. Threats To Information Security - Geeksforgeeks. [online] Available at:
<https://www.geeksforgeeks.org/threats-to-information-security/> [Accessed 14 August 2020].
[4] Bartleby.com. 2020. What Is The Difference Between A Threat Agent And A Threat? | Bartleby.
[online] Available at: <https://www.bartleby.com/solution-answer/chapter-1-problem-1rq-principles-of-
information-security-mindtap-course-list-6th-edition/9781337102063/what-is-the-difference-between-
a-threat-agent-and-a-threat/5526998c-98dc-11e8-ada4-0ee91056875a> [Accessed 14 August 2020].
[5] Palmer, D., 2020. What Is Malware? Everything You Need To Know About Viruses, Trojans And
Malicious Software | Zdnet. [online] ZDNet. Available at: <https://www.zdnet.com/article/what-is-
malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/> [Accessed 17
August 2020].
[6] Websecurity.digicert.com. 2020. What Are Malware, Viruses, Spyware, And Cookies, And What
Differentiates Them ? | Digicert. [online] Available at: <https://www.websecurity.digicert.com/security-
topics/what-are-malware-viruses-spyware-and-cookies-and-what-differentiates-them> [Accessed 17
August 2020].
24
[7] Gaffney, M., 2020. 5 Most Common Types Of Threats You Need To Know About | Mcafee Blogs.
[online] McAfee Blogs. Available at: <https://www.mcafee.com/blogs/enterprise/5-most-common-
types-of-threats-you-need-to-know-about/> [Accessed 17 August 2020].
[8] Us.norton.com. 2020. What Is A Trojan? Is It A Virus Or Is It Malware?. [online] Available at:
<https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html> [Accessed 17 August 2020].
[9] Us.norton.com. 2020. Twitter Title What Is Adware?. [online] Available at:
<https://us.norton.com/internetsecurity-emerging-threats-what-is-grayware-adware-and-
madware.html> [Accessed 17 August 2020].
[10] Unit 5 - Security 2019, Chapter 2 - Malware Attacks, University of Greenwich (Alliance with Vietnam
FPT Education), United Kingdom.
[11] Informit.com. 2020. Hackers And Crackers | The Difference Between Hackers And Crackers |
Informit. [online] Available at: <https://www.informit.com/articles/article.aspx?p=30048> [Accessed 17
August 2020].
[12] GeeksforGeeks. 2020. Difference Between Hackers And Crackers - Geeksforgeeks. [online] Available
at: <https://www.geeksforgeeks.org/difference-between-hackers-and-crackers/> [Accessed 17 August
2020].
[13] Unit 5 - Security 2019, Chapter 1 - Introduction to information security, University of Greenwich
(Alliance with Vietnam FPT Education), United Kingdom
[14] Techopedia.com. 2020. What Is A Script Kiddie? - Definition From Techopedia. [online] Available at:
<https://www.techopedia.com/definition/4090/script-kiddie> [Accessed 17 August 2020].
[15] Newman, L., 2020. 885M Financial Records—Dating Back 16 Years—Exposed Online. [online] Wired.
Available at: <https://www.wired.com/story/first-american-data-exposed/> [Accessed 17 August 2020].
[16] Nytimes.com. 2020. Facebook Security Breach Exposes Accounts Of 50 Million Users. [online]
Available at: <https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html>
[Accessed 17 August 2020].
[17] Turner, S., 2020. 2020 Data Breaches - The Worst Breaches Of The Year | Identityforce®. [online] We
Aren't Just Protecting You From Identity Theft. We Protect Who You Are. Available at:
<https://www.identityforce.com/blog/2020-data-breaches> [Accessed 17 August 2020].
[18] MetaCompliance. 2020. 5 Damaging Consequences Of A Data Breach | Metacompliance. [online]
Available at: <https://www.metacompliance.com/blog/5-damaging-consequences-of-a-data-breach/>
[Accessed 17 August 2020].
[19] www.kaspersky.com. 2020. What Is A Security Breach?. [online] Available at:
<https://www.kaspersky.com/resource-center/threats/what-is-a-security-breach> [Accessed 17 August
2020].
[20] Sciencedirect.com. 2020. Security Procedure - An Overview | Sciencedirect Topics. [online] Available
at: <https://www.sciencedirect.com/topics/computer-science/security-procedure> [Accessed 17 August
2020].
[21] Tavistockandportman.nhs.uk. 2020. Acceptable Use Procedure. [online] Available at:
<https://tavistockandportman.nhs.uk/about-us/contact-us/about-this-website/acceptable-use-
procedure/> [Accessed 17 August 2020].
25
[22] Orion Cassetto Director, P., Cassetto, O., Cassetto, O., Borkar, P., Borkar, P., Cassetto, O., Cassetto,
O., Gonzalez, C. and Gonzalez, C., 2020. Information Security Policy - Everything You Should Know |
Exabeam. [online] Exabeam. Available at: <https://www.exabeam.com/information-
security/information-security-policy/> [Accessed 17 August 2020].
[23] Policy, A., 2020. Anti-Virus Policy. [online] Bhsu.edu. Available at:
<https://www.bhsu.edu/IITS/Services/Policies/Anti-Virus-Policy> [Accessed 17 August 2020].
[24] Newkensington.psu.edu. 2020. [online] Available at:
<https://newkensington.psu.edu/sites/newkensington/files/pdf/psu-nk-its-006_anti-virus.pdf>
[Accessed 17 August 2020].
