1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) 1623 assignment 1 (pass) fpt greenwich
Define threats
Software assaults, loss of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion are all examples of information security threats
A threat is anything that exploits a vulnerability to breach security, potentially causing negative changes or damage In cybersecurity, a threat often refers to a potential hacker attack granting unauthorized access to a computer system.
Identify threats agents to organizations
Nation States: Companies in specific industries, such as telecommunications, oil and gas, mining, power generation, national infrastructure, and so on, may become targets for other
7 countries, either to disrupt operations today or to provide that nation with a future grip in times of crisis
Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors, and Viruses perpetrated by vandals and the public):
Companies often mistakenly believe they are not targets for hackers; however, the sheer volume of daily cyberattacks means any organization can become a victim.
The WannaCry ransomware attack, affecting over 200,000 machines across 150 countries, exemplifies a non-target-specific cyber threat, famously disrupting the NHS in the United Kingdom Such attacks can originate from various sources, including individuals seeking vulnerabilities online.
Morrisons faced a penalty for lacking adequate technological and organizational measures to prevent a former employee's criminal actions The company is currently appealing this fine, arguing against the judgment that holds them responsible for the data breach committed by the ex-employee.
Businesses often require specialized assistance and hire third-party contractors, which can introduce security vulnerabilities due to varying security standards on external equipment.
The level of threat from various agents, including political parties, media entities, and extremists, depends on individual activity; while some terrorists target specific sectors or nations, creating a constant fear of random attacks.
WikiLeaks' 2010 release of diplomatic cables and documents related to the Iraq and Afghanistan wars exemplifies the impact of information leaks, highlighting the role of organized crime at various levels.
Criminals target personal information for credit card fraud, identity theft, and bank account fraud, employing methods from phishing to 'Watering Hole' websites to harvest and exploit data for malicious purposes.
According to a 2018 report, identity fraud cases increased in 2017, with approximately 175,000 reported incidents, marking a 125% surge over the past decade, and 95% of these cases involved impersonating innocent victims.
•Although not a cyber assault, these occurrences can have a similar impact on your capacity to do business
Data disasters extend beyond physical office damage to include inaccessibility of data centers or cloud-based information, highlighting the need for comprehensive disaster planning While certain disasters like earthquakes may seem improbable in specific regions, the prevalence of events such as flooding underscores the importance of preparing for various potential disruptions affecting data access and business continuity, especially considering the impact on corporate entities and partnerships.
Collaborating with partners addresses skills and resource gaps but introduces the risk of intellectual property theft or data exposure, whether unintentional or deliberate, depending on the partner's motivations.
The 2013 Target breach, originating from a phishing email sent to a third-party HVAC contractor (Fazio Mechanical), exemplifies the risk of partner organizations as breach sources This attack compromised Target's point-of-sale systems, exposing up to 40 million customer credit and debit cards and costing Target over \$200 million.
List the type of threats that organizations will face
Human errors and mistakes
User destructing systems, applications, and data
Disgruntled employees waging war on the company or causing sabotage
Malicious human activity
Advanced Persistent Threats (APTs) target businesses with long-term cyberattacks, invisibly penetrating networks to find unnoticed access and departure points.
They snoop about, install specialized harmful programs, and acquire essential data and sensitive information once inside an organization (RSI, 2021)
Here are commonly five progressions that an Advanced Persistent Threat undergoes to strengthen its damage:
• Infiltration of Access: Phishing, trojan horses, and malware are used by APT attackers to gain access to the system
• Grip Strengthening: The ability of an Advanced Persistent Threat to gain a foothold inside a company is its strength
• Invasion of the System: APT attackers will begin attacking the system by getting administrator access and breaking passwords left and right once they have complete freedom of movement
• Lateral Movement: hackers have made the enterprise their playground
• Deep Machinations: The APT attackers have total control of the company during this phase, deleting all evidence of their intrusion and building a solid backdoor for future use
Cybercriminals employ cutting-edge technologies such as malware and stealthy computer intrusion tactics to compromise an organization's cybersecurity, aiming to inflict havoc Distributed Denial of Service (DDoS) attacks are a common method used in these intrusions.
