Điểm của bài asm còn tùy thuộc vào người chấm. Chỉ cần paraphase bài này là có thể pass. 1 trong nhưng tool paraphase mình recommend là quillbot.The submission is in the form of 1 document.● You must use the Times font with 12pt size, turn on page numbering; set line spacing to 1.3 andmargins to be as follows: left = 1.25cm, right = 1cm, top = 1cm, bottom = 1cm. Citation andreferences must follow the Harvard referencing style. ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 2: Networking Infrastructure Submission date Date Received 1st submission Resubmission Date Date Received 2nd submission Student Name Student ID Class Assessor name Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D1 ❒ Summative Feedback: Grade: Lecturer Signature: ❒ Resubmission Feedback: Assessor Signature: Date: Table of Contents I Network Network definiton Ξ First of all, network also known as computer networking, which can be understand as a group of computers utilizing a principles of general communication protocols over digital connections for the intention of sharing resources located upon or accommodated by network nodes
IDENTIFY TYPES OF SECURITY THREATS TO ORGANIZATIONS GIVE AN EXAMPLE OF A
Define threats: Software assaults, loss of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion are all examples of information security threats
sabotage, and information extortion are all examples of information security threats
A threat is defined as any potential hacker attack that exploits vulnerabilities to gain unauthorized access to a computer system, leading to harmful alterations, deletions, or damage to important data or objects.
Identify threats agents to organizations
Nation states often target companies in critical industries like telecommunications, oil and gas, mining, and power generation to disrupt their operations or gain strategic advantages during crises.
Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses perpetrated by vandals and the general public):
Many companies believe they are not at risk of being targeted by hackers; however, the sheer volume of random cyberattacks that occur daily means that any organization can fall victim to these threats.
The WannaCry ransomware attack is a notorious example of a non-targeted cyber assault, affecting more than 200,000 computers across 150 countries This widespread attack notably led to the shutdown of the National Health Service (NHS) in the United Kingdom, highlighting the significant impact of ransomware on critical infrastructure.
Figure 1:Security Threats down for many days Of course, there's the bored teenager in a loft someplace who's just looking for a weak link on the internet
Morrisons faced penalties due to inadequate technological and organizational measures that failed to prevent a former employee from committing a crime, although the company is currently appealing the fine.
Businesses often seek specialized assistance by hiring contractors or external organizations that need access to their systems or data However, these third parties can pose security risks, as their equipment may not meet the same security standards as the company's own data protection measures.
The threat from various agents, including political parties, media, enthusiasts, activists, vandals, the general public, extremists, and religious followers, mirrors the dangers posed by nation-states The level of harm they can inflict largely depends on your activities, as some terrorists specifically target certain sectors or nations, leading to a persistent fear of random attacks.
The Wikileaks dumps of diplomatic cables and other documents linked to the combat in Iraq and Afghanistan in 2010 are perhaps the most prominent example of this
Organised crime (local, national, transnational, specialist)
Criminals are increasingly targeting personal information for purposes such as credit card fraud, identity theft, and bank account fraud, leading to a rise in these crimes Their tactics range from phishing attempts to 'Watering Hole' websites, all aimed at harvesting and exploiting your data for malicious intent.
The 2018 Fraudscape report by the Credit Industry Fraud Avoidance Society (Cifas) revealed that identity fraud cases rose to approximately 175,000 in 2017, marking a 1% increase from 2016 However, this figure represents a staggering 125% rise compared to a decade ago, with 95% of these cases involving the impersonation of unsuspecting victims.
Natural disasters (fire, flood, earthquake, volcano)
Although not a cyber assault, these occurrences can have a similar impact on your capacity to do business
In the event of being unable to access your offices, data centers, or cloud-based information, you are facing a significant data disaster that requires urgent attention While the risk of earthquakes in the United Kingdom is relatively low, the annual occurrence of flooding in various towns and cities highlights the importance of being prepared for potential data loss.
While concerns about competitors misappropriating intellectual property are valid, collaboration with diverse partners is becoming essential to bridge skills and resource gaps However, it's crucial to recognize that these partner firms, driven by various motivations, may inadvertently or intentionally compromise your intellectual property or personal data.
The 2013 cyberattack on Target exemplifies how breaches can originate from partner organizations, as hackers exploited a vulnerability within Fazio Mechanical, an HVAC contractor By sending a phishing email to a Fazio employee, the attackers gained access to Target's point-of-sale systems, compromising up to 40 million credit and debit card accounts of customers during the holiday season In response to this significant security breach, Target has incurred over $200 million in expenses.
List the type of threats that organizations will face
There are three main sources of threats: a) Human errors and mistakes
User destructing systems, applications, and data
Disgruntled employee waging war on the company or causing a sabotage
Employee extortion or blackmail b) Malicious human activity
Cybercriminals employing Advanced Persistent Threats (APTs) focus on long-term infiltration of business networks They discreetly penetrate systems, meticulously searching for access and exit points to maintain their stealth and avoid detection.
