Assignment 1 môn Security đại học GW năm 2022, đạt các tiêu chuẩn Pass, có trích dẫn Harvard. Liên hệ zalo 0962986805 or https:www.facebook.comprofile.php?id=100080073517431 nếu muốn support với mức giá rẻ hơn thị trường. IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS. GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1), DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2), IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OFFIREWALL POLICIES AND IDS (P3), SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4)
Trang 1ASSIGNMENT 1 FRONT SHEET
Unit number and title Unit 5: Security
Trang 3Note: Nếu muốn support C, C#, Networking, Database, project web, 1633, security_zalo 0962.986.805 or fb Nguyen Long | Facebook
Table of Contents
TASK 1 - IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS GIVE AN EXAMPLE OF A
RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) 4
1.4 W HAT ARE THE RECENT SECURITY BREACHES ? L IST AND GIVE EXAMPLES WITH DATES 9
TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2) 11
TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF
3.1 F IREWALLS AND POLICIES , THEIR USAGE , AND ADVANTAGES IN A NETWORK 13
3.3 S HOW WITH DIAGRAMS THE EXAMPLE OF HOW FIREWALL WORKS 16 3.4 D EFINE IDS, ITS USAGE , AND SHOW IT WITH DIAGRAMS EXAMPLES 17 3.5 T HE POTENTIAL IMPACT (T HREAT -R ISK ) OF A FIREWALL AND IDS IF THEY ARE INCORRECTLY CONFIGURED IN A NETWORK
20
TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A
Trang 44.5 D EFINE AND DISCUSS NAT 25
Trang 54.6 NAT ITS USAGE AND SECURITY FUNCTION AS ADVANTAGE 26
List of figures
F IGURE 1: S ECURITY THREAT 4
F IGURE 2: T ROJAN HORSE 6
F IGURE 3: W ANNA C RY RANSOMWARE 7
F IGURE 4: A DWARE 7
F IGURE 5: S PYWARE 8
F IGURE 6: W ORM 9
F IGURE 7: F IREWALL 13
F IGURE 8: F IREWALL POLICIES 14
F IGURE 9: P ACKET F ILTERING 15
F IGURE 10: S TATEFUL I NSPECTION 16
F IGURE 11: H OW FIREWALLS WORKS 17
F IGURE 12: T HE USAGE OF IDS 18
F IGURE 13: NIDS 18
F IGURE 14: HIDS 19
F IGURE 15: E XAMPLE FOR IDS 20
F IGURE 16: DMZ 22
F IGURE 17: D EMILITARIZE Z ONE D IAGRAM 23
F IGURE 18: S TATIC IP 24
F IGURE 19: NAT 25
F IGURE 20: E XAMPLE OF NAT 26
Trang 6Security is a leading important area in the field of information technology, it determines thesmooth operation of an application, website or internal system of the company In thisassignment, risk will be discussed along with the problems associated with it Some examples
of security breaches and ways to overcome security risks will be given At least 3 organizationalsecurity procedures will be introduced Firewalls and IDSs will also be introduced and assessedfor the potential risk of misconfiguring them DMZ, static IP and NAT will also be discussedand analyzed for advantages
Task 1 - Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1)
1.1 Threats
A security threat is an act with bad intentions such as "crash" or steal data, user information, damagethe system of a company, business or organization The threat may occur in the near or distant future
Figure 1: Security threat
It can be said that system security is the only method to be able to solve and close the vulnerabilities as well as potential risks of a system Security is a difficult area for developers, especially as more
Trang 7and more bad guys find vulnerabilities to attack there There are two types of risks that often appear:
Physical threats and Non-physical threats
Hardware-related problems can appear and disrupt the connection and lose data of the server A fewexamples of physical risks that can come from failure due to time, weather, human or humidity
However, the risk of non-physical problems is the main issue to discuss Non-physical issues cancause data loss, data exposure, slow connections, and other security-related issues The maincauses are a network attack with different purposes, spreading computer viruses, spyware,unauthorized access to computers to access data, and software containing code other poison
These non-physical risks are always difficult problems and can only be solved by system securitymethods
1.2 Identify threats agents to organizations
A threat actor is an active entity having a financial motivation to target an organization's orindividual's equipment, operations, or systems Threat actors can be identified as distinctorganizations or persons, or they might be classified based on their aims or ways of operation(Anon., 2016)
Some of the threat actors are countries, employees, hackers, terrorists Enemy countries, largecountries interfere or attack the systems of other countries Employees can also reveal confidentialcompany information for objective or subjective reasons, allowing bad guys to get hold of theinformation and carry out an attack that bypasses the security layer Some viruses (malicious code)are created with the goal of spreading mass regardless of corporate or personal devices Hackersand terrorists infiltrate and attack the systems of state organizations, flights, for political reasons.Most attack actors have monetary or political purposes
