ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 13 June 2023 Date Received 1st submission 10 June 2023

Re-submission Date Date Received 2nd submission

Student Name LE ANH QUAN Student ID GCH211111

Class GCH1105 Assessor name Michael Omar

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
Table of Contents
Table of Contents ........................................................................................................................................... 2
List of Figures................................................................................................................................................. 3
Introduction. ................................................................................................................................................ 4
Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized
security breach and discuss its consequences (P1). .................................................................................... 4
1. Threat definition. ............................................................................................................................. 4
2. Identify threats agents to organizations. .......................................................................................... 4
3. List type of threats that organizations will face. .............................................................................. 6
4. What are the recent security breaches? List and provides examples with dates............................ 11
5. Discuss the results of this breach. .................................................................................................. 12
6. Suggest solutions to organizations. ................................................................................................ 13
Task 2 - Describe at least 3 organizational security procedures (P2). ...................................................... 14
1. Define security procedure. ............................................................................................................. 14
2. Discuss at least 3 security procedures............................................................................................ 14
Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and
IDS (P3). ................................................................................................................................................... 15
1. Discuss briefly firewalls and policies, their usage and advantages in a very network. ................. 15
2. Intrusion Detection System (IDS). ................................................................................................ 24
3. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network. ....................................................................................................................... 28
Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network
can improve Network Security (P4). ........................................................................................................ 30
1. Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as an
advantage............................................................................................................................................... 30
2. Define and seek advice from the help of diagram static IP. specialize in its usage and security
function as advantage. ........................................................................................................................... 32
3. Define and visit the help of diagram NAT. specialize in its usage and security function as
advantage............................................................................................................................................... 35
Conclusion. ............................................................................................................................................... 39
Bibliography ................................................................................................................................................. 40

List of Figures
Figure 1: Insider Threat. ................................................................................................................................. 6
Figure 2: Viruses and worms. ......................................................................................................................... 7
Figure 3: Botnets. ........................................................................................................................................... 8
Figure 4: Malware. ......................................................................................................................................... 8
Figure 5: Phishing........................................................................................................................................... 9
Figure 6: Ransomware. ................................................................................................................................. 10
Figure 7: Weak password. ............................................................................................................................ 10
Figure 8: Firewall. ........................................................................................................................................ 16
Figure 9: how firewall works ....................................................................................................................... 17
Figure 10: Firewall allowing Good Traffic. ................................................................................................. 17
Figure 11: Firewall blocking Bad Traffic. .................................................................................................... 17
Figure 12: Access Control. ........................................................................................................................... 22
Figure 13: Packet filter. ................................................................................................................................ 22
Figure 14: Proxy service ............................................................................................................................... 23
Figure 15: Stateful inspection. ...................................................................................................................... 23
Figure 16: Firewall Diagram. ....................................................................................................................... 24
Figure 17: IDS. ............................................................................................................................................. 25
Figure 18: Usage of IDS. .............................................................................................................................. 26
Figure 19: DMZ ............................................................................................................................................ 30
Figure 20: Static IP ....................................................................................................................................... 32
Figure 21: NAT ............................................................................................................................................ 36
Introduction.
I am presently employed as a security specialist, an IT Security Specialist trainee, at FPT Information
Security, Vietnam's leading security enterprise. My organization consults and implements
technological solutions for possible IT security issues with medium-sized businesses in Vietnam.

My boss requested me to create an engaging presentation to help teach younger staff on the tools
and procedures involved in detecting and analyzing security threats, as well as policies to protect
your business-critical data and equipment. A comprehensive report with a technical evaluation of
the subjects discussed in the presentation was also provided in addition to the presentation.

Task 1 - Identify types of security threat to organisations. Give

an example of a recently publicized security breach and discuss
its consequences (P1).
1. Threat definition.
A threat is a possible source of harm or risk that can threaten persons, organizations, systems, or
assets. A threat is any prospective occurrence or action that can exploit vulnerabilities and inflict
harm, undermine the confidentiality, integrity, or availability of data or systems. Malicious actors
(hackers, cybercriminals), natural disasters, accidents, and even unintended human behaviors can all
be sources of threats. They can take the shape of cyber assaults, viruses, malware, unauthorized
access attempts, data breaches, or any other behavior that puts information or systems security at
risk. Understanding and mitigating risks is vital for protecting persons, organizations, and key
infrastructure.

2. Identify threats agents to organizations.

a. Nation States
Those companies that operate in certain sectors, e.g. telecoms, oil & gas, mining, power generation,
national infrastructure etc., may find themselves a target for foreign nations either to disrupt
operations now, or to give that nation a future hold in times of adversity. (Lamb, 2019).
b. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses
perpetrated by vandals and the general public).
There are so many times that companies have said to me “Oh we’re not going to be a target for
hackers because….” But the number of random attacks that are going on every day is so vast (there
are no accurate statistics on this to share here) that every and any organization can become a victim.
(Lamb, 2019).

c. Employees and Contractors.

Machines and software programmes are quite good at protecting against malware, unless it is a Zero-
day virus. It is humans that are often the weakest link in the security system, either maliciously or
accidentally. (Lamb, 2019).

d. Terrorists and Hacktivists (political parties, media, enthusiasts, activists, vandals, general
public, extremists, religious followers).
Rather like the threat caused by nation states, it does depend on your activities as to the level of
threat these agents pose. However some terrorists look to target certain industries or countries so
there could be a persistent threat of a random attack against you.

