ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 05: Security

Submission date Date Received 1st

submission
Re-submission Date Date Received 2nd
submission
Student Name Pham Van Long Student ID B

Class PBIT17101 Assessor name L

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequenc
understand that making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1

3|Page
Pham Van Long – BHAF200011
 ❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:

Table of Contents
INTRODUCTION OF SECURITY..........................................................................................9

P1 Identify types of security risks to organisations................................................................10

1. What is network security?.............................................................................................10

2. What is security risk?....................................................................................................11

3. Identify threats agents to organizations..........................................................................11

3.1. Nation States.............................................................................................................11

3.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and
Viruses perpetrated by vandals and the general public).............................................11

3.3. Employees and Contractors......................................................................................12

4|Page
Pham Van Long – BHAF200011
 4. List type of threats that organizations will face............................................................12

4.1. The Malware.............................................................................................................12

4.2. Social engineering attack..........................................................................................18

4.3. SQL injected.............................................................................................................18

4.4. DdoS.........................................................................................................................19

5. An example of a recently publicized security breach...................................................19

P2. Organisational security procedures...................................................................................21

1. What is the security procedures ?..................................................................................21

2. The purpose of security procedures...............................................................................21

3. Anti-virus procedures....................................................................................................22

3.1. Purpose of Anti-virus procedures........................................................................22

Document shared on www.docsity.com
3.2. ProceduresDownloaded
of anti-virus by:
procedures.............................................................................22
hiep-pham-van ([email protected])

4. Password Procedures.....................................................................................................23

4.1. Purpose of Password procedures.........................................................................23

4.2. Procedures................................................................................................................23

5. Physical Security Procedures.........................................................................................24

5|Page
Pham Van Long – BHAF200011
 5.1. Purpose of Physical security procedures...................................................................24

5.2. Procedures................................................................................................................25

P3 Identify the potential impact to IT security of incorrect configuration of firewall policoes

and third-part VPNS..........................................................................................................25

1. What is Firewall ?...........................................................................................................26

1.1. How does firewall work?..........................................................................................27

1.2. Advantages of firewall..............................................................................................27

1.3. What are the impacts of incorrect firewall configurations?......................................28

2. What is a VPN and a third-party VPN?..........................................................................29

2.1. What is Virtual Private Network ?............................................................................29

2.2. Advantages of VPN..................................................................................................30

2.3. What are the impacts of incorrect VPN configurations?..........................................31

3............................................................................................................................................... Show
with diagrams the example of how firewall works..........................................................32

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security............................................................................33

1. DMZ................................................................................................................................33

1.1. What is DMZ ?..........................................................................................................33

1.2. How does it work ?...................................................................................................34

1.3. Advantages of DMZ.................................................................................................34

1.4. Examples of DMZ....................................................................................................35

2. Static IP...........................................................................................................................36
Document shared on www.docsity.com
2.1. What is static IP ?.........................................................................................................
Downloaded by: hiep-pham-van ([email protected]) 36

2.2. Example of Static IP................................................................................................37

2.3. Advantages of static IP.............................................................................................37

3. NAT...............................................................................................................................38

6|Page
Pham Van Long – BHAF200011
3.1. What is NAT ?...........................................................................................................38

7|Page
Pham Van Long – BHAF200011
 3.2. How does it work ?...................................................................................................39

3.3. Advantages of NAT..................................................................................................39

3.4. Examples of NAT......................................................................................................40

M1 Propose a method to assess and treat IT security risks. Security procedures...................40

1. Discuss methods required to assess it security threat? E.g. Monitoring tools................40

1.1. What is a security risk assessment?....................................................................40

1.2. Importance of regular IT security assessments....................................................41

1.3. What is a cyber risk (IT risk) definition..............................................................41

1.4. IT risk assessment components and formula.......................................................42

1.5. The risk equation.................................................................................................42

1.6. How to perform a security risk assessment..............................................................43

1.7. E.g. Monitoring tools................................................................................................48

2. What are the current weakness or threat of the organization?.......................................51

3. What tools will you propose to treat the IT security risk?............................................52

M2 Discuss three benefits to implement network monitoring systems with supporting reasons.
..........................................................................................................................................53

1. List some of the networking monitoring devices and discuss each..................................53

2. Why do you need to monitor network?...........................................................................58

3. The benefits of using a network monitoring system for and organization are next.....59

3.1. Discovery of Devices................................................................................................59

3.2. Cost Saving...............................................................................................................59

Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
3.3. Indentify security threats...........................................................................................60

D1 Investigate how a trusted network may be part of an IT security solutions.....................60

1. Discuss and explain what are trusted network.................................................................60

2. Give brief details with an example on how trusted network use....................................61

8|Page
Pham Van Long – BHAF200011
 3. How can it be a solution in IT security...........................................................................61
 Picture of the presentation.................................................................................................61

REFERENCES.......................................................................................................................83

Table of Pictures

Picture 1 Security......................................................................................................................9
Picture 2 Network security threats..........................................................................................10
Picture 3 The Malware............................................................................................................13
Picture 4 Trojans.....................................................................................................................13
Picture 5 Spyware...................................................................................................................14
Picture 6 Adware....................................................................................................................15
Picture 7 Rootkits...................................................................................................................15
Picture 8 Ransomware............................................................................................................16
Picture 9 Worms.....................................................................................................................17
Picture 10 Keyloggers.............................................................................................................17
Picture 11 SQL injected..........................................................................................................18
Picture 12 DdoS......................................................................................................................19
Picture 13 Biometric data.......................................................................................................20
Picture 14 Anti-virus procedure..............................................................................................23
Picture 15 Password Procedure..............................................................................................24
Picture 16 Physical Security Procedure..................................................................................25
Picture 17 Firewall.......................................................................................................................
Document shared on www.docsity.com 26
Downloaded by: hiep-pham-van ([email protected])
Picture 18 VPN.......................................................................................................................30
Picture 19 Diagram Firewall work..........................................................................................32
Picture 20 DMZ......................................................................................................................33
Picture 21 Example of DMZ..................................................................................................36
Picture 22 Static IP.................................................................................................................37

9|Page
Pham Van Long – BHAF200011
Picture 23 Example of Static IP..............................................................................................37
Picture 24 NAT.......................................................................................................................39
Picture 25 Document the Results............................................................................................48
Picture 26 Activity Log Analysis — XpoLog........................................................................49
Picture 27 Protecting apps and data – Imperva......................................................................49
Picture 28 Penetration Behavior Testing – Metasploit...........................................................50
Picture 29 Prevent phishing attacks - Hoxhunt......................................................................50
Picture 30 The OCTAVE method..........................................................................................53
Picture 31 SolarWinds Network Performance Monitor...........................................................54
Picture 32 Datadog Network Monitoring................................................................................54
Picture 33 ManageEngine OpManager...................................................................................55
Picture 34 Paessler PRTG Network Monitor..........................................................................56
Picture 35 Auvik.....................................................................................................................56
Picture 36 Site24x7 Network Monitoring...............................................................................57
Picture 37 Atera......................................................................................................................57
Picture 38 Discovery of Devices............................................................................................59
Picture 39 Indentify Security threats.......................................................................................60
Picture 40 Picture of the presentation.....................................................................................61
Picture 41 Picture of the presentation.....................................................................................62
Picture 42 Picture of the presentation.....................................................................................62
Picture 43 Picture of the presentation.....................................................................................63
Picture 44 Picture of the presentation.....................................................................................63
Picture 45 Picture of the presentation.....................................................................................64
Picture 46 Picture of the presentation.....................................................................................64
Picture 47 Picture of the presentation.....................................................................................65
Picture 48 Picture of the presentation........................................................................................
Document shared on www.docsity.com 65
Downloaded by: hiep-pham-van ([email protected])
Picture 49 Picture of the presentation.....................................................................................66
Picture 50 Picture of the presentation.....................................................................................66
Picture 51 Picture of the presentation.....................................................................................67
Picture 52 Picture of the presentation.....................................................................................67
Picture 53 Picture of the presentation.....................................................................................68

10 | P a g e
Pham Van Long – BHAF200011
Picture 54 Picture of the presentation.....................................................................................68
Picture 55 Picture of the presentation.....................................................................................69
Picture 56 Picture of the presentation.....................................................................................69
Picture 57 Picture of the presentation.....................................................................................70
Picture 58 Picture of the presentation.....................................................................................70
Picture 59 Picture of the presentation.....................................................................................71
Picture 60 Picture of the presentation.....................................................................................71
Picture 61 Picture of the presentation.....................................................................................72
Picture 62 Picture of the presentation.....................................................................................72
Picture 63 Picture of the presentation.....................................................................................73
Picture 64 Picture of the presentation.....................................................................................73
Picture 65 Picture of the presentation.....................................................................................74
Picture 66 Picture of the presentation.....................................................................................74
Picture 67 Picture of the presentation.....................................................................................75
Picture 68 Picture of the presentation.....................................................................................75
Picture 69 Picture of the presentation.....................................................................................76
Picture 70 Picture of the presentation.....................................................................................76
Picture 71 Picture of the presentation.....................................................................................77
Picture 72 Picture of the presentation.....................................................................................77
Picture 73 Picture of the presentation.....................................................................................78
Picture 74 Picture of the presentation.....................................................................................78
Picture 75 Picture of the presentation.....................................................................................79
Picture 76 Picture of the presentation.....................................................................................79
Picture 77 Picture of the presentation.....................................................................................80
Picture 78 Picture of the presentation.....................................................................................80
Picture 79 Picture of the presentation........................................................................................
Document shared on www.docsity.com 81
Downloaded by: hiep-pham-van ([email protected])
Picture 80 Picture of the presentation.....................................................................................81
Picture 81 Picture of the presentation.....................................................................................82
Picture 82 Picture of the presentation.....................................................................................82