When fraudsters use Distributed Denial of Service or DDOS, their primary purpose is to disrupt a website
DDoS attacks overwhelm target networks with fake requests, causing system failure and website unavailability, which leads to significant production losses due to these interruptions.
Countering a Distributed Denial-of-Service (DDoS) attack is exceptionally challenging due to its multi-source nature Imagine a restaurant overwhelmed by a disruptive crowd at its entrance; this scenario mirrors the chaotic impact of a DDoS assault.
Once hackers have established a foothold in your network, ransomware is a type of virus from crypto virology that hackers execute and encrypt to perfection They take crucial business data
10 or sensitive personal information from clients, then threaten to jeopardize the material unless the target organization pays a ransom
Over time, ransomware has evolved into a popular way of extorting money from businesses
The important information found within an infiltrated network is weaponized by digital attackers To lure employees into the firm, standard ways include presenting an innocent attachment or link
Phishing is a prevalent method used by hackers to gain unauthorized system access, often serving as a gateway to more sophisticated security threats like ransomware and Distributed Denial of Service (DDoS) attacks.
Phishing relies on deception, where attackers craft emails appearing legitimate Unsuspecting users who click malicious attachments or URLs risk infecting their devices and networks.
Sophisticated phishing attacks often involve hackers impersonating senior employees or clients to realistically manipulate targets These scams frequently mimic expected business transactions or bank requests, increasing their likelihood of success.
Worms are malware that multiplies itself, especially once it has contacted a computer network
They seek out weaknesses in a network to expand and extend their presence and effect
A botnet, derived from "robot" and "network," is a network of private computers infected with malware, enabling cybercriminals to remotely access them without the owner's knowledge.
Botnets amplify hackers' capabilities, enabling them to execute spam campaigns, launch DDoS attacks, and steal data by exploiting intricate control over target networks, thereby disrupting the complex systems of targeted organizations.
Botnet architectures have evolved to effectively evade detection by mimicking client connections to existing servers This allows cybercriminals to remotely control these botnets through peer-to-peer networks, enhancing their resilience and stealth.
Cryptocurrency's popularity has surged, driving demand for mining tactics to generate more currency; however, cybercriminals exploit this trend by employing phishing tactics to infect and hijack machines for cryptocurrency mining, creating a significant security risk.
Because targets are unaware that their resources are being used to mine cryptocurrency, crypto jacking can cause slower computers
Natural Events and Disasters
Natural disasters encompass a wide range of devastating events, including fires, floods, hurricanes, earthquakes, and tsunamis These threats also encompass losses incurred during recovery efforts, compounding the initial damage.
What are the recent security breaches? List and give examples with dates
Security Breaches Definition
A security breach occurs when an attacker successfully gains unauthorized access to an organization's computer systems Breaches can include theft of sensitive data, corruption or sabotage of IT systems, website defacement, or acts harming the organization's reputation.
Recent Security Breaches, List and give examples with dates
Sina Weibo, a prominent Chinese social media platform with over 600 million users, experienced a data breach in March 2020, affecting 538 million users The breach exposed personal information, including real names, usernames, gender, location, and phone numbers, which were subsequently offered for sale on the dark web for \$250.
Weibo has been asked by China's Ministry of Industry and Information Technology (MIIT) to improve
Sina Weibo enhanced its security after a data security breach where an attacker accessed publicly available information using a tool designed to find friends' accounts by phone numbers; while passwords were not directly compromised, the company alerted users to the potential risk of linked accounts if passwords were repeated elsewhere.
12 policy and had informed the proper authorities of the situation (Michael Hill and Dan Swinhoe,
In April 2020, Nintendo reported a credential stuffing attack that compromised 160,000 accounts, granting hackers access to sensitive personal data and enabling unauthorized digital purchases using stored payment information.
The gaming company investigated a security incident, revealing that 140,000 additional accounts were compromised, bringing the total to 300,000, and as a security measure, passwords for all affected users have been reset, with users being advised to use unique passwords across different platforms.
In early April, as staff transitioned to remote work, Zoom experienced a significant security breach, compromising the login details of over 500,000 users.
