Higher Nationals in Computing

Unit 05: Security

ASSIGNMENT 1

Learner’s name: Tran Quang Hien

ID: GCS210109
Class: GCS1003A
Subject code: 1623
Assessor name: NGUYEN XUAN SAM

Assignment due: Assignment submitted:

 ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Tran Quang Hien Student ID GCS210109

Class GCS1003A Assessor name Nguyen Xuan Sam

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid
P1 P2 P3 P4 M1 M2 D1
 Summative Feedback: Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:

 Assignment Brief 1 (RQF)
Higher National Certificate/Diploma in Computing

Student Name/ID
Tran Quang Hien/GCS210109
Number:
Unit Number and Title: Unit 5: Security
Academic Year: 2021 – 2022
Unit Assessor: Nguyen Xuan Sam
Assignment Title: Security Presentation
Issue Date: April 1st, 2021
Submission Date:
Internal Verifier Name:
Date:

Submission Format:

Format:
● The submission is in the form of an individual written report. This should be written in a
concise, formal business style using single spacing and font size 12. You are required to make
use of headings, paragraphs and subsections as appropriate, and all work must be supported
with research and referenced using the Harvard referencing system. Please also provide a
bibliography using the Harvard referencing system.
Submission

● Students are compulsory to submit the assignment in due date and in a way requested by the
Tutor.
● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/.
● Remember to convert the word file into PDF file before the submission on CMS.
Note:

● The individual Assignment must be your own work, and not copied by or from another
student.
● If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style.
● Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to
comply this requirement will result in a failed assignment.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

Assignment Brief and Guidance:

Assignment scenario
You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called
FPT Information security FIS.
FIS works with medium sized companies in Vietnam, advising and implementing technical solutions
to potential IT security risks. Most customers have outsourced their security concerns due to lacking
the technical expertise in house. As part of your role, your manager Jonson has asked you to create
an engaging presentation to help train junior staff members on the tools and techniques associated
with identifying and assessing IT security risks together with the organizational policies to protect
business critical data and equipment.
Tasks
In addition to your presentation, you should also provide a detailed report containing a technical
review of the topics covered in the presentation.
Your presentation should:
• Identify the security threats FIS secure may face if they have a security breach. Give an
example of a recently publicized security breach and discuss its consequences
• Describe a variety of organizational procedures an organization can set up to reduce the
effects to the business of a security breach.
• Propose a method that FIS can use to prioritize the management of different types of risk
• Discuss three benefits to FIS of implementing network monitoring system giving suitable
reasons.
• Investigate network security, identifying issues with firewalls and IDS incorrect
configuration and show through examples how different techniques can be implemented to
improve network security.
• Investigate a ‘trusted network’ and through an analysis of positive and negative issues
determine how it can be part of a security system used by FIS.
Your detailed report should include a summary of your presentation as well as additional, evaluated
or critically reviewed technical notes on all of the expected topics.

Learning Outcomes and Assessment Criteria (Assignment 1):

Learning Outcome Pass Merit Distinction
LO1 P1 Identify types of M1 Propose a method D1 Investigate how a
security threat to to assess and treat IT ‘trusted network’ may be
organisations. security risks. part of an IT security
Give an example of a solution.
recently publicized
security breach and
discuss its
consequences.

P2 Describe at least 3
organisational security
procedures.
LO2 P3 Identify the M2 Discuss three
potential impact to IT benefits to implement
security of incorrect network monitoring
configuration of systems with
firewall policies and supporting reasons.
IDS.

P4 Show, using an
example for each, how
implementing a DMZ,
static IP and NAT in a
network can improve
Network Security.
 Table of Contents
1. Identify types of security threats to organizations. Give an example of a recently publicized security
breach and discuss its consequences (P1) .................................................................................................. 1
1.1 Define threats .............................................................................................................................................. 1
1.2 Identify threats agents to organizations ........................................................................................................ 1
1.2.1 Nation States ....................................................................................................................................................................... 1
1.2.3 Employees and Contractors ................................................................................................................................................ 2
1.2.4 Terrorists and Hacktivists .................................................................................................................................................... 2
1.2.5 Organized crime (local, national, transnational, specialist) ................................................................................................ 2
1.2.6 Natural disasters (fire, flood, earthquake, volcano) ........................................................................................................... 2
1.2.7 Corporates (competitors, partners) .................................................................................................................................... 2
1.3 List the type of threats that organizations will face........................................................................................ 3
1.3.1 Human errors and mistakes ................................................................................................................................................ 3
1.3.2 Malicious human activity .................................................................................................................................................... 3
1.3.2.1 APT (Advanced Persistent Threats) ............................................................................................................................. 3
1.3.2.2 Distributed Denial of Service (DDoS) ........................................................................................................................... 4
1.3.2.3 Ransomware................................................................................................................................................................ 4
1.3.2.4 Phishing ....................................................................................................................................................................... 5
1.3.2.5 Worms ......................................................................................................................................................................... 5
1.3.2.6 Botnet .......................................................................................................................................................................... 6
1.3.2.7 Cryptojacking ............................................................................................................................................................... 6
1.3.3 Natural events and disasters ............................................................................................................................................... 7
1.4 What are the recent security breaches? List and give examples with dates .................................................... 7
1.4.1 Security Breaches Definition ............................................................................................................................................... 7
1.4.2 Recent security breaches, list and give examples with dates ............................................................................................. 7
1.4.2.1 Sina Weibo (March 2020) ............................................................................................................................................ 7
1.4.2.2 Nintendo (April 2020) .................................................................................................................................................. 7
1.4.2.3 Zoom (April 2020)........................................................................................................................................................ 8
1.4.2.4 LinkedIn (June 2021) ................................................................................................................................................... 8
1.4.2.6 Kaseya Ransomware Attack (July 2021) ...................................................................................................................... 8
1.4.2.7 Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August 2021) ..................... 8
1.4.2.8 Crypto.com (January 2022) ......................................................................................................................................... 9
1.4.2.9 Microsoft breached by Lapsus$ hacker group (March 2022) ...................................................................................... 9
1.4.3 The consequences of those breaches ................................................................................................................................. 9
1.4.4 Suggest solutions to organizations ..................................................................................................................................... 9

2. Describe at least 3 organizational security procedures (P2) .................................................................. 10

2.1 Definition ................................................................................................................................................... 10
2.2 Discussion on Incidence response policy ..................................................................................................... 11
2.2.1 Incidents Phases ................................................................................................................................................................ 11
2.2.2 Elements of an incident response policy .......................................................................................................................... 11
2.3 Discussion on Acceptable use policy............................................................................................................ 12
2.3.1 General use and ownership .............................................................................................................................................. 12
2.3.2 Security and proprietary information ............................................................................................................................... 12
2.4 Discussion on Remote access policy ............................................................................................................ 13
2.4.1 Define ................................................................................................................................................................................ 13
2.4.2 General .............................................................................................................................................................................. 13
 2.4.3 Requirements .................................................................................................................................................................... 13

