PROGRAM TITLE: BTEC in Computing (Software Engineering)

UNIT TITLE: Security

ASSIGNMENT NUMBER: 1

ASSIGNMENT NAME: EMC Cloud Solutions

SUBMISSION DATE: 26/06/2022

DATE RECEIVED: 26/06/2022

TUTORIAL LECTURER: TRẦN HOÀNG BÁCH

WORD COUNT: 9500 words

STUDENT NAME: LƯƠNG VĂN DUY

STUDENT ID: BKC12178

MOBILE NUMBER: 0386987693

Summative Feedback:

Internal verification:
Contents
I. Activity 01 .............................................................................................................................. 5

1.1 Identity types of security risks EMC Cloud is subject to, in its present setup and the
impact, such issues would create on the business itself. ........................................................ 5

1.1.1 Logical security ......................................................................................................... 6

1.1.2 Physical security ....................................................................................................... 8

II. Activity 02 ........................................................................................................................... 11

2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect
configurations which apply to firewalls and VPN solutions. .............................................. 11

2.1.1 Firewall ................................................................................................................... 11

2.2.2 VPN......................................................................................................................... 14

2.2 Explain how Static IP, DMZ, and NAT-like technologies would benefit EMC Cloud and
its Clients by facilitating a ‘trusted network’. ...................................................................... 15

2.2.1 DMZ........................................................................................................................ 15

2.2.2 Static IP ................................................................................................................... 16

2.2.3 NAT ........................................................................................................................ 17

2.3 Discuss the benefits of implementing network monitoring systems.

.............................................................................................................................................. 17

III. Activity 03 ......................................................................................................................... 19

3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to safeguard
itself and its clients............................................................................................................... 19

3.2 Explain the mandatory data protection laws and procedures which will be applied to data
storage solutions provided by EMC Cloud. You may also highlight ISO 31000 risk
management methodology. .................................................................................................. 23

3.3 Comment on the topic, ‘IT Security & Organizational Policy’ ..................................... 25

IV. Activity 04 ......................................................................................................................... 26

4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while
evaluating the suitability of the tools used in an organizational policy. .............................. 26
4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure
maximum uptime for its customers...................................................................................... 28

4.3 ‘Creditors, directors, employees, government and its agencies, owners/shareholders,

suppliers, unions, and the other parties the business draws its resources’ are the main
branches of any organization. Discuss the role of these groups to implement security audit
recommendations for the organization................................................................................. 29
INTRODUCTION
EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in
VietNam.

Several high high-profileinesses in VietNam including Esoft Metro Camps network, SME
Bank VietNam, and WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides
nearly 500 of its customers with SaaS, PaaS & IaaS solutions with high-capacity compute and
storage options. Also, EMC is a selected contractor for VietNam, The Ministry of Defense for
hosting government and defense systems.

EMC’s central data center facility is located at VietNam along with its corporate head office in
Hanoi. Their premises at Hanoi is a six-story building with the 1st floor dedicated to sales and
customer services equipped with public wifi facility. Second-floor hosts HR, Finance, and
Training & Development departments, and the third-floor host’s the boardroom and offices for
senior executives along with the IT and Datacenter departments. Floors 4,5,6 host computer
servers that make up the data center.

With the rapid growth of information technology in Ho Chi Minh City (HCMC) in recent years,
EMC seeks an opportunity to extend its services to HCMC. As of yet, the organization still
considering the nature of such an extension with what to implement, where is the suitable
location, and other essential options such as security are being discussed.

You are hired by the management of EMC Solutions as a Security Expert to evaluate the
security-related specifics of its present system and provide recommendations on security and
reliability-related improvements of its present system as well as to plan the establishment of
the extension on a solid security foundation.

I. Activity 01
1.1 Identity types of security risks EMC Cloud is subject to, in its present setup and the
impact, such issues would create on the business itself.
Safety is an integral part of today's society. When it comes to the security of your corporate
network, you need to stay secure above all else. Network security refers to how to prevent and
protect corporate networks from intrusion (Frühlinger, 2018).

Risk is why people and organizations tend to take security measures. Cloud computing is
becoming an increasingly ongoing business tactic. In EMC cloud applications, backups and
other information are hosted on the server and accessed over the Internet. Whether you're
backing up your business data or setting up a social media marketing page, you trust third-party
companies that provide information about your business and your customers. While the

EMC cloud has many benefits, data security comes with many risks. Saving data is safe for
most users, but there are always unavoidable risks. There are two types of security threats:
physical security threats and logical security threats.

1.1.1 Logical security

Logical security refers to the mechanism by which an organization's software devices are
protected from the potential for data loss. Logical security is either internal logical security or
external logical security. Internal logical security refers to the mechanism adopted by an
organization to minimize security threats o software within the organization, and external
logical security is used to minimize threats to software from the outside. This means the
protection mechanism that is done.

Logical security threats are threats that damage software, data, and networks. Below are some
logical threats that an organization may face.

• Data loss - Data loss can occur in different ways under different circumstances. It may
be unavoidable. The most common reason can be that the hard drive driver dies without
backing up. In this case, if the hard disk drive goes down, all data will be lost. Data
loss also occurs if the owner of the encrypted data loses the key to unlock the data. In
addition, malicious attacks can result in data loss. The chances of losing all your data
are minimal, but a malicious attack can remove all your data. It is important to
distribute applications, backups, and other information across multiple zones to protect
your data.

Regarding data loss, there are various safeguards and compliance policies to avoid
endangering other parties. Losing data can lead to a loss of customer trust. If the public
doesn't trust how vendors process data, customers will look elsewhere, reducing
revenue.

