Higher Nationals in Computing

Unit 05: Security

ASSIGNMENT 1

Assessor name: PHAN MINH TAM

Learner’s name: Do Quan Chuan

ID: GCS190052
Class: GCS0706A
Subject code: 1623

Assignment due: Assignment submitted:

 ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date April 17th, 2020 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Do Quan Chuan Student ID GCS190052

Class GCS0706A Assessor name

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:

 ASSIGNMENT 1 BRIEF

Qualification BTEC Level 5 HND Diploma in Computing

Unit number Unit 5: Security

Assignment title Security Presentation

Academic Year 2019 – 20120

Unit Tutor

Issue date Submission date April 27th,2020

IV name and date Khoa Canh Nguyen, Michael Omar, Nhung 9th/01/2020

Submission Format
The submission is in the form of two documents/files:

1. A ten-minute Microsoft® PowerPoint® style presentation to be presented to your colleagues. The

presentation can include links to performance data with additional speaker notes and a bibliography
using the Harvard referencing system. The presentation slides for the findings should be submitted with
speaker notes as one copy.
2. A detailed report that provides more thorough, evaluated or critically reviewed technical information on
all of the topics.

You are required to make use of the font Calibri, Font size 12, Line spacing 1.5, Headings, Paragraphs,
Subsections and illustrations as appropriate, and all work must be supported with research and referenced
using the Harvard referencing system.
Unit Learning Outcomes

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.

Assignment Brief and Guidance

You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT
Information security FIS.

FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to
potential IT security risks. Most customers have outsourced their security concerns due to lacking the
technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging
presentation to help train junior staff members on the tools and techniques associated with identifying and
assessing IT security risks together with the organizational policies to protect business critical data and
equipment.

In addition to your presentation you should also provide a detailed report containing a technical review of
the topics covered in the presentation.

Your presentation should:

1. Identify the risks FIS may face if they have a security breach. Give an example of a recently
publicized security breach and discuss its consequences
2. Describe a variety of organisational procedures an organisation can set up to reduce the effects
to the business of a security breach.
3. Propose a method that FIS Secure can use to prioritize the management of different types of risk
4. Discuss three benefits to FIS of implementing network monitoring system giving suitable
reasons.
5. Investigate network security, identifying issues with firewalls and VPN’s incorrect configuration
and show through examples how different techniques can be implemented to improve network
security.
6. Investigate a ‘trusted network’ and through an analysis of positive and negative issues
determine how it can be part of a security system used by FIS Secure

Your detailed report should include a summary of your presentation as well as additional, evaluated or
critically reviewed technical notes on all of the expected topics.

Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO1 Assess risks to IT security

P1 Identify types of security risks to M1 Propose a method to assess
organisations. and treat IT security risks.

P2 Describe organisational security

procedures.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT
security of incorrect configuration of
firewall policies and third-party VPNs.
M2 Discuss three benefits to
implement network monitoring
systems with supporting reasons.
LO1 & 2
D1. Investigate how a ‘trusted
network’ may be part of an IT
security solution

P4 Show, using an example for each,

how implementing a DMZ, static IP
and NAT in a network can improve
Network Security.
 Table of Contents

Table of Contents
Unit 05: Security ASSIGNMENT 1 .............................................................................................................................. 1
LO1. Assess risks to IT security.................................................................................................................................. 1
P1. Identify types of security risks to organisations ........................................................................................... 1
1. What is the information security? ........................................................................................................... 1
1.1 Defintion of information security. ............................................................................................................. 1
1.2 Why is the infosec important?................................................................................................................... 1
1.3 Who is responsible information security in an organization? .................................................................. 2
2. Types of security risks to organization .................................................................................................... 3
P2 Describe organisational security procedures. .............................................................................................. 11
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and third-party
VPNs.................................................................................................................................................................... 14
Firewall ........................................................................................................................................................... 14
1) Insider Attacks................................................................................................................................................ 17
2) Missed Security Patches ................................................................................................................................ 17
3) Configuration Mistakes .................................................................................................................................. 17
4) A Lack of Deep Packet Inspection.................................................................................................................. 18
5) DDoS Attacks .................................................................................................................................................. 18
What Is a VPN? ............................................................................................................................................... 19
HOW DOES A VPN WORK? ............................................................................................................................. 19
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security................................................................................................................................................ 22
What is a DMZ Network? ............................................................................................................................... 22
How DMZs work ............................................................................................................................................. 22
Benefits of DMZs ............................................................................................................................................ 23
What is static IP? ............................................................................................................................................ 25
What is NAT? .................................................................................................................................................. 28
NAT (Network Address Translation) is a process of changing the source and destination IP addresses and
ports. Address translation reduces the need for IPv4 public addresses and hides private network address
ranges. This process is usually done by routers or firewalls............................................................................... 28
An example will help you understand the concept: ........................................................................................... 28

