lOMoARcPSD|25742948

ASM1-1623 - Unit 5: Security

Unit 5: Security (Trường Đại học FPT)

Studocu is not sponsored or endorsed by any college or university

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])
 lOMoARcPSD|25742948

ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 12/8/2022 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Phan Nguyen Dinh Trong Student ID GCD201526

Class GCD0905 Assessor name Tran Trong Minh

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature Trong

Grading grid

P1 P2 P3 P4 M1 M2 D1

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Table of Contents
Table Of Figures.............................................................................................................................................4
P1. Identify types of security threat to organisations. Give an example of a recently publicized security
breach and discuss its consequences...............................................................................................................5
1.IT threats..................................................................................................................................................5
1.1 Malware Attacks...............................................................................................................................5
1.2 social engineering.............................................................................................................................9
1.3 network attack.................................................................................................................................12
1.4 Application attack...........................................................................................................................13
1.5 internal attack..................................................................................................................................14
P2 Describe at least 3 organisational security procedures............................................................................15
1.Acceptable Use (AUP)...........................................................................................................................15
2.Access Control (ACP)..........................................................................................................................15
3. Change Management............................................................................................................................16
4. Information Security.............................................................................................................................16
5. Incident Response (IR).........................................................................................................................16
6. Remote Access......................................................................................................................................16
7. Email/Communication..........................................................................................................................17
P3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.....21
1.Firewall defined:....................................................................................................................................21
2.Intrusion Detection System (IDS)..........................................................................................................22
3.Firewall threat-risk.................................................................................................................................24
1) Insider Attacks..................................................................................................................................24
2) Missed Security Patches...................................................................................................................25
3) Configuration Mistakes....................................................................................................................25
4) A Lack of Deep Packet Inspection....................................................................................................25
5)DDoS Attacks....................................................................................................................................26
4.IDS threat-risk........................................................................................................................................26
P4. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security............................................................................................................................27

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

1.DMZ(demilitarized zone)......................................................................................................................27
2.Static IP..................................................................................................................................................29
3.NAT(Network Address Translation)......................................................................................................30
References.....................................................................................................................................................32

Table Of Figures

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Figure 1 Computer virus.................................................................................................................................6

Figure 2 Trojans Horse...................................................................................................................................7
Figure 3 Computer Worm...............................................................................................................................8
Figure 4 Firewall...........................................................................................................................................21
Figure 5 Firewall Diagram............................................................................................................................22
Figure 6 IDS..................................................................................................................................................24
Figure 7 DMZ Diagram................................................................................................................................28
Figure 8 Static IP..........................................................................................................................................30
Figure 9 NAT diagram..................................................................................................................................31

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

P1. Identify types of security threat to organisations. Give an

example of a recently publicized security breach and discuss its
consequences.

1.IT threats
A threat is an occurrence that has the potential to take advantage of a vulnerability (an attack just waiting
to happen) and harm the network. Those in the digital sphere frequently resemble threats in the real
sphere. Threats including theft, vandalism, and eavesdropping have all spread from the physical world into
cyberspace, usually through the Internet. However, there are some notable distinctions in terms of the
range of these attacks' applicability, the degree of automation required, and the spread (or propagation) of
attack methods.

1.1 Malware Attacks

Malware is computer malware that is created by online attackers and typically consists of a program or
code. Organizations are at risk from some cyber security attacks that aim to severely harm systems or
obtain unauthorized access to a computer.

HOW DOES MALWARE ATTACK?

 Malware can infect a device in a variety of ways, including through email attachments that contain
links or files that must be opened by the user in order for the malware to run.
 This category of assault includes: computer viruses,Trojan horses, worms and spyware.

1.1.1 Computer viruses

A malicious software program that secretly loads into a user's computer and carries out malicious deeds is
known as a computer virus.

Figure 1 Computer virus

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

They are usually brought on by humans. However, since they are produced and dispersed, no one has
direct control over how they diffuse. A virus that has infected a computer attaches itself to another
software so that when the host program runs, the virus's actions are also activated. It has the ability to
replicate itself, attaching to other files or programs and infect them in the process. However, not all
computer infections are harmful. However, the majority of them carry out malicious acts, like erasing data.
Some viruses wreak remain dormant until a specific event (as intended) is started, which triggers their
code to run in the computer. Some viruses cause havoc as soon as their code is executed, while others wait
till that event is initiated. When software or documents with viruses are moved from one computer to
another over a network, a disk, file-sharing protocols, or through contaminated email attachments, viruses
are disseminated. Different stealth techniques are employed by some infections to evade detection by anti-
virus software. Some viruses, for instance, can infect files without making them larger, while others
attempt to avoid detection by terminating the processes connected to antivirus software before they are
discovered. When they infect a host file, some vintage viruses make certain that the "last changed" date
stays the same.

There are different ways that a virus can be spread or attack, such as:

 Downloading free games, toolbars, media players and other software.

 Visiting an infected and unsecured website
 Clicking on advertisement
 Clicking on an executable file
 Using of infected removable storage devices, such USB drives
 Opening spam email or clicking on URL link
 Installing free software and apps

1.1.2 Trojans Horse

The term "trojan" or "trojan horse" refers to a computer virus. It is a sort of computer program that
conceals itself as common applications like utilities, games, and occasionally even antivirus software.
Once it has been installed on the computer, it can
damage file allocation systems, delete data
from the hard disk, and kill background system
operations.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

Figure 2 Trojans Horse
 lOMoARcPSD|25742948

Trojans are typically introduced through email attachments. These emails have been altered to make them
appear genuine. As soon as the user opens the connected file and downloads it, the system is harmed. A
Trojan can also be included as part of online shareware and freeware downloads. Even though not all
freeware contains Trojans, only downloading software and freeware from reliable sources is advised.
Additionally, it is essential that you choose carefully while having the installation done. Trojans can be
used in a variety of ways, depending on the attacker's goals. Identity theft, data theft, computer crashes,
espionage, and user activity monitoring are a few examples. Trojans are typically recognized by the
majority of anti-virus programs and do not affect the computer unless they are executed. Additionally, they
are not self-replicating but can join a virus that spreads to other machines on the network. One may
maintain a computer safe and secure by installing reputable anti-virus software, updating computer virus
definitions, being cautious when opening email attachments, even if they appear to be legitimate, and
paying attention to system security popup notifications.