1.3 List type of threats that organizations will face
Cyber thieves are becoming more sophisticated in their assault techniques and gaining access tocompanies' networks There are a variety of security issues that might affect an organization's ability
Trang 8to stay in business As a result, there is no way to know for sure whether or not a corporation isunder assault The following are the many sorts of security dangers that businesses face, which canhelp them take preventative measures:
A Trojan horse is a malicious program developed by a hacker to become legitimate softwarewith the purpose of accessing the system of a company, business or organization It is designed
to delete, modify, corrupt, or intercept data or networks The victim receives an email with anattachment that seems like it came from the government Malicious code may be embedded inattachments, which is run as soon as the victim clicks on it The victim was unaware or had nosuspicion that the attachment was a Trojan horse in this case
Figure 2: Trojan horse
A virus is a type of malicious code that can infect a computer when a user clicks on a link, opens aweb page or downloads an unknown file and opens it Users are difficult to detect until signsappear such as slow machine, data loss or worse, locked However, there are many good anti-virussoftware that can be used to avoid the intrusion and destruction of viruses
Trang 9Figure 3: WannaCry ransomware
Adware is a type of software that contains commercial and marketing-related advertisements, such
as those that appear on a company's computer screens in the form of plop-ups or bars, banneradvertising, or videos Adware is mostly Web-based and collects data from web browsers in order
to target advertisements, mainly pop-ups Freeware and pitch ware are two terms used to describeadware
Figure 4: Adware
Trang 10Adware operates by redirecting us to an advertising website and collecting information from us when
we click on certain types of adverts By monitoring our online actions and selling that information to athird party, it may also be used to steal all of our sensitive information and login passwords
Spyware is a sort of unwanted security threat to businesses that installs itself on a user's computerand gathers sensitive data such as personal or company information, login passwords, and creditcard information without the user's knowledge This sort of attack keeps track of our onlineactivities, logs our login credentials, and snoops on our personal information
Figure 5: Spyware
Some actions that can be monitored by spyware are keystrokes, screenshots, reading cookies,passwords, etc Spyware can be installed as typical malware, such as phishing advertising, emails,and instant messaging, or it can be installed automatically or as a hidden element of a softwarepackage
Worms are similar to viruses in that they replicate themselves, while viruses do not The way acomputer worm spreads: It may propagate without the help of humans by exploiting softwaresecurity weaknesses and attempting to get access to steal important information, corrupt files, andinstall a back door allowing remote access to the system
Trang 11Figure 6: Worm
Backdoors and security weaknesses in OS systems and apps are exploited by worms They look forother computers on the network or on the Internet that are running the same programs andspreading to other computers Worms do away with the need for individuals to access and runmalware A computer worm is a type of malicious software that spreads over global networkconnections in search of victims Worms are particularly dangerous because they obtain access to acomputer by exploiting known computer vulnerabilities (such as a hole in the security system)
1.4 What are the recent security breaches? List and give examples with dates
A security breach occurs when an intruder gains unauthorized access to an organization's protectedsystems and data, bypassing the system's security layers, they can obtain information Securitybreach means an attempt to interfere, break into a certain system of individuals or groups.Violations may involve data theft or destruction of data or IT systems, and other malicious actions
Some security breaches
• Viruses, spyware, and other malware: Cybercriminals routinely employ malicious software togain access to secure networks
Trang 12• DDOS (Distributed Denial of Service): A type of denial-of-service assault that can knockwebsites offline Hackers can make a website - or a computer - inaccessible by overwhelming itwith traffic Because DDoS attacks have the ability to overwhelm an organization's securityequipment and business capabilities, they are regarded as a security breach Action, vengeance, orblackmail might be the motivation During an attack, anyone who has a legitimate businessrelationship with an organization will be unable to access the website.
