ASSIGNMENT 1 FRONT SHEET
Qualification

BTEC Level 5 HND Diploma in Computing

Unit number and title

Unit 5: Security

Submission date

Date Received 1st submission

Re-submission Date

Date Received 2nd submission

Student Name

Student ID

Class

Assessor name

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1

P2

P3

P4

M1

M2

D1


 Summative Feedback:

 Resubmission Feedback:

2.1

Grade:
Lecturer Signature:

Assessor Signature:

Date:



Note: Nếu muốn support C, C#, Networking, Database, project web, 1633,
security_zalo 0962.986.805 or fb Nguyen Long | Facebook

Table of Contents
TABLE OF CONTENTS

2

3.1

LIST OF FIGURES

3

INTRODUCTION:

4

TASK 1 - IDENTIFY TYPES OF SECURITY THREAT TO ORGANIZATIONS. GIVE AN EXAMPLE OF A
4

RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1)
1.1. THREATS

4

1.2. IDENTIFY THREATS AGENTS TO ORGANIZATIONS

5


1.3. LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE

5

1.4. WHAT ARE THE RECENT SECURITY BREACHES? LIST AND GIVE EXAMPLES WITH DATES

9

SOME SECURITY BREACHES

9

EXAMPLES WITH DATES

10

THE CONSEQUENCES OF THIS BREACH

10

SUGGEST SOLUTIONS TO ORGANIZATIONS

11

TASK 2 - DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2)
ORGANIZATIONAL SECURITY PROCEDURE

11
11


TASK 3 - IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF
FIREWALL POLICIES AND IDS (P3)

13

3.1. FIREWALLS AND POLICIES, THEIR USAGE, AND ADVANTAGES IN A NETWORK

13

3.2. THE FIREWALL PROVIDE SECURITY TO A NETWORK

15

3.3. SHOW WITH DIAGRAMS THE EXAMPLE OF HOW FIREWALL WORKS

16

3.4. DEFINE IDS, ITS USAGE, AND SHOW IT WITH DIAGRAMS EXAMPLES

17

3.5. THE POTENTIAL IMPACT (THREAT-RISK) OF A FIREWALL AND IDS IF THEY ARE INCORRECTLY CONFIGURED IN A NETWORK
20
TASK 4 - SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN A
NETWORK CAN IMPROVE NETWORK SECURITY (P4)

21

4.1. DMZ


21

4.2. DMZ USAGE AND SECURITY FUNCTION AS ADVANTAGE

23

4.3. STATIC IP.

24

4.4. STATIC IP USAGE AND SECURITY FUNCTION AS ADVANTAGE

24


4.5. DEFINE AND DISCUSS NAT

25


4.6. NAT ITS USAGE AND SECURITY FUNCTION AS ADVANTAGE

26

CONCLUSION

27

BIBLIOGRAPHY


27

List of figures
FIGURE 1: SECURITY THREAT...................................................................................................................................................... 4
FIGURE 2: TROJAN HORSE........................................................................................................................................................... 6
FIGURE 3: WANNACRY RANSOMWARE........................................................................................................................................ 7
FIGURE 4: ADWARE..................................................................................................................................................................... 7
FIGURE 5: SPYWARE................................................................................................................................................................... 8
FIGURE 6: WORM....................................................................................................................................................................... 9
FIGURE 7: FIREWALL................................................................................................................................................................ 13
FIGURE 8: FIREWALL POLICIES.................................................................................................................................................. 14
FIGURE 9: PACKET FILTERING.................................................................................................................................................. 15
FIGURE 10: STATEFUL INSPECTION........................................................................................................................................... 16
FIGURE 11: HOW FIREWALLS WORKS......................................................................................................................................... 17
FIGURE 12: THE USAGE OF IDS................................................................................................................................................. 18
FIGURE 13: NIDS..................................................................................................................................................................... 18
FIGURE 14: HIDS..................................................................................................................................................................... 19
FIGURE 15: EXAMPLE FOR IDS................................................................................................................................................. 20
FIGURE 16: DMZ..................................................................................................................................................................... 22
FIGURE 17: DEMILITARIZE ZONE DIAGRAM.............................................................................................................................. 23
FIGURE 18: STATIC IP............................................................................................................................................................... 24
FIGURE 19: NAT...................................................................................................................................................................... 25
FIGURE 20: EXAMPLE OF NAT.................................................................................................................................................. 26