HOW DOES TROJANS HORSE ATTACK?

 The victim gets an email with a file attachment that appears to be an authentic official email. When
the victim clicks on the attachment file, any malicious code contained in it could begin to run
immediately.
 In that situation, the victim is not aware of or suspects that the attachment is a Trojan horse.

1.1.3 Worm
A computer worm is a hostile, self-replicating software program (often referred to as "malware") that
interferes with software and hardware program operations.

Figure
Downloaded by Nguyen3Hoang
Computer Worm
Long (FPI DN) ([email protected])
 lOMoARcPSD|25742948

In many aspects, it satisfies the definition of a computer virus. It can, for instance, duplicate itself and
propagate throughout networks. For this reason, worms are frequently referred to as viruses as well.
Computer worms, however, vary from computer viruses in a few ways. First, worms exist as distinct
entities or freestanding software, in contrast to viruses, which must latch onto files (host files) before they
can spread inside a computer. They don't require host applications or files. Second, unlike viruses, worms
only live in active memory and replicate themselves rather than altering files. Worms make use of
automatic and frequently unnoticeable operating system components. Only when their unchecked
replication uses up system resources and slows down or stops other tasks does their presence in the system
become obvious. Worms employ one of two methods to spread: they either take advantage of the target
system's vulnerability or deceive people into running them. Once they are within a system, they use its
file-transport or information-transport capabilities to move around on their own. Recently, a computer
virus known as the "Stuxnet worm" made headlines around the globe when it attacked Iran's nuclear
facilities.

HOW DOES WORM SPREADS?

It can propagate automatically, take advantage of software security flaws, and attempt to get access in
order to steal confidential data, corrupt files, and install a back door allowing remote access to the system.

1.1.4 Spyware
The term "spyware" refers to a class of software that seeks to steal confidential or organizational data. It is
accomplished by carrying out a series of activities without the necessary user permissions, occasionally
even discreetly. Advertising, gathering personal data, and altering user configuration settings of the
computer are all common activities of spyware.

Adware, tracking cookies, system monitors, and Trojans are the most common categories for spyware.
Freeware and shareware bundles with hidden components are the most popular ways for spyware to enter
a computer. A spyware program that has been installed successfully begins sending data from that machine
in the background to a different location.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Spyware is frequently used today to serve pop-up ads depending on user behavior and search history.
However, spyware that is employed maliciously is hard to distinguish since it is buried in the computer's
system files.

Keyloggers are one of the easiest and most common but harmful. It is used to capture keystrokes that
might be fatal because it can capture passwords, credit card numbers, and other sensitive data. It is also
purposefully installed on some business computers and shared networks to monitor user activity.

When spyware is present on a computer, it can change user settings, permissions, and administrative
rights. This can lock users out of their own computers and, in rare situations, result in complete data loss.
Spyware is designed to monitor a computer. Background-running spyware can also lead to an increase in
processes and more frequent crashes. A computer is frequently slowed down as well.

The best method to stay safe is to use reliable antivirus and antispyware programs. More importantly,
exercise caution when installing freeware programs by properly eliminating the pre-checked settings.

HOW DOES SPYWARE ATTACK?

It may automatically set up shop on your computer, be a secret component of software packages, or be
installed as regular malware like misleading advertisements, emails, and instant messaging.

1.2 social engineering

The term "social engineering" is used to describe a wide range of malevolent behaviors carried out
through interactions with other people. Users are duped into divulging critical information or committing
security blunders via psychological manipulation.

Attacks by social engineers may involve one or more steps. To prepare for an assault, a perpetrator first
looks into the target in order to learn background details like probable points of entry and lax security
measures. The attacker next makes an effort to win over the victim's trust and offer incentives for later
security-breaking activities, such disclosing confidential information or allowing access to vital resources.

Attacks using social engineering can be carried out anywhere there is a chance of human interaction. The
five most typical types of digital social engineering attacks are listed below.

1.2.1 Phishing
Phishing is a type of network assault where the attacker poses as a trustworthy organization in order to
deceive users into providing them with personal information.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

In order to deceive customers into disclosing sensitive information including login credentials, transaction
passwords, credit card numbers, and other important details, hackers frequently pose as banks, online
transaction websites, e-wallets, and credit card firms.

Hackers typically use email and text messaging for this attack technique. Users will be prompted to check
in if they open an email and click on a fraudulent link. If "hooked," the hacker will obtain the data right
away.

In 1987, phishing first came to light. The term "phishing" is a mix of the phrases "fishing for information"
and "phreaking," which refers to a free phone-using fraud. The term "phishing" was created as a result of
the similarities between "fishing" and "fishing for user information."

HOW DOES PHISHING ATTACK?

 In a phishing email assault, an attacker sends phishing emails to the victim's email address that
appear to have come from their bank and requests personal data from them.
 The message includes a link that takes you to another vulnerable website in order to steal your
personal data.
 Therefore, it is best to avoid clicking on or opening such emails and to refrain from giving out
important information.

1.2.2 Baiting
As the term suggests, baiting attacks use a fictitious promise to spark a victim's curiosity or sense of
avarice. In order to steal their personal information or infect their systems with malware, they trick users
into falling for a trap.

The most despised type of baiting spreads malware using tangible media. Infected flash drives are
frequently used as bait by attackers, who place them in plain sight where potential victims are sure to see
them (e.g., bathrooms, elevators, the parking lot of a targeted company). The lure has a legitimate
appearance, including a label that presents it as the business's payroll list.