Examples with dates
In August 2013, Yahoo exposed more than 1 billion user account information, this number isactually 3 billion accounts (2016), a certain security problem that was used by hackers to take thisbad action (Hill and Swinhoe, 2021)
Alibaba is a firm with 1.1 billion users (as of November 2019) Using the crawler software hedesigned, a developer working for an affiliate marketer acquired consumer data from Chinese retailwebsite Alibaba, Taobao, over an eight-month period, including usernames and mobile phonenumbers It appears that the developer and his company gathered the data for their own purposesrather than selling it on the illicit market (Hill and Swinhoe, 2021)
In June of this year, LinkedIn exposed the information of 700 million members LinkedIn's 700million members' data was leaked on a dark web forum in June 2021, impacting more than 90% ofthe company's users Before selling the initial set of informative datasets of around 500 millionconsumers, a hacker known as "The God User" employed a data-gathering approach by accessingthe website's (and others') APIs After that, they boasted about selling their full 700 million clientdatabase (Hill and Swinhoe, 2021)
The consequences of this breach
The biggest consequence is data loss, for each company and user, personal information is veryimportant, it must be secure For example, revealing a phone number can be annoying, if theinformation on a bank account is exposed, it is a bad thing Currently, companies always put theprotection of personal information first, it also determines the existence of that company orwebsite
Trang 13Followed by downtime, a website under DDOS attack can be down for a few minutes to severalhours, affecting the user experience.
The next consequence is financial loss, a sales website earns money over time, if it is stalled fortoo long, it will lose a large amount of revenue In addition, any loss can be converted intofinancial loss
If a website is hacked then users will lose trust in that website People cannot hand overpersonal information to a company that could expose user information
Suggest solutions to organizations
Some of the security-related measures that can be taken are detecting vulnerabilities andsecurity risks and fixing them; training and recruiting high-quality IT force on data security,user data encryption; timely response to attacks on the system In addition, experts in datasecurity can be invited to consult and check the enterprise's system
Use corresponding software to combat risks such as viruses, spyware, Instruct users on how
to secure information such as password length, post notices of dangerous causes so that userscan prevent
Improve the best system for users such as 2-factor authentication, check login history.Confidentiality of information even for employees in the company
Task 2 - Describe at least 3 organizational security procedures (P2)
Organizational security procedure
A security process is a collection of steps that must be followed in order to complete a certainsecurity duty or function Procedures are often developed as a set of actions to be performed in aconsistent and repeatable manner to achieve a certain goal Security procedures, once developed,give a set of defined steps for performing the organization's security affairs, making training,process auditing, and process improvement easier Security procedures are created to ensure that asecurity control or a security-related business process is implemented consistently They must
Trang 14be followed every time a control is implemented or a security-related business process is carriedout Furthermore, security protocols guide the person doing the action to the intended outcome.