NAT process explained

............................................................................................................................................................................ 28
Host A request a web page from an Internet server. Because Host A uses private IP addressing, the source
address of the request has to be changed by the router because private IP addresses are not routable on the
Internet. Router R1 receives the request, changes the source IP address to its public IP address and sends the
packet to server S1. Server S1 receives the packet and replies to router R1. Router R1 receives the packet,
changes the destination IP addresses to the private IP address of Host A and sends the packet to Host
A.REFERENCES .................................................................................................................................................... 28
 ASSIGNMENT 1 ANSWERS

LO1. Assess risks to IT security

P1. Identify types of security risks to organisations
1. What is the information security?

1.1 Defintion of information security.

Information security or infosec is concerned with protecting information from unauthorized
access. It's part of information risk management and involves preventing or reducing the
probability of unauthorized access, use, disclosure, disruption, deletion, corruption,
modification, inspect, or recording.

1.2 Why is the infosec important?

Information is one of the most important non-tangible assets of any organization, and like
other assets, it is the responsibility of the management to protect it appropriately. Upcoming
news about missing data scares organizations as they rely completely on information
technology which carries an abundance of sensitive data and customer information. It is dated
back to 1980 when the use of computers was limited to computer centers and the security of

1|Page
 the computer stands for the physical computing infrastructure. However, the openness of
internet has simplified processes with in-house information storage, but it also happens to be
a great weakness in terms of information security.

1.3 Who is responsible information security in an organization?

The obvious and rather short answer is: everyone is responsible for the information security
of your organisation. From the CEO to the Board to the call center operatives to the interns to
the kids on work experience from school, if that still happens.

Some are more accountable than others, some have a clear legal responsibility, and everyone
should consider themselves to be part of a concerted normal practice of digital security.
Especially the ‘lower level’ employees, the people who are probably most aware of problems
such as weak passwords, lack of encryption, overly accessible folders of clients information,
and so on.

2|Page
 · When it comes to cybersecurity, the security officer is the person who manages and accepts
consumer mistakes, and records comments from employees. So the Deputy Security Officer is
behind the division of the organization (CEO) to our knowledge, but it's also very important to
the company. The safety manager is the man or woman in charge of monitoring IT security
measures across the organization. In this management position you will ensure strategic
monitoring for protocol and incident response of all aspects of security, personnel, and
budget. Security personnel in small enterprises can be equivalent to RSSI.

2. Types of security risks to organization

COMPUTER VIRUSES

A virus is a software program that can spread from one computer to another computer or one
network to another network without the user’s knowledge and performs malicious attacks.

It has capability to corrupt or damage organization’s sensitive data, destroy files, and format
hard drives.

HOW DOES A VIRUS ATTACK?

There are different ways that a virus can be spread or attack, such as:

• Clicking on an executable file

• Installing free software and apps

• Visiting an infected and unsecured website

• Clicking on advertisement

• Using of infected removable storage devices, such USB drives

• Opening spam email or clicking on URL link

3|Page
 • Downloading free games, toolbars, media players and other software.

TROJANS HORSE

Trojan horse is a malicious code or program that developed by hackers to disguise as

legitimate software to gain access to organization’s systems. It has designed to delete, modify,
damage, block, or some other harmful action on your data or network.

HOW DOES TROJANS HORSE ATTACK?

The victim receives an email with an attachment file which is looking as an original official
email. The attachment file can contain malicious code that is executed as soon as when the
victim clicks on the attachment file.

4|Page
 In that case, the victim does not suspect or understand that the attachment is actually a
Trojan horse.

ADWARE

Adware is a software program that contains commercial and marketing related

advertisements such as display advertisements through pop-up windows or bars, banner ads,
video on your computer screen.