3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) .. 13
3.1 Firewall ...................................................................................................................................................... 13
3.1.1 Definition .......................................................................................................................................................................... 13
3.1.2 Types of firewalls .............................................................................................................................................................. 14
3.1.3 Firewall policies ................................................................................................................................................................. 14
3.1.4 Firewall usage ................................................................................................................................................................... 14
3.1.5 Advantages of firewall ...................................................................................................................................................... 15
3.1.6 How does a firewall provide security to a network? ........................................................................................................ 15
3.2 IDS ............................................................................................................................................................. 16
3.2.1 Definition .......................................................................................................................................................................... 16
3.2.2 IDS usage ........................................................................................................................................................................... 16
3.2.3 How does IDS work? ......................................................................................................................................................... 16
3.2.4 The potential impact (threat-Risk) of a firewall and IDS if they are incorrectly configured in a network ........................ 17

4. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security (P4) ................................................................................................................ 17
4.1 DMZ ........................................................................................................................................................... 17
4.1.1 Definition .......................................................................................................................................................................... 17
4.1.2 How does DMZ work? ....................................................................................................................................................... 18
4.1.3 Advantages of DMZ ........................................................................................................................................................... 18
4.1.4 Service of DMZ .................................................................................................................................................................. 18
4.1.5 Advantage DMZ network .................................................................................................................................................. 19
4.2 Static IP ...................................................................................................................................................... 19
4.2.1 Definition .......................................................................................................................................................................... 19
4.2.2 How does static IP work? .................................................................................................................................................. 19
4.2.3 Advantage of static IP ....................................................................................................................................................... 20
4.3 NAT............................................................................................................................................................ 20
4.3.1 Definition .......................................................................................................................................................................... 20
4.3.2 How does NAT work .......................................................................................................................................................... 20
4.3.3 Types of NAT ..................................................................................................................................................................... 21
4.3.4 Advantage of NAT ............................................................................................................................................................. 21

Conclusion .............................................................................................................................................. 21
REFERENCES ........................................................................................................................................... 23
 ASSIGNMENT 1 ANSWERS
Introduction
In today's data-driven and internationally interconnected culture, data routinely moves freely between
individuals, groups, and businesses. Cybercriminals are fully aware that data has significant value. Because
cybercrime is continuing to develop, there is a growing need for security experts to protect and defend a
business from attack. This report will go over some fundamentally fundamental theories of security, such as
identifying different kinds of security threats to organizations, organizational security procedures, Firewall
policies, IDS, DMZ, static IP, and NAT in a network. This will aid me in my quest to gain a deeper
understanding of this subject. Discuss the importance of team dynamics in the success and/or failure of group
work.
1. Identify types of security threats to organizations. Give an example of a recently publicized security
breach and discuss its consequences (P1)
1.1 Define threats
Information security threats include things like software attacks, intellectual property theft, identity theft,
equipment or data theft, sabotage, and information extortion.
Threats include everything that has the potential to breach security, alter, destroy, or harm a particular item or
object of interest. We'll define a threat in this assignment as a prospective hacker attack that gives someone
access to a computer system without authorization.

Figure 1: Security Threats

(Source: https://www.theamegroup.com/network-security-threats/)
1.2 Identify threats agents to organizations
1.2.1 Nation States
Companies in particular sectors, such as telecommunications, oil and gas, mining, power generation, national
infrastructure, and so forth, may become targets for other nations, either to stymie activities right now or to
provide that nation a foothold in the future in times of crisis.
1.2.2 Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors, and Viruses
perpetrated by vandals and the general public)
Companies have repeatedly assured me that they won't be a target for hackers because... However, any

P ag e |1
organization can become a victim because there are so many random assaults that happen every day (it would
be impossible to provide accurate statistics here).
The most well-known instance of a non-target-specific attack is the WannaCry ransomware attack, which
affected over 200,000 machines across 150 countries. In the United Kingdom, it led to a lengthy closure of the
NHS. Of then, there are the idle teenagers browsing the internet for weak links in their local lofts.
1.2.3 Employees and Contractors
Organizations have repeatedly assured me that they won't be hacked due to... However, any organization can
suffer a victim due to the high number of random assaults that take place every day (it is impossible to provide
accurate statistics here).
The most well-known instance of a non-target-specific attack is the WannaCry ransomware attack, which
affected over 200,000 computers in 150 countries. It led to a lengthy closure of the NHS in the United Kingdom.
Undoubtedly, there are the idle teenagers online seeking for weak links when they are in a loft somewhere.
1.2.4 Terrorists and Hacktivists
(political parties, media, enthusiasts, activists, vandals, general public, extremists, religious followers) The
degree of harm presented by these actors depend on your activities, much like the threat posed by nation-states.
However, some terrorists pick particular industries or countries as their targets, so you can live in continual fear
of a random attack.
The most notable instance of this was probably the Wikileaks releases of diplomatic cables and other documents
related to the wars in Afghanistan and Iraq in 2010.
1.2.5 Organized crime (local, national, transnational, specialist)
Criminals are after personal information for a number of reasons, such as bank account fraud, identity theft,
and credit card fraud. These crimes are currently committed in great numbers. The techniques used might range
from phishing scams to "Watering Hole" websites, but the end result is always the same: your information and
you are being gathered and used for nefarious ends.
Identity fraud instances increased in 2017, with roughly 175,000 cases reported, according to the 2018
Fraudscape report from the Credit Industry Fraud Avoidance Society (Cifas). With 95% of these cases including
the impersonation of an innocent victim, despite the fact that this is only a 1% increase from 2016, it is a 1250%
increase from a decade earlier.
1.2.6 Natural disasters (fire, flood, earthquake, volcano)
Even if it's not cyberattacks, these incidents can still negatively affect your ability to conduct business.
You're still dealing with a data disaster, which needs to be taken into account if you can't access your offices,
data centers, or cloud-based information. Although there is very little chance that an earthquake will occur in
the UK, every year we see pictures of towns or cities underwater.
1.2.7 Corporates (competitors, partners)
Despite the obvious concern that a competitor will steal your intellectual property, we are working more closely
with a variety of partners to fill in skills and resource gaps as well as to provide services. These partner
companies might mistakenly or purposefully steal or expose your intellectual property or personal data,
depending on their goals.
Perhaps the finest illustration of how partner organizations could be the cause of a breach is the attack on the
US retailer Target in 2013. The hackers specifically targeted (excuse the pun!) suppliers before finding a weak
spot with HVAC provider Fazio Mechanical. The hackers tricked a Fazio employee into opening a phishing
email that gave them access to Target's point-of-sale systems. During the 2013 holiday shopping season, this
gave them access to up to 40 million credit and debit cards from clients who visited its stores. More than $200
million has been spent on this by Target.

