ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 15/03/2023 Date Received 1st submission 15/03/2023

Re-submission Date Date Received 2nd submission

Student Name Dinh Tran Nam Hung Student ID BS00188

Class PIT16103 Assessor name Do Phi Hung

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature Hung

Grading grid
P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
Table of Contents
I) Identify types of security threat to organisations. Give an example of a recently publicized
security breach and discuss its consequences (P1) ..................................................................................... 4
1) Define threats. ............................................................................................................................................................. 4
2) Identify threats agents to organizations: .......................................................................................................... 4
3) List type of threats that organizations will face: ............................................................................................ 6
4) The most common threats, in no particular order, include the following: ........................................... 7
5) What are the recent security breaches? List and give examples with dates ........................................ 8
II) Describe at least 3 organisational security procedures (P2) ........................................................... 9
1) Data Classification Procedure: .............................................................................................................................. 9
2) Change Management Procudure: ......................................................................................................................... 9
3) Manage access Procedure ..................................................................................................................................... 10
III) Identify the potential impact to IT security of incorrect configuration of firewall policies
and IDS (P3) ........................................................................................................................................................... 11
1) Discuss briefly firewalls and policies, their usage and advantages in a network: ........................... 11
2) Security policies in a network ............................................................................................................................. 12
3) How does a firewall provide security to a network? ................................................................................... 12
4) Show with diagrams the example of how firewall works ............................................................................. 13
5) Define IDS, its usage, and show it with diagrams examples......................................................................... 14
6. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network ................................................................................................................................................. 14
IV) Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security (P4) .............................................................................................. 15
1) Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as
advantage – ......................................................................................................................................................................... 15
2) Define and discuss with the aid of diagram static IP. Focus on its usage and security function as
advantage ............................................................................................................................................................................ 16
3) Define and discuss with the aid of diagram NAT. Focus on its usage and security function as
advantage ............................................................................................................................................................................ 17
V) Conclusion ....................................................................................................................................................... 18
VI) Reference..................................................................................................................................................... 18
Introduction
In this article, I will introduce some of the threats that computer users and organizations can face. And
an introduction to the security procedures of a computer network. Shows the effectiveness of DMZ, IP,
NAT in improving network security.

I) Identify types of security threat to organisations. Give an example of a recently

publicized security breach and discuss its consequences (P1)

1) Define threats.
A threat is an occurrence that has the potential to take advantage of a vulnerability (an attack just
waiting to happen) and harm the network. Those in the digital sphere frequently resemble threats in the
real sphere. Threats including theft, vandalism, and eavesdropping have all spread from the physical
world into cyberspace, usually through the Internet. However, there are some notable distinctions in
terms of the range of these attacks' applicability, the degree of automation required, and the spread (or
propagation) of attack methods

2) Identify threats agents to organizations:

a. DdoS: stands for Distributed Denial of Service, which means distributed denial of service, your
computer is attacked with traffic from many different systems through many different places.The
focus of this is that the computer or server will inevitably crash or stop working, disrupting
service. Attackers after gaining control of the computer will take advantage of that to send bad
data, requests to other devices through websites or email addresses.
 Figure 1 – Ddos

b. Trojan horses: In computing, a Trojan horse, or Trojan, is any malware which misleads users of its
true Intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to
the fall of the city of Troy. Trojans are generally spread by some form of social engineering, for example
where a user is duped into executing an e-mail attachment disguised to appear not suspicious, or by
clicking on some fake advertisement on social media or anywhere else. Although their payload can be
anything, many modern forms act as a backdoor, contacting a controller which can then have
unauthorized access to the affected computer. Trojans may allow an attacker to access users' personal
information such as banking information, passwords, or personal identity. It can also delete a user's files
or infect other devices connected to the network. Ransomware attacks are often carried out using a
Trojan.
 Figure 2 – Trojan horses

3) List type of threats that organizations will face:

Threats organizations face include:

-Disclosure threats: Whenever time an unauthorized user has access to private data or trade secrets
kept on a network resource, disclosure takes place. When the computer holds private or sensitive
information, it occurs. The two approaches that attackers utilize to gain data are as follows:
Sabotage—Sabotage: destruction of property or obstruction of normal operations. Technically,
destructive attacks have built-in security properties.
Espionage: Espionage is the act of espionage to gather confidential information, often in support
of hostile adversaries
- Alteration threats: Threats alter the parameters of information integrity in computers. By altering the
system's data, this assault causes harm to the system. Modifications are frequently done with malice in
mind. Everyone is capable of making errors that compromise the reliability of the computer system. The
integrity of the source network is also impacted by changes to the system configuration.
Moreover, modifications can happen when an unauthorized person tampers with assets or when a
change made by an authorized user has an unintended outcome.
-Denial or destruction threats: Threats of destruction or denial make resources or assets inaccessible or
useless. Any threat to destroy information or make it unavailable violates information security standards.
An illustration of a threat of denial or destruction is a DoS attack. Depending on how valuable the
resource is, this kind of attack can be problematic.