Define data security procedures: Information security is a field that deals with a wide variety of
computer security and information assurance issues Information security refers to preventingunauthorized access, use, disclosure, disruption, alteration, tracking, inspection, recording, ordestruction of data and information systems Establishing logical controls to monitor and manageaccess to sensitive (secret or classified) information is part of software engineering Data security is
a subset of information security features that a software product can provide The followinginformation security functions and processes must be defined: User account administration,identification, authentication, and authorisation are all part of access control Information isprotected by access control, which prevents unauthorized persons from accessing sensitive data
Anti-Virus Process: This process defines criteria for how all computers linked to an
organization's network must respond to an application in order for virus detection andcontainment to be effective Anti-virus software that is supported for installation on all serversand servers and is updated on a regular basis Additionally, anti-virus software and virus samplefiles must be updated Any virus-infected device must be withdrawn from the network until it isconfirmed virus-free by an Information Security Officer or someone who is solely responsiblefor virus-free devices
Physical security processes: When we wish to walk inside a system's entrance or gate, we may
grasp physical security procedures This technique has to do with access control; each user onthe system has a separate set of permissions In most systems, there is always an administratorwith the highest power and access to all rooms or components of the system Aside from that,
we have a regular employee that can only work in their own room and is unable to accessanother Here, procedures are those that allow or disallow an employee or user to enter a room
or a system In reality, today's systems and organizations all have several physical securityprocesses, and AI will automate all of them
Trang 15Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)
3.1 Firewalls and policies, their usage, and advantages in a network
A firewall is a device (a mix of hardware and software) or a program (software) that regulatesthe flow of Internet Protocol (IP) traffic into and out of a network or electronic device(Chadwick, 2021) Firewalls are used to inspect network traffic and apply regulationsdepending on the Ruleset of the firewall Firewalls are used to protect against cyber attacks oncomputer resources or information
Figure 7: Firewall
The organization's Internet access security policy, the mapping of the security policy into thetechnical designs and procedures to be followed when connecting to the internet, and the wallsystem firewalls, which are hardware and software implementations of the firewall, are thecomponents that make up a firewall Every one of these firewall components is necessary Afirewall system that lacks an Internet access security policy can't be properly set A policy thatisn't backed up by processes is meaningless since it will be disregarded (Chadwick, 2021)
Trang 16Firewalls are divided into two categories: "Network" and "Host": A network firewall is often adevice that is connected to a network and controls access to one or more hosts or subnets; aserver firewall is typically a program that targets a single host (personal computer) Bothnetwork and server firewalls may and are frequently used simultaneously.
You can use firewall policies to block or allow specific forms of network traffic that aren'tmentioned in a policy exception The policy also decides whether or not firewall functions areactivated One or more firewall profiles can have policies assigned to them
Figure 8: Firewall policies
Firewalls have a number of advantages such as cost, safety, ease of control, stopping requests tounsafe services (Chadwick, 2021)
Users can block requests to services that are fundamentally insecure, such as rlogin or RPCservices such as NFS Users can restrict access to other services, such as blocking calls from
Trang 17specific IP addresses or filtering service activity (both incoming and outgoing) Because thereare usually just one or a few firewall systems to focus on, they are less expensive thanprotecting individual servers on a corporate network They are more secure than guardingindividual hosts since firewalls often run a simpler operating system and don't run complicatedapplication software, and the number of servers that must be guarded is reduced (how secure isthe overall security) The server's strength is only as good as its weakest connection).
3.2 The firewall provide security to a network
Firewalls use one or more methods to control incoming and outgoing network traffic within anetwork:
Packet Filtering: In this method, the packet will be analyzed and compared with the previously
configured filter Packet filtering will have a lot of different principles depending on thecompany's management policy Every time a network traffic comes and goes, this packet will becompared with the existing configuration in the firewall, if it is allowed the packet will beaccepted, if not allowed in the firewall configuration, the packet will be rejected going throughthe network
Figure 9: Packet Filtering
Stateful Inspection: This is a newer method, it does not analyze the contents of the packet,
instead, it compares the packet's form and pattern to its trusted database Both incoming andoutgoing network traffic will be reconciled to the database