<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

<b>BTEC FPT INTERNATIONAL COLLEGE </b>

<b>INFORMATION TECHNOLOGY ASSIGNMENT 1 </b>

</div><span class="text_page_counter">Trang 2</span><div class="page_container" data-page="2">

<b>ASSIGNMENT 1 FRONT SHEET </b>

<b>Grading grid </b>

<b>Unit number and title Unit2: Security </b>

<b>(2nd submission) </b>

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

<b>❒❒❒❒❒ Summative Feedbacks: </b>❒<b>❒Resubmission Feedbacks: </b>

Internal Verifier’s Comments:

<b>Signature & Date: </b>

</div><span class="text_page_counter">Trang 4</span><div class="page_container" data-page="4">

Performed Student: LE VAN HANH

First of all, allow me to thank my family for giving me so much encouragement, love and timely help. They were clearly the most important motivators for me to complete this report.

Secondly, I also appreciate Mr. Xuan Ly NGUYEN THI because his lectures and instructions are a rich source of knowledge for me to refer to.

Third, a big thank you to all my BTEC friends for the memorable times we had. Last but not least, I express my deep gratitude to all the authors who have generously provided excellent wisdom to be used as a reference throughout this document.

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

Performed Student: LE VAN HANH

I certify that this assignment is my own work, based on my own research and my own acknowledges all materials and sources used in the preparation, whether it is books, articles, lecture notes and any other type of material, electronic or personal communication. I also certify that this assignment has not previously been submitted for review in any other unit, unless specifically authorized by all relevant unit coordinators, or at any other time. in this unit and I have not copied in whole or in part plagiarism or otherwise plagiarism of the work of others.

</div><span class="text_page_counter">Trang 6</span><div class="page_container" data-page="6">