Perhaps the most famous example of this would be the Wikileaks revelations in 2010 publishing
over diplomatic cables and other documents relating to the conflict in Iraq and Afghanistan. (Lamb,
2019).

e. Organised crime (local, national, transnational, specialist).

Criminals are targeting personal data for a number of different reasons; credit card fraud, identity
theft, bank account fraud and so on. These crimes are now being perpetrated on an industrial scale.
Methodologies vary from phishing attacks to ‘Watering Hole’ websites, but the end result is the
same; you and your data are being extracted and used for nefarious means. (Lamb, 2019).

f. Natural disasters (fire, flood, earthquake, volcano).

Whilst not a cyber attack, these events can have the same net effect to your ability to do business. If
you cannot access your offices, data centres, or files stored on the cloud, then you are still
 experiencing a data disaster, and this must be taken into account. In the UK the threat of earthquake
is very low, but every year we see pictures of a town or city under water. (Lamb, 2019).

g. Corporates (competitors, partners).

The threat from a competitor stealing your intellectual property is obvious, but we are increasingly
working with many partner organisations to fill gaps in skills and resources, or simply to provide
services. These partner companies may steal, or reveal, your intellectual property, or the personal
data you are storing, either unwittingly, or maliciously, depending on their motives. (Lamb, 2019).

3. List type of threats that organizations will face.

a. Insider threats.
An insider threat occurs when individuals close to an organization who have authorized access to its
network intentionally or unintentionally misuse that access to negatively affect the organization's
critical data or systems. (Rosencrance, 2023).

Figure 1: Insider Threat.

b. Viruses and worms.
Viruses and worms are malicious software programs (malware) aimed at destroying an
organization's systems, data and network. A computer virus is a malicious code that replicates by
copying itself to another program, system or host file. It remains dormant until someone knowingly
or inadvertently activates it, spreading the infection without the knowledge or permission of a user
or system administration. (Rosencrance, 2023).

Figure 2: Viruses and worms.

c. Botnets.
A botnet is a collection of Internet-connected devices, including PCs, mobile devices, servers and
IoT devices that are infected and remotely controlled by a common type of malware. Typically, the
botnet malware searches for vulnerable devices across the internet. The goal of the threat actor
creating a botnet is to infect as many connected devices as possible, using the computing power and
resources of those devices for automated tasks that generally remain hidden to the users of the
devices. The threat actors -- often cybercriminals -- that control these botnets use them to send email
spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-
service attacks. (Rosencrance, 2023).
 Figure 3: Botnets.

d. Malware Attacks.
Malware is the second big threat facing small businesses. It encompasses a variety of cyber threats
such as trojans and viruses. Malware is a varied term for malicious code that hackers create to gain
access to networks, steal data, or destroy data on computers. Malware usually comes from malicious
website downloads, spam emails or from connecting to other infected machines or devices. (Witts,
2023).

Figure 4: Malware.
e. Phishing Attacks.
The biggest, most damaging and most widespread threat facing small businesses is phishing attacks.
Phishing accounts for 90% of all breaches that organizations face, they’ve grown 65% over the last
year, and they account for over $12 billion in business losses. Phishing attacks occur when an
attacker pretends to be a trusted contact, and entices a user to click a malicious link, download a
malicious file, or give them access to sensitive information, account details or credentials. (Witts,
2023).

Figure 5: Phishing.

f. Ransomware.
Ransomware is one of the most common cyber-attacks, hitting thousands of businesses every year.
These attacks have only become more common,, as they are one of the most lucrative forms of
attacks. Ransomware involves encrypting company data so that it cannot be used or accessed, and
then forcing the company to pay a ransom to unlock the data. This leaves businesses with a tough
choice – to pay the ransom and potentially lose huge sums of money, or cripple their services with a
loss of data. (Witts, 2023).
 Figure 6: Ransomware.

g. Weak Passwords.
Another big threat facing small businesses is employees using weak or easily guessed passwords.
Many small businesses use multiple cloud based services, that require different accounts. These
services often can contain sensitive data and financial information. Using easily guessed passwords,
or using the same passwords for multiple accounts, can cause this data to become compromised.
(Witts, 2023).

Figure 7: Weak password.

4. What are the recent security breaches? List and provides examples with dates.
a. Activision: February 2023.
The video game publisher behind the Call of Duty franchise, Activision, confirmed on February
19th, that they had suffered a data breach back in December. The hacker used an SMS phishing
attack on an HR employee to gain access to employee data, including their emails, cell phone
numbers, salaries, and work locations. (Farrelly, 2023).

b. ChatGPT: March 2023.

ChatGPT has been in the public discourse for months now because of its revolutionary AI
capabilities, but some bad news came in late March when they announced they experienced a data
breach. Officials from OpenAI, ChatGPT’s parent company, said “In the hours before we took
ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last
name, email address, payment address, the last four digits (only) of a credit card number, and credit
card expiration date. Full credit card numbers were not exposed at any time” (via CMSWire).
(Farrelly, 2023).

c. Yum Brands (KFC, Taco Bell, & Pizza Hut): April 2023.
Yum Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut,
announced in April of 2023 that a cyber attack that occurred earlier this year in January. They
initially believed the attack to only have directly affected corporate data, however they are now being
cautious and notifying employees who may have had their personal data breached.

In a statement provided to Electric, a representative from Yum! says, “In the course of our forensic
review and investigation, we identified some personal information belonging to employees was
exposed during the January 2023 cybersecurity incident. We are in the process of sending individual
notifications and are offering complimentary monitoring and protection services. We have no
indication that customer information was impacted.”

