ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Lam Thai Duy Student ID GCD 18477

Class GCD Assessor name Tran Trong Minh

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1

1
LO1: Assess risks to IT security..................................................................................................................................5

P1. Identify types of security threat to organisations.................................................................................................5

P2. Describe at least 3 organisational security procedures.........................................................................................9

I. Definition of organizational security procedure ..............................................................................................9

II. Security process for an

organization .................................................................................................................9

1. Encrypt data information ...................................................................................................................9

2. Use strong passwords .........................................................................................................................9

3. Two-factor authentication ................................................................................................................10

4. Comprehensive network security............................................................................................................11

5. Use anti-virus software...........................................................................................................................11

LO1: Assess risks to IT security
P1. Identify types of security threat to organisations.
Threats have large quantity and forms and mostly use malicious code called malware
Malware, or “malicious software,” is a term used to that describes any malicious program or code that is
harmful to systems. This is software developed and created by network attackers for the purpose of
gaining access to or damaging computers or networks.

 Common types of malware

Malware Describe
Computer Virus Computer virus is a software program capable of copying itself from one infected object to
another (the object may be program files, documents, computers ...). Intend to disable your
security settings, corrupt and steal data from your computer, including personal
information like passwords, even erasing everything on your hard drive.

Trojan horse Like its meaning in the history of the Trojan horse. It is a malicious software or code that
attempts to trick users into running it voluntarily, by hiding it behind a legitimate program.

Worm As part of a malicious program that is able to copy itself quickly and spread from one
computer to another, worm transmission is also often done by exploiting software
vulnerabilities. .

Rootkit Rootkit is a software that is allowed to be remotely controlled and granted administrative
rights via a computer or a computer network. After being granted permission by hiding
behind legitimate programs. Once authorized, the rootkit installs itself and steals computer
information

Rogue security Rogue security software is malicious software that makes users misunderstand that a
software computer virus is installed on their computer or their security measures are not up to date.
They then recommend setting or updating the user's privacy settings. They will ask you to
download their program to remove the alleged virus or pay for a tool.

Ransomware This type of software uses an encryption system to encrypt data belonging to an individual
and requires a ransom to restore the data. Ransomware penetration:

Find and use cracked software of unknown origin

Click on an attachment in an email (usually word file, PDF)

 Click on ads containing ransomware

Access to websites containing depraved, unhealthy content

Access to the fake website.

Table 1 : Common types of malware

Things other than malware threats

 Phishing scam attack
Phishing a new type of cyber security threat has recently been posed by impersonating reputable,
famous businesses and collecting their sensitive information - such as credit card information,
usernames, passwords…

 Exploiting security holes in applications (Website, Mobile App, Software, IoT devices ...)
Today, the application of IoT in manufacturing businesses is gradually playing a decisive role in
reducing costs and increasing management efficiency as well as productivity in the operations of
organizations and businesses. IoT-based encompasses increased productivity, performance and
customer satisfaction monitoring, inventory control, machine maintenance, temperature management
and access control. is the target of cyber criminals.

 Hacking attacks
Hackers will access via intranet (including computers, devices, people). In the human element,
hackers can access via mobile devices, social networks, and software applications. WannaCry poison
attacked a series of Vietnamese businesses and demanded ransom.

 Supply Chain Attack

Supply chain attack is a cyber attack aimed at damaging a company by exploiting holes in its supply
chain network. A supply chain attack requires constant hacking or network penetration to gain access
to the corporate network. Sophisticated cybercriminals also recognize the importance of data by
companies and use a variety of strategies to gain access to sensitive data.

Example of a recently publicized security breach

 Ransomware GandCrab (1/2018)
GandCrab is a blackmail malware discovered at the end of January 2018. This malicious code is
spread via ads that lead to landing pages that contain malicious code or infect via email. To pay the
ransom, users must install the Tor browser, pay with Dash or Bitcoin, with a value of about $ 200 - $ 1200
depending on the number of encrypted files.

Consequently, by the end of 2018, there were 3,900 cases of computers infected with this ransomware
in Vietnam encrypting blackmail data.

Solutions
 Data backup
 Backing up data regularly ensures that backups are properly protected or stored offline, facilitating
recovery from Ransomware attacks.

 Invest in device hardware and security software

 Outdated hardware and free anti-virus software cannot protect against Ransomware attacks. Invest and
pay for the best hardware and security software.

 Regularly update the software

 Software updates will often have security patches that exist in older versions, protecting information
security. Businesses should pay special attention to regularly updating programs such as browsers, Flash,
and Java.