Performed Student: LE VAN HANH

<b>TABLE OF CONTENT </b>

<b>BTEC FPT INTERNATIONAL COLLEGE ... 2 </b>

<b>ASSIGNMENT 1 FRONT SHEET ... 3 </b>

<b>ACKNOWLEDGMENTS ... 5 </b>

<b>ASSURANCE ... 6 </b>

<b>Chapter: I ASSESS RISK TO IT SECURITY. ... 14 </b>

I. Identify types of security threat to organisations (P1). ... 14

1. Define threats. ... 14

2. Identify threats agents to organizations. ... 14

3. List type of threats that organizations will face. ... 15

4. Give an example of a recently publicized security breach and discuss its consequences. ... 16

5. What are the recent 2018/2019/2020 security breach? List and give examples with dates. ... 16

6. Discuss the consequences of this breach? ... 17

7. Suggest solutions to organizations. ... 18

II. Describe at least 3 organizational security procedures (P2). ... 19

<b>Chapter: II Describe IT security solutions ... 23 </b>

I. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P2). ... 23

1. Discuss briefly firewall and policies, its usage and advantages in a network. ... 23

2. How does a firewalls provide a security to a network? ... 25

3. Define IDS, its usage, show with diagrams examples. ... 26

4. Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the network. ... 29

II. Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4). ... 30

1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage. ... 30

2. Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage. ... 32

3. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage. ... 34

III. Propose a method to assess and treat IT security risks (M1). ... 35

1. Discuss methods required to assess it security threat? E.g. Monitoring tools. .. 35

2. What are the current weakness or threat of the organization? ... 38

3. What tools will you propose to treat the IT security risk? ... 39

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

Performed Student: LE VAN HANH

IV. Discuss three benefits to implement network monitoring systems with

supporting reasons (M2). ... 39

1. List some of the networking monitoring devices and discuss each. ... 39

2. Why do you need to monitor network? ... 40

3. What are the benefits of monitoring a network? ... 40

<b>CONCLUSION ... 42 </b>

<b>REFERENCES ... 43 </b>

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

9

<b>LIST OF FIGURES </b>

Figure 1 Infrastructure of Happy company ... 11

Figure 2: Photo threat security. ... 14

Figure 3: Photo proceduce of security. ... 19

Figure 4 Definition of firewall. ... 23

Figure 5 Photo diagram of firewalls ... 26

Figure 6 Photo IDS. ... 28

Figure 7 Photo IDS. ... 28

Figure 8 Photo of DMZ. ... 30

Figure 9 Photo statics IP for server ... 32

Figure 10 Definition of NAT in security. ... 34

Figure 11 Tool Nessus vulnerability scanner. ... 36

Figure 12 Tool Qualys vulnerability management. ... 37

Figure 13 Tool metaspiloit framework. ... 38

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

10

<b>LIST OF THE ACRONYM </b>

Entity relationship Diagram DMZ Demilitarized Zone IP

NAT

Internet Protocol Network address translation

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

11

<b>INTRODUCTION </b>

In the current 4.0 technology era, information technology develops as fast as the wind, exploiting and ensuring information security is increasingly prioritized and concerned, posing a great concern for data security. is quite important of joint enterprises. So how and how to ensure good security is not known to everyone, but today McAfee is a company specializing in providing information security solutions for businesses and organizations. In Vietnam. Our project today has the participation of a company specializing in providing food from rural to urban areas, which is Happy Company.

Before going into the analysis, I would like to discuss a few things about Happy Company. The company is a four-story building located in the countryside far from the city with the following distribution system:

The 1st, 2nd and 3rd floors are for employees, engineers, marketing, accounting,

<small>Figure 1 Infrastructure of Happy company</small>

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

12

materials, human resources and the 4th floor is for directors and staff, divided into 30 departments. There are 28 departments for employees including departments such as engineering, accounting and sales, each with 10-12 computer desks, 1 printer and 1 surveillance camera. Each floor has 10 identical rooms. A VLAN system is created for each branch. The remaining rooms are allocated for private purposes such as storage rooms, document rooms, meeting rooms, event rooms and reception halls. The wireless system provides wireless connection for 300 devices at the same time, the access point is installed on the floor between the 1st and 2nd floors in the center of the reception hall. The 3rd floor is installed with a separate VLAN. Finally, the fourth floor belongs to the company's executive board, which includes the chief executive officer, CEO, CFO, CTO, and their secretary. Because this floor is full of people with important company information, when accessing wifi, it is necessary to have high security and reduce IP for it to increase security.

At the floor, there are 3 building guards on duty from 6:30 to 23:00, the building is covered with a surveillance camera system in key areas, many people pass by. The control system is located in the security room.

The same requirements are required by Happy Company to use services such as FTP, DNS and Web. Some additional services are added like VPN, remote access, VoIP.

As an employee of the IT Security Specialist of Vietnam's leading security consulting group McAfee Information Security Le Van Hanh, authorized and authorized by Mr. Kha Tran, I would like to introduce briefly below summarizes the tools and techniques involved in identifying and assessing IT security risks, along with the organization's policies for data protection. equipment and business-critical data, and simulate and provide basic recommendations for the security of your Happy Company.

</div><span class="text_page_counter">Trang 32</span><div class="page_container" data-page="32">

33

<b> When usage it? </b>

- Static IP addresses are often used in situations where you need consistent and reliable access to a device or service, such as a website hosting service or email server. They are also useful in situations where network administrators want to maintain control over which devices are allowed to access the network. The following static IP addresses can be configured for use in the following scenarios: - First, static IP addresses are often used for hosting services, such as web servers, email servers, or FTP

servers, because the service needs to be accessed consistently on the same IP address.

- Static IP addresses can be used in network monitoring because they make it easy to identify specific devices and track their activity over time. Then it can be more secure to have fewer dynamic IP addresses as they are less susceptible to attacks like IP spoofing.

- Static IP addresses can be useful for remote network access because they allow access to devices from anywhere with an internet connection.

- Limited availability: Static IP addresses can be more difficult and expensive to obtain than dynamic IP addresses, as they are typically reserved for business and enterprise use.

- Configuration and maintenance: Setting up and maintaining a static IP address can be more complicated and time consuming than a dynamic IP address, as each device needs to be manually configured with its own IP address.

<b> Disadvantages and Advantages of statics IP. o Advantages of statics IP. </b>

- Let's talk about reliability first: it is many times more reliable with DHCP configurable ip because it cannot be changed, making it easier to access devices or services that require a consistent IP address. - About security: set up advanced security measures such as firewalls, access control lists and intrusion

detection systems to restrict access to the network.

- Easier remote access: remote devices or services are easier because you can access them with the same IP address all the time.

- Improve network performance: Static IP addresses can improve network performance as they eliminate the overhead associated with dynamic IP address assignment.

