ASSIGNMENT 1 FRONT SHEET
Qualification

BTEC Level 5 HND Diploma in Computing

Unit number and title

Unit 5: Security

Submission date

10/10/2020

Date Received 1st submission

Re-submission Date

Date Received 2nd submission

Student Name

Student ID

Class

GCH1006

Assessor name

10/10/2020

Ha Trong Thang

Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.
Student’s signature
Grading grid

Tien


P1

P2

P3

P4

M1

M2

D1


 Summative Feedback:

 Resubmission Feedback:


2.1

Grade:

Assessor Signature:

Date:


Lecturer Signature:

Table of Contents
Introduction.................................................................................................................................................................4
Task 1 - Identify types of security threats to organizations. Give an example of a recently publicized security breach
and discuss its consequences (P1)................................................................................................................................4
1. Define Threat.......................................................................................................................................................4
2. Identify threats agents to organizations................................................................................................................4
3. List the type of threats that organizations will face:.............................................................................................5
4.What are the recent security breaches? List and give examples with dates...........................................................9
5. Discuss the consequences of this breach............................................................................................................11
6. Suggest solutions to organizations.....................................................................................................................11
Task 2 – Describe at least 3 organizational security procedures(P2)..........................................................................13
1. Definition:..........................................................................................................................................................13
2. Organizational security procedures :.................................................................................................................14
2.1 Incident Response (IR) Procedure:...............................................................................................................14
2.2 Discussion on Acceptable Use Policy..........................................................................................................17


2.3 Discussion on Remote Access Policy...........................................................................................................18
Task 2.1 – Propose a method to assess and treat IT security risks (M1)....................................................................19

Discuss methods required to assess security threats?.........................................................................................19
What is the current weakness or threats of an organization?..............................................................................21
What tools will you propose to treat IT security risks?......................................................................................21
Task 3 – Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)....25
1. Define Firewall..................................................................................................................................................25
2. Types of Firewall...............................................................................................................................................26
2.1. Firewall policies:.........................................................................................................................................27
2.2. Firewall usage:............................................................................................................................................27
2.3. Firewall advantage in the network:.............................................................................................................29
2.3. How does a firewall provide security to a network?....................................................................................29
2.4. Diagram of how the firewall works.............................................................................................................29
3. IDS.....................................................................................................................................................................30
3.1. Define IDS :................................................................................................................................................30
3.2.IDS usage:....................................................................................................................................................30
3.3. Diagram of how the IDS works...................................................................................................................31
3.4. Diagram example of the IDS.......................................................................................................................31
4. The Potential Impact (Threat-Risk) of a Firewall and IDS if they are incorrectly configured in a network.......33
4.1. Firewall:......................................................................................................................................................33
4.2. IDS :............................................................................................................................................................34
Task 4 – Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security(P4)................................................................................................................................................34
1. DMZ..................................................................................................................................................................34
1.1. Definition:...................................................................................................................................................34
1.2. DMZ usage and security function as advantage :........................................................................................35
2. Static IP..............................................................................................................................................................37
2.1. Definition:...................................................................................................................................................37
2.2. Static IP usage and security function as advantage.....................................................................................37
3. NAT................................................................................................................................................................... 38



3.1. Definitions :................................................................................................................................................38
3.2.Types of NAT :............................................................................................................................................38
3.3. NAT usage and security function as advantage...........................................................................................39
Task 4.1 – Discuss three benefit to implement network monitoring systems with supporting reasons (M2).............40
1.List of networking monitoring devices:..............................................................................................................40
1.1. Zabbix :.......................................................................................................................................................40
1.2. Nagios:........................................................................................................................................................42
1.3. Auvik :........................................................................................................................................................43
2.Why do you need to monitor networks?..............................................................................................................45
3.What are the benefits of monitoring a network?.................................................................................................46
Conclusion:................................................................................................................................................................47
References:................................................................................................................................................................ 48

Introduction
- In today's information and globalized world society, data routinely moves freely between individuals,
organizations, and companies. Data is really very important, and hackers are well aware of this. As a result
of the ongoing increase in cybercrime, there is indeed a rising need for security professionals to defend
and protect an organization from cyberattacks. This report will highlight some fundamentally basic
security theories, such as identifying the different types of security threats to organizations, overall
organizational security procedures, and firewall policies, including the use of IDS, DMZ, static IP
addresses, and NAT in networks, in order to assist my journey for in-depth knowledge in this field.