3


Introduction:
Security is a leading important area in the field of information technology, it determines the

smooth operation of an application, website or internal system of the company. In this
assignment, risk will be discussed along with the problems associated with it. Some examples
of security breaches and ways to overcome security risks will be given. At least 3 organizational
security procedures will be introduced. Firewalls and IDSs will also be introduced and assessed
for the potential risk of misconfiguring them. DMZ, static IP and NAT will also be discussed
and analyzed for advantages.
Task 1 - Identify types of security threat to organizations. Give an example of a recently
publicized security breach and discuss its consequences (P1)
1.1. Threats
A security threat is an act with bad intentions such as "crash" or steal data, user information, damage
the system of a company, business or organization. The threat may occur in the near or distant future.

Figure 1: Security threat
It can be said that system security is the only method to be able to solve and close the vulnerabilities as
well as potential risks of a system. Security is a difficult area for developers, especially as more

4


and more bad guys find vulnerabilities to attack there. There are two types of risks that often appear:

Physical threats and Non-physical threats.
Hardware-related problems can appear and disrupt the connection and lose data of the server. A few
examples of physical risks that can come from failure due to time, weather, human or humidity.

However, the risk of non-physical problems is the main issue to discuss. Non-physical issues can
cause data loss, data exposure, slow connections, and other security-related issues. The main
causes are a network attack with different purposes, spreading computer viruses, spyware,
unauthorized access to computers to access data, and software containing code other poison.
These non-physical risks are always difficult problems and can only be solved by system security

methods.
1.2. Identify threats agents to organizations
A threat actor is an active entity having a financial motivation to target an organization's or
individual's equipment, operations, or systems. Threat actors can be identified as distinct
organizations or persons, or they might be classified based on their aims or ways of operation
(Anon., 2016).
Some of the threat actors are countries, employees, hackers, terrorists. Enemy countries, large
countries interfere or attack the systems of other countries. Employees can also reveal confidential
company information for objective or subjective reasons, allowing bad guys to get hold of the
information and carry out an attack that bypasses the security layer. Some viruses (malicious code)
are created with the goal of spreading mass regardless of corporate or personal devices. Hackers
and terrorists infiltrate and attack the systems of state organizations, flights, ... for political reasons.
Most attack actors have monetary or political purposes.
1.3. List type of threats that organizations will face
Cyber thieves are becoming more sophisticated in their assault techniques and gaining access to
companies' networks. There are a variety of security issues that might affect an organization's ability

5


to stay in business. As a result, there is no way to know for sure whether or not a corporation is
under assault. The following are the many sorts of security dangers that businesses face, which can
help them take preventative measures:
A Trojan horse is a malicious program developed by a hacker to become legitimate software
with the purpose of accessing the system of a company, business or organization. It is designed
to delete, modify, corrupt, or intercept data or networks. The victim receives an email with an
attachment that seems like it came from the government. Malicious code may be embedded in
attachments, which is run as soon as the victim clicks on it. The victim was unaware or had no
suspicion that the attachment was a Trojan horse in this case.


Figure 2: Trojan horse
A virus is a type of malicious code that can infect a computer when a user clicks on a link, opens a
web page or downloads an unknown file and opens it. Users are difficult to detect until signs
appear such as slow machine, data loss or worse, locked. However, there are many good anti-virus
software that can be used to avoid the intrusion and destruction of viruses.