Its main purpose is to generate revenue for its developer (Adware) by serving different types
advertisements to an internet user.

HOW DOES ADWARE ATTACK?

When you click on that type of advertisements then it redirect you to an advertising websites
and collect information from to you.

5|Page
 It can be also used to steal all your sensitive information and login credentials by monitoring
your online activities and selling that information to the third party.

WORM

Computer worm is a type of malicious software or program that spreads within its connected
network and copies itself from one computer to another computer of an organization.

HOW DOES WORM SPREADS?

6|Page
 It can spread without any human assistance and exploit the security holes of the software and
trying to access in order to stealing sensitive information, corrupting files and installing a back
door for remote access to the system.

7|Page
 DENIAL-OF-SERVICE (DOS) ATTACKS

Denial-of-Service is an attack that shut down a machine or network or making it inaccessible

to the users. It typically flooding a targeted system with requests until normal traffic is unable
to be processed, resulting in denial-of-service to users.

HOW DOES DOS ATTACK?

It occurs when an attacker prevents legitimate users from accessing specific computer
systems, devices or other resources.

The attacker sends too much traffic to the target server

Overloading it with traffic and the server is overwhelmed, which causes to down websites,
email servers and other services which connect to the Internet.

8|Page
 SQL INJECTION

SQL injection is type of an injection attack and one of the most common web hacking
techniques that allows attacker to control the back end database to change or delete data.

HOW DOES SQL INJECTION ATTACK?

It is an application security weakness and when an application fails to properly sanitize the
SQL statements then attacker can include their own malicious SQL commands to access the
organization database. Attacker includes the malicious code in SQL statements, via web page
input.

9|Page
 PHISHING

Phishing is a type of social engineering attack that attempt to gain confidential information
such as usernames, passwords, credit card information, login credentials, and so more.

HOW DOES PHISHING ATTACK?

In a phishing email attack, an attacker sends phishing emails to victim’s email that looks like it
came from your bank and they are asked to provide your personal information.

The message contains a link, which redirects you to another vulnerable website to steal your
information.

So, it is better to avoid or don’t click or don’t open such type of email and don’t provide your
sensitive information.

10 | P a g e
P2 Describe organisational security procedures.
1. Acceptable Use Policy (AUP)

An AUP stipulates the constraints and practices that an employee using organizational IT assets must
agree to in order to access to the corporate network or the internet. It is standard onboarding policy
for new employees. They are given an AUP to read and sign before being granted a network ID. It is
recommended that and organizations IT, security, legal and HR departments discuss what is included
in this policy.

2. Access Control Policy (ACP)

The ACP outlines the access available to employees in regards to an organization’s data and
information systems. Some topics that are typically included in the policy are access control standards
such as NIST’s Access Control and Implementation Guides. Other items covered in this policy are
standards for user access, network access controls, operating system software controls and the
complexity of corporate passwords. Additional supplementary items often outlined include methods
for monitoring how corporate systems are accessed and used; how unattended workstations should
be secured; and how access is removed when an employee leaves the organization.

3. Change Management Policy

A change management policy refers to a formal process for making changes to IT, software
development and security services/operations. The goal of a change management program is to
increase the awareness and understanding of proposed changes across an organization, and to ensure
that all changes are conducted methodically to minimize any adverse impact on services and
customers.

4. Information Security Policy

An organization’s information security policies are typically high-level policies that can cover a large
number of security controls. The primary information security policy is issued by the company to
ensure that all employees who use information technology assets within the breadth of the
11 | P a g e
organization, or its networks, comply with its stated rules and guidelines. I have seen organizations ask
employees to sign this document to acknowledge that they have read it (which is generally done with
the signing of the AUP policy). This policy is designed for employees to recognize that there are rules
that they will be held accountable to with regard to the sensitivity of the corporate information and IT
assets.

5. Incident Response (IR) Policy

The incident response policy is an organized approach to how the company will manage an incident
and remediate the impact to operations. It’s the one policy CISOs hope to never have to use. However,
the goal of this policy is to describe the process of handling an incident with respect to limiting the
damage to business operations, customers and reducing recovery time and costs.

6. Remote Access Policy

The remote access policy is a document which outlines and defines acceptable methods of remotely
connecting to an organization's internal networks. I have also seen this policy include addendums with
rules for the use of BYOD assets. This policy is a requirement for organizations that have dispersed
networks with the ability to extend into insecure network locations, such as the local coffee house or
unmanaged home networks.

