<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

<b> </b>

<b>BTEC FPT INTERNATIONAL COLLEGE</b>

<b>INFORMATION TECHNOLOGY</b>

<b>ASSIGNMENT 1</b>

</div><span class="text_page_counter">Trang 2</span><div class="page_container" data-page="2">

<b> ASSIGNMENT 1 FRONT SHEET</b>

<b>QualificationBTEC Level 4 HND Diploma in Business</b>

<b>Unit number and titleUnit 9: Software Development Life Cycle</b>

<b>Submission date ^{Date received (1st}submission)</b>

<b>Re-submission date^{Date received (2nd}submission)</b>

<b>Student name </b> Nguyen Cong Hau <b>Student ID </b> BDAF200013

<b>Class</b> IT16101 <b>Assessor name</b> Nguyen Hoang Anh Vu

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

❒

<b>Summative Feedbacks: </b>

❒

<b>Resubmission Feedbacks:</b>

<b>Grade:Assessor Signature:Date:Internal Verifier’s Comments:</b>

<b>Signature & Date:</b>

</div><span class="text_page_counter">Trang 4</span><div class="page_container" data-page="4">

Besides, I would also like to thank my classmates at BTEC FPT International College for allowing me to exchange knowledge and helping me to understand the issues in this course.

In the end, I also express my gratitude to the authors, brothers, sisters, and friends for providing a wealth of knowledge used as references throughout this exercise.

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

1.2. Identify threats agents to organizations...8

1.3. Some types of threats that the organization will face...10

1.4. Some examples of recent cybersecurity breaches...13

2. Describe at least 3 organisational security procedures. (P2)...16

CHAPTER 2 IT SECURITY SOLUTIONS...20

3. Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3)...20

3.2 How does a firewall provides a security to a network...23

3.3. Show with diagrams the example of how firewall works...24

3.4. Intrusion detection system (IDS)...25

3.5. The potential impact of FIREWALL and IDS incorrect configuration to the network...27

4. Show, using an example for each, how implementing a DMZ, static IP and NAT ina network can improve Network Security (P4)...28

4.1. How implementing a DMZ in a network can improve Network Security...28

4.2. How implementing diagram static IP in a network can improve Network Security...30

</div><span class="text_page_counter">Trang 6</span><div class="page_container" data-page="6">

Conclusion...38Reference...39

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

<b>LIST OF TABLES AND FIGURES</b>

Figure 7: Procedures for human training...19

Figure 8: Encrypt customer information...19

Figure 16: Placed between router and firewall...27

Figure 17: IDS Diagram...27

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

Figure 26:Step 5...33Figure 27:NAT...36

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

<b>INTRODUCTION</b>

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

<b>1.Identify types of security threat to organisations(P1)</b>

<b>1.1. Define threats</b>

A cybersecurity threat is a targeted and malicious attack by an individual or organization to gain unauthorized access to another individual or organization's network todamage, disrupt, or steal IT assets , computer networks, intellectual property or any other form of sensitive data

Network attacks often lie to access, change or destroy sensitive, important information to moi users or interrupt business activities or business organizations and organizations

Figure 1: Threats

<b>1.2. Identify threats agents to organizations</b>

In the ICT security chain Human is the weakest link. This is a very old phrase, but it still applies every day. Systematic management faces human elements every day.

<b>IT security and spam/scams</b>

The most classic loopholes in IT security are still variable. Curiosity about attachments from unknown senders or touch input at the top of the field is not intended for this purpose. These acts cause considerable damage to companies every year

<b>Download and play online not protected</b>

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

continuous improvement of ICT security systems and web filters, experienced IT colleagues still have access to unsafe content. We probably don't need to explain to the system administrators of us about how it works.

<b>Security IT and lost USB bar </b>

Have you ever had a sticky USB found? I am not something that has lost yourself, but a strange stick lying around somewhere? It's correct? Are you curious and have you given it to your computer? If so, you are in a good company. As part of the study, nearly 300 USB has been "accidentally" lost to find out what will happen. Nearly all rods are chosen by searchers, with 45% of cases opening a saved file.

<b>Convenience beats IT security</b>

After installing the latest Windows updates, we have to restart the computer. However, the virus scanner slows down the computer in such and other cases. Easygoing employees prefer to shut down such processes completely. If there is an opportunity for anupdate or a virus scanner to deactivate it, it happens too. This is a huge cost for IT security.

