ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 25/12/2021 Date Received 1st submission 25/12/2021

Re-submission Date Date Received 2nd submission

Student Name Le Hong Nhat Huy Student ID BSAF200003

Class PBIT16101_CNTT Assessor name Do Phi Hung

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Table of contents

P1 Identify types of security threat to organisations.

1. Define threats .............................................................................................................. 6

2. Identify threats agents to organizations ........................................................................ 6

3. List type of threats that organizations will face ............................................................. 7

4. Give an example of a recently publicized security breach and discuss its consequences. 10

P2 Describe at least 3 organizational security procedures.

1. Mention and discuss about 3 procedures organization uses to improve or provide organizations
security ........................................................................................................................ 12

P3 Identify the potential impact to IT security of incorrect configuration of firewall policies

and IDS.

1. Discuss briefly firewall and policies, its usage and advantages in a network. ................. 13
2. How does a firewall provides a security to a network ................................................... 13
3. Show with diagrams the example of how firewall works ............................................... 14
4. Define IDS, its usage, show with diagrams examples .................................................... 15
5. Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to
the network. ................................................................................................................ 15

P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a

network can improve Network Security

1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as
advantage ................................................................................................................... 16
2. Define and discuss with the aid of a diagram static IP focus on usage and security function as
advantage ................................................................................................................... 17
3. Define and discuss with the aid of a diagram NAT focus on usage and security function as
advantage ................................................................................................................... 18
 introduce

Cybersecurity, computer security (computer security), information technology security (IT security) is
network security that protects computer systems from monitoring breaches or damage to hardware ,
software and data, also as well as people to the interruption, redirect the services being provided.
Cybersecurity is the job of protecting electronic systems, networks, computers, mobile devices,
programs and data from targeted malicious digital attack companies. The scope network can deploy
a wide range of companies against individuals or business units; could be a as access, make change or
remove the sensor data; blackmail; interfere in the regulated business.Computer network security
includes checking for physical access to hardware, as well as protection against possible harm
through computer network access, databases (SQL injection) and vulnerabilities. software
vulnerability (insert code). Due to operator error, whether trying or doing it carelessly, IT security can
be subjected to non-technical deception to bypass security procedures through various methods.
I) P1 Identify types of security threat to organisations.

1. Define threats

Many attacks today are developed by children who want to attack computer but lacks the
necessary computer and network knowledge to do so.Script kids do their job by downloading
automated attackware (scripts) from websites and use it to perform malicious acts and 25% of
attacks come from

Skilled attackers are now creating training courses to guide novice attackers with

How to create and launch complex web applications and network attacks.

And what's interesting is that these "cybercrime professors" are modelling For a long time,
seasoned criminals often give advice to newcomers,

These attacker instructors don't just provide tips and tricks

they have learned; they are providing a comprehensive education on hacking.

Full range of cybercrime courses, tutoring and counseling lessons are on offer

2. Identify threats agents to organizations

Factors that frequently threaten solid security in an organization are:

Malware Attack: Malware is a term that describes malicious programs or code that has the ability
to interfere with the normal operation of a system by infiltrating, controlling, damaging, or
destroying . disable network software, computers, tablets, and hardware devices

Ransomware: Ransomware, as the name suggests, demands ransom from you to get everything
back the way it was. The main problem with ransomware, which has spread so quickly across
organizations, networks, and countries, is that they encrypt all the files in a system or network,
making them inaccessible. A ransom note pops up, asking for payment in crypto, to decrypt the
files. If the ransom is not paid, the encrypted files may end up being destroyed and as a result,
ransomware will be considered as one of the most destructive forms of malware.

Insider Threats: Insider threats are users with legitimate access to company assets who use that
access, knowingly or unintentionally, to harm the business. Insiders don't have to be current
employees, they can also be former employees, contractors, or partners with access to the
organization's systems or data. Since insider threats are the primary vector of 60% of data leaks,
organizations need to scrutinize these threats with the same level of rigor as when ensuring
security from attackers. outside public.

3. List type of threats that organizations will face

The most common threats include the following:

Malware: Malware, malicious software or malicious software is a system of software of a kind

created by professionals or saboteurs with the aim of causing harm to computers.

Faulty hardware or software

Internal attacker

+ common types of malware

Worm: A worm is malicious software that has the ability to self-replicate and spread without the
action of the end user, causing real havoc. Viruses need the end user to remove them so they can
go on and infect other files and systems. Worm does not need any such end user action. It simply
propagates itself, replicating itself in the process, and destroying connected systems, devices,
networks, and infrastructure

Image P1.1
Adware: Adware is nothing but trying to expose users to unwanted malicious ads. These ads will
most likely infect a user device.