P ag e |2
1.3 List the type of threats that organizations will face
There are three main sources of threats:
1.3.1 Human errors and mistakes
- Accidental problems
- Poorly written programs
- Poorly designed procedures
- Physical accidents
- User-destructing systems, applications, and data
- User violating security policy
- Disgruntled employees waging war on the company or causing a -sabotage
- Employee extortion or blackmail
1.3.2 Malicious human activity
1.3.2.1 APT (Advanced Persistent Threats)

Figure 2: The ways an APT attack works

(Source: https://rthreat.net/resources-how-apt-works/)
Cybercriminals that employ Advanced Persistent Threats (APTs) try to play the long game when they hack a
company. They hunt for access and exit points that will let them remain undetected as they infiltrate a computer
network quietly and in close synchronization. Once within an enterprise, they probe, install specialized
malicious applications and collect sensitive and important data.
An Advanced Persistent Threat typically passes through the following five progressions to increase its damage:
- Grip Strengthening: The ability of an Advanced Persistent Threat to get a foothold inside an organization is
its strength. Phishing, trojan horses, and malware are utilized by APT attackers to obtain access to the system.
- System Invasion: Once APT attackers have complete freedom of movement, they will start attacking the
system by gaining administrator access and cracking passwords left and right.
- Lateral Movement: Enterprises have become the playground for hackers.
- Deep Machinations: During this stage, the APT attackers completely manage the organization, erase all traces
of their intrusion, and construct a reliable backdoor for future use.
- To undermine the cybersecurity of a company, they use cutting-edge technology like malware and computer
infiltration techniques. These cybercriminals are ruthless, preferring to access a target organization covertly
and wreak harm.

P ag e |3
1.3.2.2 Distributed Denial of Service (DDoS)

Figure 3: The ways a DDoS attack work

(Source: https://www.thesslstore.com/blog/what-is-a-ddos-attack/)
The main goal of fraudsters using distributed denial of service, or DDOS, is to take down a website. In essence,
they flood a target network with fictitious requests to overwhelm the system and make it crash. Legitimate users
or clients won't be able to visit the website because it will be down. DDoS can cause considerable productivity
losses as a result of these unnecessary interruptions.
A Distributed Denial-of-Service attack cannot be defended against because it originates from multiple sources.
Think of a restaurant where a raucous crowd gathers at the entrance to cause a commotion.
1.3.2.3 Ransomware

Figure 4: The ways a Ransomware attack work

(Source: https://www.researchgate.net/figure/How-ransomware-works-Source-Author_fig4_361925399)
Once they have gained access to your network, hackers can use ransomware, a form of virus from the
cryptovirology field, to perfectly execute and encrypt data. They steal important corporate information or
private customer information before threatening to compromise it unless the intended target organization pays
a ransom.
Ransomware has developed into a well-liked method of demanding money from companies over time.
Digital attackers turn the crucial data they find inside a network intrusion into a weapon. The basic method for
luring employees into the company is to give an innocent attachment or link.

P ag e |4
1.3.2.4 Phishing

Figure 5: The ways a Phishing attack work

(Source: https://www.esferize.com/en/what-is-phishing-how-does-it-work-and-how-to-protect-yourself/)
One of the most popular ways for hackers to access a system is through phishing. Through it, one can access
more complex security issues like Distributed Denial of Service (DDoS) and ransomware (DDoS).
The main tactic of phishing is deceit. Attackers design email campaigns that appear to be from a reliable source.
Without realizing it, clicking on these URLs or attachments might infect a machine and its network.
Hackers frequently impersonate top employees or client organizations. They can pretend to be a bank request
or a business transaction that the victim employee would anticipate. The sophistication of phishing and its
ability to monitor its targets into communicating realistically influence its effectiveness.
1.3.2.5 Worms

Figure 6: The ways a Phishing attack work

(Source: https://vpnoverview.com/internet-safety/malware/computer-worms/)
Worms are malware that spreads itself, especially when it has contacted a computer network.
They look for network flaws to increase and strengthen their presence and impact.

P ag e |5
1.3.2.6 Botnet

Figure 7: The ways a Bonet attack works

(Source: https://www.spiceworks.com/it-security/network-security/articles/what-is-botnet/)
The phrases "robot" and "network" are combined to get the term "botnet." It is a collective word for personal
computers infected with malware, leaving them open to remote hacking by hackers without the knowledge of
the business.
This level of precise control and comprehension of target networks is required for the dissemination of spam,
the execution of DDoS attacks, and data theft. Botnets are hackers' multipliers for breaking into the intricate
systems of their target companies. The ability of botnet architecture to avoid detection has considerably
improved. Its apps pose as clients in order to connect to active servers. Peer-to-peer networks are then used by
cybercriminals to remotely manage these botnets.
1.3.2.7 Cryptojacking

Figure 8: The ways a Cryptojacking attack works

(Source: https://www.enisa.europa.eu/publications/info-notes/cryptojacking-cryptomining-in-the-browser)

P ag e |6
The hottest trend right now is cryptocurrencies. To produce more money naturally, mining is a necessary
strategy. Cybercriminals have infected and taken control of more slave workstations that will be used to mine
bitcoins via phishing techniques.
Cryptojacking can make computers slower because targets aren't aware that their resources are being exploited
to mine cryptocurrency.
1.3.3 Natural events and disasters
Natural disasters including avalanches, earthquakes, tsunamis, hurricanes, and fires. Losses originating from
efforts taken to recover from the first problem as well as losses resulting from those actions are included in this
category of danger.
1.4 What are the recent security breaches? List and give examples with dates
1.4.1 Security Breaches Definition
A successful effort by an attacker to obtain unauthorized access to an organization's computer systems is
referred to as a security breach. Theft of sensitive data, corruption or sabotage of data or IT systems, or acts
meant to deface websites or harm reputation are all examples of breaches.

Figure 9: The ways a Cryptojacking attack works

(Source: https://www.trendmicro.com/vinfo/us/security/definition/data-breach)
1.4.2 Recent security breaches, list and give examples with dates
1.4.2.1 Sina Weibo (March 2020)
One of China's most well-known social media platforms is Sina Weibo, which has more than 600 million users.
In March 2020, the company discovered that a hacker had accessed a piece of its database, exposing 538 million
Weibo users' personal information, including real names, site usernames, gender, locations, and phone numbers.
The attacker allegedly paid $250 for the database to be sold on the dark web.
China's Ministry of Industry and Information Technology (MIIT) has requested that Weibo enhance its data
security protocols in order to better protect user data and notify users and authorities when data security
breaches occur. In a statement, Sina Weibo said that no passwords were gained, but that an attacker used an
application intended to help users identify their friends' Weibo accounts by supplying their phone numbers to
collect publicly available information. However, it acknowledged that the exposed information might be used
to link accounts to passwords if passwords are reused on other accounts. The company said that it has
strengthened its security procedures and alerted the appropriate authorities to the problem.
1.4.2.2 Nintendo (April 2020)
Nintendo said in April 2020 that a rumored credential-stuffing hack had compromised 160,000 accounts.
Hackers were able to purchase digital items using saved cards and view private information such as name, email
address, date of birth, gender, and country by gaining access to user accounts using previously exposed user
IDs and passwords.

