ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date 25/4/2023 Date Received 2nd submission

Student Name Tran Quang Thang Student ID GCD210499

Class GCD1101 Assessor name Dang Quang Hien

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature THANG

Grading grid

P1 P2 P3 P4 M1 M2 D1
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
Table of Contents
I. Introduction.........................................................................................................................................................4
II. Identify types of security threat to organizations. Give an example of a recently publicized security breach and
discuss its consequences (P1)......................................................................................................................................4
1. Definition threat...............................................................................................................................................4
2. Identify threats agents to organizations............................................................................................................5
3. List type of threats that organization will face.................................................................................................5
4. What are recent security breaches? List and give an example with dates.........................................................8
5. Discuss the consequences of the breach...........................................................................................................9
6. Some solutions to organizations.......................................................................................................................9
III. Organizational security procedures(P2).........................................................................................................10
1. Security procedure definition.........................................................................................................................10
2. Some organizational security procedures.......................................................................................................10
IV. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)......14
1. Firewall..........................................................................................................................................................14
2. IDS.................................................................................................................................................................15
3. The potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network....17
V. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security (P4)...............................................................................................................................................18
1. DMZ..............................................................................................................................................................18
2. Static IP.........................................................................................................................................................20
3. NAT...............................................................................................................................................................21
VI. Conclusion.....................................................................................................................................................22
References................................................................................................................................................................. 23

Figure 1: Threat agents................................................................................................................................................5

Figure 2: Virus..............................................................................................................................................................6
Figure 3: Worms..........................................................................................................................................................6
Figure 4: Ransomware.................................................................................................................................................7
Figure 5: Botnet...........................................................................................................................................................8
Figure 6: Authentication............................................................................................................................................11
Figure 7: Mandatory access control (MAC)................................................................................................................11
Figure 8: Disrcetionary access control (DAC).............................................................................................................12
Figure 9: Role-based access control...........................................................................................................................12
Figure 10: Rule-based access control.........................................................................................................................12
Figure 11: Firewall.....................................................................................................................................................14
Figure 12: IDS.............................................................................................................................................................16
Figure 13: DMZ..........................................................................................................................................................19
Figure 14: Static IP.....................................................................................................................................................20
Figure 15: NAT...........................................................................................................................................................21
I. Introduction
I am an intern IT security specialist for a leading security consulting company in Vietnam called
FPT information security (FIS). The company works with a medium scale in Vietnam, consulting and
implementing technical solutions for potential risks of IT security. Most customers have outsourced
because of concerns about their security due to lack of technical expertise. As part of my role, my
manager Jonson asked me to do a presentation to help train junior staff in the tools and techniques
involved to identify and assess security risks. along with your organization's policies to protect your
data and devices.

II. Identify types of security threat to

organizations. Give an example of a
recently publicized security breach and
discuss its consequences (P1)
1. Definition threat
Inaccurately identifying cyber threats as flaws happens from time to time. When looking at the
definitions, "potential" should be the key phrase. No execution- or association-specific security flaws
exist in this threat. The security can be ignored rather something. This might qualify as a flaw, a
genuine shortcoming that could be exploited. Whatever the countermeasures, the threat still exists in
general. Nevertheless, there are countermeasures that can be taken to reduce the chance that it will be
understood.
2. Identify threats agents to organizations

Figure 1: Threat agents

A security threat is an evil act that aims to disrupt an organization's systems, steal
information, or harm the entire organization. An event that could have exposed company
information or its organization is referred to as a security occasion. A security episode is also a
circumstance that leads to a data or organizational breach.

An IT project needs to keep an eye out for evolving and more sophisticated online security
risks in order to protect their data and organizations. They must first understand the different safety
risks they face in order to do that.

3. List type of threats that organization will face

3.1. Inside threat
Insider threats happen when people with ties to an organization purposefully abuse their access to
its internal network to harm the organization's crucial data. Malicious insiders try to get around
cybersecurity protocols to delete data, steal data for later sale or exploitation, interfere with
business operations, or cause harm.
3.2. Malware
Malicious software (malware) such as viruses and worms aims to corrupt a company's systems and
data.

