ASSIGNMENT 1 Sercurity A threat is defined in the context of security as any circumstance or event that has the potential to cause harm to an organizations operations, assets, reputation, or individuals via an information system via unauthorized access, destruction, disclosure, modification of information, andor denial of service 1. This includes both intentional and unintentional behavior. The term cyber threat refers specifically to threats that originate digitally or online, such as malware, phishing, or hacking 2. Natural disasters, power outages, and physical breaches, among other things, can pose threats 3. Its important for organizations to have a clear understanding of potential threats and the ways in which they can manifest, in order to implement effective security measures and mitigate risk. This includes staying uptodate on emerging threats and vulnerabilities and taking proactive steps to prevent or mitigate them.
Trang 1ASSIGNMENT 1 FRONT SHEET
Qualification BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 5: Security
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice
Student’s signatureGrading grid
Trang 2❒ Summative Feedback: ❒ Resubmission Feedback:
Lecturer Signature:
Trang 3Table of content
TABLE OF CONTENT 2 TABLE OF FIGURES _3
I IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1) _4
D EFINE THREATS 4
I DENTIFY THREATS AGENTS TO ORGANIZATIONS 4
L IST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE 4
W HAT ARE THE RECENT SECURITY BREACHES ? L IST AND GIVE EXAMPLES WITH DATES _5
F EW SOLUTIONS TO ORGANIZATIONS _6
II DESCRIBE ORGANISATIONAL SECURITY PROCEDURES (P2) 7
S ECURITY PROCEDURES THAT ORGANIZATIONS CAN USE TO IMPROVE OR PROVIDE SECURITY : 7
III IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES AND IDS (P3) 9
F IREWALLS AND POLICIES : 9
U SAGE IN A NETWORK : _10
A DVANTAGES IN A NETWORK : 10
H OW DOES A FIREWALL PROVIDE SECURITY TO A NETWORK ? 11
W HAT IS IDS? A ND U SAGE _11
Incorrect in IDS Configuration: 12
IV HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY (P4) 13
T HE AID OF DIAGRAM DMZ, ITS USAGE AND SECURITY FUNCTION AS A DVANTAGE _13
3 H OW DMZ S ARE USED FOR SECURITY _14
2 A DVANTAGE OF STATIC IP: 15
3 H OW S TATIC IP S ARE USED FOR SECURITY : 15
1 D EFINITION : 16
A NETWORK DEVICE , OFTEN A FIREWALL , WILL ASSIGN A PUBLIC ADDRESS TO A COMPUTER ( OR GROUP OF COMPUTERS ) 16
INSIDE A PRIVATE NETWORK AS PART OF A PROCESS KNOWN AS NETWORK ADDRESS TRANSLATION (NAT) I N ORDER 16
TO SAVE MONEY AND IMPROVE SECURITY , NAT IS PRIMARILY USED TO REDUCE THE NUMBER OF PUBLIC IP 16
ADDRESSES THAT A BUSINESS OR ORGANIZATION MUST UTILIZE 16
T YPES OF N ETWORK A DDRESS T RANSLATION (NAT) _16 _16
A DVANTAGES OF N ETWORK A DDRESS T RANSLATION (NAT) 17
H OW NAT IS USED FOR S ECURITY 17
REFERENCES: 18
Trang 4Table of Figures
Figure 1: Threat 4
Figure 2: Data breach 5
Figure 3: Conduct regular risk assessments 7
Figure 4: Raise employee cybersecurity awareness 8
Figure 5: Firewall 9
Figure 6: How firewalls work 10
Figure 7: IDS how it work 11
Figure 8: DMZ diagram 13
Figure 9: Static IP 15
Figure 10: NAT Diagram 16
Trang 5I Identify types of security threat to organizations Give an example of a recently publicized security breach and discuss its consequences (P1)
Define threats
A threat is defined in the context of security as any circumstance or event that has the potential to cause harm to an organization's operations, assets, reputation, or individuals via an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service [1] This includes both intentional and unintentional behavior
The term "cyber threat" refers specifically to threats that originate digitally or online, such as malware, phishing, or hacking [2] Natural disasters, power outages, and physical breaches, among other things, can pose threats [3]
It's important for organizations to have a clear understanding of potential threats and the ways in which they can manifest, in order to implement effective security measures and mitigate risk This includes staying up-to-date on emerging threats and vulnerabilities and taking proactive steps to prevent or mitigate them
Figure 1: Threat
Identify threats agents to organizations
In terms of cybersecurity, organizations face a wide range of threats from various threat agents It is critical to identify these threat agents in order to develop effective security strategies The following are some common threat agents that businesses should be aware of:
List type of threats that organizations will face
Cybercriminals: Individuals or groups who use technology to commit crimes such as stealing personal information, financial data, or intellectual property are referred to as cybercriminals To gain
Trang 6unauthorized access to systems or data, they frequently employ malware, phishing, or social engineeringtechniques [4]
