<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

<b> ASSIGNMENT 1 FRONT SHEET</b>

<b>Unit number and title</b> Unit 5: Security

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

<b>❒ Summative Feedback: ❒ Resubmission Feedback:</b>

<b>Lecturer Signature:</b>

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

<b>Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized </b>

<b>security breach and discuss its consequences (P1)...2</b>

I. Cyber threat definition...2

II. Identify threats agents to organizations...2

III. List type of threats that organizations will face...3

IV. What are the recent security breaches? List and give examples with dates...6

V. Discuss the consequences of this breach...8

VI. Suggest solutions to organizations...9

<b>Task 2 - Describe at least 3 organisational security procedures (P2)...10</b>

I. Access Control...10

II. Encryption...11

III. Security Awareness Training...11

<b>Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)...12</b>

I. Discuss briefly firewalls and policies, their usage and advantages in a network...12

II. How does a firewall provide security to a network?...14

III. Show with diagrams the example of how firewall works...15

IV. Define IDS, its usage, and show it with diagrams examples...15

V. Write down the potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network...17

<b>Task 4 - Show, using an example for each, how implementing a DMZ, static IP and NAT in a </b>

</div><span class="text_page_counter">Trang 6</span><div class="page_container" data-page="6">

<b>network can improve Network Security (P4)...18</b>

I. Define and discuss with the aid of diagram DMZ. Focus on its usage and security function as advantage...18II. Define and discuss with the aid of diagram static IP. Focus on its usage and security function as advantage...20III. Define and discuss with the aid of diagram NAT. Focus on its usage and security function as advantage...22

<b>References...24</b>

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

Figure 1 Insider threats...5

Figure 2 Virus and worm...6

Figure 3 Botnet attack...6

Figure 4 Phishing attacks...7

Figure 5 DDoS attack...8

Figure 6 Firewall...14

Figure 7 Example of how firewall works...17

Figure 8 Example of IDS with diagram...19

Figure 9 Example of DMZ diagram...21

Figure 10 The diagram illustrates a typical network setup using static IP addresses...23

Figure 11 The diagram illustrating how NAT works...25

<b>Task 1 - Identify types of security threat to organisations. Give an example of a recently publicized security breach and discuss its consequences (P1)</b>

<b>I.Cyber threat definition</b>

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors.

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

Cyber threats also refer to the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property, or any other form of sensitive data. Cyber threats can come fromwithin an organization by trusted users or from remote locations by unknown parties.[CITATION Abi22 \l 1033 ]

<b>II.Identify threats agents to organizations</b>

The agents that can cause risk to the organization are known as threat agents. Before suggesting the required methods for protecting the information from these agents, they should

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

be detected first. If they are detected well, the measures that should be taken against them can be more effective.[CITATION Kho17 \l 1033 ]

Some type of threat agents:

<b>Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the </b>

risk to the infrastructure of the organization’s information system. These threat agents are considered the natural threat agents.

<b>Workforces: Organizations have to engage their workforces to perform their respective </b>

jobs following the policies of the organization. When an employee makes a critical mistake in data entry, releases proprietary data, or deceives the organization, he or she becomes a major threat to the concerned organization.

<b>Malicious Hackers: Information systems if interlinked with other systems or even the </b>

Internet are exposed to thousands of potential hackers through social engineering, modem connections, or physical attacks. They do not care about the interface, be it public or private.

<b>Industrial Spies: Industrial espionage is a dangerous threat to most organizations. It can </b>

result in loss of profits, competitive advantage, or even the business itself.

<b>Foreign Government Spies: Foreign spies can be involved in espionage with a view to </b>

enhancing the capabilities of their own government, reducing the native government’s abilities. Their activities can even include foreign-sponsored industrial espionage

<b>III.List type of threats that organizations will face1. Insider threats</b>

An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems.

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

Careless employees who don't comply with their organizations' business rules and policies cause insider threats. For example, they may inadvertently email customer data to external parties, click on phishing links in emails or share their login information with others. Contractors, business partners and third-party vendors are the source of other insider threats.

Some insiders intentionally bypass security measures out of convenience or ill-considered attempts to become more productive. Malicious insiders intentionally elude cybersecurity

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

protocols to delete data, steal data to sell or exploit later, disrupt operations or otherwise harm the business.