<b>IT security and CEO fraud</b>

In the so-called CEO scam, the criminal conducts himself by phone or e-mail as a director of the company. They ensure that an employee transfers a large amount of moneyto another country. The employee becomes confused by the other party's authority and approves the transaction. This scam can easily cause millions of dollars in damage with dire consequences for those involved.

<b>Sell business data</b>

Everyone who has ever worked in a development department knows how valuable corporate data can be. Selling blueprints, recipes, designs, or other trade secrets to competitors can be very lucrative. A disgruntled coworker, with the criminal impulse and the right to transmit enough data to bring a company into crisis.

<b>Steal customer data if you change jobs</b>

In some industries, it seems standard practice to pass on sensitive customer data to new employers. Everyone knows salespeople who have switched to competitors. Soon

</div><span class="text_page_counter">Trang 12</span><div class="page_container" data-page="12">

classical theft. No less serious if the employee retains a company laptop at the end of his employment contract.

<b>Hide IT security issues</b>

Employees wipe out ICT security incidents in 40% of companies worldwide. This is the result of a survey conducted by Kaspersky in collaboration with B2B International. Employees of 5,000 companies were asked.

These security incidents include phishing or malware attacks. The malware was transferred to the employee's computer. If affected employees remain silent about such an incident, malicious code can spread across the corporate network.

Many attackers like to take advantage of people's trust. Have you ever called a fellow system administrator because you lost your password? Your co-workers may also have it wachtwood also launched. But what if that stranger is the attacker? This example works thousands of times a day.

<b>Carelessness leads to IT security problems</b>

Indifferent employees are poison for any company. They rarely contribute to productivity and are also a potential vulnerability in IT security. We can reflect an “I don't care” attitude in all matters related to safety. This may include, for example:

The loose handling of passwords.Distributing sensitive information.

Authorization issue.

The distribution of files to external parties.

In all of these cases, such employees can always compromise security.

<b>1.3. Some types of threats that the organization will face1. Malware</b>

Malware is malicious software such as spyware, ransomware, viruses, and worms. Malware is activated when a user clicks on a malicious link or attachment, resulting in the installation of dangerous software. Cisco reports that the malware, once activated, can:

</div><span class="text_page_counter">Trang 13</span><div class="page_container" data-page="13">

Install more harmful software

Completely get information by transferring data from hard drive (spyware)Disrupting individual components, rendering the system inoperable

<b>2. Emotet</b>

The Cybersecurity and Infrastructure Agency (CISA) describes Emotet as “an advanced modular banking Trojan that primarily acts as a downloader or dropper of other banking Trojans. Emotet continues to be among the most destructive and high-cost malware.”

<b>3. Denial of service</b>

Denial of Service (DoS) is a type of cyber attack that floods a computer or network so that it cannot respond to requests. Distributed DoS (DDoS) does the same thing, but the attack originates from a network of computers. Cyber attackers often use a flood attackto disrupt the "handshake" and perform a DoS. Several other techniques can be used, andsome cyber attackers use the time the network is disabled to launch other attacks. According to Jeff Melnick of Netwrix, an information technology security software company,a botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a single hacker. Botnets, sometimes referred to as zombie systems, target and overwhelm the target's processing power. Botnets are located in different geographicallocations and are difficult to track.

<b>4. The man in the middle</b>

A man-in-the-middle (MITM) attack occurs when a hacker inserts themselves into a two-party transaction. After disrupting traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, then use malware to install software and use data maliciously.

<b>5. Scams</b>

Phishing attacks use spoofed contact information, such as an email, to trick the recipient into opening it and performing instructions inside, such as providing a credit card

</div><span class="text_page_counter">Trang 14</span><div class="page_container" data-page="14">

install malware on the victim's machine," Cisco reported.

<b>6. SQL Injection</b>

The introduction of structured query language (SQL) is a type of cyber attack that results in the injection of malicious code into a server using SQL. When infected, the server releases the information. Sending malicious code can be as simple as typing it into the search box of a vulnerable website.

