<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

1

<b> </b>

<b> Assignment name: Security</b>

<b> Student name: Do Vu Hoang Anh </b>

<b> Student ID: BHAF190004 </b>

<b> Tutor: Le Van Thuan </b>

</div><span class="text_page_counter">Trang 2</span><div class="page_container" data-page="2">

10. Zombie and botnet ... 12

III. How to prevent security risks ... 13

IV. Security procedures. ... 15

1. Acceptable Use Policy (AUP) ... 15

2. Access Control Policy (ACP) ... 16

3. Change Management Policy ... 16

4. Information Security Policy ... 16

5. Incident Response (IR) Policy ... 17

6. Remote Access Policy... 17

7. Email/Communication Policy ... 17

8. Disaster Recovery Policy ... 17

9. Business Continuity Plan (BCP)... 17

V. Method to assess and treat IT security risks. ... 18

1. IT security Risk Assessment and Risk Management ... 18

1.1 Definitions and examples ... 18

1.2 IT Security Risk Assessment ... 19

1.3 IT Security Risk Management ... 22

VI. potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs 25..

1. Insider Attacks ... 25

2. Missed Security Patches... 25

3. Configuration Mistakes ... 25

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

VIII. Three benefits of implement network monitoring systems with supporting reasons. ... 32

1. Manage Technical Issues with Ease ... 32

2. Keep Your Data Safe at All Times ... 32

3. Manage Client Network Usage with Confidence ... 32

Reference ... 33

</div><span class="text_page_counter">Trang 4</span><div class="page_container" data-page="4">

4

I. Introduction

In this document we will talk about types of security risks to organisations, describe organizational security procedure, Identify the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs and Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security.

II. Identify types of security risks to organisations

1. Viruses

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

2. Worms

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

</div><span class="text_page_counter">Trang 6</span><div class="page_container" data-page="6">

Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

7

else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. Trojans may allow an attacker to access users' personal information such as banking information, passwords, or personal identity. It can also delete a user's files or infect other devices connected to the network. Ransomware attacks are often carried out using a Trojan.

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

8

5. Spyware

Spyware is a software that aims to gather information about a person or organization, sometimes without their knowledge, and send such information to another entity without the consumer's consent. Furthermore, spyware asserts control over a device without the consumer's knowledge, sending confidential information to another entity with the consumer's consent, through cookies.

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

9

6. Adware

Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. The software may implement advertisements in a variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some other form.

7. Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem and difficult to trace digital currencies such as Ukash or Bitcoin and other –

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

10

difficult.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.

8. Logic bombs

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should he or she ever be terminated from the company.

Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed.

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

9. Back doors

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus computer" —a tiny computer-within-a-computer such as that found in Intel's AMT technology).[1][2] Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks. A backdoor may take the form of a hidden part of a program, a separate program (e.g. Back Orifice may subvert the system through a rootkit), code in the firmware of the hardware, or parts of an operating system such as Windows. Trojan horses can be used to create vulnerabilities in a device. A Trojan horse may appear to be an entirely legitimate program, but when executed, it triggers an activity that may install a backdoor. Although some are secretly installed, other backdoors are deliberate and widely known. These kinds of backdoors have "legitimate" uses such as providing the manufacturer with a way to restore user passwords.

</div><span class="text_page_counter">Trang 12</span><div class="page_container" data-page="12">

10. Zombie and botnet

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks (DOS attacks). Most owners of "zombie" computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

</div><span class="text_page_counter">Trang 13</span><div class="page_container" data-page="13">

13

Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a combination of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

III. How to prevent security risks

1. Install Anti-Virus/Malware Software.

This tip may go without saying, and I almost just casually mentioned it in my opening paragraph. However, I have seen many computers—especially home computers—that don’t have anti-virus/malware protection. This protection is a must-have first step in keeping you computer virus free.

2. Keep Your Anti-Virus Software Up to Date.

Having protection software is the first step; maintaining it is the second. Free anti-virus software is better than nothing, but keep in mind that it’s not the best solution. Microsoft does provide a security package for “free.” It’s free in that if you have Windows on your machine, you are granted access, but you did pay for your Windows license. Many users aren’t aware of this program, but it’s actually decent protection.