The attack resulted in the company closing down almost 300 locations in the UK back in January,
and has continued to cost the company money in adding security measures, alerting customers, and
brand perception. Proving once again, that data breaches are a dangerous financial burden to big
companies in 2023. (Farrelly, 2023).
d. T-Mobile: May 2023 (and January 2023).
It was announced in May that T-Mobile suffered its second data breach of 2023, after a hack revealed
the PINs, full names, and phone numbers of over 800 customers.

This is it’s ninth data breach since 2018 and second this year already. In early January 2023, T-
Mobile discovered that a malicious actor gained access to their systems in November last year and
stole personal information, like names, emails, and birthdays, from over 37 million customers. Once
they identified the data breach, they were able to track down the source and contain it within a day.

T-Mobile claims they may “incur significant expenses” from this data breach, which will be on top
of the $350 million they agreed to pay customers in a settlement related to an August 2021 data
breach. Not only has T-Mobile lost hundreds of millions of dollars because of their poor security,
but they have also lost customers’ trust after multiple breaches of personal information. (Farrelly,
2023).

5. Discuss the results of this breach.

The results of these security breaches include the exposure of sensitive information, financial losses,
damage to company reputation, and potential implications for affected individuals.

a. Activision.
Financial impact: Activision experienced reputational damage and potential risks to the affected
employees due to the exposure of their personal information.
Overall, the breaches resulted in compromised data, financial costs, customer and employee trust
issues, and the need for companies to invest in additional security measures to prevent future
incidents.

b. ChatGPT.
Financial impact: The breach led to the temporary shutdown of ChatGPT and potentially caused
damage to OpenAI's reputation.

c. Yum Brands (KFC, Taco Bell, & Pizza Hut).

Customer information was not impacted.
 Financial impact: The company closed down nearly 300 locations in the UK, incurred costs for
security measures, customer notification, and experienced a negative impact on brand perception.

d. T-Mobile.
May 2023 breach: The PINs, full names, and phone numbers of over 800 customers were exposed.
January 2023 breach: Personal information, including names, emails, and birthdays, from over 37
million customers was stolen.
Financial impact: T-Mobile incurred significant expenses due to the breaches and had to pay $350
million in settlement to customers affected by a previous breach. The breaches have also led to a
loss of customer trust.

6. Suggest solutions to organizations.

Cybersecurity breaches have been on the rise, and it's expected that by 2023, they'll have grown to
15.4 million. While technological advancements have made it easy for organizations to upgrade their
security measures, malicious hackers are now using sophisticated tools. This means that in addition
to implementing strict cybersecurity policies, you also have to take proactive measures to reduce
your cybersecurity risks. (Sukianto, 2023)

Here is an overview of the suggested solutions:

➢ Encrypt Your Data and Create Backups

➢ Use Strong Passwords.
➢ Assess and Monitor Your Vendors.
➢ Reduce Your Attack Surface.
➢ Install Firewalls.
➢ Create A Secure Cybersecurity Policy.
Task 2 - Describe at least 3 organizational security procedures
(P2).
1. Define security procedure.
Security procedures refer to a set of guidelines and actions designed to protect people, assets, and
information from potential threats and risks. These procedures are implemented to ensure the safety
and integrity of individuals, organizations, and their operations. Security procedures can vary
depending on the specific context, industry, and nature of the threats involved.

Standard operating procedures are frequently used in conjunction with other forms of
documentation, such as a security policy. These papers work together to help the company achieve
its security goals. The other papers contribute to the practice's structure, with the policy establishing
the overarching strategy and security posture.

2. Discuss at least 3 security procedures.

a. Human resources policy.
Human resources policies are guidelines for hiring, work processes, compensation, leave, training,
promotion, work environments, termination and other important functions. HR policies also outline
how an organization will treat its people and property. They’re developed by HR managers with the
help of company management. It’s important to enumerate the policies before issues arise so you
know how to respond. (Holliday, 2021).

HR policies are a must-have for any organization. They can guide employees and leaders about
what’s expected of them, ensure everyone is treated consistently, as well as prevent problems,
including legal concerns.

b. Incidence response policy.

Incident response policies enable organizations to plan and codify their response to information
security incidents. These policies typically include how the incident response team is made up and
the roles of individual members, how to implement the policy, tools used to respond to incidents and
 recover from security breaches, and who is in charge of verifying that the policy is successfully
enforced. (cynet, 2023).

c. AUP Acceptable use policy.

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must
agree to for access to a corporate network, the internet or other resources. Many businesses and
educational institutions require employees or students to sign an AUP before being granted a network
ID. (Kirvan, 2023).

Task 3 - Identify the potential impact to IT security of incorrect

configuration of firewall policies and IDS (P3).
1. Discuss briefly firewalls and policies, their usage and advantages in a very
network.
a. Firewall.
A Firewall is a network security device that monitors and filters incoming and outgoing network
traffic based on an organization’s previously established security policies. At its most basic, a
firewall is essentially the barrier that sits between a private internal network and the public Internet.
A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.
(Checkpoint, 2023).

b. Policies.
Firewalls are accessible as software as well as physical appliances. Many hardware-based firewalls
also function as DHCP servers for the internal network they protect. Several personal computer
operating systems have software-based firewalls to protect against assaults from the public
Internet. Many routers that carry data across networks have firewall components, and many
firewalls may also perform simple regular tasks
 Figure 8: Firewall.

c. How does a firewall work?