They snoop about, install specialized harmful programs, and acquire essential data and sensitive information once inside an organization (RSI, 2021)
Here are commonly five progressions that an Advanced Persistent Threat undergoes to strengthen its damage:
Infiltration of Access: Phishing, trojan horses, and malware are used by APT attackers to gain access to the system
Grip Strengthening: The ability of an Advanced Persistent Threat to gain a foothold inside a company is its strength
APT attackers initiate their invasion by gaining administrator access and exploiting weak passwords, allowing them unrestricted movement within the system This lateral movement transforms the enterprise into a playground for hackers, enabling them to navigate and compromise various network segments with ease.
Deep Machinations: The APT attackers have total control of the company during this phase, deleting all evidence of their intrusion and building a solid backdoor for future use
Cybercriminals leverage advanced technologies, including malware and intrusion tactics, to breach organizational cybersecurity Their ruthless approach often involves stealthy methods, enabling them to gain access and wreak havoc within the targeted systems (RSI, 2021).
Distributed Denial of Service (DDoS)
When fraudsters use Distributed Denial of Service, or DDOS, their primary purpose is to disrupt a website
A Distributed Denial of Service (DDoS) attack overwhelms a target network with excessive fake requests, causing system failures and rendering the website inaccessible to legitimate users This disruption can lead to substantial production losses due to the interruptions caused by the attack.
A Distributed Denial-of-Service (DDoS) attack is challenging to defend against due to its multiple sources of incoming traffic, much like a restaurant overwhelmed by a noisy crowd at its entrance.
Ransomware, a sophisticated virus derived from cryptovirology, allows hackers to infiltrate networks and encrypt essential business data or sensitive client information Once they gain access, they demand a ransom, threatening to compromise the data if the payment is not made.
Over time, ransomware has evolved into a popular way of extorting money from businesses
The important information found within an infiltrated network is weaponized by digital attackers To lure employees into the firm, standard ways include presenting an innocent attachment or link
Phishing is a prevalent method used by hackers to gain unauthorized access to systems, often serving as a gateway to more sophisticated security threats like ransomware and Distributed Denial of Service (DDoS) attacks.
Phishing relies on deception, with attackers sending email blasts that appear to originate from trusted sources When users unknowingly click on malicious attachments or URLs, they risk infecting their machines and compromising their networks.
Hackers often impersonate senior employees or client organizations, typically presenting themselves as part of a business transaction or bank request that the targeted employee expects The effectiveness of phishing attacks largely depends on their sophistication and the ability to convincingly engage targets in realistic communication.
Worms are malware that multiplies itself, especially once it has made contact with a computer network They seek out weaknesses in a network to expand and extend their presence and effect
A botnet, derived from the terms "robot" and "network," refers to a group of private computers infected with malware, allowing cybercriminals to access them remotely without the owner's awareness.
Botnets serve as powerful tools for hackers, enabling them to execute spam transmission, launch DDoS attacks, and steal data with precision These malicious networks require a sophisticated understanding of the target systems, allowing cybercriminals to disrupt complex infrastructures effectively.
Botnet architecture has advanced notably in evading detection, allowing cybercriminals to impersonate clients and connect to existing servers This enables remote control of botnets through peer-to-peer networks, enhancing their operational effectiveness.
Cryptocurrency is currently trending, with mining being a key method for generating it organically However, cybercriminals are employing phishing tactics to compromise and control additional machines, which are then exploited for mining cryptocurrencies.
Because targets are unaware that their resources are being used to mine cryptocurrency, cryptojacking can cause slower computers c) Natural Events And Disasters
Natural disasters such as fires, floods, hurricanes, earthquakes, tsunamis, and avalanches pose significant threats, leading to substantial losses These losses not only stem from the immediate impact of the disaster but also from the recovery efforts and actions taken to mitigate the initial damage.
What are the recent security breaches? List and give examples with dates
A security breach is defined as an unauthorized access attempt by an attacker to an organization's computer systems, which can lead to the theft of sensitive data, corruption of information, or damage to the organization's reputation (Cassetto, 2019) Recent examples of security breaches include the SolarWinds attack in December 2020, which compromised numerous U.S government agencies, and the Colonial Pipeline ransomware attack in May 2021, which disrupted fuel supplies across the East Coast These incidents highlight the increasing frequency and severity of security breaches in today's digital landscape.
Sina Weibo, a leading social media platform in China with over 600 million users, experienced a significant data breach in March 2020 An attacker accessed sensitive information of 538 million users, including real names, usernames, gender, location, and phone numbers This compromised database was allegedly sold on the dark web for $250, raising serious concerns about user privacy and security.
China's Ministry of Industry and Information Technology (MIIT) has urged Weibo to enhance its data security measures to better protect personal information The ministry emphasized the importance of notifying both users and authorities in the event of data breaches.
Sina Weibo reported a security breach where an attacker accessed publicly available information using a tool meant for locating users' accounts via phone numbers; however, no passwords were compromised The company acknowledged the risk of leaked data being linked to passwords if users reused them across accounts In response, Sina Weibo has strengthened its security policies and notified the relevant authorities about the incident (Michael Hill and Dan Swinhoe, 2021).