P ag e |7
Following an investigation into the incident, the gaming behemoth revealed that they think an additional
140,000 accounts were taken, bringing the total number of compromised accounts to 300,000. Users are
cautioned not to use the same password for various accounts and services, and all impacted clients have had
their passwords changed.
1.4.2.3 Zoom (April 2020)
When staff was settling into their new working-from-home environment at the beginning of April, it was
revealed that the virtual conference tool Zoom had suffered a humiliating security breach, exposing the login
data of over 500,000 users.
Hackers appear to have gotten access to the accounts by exploiting username and password combinations stolen
in prior data breaches in yet another credential assault. The information was subsequently sold for as low as 1p
on dark web hacker forums.
Login credentials, email addresses, personal meeting URLs, and Host Keys were among the information stolen.
Criminals were able to log in and attend meetings or use the information for other nefarious reasons, as a result
of this.
1.4.2.4 LinkedIn (June 2021)
More than 90% of the user base of the corporation was impacted by the June 2021 leak on a dark website of
data associated with 700 million LinkedIn members. A hacker going under the handle "God User" used data
scraping methods to take advantage of the site's (and other websites') API before publishing the initial data set,
which contained information on around 500 million users. After that, they made a claim about selling the whole
700 million-person customer database.
1.4.2.5 Audi and Volkswagen (June 2021)
In June 2021, Volkswagen said that 3.3 million Audi customers' data, including past and future transactions,
had been made online accessible to the general public. The data cache, which was collected between 2014 and
2019, contained names, phone numbers, email addresses, and specific vehicle-related information.
Additional sensitive information was obtained, and about 90,000 people were affected. Dates of birth and Social
Security numbers could be included.
The company claims that between August 2019 and May 2021, the data was available at some time. The
company is still investigating the incident in an effort to pinpoint a certain timing.
1.4.2.6 Kaseya Ransomware Attack (July 2021)
A big attack on Kaseya's unified remote monitoring and network perimeter security product occurred in July
2021, according to the IT solutions provider. The administration of Kaseya services was taken over by a supply
chain ransomware attack that targeted managed service providers and their downstream clients.
According to ZDNet, the attack interrupted Kaseya's SaaS servers and had an effect on the on-premise VSA
solutions used by Kaseya clients in ten different countries. In a timely manner, Kaseya informed its customers
about the event. Business users can evaluate their VSA services and manage endpoints for signs of
vulnerabilities thanks to the corporation's release of the Kaseya VSA detection tool.
1.4.2.7 Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August
2021)
In August 2021, Wiz security specialists were able to obtain access to Microsoft Azure account credentials and
client databases thanks to a Cosmos DB vulnerability. Because of the flaws, people were able to access
databases that weren't their own. Numerous Fortune 500 companies were among the many types of firms that
were affected by the issue.
It's unclear if anyone else had access to the information outside the security professionals. On the other hand,
whoever did gain access to the systems would have had full access to download, delete, and edit records.

P ag e |8
1.4.2.8 Crypto.com (January 2022)
Peckshield Security claims that 4,600 ETH, or about $15 million, were stolen from Crypto.com. Yesterday,
users started to notice suspicious activity in their accounts. Crypto.com promptly intervened to halt
withdrawals, but not before the thieves stole the stolen Ethereum. Insinuating that the hack happened on the
company's hot wallets, Crypto.com asserts that no user funds were taken. However, this does not explain why
customers were the first to detect suspicious activity in their accounts.
Following a short period of time, Crypto.com acknowledged that certain users had experienced "unauthorized
activity" in their accounts, but added that "all funds are protected," which doesn't explain why some users'
accounts had lost ETH.
1.4.2.9 Microsoft breached by Lapsus$ hacker group (March 2022)
On March 20, 2022, the hacker group Lapsus$ uploaded a screenshot to their Telegram channel, claiming to
have compromised Microsoft. The screenshot, which was taken using the Microsoft collaboration platform
Azure DevOps, showed that Bing, Cortana, and other Microsoft-related projects had been compromised.
On March 22, Microsoft released a statement in which it acknowledged the attacks. Microsoft claims that only
one account was taken over and that the company's security team was able to stop the attack before Lapsus$
could infiltrate their operations further.
1.4.3 The consequences of those breaches
Sina Weibo: impacting the personal data of 538 million Weibo users, including their real names, site
usernames, gender, locations, and phone numbers.
Nintendo: Approximately 300,000 accounts were impacted and 160,000 accounts were thought to have been
compromised in a credential-stuffing attempt.
Zoom: It was discovered that a humiliating security flaw had exposed the login information of over 500,000
users of the virtual conferencing application Zoom., and the information of those users was sold on dark web
forums.
LinkedIn: On the black web, a consumer database with 700 million users was bought and distributed without
charge.
Audi Database: The personal information of 3.3 million Audi customers, including their past and future
purchases, was posted online and was accessible to anybody. There was a negative impact on about 90,000
people, and more sensitive data was stolen.
Kaseya: The administration of Kaseya services was taken over by a supply chain ransomware attack that
targeted managed service providers and their downstream clients.
Microsoft Azure: A variety of enterprises, including many Fortune 500 companies, were affected by the issue.
Crypto.com: A hack resulted in 4,600 ETH being transferred to shady wallets, worth about $15 million.
Microsoft: Microsoft's Bing, Cortana, and other applications had been compromised.
1.4.4 Suggest solutions to organizations
Whether your firm has experienced a breach or you just want to develop a strong response capability, we can
quickly deploy a highly skilled and experienced cyber security team as well as our cutting-edge technologies.
Work to increase visibility, resolve issues, and put prevention measures in place.
Define, find, counter, and stop, There are four crucial criteria solutions for effective breach management. Define
Businesses must develop a comprehensive strategy and security lifecycle in order to identify threats and counter
them. Planning, risk analysis, policy development, and controls should all be taken into consideration. The level
of resilience required to withstand a planned attack may be considerably increased by having a robust business
and technical architecture.

P ag e |9
- Define: Organizations must develop a comprehensive strategy and security lifecycle in order to recognize
risks and counter them. Planning, risk analysis, policy development, and controls should all be taken into
consideration. The level of resilience required to withstand a planned attack may be considerably increased by
having a robust business and technical architecture. Businesses can be confident that they are as secure as
feasible in the case of a compromise by integrating security into this architecture.