Task 1 - Identify types of security threats to organizations. Give an example
of a recently publicized security breach and discuss its consequences (P1)
1. Define Threat
- Information security risks include things like computer viruses, intellectual property theft, identity theft,
equipment or data breaches, sabotage, and information extortion. Threats include anything that has the
ability to breach security, modify, damage, or destroy a specific product or object of interest. For the sake
of this educational series, a threat is defined as a potential hacker attack that would allow someone access

to a computer system without authorization

2. Identify threats agents to organizations
2.1. Nation States :
Businesses that operate in certain areas, such as telecom, natural gas, mining, power generation,
and national infrastructure, could become targets for foreign nations, either to disrupt operations now or to
give that nation hold in the future in tough moments. There are countless cases of this, including the
alleged Russian meddling in the US Presidential elections, Sony's allegation that North Korea was to keep
blaming for their websites being damaged in 2014.

2.2 Non-target specific:
Every organization is vulnerable to random attacks since there are so many of them happening
every day. A non-target specific attack is best demonstrated by the WannaCry ransomware incident, which
affected over 200,000 computers in 150 countries. The NHS was closed down in the UK for a period of
time. Of course, there is also the busy student searching the web in a loft somewhere for a weak point.
2.3 Employees and Contractors:
Except for Zero-day viruses, computers and software programs do a decent job of preventing
malware. People are often the weakest link in the security system, whether it is on purpose or by mistake.
Common mistakes like sending the wrong email to the wrong person can happen, but most of the time we
notice the mistake immediately and can fix it. Simple measures like filing strong passwords might help to
minimize the impact of such mistakes.
2.4 Terrorists and Hacktivists:
The level of threat these individuals pose depends on your decisions, similar to the danger posed
by national governments. In spite of the continual risk of a random attack against you, some terrorists seek


to target particular nations or industries. Some of the organizations that did this are political parties,
activists, and religious followers,….
2.5 Corporates:
Although it is clear that the threat of a competitor stealing your property rights exists, we are

increasingly working with numerous alliance partners to fulfill skill and resource gaps or simply offer a
service. Depending on their objectives, these partner companies might steal or leak your intellectual
property or the private details you are storing

3. List the type of threats that organizations will face:
3.1. Cause by a human mistake:
- Accidental issues
- Poorly written programs
- Inadequately planned procedures
- Physical accidents
- User destruction of systems, apps, and data
- User security policy violation
- Disgruntled workers waging war on the business or creating sabotage
3.2. Cause by a human malicious activity:
- Botnet:


+ Botnet is a combination of the words "robot" and "network," is a group of personal computers that
are infected with malicious software and are controlled together without the owners' knowledge. They are
commonly utilized to spread lots and lots of spam, carry out DDoS assaults, and steal data and passwords.
For groups attempting to disrupt or infiltrate targets' systems, botnets can act as a force multiplier thanks to
their collective computing power.

- Cryptojacking:

+ Due to the illegal mining of cryptocurrency on some other user's computer is referred to as crypto
jacking. Hackers typically force their targets into clicking on a malicious email link that downloads a
crypto mining program onto the computer or else infect a website or online commercial with code that
immediately runs whenever the target browser loads it. As unsuspecting victims use their computers as
usual, the crypto-mining malware continues to run in the background. While using the computer, the

victim may notice slower performance, but otherwise, it may go undetected.