Hackers likely gained access to accounts through credential stuffing, exploiting username and password combinations compromised in previous data breaches, with the stolen information then being sold on dark web hacker forums for as little as 1p.
Compromised login credentials, email addresses, personal meeting URLs, and Host Keys enabled unauthorized access, allowing criminals to attend meetings or exploit stolen information for malicious purposes.
In June 2021, a data breach exposed the information of 700 million LinkedIn members, impacting over 90% of its user base A hacker known as "God User" utilized data scraping techniques, exploiting the site's API Initially, a collection of data from about 500 million users was released Subsequently, the hacker claimed to be selling the complete database of 700 million LinkedIn users.
1.4.2.5 Data on 3.3 million Audi Customers Exposed in Unsecured Database (June
In June 2021, Volkswagen reported that the data of 3.3 million Audi customers, including both current and prospective buyers, was inadvertently exposed online This data breach, occurring between 2014 and 2019, compromised names, email addresses, phone numbers, and vehicle-specific information.
Around 90,000 people were impacted, and additional sensitive information was taken This may contain Social Security numbers and dates of birth
The data was exposed online at some point between August 2019 and May 2021, according to the business The organization continues to investigate the occurrence in order to establish a precise timeframe
In July 2021, Kaseya, an IT solutions provider, experienced a major supply chain ransomware attack targeting managed service providers (MSPs) and their clients The attack compromised Kaseya's unified remote monitoring and network perimeter protection product, leading to the theft of administrative control over Kaseya services.
According to ZDNet, the Kaseya ransomware attack disrupted SaaS servers and on-premises VSA solutions across 10 countries Kaseya responded swiftly by notifying its customers about the incident.
Its customers The Kaseya VSA detection tool was released by the corporation, allowing business users to assess their VSA services and manage endpoints for symptoms of vulnerabilities
1.4.2.7 Databases and Account Details on Thousands of Microsoft Azure
In August 2021, a Cosmos DB vulnerability allowed Wiz security experts to access Microsoft Azure account credentials and client databases, creating a loophole that exposed numerous Fortune 500 enterprises to unauthorized database access.
Security experts may not have been the only ones with access to the data; unauthorized individuals could have had unrestricted capabilities to download, delete, and modify records within the systems.
Security firm PeckShield reported that Crypto.com was hacked, resulting in the theft of 4,600 ETH, valued at approximately \$15 million Crypto.com halted withdrawals in response to user reports of unusual account activity The company claims no user funds were stolen, suggesting the breach affected its hot wallets.
Crypto.com acknowledged "unauthorized activity" affecting some user accounts, assuring that "all monies are secure," yet the loss of ETH from certain accounts remains unexplained, raising concerns about platform security.
1.4.2.9 Microsoft Breached by Lapsus$ Hacker Group (March 2022)
The Consequences of Those Breaches
Sina Weibo: affecting 538 million Weibo users and their personal information, including actual names, site usernames, gender, location, and phone numbers
Nintendo: 160,000 accounts had been compromised in a suspected credential stuffing attack, approximately 300,000 accounts had been affected
• Zoom: It was revealed that virtual conference tool Zoom had suffered a humiliating security breach, exposing the login data of over 500,000 users The information was sold on dark web forums
• LinkedIn: 700-million-person consumer database was sold and released for free on the dark web
• Audi Database: 3.3 million Audi customers' data, including present and potential purchases, had been left publicly available online Around 90,000 people were impacted, and additional sensitive information was taken
• Kaseya: A supply chain ransomware assault targeted managed service providers and their downstream clients, stealing administrative control of Kaseya services
• Microsoft Azure: The problem impacted a wide spectrum of businesses, including numerous Fortune 500 enterprises
• Crypto.com: 4,600 ETH valued at roughly $15 million was hacked and moved to ambiguous wallets
• Microsoft: Bing, Cortana, and other Microsoft projects had been hacked.
Suggest solutions to organizations
Deploy a top-tier cybersecurity team and advanced tech for rapid incident response or proactive defense Enhance visibility, resolve vulnerabilities, and establish strategies to prevent future incidents.
breaches effectively.