- Detect: If an attack is discovered quickly, its damage can be reduced. When an organization has a clear and
defined plan, it needs to be able to monitor and recognize potential activities. Understanding the volumes, types,
and performance of the baseline environment is necessary to determine the types of attacks, attack locations,
and attack vectors used. You'll need a mix of people, processes, and technology to create a system for gathering
situational awareness and actionable security intelligence that can help you get ready for quick alerts of attacks.

- Defend: Although there are no foolproof methods for preventing assaults, it is advised that preparations be
made to secure the organization's vital services and data. As part of your defense strategy, you should eliminate
the threat, seal the weakness, and manage the effect. A powerful strategy is a tiered defense that enables you to
identify a breach earlier, respond faster, mitigate the impact of the incident, and reduce ongoing exposure. Costs
are decreased as a result, control is improved, and risk exposure is gradually decreased.

- Deter: By working together and exchanging security intelligence, organizations can recognize and counter a
range of attack strategies and sources. Since there are efficient procedures in place for documenting, reporting,
and auditing security breaches, there is support for taking legal action against intruders.
2. Describe at least 3 organizational security procedures (P2)
2.1 Definition
To perform a certain security task or function, a set of steps known as a security process must be followed. In
order to accomplish a specific goal, a series of actions that can be repeated consistently is sometimes created
into a procedure. Once established, security procedures provide an organization with a set of specific steps for
carrying out its security-related tasks, making training, process auditing, and process improvement easier.
Procedures provide as the foundation for developing the uniformity necessary to decrease variation in security
procedures, hence increasing security control inside the firm. Reducing variance is a great way to improve
performance, cut waste, and raise quality in the security industry.

Figure 10: Security Procedures

(Source: https://linfordco.com/blog/security-procedures/)

P a g e | 10
2.2 Discussion on Incidence response policy
Incident Response (IR) Procedure: To guarantee that the is ready to respond to cyber security incidents, secure
State systems and data, and prevent the disruption of government services, provide the appropriate procedures
for incident management, reporting, and monitoring as well as incident response training, testing, and support.
Information on this kind of policy often covers:
(i) The organization's incident response team;
(ii) Roles played by each team member;
(iii) The people responsible for testing the policy;
(iv) How to implement the policy;
(v) The technological techniques, equipment, and sources that will be employed to locate and restore
compromised data.
2.2.1 Incidents Phases
Preparation phase: This refers to the process through which system users and the IT experts in charge of it
are instructed and made ready to respond to security issues. Along with identifying potential incident-related
tools and resources, this phase should also adopt preventative measures including conducting regular risk
assessments and increasing user awareness.
Identification phase: Determining the existence and location of a security incident as well as the seriousness
and importance of the detected issue. During this phase, (i) identifying incidents that use common attack vectors
(such as e-mail, removable media, and the Internet) are identified; (ii) recognizing incidental signs; (iii)
determining which precursors can be detected; (iv) using file integrity checking for the initial analysis and
validation; (v) implementing packet sniffers; (vi) filtering data, and (vii) evidence preservation.
Containment phase: Instructions on how to segregate systems that have been impacted by the assault to
minimize future damage to other systems.
Eradication phase: identifying the occurrence's cause and uninstalling the affected systems.
Recovery phase: restoring damaged systems to their normal operational environment.
Post-incident phase: capturing the entire incident, conducting a thorough investigation, identifying the cause
of the incident, estimating related costs, and developing a plan to stop such incidents in the future.
2.2.2 Elements of an incident response policy
Identification of an incident response team
- There are two different kinds of incident response teams: distributed and centralized. Large businesses are
more inclined to utilize the second kind because it enables them to successfully coordinate personnel in settings
with different cultural, linguistic, and legal contexts, whereas small organizations are more likely to use the
first form.
- Depending on the type of occurrence, incident response teams may be entirely comprised of corporate
employees or may be partially or entirely outsourced. The business must also confirm that the members are
properly trained to carry out their duties and obligations, in addition to being specifically mentioned in the
agreement.
Information about the system: The policy should include information about the system's characteristics,
including network and data flow diagrams, hardware inventories, and logging data.
Incident handling and reporting procedures: Determining how to handle and report an event should be
covered in another crucial area of the policy (suspected or occurred). Along with instructions on how to report
an incident, such procedures should specify what circumstances will result in reaction measures . The rules
should specify, for instance, whether the organization would respond to a potential attack or whether the assault

P a g e | 11
would have to be successful in order to initiate response actions.
“Lessons Learned”: An important but occasionally disregarded component of an incident response policy is
the "Lessons Learned" section. A "Lessons Learned" initiative like this one, which involves a meeting and a
discussion among all stakeholders, could be a helpful tool for boosting security measures within the company
and the incident response procedure itself.
Reporting to outside parties: An incident response policy may include deadlines and methods for reporting
to third parties, including IT staff, security analysts, data protection or law enforcement agencies, the media,
impacted outside parties, and software providers. In some places, reporting incidents may be required by law.
2.3 Discussion on Acceptable use policy
Acceptable Use Policy(AUP): Employee access to organizational IT resources is subject to the conditions and
guidelines set forth in the AUP. It is a standard onboarding procedure for new workers. They must read and
agree to the AUP before being given a network ID. It is advised that a company's IT, security, legal, and HR
departments take this policy's provisions into account.
2.3.1 General use and ownership
Any data generated or kept on systems owned or operated by the organization is covered by this policy.
Before being electronically sent, all data, including non-public personal information, must be encrypted.
In all other situations, sensitive information, including non-public personal information, shall be encrypted in
accordance with the Information Sensitivity Procedures.
For the purposes of this policy, any information and data stored on an organization's systems and networks are
regarded as belonging to the organization.
Any information, including data files, emails, and information stored on company-issued computers or other
electronic devices, may be monitored or audited by the organization for any reason, at any time, with or without
notice, in order to test and monitor compliance with these security procedures.
All sensitive information must be kept confidential and should not be shared or made available to anyone
without proper authorization. The inquiry shall be the exclusive and exclusive use of sensitive data. It may not
be utilized for any other reason than the management of the receivership.
2.3.2 Security and proprietary information
Sensitive information should not be posted on the company's official website.
In accordance with the organization's information sensitivity policies, information on the systems of the
organization, including both public and private websites, should be designated as either sensitive or public.
Passwords should never be disclosed to anyone else and should be kept private. Authorized users are in charge
of maintaining the security of their passwords and accounts.
The organization's systems usage policy should require that passwords at the user level be changed at least once
every six months. User-level accounts may include, but are not restricted to:
- Email
- Web
- Social
- Media
- Use of application accounts to access private data
Authorized users should use extreme caution when opening email attachments as they could include Trojan
horse malware, viruses, or e-mail bombs accidentally or on deliberately. All users need to learn how to spot
potential risks.