• Service denial attack - Denial of service attacks are an old tactic of online operation,
but they remain a threat. This is a cyberattack that prevents an attacker from accessing
a machine (in this case, a network resource) by temporarily or indefinitely suspending
services on a cloud server. This is typically achieved by overloading the system and
flooding the target resource with hundreds of thousands or millions of automated
 requests to prevent some or all of the legitimate requests from being fulfilled. increase.
For cloud customers, experiencing a denial of service attack is like a group of people
flocking to the front door of a store, making it difficult for legitimate customers to enter
and disrupting commerce. Therefore, legitimate customers tend to use other hosts.
Therefore, this leads to lower transactions.
• Data breach - Although cloud storage providers have strict security measures in place
for the cloud, especially for data. Data breaches can expose customer-sensitive
information, intellectual property, and trade secrets with serious consequences
(Adams, 2017). In the event of a data breach, a company can cause legal proceedings,
heavy fines, and years of damage to the brand's image. When perpetrators use side-
channel timing disclosure, they expose sensitive internal data about the organization.
We recommend that you implement a plan to protect various customer data in the
cloud. Like encryption and multi-factor authentication.
• Malicious Insiders - Cloud provider employees who abuse their position to obtain
information can be considered malicious insiders. An employee, contractor, or
business partner who has legitimate access to the system and data, but uses that access
to destroy, steal, or disrupt the system. Malicious insiders can affect external websites
and cause public damage to your brand. It can also cause your system to malfunction.
For all employees, it is best to perform recovery and background checks in advance to
protect data, regardless of system access. If an employee leaves your organization or
changes roles, make sure that network and system access is disabled at the same time.
• Hacked interface and insecure API. - The cloud was able to make the service
available to millions of people while limiting the damage that all of these almost
anonymous users could do to the service. The API provides access to the service. It is
a program that can be operated from a remote location. This interface represents a
critical security vulnerability that could be exploited because cloud providers grant
access to users. (T-cloudproject, 2016) There is no surefire way to prevent hackers, but
all systems are regularly vulnerable. It is important to keep the latest software patches
up to date.
• Computer virus - A block of software designed to spread from one computer to
another is defined as a "computer virus." They are sent primarily as email attachments
or downloaded from certain websites to affect your computer through a network
system. The functions of the virus are as follows: It sends spam, disables security
 settings, destroys data including p swords and other personal and other information,
steals it from your computer, and, erases everything on your hard drive.
• Trojan - Trojans force someone to invite an attacker to a very safe area. Computing
has a similar meaning. Trojan horses are malicious attack code or software that lets
users execute at their own will while hidden in legitimate programs. Often spread via
email. Randomly displayed as an email from a knowledgeable person, when you click
on the email, it will appear with an attachment as if you were immediately downloading
the malware to your computer. Clicking on a false ad will also spread the Trojan. Inside
the computer, the Trojan records keystrokes hijack webcams, and records passwords
by stealing sensi ve data on the computer.
• Adware and Spyware - Adware can be a software package that tracks and displays
information about your browsing habits, supported by ads and pop-ups. Adware
collects information with the consent of the user. This is also a legitimate source of
financial benefit for businesses that make the software available to users for free, but
ads are displayed while using the software. Adware terms are usually hidden in the
relevant user agreement. However, it will be checked a little by reading it carefully.

1.1.2 Physical security

Physical security refers to the mechanism used to protect an organization and its assets from
physical harm. There are two types of physical security, external and internal. Internal physical
security refers to a mechanism designed to protect an organization and its assets from physical
threats that occur within the organization, and external physical security refers to the physical
security of an organization and its assets. A mechanism designed to protect against things.
Threats from external factors and stakeholders.

Physical threats are a possible cause of events that can lead to computer system loss or physical
damage. (Guru99.com, 2019). The physical threats are:

• Natural disasters - Natural disasters are a kind of external physical threat. Natural
disasters can lead to the loss of company data and critical assets.
• Vandalism - Vandalism is one such activity that can cause property damage or financial
loss. This is a physical threat from the outside.
• Data theft - Data theft refers to accessing and retrieving a copy of data without the
permission of an authorized party. This could be internal or external.
 • Fire/ Electricity Breakdown - Fire Breakdowns or Electricity Breakdowns can be a
threat to an organization and its assets. Fire Breakdown can damage assets in such a
way that they cannot be recovered. Electricity Breakdown can be a temporary or
permanent issue. This type of threat is an internal threat.

1.2 Develop and describe EMC cloud security procedures to minimize the impact of the
issues described in Section (1.1) by assessing and addressing risks.
The security procedure can be implemented by considering it as a logical and physical threat.
You can use the following steps and mechanisms o protect your organization from logical
threats.
• Cloud firewall - A cloud firewall is a software-based network device designed to stop
or reduce unwanted access to your private network. Cloud-based firewalls create virtual
barriers around cloud platforms, infrastructure, and applications. Cloud firewalls are
much easier to deploy, so there is no frustration for on-premises installation,
maintenance, and updates. As bandwidth increases, the cloud firewall can automatically
adjust to maintain parity. Cloud firewalls can be reached and installed wherever your
organization can provide a protected network communication path. Firewalls typically
build a barrier between a trusted internal network and a trusted external network such
as the Internet.
• Virus guard - Antivirus software systems are designed to prevent viruses, worms, and
Trojan horses from invading your device and to remove malicious software system code
that has already infected your device. Most antivirus utilities now come bundled with
antispyware and antimalware features that are used with antivirus. Along with features
such as anti-spam, anti-phishing, firewalls, fire protection, and computer optimization,
the web security suite goes one step further.
• Spam filter. Spam is always annoying and fills your inbox with unwanted distractions.
However, this is also a security threat. Many messages include email scams such as
spear phishing, ransomware, and spoofing attacks that can disrupt business operations
and cost your organization. The Cloud-based spam filtering solution can effectively
block spam before it reaches the email system and keeps spam messages away from
users' inboxes and email fraud attacks. No hardware or software to install.
• Pop-up blocker. Pop-up blockers are software that prevents pop-up windows from
appearing on your website. These work by closing the pop-up window immediately or
 disabling the command that invokes the pop-up window. Pop-ups are typically used by
advertisers to serve ads, but they hinder the experience of web users, and in most cases
pop-ups are annoying. Pop-ups used to be almost harmless, but now they are also a
potential threat. If a user decides on an ad or accidentally clicks on it, it can lead to a
place where viruses and threats work effectively, unless certain measures are taken to
prevent the outcome.
The following mechanisms and procedures can be used to protect an organization and
its assets from physical threats.
• Employee training. The most common reason for security threats is uneducated
employees. Even if all data is protected by advanced technology that cannot be
surpassed when attempting a data breach or DoS attack, one fact destroys all of this
advanced technology and uneducated staff. There is a possibility. By teaching your
company/host staff appropriate mitigations, you can mitigate risk and prevent cloud
security threats. If employees are actively involved in protecting their assets, they are
more likely to be responsible for security measures. It's a good idea to create a document
that provides users with steps to perform in multiple scenarios so that they are always
ready.
• Access control list. The most important thing in an organization is data. And having
access to it is the greatest risk anyone can take. Establishing access control is a must
when it comes to protecting data and information. Put up security measures in place to
make sure that data is protected.
• Authentication - Authentication is a security measure where a person trying to access
organizational data and assets is checked whether he is a verified person. This
procedure is usually done by the AAA concept which means Authentication,
Authorization, and Accounting. In Authentication, a person is identified according to 4
factors,
- Something he does (Voice recognition, foot movement)
- Something he has (Smartcards)
- Something he is (Fingerprint, face detection)
- Something he knows (Password, pin code)
The authorization step is considered the boundaries the person is allowed to access.
And in the Accounting step, the person’s activities and resources he uses are tracked.
 • Managing and securing hardware - Hardware components of the organization should
be updated and configured properly. Apart from that, they should be secured using
passwords and proper measures. This is an essential security measure unless it can lead
to system failures and data loss.
• Security guards and surveillance cameras - A 24-hour security camera can be used
to protect your organization from criminals. Cameras are essential because they can
record what is happening within the organization. Apart from cameras that recruit
security guards to physically protect the organization. Security guards give you a good
understanding of your organization's security.