 Beware of strange downloads and links

 The wire is a fairly common scam method: Emailing or texting via Facebook, attaching a download
link and saying it is an important file or content that is appealing to the target. When downloading, the file
is usually in the form of .docx, .xlxs, .pptx or .pdf, but it is actually a .exe file (the program can be run).
As soon as the user clicks open the file, the malicious code will start working.

  Full training for company employees

Train and raise awareness about Ransomware and how this malware works for employees. Ask staff to
report suspicious activity.
P2 Describe at least 3 organisational security procedures.
I. Definition of organizational security procedure
A security procedure is a sequence of activities to perform a specific security task or function.
Procedures are often designed as a series of steps that need to follow a consistent and iterative approach or
cycle to complete the end result. Once implemented, security procedures provide a set of actions designed
to carry out organizational security issues, which will facilitate training, process audits and Process
improvement. Procedures provide a starting point for implementing the consistency needed to reduce
changes in security processes, helping to increase security control within the organization.

II. Security process for an organization

1. Encrypt data information
Data encryption is the process of converting information from one form to another and is not accessible
to unrelated people. By encrypting even if the information is stolen, the encrypted information will be
unusable because it cannot be read or understood.

Encrypting information is very important when in the Internet age, when information has to travel
through many stations before reaching the destination. If not encrypted, your information will be
eavesdropped and used for illegal purposes.
2. Use strong passwords
The encoded data in step 1 will become meaningless if the hacker knows your password and easily
steal data.

Websites and online services recommend that users set a password of at least 8 characters (numbers,
symbols, punctuation), characters that must be unique, randomly selected, and especially not obeyed. in an
order, with any meaning (date of birth, phone number ...).

Researchers have explained this, the 8 characters bring a huge amount of "hidden" information so that
users can avoid hacker attack tools such as guessing passwords, detecting passwords.
 Figure 1: Elements of a strong password

3. Two-factor authentication
Once they get the data and powerful password, but you can not avoid the loss of data when
transmitting it refined in public environments such Wifi Cafe, school ... So you take a step more to protect
themselves, this process called 2-step verification (two-factor authentication).

An easy to understand 2-step verification adds a layer of protection when required you must provide
two forms of authentication to access the account. The first is the user ID and password associated with
it. Monday was the unique code sent to your phone or other device to your complete login process. Since
the second code sent to the device you carry with you, it makes hacking difficult to penetrate your
information better.
 Figure 2: Some ways of 2-step verification

4. Comprehensive network security

How often do you access low-security networks? When setting up the Wifi router, you can increase
security by turning off SSID Broadcast, turning on MAC Address Filtering and AP Isolation. Also, make
sure you have enabled firewalls on your router and computer to prevent applications from performing
unwanted communications.

5. Use anti-virus software

The above security steps will be useless if in step 5 of the security process this information system has
viruses or malicious software that has illegally entered your system to help hackers gain control. Remote
control of your device or just steal data from your device.

Network systems should install high-quality anti-virus programs to avoid the entry of viruses when you
download things that are not safe, or hide behind legitimate software.

Some effective antivirus software can be used as follows: Avast Free Antivirus, Kaspersky 2020,
Norton 2020,Avira 2020, Windows Defender...
LO2 Describe IT security solutions
P3. Identify the potential impact to IT security of incorrect configuration of firewall
policies and IDS.

I. Firewall

A firewall is a network security system, based on hardware or software, that uses a defined security
policy to control incoming and outgoing data. This means that traffic that is supposed to comply with the
new policy is in and out, and other traffic is not.

A firewall can be compared to a security guard of a particular building, and this employee can allow or
deny anyone who enters the building. Similarly, a firewall can be a software program, or hardware device,
that filters packets from the Internet to your computer or computer network.

A firewall can deny or allow network traffic between devices based on rules that it has been
configured or installed by a firewall administrator. Many personal firewalls, such as the Windows firewall,
operate on a set of pre-installed settings that can prevent common threats, so users don't need to worry
about how to configure the firewall.

Figure 3:Diagram of firewall

Link picture:https://whitehat.vn/threads/cach-firewall-lam-viec.473/
 Firewalls will use one or more methods to control network traffic to and from a network:
Packet Filtering: In this method, the packet will be analyzed and compared with the previously
configured filter. Filtering packets will have many different rules depending on the company's
management policies. Every time a network traffic comes and goes, this packet will be compared to the
configuration available in the firewall, if it is allowed, the packet will be accepted, and if not allowed in
the firewall configuration. , the packet will be refused to go over the network.

Stateful Inspection: This is a newer method, it does not analyze the content of the packet, instead,
it compares the form and pattern of the packet to its trusted database. Both incoming and outgoing
network traffic will be collated to the database.