Firewalls filter the network traffic within a private network. It analyses which traffic should be
allowed or restricted based on a set of rules. Think of the firewall like a gatekeeper at your
computer’s entry point which only allows trusted sources, or IP addresses, to enter your network.

A firewall welcomes only those incoming traffic that has been configured to accept. It distinguishes
between good and malicious traffic and either allows or blocks specific data packets on pre-
established security rules. (Deshpande, 2022).

These rules are based on a variety of parameters, including the source, destination, content, and other
information supplied by the packet data. They restrict traffic from unknown sources in an effort to
thwart cyberattacks.

The figure below shows how a firewall allows useful traffic to reach a user's private network.

This way, a firewall carries out quick assessments to detect malware and other suspicious activities.

There are different types of firewalls to read data packets at different network levels.
 Figure 9: how firewall works

Figure 10: Firewall allowing Good Traffic.

Figure 11: Firewall blocking Bad Traffic.

d. Types of firewall.
A firewall can either be software or hardware. Software firewalls are programs installed on each
computer, and they regulate network traffic through applications and port numbers. Meanwhile,
hardware firewalls are the equipment established between the gateway and your network.
Additionally, you call a firewall delivered by a cloud solution as a cloud firewall. (Deshpande, 2022).

Here are some types of firewalls:

➢ Packet Filtering.
A packet filtering firewall regulates data flow into and out of a network. It authorizes or
denies data transmission based on the packet's source address, the packet's destination
address, the application protocols used to transfer the data, and so on.

➢ Proxy Service Firewall.

The network is protected by this form of firewall by filtering messages at the application
layer. A proxy firewall acts as a gateway from one network to another for a specific
application.

➢ Stateful Inspection.
Such a firewall permits or blocks network traffic based on state, port, and protocol. Here, it
decides filtering based on administrator-defined rules and context.

➢ Next-Generation Firewall.
The next-generation firewall, according to Gartner, Inc., is a deep-packet inspection firewall
that combines application-level inspection, intrusion prevention, and information from
outside the firewall to go beyond port/protocol inspection and blocking.

➢ Unified Threat Management (UTM) Firewall.

 A UTM device generally integrates the capabilities of a stateful inspection firewall, intrusion
prevention, and antivirus in a loosely linked manner. It may include additional services and,
in many cases, cloud management. UTMs are designed to be simple and easy to use.

➢ Threat-Focused NGFW.
These firewalls provide advanced threat detection and mitigation. With network and endpoint
event correlation, they may detect evasive or suspicious behavior.

e. Advantages and disadvantages of firewall in network.

Essentially, a firewall is a type of wall that protects hackers from attacking a network. Perhaps one
of the most basic safeguards ever devised to combat internet risks. It protects your computer from
different hazards on the internet, including cyber assaults. While the firewall provides an
overwhelming majority of benefits, it also has certain downsides. Understanding both the benefits
and cons will help you use the tool more effectively to get the most out of your organization.

➢ Advantages of firewall in network:

• Monitor Traffic: a significant responsibility of a firewall is to watch the traffic
passing through it. regardless of the information traveling through a network is within
the style of packets. The firewall inspects each of those packets for any hazardous
threats. If any chance the firewall happens to seek out them it'll immediately block
them.

• Prevent Hackers: Hackers on the web constantly searching for computers so as for
finishing up their 23 illegal activities. When the hackers happen to search out such
computers they'll start to try and do even malicious activities like spreading viruses.
except for those hackers there are often unknown people like the neighbors looking
for an open internet connection. Hence, to forestall such intrusions it's a decent idea
to be with firewall security.
 • Better Privacy: Privacy is one in every of the foremost concerns of a user. Hackers
constantly look out for privacy information for getting clues about the user. But by
employing a firewall many of the services offered by a site like the name service and
therefore the finger is blocked. Hence, the hackers are with no chance of getting
privacy details. Additionally, firewalls can block the DNS information of the
positioning system. thanks to this the names and therefore the IP address won't be
visible to the attackers.

• Access Control: Firewalls include an access policy which will be implemented sure
hosts and services. Some hosts will be exploited by attackers. that the best within the
case is to dam such hosts from accessing the system. If a user feels that they have
protection from these styles of unwanted access, this access policy will be enforced.

➢ Disadvantages of firewall in network:

• Cost: Firewalls do have an investment looking on the kind of it. generally hardware,
firewalls are dearer than software firewalls. Besides, those hardware firewalls require
installations and maintenance which might be costly. These forms of configurations
can not be shunned an expert IT employee. Comparing this to a software firewall,
there's not much investment and it's easy enough for a median user to deploy them.

• User Restriction: it's little doubt that firewalls prevent unauthorized access to your
system from the network. While this will be advantageous for a mean user, this will
actually be a controversy for big organizations. The policies employed by the firewall
cab be strict enough to forestall employees from doing certain operations. As a results
of this, the productivity of the corporate is affected severely. Sometimes this will also
prompt employees from using backdoor exploits. However, this may result in security
 problems since the info traveled through these backdoor exploits isn't examined
properly.

• A firewall cannot prevent what has been approved. Firewalls enable regular
communications of permitted apps, however if such applications contain weaknesses,
a firewall will not halt the attack because the communication is allowed.

• Malware Attacks: While firewalls are capable of preventing the most common types
of trojans, they have shown to be powerless against other types of malware. Malware
of this type can infiltrate your system using trustworthy data. As a result, whether or
not you have a firewall, it is still suggested that you have anti-malware software
installed on your PC. Because the only way to get rid of them is to run an antimalware
check.

f. How does a firewall provide security to a network?