 Viruses: A virus is a piece of malicious software with the ability to replicate by inserting itself
into a host program or file. When someone activates it to spread without the system or user's
consent, it will not function.

Figure 2: Virus

 Worms: A worm is a computer program that spreads by itself without requiring user interaction
or internal replication. A worm that enters the system replicates immediately, infecting
networks and computers that aren't protected.

Figure 3: Worms
3.3. Ransomware
In a ransomware attack, the victim's PC is typically encrypted and locked, preventing the victim
from using the device or the information stored on it. The victim must make a payment to the
attacker, typically in a form of virtual currency like Bitcoin, in order to regain access to the device
or information. Through malicious email connections, corrupted software programs, contaminated
external storage devices, and compromised websites, ransomware can spread.

Figure 4: Ransomware

3.4. Botnet
A botnet is a collection of Internet-connected devices, such as PCs, smartphones, servers, and
Internet of Things (IoT) devices, that have been infected and are in some way restricted by a
common form of malware. Typically, botnet malware searches the internet for vulnerable devices.
The goal of the threat actor creating a botnet is to infect as many connected devices as is prudent,
registering the power and resources of those devices for computerized endeavors that typically
remain hidden from the clients of the devices. These botnets are controlled by threat actors, usually
cybercriminals, who use them to send spam emails, participate in click fraud campaigns, and
generate harmful traffic for distributed denial-of-service attacks.
 Figure 5: Botnet

4. What are recent security breaches? List and give an example

with dates
 Rockstar games data leaked: On September, 2022 a hacker with nickname Lapsus$ have
breached into Rockstar games database server and gotten information of their ongoing projects
and users’ personal information that have been registered on Rockstar’s social network which
troubled them for a very long time. Luckily, the attacker has been arrested and revealed to be
only 16 years old boy, however, he had already published the data onto the Internet before was
arrested.
 Socialarks: In August 2021, Bob Diachenko, a Comparitech network safety expert,
accidentally discovered his own information online after discovering an unstable data set that
contained the personal information of millions of visitors to Thailand. The unprotected
Elasticsearch data set, which was ten years old, contained the personal information of over 106
million travelers from around the world, including their date of birth, full name, sex, passport
number, residency status, type of visa, and arrival card number.
Diachenko alarmed Thai specialists, who were alerted to the incident and received information
the following day.
 Android Users Data Leak: Security researchers discovered the personal information of more
than 100 million Android users exposed in May 2021 as a result of a few cloud administration
misconfigurations. Unprotected continuously data sets used by 23 applications saw a rise in
downloads from 10,000 to 10,000,000, including resources for interior designers. Researchers
from Check Point discovered that anyone could access sensitive and private information,
including names, email addresses, dates of birth, talk messages, locations, orientations,
passwords, photos, installation information, phone numbers, and pop-up messages.
5. Discuss the consequences of the breach
A data breach can have as many different effects as there are types of breaches. It might only
involve one worker learning the salaries of his coworkers and threatening to file a lawsuit to demand a
raise. Alternately, it could be as serious as computer hackers or cybercriminals accessing the files on
your system and encrypting them before requesting a ransom.

If you've been staying updated on the news lately, you may have noticed that a number of data
breaches have been making headlines. These breaches frequently involve getting access to customer
data, including addresses, names, social security numbers, and even credit card numbers. Due to
lawsuits and lost business, these breaches could cost the affected companies millions of dollars.

Detecting, defining, and recovering from a breach can be a lengthy and time-consuming process
for an organization. Although the consequences of this type of leak can be devastating for larger
corporations, they can spell the end of a small business. The best strategy is to be ready if it happens
and to prevent it from happening in the first place.