11 | P a g e
Pham Van Long – BHAF200011
INTRODUCTION OF SECURITY
The security measure was first implemented for computers in 1960 when the internet
or networks was not yet to worry about. Many companies of that time were focused on
a physical measure to protect their computer-implemented the password from the
people with some knowledge of how the computers work. This report presenting in an
IT organization Octave method to assess the IT security risks, the impact of the IT
organization of incorrect Firewall and third party VPNS configuration, benefits and
reasons of network monitoring systems also presenting the improvement of the network
security using DMZ, static IP and NAT and then the explanation of Risk Assessment
and Risk Management of an Organization, the impact of the Organization after a SWOT
evaluation of an internal audit and then implementation of policy and describe the
recovery plan measure with the hierarchy structure of the organization and their role.

Vasile-Daniel Alupoae Security.

Picture 1 Security

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])

12 | P a g e
Pham Van Long – BHAF200011
P1 Identify types of security risks to organisations.

1. What is network security?

Network security is a broad term that covers a multitude of technologies, devices
and processes. In its simplest term, it is a set of rules and configurations designed to
protect the integrity, confidentiality and accessibility of computer networks and data
using both software and hardware technologies. Every organization, regardless of
size, industry or infrastructure, requires a degree of network security solutions in
place to protect it from the ever-growing landscape of cyber threats in the wild
today.

Today's network architecture is complex and is faced with a threat environment

that is always changing and attackers that are always trying to find and exploit
vulnerabilities. These vulnerabilities can exist in a broad number of areas, including
devices, data, applications, users and locations. For this reason, there are many
network security management tools and applications in use today that address
individual threats and exploits and also regulatory noncompliance. When just a few
minutes of downtime can cause widespread disruption and massive damage to an
organization's bottom line and reputation, it is essential that these protection
measures are in place.

13 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 2 Network security threats

14 | P a g e
Pham Van Long – BHAF200011
 2. What is security risk?
A computer security risk is really anything on your computer that may damage or
steal your data or allow someone else to access your computer, without your
knowledge or consent. There are a lot of different things that can create a computer
risk, including malware, a general term used to describe many types of bad software.
We commonly think of computer viruses, but, there are several types of bad
software that can create a computer security risk, including viruses, worms,
ransomware, spyware, and Trojan horses. Misconfiguration of computer products as
well as unsafe computing habits also pose risks.

3. Identify threats agents to organizations

3.1. Nation States
Those companies that operate in certain sectors, e.g. telecoms, oil & gas, mining,
power generation, national infrastructure etc., may find themselves a target for
foreign nations either to disrupt operations now, or to give that nation a future hold in
times of adversity.

We have heard many examples of this from the alleged Russian interference with
the US Presidential elections, to Sony claiming that North Korea had been
responsible for their sites being hacked in 2014 and more recently the concerns
about Huawei providing 5G networks because of the possibility of them passing
information to the Chinese government.

3.2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors

and Viruses perpetrated by vandals and the general public).
There are so many times that companies have said to me “Oh we’re not going to be a
target for hackers because….” But the number of random attacks that are going on every day
is so vast (there are no accurate statistics on this to share here) that every and any
Document shared on www.docsity.com
organisation can become a
victim. Downloaded by: hiep-pham-van ([email protected])

The most famous example of a non-target specific attack is the WannaCry

ransomware incident that affected over 200,000 computers in 150 countries. In the
UK it shut down the NHS for several days. And, of course, there is the bored
teenager in a loft somewhere just trolling the internet to find a weak link.
15 | P a g e
Pham Van Long – BHAF200011
 3.3. Employees and Contractors
Machines and software programmes are quite good at protecting against malware,
unless it is a Zero-day virus. It is humans that are often the weakest link in the
security system, either maliciously or accidentally.

Common mistakes such as sending an email to the wrong person happen but usually
we realise the mistake quickly and are able to rectify the situation. Simple measures
such as password protecting files can also help to mitigate the effects of such
mistakes.

However unfortunately there are also disgruntled people out there who purposefully
harm organisations from the inside. Recently Morrisons supermarket faced a case
where a disgruntled internal auditor downloaded payroll and other HR personal data
and published it on the internet. The ex-employee was convicted and sent to prison,
but Morrisons was also fined because it did not have the proper technical and
organisational measures in place to prevent this act (note that Morrisons is currently
appealing against the fine).

4. List type of threats that organizations will face

4.1. The Malware
Malware (a portmanteau for malicious software) is any software intentionally
designed to cause damage to a computer, server, client, or computer network (by
contrast, software that causes unintentional harm due to some deficiency is typically
described as a software bug). A wide variety of malware types exist, including
computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue
software, wiper and scareware.

Programs are also considered malware if they secretly act against the interests of the
computer user. For example, at one point Sony music Compact discs silently
installed a
Document
rootkit on purchasers' shared
computers withon
thewww.docsity.com
intention of preventing illicit copying, but
Downloaded by: hiep-pham-van ([email protected])
which also reported on users' listening habits, and unintentionally created extra
security vulnerabilities.

Some malware such as : computer virus, worm, spyware……

16 | P a g e
Pham Van Long – BHAF200011
 Picture 3 The Malware
4.1.1. Trojans
A Trojan (or Trojan Horse) disguises itself as legitimate software with the purpose
of tricking you into executing malicious software on your computer.

17 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 4 Trojans

18 | P a g e
Pham Van Long – BHAF200011
 4.1.2. Spyware
Spyware invades your computer and attempts to steal your personal information such
as credit card or banking information, web browsing data, and passwords to various
accounts.

Picture 5 Spyware
4.1.3. Adware
Adware is unwanted software that displays advertisements on your screen. Adware
collects personal information from you to serve you with more personalized ads.

19 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

20 | P a g e
Pham Van Long – BHAF200011
 Picture 6 Adware
4.1.4. Rootkits
Rootkits enable unauthorized users to gain access to your computer without being
detected.

21 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 7 Rootkits

22 | P a g e
Pham Van Long – BHAF200011
 4.1.5. Ransomware
Ransomware is designed to encrypt your files and block access to them until a
ransom is paid.

Picture 8 Ransomware
4.1.6. Worms
A worm replicates itself by infecting other computers that are on the same network.
They’re designed to consume bandwidth and interrupt networks.

23 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

24 | P a g e
Pham Van Long – BHAF200011
 Picture 9 Worms
4.1.7. Keyloggers
Keyloggers keep track of your keystrokes on your keyboard and record them on a
log. This information is used to gain unauthorized access to your accounts.

25 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
Picture 10 Keyloggers

26 | P a g e
Pham Van Long – BHAF200011
 4.2. Social engineering attack
In the context of information security, social engineering is the psychological
manipulation of people into performing actions or divulging confidential
information. This differs from social engineering within the social sciences, which
does not concern the divulging of confidential information. A type of confidence
trick for the purpose of information gathering, fraud, or system access, it differs
from a traditional "con" in that it is often one of many steps in a more complex fraud
scheme.

It has also been defined as "any act that influences a person to take an action that
may or may not be in their best interests."

4.3. SQL injected

SQL Injection is a technique that benefits the questioning vulnerabilities of the
application. This can be done by inserting a piece of SQL to incorrectly start the
query, so that data can be extracted from the database. SQL injection can allow an
attacker to perform tasks like a web administrator on the database application.

27 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 11 SQL injected

28 | P a g e
Pham Van Long – BHAF200011
 4.4. DdoS
A denial of service attack (DoS attack - short for Denial of Service) or a distributed
denial of service attack (DDoS attack - short for Distributed Denial of Service) is an
attempt to get people to User cannot use the resources of a computer. Although the
means, motives, and targets of a denial of service attack can vary, generally it
involves coordination, malicious attempts of one person or more people to a site, or
the network cannot use, interrupt, or slow down the system significantly for the
average user, by overloading the system's resources. The perpetrators of denial of
service attacks often target typical websites or servers such as banks, credit card
payment gateways and even DNS root servers.

One common attack method is often associated with saturating a target machine with
external communications requests, to the point that it cannot respond to legitimate
traffic, or respond too slowly. In general terms, DoS attacks are complemented by
forcing the target machine to restart or by consuming all its resources to the point
that it does not provide service, or obstructs communication between the user and
the crash. multiply.

29 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 12 DdoS
5. An example of a recently publicized security breach
 Antheus Tecnologia Biometric Data Breach:

30 | P a g e
Pham Van Long – BHAF200011
  The Story:

In March 2020, SafetyDetectives —a pro bono team of security researchers—

revealed a breach in the data of Antheus Tecnologia, a Brazilian biometric solutions
company. The company had left sensitive information, including data on 76,000
fingerprints, exposed on an unsecured server.