In April 2020, Nintendo revealed that approximately 160,000 user accounts were compromised due to a suspected credential stuffing attack This breach allowed hackers to access accounts by utilizing previously leaked user IDs and passwords, enabling them to make unauthorized purchases with stored payment information and view sensitive personal data, including names, email addresses, dates of birth, genders, and nationalities.
The gaming giant has revealed that an additional 140,000 accounts were compromised, raising the total to 300,000 affected accounts In response, all impacted customers have had their passwords changed, and users are urged to avoid using the same password across multiple accounts and services for enhanced security.
In early April, as employees adjusted to remote work, it was discovered that the virtual conference platform Zoom experienced a significant security breach, compromising the login information of more than 500,000 users.
Hackers have gained access to accounts by utilizing stolen username and password combinations from previous data breaches in a recent credential stuffing attack This sensitive information was reportedly sold for as little as 1 penny on dark web hacker forums.
Criminals stole sensitive information, including login credentials, email addresses, personal meeting URLs, and Host Keys, enabling them to access meetings or exploit the data for malicious purposes.
In June 2021, a hacker exploited data scraping techniques to release information related to 700 million LinkedIn members on a dark web platform, impacting over 90% of the company's user base.
"God User," who exploited the site's (and others') API before releasing the first data collection of about
500 million consumers They then boasted that they were selling the whole 700 million-person consumer database
5 Data on 3.3 Million Audi Customers Exposed in Unsecured Database (June 2021)
In June 2021, Volkswagen revealed that the personal data of 3.3 million Audi customers, encompassing both current and prospective purchases, had been inadvertently exposed online This data breach included sensitive information such as names, email addresses, phone numbers, and specific vehicle-related details, all of which were collected between 2014 and 2021.
Around 90,000 people were impacted, and additional sensitive information was taken This may contain Social Security numbers and dates of birth
Between August 2019 and May 2021, sensitive data was exposed online, prompting the organization to investigate the incident and determine the exact timeline of the breach.
In July 2021, Kaseya, a provider of IT solutions, experienced a major ransomware attack on its unified remote monitoring and network perimeter protection product This supply chain assault specifically targeted managed service providers and their clients, compromising administrative control over Kaseya's services.
A recent assault disrupted Kaseya's SaaS servers and affected on-premise VSA solutions utilized by clients across 10 countries, as reported by ZDNet In response, Kaseya promptly informed its customers and launched the Kaseya VSA detection tool, enabling businesses to evaluate their VSA services and monitor endpoints for potential vulnerabilities.
7 Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August
In August 2021, a vulnerability in Cosmos DB enabled Wiz security experts to gain access to Microsoft Azure account credentials and client databases, exposing a significant loophole that allowed unauthorized access to databases This issue affected a diverse range of organizations, including several Fortune 500 companies.
Propose a method to assess and treat IT security risks (M1)
To effectively manage various types of risks, FIS should prioritize the establishment of an Information Security Risk Management (ISRM) program utilizing information technology Implementing the NIST framework is an excellent choice, as it offers a comprehensive, flexible, repeatable, and measurable approach to enhancing the design, security, and monitoring of IT systems.
Specifically, here are some abilities of an ISRM proving that this will help FIS manage risks:
It guarantees that unacceptable risks are detected and appropriately managed
It guarantees that resources and effort aren't squandered on insignificant risks
It gives top management insight into the organization's risk profile and risk treatment priorities, allowing them to make more strategic decisions
This stage involves identifying your digital assets, which might include a wide range of data
Financial data that must be regulated under Sarbanes-OxleyHealthcare records that must be kept secret under the Health Insurance Portability and Accountability Act, or HIPAA
Product development and trade secrets are examples of company secrets
In this phase, it is crucial to evaluate both the potential risks of data loss or theft and the strategies necessary to mitigate or eliminate these risks associated with various data types.
This involves classifying data for security risk management based on its level of confidentiality, compliance laws, financial risk, and acceptable risk level (Dobran, 2019)
Employees get security awareness training on the correct handling of private information
Implement access controls to ensure that only those who have a legitimate need for information have access
Establish a company "owner" for each identified risk to ensure buy-in for planned controls and risk tolerance
Create a role for an information security officer who will be responsible for assessing and mitigating data security risks
Examine the security dangers that have been discovered and the measures that are in place
New danger detection and containment mechanisms are being developed
Analyze real and attempted attacks using network security technologies
Install and use technologies for alarms and unwanted access capture
Verify that notifications are sent to the appropriate people for timely action
As new or updated apps are introduced, make sure that a continual data risk analysis is performed
The efficiency of network security measures should be checked on a regular basis Have controls been reviewed and approved if your business has audit functions?
Have you questioned data company owners (stakeholders) to confirm that risk management solutions are acceptable? Are they suitable for the underlying vulnerability?
Effective authorization must consider not only the individuals notified but also the actions taken and their promptness In situations where your data is at risk, swift action is essential to prevent theft or loss.
In order to provide a safe environment for your technological assets, you must implement an information risk management framework
A sophisticated software-driven system of controls and alert management is an important component of a risk management strategy (Dobran, 2019).
DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES (P2)
Definition
A security process consists of a series of steps designed to fulfill specific security functions consistently and effectively These procedures provide a structured approach for conducting security operations, facilitating training, auditing, and continuous improvement By standardizing these actions, organizations can minimize variability in security practices, thereby enhancing overall security control Additionally, reducing variance in security procedures contributes to waste reduction, improved quality, and increased performance within the organization.
Discussion on Incidence response policy
The Incident Response (IR) Procedure outlines essential protocols for effective incident management, reporting, and monitoring It emphasizes the importance of incident response training, testing, and support to equip the organization for timely reactions to cybersecurity incidents By implementing these procedures, the goal is to safeguard State systems and data while ensuring the continuity of government services.
This type of policy usually includes information about:
(i) the organization's incident response team;
(ii) Each team member's role;
(iii) The people in charge of testing the policy;
(iv) How to put the policy into action;
(v) The technological means, tools, and resources that will be used to identify and recover compromised data
The preparation phase is essential for equipping system users and IT professionals to effectively address security issues This phase includes identifying necessary tools and resources for incident response, as well as implementing preventive measures such as regular risk assessments and enhancing user awareness.
The identification phase is crucial for recognizing and assessing security incidents, determining their severity and priority This involves detecting incidents through common attack vectors such as removable media, the web, and email, as well as recognizing signs and identifying precursors Initial analysis and validation are conducted through file integrity checks and packet sniffing, alongside data filtering and evidence preservation to ensure a thorough understanding of the incident.
Containment phase: Instructions on how to separate systems that have been impacted by the assault to avoid further damage to other systems
Eradication phase: Determining the cause of the occurrence and removing the impacted systems
Recovery phase: Returning afflicted systems to their regular operating environment
Post-incident phase: recording the whole occurrence, performing a comprehensive investigation, determining the reason for the incident, assessing related expenses, and formulating a strategy to prevent future events
Elements of an incident response policy:
Incident response teams can be categorized into two types: centralized and dispersed Smaller organizations typically opt for centralized teams, while larger organizations benefit from dispersed teams, which facilitate coordination across diverse cultural, linguistic, and legal contexts These teams may consist entirely of internal employees or include outsourced personnel, depending on the nature of the incident It is essential for organizations to ensure that team members are clearly defined in agreements and are adequately trained to fulfill their roles and responsibilities effectively.
Information about the system: System specifics, such as network and data flow diagrams, hardware inventories, and logging data, should be included in the policy
Effective incident handling and reporting procedures are crucial components of an organization's policy, outlining the methods for addressing and reporting both suspected and actual events These processes should clearly define which occurrences will initiate response measures, along with guidelines for incident reporting, including the timing of the event, details of any corrupted or inaccessible data, and implemented mitigation techniques Additionally, the policy should specify whether the organization will respond to potential attacks or if a successful breach is necessary to activate response protocols.
The "Lessons Learned" section of an incident response policy is a crucial yet often neglected element By facilitating discussions among all relevant stakeholders, this process serves as an effective tool for improving security measures within the organization and refining the incident handling process.
Reporting to outside parties: Timeframes and procedures for reporting to third parties, such as
An effective incident response policy should encompass IT workers, security analysts, data protection officials, law enforcement agencies, media representatives, affected external parties, and software providers Additionally, it is important to note that incident reporting may be legally required in certain jurisdictions.
Discussion on Acceptable Use Policy
An Acceptable Use Policy (AUP) defines the rules and guidelines that employees must adhere to when utilizing organizational IT resources to access the business network or the internet This policy is typically part of the onboarding process for new hires, who are required to read and sign the AUP before receiving a network ID It is advisable for a company's IT, security, legal, and HR departments to collaboratively determine the contents of this policy to ensure comprehensive coverage of necessary restrictions and procedures.
This policy applies to any data produced or stored on the Organization's systems
All data including non-public personal information must be encrypted before being electronically transmitted
Non-public personal information and other sensitive information shall be encrypted following the Information Sensitivity Procedures in all other circumstances
For this policy, all information and data residing on the organization's systems and networks are considered the organization's property
The organization reserves the right to monitor or audit all information, including data files, emails, and content stored on company-issued computers or electronic devices, at any time and without prior notice, to ensure compliance with security procedures.
Sensitive material must remain confidential and should not be shared or accessible to unauthorized individuals Such data will solely be used for investigative purposes and strictly for the administration of receivership, ensuring that it is not employed for any other reason.
The official website of the organization should not include any sensitive information
Information on the organization's systems, including public and private websites, should be categorised as either public or sensitive, according to the organization's information sensitivity policies
Passwords must be kept confidential and not shared with anyone else The security of their passwords and accounts is the responsibility of authorized users
User -level passwords should be updated according to the organization's systems usage policy, with a minimum requirement of every six months This includes accounts such as email, web services, social media, and access to sensitive information through various application accounts.
Authorized users should be vigilant when opening email attachments, as they can contain viruses, email bombs, or Trojan horse code, either intentionally or unintentionally It is essential to educate all users on how to identify potential threats to ensure their safety online.