<b>7. Password Attack</b>

With the right password, a cyber attacker can gain access to a lot of information. Social engineering is a type of password attack that Data Insider defines as "a strategy that cyber attackers use that relies heavily on human interaction and often involves trickingpeople into violating violate standard security rules”. Other types of password attacks include password database access or outright guessing

<b>8.Insider Threats</b>

Insider threats occur when individuals close to an organization gain access to that organization's network in an unintentional or intentional way to abuse that access negatively affecting data or systems. important system of the organization. Careless employees who do not comply with organization regulations and business policies pose insider threats. For example, they may accidentally send out email customer data, click on phishing links in emails, or share their login information with others. Contractors, business partners, and third-party suppliers are the source of other interior insect threats. Some concertgoers bypass security measures for reasons of convenience or in an unconscious attempt to be more efficient. Malicious actors deliberately evade cybersecurity protocols to delete data, steal data for later sale or exploitation, disrupt operations, or harm

<b>9. Distributed Word of Service (DDoS) Attack Tool</b>

In a distributed word-of-service (DDoS) attack, multiple classified machines attack alimited target such as a server, website, or other network resources, rendering the target completely inoperable. Okay. Inundation of connection requests, incoming messages, or erroneous packets targeting the system has to be slowed down or attempted and shutdown, from service to user or legitimate systems.

</div><span class="text_page_counter">Trang 15</span><div class="page_container" data-page="15">

<b>1.4. Some examples of recent cybersecurity breaches1. Attack targeting corporate Accenture</b>

In a survey of its cybersecurity risks, UpGuard - Startup Research on network data recovery - Accenture re-released at least 4 unsecured AWS S3 storage in 2017.

The company has been targeting detailed unchecked enforcement, data API secrecy, digital certificates, key decryption, user data, and informational meta tags.

UpGuard's active data security discovered 137GB of data available for public access. Attack tools used these data with the goal of smearing and blackmailing users. Some information has been posted on the dark web.

In August 2021, Accenture again became the criminal of an attack via the LockBit ransomware. In this attack, the company has enough "experience" to release when performing math tests in late 2021.

This is an antra range of this public company is part of LockBit ransomware, they stole 6TB worth of data from the attacking company and paid up to 50 million USD.

Figure 2:Accenture

<b>2. Convert is aimed at Verizon</b>

In 2017, Verizon's third group, Nice Systems, exposed user PPIs that caused the AWS S3 configuration to fail. Nice bug attack formula when collecting more client call data.

</div><span class="text_page_counter">Trang 16</span><div class="page_container" data-page="16">

as scope. The information stretching giant becomes a prey for DDoS attacks. They argue that the reason behind vulnerabilities and the proliferation of attack networks is to model working remotely during the pandemic.

In 2021, Verizon released an audit of its cybersecurity strategy, in line with the VERIS framework - a case study for businesses and other users. About 61% of these hacking companies involved unauthorized use of credentials, as phishing scams increasedfrom 25% to 36% in 2019.

Figure 3:Verizon

<b>3. Ransomware Attack at Kaseya</b>

In July 2021, IT solutions provider Kaseya suffered a massive attack targeting their system security and remote monitoring tools. It is a ransomware attack in the supply chain,hitting the main checker for the Kaseya service.

As reported by ZDNet, the attack did enumerate the company's host SaaS and affected the on-premises solution VSA that was shipped to Kaseya in the country of use. Kaseya proactively alerts its customers to limit the risks that an attack can pose. The company develops the Kaseya VSA detection tool, which allows business users to analyzetheir VSA services and manage points to look for signs of vulnerabilities.

Kaseya's case has helped the world learn discount lessons to reduce the risk of these attacks, including:

</div><span class="text_page_counter">Trang 17</span><div class="page_container" data-page="17">

repository, which can be easily detached from network organizations.

- Perform managed manual patching jobs, as soon as available.- Appraisal from customers through damage mitigation works.- Implement multi-factor authentication for business users

- Follows the principle of providing mandatory privileges only on resource network devices

Figure 4: Ransomware attack in Kaseya

<b>4. Tools to attack computers that do not duplicate the Cognyte network</b>

In May 2021, duplicate cybersecurity giant Cognyte made a mistake in a critical case that made it possible for users to access their database without protocol authentication. This vulnerability paved the way for attack networks, exposing 5 percentages of users' profiles. Ironically, these data are the ones that warn customers about third-party data scopes.