6. Some solutions to organizations

 Inform everyone about their role: It is critical that everyone knows what to do if they detect
a security threat. As an added benefit, workers will be able to understand the harm that a
mistake can cause, reducing the risk of information breaches caused by human error. It is also
critical that employees understand how to report a security concern and who is responsible for
taking additional steps in response to a breach. This will assist the company in identifying and
addressing any gaps in the program so that when a breach occurs, you can take control of it.
 Control data access wisely: Once you've determined that you have a legitimate business need
to keep sensitive data, take reasonable steps to keep it secure. Not every member of your team
requires unrestricted access to your network and the data stored on it. Consider separate user
accounts for your network to limit access to places where personal data is stored or to control
who can use specific databases. Access control for paper files, external drives, disks, and so on
could be as simple as a locked file cabinet. Administrative access, which allows a user to make
system-wide changes to your system, should be restricted to employees who are assigned to
that task.
 Teamwork: One of your top priorities should be to put together a well-oiled computer incident
response team (CIRT), with each member responsible for specific roles and responsibilities
such as threat monitoring, vulnerability assessment, and incident handling. A resource-
constrained organization may lack the skill sets to handle all of these specialty tasks on its own
in many cases, so partnering with an IR firm can be beneficial. Furthermore, especially after an
 incident, your CIRT must collaborate with other business groups such as public relations, legal,
human relations, and the executive team.
 Have a data breach response plan: While preventing a data breach is always the primary
goal, your company must also have a plan in place for dealing with a breach. In some cases, the
ability to detect a breach quickly can save millions of dollars. Consult with a cyber security
expert to determine how to detect, contain, and recover from a data breach.

III. Organizational security procedures(P2)

1. Security procedure definition
A security system is a collection of vital exercises that carry out a specific security task or
capacity. Methodology is typically planned as a series of steps to be followed as a consistent and
monotonous methodology or cycle to produce a final product. Once implemented, security
methods provide a set of predefined activities for directing the organization's security endeavors,
including preparation, process evaluation, and process improvement. Methodology serves as a
starting point for implementing the consistency required to reduce variation in security processes,
thereby increasing safety control within the organization. Reduced variety is also a good way to
dispose of waste, improve quality, and boost execution in the security division.

2. Some organizational security procedures

2.1. Authentication method
 Definition: The process of determining who or what someone or something is known as
authentication. Authentication technology controls system access by determining whether the
login information matches the information in the user's database on the server. This contributes
to the security of systems, processes, and corporate information.
 During authentication, the user's credentials are compared to the information stored in the user
information database on the operating system server or via the authentication server. If the
information is correct, the authenticated entity can use the raw, and the user is granted access.
User permissions determine which resources the user has access to, as well as any other access
rights associated with the user, such as the number of hours the user can access the resource
and the number of resources the user can access.
 Figure 6: Authentication

2.2. Access control

 Implementing an access control system is the most effective way to improve physical security.
In brief, access control is a method of managing who is permitted to enter spaces or gain access
to amenities within your facility. It may appear simple, but it is much more than just unlocking
doors. You can manage almost every aspect of physical security with the right system,
including authenticating employee identities, allowing visitor access, setting alarms, avoiding
incorrect use, and controlling who can access certain floors via elevator. You can manage
almost any physical aspect of your facility with access control.
 Access control is divided into four categories that are commonly accepted in modern office
policies: mandatory, discretionary, role-based, and rule-based.
o Mandatory access control (MAC) assigns users a specific level of clearance, protecting
assets based on clearance.

Figure 7: Mandatory access control (MAC)

o Discretionary access control (DAC) does the same thing, but on an individual basis for
each protected resource.

Figure 8: Disrcetionary access control (DAC)

o Role-based access is similar to MAC and DAC in that it assigns a level of access to
users based on their job title or department.

Figure 9: Role-based access control

o Instead of determining access based on identity, rule-based access determines access

based on the method of access being used.