To identify and defend against threats, businesses must create an entire strategy and security lifecycle, addressing planning, risk assessment, policy formulation, and controls A strong business and technical architecture may significantly increase the amount of resilience needed to survive a coordinated attack By incorporating security into this architecture, businesses can rest certain that they are as secure as possible in the event of a compromise.
Early detection limits attack harm, necessitating a clear, defined plan and monitoring capacity Understanding baseline environment volumes, types, and performance is crucial for recognizing attack types, sites, and vectors, enabling effective system development.
15 acquiring situational awareness and actionable security intelligence that can help you prepare for speedy alerting of assaults, you'll need a combination of people, processes, and technology
Defining plans to secure an organization's key services and information is crucial for defense, focusing on threat removal, vulnerability closure, and impact control A multi-layered defense strategy enables earlier breach detection, faster response, and reduced impact and exposure This approach reduces costs, increases control, and lowers risk exposure over time, enhancing overall security posture.
a variety of attack tactics and sources, while effective processes for recording, reporting, and auditing security breaches can support legal action against attackers.
2 DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY
Definition
Security processes are a collection of steps to complete a security duty, providing a consistent and repeatable manner to achieve a certain goal Security procedures give a set of defined steps for performing the organization's security affairs, making training, process auditing, and process improvement easier Procedures serve as a starting point for establishing the uniformity required to reduce variance in security procedures, hence improving security control inside the business Reducing variance is an excellent method to reduce waste, enhance quality, and boost performance in the security sector.
Discussion on Incidence response policy
To ensure readiness against cyber threats, a robust Incident Response (IR) procedure is crucial, encompassing incident management, reporting, and continuous monitoring Comprehensive incident response training, regular testing, and dedicated support are essential components These measures collectively fortify the ability to respond effectively to cybersecurity incidents, secure state systems and data, and maintain uninterrupted government services.
This type of policy usually includes information about:
• the organization's incident response team
• The people in charge of testing the policy
• How to put the policy into action
• The technological means, tools, and resources that will be used to identify and recover compromised data
The preparation phase involves educating users and IT professionals on responding to security issues, identifying necessary tools and resources, conducting regular risk assessments, and implementing preventative measures like user awareness programs to enhance overall system security.
The identification phase involves detecting security incidents and determining their severity Key steps include identifying common attack vectors, recognizing incident signs and precursors, initial analysis via file integrity checks, packet sniffing, data filtering, and evidence preservation.
Containment phase: Instructions on how to separate systems that have been impacted by the assault to avoid further damage to other systems
Eradication phase: Determining the cause of the occurrence and removing the impacted systems Recovery phase: Returning afflicted systems to their regular operating environment
Post-incident phase: recording the whole occurrence, performing a comprehensive investigation, determining the reason for the incident, assessing related expenses, and formulating a strategy to prevent future events
Elements of an incident response policy:
Incident response teams can be centralized or dispersed, with smaller organizations often favoring the former, while larger, diverse organizations lean towards the latter for better coordination These teams may consist of in-house employees or be partially or fully outsourced, depending on the incident's nature.
17 that the members are not only specified in the agreement but also appropriately taught to carry out their tasks and obligations
Information about the system: System specifics, such as network and data flow diagrams, hardware inventories, and logging data, should be included in the policy
Incident handling and reporting procedures are crucial, defining methods for dealing with and reporting security events, whether suspected or occurred These procedures should specify triggers for response measures and provide guidance on incident reporting, including timing, data impact, and mitigation techniques The policy must clarify response criteria, addressing whether the organization reacts to prospective attacks or only to successful breaches.
The "Lessons Learned" component of an incident response policy is crucial for enhancing security measures and the incident handling process A dedicated "Lessons Learned" effort, involving meetings and discussions among stakeholders, can be a valuable tool for continuous improvement.
An incident response policy should detail timeframes and procedures for reporting to external parties, including IT, security, legal, media, and software providers, while adhering to jurisdictional legal mandates for incident reporting.