Out of curiosity, the victims pick up the bait and place it into their home or office computer, which causes
the system to automatically download malware.

Baiting con games don't always have to be played out in the real world. Online baiting takes the form of
attractive advertisements that direct visitors to harmful websites or prod them to download malware-laden
software.

1.2.3 Scareware
Scareware bombards victims with bogus threats and misleading alarms. Users are tricked into believing
their computer is infected with malware, which leads them to install software that either serves only to

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

profit the perpetrator or is malware in and of itself. Other names for scareware include fraudware,
deception software, and rogue scanner software.

The legitimate-appearing popup ads that show in your browser as you browse the internet and contain
language such as "Your computer may be infected with harmful spyware applications" are a frequent type
of scareware. Either it offers to install the malicious tool for you or it directs you to a malicious website
where your machine is infected.

Additionally, spam emails that issue false warnings or urge recipients to purchase useless or hazardous
services are another way that scareware is disseminated.

1.2.4 Pretexting
Here, an attacker gathers data by telling a string of deftly constructed lies. The con is frequently started by
a perpetrator who poses as someone who needs the victim's private information to complete a crucial task.

The assailant typically begins by gaining the victim's trust by posing as a coworker, police officer, bank or
tax official, or any person with the authority to know something. Through queries that are allegedly
necessary to verify the victim's identification, the pretexter collects crucial personal information.

This fraud is used to obtain all kinds of important data and records, including social security numbers,
individual addresses and phone numbers, phone records, dates of staff vacation, bank records, and even
security data pertaining to a physical plant.

1.2.5 Spear phishing

In this more focused variation of the phishing scam, the attacker picks certain people or companies to
target. Then, in order to make their attack less obvious, they modify their communications based on the
traits, positions held, and contacts of their victims. Spear phishing is far more difficult to pull off and
might take weeks or even months to complete. If done expertly, they're significantly more difficult to
detect and have higher success rates.

An attacker could send an email to one or more employees while posing as an organization's IT consultant
in a spear phishing scenario. It is written and signed exactly like the consultant would, leading recipients
to believe it is an actual message. Recipients of the mail are urged to update their passwords, and a link in
the message sends them to a fraudulent page where the attacker can now steal their credentials.

1.3 network attack

A network attack is an effort to enter a company's network without authorization with the intent of stealing
information or carrying out other destructive behavior. Network attacks generally fall into two categories:

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

 Passive: Attackers who obtain access to a network and are able to monitor or steal sensitive data do
so passively, leaving the data unaltered.
 Active: Attackers actively alter data, either by deleting, encrypting, or otherwise causing it harm, in
addition to gaining illegal access to it.

We differentiate between several other forms of assaults and network attacks.

 Endpoint attacks: unauthorized access to user devices, servers, or other endpoints, usually by
malware infection.
 Malware attacks: introducing malware into IT resources, which enables attackers to take control of
systems, steal data, and cause harm. Attacks using ransomware are also among them.
 Vulnerabilities, exploits and attacks: using software flaws in the organization's software to
compromise, sabotage, or obtain illegal access to systems
 Advanced persistent threats: These are sophisticated, multi-layered threats that encompass both
network and other assault types.

Attackers' main goal in a network attack is to breach the corporate network perimeter and obtain access to
internal systems. Once inside, attackers frequently mix different attack tactics, such as corrupting an
endpoint, dispersing malware, or taking advantage of a flaw in a network system.

1.3.1 SQL Injection

Hackers utilize the application layer attack method known as SQL injection to target web-based programs
and steal data from corporations.

By taking advantage of poor coding practices or insufficient database credentials granted to the application
user who accesses this database, hackers can attack a web application's underlying data storage using SQL
injection. If user input fields are not properly checked at the application level, SQL statements can pass
through and directly query the database, leading to SQL injection. This gives attackers the ability to alter
or even delete existing data, spoof identities, change administrative rights, and in some cases, void
transactions and change balances. Consider a standard login page where users can input their usernames
and passwords to view or edit their personal information, for illustration. Following the user's submission
of the information, a SQL query is created using that information and submitted to the database for
validation. If the user is deemed legitimate, access is granted. The attacker can now bypass the login form
and view what is behind it by inserting certain specially designed SQL queries through SQL injection.
This is made feasible by inputs that are improperly sanitized (i.e., rendered invulnerable) and are sent
along with the SQL query to the database, which allows the attacker to access the database. Because of the
prevalence of outdated functional interfaces, SQL injection attacks frequently target PHP and ASP
applications. However, stronger programmatic interfaces make J2EE and ASP.NET applications less
vulnerable to SQL injection attacks. The skills, creativity, and intent of the attacker have a greater impact

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

on the severity of SQL injection. This system vulnerability has a high impact severity and has to be fixed
right away.

1.3.2 Distributed Denial of Service (DDoS) attacks

Attackers create enormous fleets of hacked devices known as botnets and use them to send erroneous
traffic to your servers or network. DDoS can happen at the application level, for example by running
intricate SQL queries that knock down a database, or at the network level, for example by sending massive
amounts of SYN/ACC packets that can overwhelm a server.

1.3.3 Insider threats

Malicious insiders who already have privileged access to organizational systems can take advantage of a
network's vulnerability. Given that insiders might cause harm without breaking into the network, insider
threats can be challenging to identify and defend against. In order to detect insider assaults, new
technologies like User and Even Behavioral Analytics (UEBA) can assist in identifying suspicious or out-
of-the-ordinary behavior by internal users.

1.4 Application attack

An application attack involves online criminals entering restricted locations. Attackers frequently look at
the application layer first, looking for application vulnerabilities included inside the code. Attacks target a
variety of applications that represent different programming languages, including.NET, Ruby, Java,
Node.js, Python, and many more, even if some programming languages are more frequently targeted than
others. Both custom programs and open-source frameworks and libraries have security flaws.