The server didn't store direct scans of fingerprints, but binary code that hackers
could use to recreate them, with potentially disastrous consequences.

Picture 13 Biometric data

 How the Breach Happened

As we mentioned, the company neglected to password protect a database on the

cloud or properly encrypt it. This is almost certainly the result of human error on the
part of IT staff.

 What Data Was Exposed

Per Biometric Update: "The vulnerable server contained roughly 16 gigabytes of data,

with 81.5 million records also shared

Document including administrator login information, employee
on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
telephone numbers, email addresses, and company emails."

Antheus Tecnologia responded to the report by insisting that the exposed

fingerprints belonged to their team or were in the public domain. However, they also

31 | P a g e
Pham Van Long – BHAF200011
 claimed that the data was hashed, which was not the case.

 The Lesson for Businesses

32 | P a g e
Pham Van Long – BHAF200011
 Password protect all sensitive data when migrating to the cloud and apply the
same controls you would apply on-premises.

Some of the worst data breaches on this list result from misconfiguration errors
when transitioning to the cloud. According to Verizon's 2020 Data Breach Report,
errors are now the second most common source of breaches, ahead of malware and
only behind the hacking. In particular, misconfiguration errors have dramatically
increased since 2017, though the researchers acknowledge this is mostly due to
"internet-exposed storage discovered by security researchers and unrelated third
parties."

P2. Organisational security procedures.

1. What is the security procedures ?

Security procedures are detailed step-by-step instructions on how to implement,
enable, or enforce security controls as enumerated from your organization’s security
policies. Security procedures should cover the multitude of hardware and software
components supporting your business processes as well as any security related
business processes themselves (e.g. onboarding of a new employee and assignment
of access privileges).

2. The purpose of security procedures

The purpose of security procedures is to ensure consistency in the implementation of
a security control or execution of a security relevant business process. They are to be
followed each time the control needs to be implemented or the security relevant
business process followed. Here is an analogy. As part of every aircraft flight, the
pilot will follow a pre-flight checklist. Why do they do this? Simply put, they do it
to ensure that the aircraft is ready to fly and to do everything possible to ensure a
safe flight. Although pilots may have flown thousands of hours, they still follow
the checklist.
Following the checklist ensureDoscumcenot
n s i s t e n c y o f
s ha re d o n w ww .d ocs ity .com behavior each and every time. Even
Downloaded by: hiep-pham-van ([email protected])
though they may have executed the checklist hundreds of times, there is risk in
relying on memory to execute the checklist as there could be some distraction that

33 | P a g e
Pham Van Long – BHAF200011
 causes them to forget or overlook a critical step.

34 | P a g e
Pham Van Long – BHAF200011
 3. Anti-virus procedures
3.1. Purpose of Anti-virus procedures
The primary purpose of the anti-virus solution or software is to guard against
malicious software or scripts by blocking or quarantining this software that is
identified, and alerting administrators that such action has taken place. The solution
would detect and report on different types of malicious software that may be
introduced or attempted to be installed on the systems and network, including
endpoints such as mobile devices, desktops, laptops, servers, etc.

3.2. Procedures of anti-virus procedures

 Anti-virus software is mandatory.
 Any system which is geographically located on a University of Otago
campus or remotely connected to a University of Otago campus must have
up-to-date antivirus software installed and operating. This includes laptop
computers and computers owned by staff, students or visitors to the
University. Anyone responsible for bringing a system onto a University of
Otago Campus is responsible for ensuring that anti-virus software is installed.
 The AV product installed on desktops and servers must be configured to
update on a daily or more frequent basis.
 All Computers used solely as servers should have an Anti Virus product
installed and operating.
 Only servers where a significant negative impact would result from operating
anti-virus software, or servers running an Operating System with low
likelihood of virus infection such as Solaris or VMS, may be considered for
exemption from this procedure.
 All exemptions must beshared
authorised in writing by the Director of Information
Document
Downloaded on www.docsity.com
by: hiep-pham-van ([email protected])
Technology Services.

35 | P a g e
Pham Van Long – BHAF200011
 Picture 14 Anti-virus procedure
4. Password Procedures
4.1. Purpose of Password procedures
To prevent unauthorized access and to establish user accountability when using IDs and
passwords to access College information systems.

4.2. Procedures
The successful adoption of a password procedure depends on the ability of the
organization to enforce it. Some school boards/authorities have sophisticated
technologies that can provide substantial automation and support for a large number
of users. Others may have limited resources and will need to develop a procedure
that is manageable in a more manual fashion. It is important to realize that
regardless of which category the school board/authority falls into, password
procedures are still a requirement for effective security management. When creating
a password procedure,
it is important to consider elements that can be enforced through software security
Downloaded by: hiep-pham-van ([email protected])
Document shared on www.docsity.com

settings and those which must be enforced through education of the users. Items such
as the minimum length of a password and expiry cycle for passwords are typically
set through system software. Issues that would be linked to user education include
not having passwords displayed on sticky notes and not sharing passwords. Another
important consideration when developing a password procedure is password
23 | P a g e
Pham Van Long – BHAF200011
 retention. Even with the best procedures in place, passwords will be shared or
otherwise become

23 | P a g e
Pham Van Long – BHAF200011
 known over time, weakening security, so it is necessary to change them on a regular
basis. Most systems allow the system administrator to set a parameter which causes
passwords to expire and requires them to be reset by the user. This parameter is
typically set for anywhere from 30 days to 90 days, depending on the number of
users, level of risk, and manageability of the procedure. Password expiry does add
some additional workload for technical staff as users often forget their new
passwords and need support to change them. It is also wise to force a password reset
the first time a user logs in to any system.

Picture 15 Password Procedure

5. Physical Security Procedures
5.1. Purpose of Physical security procedures
The purpose of the Physical Security procedures is to:

 establish the rules for granting, control, monitoring, and removal of physical access to
Document shared on www.docsity.com
office premises;
Downloaded by: hiep-pham-van ([email protected])

 to identify sensitive areas within the organization; and

 to define and restrict access to the same.

24 | P a g e
Pham Van Long – BHAF200011
 5.2. Procedures
 Physical access to the server rooms/areas shall completely be controlled and
servers shall be kept in the server racks under lock and key.
 Access to the servers shall be restricted only to designated Systems and
Operations Personnel. Besides them, if any other person wants to work on the
servers from the development area then he/she shall be able to connect to the
servers only through Remote Desktop Connection with a Restricted User
Account.
 Critical backup media shall be kept in a fireproof off-site location in a vault.
 Security perimeters shall be developed to protect areas that contain information
system to prevent unauthorized physical access, damage and interference.
 A list of personnel with authorized access to the facilities where information
systems reside shall be maintained with appropriate authorization credentials. The
access list and authorization credentials shall be reviewed and approved by
authorized personnel periodically.

25 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
Picture 16 Physical Security Procedure

P3 Identify the potential impact to IT security of incorrect

configuration of firewall policoes and third-part VPNS.
As an organisation, the security of the network and data is the main concern so in the
next section the description of the incorrect configuration of a Firewall and Third-
party

26 | P a g e
Pham Van Long – BHAF200011
 VPN will be explained and the impact on the organisation. The typical questions
fasmany people are:

1. What is Firewall ?
Firewall- is a piece of software or hardware with the scope of filtering the traffic
between the Internet and network an also between computer to computer into any
organization. For work properly in good parameter, a firewall to can protect the
network or computers of the organization must be installed and configured. The jobs
of the firewall in an organisation once install and configure is to protect the system,
resources, files and data of viruses, hacking and any type of security attacked. For an
organization, the impacts if a Firewall is incorrect install and configure is that the
network is exposing of any kind of attack with the consequences of losing: Files,
Data, Confidential data, Staff time, Reputation. I next section is present the threat
and vulnerability with the description for incorrect firewall configuration of an
organisation.

Picture 17 Firewall

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Threat and vulnerability Description

27 | P a g e
Pham Van Long – BHAF200011
 DdoS Attack Distributed Denial of Services (DDOS) attacks are used by the
attackers with a highly effective and low-cost to execute. This
attack used to spread malicious software, infected emails and
attachments with the scope to infect the system or computer called
botnet. Once the system or computer is infected the attackers can
control the botnet commanding it to flood a site with traffic.

28 | P a g e
Pham Van Long – BHAF200011
 It is a language that the attacker sends a code injection into all
vulnerable servers that use a SQL with the scope of reveal
SQL injection attack
information from the server.