[25] University, I., 2020. About Firewalls. [online] Kb.iu.edu. Available at: <https://kb.iu.edu/d/aoru>
[Accessed 17 August 2020].
[26] Docs.trendmicro.com. 2020. Firewall Policies. [online] Available at:
<https://docs.trendmicro.com/all/ent/officescan/v10.5/en-us/osce_10.5_olhsrv/osceag/osceag-
firewall/firewall_policies.htm> [Accessed 17 August 2020].
[27] Sourcedaddy.com. 2020. Firewall Security Policy - Networking Tutorial. [online] Available at:
<https://sourcedaddy.com/networking/firewall-security-policy.html> [Accessed 17 August 2020].
[28] TechSling Weblog. 2020. Types And Benefits Of Firewall Protection - Techsling Weblog. [online]
Available at: <https://www.techsling.com/types-and-benefits-of-firewall-protection/> [Accessed 17
August 2020].
[29] Roomi, M. and Roomi, M., 2020. 5 Advantages And Disadvantages Of Firewall | Drawbacks &
Benefits Of Firewall. [online] HitechWhizz - The Ultimate Tech Experience. Available at:
<https://www.hitechwhizz.com/2020/03/5-advantages-and-disadvantages-drawbacks-benefits-of-
firewall.html> [Accessed 17 August 2020].
[30] Business, M. and Work?, 2020. How Do Firewalls Work?. [online] Solarwinds MSP. Available at:
<https://www.solarwindsmsp.com/blog/how-do-firewalls-work> [Accessed 17 August 2020].
[31] DigitalOcean. 2020. What Is A Firewall And How Does It Work? | Digitalocean. [online] Available at:
<https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work>
[Accessed 17 August 2020].
[32] LLC, N., 2020. Basic Firewall Network Diagram | Mydraw. [online] Mydraw.com. Available at:
<https://www.mydraw.com/templates-network-diagram-basic-firewall-network-diagram> [Accessed 17
August 2020].
[33] 2020. [online] Available at: <https://www.thesecuritybuddy.com/data-breaches-prevention/what-
is-dmz-in-computer-networking/> [Accessed 17 August 2020].
[34] Support | No-IP Knowledge Base. 2020. What Is A Static IP Address? - Support | No-IP Knowledge
Base. [online] Available at: <https://www.noip.com/support/knowledgebase/what-is-a-static-ip/>
[Accessed 17 August 2020].
[35] Internet, T., 2020. What Is Network Address Translation (NAT)?. [online] WhatIsMyIPAddress.com.
Available at: <https://whatismyipaddress.com/nat> [Accessed 17 August 2020].
[36] Georgiancollege.ca. 2020. [online] Available at: <https://www.georgiancollege.ca/wp-
content/uploads/2-117Information-technology-acceptable-use-procedure-March-2017-002.pdf>
[Accessed 17 August 2020].
26
[37] Palo Alto Networks. 2020. What Is An Intrusion Detection System?. [online] Available at:
<https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids> [Accessed
17 August 2020].
[38] TekTools. 2020. What Is An Intrusion Detection System (IDS) & How Does It Work?. [online] Available
at: <https://www.tek-tools.com/security/what-is-an-intrusion-detection-system-ids> [Accessed 17
August 2020].
[39] Peerlyst.com. 2020. Peerlyst. [online] Available at: <https://www.peerlyst.com/posts/how-does-an-
ids-or-intrusion-detection-system-work-computersecuritypgp> [Accessed 17 August 2020].
[40] Lifewire. 2020. Static IP Addresses: Everything You Need To Know. [online] Available at:
<https://www.lifewire.com/what-is-a-static-ip-address-2626012> [Accessed 17 August 2020].
[41] Webopedia.com. 2020. Network Address Translation Definition & Meaning | What Is NAT?. [online]
Available at: <https://www.webopedia.com/TERM/N/NAT.html> [Accessed 17 August 2020].
[42] Ray Dunham (PARTNER | CISSP, G., 2020. Security Procedures & Your Overall Security
Documentation Library. [online] Linford & Company LLP. Available at:
<https://linfordco.com/blog/security-procedures/> [Accessed 19 August 2020].
[43] Slcinfobase.com. 2020. [online] Available at:
<http://www.slcinfobase.com/PPAREO/default.htm#!WordDocuments/acceptableuseprocedure.htm>
[Accessed 19 August 2020].
[44] Otago.ac.nz. 2020. Anti-Virus Procedure, Policies And Regulations, University Of Otago, New
Zealand. [online] Available at: <https://www.otago.ac.nz/administration/policies/otago003328.html>
[Accessed 19 August 2020].
[45] Webcache.googleusercontent.com. 2020. Google. [online] Available at:
<https://webcache.googleusercontent.com/> [Accessed 19 August 2020].
[46] Naic.org. 2020. [online] Available at:
<https://www.naic.org/documents/committees_e_ritf_receivership_data_privacy_and_security.pdf>
[Accessed 19 August 2020].
[47] Eci.com. 2020. Steps To Create An Information Security Plan. [online] Available at:
<https://www.eci.com/blog/16023-9-steps-to-create-information-security-plan.html> [Accessed 26
August 2020].
[48] Comodo Antivirus Blogs | Anti-Virus Software Updates. 2020. Guidelines To Protect Your PC From
Malware Using Comodo Antivirus. [online] Available at: <https://antivirus.comodo.com/blog/computer-
safety/5-simple-steps-to-protect-your-pc-from-virus-2/> [Accessed 26 August 2020].
27