7. Email/Communication Policy

A company's email policy is a document that is used to formally outline how employees can use the
business’ chosen electronic communication medium. I have seen this policy cover email, blogs, social
media and chat technologies. The primary goal of this policy is to provide guidelines to employees on
what is considered the acceptable and unacceptable use of any corporate communication technology.

8. Disaster Recovery Policy

An organization’s disaster recovery plan will generally include both cybersecurity and IT teams’ input
and will be developed as part of the larger business continuity plan. The CISO and teams will manage
an incident through the incident response policy. If the event has a significant business impact, the
Business Continuity Plan will be activated.

12 | P a g e
9. Business Continuity Plan (BCP)

The BCP will coordinate efforts across the organization and will use the disaster recovery plan to
restore hardware, applications and data deemed essential for business continuity. BCP’s are unique to
each business because they describe how the organization will operate in an emergency. There are
others ways to protect and secure the data of an organisation :

Host Security
• Operating system security and settings
• OS hardening
• Anti-malware (antivirus, anti-spam, anti-spyware, pop-up blockers)
• Patch management
• White listing vs. black listing applications
• Trusted OS
• Host-based firewalls
• Host-based intrusion detection
• Hardware security (cable locks, safe, locking cabinets)
• Host software baselining
• Virtualization (snapshots, patch compatibility, host availability/elasticity, security control testing,
sandboxing)

Data Security
• Cloud storage
• SAN
• Handling Big Data
• Data encryption (dull disk, database, individual files, removable media, mobile devices)
• Hardware based encryption devices (TPM, HSM, USB encryption, hard drive)
• Data in-transit, data at-rest, data in-use
• Permissions/ACL
• Data policies (wiping, disposing, retention, storage)

13 | P a g e
Mitigating Security Risks in Static Environments
• Environments
• SCADA
• Embedded (Printer, Smart TV, HVAC control)
• Android
• iOS
• Mainframe
• Game consoles
• In-vehicle computing systems
• Methods
• Network segmentation
• Security layers
• Application firewalls
• Manual updates
• Firmware version control
• Wrappers
• Control redundancy and diversity

P3 Identify the potential impact to IT security of incorrect configuration of firewall policies

and third-party VPNs.
Firewall

A firewall is an appliance (a combination of hardware and software) or an application (software)

designed to control the flow of Internet Protocol (IP) traffic to or from a network or electronic
equipment. Firewalls are used to examine network traffic and enforce policies based on instructions
contained within the Firewall's Ruleset. Firewalls represent one component of a strategy to combat
malicious activities and assaults on computing resources and network-accessible information. Other
components include, but are not limited to, antivirus software, intrusion detection software, patch
management, strong passwords/passphrases, and spyware detection utilities.

14 | P a g e
Firewalls are typically categorized as either “Network” or “Host”: a Network Firewall is most often an
appliance attached to a network for the purpose of controlling access to single or multiple hosts, or
subnets; a Host Firewall is most often an application that addresses an individual host (e.g., personal
computer) separately. Both types of firewalls (Network and Host) can be and often are used jointly.

This policy statement is designed to:

• Provide guidance on when firewalls are required or recommended. A Network Firewall is required in all
instances where Sensitive Data is stored or processed; a Host Firewall is required in all instances where
Sensitive Data is stored or processed and the operating environment supports the implementation.
Both the Network and Host Firewalls afford protection to the same operating environment, and the
redundancy of controls (two separate and distinct firewalls) provides additional security in the event of
a compromise or failure.
• Raise awareness on the importance of a properly configured (installed and maintained) firewall. With a
firewall in place, the landscape is much different. A company will place a firewall at every
connection to the Internet .The firewall can implement security rules. For example, one of the
security rules inside the company might be:

Out of the 500 computers inside this company, only one of them is permitted to receive public FTP
traffic. Allow FTP connections only to that one computer and prevent them on all others.

15 | P a g e
 A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In
addition, the company can control how employees connect to Web sites, whether files are allowed to
leave the company over the network and so on. A firewall gives a company tremendous control over
how people use the network.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make
it through the filters are sent to the requesting system and all others are discarded.

• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the
requesting system and vice versa.