1.1. How does firewall work?

- VPNs provide encrypted and authenticated communication channels or tunnels
between two endpoints on the Internet. Tunnel authentication and encryption
depend on basic VPN technologies such as Point-to-Point Tunnel Protocol
(PPTP) or Layer 2 / IPSec Tunnel Protocol (L2TP / IPSec). VPNs can also use a
combination of independent authentication and encryption techniques. For
example, one of the popular VPN services, OpenVPN uses OpenSSL, TLS, and
HMAC for encryption and certificate-based or username / password-based
techniques for authentication. The choice of VPN technology depends on various
factors such as speed, security, OS compatibility, etc.
- VPNs also come in two distinct types, depending on how the tunnel is set up and
the entities at each end of the tunnel. A site-to-site VPN connects two networks,
for example, a branch office and data center, and uses a VPN gateway. A VPN
gateway manages authentication and encryption and does not require a terminal.
Remote access VPN connects individual independent servers such as desktops
and laptops to a network. The end server needs to add VPN client software to
connect to the VPN. Most operating systems come with native VPN clients.
Figure 1 below shows the difference between a site-to-site VPN and a remote
access. Today's blog post will focus solely on remote access or client-side VPN
connections.

1.2. Advantages of firewall

+ Monitors Network Traffic.AllDoocufmtenht esha bredeonn wewfwi.tdoscsoityf.cofmirewall
security start with the ability to
Downloaded by: hiep-pham-van ([email protected])
monitor network traffic. Data coming in and out of your systems creates
opportunities for threats to compromise your operations. By monitoring and
analyzing network traffic, firewalls leverage preestablished rules and filters to keep
your systems protected. With a well-trained IT team, you can manage your levels of
29 | P a g e
Pham Van Long – BHAF200011
 protection based on what you see coming in and out through your firewall.

30 | P a g e
Pham Van Long – BHAF200011
 + Stops Virus Attacks.Nothing can shut your digital operations down faster and
harder than a virus attack. With hundreds of thousands of new threats developed
every single day, it is vital that you put the defenses in place to keep your systems
healthy. One of the most visible benefits of firewalls is the ability to control your
system's entry points and stop virus attacks. The cost of damage from a virus attack
on your systems could be immeasurably high, depending on the type of virus.

+ Prevents Hacking. Unfortunately, the trend of businesses moving more toward

digital operations invites thieves and bad actors to do the same. With the rise of data
theft and criminals holding systems hostage, firewalls have become even more
important, as they prevent hackers from gaining unauthorized access to your data,
emails, systems, and more. A firewall can stop a hacker completely or deter them to
choose an easier target.

1.3. What are the impacts of incorrect firewall configurations?

Broad policy configurations :

 Firewalls are often set up with an open policy of allowing traffic from any
source to any destination. This is because IT teams don’t know exactly what they
need at the outset, and therefore start with broad rules and work backwards.
However, the reality is that due to time pressures or simply not regarding it as
a priority, they never get round to defining firewall policies. This leaves the
network in a perpetually exposed state.
 Organizations should follow the principle of least privilege – that is, giving
the minimum level of privilege that the user or service needs to function
normally, thereby limiting the potential damage caused by a breach. It’s also a good idea
to regularly revisit your firewall policies to look at application usage trends
and
identify new applications being used on the network and what connectivity they
require. Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Risky rogue services and management services:

31 | P a g e
Pham Van Long – BHAF200011
  Services that are left running on the firewall that don’t need to be is another mistake
I often find. Two of the main culprits are dynamic routing, which typically
should not be enabled on security devices as best practice, and “rogue” DHCP

32 | P a g e
Pham Van Long – BHAF200011
 servers on the network distributing IPs, which can potentially lead to
availability issues as a result of IP conflicts. I’m also surprised to see the number
of devices that are still managed using unencrypted protocols like telnet,
despite the protocol being over 30 years old.
 The answer to this problem is hardening devices and ensuring that
configurations are compliant before the device is put into a production setting.
This is something with which a lot of enterprises struggle. But by configuring
your devices based on the function that you actually want them to fulfill and
following the principle of least privileged access, you will improve security
and reduce the chances of accidentally leaving a risky service running on
your firewall.

Non-standard authentication mechanisms:

 During my work, I often find organizations that use routers that don’t follow the
enterprise standard for authentication. For example, a large bank I worked with
had all the devices in its primary data center controlled by a central
authentication mechanism, but did not use the same mechanism at its remote
office. By not enforcing corporate authentication standards, staff in the remote
branch could access local accounts with weak passwords, and had a different limit
on login failures before account lockout.
 This scenario reduces security and creates more vectors for attackers, as it’s easier for
them to access the corporate network via the remote office. Organizations should
ensure that all remote offices follow the same central authentication mechanism
as the rest of the company.

2. What is a VPN and a third-party VPN?

2.1. What is Virtual Private Network ?
Document shared on www.docsity.com
Virtual Private
Downloaded(VPN)
Network - is a security tunnel
by: hiep-pham-van that encrypts the data that travels
([email protected])

around the networks even geographically is separated. The VPN in an organisation is

used for protecting sensitive data that are unencrypted and vulnerable, providing a
second layer of defence against attacker limiting their access and manage and
monitoring all the users' traffic for legal reasons. A third party VPN is the services
33 | P a g e
Pham Van Long – BHAF200011
provided for customers with no control of customer devices. The third- party access is
the weakest link in an organisation

34 | P a g e
Pham Van Long – BHAF200011
network security where the attackers are looking to access the weak point for
establishing and exploit the critical asset. The third-party VPN access if it is incorrect
configures the impact and consequences for an organisation are: credential theft,
compromised devices, excessive access and exposed servers.

Picture 18 VPN
2.2. Advantages of VPN
 Protected File Sharing. With a VPN at your disposal, you and others can share
files over extended periods of time without having to worry about the data being
stolen or exposed.
 Remote Access. Because a VPN is an actual network, you can access it remotely.
This makes it a great resource for companies, in particular, allowing employees
to work from outside the office. No matter where you are, your data and
information stay protected as long as you’re using the VPN.
 Bypass blockersDocument
and filters. In some parts of the world, Internet censorship is real
shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
and that may mean someone more or less controlling the user's worldview. That is
why more and more people are using VPNs, possibly bypassing blocked websites
and Internet filters. Put the power back in your hands.
 Performance improvements. As if online security wasn't enough, a solid VPN
can also improve things like bandwidth and efficiency. Better performance is

35 | P a g e
Pham Van Long – BHAF200011
 something that no Internet user would argue with.

36 | P a g e
Pham Van Long – BHAF200011
 2.3. What are the impacts of incorrect VPN configurations?
Risky business

 When a business uses VPNs to provide third-party vendors access to their

network, those vendors either have full access to your network (for example, at
the start of a job) or they don’t (when you revoke access after the job ends) – unless
companies implement strict network segmentation with firewalls and switches,
which adds additional complexity.
 There are no shades of gray, no ability to give partial access only to required
resources. The more servers, applications, and network equipment your vendors
can access, the more you have at risk.
 VPN servers and client software grant a vendor access to everything in your
network unless least privileged access is implemented. Even if you segment your
networks with VLANs (Virtual Local Area Networks), access can still be too
broad, or even too narrow, which requires additional VPN troubleshooting and
technician time.

No third-party accountability:

 VPNs typically provide little or no granular audit records, so you can’t monitor and
record the actions of every third-party vendor using the VPN. Usually, all that is
logged in connection times and even then that data is in yet another log to
monitor and watch.
 Without easy, centralized access to all the historical information on a connection
(user, applications accessed, the reason for access, etc.), it is impossible to prove
who or what created an issue, should a breach or mistake occur due to a vendor.

A false sense of security:

 If your third-partyDocument
vendors and VPN
shared onusers have access to your network, you may
www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

believe that your company data and network are safe; after all, the “P” in VPN does stand
for “private”.

37 | P a g e
Pham Van Long – BHAF200011
  However, history has proven otherwise. The reality is that malicious hackers
have exploited weak VPN protocols and non-secure internet connections to
cause data breaches at major companies such as Home Depot and Target.

38 | P a g e
Pham Van Long – BHAF200011
 VPNs are a haven for hackers:

 Hackers often use VPNs to gain access to networks. If your business has many
third- party vendors, and each vendor has full access to your network, a hacker
now has multiple potential routes to break into and exploit your network using
VPN traffic.

Let’s face the facts:

 One of the easiest ways a hacker enters a network is through a third-party

connection – and 59% of companies reported that they have experienced a data
breach caused by one of their third parties or vendors.

3.Show with diagrams the example of how firewall works

Pictureshared
Document 19 Diagram Firewall work
on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

39 | P a g e
Pham Van Long – BHAF200011
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security.
1. DMZ
1.1. What is DMZ ?
DMZ- is call as a demilitarized zone which is a logical or physical subnet that
separates the organization network from other unsafe networks especially the
Internet with the scope of adding an extra security layer, protecting the most
vulnerable host against any attacks and keeping the organization network separated
from the external network. The configuration of DMZ is happening using one or two
firewalls that filter the traffic between the DMZ and organization network also
having a gateway filter for incoming traffic of the external network, Configuration
with one Firewall is when in a LAN network using three interfaces the DMZ will be
placed inside the firewall and for the connection with the ISP, the external devices
make the connection, the internal network device which is connected by the second
device and the connection with DMZ is handled by the third network devices.
Configuration with two Firewalls-the first Firewall is the frontend firewalls
configure to leave the fated traffic for DMZ. The second firewall is the backend
firewall with the responsibility of the traffic that travels from DMZ to the
organization network.