1.4.1 Session Hijacking Attacks

Session IDs are tampered with during a session hijacking attack. A user's online activity is tracked using
this special ID, which makes subsequent logins quicker and more effective. Attackers may be able to
capture and manipulate the session ID, starting a session hijacking attack, depending on the strength of the
session ID. If successful, attackers will have access to all data transmitted by the server during that
session, obtaining user credentials to access private accounts.

1.4.2 SQL Injection Attack

SQL injection attacks affected 65% of the programs with vulnerabilities. Applications and network
communications employ SQL statements to enable access through authentication and permission. Bad
actors can trick apps into executing corrupted commands that let them eventually acquire access to
normally restricted locations when they obtain SQL statements and tamper with them. Cybercriminals can
take advantage of the complete software environment, dodge security checks and protocols, and go
unnoticed until it's too late by having access to core code and manipulating communications between other
online applications.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

1.4.3 Cross-site Scripting (XSS) Attack

One of the most frequent application assaults in use today is a cross-site scripting (XSS) attack, which is
listed in the OWASP Top 10. Attackers carry out this kind of assault by looking for a weakness that gives
them access to the core code, and they frequently do this by making a tainted link and distributing it via
email or text message. If this application vulnerability is used by cybercriminals, they can control HTTP
requests by injecting malicious code on the client side. Cybercriminals that have complete control over
HTTP executions can access virtually any personally identifiable information (PII), including banking
information, Social Security numbers, and even very sensitive government data.

1.5 internal attack

When someone or a group inside of an organization tries to sabotage operations or take advantage of
organizational resources, it is called an internal attack. In many instances, the attacker makes extensive use
of resources, tools, and expertise to conduct a complex computer attack and possibly even eradicate any
traces of that attack.

Technical users who could profit from sabotaging business operations, such as highly competent and
dissatisfied personnel (such as system administrators and programmers), may decide to launch an internal
attack against a firm using its computer systems.

1.5.1 Employee sabotage and theft

Employees have the privilege of accessing a wide range of physical equipment inside of a company, with
only trust to prevent them from damaging or stealing it. This means that hardware like hard drives,
containing lots of important data, can be physically stolen from the company; otherwise, the data on it can
be transferred to a USB flash drive and then revealed and duplicated online.

1.5.2 Unauthorised access by employees

Employees may be able to access portions of these computers they shouldn't because they already have
access to a company's system. This might happen if a colleague leaves themself signed in or if a room's
door is left open and gives access to a server.

Additionally, they might occasionally possess administrative credentials or maliciously acquire them,
enabling them to carry out additional administrative tasks including altering other users' access rights or
turning off network security mechanisms.

1.5.3 Weak cybersecurity measures and unsafe practices

A corporation increases the likelihood that a vulnerability will be exploited by not having enough physical
and digital security, especially in light of the problems raised previously, such as theft.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

For instance, if the network server(s) for a business are left in an unlocked room, anyone can enter and
cause harm to or steal from the contents. Whether it's a disgruntled employee or a customer who walks
into the store without having been thoroughly screened by security.

Furthermore, a regular employee may unknowingly download a virus that might impact the entire network
by doing something as simple as accessing a dubious website, exploiting these security flaws.

1.5.4 Accidental loss or disclosure of data

As previously mentioned, the same security flaws that allow malevolent behavior may also allow for
simple accidents to happen and inflict significant damage.

A person might transport their laptop, for instance, to and from work. When doing so, they might leave it
on the train ride home one day, which would give whoever finds the laptop access to all the data it
contains and could potentially reveal sensitive information.

Another illustration of this may be if a worker mistakenly deletes information from a folder or spills
something on a device.

Some of these mishaps can be the result of inadequate time being spent adequately training and
supervising workers. Many dangers can be avoided by training employees on how to keep their devices
safe and the proper use of the company's IT systems.

P2 Describe at least 3 organisational security procedures.

1.Acceptable Use (AUP)

An AUP specifies the rules and procedures that a user of organizational IT resources must accept before
being granted access to the company network or the internet. For new hires, it is standard procedure
during onboarding. Before receiving a network ID, they are given an AUP to read and sign. The IT,
security, legal, and HR departments of an organization should discuss what is covered by this policy.
SANS has an example that is permissible for fair use.

2.Access Control (ACP)

The ACP describes the access that employees have to the data and information systems of a business.
Standards for access control, including the Access Control and Implementation Guides published by NIST,
are some of the subjects that are often covered in the policy. This policy also covers the complexity of
corporate passwords, network access restrictions, operating system software controls, and standards for
user access. The procedures for monitoring how corporate systems are accessed and used, how unattended

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

workstations should be secured, and how access is terminated when an employee departs the company are
other supplementary items that are frequently described. IAPP has a fantastic illustration of this policy.

3. Change Management
A structured procedure for making changes to IT, software development, and security services/operations
is referred to as a change management policy. A change management program aims to raise organizational
knowledge and understanding of proposed changes while ensuring that all changes are implemented
methodically to reduce any negative effects on products and clients. SANS provides a solid illustration of
an IT change management policy that is open for fair use.

4. Information Security
Information security policies for an organization are typically high-level policies that can cover many
different security procedures. The corporation issues the primary information security policy to make sure
that all employees who use information technology resources throughout the organization's networks
adhere to the rules and policies that are outlined in it. I've observed businesses request that staff members
sign this form to confirm that they have read it (which is generally done with the signing of the AUP
policy). With regard to the sensitivity of business information and IT assets, this policy is intended to
make employees aware of the expectations they must meet. An outstanding example of a cybersecurity
policy that is accessible for download is one from the State of Illinois.