II. Activity 02
2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect
configurations which apply to firewalls and VPN solutions.
2.1.1 Firewall
Firewalls are security tools that monitor incoming and outgoing network traffic and allow or
block the intrusion of data packets based on security rules (Forcepoint, 2018). Its main task is
to build a barricade between the internal network and external sources to block malware such
as viruses and spyware. Firewalls carefully evaluate incoming traffic based on pre-established
rules and filter traffic from insecure or suspicious sources to thwart attacks. A port is an entry
point where a firewall protects traffic and is a point that is exposed to external sources.

There are two types of firewalls, hardware, and software. The program installed on your
computer that controls data traffic over port numbers is a software firewall. A hardware firewall
is a physical device that is connected between a device and a gateway. Another type of firewall
is the packet filter firewall, which is the most commonly used type of firewall. Here, we check
whether the packet matches the security rule by checking the source IP address and the
destination IP address. If the packet matches the rule, it is allowed to enter the network. Packet
filtering firewalls are stateless and stateful. Stateless is a firewall that independently inspects
packets and has no conditions, while stateful firewalls retain information about previously
entered packets. Therefore, stateful firewalls are considered more secure than stateless.

Apart from the packet filter firewall, there are other types of firewalls such as proxy firewalls,
next-generation firewalls, network address translation firewalls, and stateful multilayer
inspection firewalls, which are also more secure and have better features.
Proxy firewalls work between two end systems. These typical filter traffic at the application
layer, which is the seventh layer according to the OSI model. When a user submits a request to
the firewall, it is analyzed for compliance with security rules, and the service is blocked or
allowed. They typically scan FTP and HTTP traffic using stateful and deep packet inspection
to detect malware.

Next-Generation Firewall (NGFW) combines traditional firewall technology with encrypted

traffic inspection and intrusion prevention systems. NGFW also uses deep packet inspection to
scrutinize the data in the packet along with the packet header. This allows you to detect, sort,
or block packets that contain suspicious data.

The NAT or Network Address Translation Firewall allows a large number of devices to connect
to the Internet over a single IP using an independent network address. As a result, hackers and
attackers cannot track IP addresses and collect details. This increases security against eats.
NAT firewalls and proxy firewalls are similar in that they work between the device and external
traffic.

The stateful multi-layer inspection or SMLI firewall behaves like an NGFW firewall,
inspecting the entire packet and allowing the packet to invade if it invades each layer
individually. It is primarily associated with the network, transport, and application layers that
filter packets and compare them to trusted packets.

Firewalls can be implemented using software like pfsense. After installing pfsense, the user
will see a start menu similar to the following:

If the WAN and LAN IP addresses are not configured via DHCP, the user will have to manually
add the IP address by entering the second option from the menu above.

The interface to configure must be specified in this area.

Manually specify the LAN IP address as above.

The IP address is now correctly assigned. Therefore, the user must press Enter to reboot the
system. Next, you need to enter the assigned IP address (192.168.0.1 in this case) to call the
pfsense login through your browser.

To use this interface, the user must log in with the temporary username "admin" and password
"pfsense".
In this menu, the user needs to add the hostname and domain name and make basic settings.
Since the passwords given to all are common, the security level in this state is low. Therefore,
the above interface allows the user to enter a new password if desired.

The above is the pfsense dashboard after configuring the preferences. After configuring the
preferences and password, users can add firewall rules to filter packets entering the device or
network.

To create a security rule, the user must go to the rules menu in the firewall settings. The user
then gets the following interface:

Click the Add button to allow the user to create a new rule.

The user can now create a block or allow rule on this interface and enter details such as the IP
address, interface type, associated protocol, and other basic details about the rule. Click Save
to save the rule.

After saving the rule, the user must click the Apply Changes button to continue.

After the settings are properly configured. When a user tries to access a blocked website, the
above result is displayed. This means that the user has successfully blocked the website using
the firewall.

The firewall is an important security tool, but misconfiguration can allow an attacker to
infiltrate your organization's data. According to Wickert (2015), five common firewall
misconfigurations are:

• Extensive policy configuration. Most firewalls operate with an open policy that allows
all traffic from the source to the destination, as network administrators tend to set high-
level rules and operate in the opposite direction. This is due to the lack of work pressure
or priority when creating firewall rules. Therefore, firewalls tend to have some
loopholes that allow an attacker to break into company data.
• Dangerous fraudulent and management services. Unnecessarily passing through a
firewall is extremely dangerous. One such wrong method is dynamic routing, and the
other is that a rogue DHCP server on the network distributes the IP. This results in
availability issues as a result of IP conflicts.
• The authentication mechanism is not standardized. Network devices that are not
configured according to the correct standards can be risky. This allows weak passwords
 and allows anyone to access sensitive data. Therefore, when considering authentication
mechanisms such as passwords, you need to adhere to standardized levels.
• System test with production data. Your organization's production data is a very
sensitive type of data. Most organizations tend to test their security systems on
production data, which can expose their data to an insecure environment. Therefore, it
is advisable to run the test with simulated data.
• Security devise with log output. Not parsing the log output from the device is a
dangerous problem. This blinds the administrator to an ongoing attack and does not
reveal details about data theft.