40 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 20 DMZ

41 | P a g e
Pham Van Long – BHAF200011
 1.2. How does it work ?
DMZs are intended to function as a sort of buffer zone between the public internet
and the private network. Deploying the DMZ between two firewalls means that all
inbound network packets are screened using a firewall or other security appliance
before they arrive at the servers the organization hosts in the DMZ.

If a better-prepared threat actor passes through the first firewall, they must then gain
unauthorized access to those services before they can do any damage, and those
systems are likely to be hardened against such attacks.

Finally, assuming that a well-resourced threat actor is able to breach the external
firewall and take over a system hosted in the DMZ, they must still break through the
internal firewall before they can reach sensitive enterprise resources. While a
determined attacker can breach even the best-secured DMZ architecture, a DMZ
under attack should set off alarms, giving security professionals enough warning to
avert a full breach of their organization.

1.3. Advantages of DMZ

The main benefit of the DMZ is that it provides users with public internet access
to certain secure services while maintaining a buffer between those users and the
private intranet. The security benefits of this buffer come in a number of ways,
including:

 Access control for organizations. Organizations can provide users with access
to services outside of their network's perimeter through the public Internet.
The DMZ network provides access to these essential services while offering
a level of network segmentation that increases the number of obstacles that
unauthorized
users have to overcome before they can access an organization's private network.
DownloadedDocument shared on www.docsity.com
by: hiep-pham-van ([email protected])
In some cases, the DMZ includes a proxy server, which centralizes the internal
flow of internet traffic - usually employees - and makes it simpler to record
and monitor that traffic.
 Prevent attackers from performing network reconnaissance. A DMZ, because
it acts as a buffer, prevents an attacker from being able to scope out potential

42 | P a g e
Pham Van Long – BHAF200011
 targets within the network. Even if a system within the DMZ is
compromised, the

43 | P a g e
Pham Van Long – BHAF200011
 private network is still protected by the internal firewall separating it from the
DMZ. It also makes external reconnaissance more difficult for the same
reason. Although the servers in the DMZ are publicly exposed, they are
backed by another layer of protection. The public face of the DMZ keeps
attackers from seeing the contents of the internal private network. If attackers
do manage to compromise the servers within the DMZ, they are still isolated
from the private network by the DMZ’s internal barrier.
 Protection against IP spoofing. In some cases, attackers attempt to bypass
access control restrictions by spoofing an authorized IP address to
impersonate another device on the network. A DMZ can stall potential IP
spoofers while another service on the network verifies the IP address's
legitimacy by testing whether it is reachable.

1.4. Examples of DMZ

Some cloud services, such as Microsoft Azure, implement a hybrid security
approach in which a DMZ is implemented between an organization's on-premises
network and the virtual network. This hybrid approach is typically used in situations
where the organization's applications run partly on-premises and partly on the virtual
network. It's also used in situations where outgoing traffic needs to be audited, or
where granular traffic control is required in between the virtual network and the on-
premises data center.

The DMZ can also be useful in a home network, where computers and other devices
are connected to the internet using a broadband router and configured as a local
network. Some home routers include the DMZ server feature, which is as opposed
to the DMZ subnet that is typically deployed in organizations with more devices
than the feature

found indoors. The DMZ server feature specifies a device on your home network that
Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
works outside of the firewall, where it acts as the DMZ while the rest of your home
network is inside the firewall. In some cases, the game console is chosen as the
DMZ server so that the firewall does not interfere with gameplay. In addition, the
console is also a good candidate for a DMZ server as it is likely to contain less

44 | P a g e
Pham Van Long – BHAF200011
 sensitive information than a PC.

45 | P a g e
Pham Van Long – BHAF200011
 Picture 21 Example of DMZ
2. Static IP
2.1. What is static IP ?
Static IP address is an unchanged number configured manually for a device like a
computer or a router or one that was assigned by A DHCP server. To configure any
devices with a static IP that might be done through the device as a router giving out
IP addresses or manually, as a computer or laptop typing the IP address for the
device itself. Using a static IP address there are some benefits such as better DNS
support because is easier to set up and manage, Convenient remote access makes
easier to work remotely using any remote access program, Hosting a server if you
hosing a server that using a static IP it is easier for the customer to find you via DNS
server. Also using a static IP Is not ideal for all the situation because is easy to know
exactly by the hackers where your server is on the internet and is a real security
concern for an IT organization because with rights network tools the organization
computers can be located easily.

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])

46 | P a g e
Pham Van Long – BHAF200011
 Picture 22 Static IP
2.2. Example of Static IP
- This example applies to all AR routers that support LAN interfaces of
V200R003C00 and later versions:

- The router functions as the DHCP server to dynamically assign IP addresses to

clients on the network segment 10.137.32.0/24. The enterprise obtains the fixed IP
address 1.1.1.1/24, gateway address 1.1.1.254/24, and DNS Server address
1.2.2.2/24 from the carrier. Users in the enterprise connect to the Internet through
the router. The IP addresses of VLANIF 1 and GE0/0/2 are 10.137.32.1/24 and
1.1.1.1/24, respectively. In this example, GE7/0/1 functions as a Layer 2 interface
for intranet user access.

47 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 23 Example of Static IP

2.3. Advantages of static IP
 You have better name resolution across the internet. When you have a
static IP address assigned to a device, then those devices can be reached by
their assigned

48 | P a g e
Pham Van Long – BHAF200011
 host names in a reliable way. That is why FTP servers, web servers, and similar
components use fixed addresses. Because they are not dynamic, there is never a
need to track their changes to locate them.
 It may provide a better level of protection. Even though a static IP address
creates a fact, whereas a dynamic IP address creates change, you still have an
advantage when using this option over a DHCP address assignment. When you
have a static IP in place, your home network will receive an extra layer of
protection against the security problems which may develop over the network.
 There are reduced lapses in connection.If you’re using a dynamic IP address at
home with your ISP (or with your business), then you may experience lapses in
connection to the internet. Some of these lapses may be momentary, while others
may force you to reboot your equipment. Although this is sometimes called a “ping,”
what is happening is a lack of recognition. When your IP address changes, you
become more difficult to find. Using a static IP address reduces this issue, which is
useful for heavy data users, since the IP never resets.

3. NAT
3.1. What is NAT ?
NAT-Network Address Translation is the process of transforming a public address
into private address used by the organization by using different types of devices
firewall and router. NAT capability using only one router is that it can configure
only one address for the entire network organization with the scope of hiding the
entire internal network behind that address when will be used to the Internet (Public
Netwo are implemented in remote- access environments. Configuration of a NAT is
to make on a router at list one interface for NAT outside and one interface for NAT
inside with a set of rules for the IP
addresses to be translated in the packet header configured. The devices as router or
Document
Downloaded shared on www.docsity.com
by: hiep-pham-van ([email protected])
firewall that use a NAT configuration can work in different ways: Static NAT mapping an
unregister address to a registered address on one to one connection, Dynamic NAT
mapping a group of unregistering address to a registered address

49 | P a g e
Pham Van Long – BHAF200011
 Picture 24 NAT
3.2. How does it work ?
- NAT acts like a router, forwarding packets between different network layers on a
large network. NAT translates or changes one or both addresses within a packet
as the packet passes through a router, or some other device. Typically, NAT
changes the address that is usually the private IP address of a network connection
to a public IP (Public IP) address.

- NAT can also be considered as a basic Firewall. NAT maintains a table of

information about each packet passed. When a computer on the network connects
to a website on the Internet the source IP address header is replaced by the pre-
configured Public address on the NAT server, after the packet returns to NAT
based on the record table it has. save the packets, change the destination IP
address to the PC address on the network and forward it. Through this
mechanism the network administrator is able to filter packets sent to or from an
IP address and allow or prevent access to a specific
port. Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

3.3. Advantages of NAT

- Reuse private IP address.
- Increase security for private networks by keeping internal addresses private from
outside networks.
50 | P a g e
Pham Van Long – BHAF200011
 - Connect a large number of servers to the global Internet using a smaller number
of public (external) IP addresses, thus preserving the IP address space.
3.4. Examples of NAT
- If you only have one registered IP address (A) and you want to have all
inbound traffic go to A, go to your Screen and have all other hosts use that
address (A) for unidirectional, outbound traffic. Then set up NAT as shown
in the table below.
-

Destinati Translated Translated

Index Screen TYPE Source Comment
on Source Destination

1 STATIC * A * A

2 Inside Internet A Internet

DYNAMI
C

- Internet addresses are all addresses on the interface sent to A; and Inside are all
internal servers on all other interfaces. With these NAT rules alone, all of the
servers inside Inside communicate with their private, unregistered addresses
when communicating with the Monitor or with each other.

M1 Propose a method to assess and treat IT security risks. Security procedures.

1. Discuss methods required to assess it security threat? E.g. Monitoring tools
1.1. What is a security risk assessment?
Cybersecurity risk assessment is the process of identifying and evaluating risks
for assets that could be affected by cyberattacks. Basically, you identify both internal
and

external threats; evaluate their potential

Document shared onimpact on things like data
www.docsity.com
availability,
Downloaded by: hiep-pham-van ([email protected])

confidentiality and integrity; and estimate the costs of suffering a cybersecurity

incident. With this information, you can tailor your cybersecurity and data
protection controls to match your organization’s actual level of risk tolerance.