- Ransomware:

+ Malicious software known as ransomware threatens to steal or disclose the data of its victims or to
block users from accessing their computers until a ransom is paid. Ransomware has grown to be one of the
biggest problems in network security because it can paralyze large organizations and even whole cities.
However, there are situations when paying the ransom won't solve the issue. Cybercriminals may demand
payment even after the stolen data has already been erased.
- APT (Advanced Persistent Threat):

+ APT is a covert, persistent computer network attack in which a person or group gains access to a
network without authorization with the intention of remaining undetected for as long as possible in order
to spy, install unique malicious code on numerous computers for particular purposes, gather information,
and access sensitive, classified information. Historically, APT was linked to governments, but in recent


years, there have been several instances of major, non-state-sponsored entities carrying out targeted
incursions on a massive scale for other objectives.

4.What are the recent security breaches? List and give examples with dates
4.1 Security breaches definition:
- A security breach in cybersecurity refers to an attacker's successful attempt to gain unauthorized access
to a company's computer systems. Sensitive data theft, IT system corruption or sabotage, in addition to
known malicious destruction and reputation-damaging behavior, are all examples of breaches.

4.2 Recent Security Breaches, List and give examples with dates:
4.2.1: Nintendo (April 2020 )



Nintendo said that a rumored credential stuffing assault resulted in the compromise of 160,000
accounts in April 2020. Using user IDs and passwords that had been previously made publicly, hackers
were able to access user accounts, purchase virtual products using stored credit cards, and view personal
information including name, email address, date of birth, gender, and nationality.
The gaming company has been investigating the matter and eventually discovered that they think
140,000 more accounts were stolen, bringing the total of hacked accounts to 300,000. Users are advised
not to use the same password for numerous accounts and services, even though all impacted customers'
passwords have been reset.

4.2.2: CS.MONEY ( August 2022)
- CS.MONEY is one of the best sites for trading/selling/buying skin from a very popular gaming
known as Counter-Strike: Global Offensive (CSGO). It has been revealed that on August 12th, 2022,
CS.MONEY has been attacked by a group of hackers and reported that there are a total of $6 million
dollars’ worth of skin that have been stolen from this site. Originally they thought that hackers only stole
1.6 million dollars. And this leads to every other site that like Tradeit.gg, DMarket,.. to close down and
update their code in order to prevent this from happening.
4.2.3: Zoom (April 2020)
- At the beginning of April, while staff members were getting used it to their new work-from-home
environment, it was discovered that the virtual conference tool Zoom had faced a humiliating security
breach, exposing the login information of over 500,000 users. In yet another credential stuffing attack,
hackers appear to have gained access to the accounts by using username and password combinations that
were obtained in previous data breaches. Eventually, the data was available for purchase on hacker forums
on the dark web for as low as one penny. Information taken includes host keys, email addresses, personal
meeting URLs, and login credentials. Due to this, criminals were able to log in and attend meetings or
utilize the data for other malicious purposes.
4.2.4: Twitch (October 2021)
Twitch is one of the largest streaming platforms in the world for people that want to go on to play
games, and chat with other people. On October 7th,2021 Twitch put out a tweet from Twitter that their data
has been hacked due to server configuration changes. The hackers also leak out every information such as

username, and password from a streamer the most important is that the hackers leak how much money
Twitch or all the top streamers on the platform made from streaming, this is very personal and when they
leak out all of that information, everyone socks, and question twitch a lot.


The hacker hacked almost 100% of all the data in Twitch and know they are selling it on the
market for money.
4.2.5: Crypto.com(January 2022)
- Peck shield Security claims that 4,600 ETH, or almost $15 million, were stolen from
CryptoCrypto.com. Yesterday, users started to notice suspicious activity in their accounts. Crypto.com
promptly intervened to halt withdrawals, but not before the thieves stole the stolen Ethereum. Insinuating
that the hack happened on the company's hot wallets, Crypto.com asserts that no user funds were taken.
However, this does not explain why customers were the first to detect suspicious activity in their accounts.
Following a short period of time, Crypto.com acknowledged that certain users had experienced
"unauthorized activity" in their accounts, but added that "all funds are protected," which doesn't explain
why some users' accounts had lost ETH.