Image P1.3

There are adware programs that redirect users, during a browser search, to similar-looking
websites that advertise other products. Easier adware removal. You just need to find the
executable malicious code and remove it.

Device theft: are attacks that can be hardware or software devices that often come from their
own employees who can take important company data and documents and sell them to a
malicious competitor. Great damage to the business

External attacker: These people are often called Hackers, these people are knowledgeable about
computer systems, computer networks, can write or modify computer software and hardware to
change and modify it for many good and bad purposes. is different. together.

Natural disaster: they often use skills (programming, software, hardware, network ...) and at the
same time take advantage of security holes to illegally interfere with software, hardware,
computers, and systems. computer, computer network to change its inherent functions to his
liking. Some hackers will take other people's personal information or bank cards to benefit

themselves.
 Image P1.4

Industrial spy: is software that collects information from servers (usually for commercial
purposes) over the Internet without the knowledge and permission of the server. Typically,
spyware is installed secretly as part of a bundle of freeware and shareware that people can
download from the Internet. Once installed, spyware coordinates the activities of servers on the
Internet and quietly transfers information to another machine (usually owned by advertising
agencies or by hackers). Spyware also collects information about email addresses and even
passwords and credit card numbers.

Image P1.5
Terrorism: Recently, the act of using spatial networks to gain prominence as a global tool. Along
with the rapid development of information technology, the internet, and cyberspace have
opened up new activities for organizations and individuals to arrange and arrange activities.

In the world, many activities are organized to spread information, call for terrorism, attack cyber
to distribute main influence, diplomatic, psychological and total failure for society and
community. Typically, hackers used Stuxnet malicious code to attack the supervisory control and
data acquisition (SCADA) system, reducing operations, destroying uranium-enriched goods of
Iran's Busher nuclear power plant,

4. Give an example of a recently publicized security breach and discuss its consequences
What are the recent 2018/2019/2020 security breach? List and give examples with dates
- T-Mobile vulnerability leaked sensitive customer data
In December 2020, T-Mobile was attacked again this year, this is the fourth incident in the past
three years. This is due to weak cybersecurity infrastructure, lack of additional safeguards to save
costs compared to having to pay fines imposed by the Federal Trade Commission in schools.
violation case. It's unclear if T-Mobile is one of them.

Image P1.5
The first T-Mobile attack of 2020 was confirmed in March 2020, when cybercriminals gained
access to employee email accounts and stole T-Mobile employee data and a number their
customer.
Discuss the consequences of this breach?
T-Mobile shared that the breach affected only 0.2% of its 100 million customer database, which
equates to about 200,000 users. The stolen data does not allow hackers to steal identities or take
money from users' bank accounts, but this information could be used by them for other schemes.
Suggest solutions to organizations.
should strictly control the use of better information security technologies to manage customer
information to avoid leaking customer information
- Wawa
In January 2020, more than 30 million payment cards were for sale on the Joker's Bazaar black
market. Investigators discovered the cards were displayed from the US chain store Wawa.

Image P1.6
 Wawa discovered the data leak in December 2019 but it is believed that the hacker attacked
Wawa's system 9 months ago. Hackers stole sensitive information in Wawa's system by installing
malicious code into the payment software.
Discuss the consequences of this breach?
The number of leaked payment cards may be greater than 30 million because experts believe
that hackers want to sell cards in small batches to avoid discounts.
Suggest solutions to organizations.
Install anti-virus programs, malware, spyware, information-stealing software... Implement
measures to prevent and prevent theft of customer information on terminals such as ATM, POS,
KIOS. Check security equipment regularly to detect errors and quickly fix the system.
II) P2 Describe at least 3 organizational security procedures.
1. Mention and discuss about 3 procedures organization uses to improve or provide
organizations security
Data Encryption Standard (DES): One of the first widely popular symmetric cryp-
tography algorithms was the Data Encryption Standard (DES). The predecessor of DES

was a product originally designed in the early 1970s by IBM called Lucifer that had a
key length of 128 bits. The key was later shortened to 56 bits and renamed DES. The
U.S. government officially adopted DES as the standard for encrypting nonclassified
information.
Triple Data Encryption Standard (3DES) :Triple Data Encryption Standard
(3DES) was designed to replace DES. As the name implies, 3DES uses three rings
encryption instead of just one. The ciphertext of a round becomes the entire input