Discussion on Acceptable Use Policy
An Acceptable Use Policy (AUP) outlines the rules for employees using organizational IT assets, a standard part of onboarding where new employees must agree to the AUP before accessing the network Key departments like IT, security, legal, and HR should collaborate on the AUP's content to ensure comprehensive coverage.
This policy applies to any data produced or stored on the Organization's systems
All data including non-public personal information must be encrypted before being electronically transmitted
Non-public personal information and other sensitive information shall be encrypted following the Information Sensitivity Procedures in all other circumstances
For this policy, all information and data residing on the organization's systems and networks are considered the organization's property
The organization retains the right to monitor and audit all data, including files and emails, on company devices for security compliance, at any time and without notice, ensuring continuous adherence to security procedures.
Without sufficient authority, all sensitive material must be kept secret and not distributed or made available to anybody Sensitive data will be utilized purely and exclusively for the
18 investigation It is only to be used for the administration of receivership and not for any other purpose
The official website of the organization should not include any sensitive information
Information on the organization's systems, including public and private websites, should be categorized as either public or sensitive, according to the organization's information sensitivity policies
Passwords must be kept confidential and not shared with anyone else The security of their passwords and accounts is the responsibility of authorized users
Organizations should enforce password updates at least every six months for all user-level accounts, including email, as mandated by system usage policies, ensuring enhanced security and compliance.
• Access to sensitive information through application accounts
Email attachments can harbor significant cybersecurity threats, including viruses and Trojan horses, necessitating user vigilance and comprehensive training to identify and mitigate potential risks effectively.
Discussion on Remote Access Policy
A remote access policy is a crucial document for organizations, outlining the approved methods for connecting to internal networks from remote locations, often including guidelines for Bring Your Own Device (BYOD) assets, which is essential for enterprises with distributed networks that may extend into unsecured locations like public Wi-Fi or home networks.
Confidentiality of access procedures is paramount, mandating that all personnel with network access, including employees, contractors, and suppliers, protect and never disclose access codes Access privileges are granted to employees, contractors, suppliers, and agents.
Organization's network must guarantee that their access connections are subject to security measures that are essentially comparable to Organization
Secure remote access necessitates stringent regulation, granting access solely to personnel approved by the Information Security Officer Authentication should employ one-time passwords or public/private keys with strong passwords Furthermore, authorized users must maintain the confidentiality of their login credentials, refraining from sharing or recording them to ensure ongoing security (Anon., 2008).
Unless the Information Security Officer approves differently, authorized users may only access the network using equipment provided by Organization
Authorized users must guarantee that remote connections comply with minimal authentication standards like CHAP or DLCI
Authorized users are responsible for ensuring that any remote host connected to the organization's internal networks is running antivirus software with the most recent virus definitions
3 IDENTIFY THE POTENTIAL IMPACT ON THE SECURITY OF
INCORRECT CONFIGURATION OF FIREWALL POLICIES AND IDS
Firewall Definition
A firewall is a network security device that monitors and filters network traffic based on an organization's security regulations, acting as a barrier between a private network and the public Internet Its primary goal is to block harmful traffic while allowing non-threatening traffic to pass through.
Packet filtering: A tiny quantity of data is examined and delivered by the filter's requirements
Proxy service: At the application layer, a network security system protects while filtering communications
Stateful inspection: Dynamic packet filtering keeps track of current connections to decide which network packets to let through the Firewall
Next-Generation Firewall (NGFW): Deep packet inspection Firewall with the application- level inspection
Firewalls come in software and hardware forms, with hardware firewalls often offering extra network services like DHCP Software firewalls are also integrated into personal computer operating systems to protect against internet threats.
Many routers that transmit data across networks include firewall components, and many firewalls may perform basic routine duties as well
Prevents the Passage of Unwanted Content
Firewalls are essential for protecting systems from undesirable online content, with most operating systems offering built-in firewalls to shield users from harmful internet information Without a strong firewall, unwanted content can easily infiltrate a system.
Unethical hackers constantly target weak systems, often gaining access without the user's knowledge.