51 | P a g e
Pham Van Long – BHAF200011
 To get started with IT security risk assessment, you need to answer three
important questions:

52 | P a g e
Pham Van Long – BHAF200011
  What are your organization’s critical information technology assets — that is, the data
whose loss or exposure would have a major impact on your business
operations?
 What are the key business processes that utilize or require this information?

 What threats could affect the ability of those business functions to operate?

Once you know what you need to protect, you can begin developing strategies.
However, before you spend a dollar of your budget or an hour of your time
implementing a solution to reduce risk, be sure to consider which risk you are
addressing, how high its priority is, and whether you are approaching it in the most
cost- effective way.

1.2. Importance of regular IT security assessments

Conducting a thorough IT security assessment on a regular basis helps
organizations develop a solid foundation for ensuring business success.

In particular, it enables them to:

 Identify and remediate IT security gaps

 Prevent data breaches
 Choose appropriate protocols and controls to mitigate risks
 Prioritize the protection of the asset with the highest value and highest risk
 Eliminate unnecessary or obsolete control measures
 Evaluate potential security partners
 Establish, maintain and prove compliance with regulations
 Accurately forecast future needs

1.3. What is a cyber risk (IT risk) definition

The Institute of Risk Management defines a cyber risk as “any risk of financial loss,
disruption or damage to the reputation of an organization from some sort of failure of its
information technology systems”. Gartner gives a more general definition: “the potential for
an unplanned, negative business outcome involving the failure or misuse of
IT.” Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Examples of cyber risk include:

 Theft of sensitive or regulated information

 Hardware damage and subsequent data loss
 Malware and viruses
 Compromised credentials
53 | P a g e
Pham Van Long – BHAF200011
  Company website failure

54 | P a g e
Pham Van Long – BHAF200011
  Natural disasters that could damage servers

When taking stock of cyber risks, it’s important to detail the specific financial damage they
could do to the organization, such as legal fees, operational downtime and related profit
loss, and lost business due to customer distrust.

1.4. IT risk assessment components and formula

An IT risk assessment involves four key components. We’ll discuss how to assess each one in
a moment, but here’s a brief definition of each:

 Threat — A threat is any event that could harm an organization’s people or assets.
Examples include natural disasters, website failures and corporate espionage.
 Vulnerability — A vulnerability is any potential weak point that could allow a
threat to cause damage. For example, outdated antivirus software is a
vulnerability that can allow a malware attack to succeed. Having a server room in
the basement is a vulnerability that increases the chances of a hurricane or flood
ruining equipment and causing downtime. Other examples of vulnerabilities
include disgruntled employees and aging hardware. The NIST National
Vulnerability Database maintains a list of specific, code-based weaknesses.
 Impact — Impact is the total damage the organization would incur if a
vulnerability were exploited by a threat. For example, a successful ransomware
attack could result in not just lost productivity and data recovery expenses, but
also disclosure of customer data or trade secrets that results in lost business, legal
fees and compliance penalties.
 Likelihood — This is the probability that a threat will occur. It is usually not a
specific number but a range.

1.5. The risk equation

We can understand risk using the following equation:

Risk = Threat x Vulnerability x Asset

Although risk is represented here as a mathematical formula, it is not about numbers; it is

a logical construct. For example, suppose you want to assess the risk associated
with the threat of hackers compromising
Document a particular
shared on system. If your network is very
www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
vulnerable (perhaps because you have no firewall and no antivirus solution), and the
asset is critical, your risk is high. However, if you have good perimeter defenses and
your vulnerability is low, and even though the asset is still critical, your risk will be
medium.

This isn’t strictly a mathematical formula; it’s a model for understanding the
relationships among the components that feed into determining risk:
55 | P a g e
Pham Van Long – BHAF200011
  Threat is short for “threat frequency,” or how often an adverse event is expected to
occur. For example, the threat of being struck by lightning in a given year is
about 1 in 1,000,000.
 Vulnerability is shorthand for “the likelihood that a vulnerability will be
exploited and a threat will succeed against an organization’s defenses.” What is the
security environment in the organization? How quickly can disaster be mitigated
if a breach does occur? How many employees are in the organization and what
is the probability of any given one becoming an internal threat to security
control?
 Cost is a measure of the total financial impact of a security incident. It includes
hard costs, like damage to hardware, and soft costs, such as lost business and
consumer confidence. Other costs can include:
o Data loss — Theft of trade secrets could cause you to lose business to
your competitors. Theft of customer information could result in loss of
trust and customer attrition.
o System or application downtime — If a system fails to perform its
primary function, customers may be unable to place orders, employees
may be unable to do their jobs or communicate, and so on.
o Legal consequences — If somebody steals data from one of your
databases, even if that data is not particularly valuable, you can incur fines
and other legal costs because you failed to comply with the data protection
security requirements of HIPAA, PCI DSS or other compliance

The risk assessment factors in the relationship between the three elements. For example,
suppose you want to assess the risk associated with the threat of hackers compromising a
particular system. If your network is very vulnerable (perhaps because you have no
firewall and no antivirus solution) and the asset is critical, your risk is high. However, if
you have robust perimeter defenses that make your vulnerability low, your risk will be
medium, even though the asset is still critical.

Note that all three elements need to be present in order for there to be risk — since
anything times zero equals zero, if one of the elements in the equation is not present,
then there is no risk, even if the other two elements are high or critical.

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])

1.6. How to perform a security risk assessment

Step #1: Identify and Prioritize Assets

56 | P a g e
Pham Van Long – BHAF200011
Assets include servers, client contact information, sensitive partner documents, trade
secrets and so on. Remember, what you as a technician think is valuable might not

57 | P a g e
Pham Van Long – BHAF200011
be what is actually most valuable for the business. Therefore, you need to work with
business users and management to create a list of all valuable assets. For each asset,
gather the following information, as applicable:

 Software
 Hardware
 Data
 Interfaces
 Users
 Support personnel
 Mission or purpose
 Criticality
 Functional requirements
 IT security policies
 IT security architecture
 Network topology
 Information storage protection
 Information flow
 Technical security controls
 Physical security environment
 Environmental security
Because most organizations have a limited budget for risk assessment, you will likely
have to limit the scope of the remaining steps to mission-critical assets. Accordingly,
you need to define a standard for determining the importance of each asset.
Common criteria include the asset’s monetary value, legal standing and importance
to the organization. Once the standard has been approved by management and formally
incorporated into the risk assessment security policy, use it to classify each asset as
critical, major or minor.

Step #2: Identify Threats

A threat is anything that could cause harm to your organization. While hackers and
malware probably leap to mind, there are many other types of threats:

 Document
Natural disasters. Floods, shared on www.docsity.com
hurricanes, earthquakes, fire and other
natural Downloaded by: hiep-pham-van ([email protected])
disasters can destroy not just data, but servers and appliances as well. When
deciding where to house your servers, think about the chances of different types
of natural disasters. For instance, your area might have a high risk of floods but a
58 | P a g e
Pham Van Long – BHAF200011
 low likelihood of tornadoes.
 Hardware failure. The likelihood of hardware failure depends on the quality
and age of the server or other machine. For relatively new, high-quality
equipment, the chance of failure is low. But if the equipment is old or from a

59 | P a g e
Pham Van Long – BHAF200011
 “no-name” vendor, the chance of failure is much higher. This threat should be on your
list, no matter what business you are in. People can accidentally delete important
files, click on a malicious link in an email or spill coffee on a piece of equipment
that hosts critical systems.
 Malicious behavior. There are three types of malicious behavior:
o Interference is when somebody causes damage to your business by
deleting data, engineering a distributed denial of service (DDOS)
against your website, physically stealing a computer or server, and so
on.
o Interception is theft of your data.
o Impersonation is misuse of someone else’s credentials, which are often
acquired through social engineering attacks or brute-force attacks, or
purchased on the dark web.

Step #3: Identify Vulnerabilities

A vulnerability is a weakness that could enable a threat to harm your organization.

Vulnerabilities can be identified through analysis, audit reports, the NIST vulnerability
database, vendor data, information security test and evaluation (ST&E) procedures,
penetration testing, and automated vulnerability scanning tools.

Don’t limit your thinking to software vulnerabilities; there are also physical and human
vulnerabilities. For example, having your server room in the basement increases your
vulnerability to the threat of flooding, and failure to educate your employees about the
danger of clicking on email links increases your vulnerability to the threat of malware.

Step #4: Analyze Controls

Analyze the controls that are either in place or in the planning stage to minimize or
eliminate the probability that a threat will exploit a vulnerability. Technical controls
include encryption, intrusion detection mechanisms, and identification and
authentication solutions. Nontechnical controls include security policies, administrative
actions, and physical and environmental mechanisms.
Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
Both technical and nontechnical controls can further be classified as preventive or
detective. As the name implies, preventive controls attempt to anticipate and stop
attacks; examples include encryption and authentication devices. Detective controls are
used to discover threats that have occurred or are in process; they include audit trails and
intrusion detection systems.