5. Incident Response (IR)

The incident response policy is a systematic way for the business to handle incidents and lessen their
negative effects on operations. CISOs wish they never had to apply this particular policy. The aim of this
policy, however, is to outline the procedure for handling an event with a view to minimizing harm to
business operations, clients, and minimizing recovery time and costs. A high-level IR plan is offered by
Carnegie Mellon University as an example, and a plan dedicated to data breaches is provided by SANS.

6. Remote Access
The permissible means of remotely accessing to an organization's internal networks are outlined and
defined in the remote access policy. Additionally, I've seen addenda to this policy that contain guidelines
for using BYOD assets. Organizations that have scattered networks that can reach out into unsafe network
spaces, such the neighborhood coffee shop or unmanaged home networks, are required to establish this
policy. SANS has a sample remote access policy accessible.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

7. Email/Communication
A company's email policy is a written document that specifies how employees can use the electronic
communication channel of the company's choice. This policy appears to cover chat, social media, blogs,
and email. This policy's main objective is to give staff instructions on what constitutes appropriate and
improper use of any business communication technology. SANS offers an example of an email policy.

Standard procedures of securing information systems:

Step 1. Encrypt data information

This is the initial stage of the information system security procedure. You are all too accustomed to
reading newspapers, making purchases, and conducting business online these days. The security of data
and information is a possible concern for any online activity on the network. The encryption of sensitive
data is one solution to this. Although encoding sounds difficult, we are not yet very interested in it. In fact,
you can achieve this by using encryption software. The software that SecurityBox would like to use is
TrueCrypt. The data on the PC and external hard disk will be effectively protected. If your data is correctly
encrypted, no one will be able to access it if you do not know your password.

Step 2. Use strong passwords

If hackers know your password and can simply steal it, the data encryption in step one of the information
system security process will be useless in step two. Make your password strong by making it long and by
including letters, numbers, and special characters. Here are some resources to aid you in creating a strong
password that even a significant attack will likely struggle to guess. Tools for creating secure passwords
include:

 Random Password Generator for PC Tools.

 a strong password
 Create strong passwords.
 Password Generator with Ultra High Security by GRC

Step 3 . 2-step authentication

When transmitting over an insecure wireless network, such as a Wi-Fi network at a cafe or a school
network, you can still lose your password even if you have a strong password set up and your data is
encrypted. In step 3 of the information system security process, you employ 2-step verification, also
known as 2-factor authentication, to be able to self-secure data. This indicates that you must additional
information in addition to your password in order to access the website or service.

The large The moniker "2-step verification" is a service supplied by Google. In accordance with
SecurityBox study, even if someone were to learn your Google account password, they would not be able
to access your account since they would not be able to decipher the 6-digit code that is created at random.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Step 4. Securing the network

Your method of communication with the outside world is another part of information security. Which
protocol on the network are you currently using? How frequently do you use networks with low security?
When configuring your wifi network, turning off SSID Broadcast, turning on MAC Address Filtering, and
turning on AP Isolation can significantly boost security. On your network and computer, make sure to
enable firewalls as well to stop programs from sending unwanted communications.

Step 5. Use anti-virus software

Will the security measures mentioned above be? If, as determined in step 5 of the system security
procedure, this data contains viruses or other harmful software that has unauthorized access to your
system, it may enable hackers to remotely manipulate your device or just steal data from it. Anti-virus
software is the solution to this issue. Use antivirus programs such as Avira, Avast!, or AVG.

Router security procedure

1. Avoid basic setup:

You may instantly connect to a large number of Wi-Fi routers by simply pressing a button. Both you and
anyone else who wants to break in and use your router will find this to be incredibly convenient.

2. Change the name of the Wi-Fi Router:

While technically speaking, this doesn't increase the security of your network, it can certainly make things
a lot better. You won't need to keep track of the confusing Linksys-u8i9o or the name NETGEAR58843
when connecting to Wi-Fi or assisting a guest. You can use a name that is more appealing and simpler to
remember, like WiFi_1.

3. Change the Wi-Fi Router's login name:

The username and password on brand-new Wi-Fi routers are always pre-configured. You can even
discover these login details online; depending on the model, some manufacturers will use the username
"admin" or leave it blank, as well as the password. As a result, the default configuration is entirely unsafe.
You should keep in mind to keep the new username and password you created for the device private in
order to safeguard your Wi-Fi router. Using the password-checking tool from Kaspersky Lab, you can also
pick a secure password for yourself.

4. Make sure your Router login page is not accessible from the internet

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

New router models available today offer a capability that enables remote setup and installation over the
Internet. Naturally, they will be very helpful in some circumstances. However, they are not very secure in
terms of security; if you do not require them, disable this function. Manufacturers will give this feature
different names, but you can find them in the settings under a name like "Remote Management" and
disable them.

5. Secure with a reliable encryption Protocol (Protocol) and use a strong password.

This environment is crucial. To safeguard the router settings, we modify the Wi-Fi credentials in step 3.
You will now select a network password. Alternatively, the Wi-Fi password we use to login using a
computer, laptop, Mac, smartphone, or tablet... You obviously don't want your Wi-Fi to be used by
neighbors or random people. We advise you to encrypt your passwords using the WPA2 - Personal
protocol. Additionally, you can use a random phrase to make a password that is harder to crack and easier
to remember than a complex one.

Server security procedure

1. Review your server status

By using a regular and systematic monitoring approach, an issue might be discovered before it becomes
worse. Start by reviewing the health of your server and looking for any concerns with its CPU, RAM, disk
utilization, running processes, and other metrics, as these are frequently helpful in identifying server
security risks.

Network service logs, site access logs, and database logs (Microsoft SQL Server, MySQL, Oracle) should
ideally all be kept and checked periodically. Then look into the origin of any odd log entries you come
across.

Always store your scripts on a different drive from your operating system, logs, and any other system
files. In addition, even if a hacker has access to your web root directory, they won't be able to command
the server through the operating system.