Figure 10: Rule-based access control

 Authorization (granted or denied), authentication (identity verification), accessing (entering a
space), management (controlling access), and auditing (ensuring everything is working
properly) are the five major phases of access control procedure. A unified access control policy
describes the criteria, conditions, and processes that must be implemented in each of those
access control phases. Companies such as Kisi provide remote management features that
increase security and enable physical space management from anywhere.
2.3. Physical security
 Physical security is the most important aspect of workplace safety. This category includes
many disparate components, such as fire protection, employee safety regulations, and anti-theft
measures. In a nutshell, it's your first line of defense between you and disaster. A
comprehensive physical security plan is critical because it reduces liabilities, insurance claims,
closures, and other security expenses that hurt your bottom line. Your physical security policy
should include information about employee access, identity authentication, facility
requirements, and alarm systems, among other things.
 Every server, data storage, customer data, client contract, business strategy document, and
piece of intellectual property is vulnerable to physical threats of destruction and theft. If an
intruder or fire is able to gain access to critical areas of your facility, such as server rooms and
secure files, your company's assets and amenities may be jeopardized, implying that a physical
security policy is essential for maintaining control over your company's assets and amenities.
The primary advantages of a physical access control policy are the protection of people and
property, reduced risk, fewer financial losses, and improved business continuity and recovery
in the event of a disaster.
IV. Identify the potential impact to IT security
of incorrect configuration of firewall
policies and IDS (P3)
1. Firewall
 Definition: A firewall is a network security device that monitors incoming and outgoing
network traffic and allows or blocks data packets according to a set of security rules. The goal
is to create a barrier between the internal network and traffic from outside sources in order to
block malicious traffic such as viruses or hackers.

Figure 11: Firewall

 Firewall policy:
o Based on its policy, a firewall determines which packets should be accepted, denied, or
dropped. Most firewalls can only accept or drop packets; denying a packet is possible
but uncommon. Denying packets is frequently skipped because the denied packet will
consume more bandwidth on its return trip, and because the originating system will
assume the packet has been dropped if it does not hear back from the remote system
and will act accordingly.
o When a person decides to install a firewall, they usually have a good idea of what it
should do. For example, the firewall should allow traffic to my web server while
blocking all other traffic. This is an illustration of a firewall policy. The person
 responsible for implementing this policy in the firewall, also known as a firewall
administrator, will translate it into a set of technical statements known as a ruleset that
tells the hardware or software what to do.
o Firewalls have a default setting that normally denies all traffic. This is how the
Windows Firewall operates. Windows users who have enabled the Windows firewall
may be familiar with receiving a dialogue box asking if it is alright to allow an
application to accept a network connection. If allowed, the Windows Firewall program
adds a rule to the ruleset stating that traffic to that application is to be allowed. You can
add and remove firewall rules using the Windows Firewall control panel.
 How does a firewall provide security to a network?
o Monitor network traffic: Data entering and exiting the system presents opportunities
for threats to disrupt user operations. When it comes to monitoring and analyzing
network traffic, the firewall relies on pre-defined rules to keep the system safe.
o Defense against virus attack: Controlling user entry points and blocking virus attacks
are two of the most obvious advantages of a firewall. The cost of damage caused by a
virus attack is determined on the type of virus encountered by the user.
o Prevent hacking: With the rise of data theft, firewalls are becoming increasingly
crucial because they can prevent hackers from getting unauthorized access to users'
data, emails, systems, and other resources. Firewalls can fully stop hackers or make it
more difficult for them to choose targets.
o Stop spyware: Stopping spyware from obtaining access and infiltrating your systems is
a much-needed benefit in a data-driven environment. As systems get more complicated
and robust, the number of entry points for thieves to obtain access to your systems
grows. One of the most popular methods for unauthorized individuals to get access is
through the use of spyware and malware4 programs designed to penetrate your
networks, control your machines, and steal your data. Firewalls are a crucial barrier
against harmful applications.
o Promotes privacy: The promotion of privacy is a major advantage. By working
proactively to keep your data and your customers' data safe, you create a privacy
environment that your clients can rely on. Nobody wants their data stolen, especially
when actions could have been done to prevent the intrusion. Upgraded data-protection
technologies can also provide a competitive edge and a selling point to customers and
clients. The value grows as your company's data becomes more sensitive.

