Professional Documents
Culture Documents
Assignment Front Sheet
Assignment Front Sheet
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P1 P2 P3 P4 M1 M2 D1
1
LO1: Assess risks to IT security..................................................................................................................................5
Malware Describe
Computer Virus Computer virus is a software program capable of copying itself from one infected object to
another (the object may be program files, documents, computers ...). Intend to disable your
security settings, corrupt and steal data from your computer, including personal
information like passwords, even erasing everything on your hard drive.
Trojan horse Like its meaning in the history of the Trojan horse. It is a malicious software or code that
attempts to trick users into running it voluntarily, by hiding it behind a legitimate program.
Worm As part of a malicious program that is able to copy itself quickly and spread from one
computer to another, worm transmission is also often done by exploiting software
vulnerabilities. .
Rootkit Rootkit is a software that is allowed to be remotely controlled and granted administrative
rights via a computer or a computer network. After being granted permission by hiding
behind legitimate programs. Once authorized, the rootkit installs itself and steals computer
information
Rogue security Rogue security software is malicious software that makes users misunderstand that a
software computer virus is installed on their computer or their security measures are not up to date.
They then recommend setting or updating the user's privacy settings. They will ask you to
download their program to remove the alleged virus or pay for a tool.
Ransomware This type of software uses an encryption system to encrypt data belonging to an individual
and requires a ransom to restore the data. Ransomware penetration:
Exploiting security holes in applications (Website, Mobile App, Software, IoT devices ...)
Today, the application of IoT in manufacturing businesses is gradually playing a decisive role in
reducing costs and increasing management efficiency as well as productivity in the operations of
organizations and businesses. IoT-based encompasses increased productivity, performance and
customer satisfaction monitoring, inventory control, machine maintenance, temperature management
and access control. is the target of cyber criminals.
Hacking attacks
Hackers will access via intranet (including computers, devices, people). In the human element,
hackers can access via mobile devices, social networks, and software applications. WannaCry poison
attacked a series of Vietnamese businesses and demanded ransom.
Consequently, by the end of 2018, there were 3,900 cases of computers infected with this ransomware
in Vietnam encrypting blackmail data.
Solutions
Data backup
Backing up data regularly ensures that backups are properly protected or stored offline, facilitating
recovery from Ransomware attacks.
Encrypting information is very important when in the Internet age, when information has to travel
through many stations before reaching the destination. If not encrypted, your information will be
eavesdropped and used for illegal purposes.
2. Use strong passwords
The encoded data in step 1 will become meaningless if the hacker knows your password and easily
steal data.
Websites and online services recommend that users set a password of at least 8 characters (numbers,
symbols, punctuation), characters that must be unique, randomly selected, and especially not obeyed. in an
order, with any meaning (date of birth, phone number ...).
Researchers have explained this, the 8 characters bring a huge amount of "hidden" information so that
users can avoid hacker attack tools such as guessing passwords, detecting passwords.
Figure 1: Elements of a strong password
3. Two-factor authentication
Once they get the data and powerful password, but you can not avoid the loss of data when
transmitting it refined in public environments such Wifi Cafe, school ... So you take a step more to protect
themselves, this process called 2-step verification (two-factor authentication).
An easy to understand 2-step verification adds a layer of protection when required you must provide
two forms of authentication to access the account. The first is the user ID and password associated with
it. Monday was the unique code sent to your phone or other device to your complete login process. Since
the second code sent to the device you carry with you, it makes hacking difficult to penetrate your
information better.
Figure 2: Some ways of 2-step verification
How often do you access low-security networks? When setting up the Wifi router, you can increase
security by turning off SSID Broadcast, turning on MAC Address Filtering and AP Isolation. Also, make
sure you have enabled firewalls on your router and computer to prevent applications from performing
unwanted communications.
The above security steps will be useless if in step 5 of the security process this information system has
viruses or malicious software that has illegally entered your system to help hackers gain control. Remote
control of your device or just steal data from your device.
Network systems should install high-quality anti-virus programs to avoid the entry of viruses when you
download things that are not safe, or hide behind legitimate software.
Some effective antivirus software can be used as follows: Avast Free Antivirus, Kaspersky 2020,
Norton 2020,Avira 2020, Windows Defender...
LO2 Describe IT security solutions
P3. Identify the potential impact to IT security of incorrect configuration of firewall
policies and IDS.
I. Firewall
A firewall is a network security system, based on hardware or software, that uses a defined security
policy to control incoming and outgoing data. This means that traffic that is supposed to comply with the
new policy is in and out, and other traffic is not.
