DEPARTMENT OF INFORMATION TECHNOLOGY & COMMUNICATION POLYTECHNIC

KUALA TERENGGANU

DFN40143 - NETWORK SECURITY

PROBLEM BASED TASK (50 Marks)

CLO 1P: Reproduce various technique using various tools and technologies effectively to protect the
given network from attacks and threats

PLO 3: Display Information and Communication Technology (ICT) skill in performing diagnostic and
documenting processes in ICT related fields

Scenario

Berjaya Sentiasa College wants to create a Security Policy for protect its physical and information
technology (IT) assets especially server room. You as an IT Officer for the college must do as follow:

1. Find ONE (1) REAL network attacks, threats or security breaches in Malaysia. Elaborate the
process of attacks, user/organization involved and location. (include reference either from
website/book/magazine/journal/newspaper)
1.1 Network attack type:
Phishing attack
A phishing attack is a type of network attack in which cybercriminals
trick individuals or organizations into revealing sensitive information,
such as usernames, passwords, credit card details or other personal
and financial data. These attacks usually occur through fraudulent
communication channels, such as email, text messages or websites,
designed to impersonate trusted entities such as banks, social media
platforms or reputable organizations.
1.2 Case of network attack:
Fraud cases press 'link
Fraud cases press link usually occurs when a person receives a link from
syndicate that asks for personal information such as bank account, email
and more to enter. He will also provide a transaction verification pass
(OTP) number in addition to the relevant password.

https://www.utusan.com.my/berita/2022/11/kes-penipuan-tekan-link-rm3-64j-
kerugian-direkodkan-tahun-ini/
2. Explain FOUR (4) effects to server room after the attacks happen.

i) Compromised Data and Security Breaches: Phishing attacks often involve tricking individuals
into revealing sensitive information such as usernames, passwords or financial details. If
successful, an attacker can gain unauthorized access to the server room and compromise the
security of the data stored in it.

ii) Interrupted Operations and Downtime: Phishing attacks may disrupt the normal functioning of
the server room and affect its operations. Attackers may use malware or ransomware that can
spread throughout the network, causing system failures, server crashes, or making critical services
unavailable.

iii) Damage to System Integrity and Configuration: In some cases, phishing attacks can result in
unauthorized access to server room infrastructure, allowing attackers to modify or manipulate
system configurations. This unauthorized access can lead to the alteration of critical settings, the
deletion or modification of files or the installation of malware.

iv) Loss of Trust and Credibility: If a server room falls victim to a phishing attack, it can affect the
trust and credibility of the organization that manages the server room. Customers, clients or other
stakeholders may lose confidence in the organization's ability to protect their data and maintain a
secure environment
3. Create a Server Security Policy for the college. The policy must be included this information
below:
i. 3.1 Purpose
The purpose of this policy is aims to establish proactive measures to prevent
phishing attacks from successfully attacking all students and staff at Polytechnic
Kuala Terengganu. This includes implementing security controls such as email
filtering, web filtering and anti-phishing solutions to block malicious emails and
websites commonly used for phishing. It also involves raising awareness among
students and staff at the Kuala Terengganu Polytechnic about phishing techniques

ii. 3.2 Scope

This policy Uses servers owned by Polytechnic Kuala Terengganu and operated or
managed by Polytechnic Kuala Terengganu entirely, including physical and virtual
servers.Network devices, storage devices and backup systems associated also with
server infrastructure.

This policy Implements an email filtering solution to block known phishing emails.Use
a web filtering system to block access to known phishing websites.

This policy will ensure that the work of reviewing and updating the Server Security
Policy is always done to deal with emerging phishing techniques, evolving threats
and changes in the Kuala Terengganu Polytechnic environment. Involve relevant
stakeholders, such as staff and students

iii. 3.3 Objective

The objective of this policy is to Raise awareness and educate staff and students at
Polytechnic Kuala Terengganu about phishing techniques and safe computing
practices.

The objective of this policy is to Establish mechanisms and procedures to detect and
identify phishing attempts targeting Kuala Terengganu Polytechnic's server
infrastructure.

The objective of this policy is to evaluate the effectiveness of the policy and make
the necessary improvements to improve Kuala Terengganu Polytechnic's defense
against phishing attacks.
iv. 3.4 Policy
Kuala Terengganu Polytechnic is committed to protecting server infrastructure from
phishing attacks, which pose a significant risk to the confidentiality, integrity and
availability of sensitive information. This policy sets out guidelines and measures to
prevent, detect and respond to phishing attacks targeting Polytechnic Kuala
Terengganu servers.
 4. Design a Secure Server Room for the college that have a physical security implementation
with its layout and elaboration.
(You can use Packet Tracer to design the server room)

Guidelines:-

 3 - 4 students per group

 Total marks (50 Marks)
 Report must be softcopy and upload in link PBT in Google Classroom.
 Report criteria
o Cover Page
o Table Of Content
o Content should not be more than 10 pages
o Reference based on APA standard
 RUBRIC
CLO 1P: Reproduce various technique using various tools and technologies effectively to protect the given network from attacks and threats

Excellent Good Moderate Poor Weightage Standard Score

Criteria
4 3 2 1 100%
The provided The provided information The provided information The provided information
Network ___ / 4 *
information was was most part necessary and was half necessary and not was less necessary and not 25
Attack 25
necessary and sufficient sufficient sufficient sufficient

Provide a clear and

Effect after Provide a detailed of the Provide a general Provide only basic ___ / 4 *
concise description of 15
attack effect information of effect information of the effect 15
the effect

Server Provide a clear and Provide a general Provide only basic

Provide a detailed of the ___ / 4 *
Security concise description of information of the information of the 30
security 30
Policy the security security security

Design All elements are

Component present with Components present and ___ / 4 *
secure present and very well Most components present 30
good cohesive mostly well integrated 30
server farm integrated
Total
Score