P a g e | 12
2.4 Discussion on Remote access policy
2.4.1 Define
The acceptable methods of connecting to an organization's internal networks from a distance are discussed and
laid forth in the remote access policy, which is a document. I've also seen amendments to this policy that contain
guidelines for using BYOD assets. This strategy is necessary for businesses with dispersed networks that may
reach unprotected network places like the local coffee shop or unmanaged home networks.
2.4.2 General
Employees, contractors, suppliers, and anyone else with access to the organization network must all sign
agreements promising to keep all access codes and processes private and not to share them with anybody.
Employees, independent contractors, vendors, and other parties with access rights to an organization's network
must ensure that their access connections are subject to security controls that are essentially equivalent to those
used by organizations.
2.4.3 Requirements
Only those employees who have been given permission by the information security officer should have access
to secure remote access, which must be strictly managed. To establish authorized access, either one-time
password authentication or public/private keys with strong passwords must be utilized.
Authorized users are forbidden from disclosing their login information to third parties and from writing it down
or keeping a record of it.
Authorized users are only permitted to access the network using tools provided by the Organization, unless the
information security officer grants them permission to do otherwise.
Remote connections must adhere to minimum authentication standards like CHAP or DLCI, which must be
ensured by authorized users.
Any remote computer linked to the organization's internal networks must be running antivirus software with
the most updated virus definitions, and authorized users are in charge of making sure this is the case.
3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)
3.1 Firewall
3.1.1 Definition
A firewall is a network security tool that controls and analyzes incoming and outgoing network traffic in
accordance with organizationally established security standards. The simplest definition of a firewall is a
physical barrier that divides a private internal network from the public Internet. Allowing non-threatening
traffic in while blocking destructive traffic is the firewall's main objective.

Figure 11: Firewall

(Source: https://geekflare.com/firewall-introduction/)

P a g e | 13
3.1.2 Types of firewalls
Packet filtering: The requirements of the filter check and deliver a small amount of data.
Proxy service: A network security system secures while filtering communications at the application layer.
Stateful inspection: To determine which network packets to allow through the Firewall, dynamic packet
filtering keeps track of active connections.
Next-Generation Firewall (NGFW): A firewall that does deep packet inspection and application-level
inspection.
3.1.3 Firewall policies
Both software and hardware appliances are available for firewalls. In addition to protecting the internal network,
they are a part of, many hardware-based firewalls also act as DHCP servers. Several desktop operating systems
for personal computers come with software-based firewalls to protect against threats from the public Internet.
Many routers that transfer data between networks have firewall components, and many firewalls may also carry
out simple, everyday tasks.
3.1.4 Firewall usage
Prevents the passage of unwanted content
Inappropriate or unwanted stuff does not exist online. Such bad content can easily enter the system if there isn't
a strong firewall in place. A firewall will be present in the majority of operating systems, successfully shielding
users from undesired and hazardous internet information.
Prevents unauthorized remote access
Today's world is full of unethical hackers that are always striving to gain access to vulnerable systems.
Uninformed users are unaware of who has access to their computers.
A strong firewall is necessary to protect your data, transactions, and other sensitive information because leaking
private data and information may be extremely costly and unsuccessful for enterprises.
Prevents indecent content
People, especially adolescents and children, have been exposed to immoral material because to the internet's
extensive network. The harmful nexus of this stuff has been expanding quickly. Any exposure to obscene
material can be harmful to developing minds and result in odd and immoral behavior.
Guarantees security based on protocol and IP address
Hardware firewalls work well for examining traffic patterns depending on a particular protocol. A record of
every activity associated with a connection is stored when it is established, aiding in system security.
Network Address Translation (NAT) is a kind of firewall that successfully protects computers from attacks that
originate from outside their network. Because their IP address is only accessible within their network, these
devices are autonomous and safe.
Protects seamless operations in enterprises
In the commercial world of today, enterprise software and systems have become more and more crucial. Thanks
to decentralized distribution systems and data access across the entire geographical presence, authorized
stakeholders can use and work on the data for efficient business operations.
Any system in the network's network can be used by a user to log into his system. Given the vast network
system and volume of data.
Protects conversations and coordination contents
Companies in the service industry are required to maintain constant contact with external clients. As part of
numerous efforts, they regularly exchange pertinent information with the internal teams and the customer

P a g e | 14
teams.
No company can afford the cost of such important information being leaked; almost all of the content produced
by these coordinating operations is confidential and must be carefully protected.
Prevents destructive content from online videos and games
Various websites allow users to watch movies, and some even let them download games or films. Similar to
this, you may play and download games from a ton of websites. Few websites, with the exception of a few
well-known ones, promise access security. In addition, malicious software and viruses are typically constantly
trying to infect the user's computer. A firewall is necessary in the system because it shields the user's computer
from virus attacks caused by online games or movies.
3.1.5 Advantages of firewall
- Firewall protects against remote access and hackers.
- It protects the privacy of data.
- Strengthened network monitoring and security capabilities.
- It increases your security and privacy.
- Contribute to the dependability of the VOIP phone.
- It protects against Trojans.
- Permit the implementation of more sophisticated network capabilities.
- A network-based firewall, such as a router, may protect numerous computers as opposed to an OS-based
firewall, which can only protect a single PC.
3.1.6 How does a firewall provide security to a network?
Firewalls filter network traffic on a private network. Based on a set of rules, it decides which kinds of traffic
should be allowed or prohibited. Think of the firewall as a gatekeeper at the computer's entryway, allowing
only reliable IP addresses or sources to connect to the network.
A firewall only allows incoming traffic that has been specified to be accepted. It can distinguish between
genuine and malicious traffic and decide whether to allow or reject specific data packets depending on pre-
established security standards.
These requirements are based on a variety of packet data elements, including the source, destination, and
content, among others. They censor traffic from questionable sources in order to prevent cyberattacks.
The illustration below, for instance, shows how a firewall enables good traffic to pass through to a user's private
network.

Figure 12: How a firewall enables good traffic to pass from entering the private network
(Source: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewall)
On the other hand, the firewall in the example below shields the user's network against a cyberattack by
preventing malicious traffic from entering the private network.