6


Figure 3: WannaCry ransomware
Adware is a type of software that contains commercial and marketing-related advertisements, such
as those that appear on a company's computer screens in the form of plop-ups or bars, banner
advertising, or videos. Adware is mostly Web-based and collects data from web browsers in order
to target advertisements, mainly pop-ups. Freeware and pitch ware are two terms used to describe
adware.

Figure 4: Adware

7


Adware operates by redirecting us to an advertising website and collecting information from us when
we click on certain types of adverts. By monitoring our online actions and selling that information to a
third party, it may also be used to steal all of our sensitive information and login passwords.

Spyware is a sort of unwanted security threat to businesses that installs itself on a user's computer
and gathers sensitive data such as personal or company information, login passwords, and credit
card information without the user's knowledge. This sort of attack keeps track of our online
activities, logs our login credentials, and snoops on our personal information.


Figure 5: Spyware
Some actions that can be monitored by spyware are keystrokes, screenshots, reading cookies,
passwords, etc. Spyware can be installed as typical malware, such as phishing advertising, emails,
and instant messaging, or it can be installed automatically or as a hidden element of a software
package.
Worms are similar to viruses in that they replicate themselves, while viruses do not. The way a
computer worm spreads: It may propagate without the help of humans by exploiting software
security weaknesses and attempting to get access to steal important information, corrupt files, and
install a back door allowing remote access to the system.

8


Figure 6: Worm
Backdoors and security weaknesses in OS systems and apps are exploited by worms. They look for
other computers on the network or on the Internet that are running the same programs and
spreading to other computers. Worms do away with the need for individuals to access and run
malware. A computer worm is a type of malicious software that spreads over global network
connections in search of victims. Worms are particularly dangerous because they obtain access to a
computer by exploiting known computer vulnerabilities (such as a hole in the security system).
1.4. What are the recent security breaches? List and give examples with dates
A security breach occurs when an intruder gains unauthorized access to an organization's protected
systems and data, bypassing the system's security layers, they can obtain information. Security
breach means an attempt to interfere, break into a certain system of individuals or groups.
Violations may involve data theft or destruction of data or IT systems, and other malicious actions.
Some security breaches
• Viruses, spyware, and other malware: Cybercriminals routinely employ malicious software to
gain access to secure networks.

9



• DDOS (Distributed Denial of Service): A type of denial-of-service assault that can knock
websites offline. Hackers can make a website - or a computer - inaccessible by overwhelming it
with traffic. Because DDoS attacks have the ability to overwhelm an organization's security
equipment and business capabilities, they are regarded as a security breach. Action, vengeance, or
blackmail might be the motivation. During an attack, anyone who has a legitimate business
relationship with an organization will be unable to access the website.
Examples with dates
In August 2013, Yahoo exposed more than 1 billion user account information, this number is
actually 3 billion accounts (2016), a certain security problem that was used by hackers to take this
bad action (Hill and Swinhoe, 2021).
Alibaba is a firm with 1.1 billion users (as of November 2019). Using the crawler software he
designed, a developer working for an affiliate marketer acquired consumer data from Chinese retail
website Alibaba, Taobao, over an eight-month period, including usernames and mobile phone
numbers. It appears that the developer and his company gathered the data for their own purposes
rather than selling it on the illicit market (Hill and Swinhoe, 2021).
In June of this year, LinkedIn exposed the information of 700 million members. LinkedIn's 700
million members' data was leaked on a dark web forum in June 2021, impacting more than 90% of
the company's users. Before selling the initial set of informative datasets of around 500 million
consumers, a hacker known as "The God User" employed a data-gathering approach by accessing
the website's (and others') APIs. After that, they boasted about selling their full 700 million client
database (Hill and Swinhoe, 2021).
The consequences of this breach
The biggest consequence is data loss, for each company and user, personal information is very
important, it must be secure. For example, revealing a phone number can be annoying, if the
information on a bank account is exposed, it is a bad thing. Currently, companies always put the
protection of personal information first, it also determines the existence of that company or
website.