2.2.2 VPN
A VPN or virtual private network is an encrypted connection from your device to your network
over the Internet (Cisco, 2019). The encryption quality of the connection allows for the secure
transmission of data and prevents illegal persons from spying on traffic while the user is
secretly working.

A VPN is a company-wide encrypted connection over the Internet. The traffic remains private
because it is encrypted in the path between the device and the network. This allows the facility
to securely transfer data between two different networks. Therefore, creating an encrypted
connection over the Internet is called a tunnel.

There are two types of VPN: remote access and site-to-site. Remote access is a VPN connection
that allows your network to connect to external devices (often called endpoints). Before
connecting to the endpoint, perform a security scan to ensure that the endpoint is a trusted
device. A site-to-site VPN is a type of connection that you can use to connect branches in your
organization. This connection alleviates the unrealistic problems that arise when forming a
network between two branches and ensures security.

The VPN is considered one of the most secure technologies, but it has its problems. According
to Brien Posey (2019), there are four issues related to VPN connectivity.

• Rejection of VPN connection. The VPN connection may stop working without any
notification. This is one of the most common problems associated with the VPN. In
such a situation the user should verify whether the routing and remote access services
are running. If it is verified the user has to try pinging the VPN server by the IP address
provided by the VPN client which allows verifying the fact that TCP/IP connectivity
 works. Alternatively, ping again to see if it's a DNS issue and take the appropriate action
to fix it.
• Illegal connection is accepted. Bad connections accepted can pose a security threat.
When users look at a user's property sheet in an Active Directory user and computer
console, they see that the Dial-in tab contains options for controlling access to remote
access policies. If this option is selected and the active remote access policy is set to
allow remote access, users can connect to the VPN.
• Reaching outside the VPN server is not allowed. This is a common problem and
does not allow users to access the network behind the VPN server. The cause of this
issue is that the user does not have permission to access the entire network.
• Failed to establish the tunnel. All features work fine, but VPNs may prevent users
from creating tunnels between clients and servers. There are two reasons for this
problem. One or more routers are involved in the packet filtering process. This can
block IP tunnel traffic. Another reason is that a proxy server is implemented between
the client and the VPN server. The proxy server performs NAT on the traffic between
the device and the Internet. In other words, the packet appears to come from the proxy,
not the device. In this scenario, you can prevent the VPN from creating a tunnel.

2.2 Explain how Static IP, DMZ, and NAT-like technologies would benefit EMC Cloud
and its Clients by facilitating a ‘trusted network’.
2.2.1 DMZ
A DMZ or demilitarized zone is a computer security scheme that involves a small subnet
between a trusted internal network and an untrusted external network. (Webopedia, 2019)

DMZ adds a layer of security to your organization's LAN. Protected and monitored network
nodes outside the internal network can access what is exposed in the DMZ, while the rest of
the organization's network is protected behind a firewall. When properly configured in the
DMZ, it protects your organization by detecting and controlling threats before they reach your
internal network and damage sensitive data. The

DMZ network blocks malicious sources that infiltrate your network through email, web
servers, and DNS servers. As the attack is ready, we are in a monitored subnet to protect the
rest of the network when authorized. The data that passes through the DMZ is not secure, so
the DMZ has tight control over permissions to services in the network. Also, the hosts in the
DMZ and the external network do not communicate with each other to ensure the security of
the protected zone. In this way, existing firewalls filter and control the data exchanged between
the DMZ and the internal network, allowing devices in the protected zone to communicate with
both the internal and external networks.

Setting the DMZ provides all services that users can access when interacting from the external
network. These services are web servers, mail servers, and FTP servers. The web server is
responsible for interacting with the internal database server that must be in the DMZ. This
ensures the security of the database responsible for storing sensitive content. Mail servers are
used to store private mail, database credentials, and personal messages. For this purpose, the
email server is located in the DMZ to access the email database without being exposed to
malicious traffic. The FTP server allows direct collaboration with files. This is because the FTP
server needs to be easily separated from the internal system.

The DMZ can be configured in two ways. One uses a single firewall and the other uses a dual
firewall.

The Single Firewall DMZ consists of a firewall and three network interfaces. The DMZ is
located inside the firewall. One device uses the ISP link to create an external network, the
second connects to the internal network, and the third handles DMZ connections.

Dual Firewall The DMZ consists of two firewalls. The first firewall filters traffic destined for
the DMZ, and the second firewall filters traffic moving from the DMZ to the internal network.
This DMZ is more secure because it filters traffic twice, but it is very expensive to implement.

2.2.2 Static IP
A static IP address is a permanent IP address assigned to a device. This is the exact opposite of
dynamic addresses (IP addresses that change). Static IP addresses are essential for devices that
require frequent access. These are primarily needed if the computer is configured as a server,
for example, an FTP server or a web server. Organizations that want to share the same resources
with many devices can use this static IP. When assigning a static IP to a printer, the user does
not have to keep searching for the IP address as it does with a dynamic IP address.

Static IP is useful because it provides additional protection against threats generated through
the DHCP pool. When a hacker or attacker attacks a pool, all IP addresses can be exposed.
Static IP addresses are more secure because they are private addresses that are difficult to track.

Static IP is essential if your network does not support DHCP. In that case, the best choice is
static IP. Static IP is the solution because the DHCP pool can be assigned an IP address that is
already assigned to another device, which can lead to IP address conflicts. Because the dynamic
dressing is less secure and more problematic than static IP addresses, organizations can use
static IP addresses to connect to the network without hassle.