Figure 1 Insider threats

<b>2. Viruses and worms</b>

Viruses and worms are malicious software programs (malware) aimed at destroying an organization's systems, data and network. A computer virus is a malicious code that replicates by copying itself to another program, system or host file. It remains dormant untilsomeone knowingly or inadvertently activates it, spreading the infection without the knowledge or permission of a user or system administration.

A computer worm is a self-replicating program that doesn't have to copy itself to a host program or require human interaction to spread. Its main function is to infect other

</div><span class="text_page_counter">Trang 12</span><div class="page_container" data-page="12">

computers while remaining active on the infected system. Worms often spread using parts of an operating system that are automatic and invisible to the user. Once a worm enters a system, it immediately starts replicating itself, infecting computers and networks that aren't adequately protected.

</div><span class="text_page_counter">Trang 13</span><div class="page_container" data-page="13">

Figure 2 Virus and worm

<b>3. Botnets</b>

A botnet is a collection of Internet-connected devices, including PCs, mobile devices, servers and IoT devices that are infected and remotely controlled by a common type of malware. Typically, the botnet malware searches for vulnerable devices across the internet. The goal of the threat actor creating a botnet is to infect as many connected devices as possible, using the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices. The threat actors -- often cybercriminals -- that control these botnets use them to send email spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-service attacks

</div><span class="text_page_counter">Trang 14</span><div class="page_container" data-page="14">

Figure 3 Botnet attack

<b>4. Phishing attacks</b>

</div><span class="text_page_counter">Trang 15</span><div class="page_container" data-page="15">

Phishing attacks are a type of information security threat that employs social engineering totrick users into breaking normal security practices and giving up confidential information, including names, addresses, login credentials, Social Security numbers, credit card information and other financial information. In most cases, hackers send out fake emails that look as if they're coming from legitimate sources, such as financial institutions, eBay, PayPal -- and even friends and colleagues.

In phishing attacks, hackers attempt to get users to take some recommended action, such as clicking on links in emails that take them to fraudulent websites that ask for personal information or install malware on their devices. Opening attachments in emails can also install malware on users' devices that are designed to harvest sensitive information, send out emails to their contacts or provide remote access to their devices.

Figure 4 Phishing attacks

<b>5. Distributed denial-of-service (DDoS) attacks</b>

</div><span class="text_page_counter">Trang 16</span><div class="page_container" data-page="16">

In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable. The flood of connection requests, incoming messages or malformed packets forces the target system to slow down or to crash and shut down, denying service to legitimate users or systems.

</div><span class="text_page_counter">Trang 17</span><div class="page_container" data-page="17">

Figure 5 DDoS attack

<b>IV.What are the recent security breaches? List and give examples with dates1. What is security breach?</b>

A security breach is any unauthorized access to a device, network, program, or data. Security breaches happen when network or device security protocols are penetrated or otherwise circumvented. Hacking attacks and data leaks are examples of security breaches[ CITATION Oli22 \l 1033 ]

<b>2. List some recent security breaches and their dates</b>

</div><span class="text_page_counter">Trang 18</span><div class="page_container" data-page="18">

<b>T-Mobile Breach (August 2021): T-Mobile reported a data breach that affected over </b>

40 million current and former customers. The attackers were able to access sensitive data, including names, dates of birth, Social Security numbers, and driver's license information. T-Mobile has stated that no financial information or passwords were compromised.

<b>Kaseya Breach (July 2021): Hackers exploited a vulnerability in the Kaseya VSA </b>

software, a remote monitoring and management tool used by managed service providers(MSPs), to launch a ransomware attack that affected hundreds of organizations worldwide. The attack encrypted the data of the affected organizations and demanded a ransom in exchange for the decryption key.

</div><span class="text_page_counter">Trang 19</span><div class="page_container" data-page="19">

<b>Colonial Pipeline Ransomware Attack (May 2021): Hackers used a ransomware </b>

attack to disrupt the operations of the Colonial Pipeline, a major US fuel pipeline operator. The attack caused widespread fuel shortages and panic buying in several states. Colonial Pipeline paid a ransom of $4.4 million in Bitcoin to the attackers to regain control of its systems.

<b>Microsoft Exchange Server Vulnerability (March 2021): Hackers exploited a </b>

vulnerability in the Microsoft Exchange Server software to gain access to email accounts and steal sensitive data from several organizations. The attack affected tens of thousands of organizations worldwide, including government agencies, healthcare providers, and financial institutions.