5. Discuss the consequences of this breach.
- Nintendo: Approximately 300,000 accounts have been impacted after 160,000 accounts were allegedly
hacked in a credential stuffing assault.
- CS.MONEY: A total of 6 million dollars’ worth of skin have been stolen and user data have been leaked
out to the public.
- Zoom: It was discovered that the virtual conferencing application had had an embarrassing security
breach, revealing the login information of over 500,000 users. On forums on the dark web, the data was
sold.
- Twitch: Hacker stole almost 100% of information and sell it to the market for money, almost every
streamer account gets deleted.
- Crypto.com: 4,600 ETH valued at roughly $15 million was hacked and moved to ambiguous wallets.

6. Suggest solutions to organizations.

- Develop a data breach prevention plan:
+ Get organized and create a plan of what you want to do and how you're going to do it. When dealing
with possible data breach concerns, you may also look back to your data breach prevention strategy. It's
important to remember that it cannot be a permanent solution to data breach. To assist in reducing dangers
that are always changing, it must be very adaptive. All the best practices mentioned in this post should be
part of your plan to avoid data breaches.


- Encrypt sensitive data:
+ In the case of a security incident, encryption may also be your only hope. This is due to the fact that any
data that is obtained by a hacker will be altered and rendered useless. Encryption is your closest
companion but if malicious actors are able to circumvent your security systems, it can be your only hope.
Any information obtained by hackers will be worthless if handled properly.

+ Small enterprises can make use of three main types of encryption technologies:
- Advanced Encryption Standard (AES)
- 256-bit encryption
- XTS block cipher
- Keep personal and business hardware separate:
+ Small businesses are a little bit different from most enterprises. They don't have a lot of resources,
therefore the temptation to use the same laptop for work and for personal usage is constant. Your risk
exposure might be greatly increased, though. Instead, it's preferable to get a second computer to share with
family and utilize a dedicated machine for your business. This strategy can significantly reduce the risk of
data breaches affecting your data. The data on both devices might potentially be encrypted as an additional
step.

Task 2 – Describe at least 3 organizational security procedures(P2)
1. Definition:
- Is a set of procedures that must be followed in order to carry out a certain security obligation or function
is known as a security process. Procedures are frequently created as a series of steps to be taken

consistently and repeatedly in order to accomplish a certain purpose. Once established, security procedures
provide a set of detailed methods for carrying out the organization's security operations, simplifying
training, process auditing, and process improvement. The consistency needed to prevent variation in
security operations is established via procedures, which enhances security control inside the company.


2. Organizational security procedures

:

2.1 Incident Response (IR) Procedure:
- Provide the necessary procedures for incident management, reporting, and monitoring, as well as incident
response training, testing, and support, to ensure that the is prepared to respond to cyber security
incidents, secure State systems and data, and avoid interruption of government services.


- This type of policy usually includes information about:
+ The organization's incident response team.
+ Each team member's role.
+ The people in charge of testing the policy.
+ How to put the policy into action.
+ The technological means tools, and resources that will be used to identify and recover compromised
data.


- Incidents Phases:
+ Preparation phase: The preparation phase refers to the teaching and preparing of system users and
the IT staff in responsible for responding to security concerns. Along with identifying potential
incidentrelated tools and resources, this phase should also adopt preventative measures including
conducting regular risk assessments and increasing user awareness.

+ Identification phase: Recognizing and identifying a security event, as well as determining the
seriousness and importance of the issue that was found. In this phase, incidents using popular attack
vectors (such as media, the Web,…) are identified. Additionally, detectable precursors are identified,
initial analysis and validation are performed through file integrity checking, data is filtered, and evidence
is preserved.
+ Containment phase: Instructions on how to separate systems that have been impacted by the assault
to avoid further damage to other systems.
+ Eradication phase: identifying the occurrence's origin and deleting the affected systems
+ Recovery phase: getting affected systems back to where they usually operate.
+ Post-incident phase: capturing the entire incident, conducting a thorough investigation,
identifying the cause of the incident, estimating related costs, and developing a plan to stop such
incidents in the future.
- Elements of an incident response policy:


