ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Class PBIT16101-CNTT1 Assessor name Do Phi Hung

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.
Student’s signature k
Grading grid
P1 P2 P3 P4 M1 M2 D1
Table of content....................................................................................................................................2
P1 Identify types of security threat to organisations..............................................................................4
I. What Is The Information Security...............................................................................................................4
II. What is Threats ?........................................................................................................................................4
P2 Describe at least 3 organizational security procedures......................................................................5
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.....6
I. Firewall......................................................................................................................................................6
II. IDS..............................................................................................................................................................8
P4 Show using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security.....................................................................................................................8
I. What is DMZ?.............................................................................................................................................8
II. What is static IP?......................................................................................................................................10
III. What is NAT?............................................................................................................................................10
References...........................................................................................................................................12
P1 Identify types of security threat to organisations.
I. What Is The Information Security.
Information security is the protection of personal and organizational data to avoid "stealing and
stealing" by bad guys or hackers. Information security as well as information security in general.
Good security of data and information will avoid unnecessary risks for yourself and your business.
- Confidentiality : Make sure any important information is not leaked or stolen. Information is only
allowed to be accessed by authorized persons.
- Integrity : Ensuring information has not been altered or is only allowed to be edited by
authorized personnel. In addition, integrity ensures that information remains accurate when it is
stored or transmitted.
- Availability : Ensures information can be accessed by authorized people whenever they want.
II. What is Threats ?
Information Security pitfalls can be numerous like Software attacks, theft of intellectual property,
identity theft, theft of outfit or information, sabotage, and information gouging.
Trouble can be anything that can take advantage of a vulnerability to breach security and negatively
alter, abolish, harm object or objects of interest.
1. Threat agent
Threat Agent can be used to refer to an individual, or a group of people, who has the potential to
become a threat, a Hacker who has unauthorized access to the network through an open port on
the Firewall, could also be a data retrieval process that violates the security policy or it could be
the accidental mistake of an employee that exposed all of the organization's confidential
information, or destroys the integrity of a file.
- Non-target specific
- Nation States
- Employees and Contractors
- Terrorists and Hacktivists
- Organised crime
- Natural disasters
- Corporates
2. Type of threats that organizations will face
- Non-target specific (Ransomware, Worms, Trojan, Logic Bombs, Backdoor, Virus, etc.)
- Terrorists and hackers include: political parties, extremists, religious cultists, media,
revolutionary activists, etc.
- Malicious insiders: An organisation’s own staff is often its biggest security weakness. Employees
might steal data for any number of reasons, although the most common motives are revenge (if
they believe the company has wronged them) or financial gain (by selling the data).
 - Natural disasters: In some circumstances, it’s easy to anticipate natural disasters. If your business
is on a floodplain, you plan against floods. If it’s in an earthquake zone, you plan against
earthquakes. Other times it’s not so easy. Anything from strong winds to heavy snow can affect
your business, so it’s important to consider the damage that natural phenomena can cause.
- Unintentional breaches: Sometimes, organisations or employees might expose information
inadvertently. For example, they could lose a removable device, forget to password protect a
database or transfer information that they didn’t realise was confidential. Organisations can
prevent unintentional breaches by making their staff aware of their information security
obligations.
3. Example of a recently published security breach and discuss its consequences.
o Google
On December 14 2020, Google experienced a widespread problem that prevented users worldwide
from accessing many services. The incident lasted for more than an hour and caused chaos for everyone.
Cybersecurity expert Will Geddes believes that the downfall of Google is due to the effects of a
cyberattack targeting the US government.
"Very worrying, this could be a 9/11 in cyberspace," Will Geddes said.
According to statistics, the Google issue affects nearly 70 million users across different services.
o Nintendo
Japanese game company Nintendo was hacked in mid-May 2020, leaving 300,000 accounts exposed.
The hacker then used the payment information of many different accounts to make illegal shopping
transactions. Nintendo did not disclose details of the hack but only said that their legacy login method,
NNID (Nintendo Network ID), had been compromised. After the hack, some users lost up to 300 USD.
4. Discuss the consequences of this breach?
o According to what we've seen above about security breaches, we can also see that the
damage they bring to each association is different depending on the position of the association but
generally when it comes to security breaches, they We'll each have damage to client information,
plutocrat, property, character of the company.
5. Suggest solutions to organizations.
o Server & Cloud Security
o Back up data regularly
o Customer relationship management security
o Secure IT/OT systems & intranets
P2 Describe at least 3 organizational security procedures.
In moment’s world, businesses are constantly at threat of being compromised in a cyberattack.