<b>V.Discuss the consequences of this breach</b>

Some consequences of data breach:

<b>T-Mobile Breach: The consequences of this breach could include identity theft, financial </b>

loss, and reputational damage to T-Mobile. The sensitive data stolen by the attackers couldbe used for a variety of malicious purposes, such as opening fraudulent accounts or accessing personal information. T-Mobile has offered free identity theft protection servicesto affected customers and has stated that it is investigating the breach.

<b>Kaseya Breach: The consequences of this breach included financial loss and reputational </b>

damage to the affected MSPs and their customers. The ransomware attack encrypted the data of the affected organizations, which could result in significant business disruption andfinancial losses. The attackers demanded a ransom in exchange for the decryption key, which some organizations may have paid to regain access to their systems.

<b>Colonial Pipeline Ransomware Attack: The consequences of this breach included </b>

significant disruption to fuel supplies in several states and potential financial losses for

</div><span class="text_page_counter">Trang 20</span><div class="page_container" data-page="20">

Colonial Pipeline. The company paid a ransom to the attackers to regain control of its systems, which has raised concerns about the ethics of paying ransoms to cybercriminals. The attack also highlighted the vulnerability of critical infrastructure to cyber-attacks.

<b>Microsoft Exchange Server Vulnerability: The consequences of this breach included </b>

potential data theft and reputational damage to the affected organizations. The attackers were able to access sensitive email data, which could include confidential business information or personal data. The attack also highlighted the importance of keeping software and systems up to date to prevent vulnerabilities that can be exploited by attackers.

</div><span class="text_page_counter">Trang 21</span><div class="page_container" data-page="21">

<b>VI.Suggest solutions to organizations</b>

Some suggest solutions for organizations to prevent data breach:

<b>Multi Factor Authentication: Multi Factor authentication (MFA) protects your account, </b>

even if your password is compromised. It combines something you know (your password) with something you have (your phone). When you log into your account, it will send your phone a code. If a cyber-criminal cracks your password but doesn't have your phone, then they can't access your account. The best part of MFA is that it's already built into most of your accounts like Microsoft Office 365, Facebook or LinkedIn. You just need to enable it.If there's one thing that you take away from this blog, make sure that you enable MFA for your personal banking account. You're only one shaky password away from a cyber-criminal draining your life savings

<b>User Security Training: Humans are your weakest link in your defense against cyber </b>

security attacks. They love to open up attachments and links in email, which is one of the easiest ways for a cyber-criminal to harvest their credentials. The best way to mitigate this risk is to implement a cyber security training plan for your entire organization. A strong plan should include hands on learning on what not to click, followed by simulated phishing attempts that look just like current attacks from cyber criminals. This learning \ testing process should repeat on a consistent basis, which will continually help to strengthen your human firewall.

<b>Web & Email Filtering: Humans can't catch every attack, so you should add a threat </b>

intelligence filtering service to assist. This service scans email attachments and website hyperlinks, then safely detonates them in the cloud before they reach your users. If the attachment or hyperlink is deemed malicious, it's disabled before your users have a chanceto open it. You can also configure a filtering service to block certain websites by category, and increase productivity by limiting access to social media services.

<b>Threat Detection: We all have a lock on our front door. That lock is the equivalent of </b>

your organization's firewall and antivirus, which is in place to stop the cyber criminals

</div><span class="text_page_counter">Trang 22</span><div class="page_container" data-page="22">

from breaking in. Unfortunately, this lock will get kicked in when a cyber-criminal wants access. A threat detection solution is the equivalent of your organization's alarm system. The solution constantly scans your network and PCs for threats, and sends any questionable discoveries to a threat intelligence service for evaluation. This service is powered by a team of security professionals and artificial intelligence, who take action if its determined to be a threat.

</div><span class="text_page_counter">Trang 23</span><div class="page_container" data-page="23">

<b>Task 2 - Describe at least 3 organisational security procedures (P2)</b>

In today's digital age, information security has become a crucial aspect for businesses of all sizes. Withthe increasing frequency and severity of cyber threats, it is essential for organizations to implement robust security procedures to protect their sensitive information and assets from theft, damage, or unauthorized access. I will discuss three security procedures that organizations can use to improve their security posture and safeguard their data and resources.