4) The most common threats, in no particular order, include the following:

As technology advances more and more, the importance of has become clearer than it was 20 years ago.
Its influence has an impact on the daily lives, businesses and organizations of many people. Technology is
becoming more important which means organizations will use it more for their information, more
Individuals, groups and cyberthreats are also becoming more data exchange, communication translation
and because of this, advanced and complex to overcome security protect these data and information.
Here is a list of some of the threats that organizations may face:
• Malicious software: Virus, Worms, Trojan, Phishing link, etc.
• Hardware of software: Lack of encryption, Outdated security services, Unprotected local
access, etc.
• Internal attacker: Malicious employees, Negligent employees, etc.
• Equipment theft: Employee of the same company, Rival company’s employee, normal
thieves, etc.
• External attacker: Hackers, Companies, individuals, Social engineering aimed at the
company employees, etc.
• Natural disaster: Earthquake, flood, blackout, etc.
• Industrial espionage: Rival companies, governments, diseruntied or opportunistic
employees who want to damage the company, etc.
 • Terrorism: Disruption of major companies properties, Disruption of a country critical
infrastructure systems, Unauthorized access on government properties, Cyberesplonage
on military purposes, etc.

5) What are the recent security breaches? List and give examples with dates

In late April of 2021, there was a cyberattack by a hacker group named “DarkSide Gang” on the Colonial
Pipeline, which is an important part of the US critical infrastructure system. The hackers stole nearly 100
gigabytes of data and threatened to release it in the internet if the demand was not met. For fear of the
hacker group obtaining even more information that could get further into the vulnerable parts of the
pipeline, Colonial Pipeline decided to shut down the pipeline. The company almost lost all of the 4.4
million dollars in ransom but was able to recover much of it thank to law enforcement.
The consequence: This attack was the direct result of a single compromised password from an employee
who use the same password on another account, which then disrupted the gas supplies all along the US
East Coast, which resulted in gasoline shortages. People panicked, and they tried to hoard as much
gasoline as possible. Some will even break safety protocols regarding gasoline, such as storing the
gasoline into flam plastic bags, bins, or some people even poured the fuel onto the cargo bed of their
truck. The attack heavily impacted the transportation businesses as well, namely the Airline. For details,
the incident caused fuel shortages at Charlotte Douglas international Airport. Some Airports had to
change their flight schedule, and some had to use other fuel suppliers.
Possible solutions: What I think they should to do prevent future incident like this is to invest and
upgrade more into security infrastructures against cyberattacks, train the employee for IT security by
reminding them which devices should be use in the workplace and what shouldn’t be bring along,
establish cyber safety review board, and improve incident response.
II) Describe at least 3 organisational security procedures (P2)

1) Data Classification Procedure:

The task of data classification belongs to the data owner or the person tasked with carrying it out.
The phrase is analogous to "system owner," which designates the person in charge of maintaining
the infrastructure, keeping an eye on modifications, and overseeing configuration to make sure that
vital organizational data is disseminated widely. categorized and handled at the proper levels.
establishes guidelines and rules for categorizing data according to criteria and values. The data is
divided into multiple categories, such as insider information and general information.
Companies take into account the following three factors when classifying information: Value: A
number of criteria, such as value to the company, value to rivals, and replacement cost, can be used
to assess the worth of information.
Sensitivity: This describes the severity of an information integrity breach. There are many methods
for a business to gauge how sensitive information is, including liability, reputation, and reputation.
Importance: This is a measure of the importance of information to the mission of the organization.