2. IDS
 Definition: An Intrusion Detection System (IDS) is a framework that monitors network traffic
for suspicious activity and delivers warnings when it detects it. It is a product application that
 scans an organization or a framework for damaging actions or strategies. Any malicious
endeavor or infringement is normally reported to an executive or gathered halfway utilizing a
security data and event the board (SIEM) framework. A SIEM architecture organizes yields
from many sources and employs alert separation algorithms to distinguish between malicious
behavior and deceptive concerns.

Figure 12: IDS

 How IDS work? Intrusion detection systems identify anomalies in order to capture hackers
before they cause significant damage to a network. IDSes can be network-based or host-based.
The client computer has a host-based intrusion detection system installed, while the network
has a network-based intrusion detection system.
Intrusion detection systems search for signatures of known assaults as well as deviations from
typical behavior. These deviations or anomalies are propagated up the stack and investigated at
the protocol and application layers. They are capable of detecting events such as Christmas tree
scans and DNS poisonings.
An intrusion detection system (IDS) can be implemented as a software application running on
customer hardware or as a network security appliance. To safeguard data and systems in cloud
deployments, cloud-based intrusion detection solutions are now available.
 The Importance of IDS:
o Intrusion detection systems provide various advantages to enterprises, beginning with
the capacity to detect security problems. An intrusion detection system (IDS) can be
used to help assess the number and types of attacks. This information can be used by
organizations to modify their security systems or build more effective measures. An
 intrusion detection system can also assist businesses in identifying flaws or issues with
their network device setups. These measures can then be used to analyze potential
dangers in the future.
o Intrusion detection systems can also assist businesses in meeting regulatory
requirements. An intrusion detection system (IDS) provides businesses with more
visibility throughout their networks, making it easier to meet security laws.
Furthermore, firms can utilize their IDS logs as proof to demonstrate that they are
satisfying specific compliance standards.
o In addition, intrusion detection systems can increase security responses. Because IDS
sensors can detect network hosts and devices, they can also be used to analyze data
within network packets and identify the operating systems of services being used.
Using an IDS to collect this data can be far more efficient than manually censusing
connected systems.

3. The potential impact (Threat-Risk) of a firewall and IDS if

they are incorrectly configured in a network
 Firewall
o Service permissions: Unnecessary services are frequently left operating on the firewall,
exposing organizations to risk and widening the attack surface. This risk is eliminated when
devices are designed from the start with the principles of zero-trust and least privilege. It
also assures that gadgets can only perform the functions for which they were designed.
o Inconsistent authentication: Enterprises frequently have networks that span many
continents, locations, and environments. Consistent authentication across these several
locations is essential for proper firewall hygiene. If some criteria are weaker than others,
the misalignment generates weak spots in the company that can be exploited like an
unlocked door. As a result, your company will be vulnerable to cyber-attacks.
o EC2 instances: Incorrectly configuring security groups can expose you to unneeded risk.
According to AWS, AWS Security Groups configured to leave SSH open to the Internet
were among the most egregious in 73 percent of the companies analyzed. Any method that
relies on frequently changing IP addresses is prone to errors.
 IDS
o Susceptible to Protocol Based Attacks: Because an NIDS examines protocols as they are
collected, they are vulnerable to the same protocol-based assaults as network hosts.
Protocol analyzer issues and incorrect data might cause an NIDS to crash.
o Will not prevent incidents by themselves: An intrusion detection system (IDS) does not
impede or prevent attacks; rather, it aids in their detection. As a result, an IDS should be
 essential for a comprehensive arrangement that integrates other safety efforts and people
who know how to respond appropriately.
o Using shared network resource to gather NIDS data: NIDS administrators frequently
deploy NIDS sensors on single NIC or multihomed network devices with one or more
connections to production network segments. This setting implies that the NIDS sensor will
communicate data captures via the same interface that the sensor is sensing. Because the
same interface is used to gather data and submit it to centralized reporting databases, this is
a less-than-ideal security architecture. An attacker can use this network setup to do one of
two things:
 Disable the IDS and prevent it from sending an alert.
 Intercept the data being sent to the reporting database before it reaches the database
and change the nature of the data, something a man in the middle attack may
potentially accomplish.