60 | P a g e
Pham Van Long – BHAF200011
Step #5: Determine the Likelihood of an Incident

61 | P a g e
Pham Van Long – BHAF200011
Assess the probability that a vulnerability might actually be exploited, taking into
account the type of vulnerability, the capability and motivation of the threat source, and
the existence and effectiveness of your controls. Rather than a numerical score, many
organizations use the categories high, medium and low to assess the likelihood of an
attack or other adverse event.

Step #6: Assess the Impact a Threat Could Have

Analyze the impact that an incident would have on the asset that is lost or damaged,
including the following factors:

 The mission of the asset and any processes that depend upon it
 The value of the asset to the organization
 The sensitivity of the asset
To get this information, start with a business impact analysis (BIA) or mission impact
analysis report. This document uses either quantitative or qualitative means to
determine the impact of harm to the organization’s information assets, such as loss of
confidentiality, integrity and availability. The impact on the system can be qualitatively
assessed as high, medium or low.

Step #7: Prioritize the Information Security Risks

For each threat/vulnerability pair, determine the level of risk to the IT system, based on
the following:

 The likelihood that the threat will exploit the vulnerability

 The approximate cost of each of these occurrences
 The adequacy of the existing or planned information system security controls
for eliminating or reducing the risk

A useful tool for estimating risk in this manner is the risk-level matrix. A high
likelihood that the threat will occur is given a value of 1.0; a medium likelihood is
assigned a value of 0.5; and a low likelihood of occurrence is given a rating of 0.1.
Similarly, a high impact level is assigned a value of 100, a medium impact level 50,
Document shared on www.docsity.com

and a low impact level 10. Risk

Downloaded is calculated by([email protected])
by: hiep-pham-van multiplying the threat likelihood value

by the impact value, and the risks are categorized as high, medium or low based on the
result.

Step #8: Recommend Controls

62 | P a g e
Pham Van Long – BHAF200011
Using the risk level as a basis, determine the actions needed to mitigate the risk. Here
are some general guidelines for each level of risk:

63 | P a g e
Pham Van Long – BHAF200011
  High — A plan for corrective measures should be developed as soon as
possible.
 Medium — A plan for corrective measures should be developed within a
reasonable period of time.
 Low — The team must decide whether to accept the risk or implement
corrective actions.

As you evaluate controls to mitigate each risk, be sure to consider:

 Organizational policies
 Cost-benefit analysis
 Operational impact
 Feasibility
 Applicable regulations
 The overall effectiveness of the recommended controls
 Safety and reliability

Step #9: Document the Results

The final step in the risk assessment process is to develop a risk assessment report to
support management in making appropriate decisions on budget, policies, procedures
and so on. For each threat, the report should describe the corresponding vulnerabilities,
the assets at risk, the impact to your IT infrastructure, the likelihood of occurrence and
the control recommendations.

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])

64 | P a g e
Pham Van Long – BHAF200011
 Picture 25 Document the Results

The risk assessment report can identify key remediation steps that will reduce multiple
risks. For example, ensuring backups are taken regularly and stored offsite will mitigate
both the risk of accidental file deletion and the risk from flooding. Each step should
detail the associated cost and the business reasons for making the investment.

1.7. E.g. Monitoring tools

 Activity Log Analysis — XpoLog

65 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

66 | P a g e
Pham Van Long – BHAF200011
 Picture 26 Activity Log Analysis — XpoLog

 Protecting apps and data – Imperva

67 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 27 Protecting apps and data – Imperva

 Penetration Behavior Testing – Metasploit

68 | P a g e
Pham Van Long – BHAF200011
 Picture 28 Penetration Behavior Testing – Metasploit
 Prevent phishing attacks - Hoxhunt

69 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 29 Prevent phishing attacks - Hoxhunt

70 | P a g e
Pham Van Long – BHAF200011
 2. What are the current weakness or threat of the organization?
6 main weaknesses in ICS systems that hackers can use and exploit to attack an
industrial plant as well as solutions.

 Unauthenticated protocols: When an ICS protocol lacks authentication,

any computer on the network can send commands that alter the physical
process. This can lead to incorrect process operation, damage to goods,
destruction of plant equipment, accidents to employees, or environmental
degradation.
 Using outdated hardware: ICS hardware can work for decades. This
hardware may be too simple to operate or lack the processing power and
memory to deal with the threat environment created by modern network
technology.
 Weak user authentication: Weaknesses in user authentication for
traditional control systems often include fixed-assigned passwords,
passwords that are easy to detect, passwords stored in easily recoverable
formats, and encrypted passwords. sent in text. Once an attacker has this
password, they can manipulate the control process at will.
 Weak file integrity check: Lack of digital authentication Code Signing
(is a product for software developers who want to ensure the integrity of
the product from the time it is compiled until the user installs it on their
computer or mobile device) ) to ensure the code has not been altered or
corrupted allowing attackers to trick users into installing software that is
not sourced from the vendor. It also allows attackers to replace legitimate
files with malicious ones.
 Using vulnerable Windows operating systems: Industrial systems often run

unpatched Document
Microsoftshared
Windows operating systems so there are known
on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

vulnerabilities.
 Unknown third party relationships: Many ICS vendors may not be fully
aware of the third-party components they use in their ICS systems, making
71 | P a g e
Pham Van Long – BHAF200011
 it difficult for them to notify customers of vulnerabilities. As a result,
hackers who are

72 | P a g e
Pham Van Long – BHAF200011
 well aware of this dependency can target software that the industrial
company doesn't even know about.

3. What tools will you propose to treat the IT security risk?

- The OCTAVE method is one types of modern that assess and treat IT security risk
explained below. OCTAVE-called Operational Critical Threat is a meaning for an
organization focused on strategic risk assessment and planning technique for
security. The usage of OCTAVE in a organization which is a self-directed approach
that manages the organization evaluation focus on security practice for finding the
strategic issues. Characteristic of the OCTAVE approach in an organization is to
manage the process and evolution of information security risks. The organizational,
technological and analysis aspects of security risk evaluation are composed of three
phrased and phases are:

 Phase 1 – Build assets – Based threat profile is to determinate what is

inportant in the organization and what was done to protect those assets.
 Phase 2 – Identify the infrastructure Vulnerabilities is to evaluate and
examines the classes of information technology to all critical assets.
 Phase 3 – Develop Security Strategy and Plans is the decision after the
evaluation and risks identified to create a strategic plan for protection that
address the risk and critical assets.

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])

73 | P a g e
Pham Van Long – BHAF200011
 Picture 30 The OCTAVE method
- OCTAVE criteria are a set of attributes, principles and outputs. Principles are the
fundamental concept of defining the philosophy behind the evaluation process, for
example one of the principles of OCTAVE is the self direction. Attributes is the quality
evaluation or characteristic that define the basic elements of OCTAVE approach with
the scope of make the evaluation a success of the process and organization perspective.
Outputs are the results of evaluation that analyse the achievement of the three phases.

M2 Discuss three benefits to implement network monitoring systems with supporting

reasons.
1. List some of the networking monitoring devices and discuss each.
Here is our list of the top network monitoring tools:
Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])
 SolarWinds Network Performance Monitor The leading network monitoring
system that uses SNMP to check on network device statuses. This monitoring
tool includes autodiscovery that compiles an asset inventory and automatically
draws up a network topology map. Runs on Windows Server.

74 | P a g e
Pham Van Long – BHAF200011
 Picture 31 SolarWinds Network Performance Monitor

 Datadog Network Monitoring Provides good visibility over each of the

components of your network and the connections between them – be it cloud,
on-premises or hybrid environment. Troubleshoot infrastructure, apps and DNS
issues effortlessly.

75 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 32 Datadog Network Monitoring

76 | P a g e
Pham Van Long – BHAF200011
  ManageEngine OpManager An SNMP-based network monitor that has great
network topology layout options, all based on an autodiscovery process. Installs
on Windows Server and Linux.

Picture 33 ManageEngine OpManager

 Paessler PRTG Network Monitor A collection of monitoring tools and many

of those are network monitors. Runs on Windows Server.

77 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

78 | P a g e
Pham Van Long – BHAF200011
 Picture 34 Paessler PRTG Network Monitor

 Auvik This is a cloud-based system that is able to unify the monitoring of

many networks and includes many automated services.

79 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 35 Auvik

 Site24x7 Network Monitoring A cloud-based monitoring system for

networks, servers, and applications. This tool monitors both physical and
virtual resources.

80 | P a g e
Pham Van Long – BHAF200011
 Picture 36 Site24x7 Network Monitoring

 Atera A cloud-based package of remote monitoring and management tools

that includes automated network monitoring and a network mapping utility.

81 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 37 Atera

82 | P a g e
Pham Van Long – BHAF200011
 2. Why do you need to monitor network?

Network monitoring software can analyze performance in real-time, meaning that if

a failure or issue is detected, you can be immediately alerted via methods such as
email. This rapid relay of information means that you can be informed of network
problems wherever you may be, allowing you to instantly take corrective action and
minimize potential downtime.

In addition, network monitoring software eliminates the need for a physical system
administrator and manual checks. This can save your company both time and
money, meaning that the problem is addressed effectively.