Information leakage is logging of user information including name, email address, password and data points about vulnerability in their system.

This information is publicly available and has even been indexed for search engines. In addition, other Cognyte data intelligence is provided by the attackers for free. Cognyte took about 4 days to recover and secure the data.

</div><span class="text_page_counter">Trang 18</span><div class="page_container" data-page="18">

smallest mistakes to carry out unpredictable attacks. Even well-known cybersecurity vendors are not safe from these threats; Attack prevention techniques should take precedence over measures to mitigate attacks.

Figure 5: Cognyte

<b>Proposing solutions for the organization:</b>

To be able to have the most effective overall information security plan, businesses and organizations need to pay attention to the following components:

<b>Building information security policies</b>

This is an important step in reducing risks that many business organizations often overlook. This policy will be drafted including terms, laws, sharing permissions, data access that all employees in the company need to comply with.

<b>Website system security</b>

Website is the main communication channel of businesses with customers and is also the most vulnerable point. Therefore, it is necessary to use security tools and warn of website problems. In addition, for organizations in the e-commerce, finance, banking, and online payment industries, they must perform regular pen-tests to prevent hacker attacks.

<b>Customer relationship system (CRM) security</b>

If your business is using CRM software, invest in its own security. A simple exampleshows that many businesses in Vietnam have only been suspected of having customer information, but their stock prices have dropped by hundreds of billions.

</div><span class="text_page_counter">Trang 19</span><div class="page_container" data-page="19">

Devices connected to the internet are also a gateway for hackers to attack your data. From wifi modems to printers, security cameras can be hacked easily if businesses do not implement high security forms.

Cloud technology is a trend chosen by many people because of the convenience and safety factor. However, they are also not immune to cyber attacks. So make sure you are using services from reputable providers like Microsoft Azure, Amazon AWS.

<b>Security of IT/OT systems & intranets (networks)</b>

Just one device infected with a virus or malicious code, the whole system will be at risk of being affected. Therefore, it is necessary to take measures to prevent the spread of malicious code in the internal network, operating system, and information technology system to limit risks.

<b>Raising awareness of officers - employees</b>

This is one of the most important factors that businesses often forget. Just a small mistake of an employee can cause a business to be attacked, causing a lot of heavy damage. Therefore, it is necessary to raise the awareness of employees in the enterprise about the confidentiality of important information.

<b>2. Describe at least 3 organisational security procedures. (P2)</b>

Security threats are constantly evolving, and compliance requirements are becoming increasingly complex. Organizations must create a comprehensive information security policy to cover both challenges. An information security policy makes it possible tocoordinate and enforce a security program and communicate security measures to third parties and external auditors.

To be effective, an information security policy should: Cover end-to-end security processes across the organizationBe enforceable and practical

Be regularly updated in response to business needs and evolving threatsBe focused on the business goals of your organization

1. Secure your business with a firewall

</div><span class="text_page_counter">Trang 20</span><div class="page_container" data-page="20">

Figure 6:Firewall

Firewalls are one of the basic security measures that any business should use. Firewalls act as a barrier between an internal network and another network (eg the Internet) and control the traffic going in and out between these two networks. When malicious traffic is detected; firewalls will block access so they can't damage your systems.

2. Back up data regularly

Enterprise data can be stolen at any time because hackers are increasingly advanced in cyberattack techniques. Therefore, to avoid all risks, businesses should regularly back up data, especially important data such as customer information, business

</div><span class="text_page_counter">Trang 21</span><div class="page_container" data-page="21">

other devices to avoid loss in the event of a flood, fire, etc.

3. Building a security policy for businesses

Building an internal network security policy is extremely necessary to improve security for businesses. Specifically, businesses should require employees to strictly comply with the following security regulations:

Regulations on storing and sharing company documentsRegulations on the use of network devices

Procedure for reporting and handling network problems

4. Cybersecurity awareness training for employees

The cause of network attacks comes not only from security holes on the system but also from user errors. Common errors can be mentioned such as: confusing the official website with a fake website, downloading files containing malicious code, setting passwords that are too easy to guess... The reason why users make these basic mistakes is because of awareness in the field. Their network security is not good.

Figure 7: Procedures for human training

</div>