2.2.3 NAT
NAT (Network Address Translation) refers to a standard that allows a local area network
(LAN) to use one set of IP addresses for internal traffic and another set of IP addresses for
external traffic (Webopedia.com). , 2019). NAT allows devices such as routers to act as agents
on public and local area networks. That is, a single IP address can be used to represent a group
of computers. There are different types of NAT, including static NAT, dynamic NAT,
overload, and overlap.

Static NAT refers to a one-to-one mapping from an unregistered IP to a registered IP. This is
useful if you want your device to be accessible from outside the network. The following is how
static NAT works.

Dynamic NAT creates a group of registered IP addresses by mapping unregistered IP addresses

to registered IP addresses. The following figure shows how dynamic NAT works.

Overload is a kind of dynamic NAT that maps many unregistered IPs to a single IP using
different ports. All devices have the same IP, but different port numbers to distinguish them.
Therefore, this is called PAT or port address translation. The following figure shows how
overloading is done.

Duplicates occur when the IP address used on the internal network is a registered IP address
used on another network. The router should maintain a look-up table for these addresses so that
they can be corrupted and replaced with registered IP addresses. Here, NAT translates the
internal address into a registered address and the external registered address into an address
unique to the remote network. The following figure shows how overlap works.

2.3 Discuss the benefits of implementing network monitoring systems.

As technology grows, IT infrastructure becomes more complex, and it's not surprising that IT
lacks the visibility it needs to prevent performance issues. That is, you are unaware of the
situation until you receive a complaint from a customer. To keep your corporate network up
and running and to prevent threats, you need to monitor virtual servers, wireless devices, and
applications of all kinds 24/7. Monitoring makes it easy to understand threatening loopholes
and implement various security measures to protect your network in one place. A network
monitoring system is used for this.

Network monitoring is an important IT process that monitors the failure and performance of
all network components and continuously evaluates them to maintain and optimize availability.
A failed network device impacts network performance. This can be eliminated with early
detection, so continuous monitoring of the network and associated devices is essential. Without
network monitoring, you face excessive downtime and reduced productivity. Network
monitoring systems can offer you many benefits. B. Stay one step ahead of failures, respond
quickly to network issues, manage increasing network complexity, identify security threats,
and justify device upgrades.

The network administrator is solely responsible for preventing network crashes. To avoid the
risk of outages, you should closely monitor bandwidth usage, traffic, and delays. Network
outages have been reported to cost more than a cent, and it is undeniable how damaging a
network outage can be. In general, network failures can be caused by a variety of factors. The
main reason is human error. Network management errors can affect network performance. Do
not monitor environmental factors if the device is not properly configured. Lack of network
visibility is also a cause of network failure. You can implement a network monitoring system
to avoid failures. By allowing the network monitoring system to monitor the network, you can
always stay one step ahead of the failure, and network monitoring gives the administrator an
overview of the situation before the failure occurs.

Another advantage of network monitoring systems is that they can troubleshoot network
problems more quickly. Every minute is valuable because if the computer network goes down
and the host cannot resolve the issue in time, the host will face the consequences of an ongoing
issue. Expert network monitoring allows you to quickly identify and fix computer network
problems. Whether the problem is caused by a network configuration error or an unusual
increase in network traffic, IT professionals monitoring the network can identify and resolve
these problems. You can also take it one step further with network tools. Network monitoring
can not only identify threats but also inevitably resolve them.

Also, the network infrastructure can become more complex and can be very difficult to
manage. Innovations and the rise of connected devices require ways to adapt to these changes.
For example, when migrating network operations, you need a flexible and reliable monitoring
tool to monitor all your IP assets. Network monitoring systems help you update your network
more easily and quickly, ensuring smooth performance in the event of changes. We also found
that cyberattacks have been increasing at an alarming rate over the years.

These hacks endanger as much information as personal records. By funding network

monitoring by experts, security threats can be easily found and fixed. A way to minimize the
damage caused by data breaches is to combine the necessary equipment and data to detect and
identify threats before it's too late. Network monitoring tools can provide this security.
Understanding what normal performance looks like makes it easy to spot unusual things, such
as spikes in traffic or unknown devices connected to your network. You can take a dynamic
approach to network security by identifying when the event occurred and the device.

III. Activity 03
3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to
safeguard itself and its clients.
Security risk assessment involves understanding, managing, controlling, and mitigating risks
within your organization. This is an important part of an organization's risk management
strategy and data security efforts (UpGuard, 2019). As organizations deal with information
technology and information systems, risk assessment can be seen as an unavoidable factor. The
main phase of the risk assessment procedure is to identify the threats and risks that an
organization is currently and will be exposed to. Risk is the potential for reputation or financial
loss and can be measured as zero, low, medium, or high. When measuring risk, you need to
consider three key factors: the associated threat, the level of vulnerability, and the value of the
information that the threat may affect. The following formula provides information on how to
measure risk.

Appropriate risk assessment allows you to identify, assess, and prioritize the risks of your
organization's processes, assets, and personnel. Risk assessments are always about the
following facts:

• Main assets - Finding the top assets gives you an idea of the risks that these assets may
face. So, to identify the risks, we ranked the assets of the organization according to their
importance.
• Data breach Sharing sensitive information due to cyber attacks, malware, or human
error is called a data breach. What types of data breaches can have the greatest impact
on your company's security? It can be identified by observing the method of a data
breach.
 • Threats and threat sources - Understanding threats is an important factor in risk
assessment, but when combined with the idea of which sources allow threats to the
framework, organizations can manipulate those sources to avoid threat generation.
• Exploitation of the vulnerability - Risk assessment needs to leverage an
understanding of external and internal vulnerabilities and their impact on the
organization.
• Risk level - Every company has a limit on the amount of risk it can take. Understanding
the level of risk an organization faces can help managers take appropriate steps to
mitigate the risk. Proper risk assessment can bring many benefits to an organization,
especially in the security sector.
• Cost reduction. By proactively identifying threats and vulnerabilities, organizations
can be well prepared to counter them without risk. Therefore, you can eliminate
unnecessary costs for damage.
• Reduces data breaches and data loss. Data loss or leakage can have a significant
impact on your company.
• According to the company's Insights, risk assessments reduce the potential for data
loss and leakage and increase competitiveness with competitors. Observing threats can
help you better assess your organization and improve your organization's deficiencies.
This is also useful for future planning.