2. Automate your security updates

Most vulnerabilities are considered to be zero-days. A public vulnerability can be exploited quickly to
launch an assault. However, you may reduce the risk by installing security patches and automated updates
as soon as they become available.

3. Set up perimeter security with firewalls

Applications such as firewalls and border routers can assist in filtering for known risks, automated attacks,
malicious traffic, DDoS filters, fraudulent IPs, and untrusted networks. Your local firewall is able to keep

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

an eye out for assaults like port scanning and SSH password guessing and to stop any intrusion attempts.
Incoming web page requests will also be filtered by a web application firewall, which can then stop any
that have been specifically designed to damage or compromise your website.

4. Security tools

Security tools (URL scan, mod security, etc.) that administrators can configure to assist safeguard the web
server installation are frequently included in web server software. These tools can take some time to
configure, especially when dealing with specialized web applications, but they will provide you piece of
mind.

To assist secure your server and web applications, scanners can perform complex security checks against
open ports and network services. They can look for weak spots like SQL Injection, Cross-Site Scripting,
and issues with web server configuration. Some can also check forms and dynamic site content, audit
shopping carts automatically, and warn any vulnerabilities they find.

5. Remove unnecessary services

The Remote Registry Services, Print Server Service, and RAS network settings are typical default
operating system deployments that lack security. With more services running on an operating system, ports
become more abused. Therefore, it is recommended to turn off all unused services.

6. Permissions

In the event that an account is hacked, file and network service permissions will help to minimize the
damage. Therefore, scheduling regular checks of your file system permissions is a good idea. Give each
user or service the minimal permissions necessary for it to function, and only allow what is absolutely
necessary. Remove the "root" account if necessary to permit SSH login, and disable any default account
shells that are not being used regularly.

Any online firm that conducts network transactions, but especially those that do, must ensure server
security. They believe that this is a problem that you simply cannot ignore, thus network transactions are
being safeguarded more and more by the use of HTTPS and SSL certificates to encrypt communications.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

P3. Identify the potential impact to IT security of incorrect

configuration of firewall policies and IDS.

1.Firewall defined:
A firewall is a piece of network security equipment that keeps an eye on both incoming and outgoing
network traffic and allows or denies data packets in accordance with a set of security rules. Its goal is to
create a physical barrier between your internal network and incoming traffic from outside sources (like the
internet), blocking unwanted traffic like that of hackers and viruses.

Figure 4 Firewall

How it works ?
In a nutshell, a firewall acts as a barrier between your computer (or network) and the Internet. A firewall is
similar to a security guard who has the authority to let or prohibit someone from accessing a certain
building. Similar to this, a firewall is a program or hardware component that filters Internet packets before
they reach your computer or computer network.

A firewall's ability to let or prohibit network communication between devices depends on the rules that a
firewall administrator has set up or configured. Many personal firewalls, such as the Windows firewall,
run on a pre-installed configuration that guards against typical threats, relieving users of the need to worry
about firewall configuration.

Installing and operating the personal firewall is simple. To prevent potential attacks on the network, it is
crucial to set up a firewall in a large network or organization.

For instance, a business might use various setups for its FPT server and Web server. The business can
further restrict employee Internet access by preventing access to particular websites.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

A firewall uses one or more methods to control network traffic to and from a network:
Packet Filtering: This approach compares the pre-configured filter to the packet after analysis. The rules
for packet filtering will vary depending on the company's management philosophy. Every time a packet of
network traffic enters or leaves the network, it is compared to the configuration stored in the firewall; if it
is allowed, the packet is acknowledged; if not, it is rejected from traveling across the network.

Stateful Inspection: This is a more recent technique; it compares the packet's pattern and pattern to
a trusted database rather than analyzing the contents of the packet. The database will compile all
network traffic, both coming in and going out.

Figure 5 Firewall Diagram

2.Intrusion Detection System (IDS)

A network security tool called an intrusion detection system (IDS) was initially developed to identify
vulnerability exploits against specific applications or computers. The most popular method of deploying
IDS/IPS technology, intrusion prevention systems (IPS) expanded IDS solutions by enabling users to
block threats in addition to detecting them. This article will go into further detail on the settings and
operations that make up the IDS deployment.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

An IDS only needs to identify risks, thus it is installed outside of the communication band on the network
infrastructure. As a result, it does not participate in actual real-time information exchange between the
sender and receiver. Instead, IDS tools frequently use a TAP or SPAN port to examine a duplicate of the
inline traffic stream (and thus ensuring that IDS does not impact inline network performance).

IDS was initially created in this manner because, at the time, it was impossible to perform the depth of
analysis necessary for intrusion detection at a rate fast enough to keep up with components on the direct
communications path of the network infrastructure.

The IDS is a listen-only device as well, as previously stated. The IDS keeps track of traffic and informs
the administrator of its findings, but it is unable to automatically stop an identified exploit from seizing
control of the system. Once they have gained access to the network, attackers can swiftly exploit
weaknesses, making the IDS an ineffective deployment for preventative device.

(IDS)diagram:

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Figure 6 IDS

3.Firewall threat-risk

1) Insider Attacks
An external network assault is one that a perimeter firewall is designed to thwart. What occurs then if the
attack originates from within? Since the attacker is already on your system, the perimeter firewall usually
becomes useless.

Firewalls can still be helpful, even if an attack comes from within your network, IF you also have internal
firewalls in addition to perimeter firewalls. Internal firewalls aid in segmenting specific network assets so

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

that attackers must exert more effort to transfer from one system to another. By doing this, you give
yourself additional time to react to the attack while also extending the attacker's breakout time.

2) Missed Security Patches

When network firewall software isn't correctly handled, this problem occurs. Attackers can take advantage
of flaws in any software program; firewall programs are no different from other software in this regard.
When firewall providers find these flaws, they often work to quickly develop a patch to address the issue.

The firewall application at your firm won't automatically receive the patch just because it exists. The
vulnerability is still present and ready for exploitation by an arbitrary attacker up until the point at which
that firewall software fix is actually applied.