for the second iteration. 3DES uses a total of 48 iterations in its encoding (3 iterations-
tions times 16 rounds). The most secure 3DES versions use different keys for each
 Advanced Encryption Standard (AES): Advanced Encryption Standard (AES)
is a symmetric cipher that was approved by NIST in late 2000 to replace
DESIGN The process begins with NIST publication requirements for a new symmetry
algorithms and request recommendations. After a long process that requires cooperation
of government, industry, and higher education in the United States, five finalists were selected,
with
the ultimate winner is an algorithm called Rijndael, but more commonly known as AES,
which is currently the official US government encryption standard.
III) P3 Identify the potential impact to IT security of incorrect configuration of firewall

policies and IDS.

1. Discuss briefly firewall and policies, its usage and advantages in a network.
A firewall is a network security system, which can be hardware or software based, that uses rules
to check traffic coming in and out of the system. Firewalls act as a barrier between global
networks and unsecured networks. It checks the access to network resources through a master
control model. That is, only traffic that conforms to the policy defined in the firewall can access
the network, all other traffic is denied.
A firewall is a network security system, which can be hardware or software based, that uses rules
to check traffic coming in and out of the system. Firewalls act as a barrier between global
networks and unsecured networks. It checks the access to network resources through a master
control model. That is, only traffic that conforms to the policy defined in the firewall can access
the network, all other traffic is denied.
2. How does a firewall provides a security to a network
The job of a firewall is quite difficult, because there is a lot of legitimate data that needs to be
authorized to enter or exit a computer connected to the network. For example, when we visit the
website Quantrimang.com, read news, new technology tips, the website's information and data
needs to be transmitted from and to the computer via the network to complete this process.
A firewall needs to know the difference between legitimate traffic like this and other types of
malicious data.
Firewalls use rules or exceptions to work with good connections and discard bad ones. In general,
this process is done in the background, the user is invisible or does not need to interact at all.
3. Show with diagrams the example of how firewall works
Firewall works closely with TCP/IP protocol, because this protocol works according to the
algorithm to split the data received from applications on the network, or more precisely, the
services running on the protocols ( Telnet, SMTP, DNS, SMNP, NFS ...) into data packets (data
packets) and then assign these packets identifiable and reproducible addresses at the destination
to be sent, so Firewall types are also related is very much concerned with packets and their
address numbers.
The packet filter allows or denies each packet it receives. It examines the entire data segment to
decide whether the data segment satisfies one of the packet filtering rules. These packet filtering
rules are based on the information at the beginning of each packet (header), which is used to
allow the transmission of those packets over the network. Consists of:
• IP address of origin (Source)
• IP address of destination (Destination)
• Communication procedures (TCP, UDP, ICMP, IP tunnel ...)
• TCP/UDP port of origin
• TCP/UDP port of destination
• ICMP message format
• Incoming packet interface
• Outgoing packet interface

Imag p3.1
4. Define IDS, its usage, show with diagrams examples
IDS detects based on specific signatures of known threats (in the same way that anti-virus
software relies on special signatures to detect and remove viruses) or on comparison of current
network traffic with baseline (the system's standard measurement is acceptable at the moment)
to look for unusual signs.
The most important features of an Intrusion Detection System – IDS are:
Monitor network traffic and suspicious activities.
Warning about network status for system and administrator.
Combined with monitoring, firewall, anti-virus systems to form a complete security system.
Advantages:
Provides a comprehensive view of the entire network traffic.
Helps to check for problems with the network system.
Use to gather evidence for investigation and incident response.
Limit:
May cause false alarms if the configuration is not correct.
The ability to analyze encrypted traffic is relatively low.
System implementation and operation costs are relatively large.
5. Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration
to the network.
Although this world can learn the technical implications of a firewall, it is not breathing with the
security system and understanding the mentality and techniques of insidious hackers. As a result,
firewalls can be breached due to misconfiguration, allowing attackers to jump into the network
and cause disaster.
IV) P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a

network can improve Network Security

1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as
advantage
A DMZ host is a DMZ server that acts as a separator between an external user (Internet) and a
private server (local area network or wide area network). The DMZ is commonly used by
corporations and contains a device that accepts Internet traffic such as DNS, FTP, and Web
servers.