Another major benefit is the reporting generated from network monitoring. These
reports can help you identify patterns and trends in system performance, as well as
demonstrating the need for upgrades or replacements. Performance baselines can
also be easily established.

Finally, network monitoring systems can assist you in being able to identify the
specific areas of your network that are experiencing problems. This means that you
can quickly pinpoint the issue, saving you time and money when it comes to
addressing the problem.

Here are several other reasons why monitoring your networks is so important:

 To optimize network performance and availability

 Stay informed
 Diagnose issues
 Report issues
 Eliminate the need for manual checks
Document shared on www.docsity.com
 Downloaded by: hiep-pham-van ([email protected])
Proactive approach

 Track trends
 Benchmark performance and availability data

83 | P a g e
Pham Van Long – BHAF200011
 3. The benefits of using a network monitoring system for and organization are
next:
3.1. Discovery of Devices
The most aspect of the network monitoring tool is that it can discover the entire
network including the smaller parts with a click button. In the organization network
which is a very large network, it is very difficult to understand what devices or
computers are in the network and what IP addresses are used. Using a network
monitoring system software it is easy to identify all the devices and computers and
all IP address used of the organization and if any unauthorized devices are added to
your organization network you will be alerted.

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 38 Discovery of Devices
3.2. Cost Saving
Number of devices connected in an organization network using the IP enables points
could rising, also devices using wired or wireless are constantly evolving and for a
84 | P a g e
Pham Van Long – BHAF200011
 network administrator it is very important to know what is connected to the
organization

85 | P a g e
Pham Van Long – BHAF200011
 network and if the infrastructure is ready for handle more devices or gadgets to can
keep the cost under control of the evolving time. Network monitoring system
software is providing full equipment to use on the network, and for all the further
member staff that want to join on the organization network to can use all the future
upgrades with a limited cost.

3.3. Indentify security threats

Network monitoring system is design also for purpose of monitoring and help to
find the security risks of the organization network. In these days some malware or
viruses are design once they gained in the system some initially doing anything and
others can perform action that the human eye cannot see. Using network monitoring
system software that observe and monitoring the network traffic of any suspicious
threat, if any unusual issue of the network will alert the problem to can be fixed the

engineers.

Picture 39 Indentify Security threats

Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

D1 Investigate how a trusted network may be part of an IT security solutions

1. Discuss and explain what are trusted network
A trusted network is a network of devices that are connected to each other, open only

86 | P a g e
Pham Van Long – BHAF200011
to authorized users, and allows for only secure data to be transmitted.

87 | P a g e
Pham Van Long – BHAF200011
The trusted network should have the following features:

 Authentication: the network should require users to login so that only

authenticated users are allowed to use the network
 Encryption: the data should be encrypted so that secure data cannot be
intercepted and transmitted to unauthorized users
 Firewall: the computers and servers on the trusted network should include
hardware like a firewall, which is a software program or piece of hardware that
helps screen for security
 Private Network: the computers and servers on the trusted network should be
equipped with software like virtual private network (VPN), which allows for
remote work with secure data transmission

2. Give brief details with an example on how trusted network use.

3. How can it be a solution in IT security

 Picture of the presentation

Document shared on www.docsity.com

Picture 40 Picture of the
Downloadedpresentation
by: hiep-pham-van ([email protected])

88 | P a g e
Pham Van Long – BHAF200011
 Picture 41 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 42 Picture of the presentation

89 | P a g e
Pham Van Long – BHAF200011
 Picture 43 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 44 Picture of the presentation

90 | P a g e
Pham Van Long – BHAF200011
 Picture 45 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 46 Picture of the presentation

91 | P a g e
Pham Van Long – BHAF200011
 Picture 47 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 48 Picture of the presentation

92 | P a g e
Pham Van Long – BHAF200011
 Picture 49 Picture of the presentation

Document shared on www.docsity.com

DownloadedPicture 50 Picture of the
by: hiep-pham-van ([email protected])
presentation

93 | P a g e
Pham Van Long – BHAF200011
 Picture 51 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 52 Picture of the presentation

94 | P a g e
Pham Van Long – BHAF200011
 Picture 53 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 54 Picture of the presentation

95 | P a g e
Pham Van Long – BHAF200011
 Picture 55 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 56 Picture of the presentation

96 | P a g e
Pham Van Long – BHAF200011
 Picture 57 Picture of the presentation

Document shared on www.docsity.com

DownloadedPicture 58 Picture of the
by: hiep-pham-van ([email protected])
presentation

97 | P a g e
Pham Van Long – BHAF200011
 Picture 59 Picture of the presentation

98 | P a g e
Pham Van Long – BHAF200011
 Document shared on www.docsity.com
Downloaded by: hiep-pham-van ([email protected])

Picture 60 Picture of the presentation

99 | P a g e
Pham Van Long – BHAF200011
 Picture 61 Picture of the presentation

Document shared on www.docsity.com

DownloadedPicture 62 Picture of the
by: hiep-pham-van ([email protected])
presentation

100 | P a g
Pham Van Long – BHAF200011 e
 Picture 63 Picture of the presentation

Document shared on www.docsity.com

DownloadedPicture 64 Picture of the
by: hiep-pham-van ([email protected])
presentation

101 | P a g
Pham Van Long – BHAF200011 e
 Picture 65 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 66 Picture of the presentation

102 | P a g
Pham Van Long – BHAF200011 e
 Picture 67 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 68 Picture of the presentation

103 | P a g
Pham Van Long – BHAF200011 e
 Picture 69 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 70 Picture of the presentation

104 | P a g
Pham Van Long – BHAF200011 e
 Picture 71 Picture of the presentation

Document
Downloaded shared on www.docsity.com
by: hiep-pham-van ([email protected])
Picture 72 Picture of the presentation

105 | P a g
Pham Van Long – BHAF200011 e
 Picture 73 Picture of the presentation

Document shared on www.docsity.com

DownloadedPicture 74 Picture of the
by: hiep-pham-van ([email protected])
presentation

106 | P a g
Pham Van Long – BHAF200011 e
 Picture 75 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 76 Picture of the presentation

107 | P a g
Pham Van Long – BHAF200011 e
 Picture 77 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 78 Picture of the presentation

108 | P a g
Pham Van Long – BHAF200011 e
 Picture 79 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 80 Picture of the presentation

109 | P a g
Pham Van Long – BHAF200011 e
 Picture 81 Picture of the presentation

Document shared on www.docsity.com

Downloaded by: hiep-pham-van ([email protected])
Picture 82 Picture of the presentation

110 | P a g
Pham Van Long – BHAF200011 e
REFERENCES

1. THE DATA GUARDIANS. 7 Threat Agents Your Cyber Security Team Should Be
Aware Of[Online] At available: https://www.thedataguardians.co.uk/2019/02/27/7-
threat- agents-your-cybersecurity-team-should-be-aware-of/ [ Accessed November
4th, 2021]

2. Cyber Threat Portal. COMMON TYPES OF SECURITY THREATS TO

ORGANIZATIONS[Online]
At available: https://cyberthreatportal.com/types-of-security-threats-to-organizations/ [
Accessed November 4th, 2021]

3. INFOSEC. 8 ways to improve your organization’s security posture [Online] At available:

https://resources.infosecinstitute.com/topic/8-ways-to-improve-your-organizations-
securityP a g e | 30 Document shared on www.docsity.com Downloaded by: chau-
hung ([email protected]) posture/ [ Accessed November 4th, 2021]

4. TECHTARGET NETWORK. intrusion detection system (IDS) [Online] At

available: https://searchsecurity.techtarget.com/definition/intrusion-detection-system [
Accessed November 4th, 2021]

5. howstuffworks. How Firewalls Work [Online] At available:

https://computer.howstuffworks.com/firewall1.htm [ Accessed November 4th, 2021]

6. Barracuda. What is a DMZ Network?[Online] At available:

https://www.barracuda.com/glossary/dmznetwork [ Accessed November 4th, 2021]

7. PC.How to Set Up a Static IP Address [Online] At available :

https://sea.pcmag.com/news/35583/how-to-set-up-a-static-ip-address [ Accessed
November 4th, 2021]

8. WIKIPEDIA. Document address

Network shared on www.docsity.com
translation [Online] At available:
Downloaded by: hiep-pham-van ([email protected])

https://en.wikipedia.org/wiki/Network_address_translation [ Accessed November 4th,

2021]

111 | P a g
Pham Van Long – BHAF200011 e
9. WIKIPEDIA. Virtual private network [Online] At
available: https://en.wikipedia.org/wiki/Virtual_private_network [ Accessed
November 4th, 2021]

112 | P a g
Pham Van Long – BHAF200011 e
10. Cyber Threat Portal. COMMON TYPES OF SECURITY THREATS TO
ORGANIZATIONS
[Online] At available: https://cyberthreatportal.com/types-of-security-threats-to-
organizations/ [ Accessed 17 Nov.2020]

11. KU. OCTIVE METHOD OF SECURITY ASSESSMENT [Online]

At available:
https://technology.ku.edu/octave-method-security-assessment [ Accessed
November 4th, 2021]

113 | P a g
Pham Van Long – BHAF200011 e