The best solution to this issue is to establish and adhere to a rigid patch management schedule. According
to such a plan, you (or the person in charge of your cybersecurity) should regularly check for firewall
software security updates and make sure to immediately install any that are available.

3) Configuration Mistakes
Even if a firewall is installed on your network and has all the most recent vulnerability fixes installed,
conflicts in the firewall's configuration settings might still arise and lead to issues. In certain
circumstances, this can result in a decrease in network speed for your business, while in others, a firewall
may completely stop offering security.

For instance, enabling dynamic routing was once thought to be a negative choice because it leads to a loss
of control and lowers security. However, some businesses leave it on, leaving a gap in their firewall
defense.

The key to the main gate is hidden in a hide-a-key directly close to the entry if your firewall is badly
configured; this only makes things easier for attackers while wasting time, money, and effort on your
"security" measure.

4) A Lack of Deep Packet Inspection

In order to approve or refuse a packet's travel to or from a system, next-generation firewalls use the
stringent Layer 7 (also known as "deep packet") inspection inspection mode.

An attacker might easily spoof this information to get around a less sophisticated firewall that only checks
the data packet's place of origin and destination before allowing or rejecting a request.

Using a firewall that can do deep packet inspection to scan information packets for known malware can be
the best solution for this issue.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

5)DDoS Attacks
Attacks using distributed denial of service (DDoS) are common and are known for being very efficient
and relatively inexpensive to carry out. The primary objective is to deplete a defender's resources and
bring about a shutdown or extended inability to provide services. Protocol attacks are a type of attack that
aim to exhaust the resources of load balancers and firewalls in order to prevent them from processing legal
traffic.

Firewalls can reduce some DDoS attacks, however protocol attacks can still cause them to get
overwhelmed.

There is no quick answer for DDoS attacks because there are several attack tactics that can take advantage
of various network architectural flaws in your firm. Some cybersecurity service providers provide
"scrubbing" services, in which they redirect incoming traffic away from your network and separate the
DDoS activity from the traffic that is actually trying to get access to your system. Then, your network
receives this lawful traffic so you may carry on with your regular business.

Firewalls by themselves are unable to shield your network from all attacks. However, they might be a
crucial component of a more comprehensive cybersecurity plan to protect your company.

4.IDS threat-risk
Source Addresses:

Based on the network address connected with the IP packet that is sent into the network, intrusion
detection software offers data. If the network address in the IP packet is correct, this is advantageous. On
the other hand, the IP packet's address could be altered or scrambled. The IT specialist is left chasing
ghosts in either of these situations and helpless to prevent the network invasions.

Encrypted Packets:

The intrusion detection program does not process packets that have been encrypted. As a result, until more
serious network breaches have taken place, the encrypted packet may enable for a network intrusion that
goes undetected. Once planted into the network, encrypted packets can also be configured to activate at a
particular time or date in the future. If the intrusion detection program could process encrypted packets,
this could prevent the introduction of a virus or other software flaw.

Analytical Module:

The analytical module's capacity to evaluate the source data gathered during intrusion detection is
somewhat constrained. This restriction has the effect of only buffering a fraction of the source data.
Although an IT expert monitoring the system will be informed that strange activity has been seen, they

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

won't be able to determine where the behavior came from. The only appropriate response to this
information is to attempt to block the unauthorized network access. The IT specialist may adopt a
defensive strategy to stop such invasions before they happen if additional information could be collected.

False Alarms:

Systems for detecting intrusions can identify behavior that deviates from typical network usage. While it is
advantageous to be able to recognize unusual network activity, the intrusion detection software has the
potential to generate a lot of false alarms. On networks with a wide user base, the frequency of these false
alerts increases. IT professionals need intensive training to be able to distinguish between false alarms and
real ones in order to avoid following after these false alarms. Another drawback of intrusion detection
software that businesses must deal with is the cost of completing this training.

P4. Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.

1.DMZ(demilitarized zone)
A DMZ (demilitarized zone) in computer networks is a physical or logical subnet that divides an internal
local area network (LAN) from other untrusted networks, typically the public internet. It is also frequently
referred to as a perimeter network or a screened subnetwork. The DMZ is where servers, resources, and
services with an external focus are housed. As a result, they are reachable via the internet, but the
remainder of the internal LAN is still inaccessible. By preventing a hacker from immediately accessing
internal servers and data through the internet, this adds an extra layer of security to the LAN.

Any service offered to internet users should be situated in the DMZ network. Web servers, proxy servers,
email, domain name system (DNS), File Transfer Protocol (FTP), and voice over IP servers are a few of
the most popular of these services (VoIP).

How DMZs work?

The purpose of DMZs is to act as a form of buffer zone between the private network and the public
internet. All incoming network packets are checked by a firewall or other security appliance before they
reach the servers the company hosts in the DMZ when the DMZ is set up between two firewalls.

A more skilled threat actor would need to get illegal access to those services after getting past the initial
firewall before they could cause any harm, and those systems would probably be fortified against such
attacks.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Finally, even if a threat actor with sufficient resources manages to get past the external firewall and take
control of a system located in the DMZ, they still need to get past the internal firewall in order to access
sensitive company resources. Even the best-secured DMZ architecture can be breached by a determined
attacker, but alarms should go out when a DMZ is being attacked, allowing security experts ample time to
prevent a complete compromise of their enterprise.

Figure 7 DMZ Diagram

How can DMZ improve network security?