10


Followed by downtime, a website under DDOS attack can be down for a few minutes to several
hours, affecting the user experience.
The next consequence is financial loss, a sales website earns money over time, if it is stalled for
too long, it will lose a large amount of revenue. In addition, any loss can be converted into
financial loss.
If a website is hacked then users will lose trust in that website. People cannot hand over
personal information to a company that could expose user information.
Suggest solutions to organizations
Some of the security-related measures that can be taken are detecting vulnerabilities and
security risks and fixing them; training and recruiting high-quality IT force on data security,
user data encryption; timely response to attacks on the system. In addition, experts in data
security can be invited to consult and check the enterprise's system.
Use corresponding software to combat risks such as viruses, spyware, ... Instruct users on how
to secure information such as password length, post notices of dangerous causes so that users
can prevent.
Improve the best system for users such as 2-factor authentication, check login history.
Confidentiality of information even for employees in the company.

Task 2 - Describe at least 3 organizational security procedures (P2)
Organizational security procedure
A security process is a collection of steps that must be followed in order to complete a certain
security duty or function. Procedures are often developed as a set of actions to be performed in a
consistent and repeatable manner to achieve a certain goal. Security procedures, once developed,
give a set of defined steps for performing the organization's security affairs, making training,
process auditing, and process improvement easier. Security procedures are created to ensure that a
security control or a security-related business process is implemented consistently. They must


11


be followed every time a control is implemented or a security-related business process is carried
out. Furthermore, security protocols guide the person doing the action to the intended outcome.
Define data security procedures: Information security is a field that deals with a wide variety of
computer security and information assurance issues. Information security refers to preventing
unauthorized access, use, disclosure, disruption, alteration, tracking, inspection, recording, or
destruction of data and information systems. Establishing logical controls to monitor and manage
access to sensitive (secret or classified) information is part of software engineering. Data security is
a subset of information security features that a software product can provide. The following
information security functions and processes must be defined: User account administration,
identification, authentication, and authorisation are all part of access control. Information is
protected by access control, which prevents unauthorized persons from accessing sensitive data.

Anti-Virus Process: This process defines criteria for how all computers linked to an
organization's network must respond to an application in order for virus detection and
containment to be effective. Anti-virus software that is supported for installation on all servers
and servers and is updated on a regular basis. Additionally, anti-virus software and virus sample
files must be updated. Any virus-infected device must be withdrawn from the network until it is
confirmed virus-free by an Information Security Officer or someone who is solely responsible
for virus-free devices.
Physical security processes: When we wish to walk inside a system's entrance or gate, we may
grasp physical security procedures. This technique has to do with access control; each user on
the system has a separate set of permissions. In most systems, there is always an administrator
with the highest power and access to all rooms or components of the system. Aside from that,
we have a regular employee that can only work in their own room and is unable to access
another. Here, procedures are those that allow or disallow an employee or user to enter a room
or a system. In reality, today's systems and organizations all have several physical security
processes, and AI will automate all of them.


12


Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies
and IDS (P3)
3.1. Firewalls and policies, their usage, and advantages in a network
A firewall is a device (a mix of hardware and software) or a program (software) that regulates
the flow of Internet Protocol (IP) traffic into and out of a network or electronic device
(Chadwick, 2021). Firewalls are used to inspect network traffic and apply regulations depending
on the Ruleset of the firewall. Firewalls are used to protect against cyber attacks on computer
resources or information.

Figure 7: Firewall
The organization's Internet access security policy, the mapping of the security policy into the
technical designs and procedures to be followed when connecting to the internet, and the wall
system firewalls, which are hardware and software implementations of the firewall, are the
components that make up a firewall. Every one of these firewall components is necessary. A
firewall system that lacks an Internet access security policy can't be properly set. A policy that
isn't backed up by processes is meaningless since it will be disregarded (Chadwick, 2021).