Discussion on Remote Access Policy
The remote access policy outlines the approved methods for connecting to an organization's internal networks from remote locations, addressing the security concerns associated with such access It often includes addendums that detail guidelines for using Bring Your Own Device (BYOD) assets This policy is essential for enterprises with distributed networks that may reach into unsecured environments, like neighborhood coffee shops or unmanaged home networks.
All individuals with access to the Organization's network, including employees, contractors, and suppliers, are required to maintain the confidentiality of access procedures and codes They must not share this information with anyone Additionally, those granted access privileges must ensure that their connections adhere to security measures that align closely with the Organization's standards.
Secure remote access should be strictly controlled, allowing only personnel authorized by the Information Security Officer to gain entry To ensure authorized access, it is essential to implement one-time password authentication or utilize public/private keys combined with robust passwords.
Authorized users must not give their login credentials to anyone else, and they must not write or keep a record of their login credentials (Anon., 2008)
Unless the Information Security Officer approves differently, authorized users may only access the network using equipment provided by Organization
Authorized users must guarantee that remote connections comply with minimal authentication standards like CHAP or DLCI
Authorized users are responsible for ensuring that any remote host connected to the organization's internal networks is running antivirus software with the most recent virus definitions.
IDENTIFY THE POTENTIAL IMPACT TO ITS SECURITY OF INCORRECT CONFIGURATION OF
Firewall
A firewall is a crucial network security device that monitors and filters both incoming and outgoing traffic based on an organization's established security policies Essentially, it acts as a protective barrier between a private internal network and the public Internet, with the primary objective of permitting safe traffic while blocking potentially harmful threats.
Packet filtering: A tiny quantity of data is examined and delivered by the filter's requirements
Proxy service: At the application layer, a network security system protects while filtering communications
Stateful inspection: Dynamic packet filtering keeps track of current connections to decide which network packets to let through the Firewall
Next-Generation Firewall (NGFW): Deep packet inspection Firewall with the application-level inspection
Firewalls can be implemented as software or hardware solutions, with many hardware firewalls offering additional services like DHCP server functionality for the internal network To protect against external threats, various personal computer operating systems incorporate software firewalls Additionally, many routers equipped with firewall features manage data transmission across networks, performing essential routine tasks.
Prevents the Passage of Unwanted Content
The internet does not recognize content as poor or undesirable; without a strong firewall, such content can easily infiltrate systems Most operating systems are equipped with firewalls that effectively safeguard users against unwanted and harmful online information.
Unethical hackers continuously target vulnerable systems, posing a significant threat to uninformed users who are unaware of who may have access to their machines.
A powerful firewall is required to safeguard your data, transactions, and other sensitive information; for businesses, private data and information leakage can result in significant loss and failure
The vast network of the internet has exposed individuals, particularly adolescents and youngsters, to immoral information This content's malicious nexus has been rapidly growing
Exposure to obscene information of any kind can be damaging to young minds, leading to unusual behaviours and immoral behaviour
Guarantees Security Based on Protocol and IP Address
Hardware firewalls play a crucial role in monitoring traffic patterns according to specific protocols They maintain a comprehensive record of activity from the initiation of a connection to its conclusion, significantly enhancing system security.
Network Address Translation (NAT) serves as an effective firewall, safeguarding computers from external attacks by ensuring that their IP addresses remain accessible only within the local network This mechanism enhances security by keeping the devices independent and protected from outside threats (Pedamkar, 2020).
Protects Seamless Operations in Enterprises
In today's business landscape, enterprise software and systems play a crucial role, enabling authorized stakeholders to access and utilize data effectively This decentralized distribution of information enhances operational efficiency across the entire geographical presence of a company.
A user can log in to his system using credentials from any system on the network Given such a large network system and large amounts of data
Protects Conversations and Coordination Contents
Organizations in the service industry must continually communicate with third-party clients They continuously share relevant material with the customer and internal teams as part of various initiatives
Almost all of the content generated by these coordinating operations is secret and must be well safeguarded; no organization can afford the expense of such essential information being leaked
Prevents Destructive Content from Online Videos and Games
Users can stream movies and download games or videos from various websites, but not all of them ensure security While some popular sites are reliable, many others pose risks with malware and viruses that can compromise a user's device To safeguard against these online threats, it is essential to have a firewall installed, as it protects the system from potential virus attacks while accessing games or films.
Hackers and remote access are prevented by a firewall
Enhanced security and network monitoring capabilities
It gives you more privacy and security
Assist the VOIP phone's dependability
It guards against trojans (Bradley, 2021)
Allow for more advanced network capabilities to be implemented
An OS-based firewall can only protect single PCs, but a network-based firewall, such as a router, can protect many systems
2 How Does A Firewall Provide Security To A Network?
Firewalls play a crucial role in private networks by filtering network traffic and enforcing rules on which types of traffic are allowed or blocked Acting as a gatekeeper, firewalls ensure that only trusted sources and IP addresses can access the network, thereby enhancing security and protecting sensitive information.