</div><span class="text_page_counter">Trang 14</span><div class="page_container" data-page="14">

14

3. Run Regularly Scheduled Scans with Your Anti-Virus Software.

This too may seem like a no-brainer, but many of us forget to do this. Set up your software of choice to run at regular intervals. Once a week is preferred, but do not wait much longer between scans. It’s difficult to work on your computer while your anti-virus software is running. One solution is to run the software at night when you aren’t using your computer. However, we often turn off our computers at night, and so the scan never runs. Set your anti-virus software to run on a specific night, and always leave your computer running on that day. Make sure it doesn’t shut off automatically or go into hibernation mode.

4. Keep Your Operating System Current.

Whether you are running Windows, Mac OS X, Linux, or any other OS, keep it up to date. OS developers are always issuing security patches that fix and plug security leaks. These patches will help to keep your system secure. Similarly, keep your anti-virus software up to date. Viruses and malware are created all the time. Your scanning software is only as good as its database. It too must be as up to date as possible.

5. Secure Your Network.

Many of our computers connect to our files, printers, or the Internet via a Wi-Fi connection. Make sure it requires a password to access it and that the password is strong. Never broadcast an open Wi-Fi connection. Use WPA or WPA2 encryption. WEP is no longer strong enough as it can be bypassed in minutes by experts. It’s also a great idea to not broadcast your SSID (the name of your Wi-Fi network). You can still access it with your device, you will just have to manually type in the SSID and the password. If you frequently have guests who use your Internet, provide a guest SSID that uses a different password, just in case your friends are evil hackers.

6. Think Before You Click.

Avoid websites that provide pirated material. Do not open an email attachment from somebody or a company that you do not know. Do not click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it. A good anti-virus software will do that automatically, but make sure it is being done.

</div><span class="text_page_counter">Trang 15</span><div class="page_container" data-page="15">

15

7. Keep Your Personal Information Safe.

This is likely the most difficult thing to do on the Internet. Many hackers will access your files not by brute force, but through social engineering. They will get enough of your information to gain access to your online accounts and will glean more of your personal data. They will continue from account to account until they have enough of your info that they can access your banking data or just steal your identity altogether. Be cautious on message boards and social media. Lock down all of your privacy settings, and avoid using your real name or identity on discussion boards.

8. Don’t Use Open Wi-Fi.

When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi. Think about it. If you can access it with no issues, what can a trained malicious individual do?

9. Back Up Your Files.

The best thing you can do is back up your files—all of them. Ideally you will have your files (your data) in at least three places: the place where you work on them, on a separate storage device, and off-site. Keep your files on your computer, back them up to an external hard drive, then back them up in a different location. You can use a backup service or simply get two external hard drives and keep one at work, at a friend’s house, at a family member’s house, or in a safe deposit box.

10. Use Multiple Strong Passwords.

Never use the same password, especially on your bank account. Typically, we use the same email address or username for all of our accounts. Those are easy to see and steal. If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack your account. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Keep it easy to remember but difficult to guess. Do not use dates or pet names.

IV. Security procedures. 1. Acceptable Use Policy (AUP)

An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or

</div><span class="text_page_counter">Trang 16</span><div class="page_container" data-page="16">

16

these resources.

An AUP is very similar to the ubiquitous terms and conditions or end-user license agreements (EULA) found on almost all software applications. The main difference is that an AUP covers the use of a much larger shared computing resource, such as an LAN or website, as opposed to a single software item. One consequence of sharing is that an AUP typically goes into detail about etiquette and respect for fellow users of the resource, which is not applicable for single-user software applications.

2. Access Control Policy (ACP)

An access control policy authorizes a group of users to perform a set of actions on a set of resources within WebSphere Commerce. Unless authorized through one or more access control policies, users have no access to any functions of the system. To understand access control policies you need to understand four main concepts: users, actions, resources, and relationships. Users are the people who use the system. Resources are objects in the system that need to be protected. Actions are the activities that users can perform on the resources. Relationships are optional conditions that exist between users and resources.

The policies are what grant users access to your site. Unless they are authorized to perform their responsibilities through one or more access control policies, users have no access to site functions.

3. Change Management Policy

A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers. A good example of an IT change management policy available for fair use is at SANS.

4. Information Security Policy

Information security policy is a set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority.

</div>