P a g e | 15
 Figure 13: How a firewall blocks malicious traffic from entering the private network
(Source: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewall)
A firewall can quickly assess unusual activity to find malware and other threats in this way.
A variety of firewall types are deployed at various network levels to read data packets.
3.2 IDS
3.2.1 Definition
An intrusion detection system (IDS) is a network traffic monitoring tool that looks for abnormal activity and
alerts users when it is discovered.
While the fundamental responsibilities of an IDS are anomaly detection and reporting, some intrusion detection
systems may also take action when malicious conduct or aberrant traffic is found, such blocking traffic coming
from dubious IP addresses.
The difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS) is that
the former analyzes network packets for potentially harmful network activity, similar to an IDS, while the latter
concentrates on preventing attacks rather than identifying and documenting them.
3.2.2 IDS usage
Additional security measures aimed at preventing, detecting, or recovering from attacks; keeping an eye on the
operation of routers, firewalls, key management servers, and files necessary for other security measures;
Giving administrators the ability to modify, monitor, and comprehend pertinent OS audit trails and other logs
that would otherwise be hard to follow or analyze;
Including a sizable attack signature database with which to compare data from the system; providing an intuitive
user interface so that non-expert staff members can assist with system security management;
The IDS creates an alarm and notifies the user that security has been compromised when it discovers that data
files have been altered; attackers are either blocked or the server is blocked.
3.2.3 How does IDS work?
In order to stop hackers before they cause significant harm, intrusion detection systems are employed to spot
abnormalities in the network. There is a chance for both host-based and network-based IDSes. A network-based
intrusion detection system is present on the network, whereas the client computer has a host-based intrusion
detection system.

P a g e | 16
 Figure 14: How IDS work
(Source: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewall)
Assaults are discovered by intrusion detection systems by scanning for indicators of prior intrusions or
abnormalities from normal activity. The protocol and application layers are looked at when these anomalies are
advanced up the stack. Christmas tree scans and DNS poisonings are only two examples of the things they can
spot.
A client-side software program or a network security device can both be used to deploy an IDS. Solutions for
cloud-based intrusion detection are now available to protect data and systems in cloud deployments.
3.2.4 The potential impact (threat-Risk) of a firewall and IDS if they are incorrectly configured in a
network
Unencrypted HTTP connections on the same network segment, such as an open/unencrypted wireless network,
can be misused by an outsider, allowing anyone on the Internet to access the firewall. Anti-spoofing limitations
are not active on the external interface, which could allow denial of service attacks and related ones. Rules exist
in the absence of logging, which may cause issues for important systems and services.
Internal network segments can be linked by any protocol or service, which can result in internal security flaws
and regulatory infractions, particularly in PCI DSS cardholder data settings.
Anyone on the internal network is able to connect to the firewall via an unencrypted telnet connection. These
connections can be misused by an inside user if ARP poisoning is enabled by a tool like the free password
recovery program Cain & Abel (or malware).
Any TCP or UDP service that leaves the network has the potential to spread malware and spam, resulting in
legal usage and policy violations.
The rules are not documented, which could raise security management issues, particularly if firewall
administrators unexpectedly depart the firm.
Using the default password(s) exposes users to every security risk conceivable, including liability issues when
network events take place.
Firewall OS software is outdated and no longer supported, leaving it open to known vulnerabilities like denial-
of-service attacks and remote code execution. If a breach occurs and the system's age is made public, it might
not seem good in the eyes of outsiders.
Internal Microsoft SQL Server databases are accessible to anyone on the Internet, which could result in internal
database access, particularly if SQL Server is set up using the default credentials (sa/password) or another weak
password.
4. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security (P4)
4.1 DMZ
4.1.1 Definition

P a g e | 17
A DMZ Network is a perimeter network that guards against unauthorized traffic and provides an additional
layer of protection for an organization's internal local area network. Usually, a DMZ is a subnetwork that is
situated between a private network and the internet.
While still securing its private network, or LAN, an enterprise can connect to unreliable networks like the
internet by using a DMZ. Servers for the File Transfer Protocol (FTP), mail, proxy, Voice over Internet Protocol
(VoIP), Domain Name System (DNS), and web servers are typically kept in the DMZ. Resources and services
with an external focus are frequently located.
4.1.2 How does DMZ work?
Any device with an internet connection is most frequently targeted by assaults, putting it in the greatest risk.
Businesses are more at risk of attacks if they have public servers that are required to be accessed by those
outside the firm. Between an internal network and the outside world, DMZs act as a barrier. A firewall or
security appliance filters all incoming traffic before it reaches the organization's server when a DMZ is
established between two firewalls.

Figure 15: How DMZ work

(Source: https://www.techtarget.com/searchsecurity/definition/DMZ)
These solutions will notify the host that a breach has happened if a skilled bad guy manages to get past the
company's firewall and gain unauthorized access to those systems before they can engage in any damaging
behavior or access any sensitive data.
4.1.3 Advantages of DMZ
Enabling access control: Companies can use the open internet to provide customers with access to services
outside the bounds of their network. The DMZ permits network segmentation and access to certain services,
making it more challenging for an unauthorized user to get access to the private network. A DMZ may have a
proxy server, which centralizes internal traffic flow and makes traffic monitoring and recording easier.
A DMZ serves as a barrier between a private network and the internet, preventing attackers from conducting
network reconnaissance in search of suitable targets. Public access to servers in the DMZ is allowed, but an
additional degree of security is provided by a firewall that prevents an attacker from seeing inside the internal
network.
By separating the private network from the DMZ and limiting external reconnaissance, the internal firewall
safeguards it even if a DMZ system is compromised.
Blocking IP spoofing: Attackers try to access systems by faking an IP address and acting as a reliable device
that has logged in to the network. A DMZ can spot and stop such spoofing attempts while another service
verifies the IP address's legitimacy. Additionally acting as a network segmentation zone, the DMZ enables
traffic organization and public services to be accessed from outside the private network.
4.1.4 Service of DMZ
The most popular services include:
Web servers: Web servers may need to be put inside a DMZ if they are in charge of maintaining contact with

P a g e | 18
an internal database server. This contributes to the security of the internal database, which frequently houses
sensitive data. The web servers can thus communicate with the internal database server directly or through an
application firewall while remaining protected by the DMZ.
Mail servers: Individual emails and the user database created to hold login information and private
communications are typically kept on servers with no direct internet access. In order to communicate with and
access the email database without directly exposing it to potentially hazardous traffic, an email server will be
created or installed inside the DMZ.
FTP servers: These enable direct file interaction and can host important content on a website for an
organization. An FTP server should therefore always be only partially connected to important internal systems.
4.1.5 Advantage DMZ network
The main advantage of using a DMZ is that it increases the security of a company's private network by limiting
access to servers and sensitive data.
We might set up a reverse proxy server in the DMZ. Internet users will connect to a reverse proxy server via
the internet that doesn't save any private data.
The DMZ restricts and regulates access to inside networks as well as isolates and keeps potential target systems
away from them.
Individuals inside an organization can still share and access content on the internet, and thanks to DMZ,
unwanted users outside a network can still access vital data from the network.
Hackers are less likely to get access to a private network directly because DMZs control both internal and
external traffic flow.
The DMZ can also be utilized to address security issues brought on by OT systems, IoT devices, and other such
systems.
4.2 Static IP
4.2.1 Definition
A static IP address, which serves as a computer's internet address, is a 32-bit number that is assigned to it.
Typically, an internet service provider will present this number as a dotted quad (ISP).