<b>I.Access Control</b>

Access control is a security procedure that regulates who can access specific resources or areas within an organization. Access control can be implemented at various levels, including physicalaccess control, logical access control, and administrative access control. Physical access control involves controlling physical access to areas such as offices, data centers, or warehouses. Physical access control measures may include using security badges, biometric identification systems such as fingerprint or facial recognition, or security guards to limit access to authorized personnel only. Logical access control involves controlling access to digital resources such as networks, computer systems, and software applications. Logical access control measures may include requiring users to provide a login ID and password, using multi-factor authentication methods such as security tokens, smart cards or biometric authentication, or implementing role-based access control (RBAC) to limit users' access to specific areas of a system based on their job responsibilities. Administrative access control involves controlling access to administrative functions such as user account management, system configuration, and software installation. Administrative access control measures may include requiring multi-factor authentication for administrative accounts, limiting the number of users with administrative privileges, and implementing strict password policies for administrative accounts. By implementing access control as a security procedure, organizationscan limit access to sensitive information and materials to only authorized personnel, thereby minimizing the risk of unauthorized access, data breaches, and other security incidents.

</div><span class="text_page_counter">Trang 24</span><div class="page_container" data-page="24">

Encryption is a security procedure that involves encoding data to prevent unauthorized access or theft. Encryption can be implemented in various ways, such as using encryption software to encrypt files or emails, using a virtual private network (VPN) to encrypt network traffic, or using secure messaging apps that encrypt messages end-to-end. Encryption works by using a mathematical algorithm to transform plain text into ciphertext, which can only be deciphered with a key or password. By encrypting sensitive data, organizations can ensure that even if it is stolen or intercepted, it will be unreadable and unusable to unauthorized individuals.

</div><span class="text_page_counter">Trang 25</span><div class="page_container" data-page="25">

Encryption is particularly important for data that is stored or transmitted over the internet, as it can be intercepted by hackers or cybercriminals who may use it for malicious purposes.

<b>III.Security Awareness Training</b>

Security awareness training is a security procedure that involves educating employees and other stakeholders about security threats, best practices, and procedures to follow in the event of a security incident. Security awareness training may include training on topics such as password management, phishing attacks, and social engineering scams, as well as policies and procedures related to data protection, access control, and incident reporting. Security awarenesstraining can be delivered in various ways, such as classroom training, online courses, or simulated phishing attacks. By educating employees and other stakeholders about security threats and best practices, organizations can empower them to be more vigilant and proactive inidentifying and reporting potential security incidents. Security awareness training can also helporganizations develop a security culture that prioritizes security as a key aspect of their operations.

In conclusion, access control, encryption, and security awareness training are three security procedures that organizations can use to improve their security posture and safeguard their data and resources. By implementing these procedures, organizations can limit access to sensitive information, protect data from theft or unauthorized access, and educate employees and stakeholders about security threats and best practices. These procedures should be implemented aspart of a broader security strategy that includes regular risk assessments, security audits, and incident response planning, to ensure that organizations are well-prepared to address potential security incidents and minimize

<b>Task 3 - Identify the potential impact to IT security of incorrect configuration of firewall policies </b>

</div><span class="text_page_counter">Trang 26</span><div class="page_container" data-page="26">

<b>yppygpand IDS (P3)</b>

<b>I.Discuss briefly firewalls and policies, their usage and advantages in a network1. What is firewall?</b>

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a private network and the public internet, preventing unauthorized access to or from the private network while allowing authorized traffic to pass through. Firewalls can be either software

</div><span class="text_page_counter">Trang 27</span><div class="page_container" data-page="27">

or hardware-based, and can be configured to block or allow traffic based on criteria such as IP addresses, ports, protocols, and specific keywords or phrases. Firewalls are a

fundamental component of network security and are used by organizations of all sizes to protect their networks from external threats.

Figure 6 Firewall

<b>2. Firewall policies</b>

Firewall policies are a set of rules and criteria that determine what traffic is allowed to pass through a firewall and what is blocked. These policies are typically configured based on various factors such as the source and destination IP addresses, port numbers, protocols, and specific keywords or patterns in the data payload. The purpose of firewall policies is to protect a network from unauthorized access and potential security threats by filtering traffic

</div>