Fluently accessible malware has significantly lowered the hedge to entry for carrying out attacks,
performing in increased cybercrime exertion. For this reason, associations must have a strong
cybersecurity posture as this will enable them to adequately descry and manage intrusions across
networks.
 Below are six stylish practices you can use to ameliorate your association’s security posture.
1. Conduct a cybersecurity threat assessment
Perfecting your security posture begins with assessing the strength of the controls you presently
have in place. One way to do this is by conducting a cybersecurity threat assessment. This
assessment identifies the position of vulnerability across colorful means within your association.
The results of the assessment will help you determine which conduct need to be taken to
enhance your security posture as well as inform the security controls you put in place to cover
against unborn attacks.
2. Password
Facility systems or services are to identify users and authenticate access with passwords that
meet minimum password complexity standards and are changed frequently
3. Educate your workers
A lack of security training can expose your association to a variety of cyber pitfalls, so it's essential
to prioritize hand training as a means of protection against external cyber pitfalls. Security training
should be administered to every hand during the onboarding process, with class varying grounded
on job function and senility. Regular testing of workers’cybersecurity knowledge will allow you to
estimate the effectiveness of the education programs you have in place.
4. Physical security:
Unauthorized physical access to an unattended device can lead to malicious or fraudulent data
modification, fraudulent email use, or any other potentially dangerous situation. Where possible and
appropriate, devices should be configured to "lock" and require the user to re-authenticate if left
unattended for more than 5 minutes.
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS.
I. Firewall

 Definition
A firewall is a device that filters all traffic between a protected or “inside” network and a less trustworthy
or “outside” network.
Usually a firewall runs on a dedicated device; because it is a single point through which traffic is
channeled, performance is important, which means that only firewall functions should run on the
firewall machine. In practice, a firewall is a computer with memory, storage devices, interface cards for
network access, and other devices.
It runs an operating system and executes application programs. Often the hardware, operating system,
and applications are sold as a package, so the firewall application (a program) is sometimes also called a
firewall.
 How does the firewall work?
A firewall controls the flow of traffic by preventing unauthorized network traffic from entering or leaving
a particular portion of the network. You can place a firewall between an internal network and the
outside world or within the internal network to control access to particular corporate assets by only
authorized users. Firewalls are critical elements of networking security, but they are just that: elements.
Firewalls will not solve all security problems, but they do add a much-needed deterrent.
 Firewall Types
- Packet filtering—A packet-filtering firewall: It compares entered business with a set of
rules that define which business it'll permit to pass through the firewall. It makes this decision for each
packet that reaches the firewall and has no memory of packets it has encountered in the history.
- Stateful inspection—A stateful inspection firewall: remembers information about the
status of a network communication. Once the firewall receives the first packet in a communication, the
firewall remembers that communication session until it is closed. This type of firewall does not have to
check its rules each time it receives a packet. It only needs to check rules when a new communication
session starts.
- Application proxy—An application proxy: firewall goes further than a stateful inspection
firewall. It doesn’t actually allow packets to travel directly between systems on opposite sides of the
firewall. The firewall opens separate connections with each of the two communicating systems and then
acts as a broker (or proxy) between the two. This allows for an added degree of protection, because the
firewall can analyze information about the application in use when making the decision to allow or deny
traffic.
 Risks and threats without a firewall
- Open access: If a computer is not protected by a firewall, it is allow any type of inbound
connection from someone. In this context, we are unable to identify inbound threats or assaults via our
network. Without a firewall, we expose our devices to hostile user assaults.
- Data lost and for sale: Cybercriminals have the ability to easily destroy our data or utilize
our personal information for their own gain.
 Functions of firewall
- Firewalls have grown quite powerful, with several built-in functions and capabilities:
- Cybersecurity threat mitigation
- Control over identity and application-based control
 - Support for hybrid clouds
- Performance that is scalable
- Monitor and manage network traffic
- Check your access.
- Observe and report on happenings.
II. IDS
 What is IDS?
- Intrusion Detection Systems - IDS (Intrusion Detection Systems) is a software or tool that
helps to secure the system and warn of errors when suspicious behavior enters the system. The main
purpose of IDS is to prevent and detect actions that undermine the security of the system or behaviors
such as port detection and scanning.
 Types of IDS
The two general types of intrusion detection systems are signature based and heuristic.
- Signature-based intrusion detection systems perform simple pattern-matching and report
situations that match a pattern (signature) corresponding to a known attack type.
- Heuristic intrusion detection systems, also known as anomaly based, build a model of
acceptable behavior and flag exceptions to that model; for the future, the administrator can mark a
flagged behavior as acceptable so that the heuristic IDS will now treat that previously unclassified
behavior as acceptable.