Figure 16: Static IP

(Source: https://www.broadbandcompare.co.nz/p/what-is-static-ip-address)
When a device connects to the internet, its IP address (internet protocol address) acts as a special identification.
Just as people use phone numbers to locate and speak with one another on the phone, computers use IP addresses
to locate and connect with one another on the internet. An IP address can give information about the hosting
company as well as location information.
4.2.2 How does static IP work?
Since most ISP providers do not automatically provide static IP addresses, if a person or organization needs

P a g e | 19
one, they must first get in touch with their ISP and request their device, such as a router, be given a static IP
address. They must restart their device once it has been configured with a fresh, permanent IP address. Behind
the router, PCs and other hardware will all use the same IP address. There is no need to take further steps to
retain the IP address because it is static.
However, obtaining one will frequently cost money because there are a certain number of static IP addresses
available. This issue has a solution with IPv6. Static IP addresses are now simpler to acquire and maintain
because of IPv6's extension of IP addresses from 32 bits to 128 bits (16 bytes), which greatly increases the
number of accessible IP addresses. Both IPv4 and IPv6 are now in use as a significant portion of internet traffic
still uses IPv4, although IPv6 is starting to gain popularity.
IPv6 allows for the creation of up to 340 undecillion distinct IP addresses. In other words, there are now 340
trillion, trillion, trillion possible unique IP addresses. This increase in the total number of IP addresses makes
it possible for the internet to grow significantly in the future and allays worries about a network address
shortage.
4.2.3 Advantage of static IP
One address that never changes might be used by businesses that employ IP addresses for mail, FTP, and web
servers. Static IP addresses are the best choice for hosting voice-over-IP, VPNs, and online gaming. They may
be more dependable in the event of a connectivity failure, preventing the loss of packet exchanges. They make
file uploads and downloads on file servers faster.
A device with a static IP will be easy to locate for any geolocation services. Static IPs are preferred for remote
computer access. A device with a static IP address does not have to submit requests for renewal.
Network administrators may discover that maintaining servers with static IP addresses is simpler. Additionally,
administrators may easily monitor internet traffic and offer people access based on their IP addresses.
4.3 NAT
4.3.1 Definition
Local hosts can connect to the Internet thanks to Network Address Translation (NAT), a process that converts
one or more local IP addresses into one or more global IP addresses and vice versa. It also performs port number
translation, replacing the host's port number with a different one in the packet that will be sent to the destination.
The NAT table is then updated with the appropriate IP address and port number entries. A router or firewall is
typically used for NAT.

Figure 17: NAT

(Source: https://whatismyipaddress.com/nat)
4.3.2 How does NAT work
Typically, a border router with one interface on the local (inside) network and one interface on the international

P a g e | 20
(outside) network is set up for NAT. A packet's local (private) IP address is changed by NAT to a global (public)
IP address when it travels outside the local (inside) network. Global (public) IP addresses are changed into local
(private) IP addresses when a packet enters the local network.
The packets are dropped, and an Internet Control Message Protocol (ICMP) host unreachable packet is sent to
the destination if NAT runs out of addresses, that is, if there are no more addresses in the pool specified.

Figure 18: NAT

(Source: https://en.wikipedia.org/wiki/Network_address_translation)
4.3.3 Types of NAT
Static NAT
A type of NAT technique known as static network address translation (static NAT) directs and maps network
traffic from a static public IP address to an internal private IP address and/or network.
It allows for providing PCs, servers, or networking equipment connected to a private local area network (private
LAN) with external network or Internet connectivity.
Dynamic NAT
Multiple public Internet Protocol (IP) addresses are mapped to and utilized with an internal or private IP address
using the dynamic network address translation (Dynamic NAT) technique.
It enables a user to join a local computer, server, or networking gadget to an outside network or Internet group
using an unregistered private IP address that has a selection of open public IP addresses.
Port Address Translation (PAT)
A feature called port address translation (PAT) enables several users on a private network to share a small
number of IP addresses. Its primary purpose is to allow several clients who require public Internet access to
share a single IP address. It is a development of network address translation (NAT).
Port address translation is also referred to as overload or port overload.
4.3.4 Advantage of NAT
Security and privacy may also be improved through NAT. By routing data packets from public to private
addresses, NAT prevents anyone else from accessing the private device. Unwanted data cannot slip through as
easily since the router arranges the data to guarantee that it is routed to the right place. Although it isn't flawless,
it typically serves as the first line of defense for your device. A NAT firewall alone won't be enough for a
corporation to secure its data; it also has to hire a cybersecurity professional.
Conclusion
This assignment discusses the dangers, solutions, and many tools that can assist people and businesses in
improving the security of their online data. List security breaches so users can learn from the past, how to stay
secure, and how to protect data if one has already happened. There are dangers, but the consumer should also

P a g e | 21
take advantage of the advantages. As a result, the investigation demonstrates that the advantages of such apps
have been and are still positively assessed, enabling customers to choose the best software for their
requirements.

P a g e | 22
 REFERENCES
BASUMALLICK, C. 2022. What Is Botnet? Definition, Methods, Attack Examples, and Prevention Best
Practices for 2022 [Online]. Available: https://www.spiceworks.com/it-security/network-
security/articles/what-is-botnet/ [Accessed 13 December 2022].
BRADLEY, T. 2021. What Is a Firewall and How Does a Firewall Work? [Online]. Available:
https://www.lifewire.com/what-is-a-firewall-2487290 [Accessed 14 December 2022].
MALONEY, S. 2018. What is an Advanced Persistent Threat (APT) [Online]. Available:
https://www.cybereason.com/blog/advanced-persistent-threat-apt [Accessed 13 December 2022].
MOORE, T. 2021. What is a Computer Worm and How Do You Prevent Infection? [Online]. Available:
https://vpnoverview.com/internet-safety/malware/computer-worms/ [Accessed 13 December 2022].
RASHI_GARG. 2022. Threats to Information Security [Online]. Available:
https://www.geeksforgeeks.org/threats-to-information-security/ [Accessed 13 December 2022].
RIVERO, M. 2022. What is phishing? [Online]. Available: https://www.infospyware.com/articulos/que-es-el-
phishing/ [Accessed 13 December 2022].
SWINHOE, M. H. A. D. 2022. The 15 biggest data breaches of the 21st century [Online]. Available:
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
[Accessed 13 December 2022].
TEAM, T. M. 2022a. Data Breach [Online]. Available:
https://www.trendmicro.com/vinfo/us/security/definition/data-breach [Accessed 13 December 2022].
TEAM, W. 2022b. Ransomware [Online]. Available: https://en.wikipedia.org/wiki/Ransomware [Accessed 13
December 2022].
THOMPSON, A. 2020. What Is a DDoS Attack? [Online]. Available: https://www.thesslstore.com/blog/what-
is-a-ddos-attack/ [Accessed 13 December 2022].

P a g e | 23