• Stateful inspection - A newer method that doesn't examine the contents of each packet but instead
compares certain key parts of the packet to a database of trusted information. Information traveling
from inside the firewall to the outside is monitored for specific defining characteristics, then incoming
information is compared to these characteristics. If the comparison yields a reasonable match, the
information is allowed through. Otherwise it is discarded.

16 | P a g e
1) Insider Attacks

A perimeter firewall is meant to keep away attacks that originate from outside of your network. So,
what happens when the attack starts from the inside? Typically, the perimeter firewall becomes
useless—after all, the attacker is already on your system.

However, even when an attack originates from within your network, firewalls can do some good—IF
you have internal firewalls on top of your perimeter firewalls. Internal firewalls help to partition
individual assets on your network so attackers have to work harder to move from one system to
another one. This helps increase the attacker’s breakout time so you have more time to respond to
the attack.

2) Missed Security Patches

This is an issue that arises when network firewall software isn’t managed properly. For any software
program, there are vulnerabilities that attackers may exploit—this is as true of firewall programs as it
is of any other piece of software. When firewall vendors discover these vulnerabilities, they usually
work to create a patch that fixes the problem as soon as possible.

However, the patch’s mere existence doesn’t mean that it will automatically be applied to your
company’s firewall program. Until that patch is actually applied to your firewall software, the
vulnerability is still there—just waiting to be exploited by a random attacker.

The best fix for this problem is to create and stick to a strict patch management schedule. Under such
a schedule, you (or the person managing your cybersecurity) should check for any and all security
updates for your firewall software and make sure to apply them as soon as possible.

3) Configuration Mistakes

Even when a firewall is in place on your network, and has all of the latest vulnerability patches, it can
still cause problems if the firewall’s configuration settings create conflicts. This can lead to a loss of

17 | P a g e
performance on your company’s network in some cases, and a firewall outright failing to provide
protection in others.

For example, dynamic routing is a setting that was long ago deemed a bad idea to enable because it
results in a loss of control that reduces security. Yet, some companies leave it on, creating a
vulnerability in their firewall protection.

Having a poorly-configured firewall is kind of like filling a castle’s moat with sand and putting the key
to the main gate in a hide-a-key right next to the entrance—you’re just making things easier for
attackers while wasting time, money, and effort on your “security” measure.

4) A Lack of Deep Packet Inspection

Layer 7 (or “deep packet”) inspection is a rigorous inspection mode used by next-generation firewalls
to examine the contents of an information packet prior to approving or denying that packet passage
to or from a system.

Less advanced firewalls may simply check the data packet’s point of origin and destination before
approving or denying a request—info that an attacker can easily spoof to trick your network’s firewall.

The best fix for this problem is to use a firewall that can perform deep packet inspection to check
information packets for known malware so it can be rejected.

5) DDoS Attacks

Distributed Denial of Service (DDoS) attacks are a frequently-used attack strategy noted for being
highly effective and relatively low-cost to execute. The basic goal is to overwhelm a defender’s
resources and cause a shutdown or prolonged inability to deliver services. One category of attack—
protocol attacks—are designed to drain firewall and load balancer resources to keep them from
processing legitimate traffic.

While firewalls can mitigate some types of DDoS attacks, they can still be overloaded by protocol
attacks.
18 | P a g e
There is no easy fix for DDoS attacks, as there are numerous attack strategies that can leverage
different weaknesses in your company’s network architecture. Some cybersecurity service providers
offer “scrubbing” services, wherein they divert incoming traffic away from your network and sort out
the legitimate access attempts from the DDoS traffic. This legitimate traffic is then sent to your
network so you can resume normal operations.

What Is a VPN?

A VPN, or Virtual Private Network, allows you to create a secure connection to another network over
the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from
prying eyes on public Wi-Fi, and more.

These days VPNs are really popular, but not for the reasons they were originally created. They
originally were just a way to connect business networks together securely over the internet or allow
you to access a business network from home.

VPNs essentially forward all your network traffic to the network, which is where the benefits – like
accessing local network resources remotely and bypassing Internet censorship – all come from. Most
operating systems have integrated VPN support.

HOW DOES A VPN WORK?