When your computer has firewall protection, everything that goes in and out of it's monitored. The
firewall monitors all this information traffic to permit ‘good data’ in, but block ‘bad data’ from
entering your computer. Firewalls use one or a mix of the subsequent three methods to manage traffic
flowing in and out of the network:

• Access Control:
One of the primary functions of a firewall is to enforce access control laws. It examines
incoming and outgoing network traffic using predefined rules and filters packets based on a
number of criteria such as source IP address, destination IP address, port number, and
protocol.
 Figure 12: Access Control.

• Packet filtering: the foremost basic style of firewall software uses pre-determined security
rules to form filters – if an incoming packet of knowledge (a small chunk of data) is flagged
by the filters, it's not allowed through. Packets that make it through the filters are sent to the
requesting system and every one other are discarded.

Figure 13: Packet filter.

• Proxy service: A firewall proxy server is an application that acts as an intermediary between
systems. Information from the net is retrieved by the firewall then sent to the requesting
system and the other way around. Firewall proxy servers operate at the applying layer of the
firewall, where both ends of a connection are forced to conduct the session through the proxy.
They operate by creating and running a process on the firewall that mirrors a service as if it
 were running on the tip host and thus centralize all information transfer for an activity to the
firewall for scanning.

Figure 14: Proxy service

• Stateful inspection: the foremost modern method of firewall scanning, that does not depend
on the memory- intensive examination of all information packets is ‘stateful inspection. A
‘stateful’ firewall holds significant attributes of every connection in a very database of trusted
information, for the duration of the session. These attributes, which are collectively called
the ‘state’ of the connection, may include such details because the IP addresses and ports
involved within the connection and also the sequence numbers of the packets being
transferred. The firewall compares information being transferred to the copy relevant to it
transfer held within the database – if the comparison yields a positive match the knowledge
is allowed through, otherwise it's denied.

Figure 15: Stateful inspection.

g. Show with diagrams the instance of how firewall works.
A firewall is a system or system combination that imposes a barrier between two or more networks.
A firewall is frequently a router with access control lists (ACLs), a specialized hardware box, or
software running on a PC or operating system. A firewall should be installed within the topology so
that all traffic from outside the protected network is routed via it. A security policy establishes which
traffic is allowed to pass through the firewall.

Figure 16: Firewall Diagram.

2. Intrusion Detection System (IDS).

a. Define.
A system called an intrusion detection system (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed. It is software that checks a network or
system for malicious activities or policy violations. Each illegal activity or violation is often recorded
either centrally using a SIEM system or notified to an administration. IDS monitors a network or
system for malicious activity and protects a computer network from unauthorized access from users,
including perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a
classifier) capable of distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good
(normal) connections’. (geeksforgeeks, 2023).
 Figure 17: IDS.

b. It usage.
Intrusion detection systems are used to detect network anomalies and apprehend hackers before they
cause significant damage. Both network-based and host-based intrusion detection systems are
conceivable. The client computer is equipped with a host-based intrusion detection system, whereas
the network is equipped with a network-based intrusion detection system.

Intrusion detection systems detect attacks by searching for indicators of prior attacks or deviations
from normal activity. These anomalies are escalated and analyzed at the protocol and application
levels. They can identify occurrences like Christmas tree scans and DNS poisonings.

An IDS may be implemented as a software application running on customer hardware or as a network

security appliance. Cloud- based intrusion detection systems are also available to protect data and
systems in cloud deployments.
 Figure 18: Usage of IDS.

Intrusion detection systems analyze network traffic in order to identify when unauthorized actors
launch an attack. IDS accomplish this by providing security experts with any or all of the following
functionalities:

• Monitoring routers, firewalls, key management servers, and data required by other security
systems to detect, prevent, or recover from breaches.
• Providing a user-friendly interface so that non-expert staff may help control system security.
 • Giving administrators a mechanism to fine-tune, organize, and comprehend relevant OS audit
trails and other logs that would otherwise be impossible to manage or analyze.
• A huge database of attack signatures against which system information may be compared.
• Recognize and report data file changes discovered by the IDS.
• Sounding an alert and telling the user that security has been compromised. Blocking attackers
or the server.

c. Types of IDS.
➢ Network Intrusion Detection System (NIDS): Network intrusion detection systems
(NIDS) are set up at a planned point within the network to examine traffic from all devices
on the network. It performs an observation of passing traffic on the entire subnet and matches
the traffic that is passed on the subnets to the collection of known attacks. Once an attack is
identified or abnormal behavior is observed, the alert can be sent to the administrator.
➢ Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on
independent hosts or devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if suspicious or malicious
activity is detected. It takes a snapshot of existing system files and compares it with the
previous snapshot. If the analytical system files were edited or deleted, an alert is sent to the
administrator to investigate.
➢ Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection
system (PIDS) comprises a system or agent that would consistently reside at the front end of
a server, controlling and interpreting the protocol between a user/device and the server. It is
trying to secure the web server by regularly monitoring the HTTPS protocol stream and
accepting the related HTTP protocol. As HTTPS is unencrypted and before instantly entering
its web presentation layer then this system would need to reside in this interface, between to
use the HTTPS.
➢ Application Protocol-based Intrusion Detection System (APIDS): An application
Protocol-based Intrusion Detection System (APIDS) is a system or agent that generally
resides within a group of servers. It identifies the intrusions by monitoring and interpreting
the communication on application-specific protocols.
 ➢ Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the
combination of two or more approaches to the intrusion detection system. In the hybrid
intrusion detection system, the host agent or system data is combined with network
information to develop a complete view of the network system. The hybrid intrusion
detection system is more effective in comparison to the other intrusion detection system.
(geeksforgeeks, 2023).

d. Benefit of IDS.
➢ Detects malicious activity: IDS can detect any suspicious activities and alert the system
administrator before any significant damage is done.
➢ Improves network performance: IDS can identify any performance issues on the network,
which can be addressed to improve network performance.
➢ Compliance requirements: IDS can help in meeting compliance requirements by monitoring
network activity and generating reports.
➢ Provides insights: IDS generates valuable insights into network traffic, which can be used to
identify any weaknesses and improve network security. (geeksforgeeks, 2023).

3. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are
incorrectly configured in a network.
a. Impact of misconfigured firewall.
➢ Unauthorized Access: Incorrect firewall configurations may allow unauthorized access to the
network or specific resources within it. This could enable malicious actors to infiltrate the
network, compromise sensitive data, or launch attacks from within.

➢ Data Breaches: Improper firewall configurations may lead to data breaches by allowing
unauthorized individuals or entities to access and exploit sensitive information. This could
result in financial losses, reputational damage, and legal consequences for the organization.

➢ Malware and Virus Infections: Misconfigured firewalls can inadvertently allow malware or
viruses to enter the network. Without proper filtering and inspection rules, malicious
 software can bypass the firewall's protection mechanisms, infecting systems and spreading
throughout the network.

➢ Network Disruptions: Inaccurate firewall configurations may disrupt network connectivity

and services. This can occur if valid network traffic is mistakenly blocked, causing delays,
timeouts, or complete loss of connectivity for legitimate users, customers, or partners.

b. Potential impact of IDS misconfigurations.

➢ Ineffective Threat Response: Incorrectly configured IDS may result in inappropriate or
insufficient response actions to detected threats. This can lead to delayed or inadequate
mitigation efforts, allowing the attackers to persist and potentially escalate their activities,
causing more significant harm to the network.

➢ Missed Intrusions: If an IDS is not configured properly, it may overlook or fail to detect
actual security breaches or intrusions. This can allow attackers to remain undetected within
the network, giving them time to exploit vulnerabilities, steal data, or cause further damage.

➢ Increased Workload and Resource Consumption: Inaccurate IDS configurations can generate
excessive and unnecessary alerts, overwhelming network administrators and security teams.
This can lead to alert fatigue, where critical alerts might be missed or ignored due to the sheer
volume of false alarms. Additionally, the increased resource consumption caused by
excessive alerts can strain network resources and impact overall performance.

➢ Compliance Issues: Misconfigured IDS may lead to non-compliance with industry

regulations and standards. Compliance frameworks, such as the Payment Card Industry Data
Security Standard (PCI DSS) or the General Data Protection Regulation (GDPR), often
require organizations to implement effective intrusion detection measures. Failure to comply
can result in penalties, fines, and reputational damage.
Task 4 - Show, using an example for each, how implementing a
DMZ, static IP and NAT in a network can improve Network
Security (P4).
1. Define and discuss with the aid of diagram DMZ. Focus on its usage and
security function as an advantage.
a. Define DMZ.
A DMZ is a physical or logical subnet that isolates a LAN from untrusted networks like the public
internet. Any service that is offered to users on the public internet should be set up in the DMZ
network. The external-facing servers, services, and resources are usually placed there. Services
include web, Domain Name System (DNS), email, proxy servers and File Transfer Protocol (FTP),
Voice over Internet Protocol (VoIP). (intellipaat, 2023).

Figure 19: DMZ

The resources and servers in the DMZ network can be accessed from the internet but are isolated
with very limited access to the LAN. Due to this approach, the LAN has an additional layer of
security restricting a hacker from directly accessing the internal servers and data from the internet.

b. How the DMZ work?

The DMZ network functions as a buzzer zone between the LAN and the public Internet. It is secured
between two firewalls, which filter the data exchanged between the internal network and the DMZ,
and traffic flowing from external networks to the DMZ.
 Such a setup enables security measures to screen data packets before they get through the servers in
the DMZ. Before attackers can cause damage to the internal network, they must also break through
the tight security of the DMZ zone. (Zavadsky, 2022)

c. Advantages of DMZ.
A DMZ network offers an efficient configuration of network security. Due to large influxes of user
activity every day, a DMZ network helps enterprises to define user trust on varying levels.
Additionally, a DMZ network introduces several security benefits:

➢ Access Control
DMZ networks ensure that traffic entering the DMZ comes from genuine internet users. With
a DMZ in place, enterprises can regulate user activity on external-facing servers. The typical
dual firewall design of DMZ networks reinforces the level of security to prevent untrusted
networks from infiltrating the local area network. The tighter the security, the more
challenging it will be for cybercriminals to hijack past the DMZ and access resources on the
local area network. (Zavadsky, 2022)

➢ Avert Network Reconnaissance Attack.

The DMZ operates with a security gateway that filters and transports incoming network
packets between public domains and the internal private network.