Image p3.2
Corporations use DMZ hosts because the subnet is separate from the local area network (LAN)
from other untrusted networks, usually the internet. External servers, data and services will be
located in the DMZ. So, they are accessible from the internet, but the rest of the local LAN
remains inaccessible. This creates an extra layer of security for the LAN so that it can reduce the
possibility of hackers accessing the server and internal data directly over the internet.
In the protection of the internal network, we have many ways to design DMZ, SecurityBox sends
you two common methods that are using single firewall and dual firewall. Using a single firewall
will have devices connected to the network interface card (NIC) to connect from the DMZ, LAN,
 and Internet respectively. With the use of dual firewall, there will be 2 firewall devices. Each
device will have 2 NICs. Firewall 1 will connect to Internet and DMZ, firewall 2 will connect DMZ
and LAN. This method is quite expensive compared to the first method. However, compared to
the single firewall method, it is much more secure.
DMZ was created to secure the LAN system with two roles: providing services for the host of the
LAN and hosts from other LANs, as well as at the same time protecting the hosts in the LAN from
being hacked. Hackers attack hosts on other LANs.
2. Define and discuss with the aid of a diagram static IP focus on usage and security function as
advantage
A static IP address is simply one that doesn't change. Once your device is assigned a static IP
address, that number usually stays the same until the device stops working or your network
architecture changes. Static IP addresses are often used by servers or other critical equipment.

Static IP addresses are assigned by an Internet Service Provider (ISP). Your ISP may or may not
allocate you a static IP address depending on the nature of your service agreement. We'll
describe your options a bit later, but for now assume that a static IP address will add to the cost
of your ISP contract.

Static IP addresses can be IPv4 or IPv6; In this case, the important quality is static. One day, every
bit of networked device we have may have a unique static IPv6 address.
3. Define and discuss with the aid of a diagram NAT focus on usage and security function as
advantage
Network address translation (NAT) is the process of mapping an internet protocol (IP) address to
another by changing the header of an IP packet as it travels through a router. This improves
security and reduces the number of IP addresses an organization needs.
NAT works by selecting ports that lie between two local networks: the internal network and the
external network.
The NAT ("natting") mechanism is a feature of routers and is often part of corporate firewalls.
NAT gateways can map IP addresses in a number of ways:
from a local IP address to a static global IP address;
hide the entire IP address space including private IP addresses after a single IP address;
to a large private network using a single public IP address using translation tables;
from a local IP address plus a specific TCP port to a public address or group of public IP addresses;
and
from global IP addresses to any group of local IP addresses on a round-robin basis.

What are the advantages of NAT?

Saving IPv4 addresses: The number of users accessing the internet is increasing day by day. This
leads to the risk of IPv4 address shortage. The NAT technique will help reduce the number of IP
addresses that need to be used.

Helps hide IP inside LAN.

NAT can share the internet connection for many different computers and mobile devices in the
LAN with only a single public IP address.

NAT helps network administrators filter incoming packets and approve public IP's access to any
port.
References
ACADEMY, B. K. I., 2014. Implementing Firewall Technologies. Bach Khoa IT ACADEMY ed. Ha Noi: Bach Khoa IT
ACADEMY.

ACADEMY, B. k. I., 2014. Securing the Local Area Network. Bach khoa IT ACADEMY ed. Ha Noi: Bach khoa IT
ACADEMY.

AtheNa, t. t. d. t. m., 2005. CCNA CiscoCertìied Network Associate. trung tam dao tao mang AtheNa ed. TPHCM:
trung tam dao tao mang AtheNa.

David kim, M. G., 2018. Fundamenttals of information System Security. David kim, Mchael G.solomon ed. USA:
Jones & Bartlett Learning, LLC, an Ascend Learning Company.

Mark Ciampa, P., 2015. CompTIA Security+ SY0-401 Examination Objectives. Mark Ciampa, Ph.D. ed. Australia:
Nelson Education, Ltd..

p.pfleeger, c., January 2015. Security in Computing. Charles P. Pfleeger ,Shari Lawrence Pfleeger,Jonathan
Margulies ed. New York: Pearson Education, Inc..

Tran Van Tao, T. T. L., 2015. Giao trinh An toan Bao mat du lieu. Tran Duc Su ed. TPHCM: Tran Duc Su.

VNPRO, T. T. t. h., 2016. CCNA SECURITY – CISCO CERTIFIED NETWORK ASSOCIATE SECURITY. Trung Tam tin hoc
VNPRO ed. TPHCM: Trung Tam tin hoc VNPRO.