V. Show, using an example for each, how

implementing a DMZ, static IP and NAT
in a network can improve Network
Security (P4)
1. DMZ
 Definition: A demilitarized zone (DMZ) is a physical or logical subnet that isolates a local area
network (LAN) from other untrusted networks. Any service offered to clients via the public
internet should be placed in the DMZ network. Typically, external-facing servers, assets, and
administrations are housed there. Web, email, domain name framework, File Transfer Protocol,
and intermediary servers are the most widely used of these administrations. Servers and assets
in the DMZ are accessible over the web, but the remainder of the internal LAN is inaccessible.
This method adds an extra degree of security to the LAN by restricting a programmer's ability
to directly access inbound servers and information from the web.
 Figure 13: DMZ

 The importance of DMZ: To safeguard business intranets, DMZ aids in network separation.
Subnets make it difficult for attackers to obtain access to internal servers or resources by
restricting remote access to them. To divide applications or servers exposed to the internet
from the intranet, businesses deploy them in a DMZ. The DMZ isolates these resources, so that
even if they are compromised, the attack is unlikely to do significant harm.
 How does a DMZ work? A DMZ acts as a buffer between the private and public networks.
Before reaching servers in the DMZ, all network traffics are routed to the subnet between two
firewalls and filtered using firewalls or other security devices.
 Advantages of DMZ:
o Access control: The DMZ provides access control for external services that are not
within the scope of the enterprise. Additionally, a network segmentation level is
included, which increases the amount of obstacles users must pass in order to get access
to an organization's private network.
o Network reconnaissance prevention: The DMZ can also keep an attacker from
finding possible targets in the network. Even if the DMZ system is compromised, the
internal firewall secures the private network while keeping it separate from the DMZ. If
attackers attempt to breach the DMZ's internal barrier, they will be disconnected from
the private network.
 o Protection against Internet Protocol (IP) phishing attacks: In some circumstances,
an intruder attempts to circumvent security constraints by impersonating an authorized
male IP address. The DMZ can then stop IP spoofers while another network service
checks access to verify the legitimacy of the IP address.

2. Static IP
 Definition: A static IP address is a 32-bit number that is assigned to a computer as an internet
address. This number is often issued by an internet service provider (ISP) in the form of a
dotted quad. A static IP address is one that was directly allocated to a device rather than one
assigned by a DHCP server. It is called static because it does not change, as opposed to
dynamic IP addresses, which do.

Figure 14: Static IP

 How static IP works?

o Your ISP will assign a public WAN IP address to your internet modem. Your ISP leases
these public IP addresses in blocks and they are Internet routable.
o The modem is linked to your router's WAN port. The router will control traffic between the
LAN devices and the Internet.
o Your LAN-connected devices will all be allocated individual private IP addresses by the
router and will share the router's single public WAN IP Internet connection.
o Local LAN IP addresses can be changed; however, WAN IP addresses are assigned by the
ISP.
o Depending on your ISP's lease duration, you can keep the same dynamic IP for months.
When the lease expires or the ISP DHCP detects a different hardware MAC address, it will
allocate another public WAN IP address from its pool of available addresses.
 Advantages of Static IP:
 o Speed: Because static IP addresses have fewer inconsistencies, equipment assigned to them
tend to perform faster. Only if you utilize broadband will you notice the difference in
speed. No, not for DSL connections. This is especially useful if you frequently upload and
download files.
o Security: The security level provided by a Static IP address is always higher. Static IP
addresses include an additional degree of security, ensuring that the majority of security
issues are avoided.
o Remote access is possible in Static IP address utilizing applications such as Virtual Private
Network (VPN). That is, gadgets can be accessed from anywhere in the world. When the
device is connected to the internet, all of the information becomes available.
o Accuracy: When it comes to geolocation data, a static IP address is quite accurate. All
geolocational services will be able to determine the precise location of a business. With this
exact information, firms can be confident that they are always on the cutting edge. This is
advantageous for businesses in a variety of ways.