Risk assessment can be done in two ways: qualitative risk assessment and quantitative risk
assessment. A qualitative risk assessment is a numerical assessment. Quantitative risk
assessment assesses the monetary value of each device.

Quantitative loss can be calculated using the following formula:

Here, SLE (Single Loss Expectancy) means the monetary base loss of a single incident, ARO
(Annualized Rate of Event) means the frequency of incidents every year, and ALE (annual loss
forecast). Means total financial base loss due to an annual incident.

You must reach the lowest level of your organization when conducting a risk assessment. You
also need a better understanding of your organization's data and infrastructure. According to
UpGuard (2019), risk assessment can be performed in eight steps:

Step 01: Determine the value of the information.

Information is an important factor for any organization. Understanding the value of an
organization's information is a very sensitive factor. Information confidentiality can be very
important as it relates to aspects such as law, finance, and profitability. When determining the
value of information, the penalties associated with loss or disclosure of the information, the
value of the information to the organization's competitors, scratch and backup copies of the
information, or the ability to recreate that information in an emergency, the cost. Should be
considered. The information associated with recovery can affect sales and profitability, the
impact of data loss on day-to-day operations, and the loss of reputation of an organization due
to data breaches.

Step 02: Identifying and ranking the organization’s assets.

Not all assets and everyone have the same value. Therefore, it is important to prioritize and
rank assets according to their value. It can give appraisers a better idea of assets that require a
high degree of attention compared to others. Otherwise, the appraiser must evaluate all
buildings, datasets, employees, and office equipment. In this process, evaluators rank assets in
order of priority and review aspects such as software and applications. Hardware equipment,
data, interfaces and users, asset objectives, functional and non-functional requirements,
security policies and architectures, information storage, and information flows.

Step 03: Recognizing threats.

Threats can result in vulnerabilities that can be exploited to compromise security and endanger
your system. There are two types of threats: logical threats and physical threats. The logical
threats are malware and hackers.

• Malware is a malicious program or file that can harm you and your data. Examples of
malware include viruses, Trojan horses, worms, and spyware. Antivirus and other
mechanisms can be used for minimization.
• Hackers are skilled programmers who use their knowledge to break into computer
systems, destroy data, and manipulate them to their liking.

Physical threats are natural disasters, system breakdowns, human blunders, data breaches, and
data loss.

• Natural disasters like floods, earthquakes, and lightning can cause a threat to
thorganizati’n'son assets which can loss of important data. If the threat is high in the
 current place, we can consider shifting to a safer place or placing the backup server in
a safer place.
• System breakdown can lose data which can harm the normal routine of the business.
Here we can consider whether the equipment we are using an of high quality or can
they tolerate the failures.
• Human error can jeopardize the security of an organization. You need to make sure that
your employees are well trained in using and handling the system. Also, make sure that
the backup procedure works properly and that the password is managed.
• Data breaches and data loss can affect the functioning of your organization. Therefore,
we recommend that you increase the security of your data storage and keep it
confidential.

With the above method, the evaluator needs to identify threats, list them along with their impact
on the organization, and find ways to minimize them.

Step 04: Vulnerability recognition.

Vulnerabilities are a type of vulnerability that compromises the security of an organization.

The evaluator should review the vulnerability analysis or audit record to identify the
vulnerability. Evaluators also need to assess what harm to their organization's information and
how to prevent vulnerabilities.

Step 05: Evaluate and implement new controls.

Controls are countermeasures against threats and vulnerabilities. There are two types of
controls: prevention and detective. Preventive controls dodge new threats, and detective
controls do their best to find threats and vulnerabilities. The evaluator needs to review the
current controls implemented by the organization, identify those loopholes, and assess their
effectiveness. If existing security measures are not sufficient to manage risk, auditors can
identify and implement new controls that can be implemented in the future.

Step 06: Measure the impact and possibility of some situations on per year basis.

Probability plays an important role in risk assessment. Evaluators need to determine how often
such threats can occur in a year and the amount of damage the company suffers as a result of
these situations. For example, if a company faces a data breach, it can cost $ 5 million each
year. Based on this assessment, an organization can plan the amount of funding it will need
each year to reach the break-even point.
Step 07: Rank risks according to the cost of prevention and value of information.

In this step, threats are sorted by risk level. High risk requires immediate attention, medium
risk is the risk of being able to take action for some time, and low risk is the risk of choosing
to take action later. This allows executives and managers to take action against threats, taking
into account company policies, legal aspects, and regulations.

Step 08: Documenting the risk assessment report.

Finally, the evaluator should produce a report that mentions threats, vulnerabilities, and
countermeasures against them. In addition to the available data, the evaluator can make
suggestions about the problem. This report helps administrators make accurate and efficient
decisions in the security realm of their organization.

By following the steps above, your organization can implement a thorough risk assessment
process and enhance security.

3.2 Explain the mandatory data protection laws and procedures which will be applied to
data storage solutions provided by EMC Cloud. You may also highlight ISO 31000 risk
management methodology.
Any type of business requires a set of privacy rules and regulations to protect the goodwill of
the organization towards its customers, partners, and other connected individuals. Therefore,
some rules and regulations need to be in place for this purpose. The General Data Protection
Regulation or GDPR has introduced several data protection laws. These rules are as follows:

• Data must be collected and processed fairly and legally.

• Data must be collected for a specific legitimate purpose and must not be processed in a
way that is incompatible with that purpose.
• The data should be appropriate, appropriate, and not unnecessary for these purposes.
• The data must be accurate and up-to-date.
• Do not retain data for longer than necessary for this purpose.
• Data must be processed according to the rights of the data subject.
• Data should be protected from unauthorized access, accidental loss, or destruction.