A firewall only accepts incoming traffic that meets its predefined security criteria, effectively distinguishing between legitimate and malicious data It analyzes data packets to either permit or block them, ensuring a secure network environment.
The criteria for managing packet data are determined by various factors, including the source, destination, and content To prevent cyberattacks, these criteria effectively limit traffic originating from suspicious sources.
The graphic below, for example, depicts how a firewall permits excellent traffic to flow through to a user's private network
The firewall in the example below, on the other hand, prevents harmful traffic from accessing the private network, safeguarding the user's network from a cyberattack (Bradley, 2021)
A firewall can do fast evaluations to detect malware and other suspicious activity in this manner
At different network levels, several types of firewalls are used to read data packets.
IDS
An intrusion detection system (IDS) is a network traffic monitoring system that detects suspicious behaviour and sends out notifications when it is found (Lutkevich, 2021)
Figure 7: Diagram How Firewall work
Intrusion Detection Systems (IDS) primarily focus on anomaly detection and reporting; however, some advanced systems can actively respond to threats by blocking traffic from suspicious IP addresses when malicious behavior or abnormal traffic is identified.
An intrusion detection system (IDS) is distinct from an intrusion prevention system (IPS); while both analyze network packets for harmful activity, an IDS primarily focuses on detecting and documenting potential threats, whereas an IPS aims to prevent such attacks from occurring.
Other security controls intended at detecting, stopping, or recovering from assaults; monitoring the functionality of routers, firewalls, key management servers, and files that are required by other security controls;
Allowing administrators to tweak, manage, and comprehend relevant OS audit trails and other logs that might otherwise be impossible to follow or interpret;
The system features an extensive attack signature database, allowing for effective comparison of information to enhance security Additionally, it provides a user-friendly interface, enabling non-expert staff to actively participate in managing system security.
When the Intrusion Detection System (IDS) identifies alterations in data files, it triggers an alarm to alert the user of a potential security breach, subsequently blocking the attackers or the affected server to ensure protection.
Intrusion detection systems (IDS) play a crucial role in identifying network irregularities, enabling the detection of hackers before they can inflict significant damage There are two main types of IDS: network-based intrusion detection systems (NIDS), which monitor network traffic, and host-based intrusion detection systems (HIDS), which are installed on individual client computers to oversee local activities.
Intrusion detection systems identify potential threats by monitoring for indicators of past attacks or unusual behavior They analyze these anomalies at both the protocol and application layers, enabling the detection of incidents like Christmas tree scans and DNS poisoning.
An Intrusion Detection System (IDS) can be implemented either as a client-side software application or as a dedicated network security device In order to protect data and systems within cloud environments, there are now cloud-based intrusion detection solutions available.
The Potential Impact (Threat-Risk) Of A Firewall And IDS If They Are Incorrectly Configured In A Network 31
Unencrypted HTTP connections pose significant security risks, as they can be exploited by outsiders on the same network segment, particularly on open wireless networks This vulnerability allows unauthorized access to the firewall, while the lack of anti-spoofing restrictions on the external interface increases the likelihood of denial-of-service attacks Additionally, the absence of logging rules can create challenges for protecting critical systems and services.
Internal network segments can be connected by any protocol/service, which can lead to internal breaches and compliance violations, especially in PCI DSS cardholder data settings
Unencrypted telnet connections pose a significant security risk, as they permit any user on the internal network to access the firewall When tools like Cain & Abel enable ARP poisoning, it opens the door for inside users or malware to exploit these vulnerable connections.
Any sort of TCP or UDP service can leave the network, allowing malware and spam to proliferate and resulting in permissible use and policy breaches
There is no documentation for the rules, which might lead to security management concerns, especially when firewall administrators leave the company unexpectedly
The default password(s) are used, resulting in every security risk imaginable, including responsibility concerns when network events occur
Outdated firewall OS software poses significant security risks due to its lack of support, leaving it vulnerable to known threats like remote code execution and denial of service attacks Additionally, if a security breach occurs, the age of the system could reflect poorly on the organization in the eyes of third parties.
Access to internal Microsoft SQL Server databases is potentially available to anyone on the Internet, particularly if the SQL Server is set up with default credentials like 'sa/password' or a weak password This vulnerability can lead to unauthorized access to sensitive internal data.
SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ, STATIC IP AND NAT IN
DMZ
A DMZ Network serves as a perimeter network that enhances security by shielding an organization's internal local-area network from untrusted traffic Typically, a DMZ functions as a subnetwork positioned between the public internet and private networks, providing an additional layer of protection (Ohri, 2021).
A Demilitarized Zone (DMZ) serves to connect an organization to untrusted networks like the internet while safeguarding its private network or Local Area Network (LAN) It typically houses external-facing services and resources, including servers for Domain Name System (DNS), File Transfer Protocol (FTP), email, proxy services, Voice over Internet Protocol (VoIP), and web servers, ensuring secure access and enhanced protection for internal systems.
Internet-connected gadgets are prime targets for cyberattacks, making them particularly vulnerable Companies with publicly accessible servers face heightened risks, as they are more prone to assaults Implementing a Demilitarized Zone (DMZ) acts as a protective barrier between external and internal networks By establishing a DMZ between two firewalls, all incoming traffic is effectively filtered through a security appliance before reaching the organization's servers, enhancing overall security.