A powerful firewall is required to safeguard your data, transactions, and other sensitive information; for businesses, private data, and information leakage can result in significant loss and failure
The vast network of the internet has exposed individuals, particularly adolescents and youngsters, to immoral information This content's malicious nexus has been rapidly growing
Exposure to obscene information of any kind can be damaging to young minds, leading to unusual behaviours and immoral behaviour
Guarantees Security Based on Protocol and IP Address
Hardware firewalls excel at protocol-based traffic inspection, maintaining comprehensive connection records from initiation to termination, thereby bolstering system security.
Network Address Translation (NAT) acts as a firewall, safeguarding computers from external attacks by making their IP addresses accessible only within the internal network, thus ensuring independence and protection This protection facilitates seamless operations within enterprises.
Enterprise software is crucial for modern businesses, enabling authorized stakeholders to utilize data across geographical locations through decentralized distribution mechanisms, thereby ensuring effective company operations.
A user can log in to his system using credentials from any system on the network Given such a large network system and large amounts of data
Protects Conversations and Coordination Contents
Organizations in the service industry must continually communicate with third-party clients They continuously share relevant material with the customer and internal teams as part of various initiatives
Almost all the content generated by these coordinating operations is secret and must be well safeguarded; no organization can afford the expense of such essential information being leaked
Online entertainment platforms offer movies, games, and videos, but many lack adequate security, exposing users to malware and viruses A firewall is essential to protect against these threats when streaming or downloading content.
• Hackers and remote access are prevented by a firewall
• Enhanced security and network monitoring capabilities
• It gives you more privacy and security
• Assist the VOIP phone's dependability
• It guards against trojans (Bradley, 2021)
• Allow for more advanced network capabilities to be implemented
• An OS-based firewall can only protect single PCs, but a network-based firewall, such as a router, can protect
How Does a Firewall Provide Security to A Network?
Within a private network, firewalls filter network traffic based on a set of regulations, determining which traffic types are permitted or prohibited Acting as a gatekeeper, the firewall allows only trustworthy sources, or IP addresses, to access the network.
A firewall meticulously filters incoming network traffic, accepting only connections that adhere to pre-defined security rules, distinguishing between safe and harmful data packets to protect the system.
To avoid cyberattacks, traffic is restricted from suspected sources based on packet data criteria, including source, destination, and content.
• The graphic below, for example, depicts how a firewall permits excellent traffic to flow through to a user's private network
• The firewall in the example below, on the other hand, prevents harmful traffic from accessing the private network, safeguarding the user's network from a cyberattack (Bradley, 2021)
• A firewall can do fast evaluations to detect malware and other suspicious activity in this manner
• At different network levels, several types of firewalls are used to read data packets
IDS Definition
IDS Usage
Other security controls intended at detecting, stop, or recover from assaults; monitoring the functionality of routers, firewalls, key management servers, and files that are required by other security controls
Allowing administrators to tweak, manage, and comprehend relevant OS audit trails and other logs that might otherwise be impossible to follow or interpret
To bolster system security, a comprehensive attack signature database is essential for identifying threats, while a user-friendly interface empowers non-expert staff to actively participate in security management, enhancing overall protection.
An Intrusion Detection System (IDS) triggers an alarm upon detecting altered data files, alerting users to a security breach The system responds by blocking attackers or isolating the compromised server to prevent further damage.
How Does IDS Work
Intrusion detection systems (IDSes) are crucial for identifying network irregularities and capturing hackers before they inflict significant damage Network-based IDSes monitor network traffic, while host-based IDSes are installed on individual client computers This combination provides comprehensive security, with network-based systems protecting the network as a whole and host-based systems securing individual machines.
Intrusion detection systems identify attacks by spotting signatures of known threats or anomalies in typical activity, escalating and scrutinizing these irregularities at the protocol and application layers to uncover events like Christmas tree scans and DNS poisoning.
An Intrusion Detection System (IDS) can be implemented as software on a client or as a network security appliance Cloud-based intrusion detection solutions are now available to protect data and systems within cloud deployments, enhancing overall cloud security.