When you connect your computer (or another device, such as a smartphone or tablet) to a VPN, the
computer acts as if it’s on the same local network as the VPN. All your network traffic is sent over a
secure connection to the VPN. Because your computer behaves as if it’s on the network, this allows
you to securely access local network resources even when you’re on the other side of the world. You’ll
also be able to use the Internet as if you were present at the VPN’s location, which has some benefits
if you’re using pubic Wi-Fi or want to access geo-blocked websites.

19 | P a g e
When you browse the web while connected to a VPN, your computer contacts the website through
the encrypted VPN connection. The VPN forwards the request for you and forwards the response from
the website back through the secure connection. If you’re using a USA-based VPN to access Netflix,
Netflix will see your connection as coming from within the USA.

VPNs are a fairly simple tool, but they can be used to do a wide variety of things:

• Access a Business Network While Traveling: VPNs are frequently used by business travelers to
access their business’ network, including all its local network resources, while on the road. The
local resources don’t have to be exposed directly to the Internet, which increases security.

• Access Your Home Network While Travelling: You can also set up your own VPN to access your
own network while travelling. This will allow you to access a Windows Remote Desktop over the
Internet, use local file shares, and play games over the Internet as if you were on the same LAN
(local area network).

• Hide Your Browsing Activity From Your Local Network and ISP: If you’re using a public Wi-Fi
connection, your browsing activity on non-HTTPS websites is visible to everyone nearby, if they
know how to look. If you want to hide your browsing activity for a bit more privacy, you can
connect to a VPN. The local network will only see a single, secure VPN connection. All the other
traffic will travel over the VPN connection. While this can be used to bypass connection-monitoring
by your Internet service provider, bear in mind that VPN providers may opt to log the traffic on
their ends.

• Access Geo-Blocked Websites: Whether you’re an American trying to access your Netflix account
while travelling out of the country or you wish you could use American media sites like Netflix,
Pandora, and Hulu, you’ll be able to access these region-restricted services if you connect to a VPN
located in the USA.

• Bypass Internet Censorship: Many Chinese people use VPNs to get around the Great Firewall of
China and gain access to the entire Internet. (However, the Great Firewall has apparently started
interfering with VPNs recently.)

20 | P a g e
• Downloading Files: Yes, let’s be honest – many people use VPN connections to download files
via BitTorrent. This can actually be useful even if you’re downloading completely legal torrents – if
your ISP is throttling BitTorrent and making it extremely slow, you can use BitTorrent on a VPN to
get faster speeds. The same is true for other types of traffic your ISP might interfere with (unless
they interfere with VPN traffic itself.)

RANSOMWARE
Ransomware is type of security threats that blocks to access computer system and demands for bitcoin in order to
access the system. The most dangerous ransomware attacks are WannaCry, Petya, Cerber, Locky
and CryptoLocker etc.

HOW DOES RANSOMWARE INSTALL?

All types of threats typically installed in a computer system through the following ways:

▪ When download and open a malicious email attachment

▪ Install an infected software or apps
▪ When user visit a malicious or vulnerable website
▪ Click on untrusted web link or images

21 | P a g e
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security.

What is a DMZ Network?

In computer security, a DMZ Network (sometimes referred to as a “demilitarized zone”) functions as a
subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed
point to an untrusted network, commonly the Internet.

The goal of a DMZ is to add an extra layer of security to an organization's local area network. A
protected and monitored network node that faces outside the internal network can access what is
exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.

When implemented properly, a DMZ Network gives organizations extra protection in detecting and
mitigating security breaches before they reach the internal network, where valuable assets are stored.

How DMZs work

DMZs are intended to function as a sort of buffer zone between the public internet and the private
network. Deploying the DMZ between two firewalls means that all inbound network packets are
screened using a firewall or other security appliance before they arrive at the servers the organization
hosts in the DMZ.

If a better-prepared threat actor passes through the first firewall, they must then gain unauthorized
access to those services before they can do any damage, and those systems are likely to be hardened
against such attacks.

Finally, assuming that a well-resourced threat actor is able to breach the external firewall and take
over a system hosted in the DMZ, they must still break through the internal firewall before they can
reach sensitive enterprise resources. While a determined attacker can breach even the best-secured
DMZ architecture, a DMZ under attack should set off alarms, giving security professionals enough
warning to avert a full breach of their organization.