The key advantage of a DMZ is to give an internal network a high level of security by limiting access to
servers and sensitive data. A DMZ creates a barrier between website visitors and the company's private
network so they can access some services. As a result, the DMZ also provides other security advantages
like:

1. Enabling access control: Organizations can give consumers access to services outside the
boundaries of their network by using the open internet. While providing network segmentation to
make it more difficult for an unauthorized user to access the private network, the DMZ allows
access to these services. A proxy server, which centralizes internal traffic flow and makes it easier
to monitor and record that traffic, may also be present in a DMZ.
2. Preventing network reconnaissance: A DMZ inhibits attackers from conducting the reconnaissance
work they do in search of possible targets by acting as a barrier between the internet and a private

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

network. Although servers in the DMZ are open to the public, a firewall that stops an attacker from
seeing inside the internal network adds an additional degree of security. The internal firewall keeps
the private network safe and makes it challenging for outside surveillance even if a DMZ system is
compromised.
3. Blocking Internet Protocol (IP) spoofing: Attackers look for opportunities to break into systems by
faking an IP address and pretending to be a trusted device logged in to a network. Such spoofing
efforts can be detected and stopped by a DMZ while another service confirms the IP address's
validity. In addition to network segmentation, the DMZ offers a place for traffic organization and
public services access that is separate from the internal private network.

2.Static IP
Simply put, a static IP address is an address that never changes. Once you've given a device a static IP
address, that number usually doesn't change unless you deactivate the device or your network architecture
does. Servers and other significant equipment typically use static IP addresses.

Internet Service Providers are responsible for assigning static IP addresses (ISPs). Depending on the
details of your service agreement, your ISP may or may not assign you a static IP address. For the time
being, expect that a static IP address will increase the cost of your ISP contract before we go over your
options.

A static IP address might be IPv4 or IPv6, however in this situation, static is key. One day, every piece of
our networked equipment may have a distinct static IPv6 address. We haven't arrived yet. As of right now,
permanent addresses are often assigned static IPv4 addresses.

When Static IP Addresses Are Used?

Devices that require continual access must use static IP addresses.

For instance, if your computer is set up as a server, such as an FTP server or web server, they are
essentially necessary. This is advantageous since you must have the computer utilize a static, never-
changing IP address if you want to guarantee that users can always reach it to download stuff.

In contrast, if the server were given a dynamic IP address, it would occasionally change, making it
impossible for your router to identify the server machine on the network.

Similar to this, setting up a computer to utilize a static IP address allows you to access it always without
worrying that the address would change and prevent you from accessing it while you're away from home
or while you're at work.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Another situation where a static IP address should be used is with a shared printer. If you have a printer
that has to be used by everyone in your home or company, you would assign it a fixed IP address. Because
the address won't change, once each computer is configured to connect to that printer, those connections
will last forever.

Figure 8 Static IP

How can static IP improve network security?

A Static IP address will always provide a higher level of protection. An additional degree of security built
into static IP addresses ensures that the majority of security issues are avoided.

3.NAT(Network Address Translation)

"Network Address Translation" is what it stands for. The IP addresses of the machines in a local network
are converted by NAT into a single IP address. The router that links the computers to the Internet
frequently uses this IP. A DSL modem, cable modem, T1 line, or even a dial-up modem can be connected
to the router. Only the router's IP address is visible to other computers on the Internet when they try to
access machines on the local network. Since the router may be set up as a firewall and only permit
authorized systems to access the computers within the network, this offers an additional layer of
protection.

The IP address is changed from the router's address to the specific address of the machine after access to a
system from outside the network has been granted. The address can be located in a "NAT table," which
lists the internal IP addresses of each networked computer. The global address that computers outside the
network perceive is also specified in the NAT table. Even if each computer on the local network has a
unique IP address, connecting external systems to any one of the network's machines only reveals one IP
address to them.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

To make things easier, network address translation allows computers inside the local area network (LAN)
to view each system's individual address while computers outside the network only see one IP address.
This improves network security while reducing the number of IP addresses required by businesses and
organizations. Even huge organizations with thousands of machines can connect to the Internet with a
single IP address thanks. Now that's efficient.

Figure 9 NAT diagram

How can NAT improve network security?

1. If NAT is enabled on your network, your local IP address (also known as your private IP address)
is masked.
2. This implies that it is difficult for anybody else from the outside to determine which IP address is
connected to your PC or local side machine.
3. When attackers attempt to target your PC from the outside world to attack, this will aid in terms of
network capabilities.
4. If your network is configured to use Nat, they cannot determine your machine's IP address. they
could only view the public IP address, so. Network address translation hides the private IP address.

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

References
Anon., 2022. The Economic Times. [Online]
Available at: https://economictimes.indiatimes.com/definition/sql-injection
[Accessed 11 8 2022].

Anon., 2022. The Economic Times. [Online]

Available at: https://economictimes.indiatimes.com/definition/spyware
[Accessed 11 8 2022].

Anon., 2022. The Economic Times. [Online]

Available at: https://economictimes.indiatimes.com/definition/computer-worm
[Accessed 11 8 2022].

Anon., n.d. contrastsecurity. [Online]

Available at: https://www.contrastsecurity.com/glossary/application-attacks
[Accessed 11 8 2022].

Anon., n.d. Fortinet. [Online]

Available at: https://www.fortinet.com/resources/cyberglossary/what-is-dmz
[Accessed 11 8 2022].

Anon., n.d. knowitallninja. [Online]

Available at: https://www.knowitallninja.com/lessons/how-internal-threats-occur
[Accessed 11 8 2022].

Anon., n.d. The Economic Times. [Online]

Available at: https://economictimes.indiatimes.com/definition/trojan
[Accessed 11 8 2022].

Touhid, 2019. Cyber Threat. [Online]

Available at: https://cyberthreatportal.com/types-of-security-threats-to-organizations/
[Accessed 11 8 2022].

Xuân, N., 2019. dienmayxanh. [Online]

Available at: https://www.dienmayxanh.com/kinh-nghiem-hay/malware-la-gi-co-phai-la-virus-khong-cac-
loai-malw-1138301
[Accessed 11 8 2022].

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])

 lOMoARcPSD|25742948

Downloaded by Nguyen Hoang Long (FPI DN) ([email protected])