The Potential Impact (Threat-Risk) Of A Firewall and IDS If They Are Incorrectly
Unencrypted HTTP connections expose firewalls to unauthorized access, especially on open networks The absence of anti-spoofing measures on external interfaces increases the risk of denial-of-service attacks Lack of logging for certain rules can complicate the monitoring of critical systems, hindering security efforts.
Internal network segments can be connected by any protocol/service, which can lead to internal breaches and compliance violations, especially in PCI DSS cardholder data settings
Unencrypted telnet connections allow anyone on the internal network to connect to the firewall If ARP poisoning is enabled by a tool like the free password recovery application Cain
& Abel, these connections can be abused by an inside user (or malware)
Any sort of TCP or UDP service can leave the network, allowing malware and spam to proliferate and resulting in permissible use and policy breaches
There is no documentation for the rules, which might lead to security management concerns, especially when firewall administrators leave the company unexpectedly
The default password(s) are used, resulting in every security risk imaginable, including responsibility concerns when network events occur
Outdated firewall OS software poses significant cybersecurity risks due to unpatched vulnerabilities like remote code execution and denial-of-service attacks; furthermore, using unsupported systems can damage an organization's reputation following a security breach.
Default or weak credentials on Microsoft SQL Server databases can expose them to unauthorized internet access, potentially leading to internal database breaches.
4 SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP, AND NAT IN A NETWORK CAN IMPROVE
Definition
A DMZ network acts as a perimeter network, enhancing security for an organization's internal LAN by creating a subnetwork between the public internet and private networks.
A DMZ allows organizations to connect to untrusted networks like the internet while maintaining the security of their private network External-facing services such as DNS, FTP, mail, proxy, VoIP, and web servers are often stored in the DMZ.
How Does DMZ Work
Internet-connected gadgets and companies with public-facing servers are highly vulnerable to cyberattacks DMZs offer a crucial security layer by filtering incoming traffic through firewalls before it reaches an organization's internal network Creating a DMZ between two firewalls enhances security.
Figure 7: How does DWZ work
Early breach detection is crucial; systems alert hosts upon unauthorized access, preventing harmful activities and sensitive data breaches, enhancing overall cybersecurity (Ohri, 2021).
Advantages Of DMZ
Service of DMZ
The Importance of Dmz Networks
The primary benefit of employing a DMZ is that it adds an extra layer of protection to an organization's private network by restricting access to servers and critical data
In the DMZ, we may set up a reverse proxy server Clients on the internet will connect to a reverse proxy server that holds no sensitive information
The DMZ not only isolates and keeps possible target systems away from inside networks, but it also limits and controls access to them (Ohri, 2021)
A DMZ allows enterprise users to exchange and access internet material, while also preventing unauthorized external users from accessing crucial network data, enhancing overall network security.
Because a DMZ manages both external and internal traffic flow to and from a private network, hackers are less likely to get direct access to the system
The DMZ can also be used to respond to security concerns posed by IoT devices, OT systems, and other similar systems
Definition
How static IP addresses work
To obtain a static IP address, individuals or organizations must request it from their ISP After the ISP assigns the static IP to the device, typically a router, a restart is required to complete the setup This ensures that all devices behind the router use the same, unchanging IP address, eliminating the need for ongoing maintenance.
Due to the limited availability of static IPv4 addresses, acquiring one often incurs a cost IPv6, which expands IP addresses to 128 bits, offers a solution by greatly increasing the number of available addresses, simplifying the acquisition and maintenance of static IPs While IPv4 remains prevalent, IPv6 is gaining traction, leading to the concurrent use of both protocols.
Up to 340 undecillion unique IP addresses are possible using IPv6 To put it another way, it's
The IPv6 protocol supports 340 trillion, trillion, trillion unique IP addresses, facilitating significant internet expansion and resolving concerns about IP address scarcity.
Advantages of Static IP
Businesses that use IP addresses for mail, FTP, and web servers might have a single address that never changes
For hosting voice-over IP, VPNs, and gaming, static IP addresses are preferable
They can be more reliable in the event of a connectivity outage, ensuring that packet exchanges are not missed
They enable speedier file uploads and downloads on file servers
Any geolocation services will have an easier time determining where a device is with a static
For remote access to a computer, static IPs are preferable
A device with a static IP address does not need to make renewal requests
When it comes to maintaining servers, network administrators may find it easier to keep static IP addresses
It's also easy for administrators to keep track of internet traffic and grant access to users depending on their IP addresses.