22 | P a g e
Benefits of DMZs

The primary benefit of a DMZ is that it offers users from the public internet access to certain secure
services while still maintaining a buffer between those users and the private internal network. The
security benefits of this buffer manifest in several ways, including:

Access Control for Organizations. The need for organizations to provide users with access to services
situated outside of their network perimeters through the public internet is nearly ubiquitous in the
modern organization. A DMZ network provides access to these necessary services while
simultaneously introducing a level of network segmentation that increases the number of obstacles an
unauthorized user must bypass before they can gain access to an organization's private network. In
some cases, a DMZ includes a proxy server, which centralizes the flow of internal user -- usually
employee -- internet traffic and makes recording and monitoring that traffic simpler.

Prevent attackers from performing network reconnaissance. The accessible buffer the DMZ provides
prevents an attacker from being able to scope out potential targets within the network. Even if a
system within the DMZ is compromised, the private network is still protected by the internal firewall
separating it from the DMZ. It also makes external reconnaissance more difficult for the same reason.
Although the servers in the DMZ are publicly exposed, they are meant to be and are backed by
another layer of protection. The public face of the DMZ keeps attackers from seeing the contents of
the internal private network. If attackers do manage to compromise the servers within the DMZ, they
are still isolated from the private network by the DMZ’s internal barrier.

Protection against IP spoofing. In some cases, attackers attempt to bypass access control restrictions
by spoofing an authorized IP address to impersonate another device on the network. A DMZ can stall
potential IP spoofers while another service on the network verifies the IP address's legitimacy by
testing whether it is reachable.

In each case, the DMZ provides a level of network segmentation that creates a space where traffic can
be organized, and public services can be accessed at a safe distance from the private network.

23 | P a g e
Examples of DMZs

Still, DMZs have their uses. Some cloud services, such as Microsoft Azure, implement a hybrid security
approach in which a DMZ is implemented between an organization's on-premises network and the
virtual network. This hybrid approach is typically used in situations where the organization's
applications run partially on-premises and partly on the virtual network. It's also used in situations
where outgoing traffic needs to be audited, or where granular traffic control is required in between
the virtual network and the on-premises data center.

Compromised OT is potentially more dangerous than an IT breach as well. OT breaches can lead to a
breakdown of critical infrastructure, a lapse in valuable production time, and can even threaten
human safety, whereas an IT breach results in compromised information. IT infrastructure can also
typically recover from cyberattacks with a simple backup, unlike OT infrastructure, which often has no
way of recovering lost production time or physical damage.

For example, in 2016 a U.S.-based power company was attacked by ransomware that affected its OT
devices and kept many of its customers from receiving power. The company did not have an
established DMZ between its IT and OT devices, and its OT devices were not well equipped to handle
the ransomware once it reached them. This breach deeply affected the power company's
infrastructure and multitudes of customers relying on their service.

24 | P a g e
What is static IP?
IP, or Internet Protocol, addresses are the unique number codes that computers connected to the
Internet use to locate and communicate with one another. The two major types of IP addresses are
static, where a computer keeps a single IP address, and dynamic, where the network assigns the
computer a new address each time it connects to the network. Static IP addresses have several
distinct advantages and disadvantages compared with dynamic IP addresses..

Running Servers

One of the biggest advantages of a static IP address is that computers using this type of address can
host servers containing data that other computers access through the Internet. A static IP address
makes it easier for computers to locate the server from anywhere in the world.

25 | P a g e
In addition, computers that allow remote access on a closed network work best with static IP
addresses. This allows different types of computers running different operating systems to access the
host system by searching for the same IP address every time.

Stability

Static IP addresses are also more stable for Internet use since they never change. In cases of a dynamic
IP address, the Internet service provider may automatically change the address on a regular basis, as
frequently as every few hours. This can cause a lapse in the user's connection. The computer may also
have trouble reconnecting to the Internet using the new address. Using a static IP address avoids all of
these potential problems.

Simplicity

Static IP addresses are simpler to assign and maintain. For network administrators, it becomes easier
to track Internet traffic and assign access to certain users based on IP address identification. Dynamic
addresses require a program that assigns and changes IP addresses, and may require users to change
the settings on their computers.

Number of Addresses

One main disadvantage of static IP addresses is that each address, once assigned, is occupied by a
single computer even when that computer is not in use. Since each computer needs a unique address,
several different IP standards to introduce more IP addresses into the system, thus making room for
more computers.