<b>o Disadvantages of statics IP. </b>

- With many advantages in terms of security, it also has the following disadvantages:

- The first is time consuming: because when we configure with a small number of machines and servers, it will feel normal, but if the number is large, it is very time consuming and it leads to complications when re-linking and transferring data. whether together.

</div><span class="text_page_counter">Trang 33</span><div class="page_container" data-page="33">

34

- Difficult to configure as the first drawback because of the large number it cannot remember or do anything.

- Next comes the static IP address which is not flexible and cannot be changed easily.

- Higher cost: Since a large number of static IP addresses are needed, it can be more expensive than using dynamic IP addresses, which are often included in basic network packages.

<b>3. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage. </b>

<b> When usage it? </b>

- In a NAT environment, a router or firewall device sits between a private network and the public internet. When a device on a private network sends a request to the internet, the router/firewall replaces the private IP address with its own public IP address. Hence NAT is used to preserve public IP

<small>Figure 10 Definition of NAT in security.</small>

</div><span class="text_page_counter">Trang 34</span><div class="page_container" data-page="34">

35

addresses, as it allows multiple devices to share one IP address. It is also used to add an extra layer of security to the network, as it can prevent unauthorized access to devices on a private network by masking their IP addresses.

<b> Advantages and Disadvantages of it. o Advantages of NAT. </b>

- NAT is that it allows multiple devices on a private network to share or hide multiple addresses into one public IP address. This saves the limited supply of public IP addresses needed for devices to connect to the internet.

- It also provides the benefit of increased security for devices, and NAT addresses can add an extra layer of security to the network by hiding the IP addresses of devices on a private network.

- NAT can simplify network management by allowing multiple devices on a private network to share a single public IP address resulting in reduced complexity of routing and addressing, which can help manage network and make troubleshooting easier.

- NAT allows devices on a private network to connect to the internet, which is essential for accessing online resources and services.

<b>o Disadvantages of NAT. </b>

- May cause network performance problems reducing network throughput.

- NAT can limit the ability of devices on a private network to receive inbound connections from the internet.

- NAT requires additional configuration on the router or firewall device, which can further complicate network setup and increase the risk of misconfiguration.

<b>III. Propose a method to assess and treat IT security risks (M1). </b>

<b>1. Discuss methods required to assess it security threat? E.g. Monitoring tools. </b>

<b> Here are some methods that can be used to assess security threats: </b>

- The first method we can use is vulnerability scanning, which uses automated tools to scan the network and identify vulnerabilities in software, hardware or configuration that an attacker can exploit. Some software scan for vulnerabilities such as: Nessus, Qualys Vulnerability Management and OpenVAS. These tools are used to scan entire networks or specific systems and can be scheduled to run regularly to keep the network up to date.

- The second method of penetration testing: When we do penetration testing it can simulate an attack

</div><span class="text_page_counter">Trang 35</span><div class="page_container" data-page="35">

36

on the network to identify vulnerabilities and test the effectiveness of security controls.

- The next method is to review log files and system events to identify suspicious or unusual activity that could indicate a security threat.

- Next comes network traffic analysis: When analyzing network traffic to identify anomalies or patterns that could indicate a security threat, such as a denial of service attack or an access attempt. illegal. - Next comes malware analysis to determine the behavior, capabilities, and potential impact of malware

on the network.

- Threat intelligence monitoring: When we monitor external threat information sources such as security blogs, news feeds and government alerts.

<b> To perform security measures, we can use a number of monitoring tools as follows: </b>

- Nessus vulnerability scanner.

o Nessus comes in two versions: Nessus Professional and Nessus Essentials. Nessus Professional is a commercial product that offers more features and support, while Nessus Essentials is a free, limited version of the tool.

o The Nessus Vulnerability Tool can be integrated with other security tools, such as SIEM systems and ticketing systems, to automate the vulnerability management process.

o Nessus vulnerability scanning tool provides many options for scanning or scanning such as: server discovery scan, vulnerability scan and authentication scan. Scans are more thoroughly authenticated because they allow Nessus to scan the system from within, using administrative credentials. Nessus can be used to scan cloud-based assets such as Amazon Web Services (AWS) and Microsoft Azure. o Tool Nessus has a user-friendly web interface that allows users to configure and run scans. The

interface also provides a dashboard that shows an overview of the organization's security health and

<small>Figure 11 Tool Nessus vulnerability scanner.</small>

</div>