Risk management is a methodology for identifying and managing threats and risks through
rigorous management and behavior. The ISO organization, typically known for providing
product quality certificates, introduced risk management techniques in 2009. This methodology
consists of two components: the framework and the process.
The Framework guides organizations in operational structure and risk management. This
framework helps organizations integrate risk management through management systems. The
framework consists of the following elements: (Review, 2011)

• Politics and governance - Place an order and determine your organization's promises.
• Program design - The overall risk management framework is designed on an up-to-
date basis.
• Implementation - Executing the planned structure.
• Monitoring and Review - Constant track the performance and check for loopholes.
• Continual Improvement - Make changes to improve the quality of the risk
management procedure.

Organizations, mostly those deprived of a former knowledge of management systems, must

make to occupy significant time in creating a strong framework and avoid direct involvement
in the risk assessment process. Program design is a vital stage since the Framework offers the
steadiness and endurance to support creating a program as opposed to just implementing a
project. The framework of ISO 31000 can be represented as follows.

After establishing the risk management Framework, comes the development of the Process.
The Process is defined as a multi-step and iterative; designed to identify and analyze risks in
the organizational context. Major elements in the Process include,

Active communication, Process Execution, and Oversight are the major elements in the
Process. These factors have their segments that need to be completed. As noted in the diagram
above, active communication and oversight activities should occur regularly during the risk
assessment process. At the early stages of the Process, communication and consultation with
all the stakeholders are critical to understanding their concerns. In the next stage, organizations
establish the context of the risk assessment as it relates to both internal and external factors.
The context is a combination of the external and internal environments, both viewed about
organizational objectives and strategies. The context-setting process commences in the
Framework stage. The remaining assessment steps involve developing techniques such as; risk
identification, risk analysis, risk evaluation, and risk treatment. When establishing the context,
the most important deliverable from this stage is establishing the objectives and scope of the
risk assessment. In addition, regular oversight ensures that the organization addresses changes
in the risk environment and processes and that the controls operate effectively. Together these
activities ensure that all stakeholders clearly understand expectations.
The intricacy of methods and the extent of analysis required are highly dependent on the nature
of the organization and management should consult with all stakeholders when developing an
applicable path. Further, management should develop and implement risk treatments to reduce
risks to levels respectable and monitor to ensure efficiency and effectiveness.

3.3 Comment on the topic, ‘IT Security & Organizational Policy’

IT security refers to traditional cybersecurity tactics that prevent unauthorized access to
corporate resources such as computers, networks, and data. Maintains the integrity and
confidentiality of sensitive information and blocks access by hackers. (Cisco, 2019) As hackers
get smarter day by day, the threat to IT security is increasing, and organizations are expected
to increase security. Providing IT security is expensive, but the cost to your business from a
data breach is higher than it is to compare. IT security is threatened by malware such as hackers,
viruses, worms, and spyware. These threats can improve IT security. There are several types
of IT security, including:

• Network security - Network security refers to the controls taken to prevent malicious
individuals or programs from invading your network. This type of security is very
important to your organization as hackers can infiltrate sensitive information and
negatively impact users who access your network.
• Internet Security - This type of security includes when data is sent and received
through a web application, and when the system has web-based components. This is
where incoming web traffic is checked for malware and unwanted traffic. Firewalls and
anti-spyware are related tools.
• Endpoint Security - This security is connected to the device. This is where devices
such as desktops and laptops take precautions to protect them from malicious people
and programs. Advanced anti-malware and device management software support this
process.
• Cloud security - Currently, all systems tend to move to the concept of the cloud, which
seems very easy to implement and process, but the security of the cloud is not
guaranteed. For example, similar tools such as Cloud-Access Security Broker (CASB)
and Secure Internet Gateway (SIG) can help control related threats.
• Application security - The application is encrypted as secure as possible when it is
created to ensure that it is not vulnerable to attack. This additional layer of security
includes rating the code of the relevant app and identifying vulnerabilities that are
regularly present in the software system.
The security policy should try a few things. First and foremost, you need to protect people and
information while providing the basis for the expected behavior of users, system directors,
administrators, and security personnel.

Relevant personnel must be collectively empowered to observe, investigate, investigate,

summarize, approve, and process the company's safety policies as a result of the breach. This
minimizes risk and facilitates compliance with applicable regulations.

IV. Activity 04
4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while
evaluating the suitability of the tools used in an organizational policy.
A security policy is a set of rules and procedures that employees must follow regarding the
security of an organization's assets and resources (Paloaltonetworks.com, 2019). Good security
policies help you maintain strong security within your organization. The purpose of a security
policy is to maintain the confidentiality, integrity, and availability of systems and information
used by members of your organization.

This is based on the CIA triad,

• Confidentiality contains the safety of resources from unauthorized units.

• Integrity guarantees the alteration of resources is handled in a definite and authorized
manner
• Availability is a state of the system where approved users have constant access to said
resources.

SECURITY POLICY

General

Organizations maintain a secure network infrastructure through the following calculated

policies to protect the integrity and confidentiality of customer and organization data and
reduce the risk of security breaches. The consistency of this policy is to create rules for IT
security and convey the controls needed for a secure network infrastructure. Network security
policies provide a working mechanism to support the complete set of security policies for your
organization.

Approved Staff
 • The system administrator should consult with IT staff and submit a letter in advance
regarding the creation and management of accounts that are both system and user
accounts.
• Only authorized persons can access and maintain application systems, network devices
(routers, firewalls, servers, etc.), operating systems, and other information objects.
• The network administrator must approve the creation of user and privileged accounts
such as system and security administrators.
• Privileged accounts need to be verified quarterly.
• If the user and privileged accounts become inactive within 60 days, they become
inactive.
❖ Creating passwords

When creating a password following guidelines should be considered,

• Password must include at least 8 characters.