State-sponsored hackers are government-sponsored attackers who seek to steal sensitive data or disruptcritical infrastructure They are frequently well-funded and highly skilled, posing a serious threat to organizations that may be targeted for political, economic, or strategic reasons [5]
Insider threats are people who have legitimate access to an organization's systems or data and use that access for malicious purposes They could be employees, contractors, or partners with a grudge or the intent to profit financially Because they already have legitimate access to the organization's resources, insider threats can be difficult to detect [6]
Terrorists and hacktivists: Terrorists and hacktivists are individuals or groups who use cyberattacks to achieve political or social goals To disrupt or damage their targets, they frequently use distributed denial
of service (DDoS) attacks, defacement, or data breaches The threat level posed by these agents may varydepending on the activities of the organization, industry, or country to which they belong [7]
By identifying these threat agents, organizations can gain a better understanding of the nature of the risks they face and take appropriate protective measures This includes putting in place security policies, training employees to be aware of potential threats, and monitoring systems for any unusual activity Organizations should also create incident response plans that can be used to detect and respond to security incidents as soon as possible They can minimize the damage caused by successful attacks and the impact on their operations by doing so
What are the recent security breaches? List and give examples with dates
According to the web search results, several recent security breaches have affected various companies and organizations Here is a list of some of the most notable security breaches, along with the dates they occurred:
News Corp: In January 2022, News Corp, the publisher of the Wall Street Journal, disclosed that it had
been the victim of a cyberattack, with some data compromised [8]
U.S Marshals Service and Activision: A series of high-profile data breaches were reported in February
2023, including attacks on the U.S Marshals Service and Activision
AT&T: In March 2023, AT&T notified 9 million customers that their personal information had been
compromised
Amazon Ring: In March 2023, a ransomware group claimed to have stolen Amazon Ring data
Trang 7Figure 2: Data breach
Few solutions to organizations
o Conduct regular security assessments: Organizations should regularly assess their security
vulnerabilities and identify areas that need improvement They can hire external security
consultants to perform security assessments and recommend measures to strengthen their security posture
o Implement multi-factor authentication (MFA): Multi-factor authentication is an effective way to prevent unauthorized access to sensitive data By requiring a user to provide two or more
authentication factors, such as a password and a biometric factor like a fingerprint or facial recognition, MFA makes it more challenging for hackers to gain access to systems and data
o Regularly update software and patch vulnerabilities: Organizations should ensure that all
software and systems are updated regularly with the latest security patches and updates to address known vulnerabilities
o Train employees on cybersecurity best practices: Employees are often the weakest link in an organization's security posture Organizations should provide regular training and education on cybersecurity best practices to all employees to prevent phishing attacks, social engineering, and other security risks
o Encrypt sensitive data: Encryption is a crucial method for protecting sensitive data from
unauthorized access Organizations should encrypt all sensitive data both in transit and at rest
o Backup data regularly: Organizations should regularly backup all critical data to a secure location
to ensure that it can be recovered in the event of a security breach or other data loss
o Implement access controls: Access controls, such as role-based access and privilege management,can help organizations limit access to sensitive data and systems only to authorized personnel
Trang 8I. Describe organisational security procedures (P2)
Security procedures that organizations can use to improve or provide security:
Conduct regular risk assessments: Organizations should conduct regular risk assessments to identify and mitigate potential security risks A risk assessment can help an organization develop a security strategy that includes plans for recovering from attacks and system downtime It can also identify areas where technology infrastructure control activities need to be established By regularly conducting risk
assessments, organizations can stay ahead of potential security threats and improve their overall securityposture [9]
Figure 3: Conduct regular risk assessments