A firewall can be compared to a security guard of a particular building, and this employee can allow or
deny anyone who enters the building. Similarly, a firewall can be a software program, or hardware device,
that filters packets from the Internet to your computer or computer network.
A firewall can deny or allow network traffic between devices based on rules that it has been
configured or installed by a firewall administrator. Many personal firewalls, such as the Windows firewall,
operate on a set of pre-installed settings that can prevent common threats, so users don't need to worry
about how to configure the firewall.
Link picture:https://whitehat.vn/threads/cach-firewall-lam-viec.473/
Firewalls will use one or more methods to control network traffic to and from a network:
Packet Filtering: In this method, the packet will be analyzed and compared with the previously
configured filter. Filtering packets will have many different rules depending on the company's
management policies. Every time a network traffic comes and goes, this packet will be compared to the
configuration available in the firewall, if it is allowed, the packet will be accepted, and if not allowed in
the firewall configuration. , the packet will be refused to go over the network.
Stateful Inspection: This is a newer method, it does not analyze the content of the packet, instead,
it compares the form and pattern of the packet to its trusted database. Both incoming and outgoing
network traffic will be collated to the database.
Network Connection Statement: This part of the policy relates to devices connected to the network.
This is where problems related to the system operation of network devices can be identified
Contracted Worker Statement: This is a policy that addresses contract workers' problems, or is only
temporary. These individuals may only require regular access to network resources.
Firewall Administrator Statement: Must be certified by the Firewall provide
Benefits of firewall security:
A firewall monitors all traffic to your computer network
There is a firewall that prevents hackers from leaving your network.
Having a firewall security reduces the risk of keyloggers watching you
Firewalls can also block email services for security against spam.
Firewalls are excellent auditors. With multiple disc or remote recording capabilities, they can record
any and all traffic passing.
II. Intrusion detection system (IDS)
IDS is a device or software application that monitors a network or computer system for malicious
activities or policy violations.
IDS detects based on specific signs of known risk (similar to how anti-virus software detects and
removes viruses) or based on a comparison of current network traffic with a baseline (standard system
parameters may be acceptable) to look for abnormal signs.
When located at a network point with a purpose to monitor traffic to and from all devices on the
network. Depending on the IDS level, it is possible to automatically perform illegal acts. When an attack
is identified or abnormal behavior is sensed, alerts can be sent to the administrator.
Anti-phishing controls are not enabled on the external interface, this may facilitate denial of service
and related attacks.
The false sense of security that it can create makes it harder to troubleshoot other parts of the system,
increasing the risk of unauthorized data errors, reducing unexpected redundancy
The impact, if there is any way to measure it in advance, will range from financial losses that could
push the business to bankruptcy, data leakage, extortion…
Unwanted traffic reaching the destination should not be. This is also an attack vector that can happen
to individuals with malicious intent.
IDS
Forged / authorized addresses: an attacker can obscure the source of the attack using poorly secured or
incorrectly configured proxy servers to execute an attack. If the source is tampered with and returned
by a server, it makes it very difficult to detect.
Forged / authorized address: an attacker can obscure the source of the attack by using poorly secured
or incorrectly configured proxy servers to execute an attack. If the source is tampered with and
returned by a server, it makes it very difficult to detect.
Fragmentation: by sending fragmented packets, an attacker will be under the radar and can easily
bypass the detection system's signature detection capability.
Combined, low-bandwidth attacks: coordinate scans between multiple attackers (or agents) and
allocate different ports or servers to different attackers, making it difficult for IDS to correlate packets
captured and deduced that network scanning is taking place.
To avoid pattern changes: IDS often relies on 'pattern matching' to detect an attack. By changing the
data used in the attack a bit, detection can be avoided
Intrusion detection software provides information based on the network address associated with the IP
packet sent into the network. This is beneficial if the network address contained in the IP packet is
correct. However, the address contained in the IP packet can be tampered with or tampered with.
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in
a network can improve Network Security
I. Demilitarized zone(DMZ)
In a computer network, a DMZ (demilitarized zone) functions as a subnetwork containing an
organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks,
commonly the Internet.The purpose of the DMZ is to add an additional layer of security to the
organization's local area network (LAN): an external network node can only access those What is
displayed in the DMZ, while the rest of the organization's network is firewalled. The DMZ acts as a small,
isolated network placed between the Internet and the private network and, if its design is effective, gives
the organization more time to detect and handle violations before they invade. deeper into the intranet.