With a DMZ acting as a buffer, cyberattackers cannot launch their reconnaissance attacks.
In other words, malicious internet users cannot farm and exploit sensitive client information
and company assets. (Zavadsky, 2022)

➢ Prevent Internet Protocol (IP) Spoofing

A DMZ prevents IP spoofing attempts by verification. A DMZ also deploys network
segmentation to grant external users least privilege access to system resources and
applications. (Zavadsky, 2022).
 DMZ's services include:
➢ DNS servers
➢ FTP servers
➢ Mail servers
➢ Proxy se0072vers
➢ Web servers

2. Define and seek advice from the help of diagram static IP. specialize in its usage
and security function as advantage.
a. Define static IP.
A static Internet Protocol (IP) address (static IP address) could be a permanent number assigned to
a computer by a web service provider (ISP). A static IP address is additionally called a hard and fast
IP address or dedicated IP address, and is that the opposite of a dynamic IP address. A computer
with an assigned static IP address uses the identical IP address when connecting to the net. Static IP
addresses are useful for gaming, website hosting or vocalization Internet Protocol (VoIP) services.
Speed and reliability are key advantages. Because a static address is constant, systems with static IP
addresses are prone to data processing and increased security risks.

Figure 20: Static IP

b. How the static IP work?
When a device connects to the internet, it needs an IP address to identify and communicate with
other devices on the network. In the case of a static IP, the address is manually configured on the
device or assigned by the internet service provider (ISP).

Here's how static IP addresses work:

➢ Unique identification: Each device on a network, whether it's a computer, router, or server,
requires a unique IP address to communicate with other devices. A static IP ensures that a
specific address is permanently associated with a particular device or network.

➢ Manual or provider-assigned configuration: To set up a static IP, you can manually

configure it on the device or contact your ISP to request a static IP address. If you choose the
latter option, the ISP will assign you a fixed IP address that you can use for your device or
network.

➢ Unchanging address: Once a static IP address is assigned, it remains the same until it is
manually changed or reassigned by the ISP. This stability is beneficial for certain
applications that rely on consistent addressing, such as hosting servers, remote access, or
running specific services.

➢ Benefits and use cases: Static IP addresses offer several advantages. They enable easy
access to network devices from remote locations, allow hosting of websites and services that
require a permanent address, facilitate reliable device-to-device communication, and support
certain security configurations like IP-based access control lists.
 ➢ Potential limitations: While static IP addresses provide stability and convenience, there are
some considerations to keep in mind. They may involve additional costs from your ISP, as
they are often offered as part of business plans rather than residential ones. Moreover, if you
change your internet service provider or network infrastructure, you may need to reconfigure
or request a new static IP.

c. Advantages of static IP.

➢ Speed

Since Static IP addresses are with less contradictions, the devices assigned with a Static IP address
tends to perform faster. Only if you are a broadband user, the speed difference is extremely
noticeable. Not for the DSL connections. This is especially beneficial if you are constantly uploading
and downloading files.

➢ Security

The security level offered by a Static IP address is always up to a greater extent. Static IP address is
equipped with an additional layer of protection which makes sure that most of the security problems
are prevented.

➢ Accessibility

Remote access is made possible in Static IP address using programs like Virtual Private Network
(VPN). Meaning that, devices can be accessed from any part of the world. As long as the device is
connected to the internet, all the information are made accessible.

➢ Hosting

Currently all type of hosting from web server, email server and other types of servers are accepted
by Static IP address. Therefore, if you have a Static IP address all your customers and clients can
easily access your website. And also, when using Static IP address the devices can easily locate and
find all the servers worldwide.

➢ Stability
 All the Static IP address are known to be stable since they are restricted from changes. Unlike in a
Dynamic IP address, it does nor undergo frequent lapses. Whenever there is a reboot, the computers
will be able to reconnect quickly to the internet using the same IP address.

➢ Accuracy

A Static IP address is highly accurate when it comes to geolocation data. All the geolocational
services will be able to find the accurate business location. With these accurate information, it can
be assured that the businesses are always in the frontline. This is beneficial for businesses in many
ways.

➢ Shared Resources

In some businesses, they commonly share office resources among their employees. For this they use
a business network with devices of Static IP address. Having a device which is assigned with a Static
IP address makes it easier to locate. In the contrary, devices with Dynamic IP address are known to
be difficult to discover.

3. Define and visit the help of diagram NAT. specialize in its usage and security
function as advantage.
a. Define NAT.
Network Address Translation (NAT) is a process in which one or more local IP address is translated
into one or more Global IP address and vice versa in order to provide Internet access to the local
hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with another
port number, in the packet that will be routed to the destination. It then makes the corresponding
entries of IP address and port number in the NAT table. NAT generally operates on a router or
firewall. (saurabhsharma56, 2023).
 Figure 21: NAT

b. How does NAT work?

Here's a overview of how NAT works:

➢ Private IP addresses: In a local network, devices are assigned private IP addresses from a
reserved range, such as those defined in RFC 1918 (e.g., 192.168.0.0/16, 10.0.0.0/8). These
private IP addresses are not routable on the internet and are intended for internal use only.

➢ Public IP address: The network uses a single public IP address that is obtained from the ISP
and assigned to the router or gateway device. This public IP address is routable on the internet
and serves as the identifier for the entire local network.

➢ Outgoing communication: When a device within the local network initiates a connection to a
device on the internet, NAT comes into play. The source IP address of the outgoing packet is the
private IP address of the device, and the source port is randomly selected. The NAT device
 (router or gateway) modifies the packet, replacing the private source IP address with the public
IP address and assigns a unique port number for tracking the connection.

➢ Translation table: The NAT device maintains a translation table that keeps track of the private
IP addresses, corresponding port numbers, and their respective translations to the public IP
address and port numbers. This table allows the NAT device to correctly route incoming
responses from the internet back to the appropriate device within the local network.