If a skilled hacker breaches a company's firewall and gains unauthorized access to its systems, the security measures in place will promptly notify the host of the breach before any harmful actions or access to sensitive data can occur (Ohri, 2021).
To enhance security while providing external access, businesses can leverage the public internet through a Demilitarized Zone (DMZ) This setup facilitates service accessibility beyond the network's boundaries while ensuring effective network segmentation, thereby reducing the risk of unauthorized access to private networks Additionally, incorporating a proxy server within the DMZ streamlines internal traffic management and improves the monitoring and logging of network activity.
A DMZ serves as a crucial barrier between the internet and a private network, effectively preventing network reconnaissance by attackers seeking viable targets While servers within the DMZ are publicly accessible, a firewall ensures that the internal network remains hidden, providing an additional layer of security against potential threats.
Even if a DMZ system is compromised, the internal firewall protects the private network by separating it from the DMZ, preventing external reconnaissance
To prevent IP spoofing, which involves attackers masquerading as trusted devices to gain unauthorized access to systems, implementing a Demilitarized Zone (DMZ) is crucial A DMZ can effectively detect and block spoofing attempts while also facilitating network segmentation, ensuring that traffic is organized and public services remain accessible without compromising the security of the private network.
5 The Importance Of Dmz Networks
The primary benefit of employing a DMZ is that it adds an extra layer of protection to an organization's private network by restricting access to servers and critical data
In the DMZ, we may set up a reverse proxy server Clients on the internet will connect to a reverse proxy server that holds no sensitive information
The DMZ not only isolates and keeps possible target systems away from inside networks, but it also limits and controls access to them (Ohri, 2021)
A Demilitarized Zone (DMZ) allows users within an enterprise to exchange and access internet resources securely, while also protecting the network from unauthorized external users who might attempt to access sensitive data.
Because a DMZ manages both external and internal traffic flow to and from a private network, hackers are less likely to get direct access to the system
The DMZ can also be used to respond to security concerns posed by IoT devices, OT systems, and other similar systems.
NAT
Natural disasters such as fires, floods, hurricanes, earthquakes, tsunamis, and avalanches pose significant threats, leading to not only immediate damage but also additional losses incurred during recovery efforts.
4 What are the recent security breaches? List and give examples with dates a Security Breaches Definition: A successful effort by an attacker to obtain unauthorized access to an organization's computer systems is referred to as a security breach Theft of sensitive data, corruption or sabotage of data or IT systems, or acts meant to deface websites or harm reputation are all examples of breaches (Cassetto, 2019) b Recent Security Breaches, List and give examples with dates
Sina Weibo, a leading social media platform in China with over 600 million users, experienced a significant data breach in March 2020 An attacker accessed sensitive information of 538 million users, including real names, usernames, gender, location, and phone numbers The compromised database was allegedly sold on the dark web for $250, raising serious concerns about user privacy and security.
China's Ministry of Industry and Information Technology (MIIT) has urged Weibo to enhance its data security measures to better protect personal information The ministry emphasized the importance of notifying users and relevant authorities in the event of data breaches, highlighting the need for improved safeguards in handling sensitive data.
Sina Weibo reported a security breach where an attacker accessed publicly available information using a tool meant for locating user accounts via phone numbers, although no passwords were compromised The company acknowledged that if users reuse passwords across accounts, the leaked data could potentially link accounts to those passwords In response, Sina Weibo has strengthened its security policies and notified the relevant authorities about the incident (Michael Hill and Dan Swinhoe, 2021).
In April 2020, Nintendo revealed that a credential stuffing attack had compromised 160,000 user accounts Hackers exploited previously leaked user IDs and passwords to gain access, enabling them to make unauthorized purchases with stored payment methods and access sensitive information, including names, email addresses, dates of birth, genders, and nationalities.
A major gaming company has revealed that the recent security breach has affected an additional 140,000 accounts, bringing the total to 300,000 compromised accounts In response, the company has reset the passwords for all affected users and strongly recommends that customers avoid reusing passwords across different accounts and services for enhanced security.
In early April, as employees adapted to remote work, it was disclosed that Zoom, the popular virtual conference platform, experienced a significant security breach that compromised the login information of more than 500,000 users.
Hackers have gained access to accounts by using stolen username and password combinations from previous data breaches in a credential stuffing attack This compromised information was sold on dark web hacker forums for as little as 1p.
Sensitive information such as login credentials, email addresses, personal meeting URLs, and Host Keys were compromised, enabling criminals to access meetings or exploit this data for malicious purposes.
In June 2021, a hacker exploited data scraping techniques to release information linked to 700 million LinkedIn members on a dark web platform, impacting over 90% of the company's user base.