13


Firewalls are divided into two categories: "Network" and "Host": A network firewall is often a
device that is connected to a network and controls access to one or more hosts or subnets; a
server firewall is typically a program that targets a single host (personal computer). Both
network and server firewalls may and are frequently used simultaneously.
You can use firewall policies to block or allow specific forms of network traffic that aren't
mentioned in a policy exception. The policy also decides whether or not firewall functions are

activated. One or more firewall profiles can have policies assigned to them.

Figure 8: Firewall policies
Firewalls have a number of advantages such as cost, safety, ease of control, stopping requests to
unsafe services (Chadwick, 2021).
Users can block requests to services that are fundamentally insecure, such as rlogin or RPC
services such as NFS. Users can restrict access to other services, such as blocking calls from

14


specific IP addresses or filtering service activity (both incoming and outgoing). Because there
are usually just one or a few firewall systems to focus on, they are less expensive than
protecting individual servers on a corporate network. They are more secure than guarding
individual hosts since firewalls often run a simpler operating system and don't run complicated
application software, and the number of servers that must be guarded is reduced (how secure is
the overall security). The server's strength is only as good as its weakest connection).
3.2. The firewall provide security to a network
Firewalls use one or more methods to control incoming and outgoing network traffic within a
network:
Packet Filtering: In this method, the packet will be analyzed and compared with the previously
configured filter. Packet filtering will have a lot of different principles depending on the
company's management policy. Every time a network traffic comes and goes, this packet will be
compared with the existing configuration in the firewall, if it is allowed the packet will be
accepted, if not allowed in the firewall configuration, the packet will be rejected going through
the network.

Figure 9: Packet Filtering
Stateful Inspection: This is a newer method, it does not analyze the contents of the packet,
instead, it compares the packet's form and pattern to its trusted database. Both incoming and

outgoing network traffic will be reconciled to the database.

15


Figure 10: Stateful Inspection
3.3. Show with diagrams the example of how firewall works
When a packet is transported over the network, it is broken down into packets. Each packet is
assigned an address so it can reach its destination, which is then recognized and re-established
at the destination. The addresses are stored in the header of the packet (header) and the Firewall
will rely on the packet's header to filter.
The packet filter has the ability to allow or deny each packet it receives. It examines the entire
data segment to decide whether the data segment satisfies one of the rules of packet filtering.
These packet filtering rules will be based on the information at the beginning of each packet
(Header), the header of the packet includes information such as Version, IP Header Length, Size
of Datagram.

16


Figure 11: How firewalls works
If the packet meets the pre-set rules of the Firewall, the packet is forwarded, otherwise, the
packet will be dropped. Controlling ports will allow the Firewall to control certain types of
connections that are allowed to enter the local network.
3.4. Define IDS, its usage, and show it with diagrams examples
IDS (Intrusion Detection Systems) is a hardware or software that analyzes network traffic and
warns system administrators to suspicious activity. The goal of an intrusion detection system
(IDS) is to identify and prevent acts that compromise system security or actions that are part of
the attack process, such as port detection and scanning. Internal assaults (from personnel or
consumers within the firm) and external attacks are also distinguished by IDS (from hackers). In

certain circumstances, IDS can respond to unusual/malicious activity by denying access to the
network to the user or source IP address.
Network instruction detection systems (NIDSs), host-based instruction detection systems
(HIDSs), and stack-based intrusion detection systems are the three types of intrusion detection
systems available today (SIDS).

17


Figure 12: The usage of IDS
In order to identify possible intrusions, a network intrusion detection system monitors network
traffic and hosts. The NIDS system is connected to a network hub, network tap, or network
switch that has been configured to facilitate network traffic monitoring. Monitoring stations are
placed in high-traffic locations of the network to analyse network data packets for possibly
harmful behaviors while putting up a network intrusion detection system.