+ Preparation: Create a team of internal incident responders, and create procedures to be followed in
the case of a cyberattack. Review security procedures and do risk evaluations that account for external
assaults, internal abuse/insider threats, and circumstances when external reports of possible security holes
and exploits are made. Know your most valuable assets and prioritize known security concerns or
vulnerabilities that cannot be fixed right away so you can focus on serious security events involving
important infrastructure and data.
+ Identification of an incident response team: Establishing an incident response team centralized
incident response teams and distributed incident response teams are the two different forms of incident
response teams. Large firms are more likely to utilize the second kind because it enables them to
successfully coordinate personnel in settings with different cultural, linguistic, and legal contexts, whereas
small organizations are more likely to use the first form.
+ Information about the system: System specifics, such as network and data flow diagrams, hardware
inventories, and logging data, should be included in the policy.
+ Incident handling and reporting procedures: Another important section of the policy should define
the methods for dealing with and reporting an event (suspected or occurred). Such processes should

identify what occurrences will trigger response measures, in addition to guidance on how to report the
incident. For example, the rules should address whether the organization would respond to a prospective
attack or if the assault must be successful to trigger response measures.
+ “Lessons Learned”: is a part of an incident response policy which is an essential feature that is
sometimes overlooked. Which such an effort and the uses of meeting and a discussion among all
stakeholders concerned, might be a useful tool in enhancing security measures in the business and the
incident handling process itself.
+ Reporting to outside parties: Timeframes and procedures for reporting to third parties, such as IT
workers, security analysts, data protection or law enforcement agencies, media, impacted external parties,
and software providers, may be included in an incident response policy.


2.2 Discussion on Acceptable Use Policy

Acceptable Use Policy(AUP): An AUP outlines the restrictions and procedures that employees
who use organizational IT assets must accept in order to have access to the business network or the
internet. For new employees, it is a typical onboarding protocol. Before being assigned a network ID, they
must read and sign an AUP. It is suggested that the IT, security, legal, and HR departments of a firm
consider what is included in this policy
General Use and Ownership: This policy applies to any data produced or stored on the
Organization's systems. All data including non-public personal information must be encrypted before
being electronically transmitted. For this policy, all information and data residing on the organization's
systems and networks are considered the organization's property.
Security and Proprietary Information: The official website of the organization should not
include any sensitive information. Information on the organization's systems, including public and private
websites, should be categorized as either public or sensitive, according to the organization's information
sensitivity policies. Passwords must be kept confidential and not shared with anyone else. The security of
their passwords and accounts is the responsibility of authorized users. + Access to sensitive information
through application accounts
+ Authorized users must exercise great caution when opening e-mail attachments, which may include

viruses, e-mail bombs,….

2.3 Discussion on Remote Access Policy
- Remote Access Policy:


+ For remote users connecting to the network, a remote access policy acts as a guide. It expands the
office's network and computer usage regulations, such as the password policy. As long as their devices are
likewise complying with the rules, it aids in ensuring that only those users who require network access are
granted access. When done correctly, it assists in defending the network against potential security risks.
- Important: Although studies have shown that remote work has many advantages for businesses, it is
also true that the development presents significant security issues for IT departments. Some users,
especially less tech-savvy ones, could assume that connecting securely to the internal network from
outside the workplace is not necessary, putting the network at danger of malicious activity.
- General: A remote access policy should specify who can provide users remote access as well as what
activities are permitted when connected remotely. It is advised to delegate user assignments to direct
supervisors. Guidelines for acceptable usage make sure users don't utilize the network for pointless
activities. To guarantee that only approved users are granted access to the network, the IT department
should adopt centralized control of data access.

- Requirements: Secure remote access must be rigorously regulated, and only those personnel approved
by the Information Security Officer should have access. Authorized users must not give their login
credentials to anyone else, and they must not write or keep a record of their login credentials unless the
approves differently, authorized users may only access the network using equipment provided by
organization. Authorized users are responsible for ensuring that any remote host connected to the
organization's internal networks is running antivirus software with the most recent virus definitions.