Common firewall policies are built in two directions :

 Reject all, allowing only valid data traffic
 Allow all, prohibiting the traffic of invalid data
There are various components in a common privacy policy:
 Acceptable Use Statement: is a set of applicable rules of the owner, founder or administrator of a
network, website to restrict the ways in which networks, websites or systems can be used and set
directions. on how to use it.

 Network Connection Statement: This part of the policy relates to devices connected to the network.
This is where problems related to the system operation of network devices can be identified

 Contracted Worker Statement: This is a policy that addresses contract workers' problems, or is only
temporary. These individuals may only require regular access to network resources.
 Firewall Administrator Statement: Must be certified by the Firewall provide
Benefits of firewall security:
 A firewall monitors all traffic to your computer network
 There is a firewall that prevents hackers from leaving your network.
 Having a firewall security reduces the risk of keyloggers watching you
 Firewalls can also block email services for security against spam.
 Firewalls are excellent auditors. With multiple disc or remote recording capabilities, they can record
 any and all traffic passing.
II. Intrusion detection system (IDS)

IDS is a device or software application that monitors a network or computer system for malicious
activities or policy violations.

IDS detects based on specific signs of known risk (similar to how anti-virus software detects and
removes viruses) or based on a comparison of current network traffic with a baseline (standard system
parameters may be acceptable) to look for abnormal signs.

IDS includes 5 main types

 Network intrusion detection systems (NIDS)
 Host Intrusion Detection System (HIDS)
 Protocol-based Intrusion Detection System (PIDS)
 Application Protocol-based Intrusion Detection System (APIDS)
 Hybrid Intrusion Detection System
Link picture: http://khcn.cinet.vn/articledetail.aspx?articleid=1867#sthash.MQ0wOBXR.dpbs

Figure 4: Diagram of IDS

Usage of IDS

When located at a network point with a purpose to monitor traffic to and from all devices on the
network. Depending on the IDS level, it is possible to automatically perform illegal acts. When an attack
is identified or abnormal behavior is sensed, alerts can be sent to the administrator.

Important functions of IDS are:

 Monitoring: Monitor network traffic for abnormal activities and suspicious activities
 Warning: Once an unknown access is detected, IDS will issue a system warning to the administrator.
 Protection: Use default settings and configurations from the administrator that takes action against
intruders
III. The potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the
network.
Firewall
 Firewall software is obsolete and no longer supported, can facilitate known exploits including remote
code execution and denial of service attacks and may not be as good in the eyes of third parties if The
breach occurred and the system was outdated.

 Anti-phishing controls are not enabled on the external interface, this may facilitate denial of service
and related attacks.

 The false sense of security that it can create makes it harder to troubleshoot other parts of the system,
increasing the risk of unauthorized data errors, reducing unexpected redundancy

 The impact, if there is any way to measure it in advance, will range from financial losses that could
push the business to bankruptcy, data leakage, extortion…

 Unwanted traffic reaching the destination should not be. This is also an attack vector that can happen
to individuals with malicious intent.

IDS
 Forged / authorized addresses: an attacker can obscure the source of the attack using poorly secured or
incorrectly configured proxy servers to execute an attack. If the source is tampered with and returned
by a server, it makes it very difficult to detect.
 Forged / authorized address: an attacker can obscure the source of the attack by using poorly secured
or incorrectly configured proxy servers to execute an attack. If the source is tampered with and
returned by a server, it makes it very difficult to detect.

 Fragmentation: by sending fragmented packets, an attacker will be under the radar and can easily
bypass the detection system's signature detection capability.

 Combined, low-bandwidth attacks: coordinate scans between multiple attackers (or agents) and
allocate different ports or servers to different attackers, making it difficult for IDS to correlate packets
captured and deduced that network scanning is taking place.

 To avoid pattern changes: IDS often relies on 'pattern matching' to detect an attack. By changing the
data used in the attack a bit, detection can be avoided

 Intrusion detection software provides information based on the network address associated with the IP
packet sent into the network. This is beneficial if the network address contained in the IP packet is
correct. However, the address contained in the IP packet can be tampered with or tampered with.

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in
a network can improve Network Security
I. Demilitarized zone(DMZ)
In a computer network, a DMZ (demilitarized zone) functions as a subnetwork containing an
organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks,
commonly the Internet.The purpose of the DMZ is to add an additional layer of security to the
organization's local area network (LAN): an external network node can only access those What is
displayed in the DMZ, while the rest of the organization's network is firewalled. The DMZ acts as a small,
isolated network placed between the Internet and the private network and, if its design is effective, gives
the organization more time to detect and handle violations before they invade. deeper into the intranet.