Figure 13: NIDS
Host-based intrusion detection systems (HBIDs) are meant to have a single network host agent
that locates network intrusions using application logs, file-system alterations, and system call

18


analysis. A software agent is typically used as a sensor in a host-based intrusion detection
system (s). OSSEC and Tripwire are two examples of HIDS.

Figure 14: HIDS

As a successor technology to HBIDs, stack-based intrusion detection systems (SIDS) were
created. SIDS monitor network packets as they pass through the TCP/IP network stack. As a

result, the SIDS technology does not have to connect with the network interface in promiscuous
mode, which saves time and money.

19


Figure 15: Example for IDS
3.5. The potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly
configured in a network
As for the firewall, misconfiguration can pose many risks to the computer. If it is too
complicated, it will make accessing and accessing data slow because the security level is too
high and takes more time. On the contrary, if the configuration is too loose, the security level is
also poor, resulting in leaked data affecting the activities of individuals or businesses. Therefore,
administrators often install appropriate configurations for firewalls to avoid potential threats and
risks as above.
IDS is not really perfect, when misconfigured it can ignore a certain network attack because
false positives appear, each system will have its own type of attack. Another vulnerability of
IDSs that rely on signature files is updating the signature library to include the latest threats.
When undone, the network can be ready for attack from the most current threats. In addition, a
fake message attack is also possible. Therefore, the administrator must know how to recognize
and build the appropriate configuration.

20


Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security (P4)
4.1. DMZ
A DMZ Network is a perimeter network that protects an organization's internal local-area
network from untrusted traffic and adds an extra degree of protection. A DMZ is a subnetwork

that connects the public internet to private networks (Webb, 2014).
The purpose of a DMZ is to allow an organization to connect to untrusted networks, such as the
internet, while maintaining the security of its private network or LAN. External-facing services
and resources, as well as servers for the Domain Name System (DNS), File Transfer Protocol
(FTP), mail, proxy, Voice over Internet Protocol (VoIP), and web servers, are often stored in the
DMZ (Webb, 2014).
To guarantee that these servers and resources can be accessible through the internet but not the
internal LAN, they are segregated and given limited access to the LAN. As a result, using a
DMZ makes it more difficult for a hacker to acquire direct internet access to an organization's
data and internal servers.

21


Figure 16: DMZ

There are two commonly used DMZ configuration types: Single Firewall DMZ network and
Dual Firewall DMZ network.
A single firewall DMZ network consists of 3 main elements: a firewall, a switch, and a server.
The firewall is the only place that protects the network, the switch ensures the right movement
of traffic to the right space.
Network Dual Firewall DMZ is a dual firewall system, including firewall, DMZ, LAN. After
going through the first firewall, you can access the resources in the DMZ, then you have to go
through the second firewall to access the LAN.
Some of the servers that usually put the DMZ are web servers, FTP servers, email servers.

22


Figure 17: Demilitarize Zone Diagram

4.2. DMZ usage and security function as advantage
DMZ essentially adds another degree of protection to the internal network. By putting a cache
between external users and the private network, it restricts access to sensitive data, resources,
and services. Access control, stopping attackers from eavesdropping on possible targets, and
safeguarding enterprises from IP spoofing attacks are among the other advantages.
In addition, the DMZ provides other security benefits, such as:
Enable access control: Businesses can utilize the public internet to give consumers with access
to services outside of their network's reach. The DMZ provides access to these services while
also performing network segmentation to prevent unwanted users from gaining access to the
private network. A proxy server, which centralizes the flow of internal traffic and facilitates
monitoring and recording of that traffic, may be included in a DMZ.
Prevent network espionage: The DMZ acts as a barrier between the internet and a private
network, preventing attackers from conducting reconnaissance in search of possible targets.
Although the servers in the DMZ are accessible to the public, a firewall provides an additional
degree of protection by preventing an attacker from viewing the internal network. Even if the
DMZ system is hacked, the internal firewall will keep the private network distinct from the
DMZ, keeping it safe and preventing outside reconnaissance.

23