"God User," who exploited the site's (and others') API before releasing the first data collection of about
500 million consumers They then boasted that they were selling the whole 700 million-person consumer database
5 Data on 3.3 Million Audi Customers Exposed in Unsecured Database (June 2021)
In June 2021, Volkswagen disclosed that data from 3.3 million Audi customers, encompassing both current and prospective purchases, had been exposed online This data breach included personal information such as names, email addresses, and phone numbers, along with specific vehicle-related details, all of which were collected between 2014 and 2021.
Around 90,000 people were impacted, and additional sensitive information was taken This may contain Social Security numbers and dates of birth
Between August 2019 and May 2021, sensitive data was exposed online, prompting the organization to investigate the incident further to determine the exact timeline of the breach.
In July 2021, Kaseya, a provider of IT solutions, experienced a major attack on its unified remote monitoring and network perimeter protection product This incident involved a supply chain ransomware assault that specifically targeted managed service providers and their clients, resulting in the theft of administrative control over Kaseya's services.
A recent assault disrupted Kaseya's SaaS servers and affected on-premise VSA solutions for clients across 10 countries, as reported by ZDNet In response, Kaseya promptly informed its customers and launched the VSA detection tool, enabling businesses to evaluate their VSA services and monitor endpoints for signs of vulnerabilities.
7 Databases and Account Details on Thousands of Microsoft Azure Customers Exposed (August
Discuss Three Benefits To Implement Network Monitoring Systems With Supporting Reasons (M2)
Top three benefits of implementing network monitoring systems:
Preventing cybercrime is a top priority for organizations, as identifying and addressing network threats before they escalate is essential With cyberattacks becoming increasingly sophisticated and harder to trace, proactive measures are vital for safeguarding sensitive information and ensuring operational integrity.
Addressing persistent security threats on a daily basis without network insights may be exceedingly time- consuming for an IT staff Maintaining IT network security necessitates the following:
Security fixes are updated on a regular basis
On all individual workloads, standardized security settings are maintained
As a result, network monitoring will help an IT staff defend a company's data and systems more effectively
2) Manage Client Network Usage with Confidence:
Many companies allow employees to use the internet during work hours, which can lead to potential misuse of confidential information without proper network monitoring To effectively identify such issues, robust network monitoring systems are essential Additionally, for clients who depend on us for data backup and integrity, network monitoring offers a seamless interface that enhances overall efficiency While IT professionals can create various monitoring solutions, implementing dedicated network monitoring systems significantly improves effectiveness.
IT outages can result from a variety of factors
Changes to the network that are incompatible
Organizations often become aware of network performance issues only when there are significant deviations from the norm, typically responding only when these issues begin to impact business productivity.
Network monitoring systems provide valuable insights into daily performance and enable early detection of deviations from the norm This proactive approach allows IT professionals to identify potential issues before they escalate into serious problems that could lead to system downtime.
This article discusses the risks and remedies associated with online data protection, highlighting various tools that can enhance security for individuals and organizations It outlines past security breaches to educate users on potential dangers and offers strategies to safeguard data While acknowledging the risks, the article also emphasizes the benefits of security applications, demonstrating that these tools are positively regarded by consumers, enabling them to choose the most suitable software for their needs.
Anon., 2008 [Organization] Information Security Procedures , s.l.: s.n.
Bradley, T., 2021 What Is a Firewall and How Does a Firewall Work? [Online]
Available at: https://www.lifewire.com/what-is-a-firewall-2487290
Cassetto, O., 2019 Security Breaches: What You Need to Know [Online]
Available at: https://www.exabeam.com/dlp/security-breach/
Contributor, S., 2020 What is a Data Breach? Ultimate Guide to Cyber Security Breaches [Online] Available at: https://www.dnsstuff.com/data-breach-101
Dobran, B., 2019 Information Security Risk Management: Build a Strong Program [Online] Available at: https://phoenixnap.com/blog/information-security-risk-management garg, r., 2021 Threats to Information Security [Online]
Available at: https://www.geeksforgeeks.org/threats-to-information-security/
Gillis, A S., 2020 static IP address [Online]
Available at: https://whatis.techtarget.com/definition/static-IP-address
Available at: https://luminet.co.uk/top-5-benefits-network-monitoring/
Lutkevich, B., 2021 intrusion detection system (IDS) [Online]
Available at: https://www.techtarget.com/searchsecurity/definition/intrusion-detection-system
Lutkevich, B., n.d intrusion detection system (IDS) [Online]
Available at: https://www.techtarget.com/searchsecurity/definition/intrusion-detection-system Michael Hill and Dan Swinhoe, 2021 The 15 biggest data breaches of the 21st century, s.l.: s.n
Ohri, A., 2021 What Is DMZ Network [Online]
Available at: https://www.jigsawacademy.com/blogs/cyber-security/what-is-dmz
Patterson, D., 2018 The Importance of Policies and Procedures, s.l.: s.n
Available at: https://www.educba.com/firewall-uses/
RSI, 2021 TYPES OF SECURITY THREATS TO ORGANIZATIONS [Online]
Available at: https://blog.rsisecurity.com/types-of-security-threats-to-organizations/
Vaughan-Nichols, S J., 2019 Static vs Dynamic IP Addresses [Online]
Available at: https://www.avast.com/c-static-vs-dynamic-ip-addresses