26 | P a g e
Tracking Access

A computer with a static IP address is much easier to track through the Internet. This can be a
disadvantage in the case of websites that allow each visitor to download or view a set amount of
content. The only way to view or download additional content may be to renew the IP address under a
dynamic IP address system.

In the same way, copyright enforcers can track computer users who download content by tracking the
IP address.

Users have raised privacy concerns over this sort of tracking and the question of whether or not
Internet service providers should be required to disclose the name and address of the user associated
with a particular static IP address remains a subject of debate.

27 | P a g e
What is NAT?
NAT (Network Address Translation) is a process of changing the source and destination IP
addresses and ports. Address translation reduces the need for IPv4 public addresses and hides
private network address ranges. This process is usually done by routers or firewalls.
An example will help you understand the concept:

NAT process
explained

Host A request a web page from an Internet server. Because Host A uses private IP addressing,
the source address of the request has to be changed by the router because private IP
addresses are not routable on the Internet. Router R1 receives the request, changes the
source IP address to its public IP address and sends the packet to server S1. Server S1 receives
the packet and replies to router R1. Router R1 receives the packet, changes the destination IP
addresses to the private IP address of Host A and sends the packet to Host A.

28 | P a g e
REFERENCES

• Messer, L. (2015). 'Fancy Nancy' Optioned by Disney Junior. [online] ABC News. Available at:
http://abcnews.go.com/Entertainment/fancy-nancy-optioned-disney-junior-
2017/story?id=29942496#.VRWbWJwmbs0.twitter [Accessed 31 Mar. 2015].
• Mms.com, (2015). M&M'S Official Website. [online] Available at: http://www.mms.com/
[Accessed 20 Apr. 2015].
• Upguard.com. 2020. What Is Information Security?. [online] Available at: <
https://www.upguard.com/blog/information-security > [Accessed 1 April 2020].
• EC-Council Official Blog. 2020. What Information Security Is And Why It Is Important - EC-Council
Official Blog. [online] Available at: < https://blog.eccouncil.org/what-information-security-is-
and-why-it-is-important/ > [Accessed 8 April 2020].
• Thefintechtimes.com. 2020. Who Is Responsible For Information Security Within Your
Organisation? | The Fintech Times. [online] Available at: <
https://thefintechtimes.com/information-security/ > [Accessed 16 April 2020].
• Hayslip, G., 2020. 9 Policies And Procedures You Need To Know About If You’Re Starting A New
Security Program. [online] CSO Online. Available at: <
https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-
about-if-youre-starting-a-new-security-program.html > [Accessed 17 April 2020].
• E2college.com. 2020. Application, Data And Host Security. [online] Available at: <
http://www.e2college.com/members/jimmyxu101/comptia_security__certification/application
__data_and_host_security.html > [Accessed 17 April 2020].
• It.northwestern.edu. 2020. Firewall Policy: Information Technology - Northwestern University.
[online] Available at: < https://www.it.northwestern.edu/policies/firewall.html > [Accessed 17
April 2020].
• Dosal, E., 2020. 5 Firewall Threats And Vulnerabilities To Look Out For. [online] Compuquip.com.
Available at: < https://www.compuquip.com/blog/5-firewall-threats-and-vulnerabilities-to-look-
out-for > [Accessed 17 April 2020].
• How-To Geek. 2020. What Is A VPN, And Why Would I Need One?. [online] Available at: <
https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn/ > [Accessed 17 April 2020].
• Barracuda.com. 2020. What Is A DMZ (Networking)? | Barracuda Networks. [online] Available
at: < https://www.barracuda.com/glossary/dmz-network > [Accessed 17 April 2020].
• SearchSecurity. 2020. What Is A DMZ And How Does It Work?. [online] Available at: <
https://searchsecurity.techtarget.com/definition/DMZ > [Accessed 17 April 2020].

29 | P a g e
 • Hartman, D., 2020. The Advantages & Disadvantages To A Static IP Address. [online] Techwalla.
Available at: < https://www.techwalla.com/articles/the-advantages-disadvantages-to-a-static-
ip-address > [Accessed 17 April 2020].
• Study-ccna.com. 2020. What Is NAT?. [online] Available at: < https://study-ccna.com/what-is-
nat/ > [Accessed 17 April 2020].

30 | P a g e