Trang 9Raise employee cybersecurity awareness: The obvious way to create and nourish a healthy security culture! Organizations of all sizes and industries are vulnerable to cyberthreats; therefore, safekeeping information assets from phishing and ransomware, for example, will require users’ awareness of these threats and the ability of the workforce to mitigate risks Building a cyber-aware staff means addressing the resilience of the human element of cybersecurity It is vital for employees to be prepared to handle threats that slip through the network perimeter controls, so it is beneficial to implement a security awareness and training program for the members of staff by following guides such as the NIST Special Publication 800-50 As mentioned in The Components of Top Security Awareness Programs, “an
effective cyber security strategy and implementation plan to sustain security operations from
pre-incident to post-pre-incident starts with educating personnel in data breach prevention and response.” [9]
Figure 4: Raise employee cybersecurity awareness
Implement an XDR security solution: Extended Detection and Response (XDR) security solutions monitor
an organization's entire infrastructure, including endpoints, the cloud, mobile devices, and more These systems actively search and respond to threats in real-time to protect organizations from advanced cyberattacks XDR can help an organization detect and respond to threats before they can cause damage
to the organization's data and systems Implementing an XDR security solution can help an organization improve its overall cybersecurity posture [10]
Conduct penetration testing: Penetration testing is the process of simulating an attack on an
organization's network or system to identify potential vulnerabilities Penetration tests can help
organizations learn how to handle any type of break-in from a malicious entity and examine whether their security policies are genuinely effective Penetration testing can also serve as a type of fire drill for organizations, providing a way to test their security policies and procedures in a controlled environment
By conducting regular penetration testing, organizations can identify vulnerabilities and take steps to address them, improving their overall security posture [11]
Trang 10II. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)
Firewalls and policies:
- Firewalls are an essential component of network security that play a crucial role in protecting networks from unauthorized access and other malicious activities They work by filtering
incoming and outgoing network traffic based on a set of user-defined rules The purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely [12]
- In addition to deploying firewalls, it is also essential to establish clear firewall policies to ensure that the firewall is configured correctly and that it is operating effectively Firewall policies should outline the rules for allowing or blocking specific types of network traffic, as well as the
procedures for managing and updating the firewall It is also important to regularly review and update firewall policies to ensure that they remain effective against emerging threats [13]
Figure 5: Firewall
Trang 11Usage in a network:
- In a network environment, firewalls can be deployed in various ways depending on the
organization's security requirements For example, a network may have multiple firewalls in place
to control the flow of traffic between different network segments or to protect specific servers or applications Firewalls can also be used in conjunction with other security technologies, such as intrusion detection systems (IDS) and virtual private networks (VPNs), to provide a
comprehensive security solution [14]
Figure 6: How firewalls work
Advantages in a network:
- One of the most significant benefits of network firewalls is their adaptability Firewalls can be upgraded and adapted in real time, giving network administrators a great deal of flexibility in managing network security [15]
- Firewall provides intelligent port control, which goes beyond the traditional single-layer port approach They provide advanced security features such as intrusion detection and prevention, content filtering, and VPN support [16]
- Another significant benefit of firewalls is their ability to restrict access to sensitive resources, preventing unauthorized users from accessing critical information Network firewalls that only allow traffic that has been explicitly authorized to pass can support Zero Trust security
architectures in which only the necessary and authorized users, devices, and applications are granted access
- Firewalls also provide a simple infrastructure for network security, which reduces the complexity
of network security management Firewalls can reduce the number of threats that a network faces by blocking unauthorized traffic, making network security easier to manage [16]