• Password should be consisting of letters, numbers, special characters, and upper or
lowercase characters.
• Password should not include guessable words or personal data like birthdays, phone
numbers, etc.
❖ Login conditions
• If the credentials are repeated 5 times, the login is considered unauthorized access, and
the login portal is locked for 1 hour or until the IT staff resets the password.
• All usernames and passwords associated with user and privileged accounts must be
changed every 90 days. Otherwise, the portal will be blocked.
• When an employee leaves the company, IT staff must change their password or disable
their account.
❖ Firewalls
• Firewalls are one of the most significant mechanisms of the Organization’s security
strategy. Internet networks and other unsafe networks must be separated from the
organization network with the use of a firewall.
• Firewalls should provide secure administrative access with administration access
limited, if probable, to only networks where administration connections would be likely
to initiate.
 • Unnecessary services and applications should be prohibited from using the firewall.
The organization should use 'hardened' systems for firewall platforms, or appliances.
• Modifications to firewall rules must be recorded and the records must identify the
administrator performing the modification and when the modification occurred.
• Firewall must keep records of rejected traffic.
❖ Data breach measures
• Files and folders should be designated and confidential using a password when sharing
on drives.
• Without the administration’s approval no removable drives, CDs or DVDs are allowed
to insert into computers and devices of the organization.
❖ Physical security
• All the server rooms of the organization should be guarded by a security guard and 24-
hour surveillance cameras should be used to monitor them.
• The whole organization is inspected with the use of 24-hour surveillance cameras.
• Smart cards are used for entry into server rooms and special access rooms. All the smart
cards should be renewed every year.
• Fingerprint access is used when the staff enters the organization.
❖ Discarding Information Technology Properties
• IT resources, such as network servers and routers, often contain sensitive data about the
Organization's network infrastructures. When such assets are withdrawn, the following
guidelines must be followed:
• Any asset tags or stickers that identify the organization must be removed before
discarding.
• Electronic media (e.g., tapes, disk drives, multifunction devices, copiers, etc.) will be
destroyed by physical demolition.
• Demolition will be noted in records.

4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to
ensure maximum uptime for its customers.
A disaster recovery plan is a plan which includes how to continue their organizational processes
even after a disastrous situation. Any organization has to face a disastrous situation at a point
in their business lifetime so to successfully face the situation the organization should have a
plan. Disasters can be natural disasters, technological defects, and human involvement. The
disaster recovery plan should include the following details,
 • Prioritized list of assets and inventory - Assets and inventory should be prioritized
according to their value for the organization and should be listed. So, at a disaster stage
what assets should be preserved the most can be understood.
• How long a data loss or system dropdown can be tolerated - If a system dropdown
or data loss how long the operations of the business will have to be halted and how can
we recover should be planned. This allows the organization to be ready for any disaster
condition.
• Responsibilities should be shared - Responsibilities should be shared so that only one
or two won’t be responsible for the whole organization. Like daily backups in each
sector should be assigned to persons from those sectors. If so after a system outage if
the data cannot be recovered he will be responsible not the whole team.
• Communication plan - Proper communication plan should be created. During a
disastrous situation, communication is a vital part. If the phone and email services
dropdown some other communication methodology should be implemented so the staff
can know about the ongoing situation.
• Backup plan - Back up the plan of the organization should be a very effective one.
Employees should be trained for daily, monthly, or weekly backup procedures. Apart
from the server in the work site there should backup server in a geographical location
that has less tendency for destruction due to natural disasters.
• Handling sensitive information - Sensitive information should be handled carefully.
If demolishing them they should be in such a manner that they can’t be recovered. And
they should be stored with password protection

4.3 ‘Creditors, directors, employees, government and its agencies, owners/shareholders,

suppliers, unions, and the other parties the business draws its resources’ are the main
branches of any organization. Discuss the role of these groups to implement security audit
recommendations for the organization.
A security audit is understanding the vulnerabilities in the current security plan to create a much
better plan than the present one. Performing a proper security audit can improve the defense
system of the organization. According to Eitan Katz (2017), a security audit can be performed
in 5 steps.

• Outline Your Audit - Firstly, the auditor has to list out the assets of the organization
which mostly comprise computer equipment, customer data, and other important
 documents. After listing the security parameters should be defined which allows for
differentiation sets into two sectors as assets that need an audit and which do not.
Because it is not very reasonable to audit all assets.
• Outline Your Threats - Next the list of threats should be defined. Threats can be
negligent human errors, malware and logical attack, password insecurities, and natural
disasters. Along with considering the threats the auditor has to look for how these can
affect the organization’s performance.
• Evaluate Existing Security Performance - Now the auditor must look into the present
security structure and evaluate it. Here the security structure must be tested with
simulating conditions and checked foloopholeses. It is better to allow an external
company to do this task because the internal staff can sometimes pretend that there are
no issues.
• Ranking (Risk Scoring) - In this step, a, ll the threats are ranked according to their
priority. the risks with higher threats are ranked at upper levels whereas minor threats
are ranked at lower levels. Also when ranking some factors like the history of the
organization, current trends in the security se, ctor and rules and regulations should be
considered.
• Prepare Security measures - Finally, after observation done in the previous steps the
auditor can suggest and formulate security measures. Such measures that can be taken
are educating the employees regarding the security threats the organization is facing
and will face in the future, tightening passwords, providing access controls like
fingerprint and smartcard, email-related protection, more improved backup plans, and
constant monitoring of the network.

When these five steps are enacted properly the organization has gone through a thorough
security audit.
References

Cisco. (2019). What Is IT Security? - Information Technology Security. [online] Available at:
https://www.cisco.com/c/en/us/products/security/what-is-it-security.html [Accessed 08 Nov.
2019].

https://www.facebook.com/lifewire (2019). Static IP Addresses: Everything You Need to

Know. [online] Lifewire. Available at: https://www.lifewire.com/what-is-a-static-ip-address-
2626012 [Accessed 12 Nov. 2019].

Jackson, K. (2016). 8 Challenges with Network Monitoring: Preventing Outages. [online]

Helpsystems.com. Available at:
https://www.helpsystems.com/intermapper/resources/articles/prevent-outages-with-network-
monitoring-software [Accessed 03 Nov. 2019].

Adams, C. (2017). Top Cloud Data Security Risks, Threats, and Concerns. [online]
Panoply.io. Available at: https://blog.panoply.io/top-cloud-security-threats-risks-and-
concerns [Accessed 26 Oct. 2019].
com. (2019). Organizational policy, IT security policy: ArmstrongAdams. [online] Available
at: http://www.armstrongadams.com/solutions/?c=organisational-policy [Accessed 12 Nov.
2019].

com. (2019). Barracuda. [online] Available at: https://www.barracuda.com/glossary/dmz-

network [Accessed 04 Nov. 2019].