2) Change Management Procudure:

Control and structural change are two equally effective actions that are related on the same
spectrum. When specific tasks are moved from one company to another, confusion results when
teams of varying complexity define boundaries in several places. With the help of this procedure, the
management system and environment of the firm are changed in a secure and efficient manner.
The change management process is the process of managing and controlling changes in an
organization's systems and environment. This process includes the following steps:
Define change requirements: This step includes identifying and evaluating change requirements.
Change requests can come from a variety of sources, including technical issues, customer
requirements, or legal changes.
Assess the impact of change: Before implementing any change, it is necessary to assess the
impact of the change on the organization's systems and environment. This ensures that changes
are deployed securely and do not affect existing processes.
Change Approval: After assessing the impact of the change, the changes are approved for
implementation. This process typically includes information gathering, validation, and validation
of change requests.
Deploy Changes: This step includes deploying approved changes to the organization's systems
and environment. The implementation process must be done carefully to ensure the safety and
effectiveness of the changes.
Testing and monitoring: Once implemented, changes must be tested and monitored to ensure
the stability of the system and the organization's environment. Problems should be detected and
resolved immediately to ensure system continuity.
Document Updates: Finally, system and process documents should be updated to reflect the
implemented changes and ensure the continuity of the change management process.

3) Manage access Procedure

This process makes sure that only people with permission can access the organization's assets and
data. This procedure entails actions including defining access rights, assigning permissions, tracking
access rights, and monitoring them. In order to maintain the integrity of the data and resources, it
also makes sure access is updated and revoked as necessary.
Access management is the process of controlling and managing access to system resources. The
steps in this process include:
Identify users and roles: First, it is necessary to define the users and roles in the system to define
who has access to which resources.
Identify resources: Next, it is necessary to identify the resources in the system and decide who
has access to them. These resources can include files, folders, databases, applications, and
devices.
Establish access management policies: After defining users and roles and resources, it is
necessary to set up access management policies. These policies will define what access rights are
allowed and what permissions are restricted.
 Configure the system and allocate access rights: After setting up the access rights management
policies, the system needs to be configured to implement those policies and allocate access rights
to each user and role.
Monitoring and tracking: Access management is an ongoing process, so it is necessary to
regularly monitor and track user access to resources. If any unauthorized access is detected,
action should be taken to address it.
Evaluation and improvement: Finally, it is necessary to evaluate the effectiveness of access
management and make improvements to improve the system. This helps to ensure the security
and safety of the system and resources..

III) Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS
(P3)

1) Discuss briefly firewalls and policies, their usage and advantages in a network:

1. Firewall in a network
Definition: In a senne, a firewall separates, protects, and provides safe usage for the users in the
internal networks from the outside networks, such as the internet. A firewall can be hardware
software, or both.
Usage: A firewall prevents the Passage of Unwanted Content, prevents Unauthorized Remote
Access, protects operations ưithin a network. It protects the operations, conversations, and
coordination contents within the organization, and much more.
Advantages:
o Protection against almost all malicious intents
o The setup process is fast and simple
o Keep track and continuously analyze all the traffic inside the network
o Helps maintain High-Level Privacy
 2) Security policies in a network
• Definition: Security policies are a set of defined rules laid out by the organization to
enforce and set out a standard throughout the organization’s network. There are many
types of security policies. What kind of security policies an organization chooses will
depend on what that organization wants to prioritize.
• Usage: Network security policies are made to protect the organization’s network from
both the outside and inside security threats. It acts guidelines for employees to follow
accordingly and thus mitigating the risk of uninform employees in the organization.
• Advantages:
o Help minimize risks
o Coordinate and enforce a security program across the organization
o Communicate security measures to third-parties and external auditors
o Helps with regulatory compliance

3) How does a firewall provide security to a network?

A firewall provides security to a network by monitoring and filtering incoming and outgoing network
traffic based on a set of defined rules, thus mitigate or completely eliminate the risks or threats that may
harm the network. Basically, a firewall provides a protective barrier, and combined with various
measures to protect a network.
 4) Show with diagrams the example of how firewall works

Figure 3 - Diagram of Firewall

In this diagram, the firewall acts as a protective wall between the external network equipment and the
internal network, and provides many security features. To protect the computers in the network from
network attacks, it helps to control network resource access, block unauthorized outside access to the
internal network, and provide flood and loopback protection. By preventing unauthorized connections
and lightening the burden on the network, it also contributes to improved network performance. For
computers connected to networks other than the local area network (LAN), middle area network (DMZ),
and wide network connection, the firewall is set up with several working modes.
 5) Define IDS, its usage, and show it with diagrams examples

Definition: An intrusion Detection System or IDS is a device or software that can monitor and analyze
network traffic for suspicious activities. These activities will then be reported to an administrator or
collected centrally using a security information and event management system (SIEM). Some IDS can
respond to detected intrusion upon discovery. These are known as intrusion Prevention System (IPS).