3. NAT
 Definition: Network Address Translation (NAT) is a technique that converts one or more local
IP addresses into one or more global IP addresses and vice versa to give Internet connectivity
to local hosts. It also performs port number translation, i.e., masks the host's port number with
another port number in the packet that will be forwarded to the destination. It then adds the
matching IP address and port number entries to the NAT table. NAT is often implemented on a
router or firewall.

Figure 15: NAT

  How NAT work?
o A border router has two interfaces configured in NAT; one router has an interface in the
local network and another interface in the global network.
o When a packet is sent to and from the network, network address translation converts the
local IP address to the global IP address. However, as a packet enters the internal or local
network, its global IP address gets modulated to the local IP address.
o If no IP address is available, the packets are sent, and an Internet Control Message
Protocol's host unreachable packets are delivered to the specified destination.
o In a network, two different hosts, A and B, are mapped, and if both request the same
destination port with the same port number, say 2000 on the host side simultaneously, then
NAT performs only the change of IP address, and when the packets arrive at NAT, both of
the A and B IP addresses are masked by the established network's global or public IP
address and delivered to the estimated destination.
o The router's public IP address receives a delivery message from the destination port. Once a
response is received, NAT will be perplexed as to the origin of the host response due to
their two identical port numbers A and B. To address such issues, NAT masks the source
port number and modifies the NAT entry table.
o The inner IP address can be modified, however, the outside IP address is not directly under
the organization's control. Addresses are changed or translated both inside and outside of
the network.
 Advantages of NAT:
o When the user employs NAT overload, NAT helps to preserve the IPv4 address space.
o By implementing several source pools, load balancing pools, and backup pools, NAT
improves the reliability and flexibility of connectivity to the global network.
o NAT is a well-known network addressing mechanism. If a global IP address is used, then
address space must be appropriately assigned. Because several IP addresses may be
required when developing a network.
o Because the hosts integrated into NAT networks are unreachable by other network devices,
NAT adds an extra degree of protection to the network.

VI. Conclusion
PC security is a broad subject that is becoming increasingly important as the world becomes
increasingly interconnected, with networks being used to govern substantial exchanges. Since the
advent of the Internet, the environment in which machines should reside has shifted dramatically. Most
security concerns are caused by programming that fails unexpectedly. While programming security
 has a lot more work to do, it brings a lot to the table for professionals who want to get to the bottom of
safety issues.

Following the study, I had a better understanding of several methods to increase network security for
enterprises, such as firewalls, static IP addresses, and Nat... as well as some ways to avoid being
compromised or leaking data.

References
Henriquez, M., 2021. The top data breaches of 2021. [online] securitymagazine.com. Available at: [Accessed 15
February 2022].

Helll, M., 2021. What Is a Security Threat?: Get Your Answer Here. [online] debricked.com. Available at: [Accessed
15 February 2022].

Rosencrance, L., 2021. Top 10 types of information security threats for IT teams. [online] techtarget.com. Available
at: [Accessed 15 February 2022].

Omoth, T., 2022. Ten ways to protect your company from the next big data breach. [online] itpro.com. Available
at: [Accessed 17 February 2022].

Steven, J., 2016. How businesses should prepare for a data breach. [online] finextra.com. Available at: [Accessed
21 February 2022].

Patterson, D. and Fay, J., 2017. Contemporary Security Management. 4th ed. ButterworthHeinemann, pp.495-522.

Hayslip, G., 2018. 9 policies and procedures you need to know about if you’re starting a new security program.
[online] csoonline.com. Available at: [Accessed 22 February 2022].

Pankaj, 2022. Intrusion Detection System (IDS). [online] geeksforgeeks.org. Available at: [Accessed 22 February
2022].

Fisher, T., 2021. What Is a Static IP Address?. [online] lifewire.com. Available at: [Accessed 22 February 2022].

Sharma, S., 2021. Network Address Translation (NAT). [online] https://www.geeksforgeeks.org/. Available at:
[Accessed 22 February 2022].