➢ Incoming communication: When a response packet is received from the internet, the NAT
device refers to the translation table to determine the private IP address and port number to which
the packet should be forwarded. It modifies the destination IP address and port in the packet
accordingly and sends it to the correct device on the local network.

By performing this translation process, NAT enables multiple devices with private IP addresses to
share a single public IP address for internet communication. This conserves public IP addresses, as
a single address can be used for numerous devices. NAT also provides an additional layer of security
by hiding the private IP addresses of devices within the network from the public internet.

c. Types of NAT.
➢ Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and global addresses.
This is generally used for Web hosting. These are not used in organizations as there are many
devices that will need Internet access and to provide Internet access, a public IP address is
needed.

Suppose, if there are 3000 devices that need access to the Internet, the organization has to
buy 3000 public addresses that will be very costly.
 ➢ Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered
(Public) IP address from a pool of public IP addresses. If the IP address of the pool is not
free, then the packet will be dropped as only a fixed number of private IP addresses can be
translated to public addresses.

Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be
translated at a given time. If 3rd private IP address wants to access the Internet then the packet
will be dropped therefore many private IP addresses are mapped to a pool of public IP
addresses. NAT is used when the number of users who want to access the Internet is fixed.
This is also very costly as the organization has to buy many global IP addresses to make a
pool.

➢ Port Address Translation (PAT) – This is also known as NAT overload. In this, many local
(private) IP addresses can be translated to a single registered IP address. Port numbers are
used to distinguish the traffic i.e., which traffic belongs to which IP address. This is most
frequently used as it is cost-effective as thousands of users can be connected to the Internet
by using only one real global (public) IP address.

d. Advantages of NAT.
➢ The NAT can avoid the depletion of the IPV4 addressing system by maintaining and reusing
IP addresses.
➢ It protects the private network from the outside world by concealing the source and
destination IP addresses from the external network.
➢ It provides a versatile networking system.
➢ Private network businesses who utilize NAT can establish their internal network using any
IP range they choose, regardless of the service provider of the public interface.
Conclusion.
In this report, we grasp the hazards of information security in this report. Analyze the effects of third-
party firewall and VPN limitations on an ineffective IT security setup. Finally, the study defined and
improved DMZ, Static IP, and NAT for network security. After completing the assignment, we have
a better understanding of the security issue, are aware of potential security dangers, and have
provided genuine instances. a variety of organizational strategies that a firm may use, such as
firewalls, to reduce the financial effect of a security breach, and measures for maintaining network
security, such as firewalls, etc.
Bibliography
Checkpoint. (2023). What is a Firewall? Retrieved from Checkpoint: https://www.checkpoint.com/cyber-
hub/network-security/what-is-firewall/

cynet. (2023). Incident Response Policy: A Quick Guide. Retrieved from cynet:
https://www.cynet.com/incident-response/incident-response-policy-a-quick-guide/

Deshpande, C. (2022, 11 18). What Is Firewall: Types, How Does It Work, Advantages & Its Importance.
Retrieved from simplilearn: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-
firewall

Farrelly, J. (2023, 5 23). High-Profile Company Data Breaches 2023. Retrieved from electric:
https://www.electric.ai/blog/recent-big-company-data-breaches

geeksforgeeks. (2023). Intrusion Detection System (IDS)v. Retrieved from geeksforgeeks:

https://www.geeksforgeeks.org/intrusion-detection-system-ids/

Holliday, M. (2021, 1 27). 20 Must-Have HR Policies for Your Employee Handbookv. Retrieved from
Oracle NetSuite: https://www.netsuite.com/portal/resource/articles/human-resources/hr-
policies.shtml#:~:text=What%20Is%20a%20Human%20Resources,treat%20its%20people%20and
%20property.

intellipaat. (2023, 6 1). What is DMZ Network? Retrieved from intellipaat:

https://intellipaat.com/blog/what-is-dmz-network/?US

Kirvan, P. (2023). acceptable use policy (AUP). Retrieved from techtarget:

https://www.techtarget.com/whatis/definition/acceptable-use-policy-
AUP#:~:text=An%20acceptable%20use%20policy%20(AUP)%20is%20a%20document%20stipul
ating%20constraints,being%20granted%20a%20network%20ID.

Lamb, M. (2019, 02 27). 7 Threat Agents Your Cyber Security Team Should Be Aware Of. Retrieved from
thedataguardians: https://www.thedataguardians.co.uk/2019/02/27/7-threat-agents-your-cyber-
security-team-should-be-aware-of/

Rosencrance, L. (2023). Top 10 types of information security threats for IT teams. Retrieved from
techtarget: https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-
security-threats-for-IT-teams

saurabhsharma56. (2023). Network Address Translation (NAT). Retrieved from geeksforgeeks:

https://www.geeksforgeeks.org/network-address-translation-nat/
Sukianto, A. (2023, 4 6). 10 Ways to Reduce Cybersecurity Risk for Your Organization. Retrieved from
upguard: https://www.upguard.com/blog/reduce-cybersecurity-risk

Witts, J. (2023, 03 28). The Top 5 Biggest Cyber Security Threats That Small Businesses Face And How
To Stop Them. Retrieved from expertinsights: https://expertinsights.com/insights/the-top-5-biggest-
cyber-security-threats-that-small-businesses-face-and-how-to-stop-them/

Zavadsky, V. (2022, 10 19). DMZ Network: How It Works, Its Uses, and Benefits in Network Security.
Retrieved from Linkedin: https://www.linkedin.com/pulse/dmz-network-how-works-its-uses-
benefits-security-valdemar-z%C3%A1vadsk%C3%BD