 How does IDS work?
- A host generates a network packet
- Sensors in the network read packets in the amount of time before it is sent out of the local
network (this sensor needs to be set so that it can read all packets).
- The detection program located in the sensor checks to see if any packets have signs of violation.
When there is a violation, an alarm will be generated and sent to the console.
- When the command console receives an alert it sends a notification to a pre-specified person or
group (via email, popup, web page, etc.).
- A regulatory-initiated response to this intrusion signature.
- Alerts are saved for future reference (either locally or on a database).
- A summary report of the details of the incident is generated.
- Alerts are compared with other data to determine if this is an attack.
P4 Show using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security
I. What is DMZ?
  Defination
The DMZ (Demilitarized Zone) is a separate network that serves as a buffer between the exterior
and internal networks. A buffer network may comprise a web server or a mail server, for example, whose
communication is monitored by a firewall. It is a highly managed network that connects the external
network (Internet) to the inside system. It is a form of buffer zone that uses rigorous communication
restrictions and firewalls to keep systems apart from one another.
 Benefits of using DMZ in security:
- DMZ services include: DNS server, FTP server, mail server, Proxy server, Web server.
- Block Internet Spoofing (IP): Bushwhackers try to gain access to systems by burlesquing IP
addresses and impersonating an approved device to log into the network. The DMZ can descry and help
similar spoofing conditioning when another service determines the elucidative legality of an IP address.
The DMZ also provides a shard network to produce an systematized and service company volume
storehouse space that can be penetrated from private network content.
- Allow testers access: Businesses can give druggies access to services that aren't available on their
network over the public internet. When completing network segmentation to make it insolvable for
unauthorized druggies to pierce the private network, the DMZ permits access to these services. A DMZ
may also include a deputy garçon, which centralizes the storehouse of content and simplifies monitoring
and recording of that quantum.
 II. What is static IP?
 Defination
Static IP is a manually configured address for networked bias. It's called a static IP due to its fixed
nature and can not be changed. The bias must be duly configured with the router in order for them to be
suitable to communicate. This is also the disadvantage of static IP
 Benefit
A static IP is a fixed address reserved for one or a group of Internet users. Normally, a static IP
will be granted to a server that is used for a separate purpose, for example, a mail server, a web server,
etc., to help users not be interrupted during the access process.
III. What is NAT?
 Defination
NAT ( Network Address Translation ) is a technique that allows converting from one IP address to
another. Normally, NAT is commonly used in networks that use local addresses, which need access to a
public network (Internet). The location to implement NAT is the edge router connecting the two
networks.
 Types of NATs available
- Static NAT is also known as static NAT. This is a one-to-one NAT method. This method
allows a Private IP address to be connected to a Public IP address. Usually Static NAT is used in cases
where network equipment needs to access outside the network.
- Dynamic NAT allows Private IP addresses to be mapped with Public IP addresses in the
pool. At this time, Dynamic NAT also has its own computer IP address. That is the sequence number
192.168.32.10 compiled by the router and moved to the address 213.18.123.100.
- NAT overload will configure each computer operating in the internal network with the
corresponding IP address. Based on this, the router will proceed to translate the computer's IP address
to the same IP address 213.18.123. That process is done on different communication ports.
 Advantages and Disadvantages of NAT
- Advantage:
o Saving IPv4 addresses: The number of users accessing the internet is increasing
day by day. This leads to the risk of shortage of IPv4 addresses. The NAT technique will help reduce the
number of IP addresses that need to be used.
o Helps to hide IP inside LAN.
o NAT can share the internet connection for many different computers and mobile
devices in the LAN with only a single public IP address.
o NAT helps network administrators filter incoming packets and approve public IP's
access to any port.
- Disadvantage:
 o When using the NAT technique, the CPU will have to check and spend time to
change the IP address. This increases the delay during switching. Affects the connection speed of the
internet.
o NAT has the ability to hide IP addresses in LANs, so technicians will have a hard
time checking the IP origin or tracing traces of packets.
o NAT hides the IP address, so it will make some applications that need to use the
IP inoperable.
References
Anon., n.d. [Online]
Available at: https://us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html
Anon., n.d. [Online]
Available at: https://searchsecurity.techtarget.com/definition/Trojan-horse
Anon., n.d. [Online]
Available at: https://www.rapid7.com/fundamentals/sql-injection-attacks
Anon., n.d. [Online]
Available at: https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm
Anon., n.d. [Online]
Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids
Anon., n.d. [Online]
Available at: https://www.barracuda.com/glossary/dmz-network