Usage: An IDS is commonly placed at strategic or central points within a network to monitor and analyze
the traffic from all the devices on that network and match the analyzed traffic with the database of
known attacks. If there is confirmation of malicious intentions, it will send an alert to the administrator.
Diagram:

Figure 4 - Diagram

6. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network

Below are some of the potential impacts of a firewall and IDS if they are incorrectly configured in a
network:
 Firewall:
o DDos or DoS can happen easier and more frequent
o Hackers can access the network easier
o Open way to breaches, data loss or stolen
o Leading to downtime in business, which result in massive loss to revenues

IDS:
o Could generate false alarm against some network traffic activity
o Fail to detect malicious signs, or anomalous patterns in the network traffic (Malformed
information packets, DNS poisonings, Xmas scans, etc.)
o Could compromise the entire network infrastructure
o May cause massive losses for the organization

IV) Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security (P4)

1) Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as
advantage –

• Definition:

A demilitarized zone or DMZ for short is a perimeter network (Physical or logical) that protects
the organization’s network from untrusted external traffic, which is usually the internet, and keeps the
organization’s internal or private network separated and isolated from the external network.
The goal of a DMZ is to ensure that an organization can access untrusted networks (Internet)
safely and their network can remain secure. An organization usually stores its external-facing services,
resources, servers for DNS; FTP; Mail, and wed servers in the DMZ.
• Why use DMZ?
 Most organizations will do business with their customers on wed servers that are accessible from
the internet means that the chance of their internal network could get compromised at any given time is
very high. Organizations could pay a hosting firm to host the website or their public servers on a firewall,
but this is not good performance-wise. Instead, the servers are hosted on an isolated network (DMZ).
A DMZ server provides the organization with security by isolating the external traffic from the
organization’s networks means that the organization’s resources are isolated and only given access to
the internal networks via the internet, but the external networks cannot, which makes it harder for a
hacker to gain access to an organization’s information, and server.
• Advantages:
o Enabling access control
o Preventing network reconnaissance
o Blocking IP spoofing
o Simple to setup
o Cost-saving

2) Define and discuss with the aid of diagram static IP. Focus on its usage and security function as
advantage

• Definition:

A static IP is an IP address that doesn’t change like a DHCP IP. Instead, it needs to be configured
manually for a device. In business, some organizations may find this useful in internet-related things like
hosting a wed, email, remote access to the organization’s network, or hosting a video conference.
• Why use Static IP?

The reason why static IP is very useful for some organizations is that if the IP never change means
that other devices will remember the location of the devices that use the static IP, and the
process of file transfer between devices will be faster, such as printers, remote access programs,
or even the organization’s website, as it would be a hassle if the website IP address keeps
 changing all the time and the organization has to change the router settings to forward requests
to the new address.
• Advantages:
o Remote-access convenience
o Server hosting
o Reliable communications
o Improved DNS support
o Better geo-location services

3) Define and discuss with the aid of diagram NAT. Focus on its usage and security function as
advantage

• Definition:

Network Address Translation or NAT is a process that helps the problems of IP address shortages
by converting a single public address space into a global one. It can work with a router or a
firewall that interconnects two networks, thus allowing a single public address to form an
intranet and have several network address translations connect to it.
• Why use NAT?

NAT enables organizations the way to use a single IP address to connect to multiple devices,
which is the reason why some organizations still need NAT. It can be faster and more secure in
some cases, as it can hide the device’s IP address from the public network, even when sending
and receiving traffic, and it also doubles the address translation. NAT also provides rate-limiting.
This feature allows the ability to limit the max concurrent NAT operations and NAT translations
on a router, which offers more control and minimizes the effect of worms, viruses, and DoS
attacks.
• Advantages:
o Cost-savings
o Flexible connection
 o Network consistency
o Private addressing
o Helps with IP shortages

V) Conclusion
Network security is an important concern that must be seriously deliberated. The number of attacks rises
day by day as the use of the Internet becomes increasingly popular and more people become aware of
some of the vulnerabilities at hand. Network administrators need to watch out continuously for new
attacks on the Internet and take the appropriate actions and precautions.

VI) Reference

Anon., 2021. www.privacy.com.sg. [Online]

Available at: https://www.privacy.com.sg/resources/9-rules-security-procedures-examples

[Accessed 12 08 2021].
Fortinet, 2022. Fortinet. [Online] Available at:
https://www.fortinet.com/resources/cyberglossary/intrusion-detection-system [Accessed 20 10 2022].