Definition
How Does NAT Work
Border routers, typically configured with Network Address Translation (NAT), possess an interface in both the local (inside) and global (outside) networks NAT translates local private IP addresses to global public IP addresses when packets exit the local network Conversely, when packets enter the local network, NAT converts global public IP addresses back to local private IP addresses.
When Network Address Translation (NAT) exhausts its pool of available addresses, packets are dropped, and an Internet Control Message Protocol (ICMP) host unreachable packet is sent to the destination, signaling a failure to connect.
Figure 10: how Does NAT work
Types of NAT
This NAT chooses the same local address when it is transformed into a public one This indicates that the router or NAT device will have a constant public IP address
This NAT uses a pool of public IP addresses rather than using the same IP address every time
As a result, each time the router translates a local address to a public address, the router or NAT device receives a different address (Vaughan-Nichols, 2019)
PAT, a form of dynamic NAT, maps multiple local IPs to a single public IP, commonly used by organizations to route employee activities through one IP under network administrator oversight.
NAT enhances security and privacy by blocking direct access to private devices from public addresses The router efficiently manages data packets, routing them to the correct internal destination and obstructing unwanted data While NAT serves as an initial security layer, robust data protection requires comprehensive cybersecurity measures implemented by experts.
This paper examines online data protection, detailing risks, remedies, and tools for individuals and organizations By listing past security breaches, it aims to educate users on avoiding dangers and safeguarding data The analysis weighs the benefits of data protection measures, enabling consumers to select the best solutions for their specific needs.
1/ Waterfall model Gilb, Tom "Evolutionary Delivery versus the" waterfall model"." ACM sigsoft software engineering notes 10.3 (1985): 49-61 https://dl.acm.org/doi/abs/10.1145/1012483.1012490 (028/08/2022)
2/ Spiral pattern Miller, R H., K H Prendergast, and William J Quirk "Numerical experiments in spiral structure." The Spiral Structure of Our Galaxy Springer, Dordrecht, 1970 365-367 https://link.springer.com/chapter/10.1007/978-94-010-3275-9_70 (28/08/2022)
3/ Agile model Ramesh, Gurusamy, and S R Devadasan "Literature review on the agile manufacturing criteria." Journal of manufacturing technology management (2007) https://www.emerald.com/insight/content/doi/10.1108/17410380710722890/full/html
4/ The iterative approach models Kiasari, Mohammad Ahangar, Gil-Jin Jang, and Minho
Lee "Novel iterative approach using generative and discriminative models for classification with missing features." Neurocomputing 225 (2017): 23-30 https://www.sciencedirect.com/science/article/abs/pii/S0925231216313443 (028/08/2022)
5/ Incremental model Pedrycz, Witold, and Keun-Chang Kwak "The development of incremental models." IEEE Transactions on Fuzzy Systems 15.3 (2007): 507-518 https://ieeexplore.ieee.org/abstract/document/4231865 (028/08/2022)
6/ Risk Risk, Ahmad, and Joan Dzenowagis "Review of internet health information quality initiatives." Journal of medical Internet research 3.4 (2001): e848 https://pubmed.ncbi.nlm.nih.gov/25032320/ (028/08/2022)
7/ Causes of risk Worm, Margitta, Magda Babina, and Stephanie Hompes "Causes and risk factors for anaphylaxis." JDDG: Journal der Deutschen Dermatologischen Gesellschaft 11.1
(2013): 44-50 https://onlinelibrary.wiley.com/doi/full/10.1111/j.1610-0387.2012.08045.x (028/08/2022)
8/ The 4 essential steps of the Risk Management Process Stoneburner, Gary, Alice Goguen, and Alexis Feringa
"Risk management guide for information technology systems." Nist special publication 800.30 (2002): 800-
30 https://ieeexplore.ieee.org/abstract/document/4349543 (028/08/2022)