ASSIGNMENT FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Tran Trung Nghia Student ID GCH190377

Class Assessor name Michael Omar

GCH0901

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1
 Summative Feedback:  Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

Table of Contents
INTRODUCTION :.........................................................................................................................................................5

Introduce the project and explain what the project is all about :............................................................................5

Explain the problems that requires address and give solutions to the problems :..................................................5

Talk about what the important parts of the assignment you will address :.............................................................6

P1. IDENTIFY TYPES OF SECURITY THREAT TO ORGANISATIONS :.............................................................................6

DEFINE THREATS :...................................................................................................................................................6

IDENTIFY THREATS AGENTS TO ORGANIZATIONS :................................................................................................6

1. Nation States :.................................................................................................................................................6

2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses perpetrated by
vandals and the general public)...........................................................................................................................6

3. Employees and Contractors :...........................................................................................................................6

4. Terrorists and Hacktivists (political parties, media, enthusiasts, activists, vandals, general public, extremists,
religious followers)..............................................................................................................................................7

5. Organized crime (local, national, transnational, specialist).............................................................................7

6. Corporates (competitors, partners).................................................................................................................7

LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE....................................................................................8

1. COMPUTER VIRUSES :......................................................................................................................................8

2. TROJANS HORSE :.............................................................................................................................................9

3. ADWARE :......................................................................................................................................................10

4. SKYWARE :.....................................................................................................................................................11

5. WORM :.........................................................................................................................................................12

6. DENIAL-OF-SERVICE (DOS) ATTACKS..............................................................................................................13

7. PHISHING :.....................................................................................................................................................13

8. SQL INJECTION...............................................................................................................................................14
 9. ROOTKIT.........................................................................................................................................................15

10. MALWARE....................................................................................................................................................16

11. RANSOMWARE............................................................................................................................................16

12. DATA BREACH..............................................................................................................................................17

13. ZERO DAY ATTACK.......................................................................................................................................17

14. CARELESS EMPLOYEES OF ORGANIZATION..................................................................................................17

GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES............18

What are the recent security breach? List and give examples with dates :.......................................................18

Discuss the consequences of this breach?.........................................................................................................18

Suggest solutions to deals :................................................................................................................................18

1. Have a strong and effective security plan :........................................................................................................18

2. Conduct a comprehensive risk assessment :......................................................................................................19

3. Raising awareness about network security among employees in the company :..............................................19

P3. IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT CONFIGURATION OF FIREWALL POLICIES
AND IDS..................................................................................................................................................................... 19

Discuss briefly firewall and policies, its usage and advantages in a network :....................................................19

How does a firewall provide a security to a network?.........................................................................................20

INTRODUCTION :
Introduce the project and explain what the project is all about :
In order to apply for an internship at a company specializing in producing computer security
software, I was asked to write a report and a presentation to talk about the agents, the factors that
harm the facility organization's data

Explain the problems that requires address and give solutions to the problems :
What I need to do is give examples of database threats, actors, specific examples of one of the
many recent cyber attacks. Mention and discusses 3 procedures that the organization uses to
improve or provide security for the organization. Identify the potential IT security impact of
misconfiguring the IDS and firewall policies. Show that using an example for each, how to deploy
DMZ, static IP and NAT in the network can improve Network Security

Talk about what the important parts of the assignment you will address :
The most important thing in my report is to help people understand more about cyber-attacks, to
identify threats, agents, and solutions to prevent and raise awareness. of people in protecting
personal information and important data they store on their electronic devices

P1. IDENTIFY TYPES OF SECURITY THREAT TO ORGANISATIONS :

DEFINE THREATS :

Security Threat is a risk that can harm computer systems and companies and organizations. There
are 2 possible causes of such security threats as physical: someone steals your computer that
contains important information, or it can also be non-physical, such as a computer virus.

IDENTIFY THREATS AGENTS TO ORGANIZATIONS :

1. Nation States :

Companies operating in certain sectors, e.g. telecommunications, oil and gas, mining, power
generation, national infrastructure, etc., can be targeted for one country. Good. in addition to
interrupting operations now or letting the country hold its future in times of adversity [ CITATION
MLamb \l 1033 ]
2. Non-target specific (Ransomware, Worms, Trojans, Logic Bombs, Backdoors and Viruses perpetrated
by vandals and the general public)

There have been many times companies say to me, "Oh, we won't be targeted by hackers for…."
But the number of random attacks that take place on a daily basis is so great (there's no exact
statistics on this to share here) that every organization can fall victim to it.

The most famous example of a particular non-targeted attack is the WannaCry ransomware
incident that affected more than 200,000 computers in 150 countries. In the UK, the NHS is closed
for a few days. And, of course, there's a bored teenager in the attic somewhere just surfing the
internet because of the weak connection[ CITATION MLamb \l 1033 ].

3. Employees and Contractors :

Machines and software programs provide good protection from malware, unless it's a zero-day
virus. People are often the weakest link in the security system, whether by accident or malice.

Common mistakes like sending the wrong email are common, but often we realize them quickly
and can fix common problems. Simple measures like protecting the file with a password can also
help minimize the impact of such mistakes[ CITATION MLamb \l 1033 ].

4. Terrorists and Hacktivists (political parties, media, enthusiasts, activists, vandals, general public,
extremists, religious followers)

Rather than the threat posed by countries, it depends on your activities in terms of the level of
threat these actors pose. However, some terrorists seek to target certain industries or countries so
there may be a persistent threat of a random attack against you.

Perhaps the most famous example of this is the 2010 Wikileaks revelations published through
diplomatic telegrams and other documents related to the conflict in Iraq and Afghanistan [ CITATION
MLamb \l 1033 ].
5. Organized crime (local, national, transnational, specialist)

Criminals are targeting personal data for a number of different reasons; credit card fraud, identity
theft, bank account fraud, etc. These crimes are currently committed at an industrial scale. The
methods vary from phishing attacks to ‘Watering Hole’ sites, but the end result is the same; you
and your data are being extracted and used for nefarious means[ CITATION MLamb \l 1033 ].

6. Corporates (competitors, partners)

The threat of competitors stealing your intellectual property is obvious, but we are increasingly
working with more partner organizations to fill the skills and resources or application gaps. Simpler.
to provide a service. These partner companies may steal or disclose your intellectual property or
personal data that you have stored, either inadvertently or maliciously, depending on their
motives[ CITATION MLamb \l 1033 ].

LIST TYPE OF THREATS THAT ORGANIZATIONS WILL FACE

1. COMPUTER VIRUSES :

A virus is a software program that can spread from one computer to another computer or network
to another without the user's knowledge and carry out malicious attacks.

It has the potential to corrupt or corrupt an organization's sensitive data, destroy files, and format
the hard drive[ CITATION Touhid \l 1033 ].

HOW TO GET VIRUS ATTACK?

 Click the executable

 Free software and application installation
 Accessing infected and insecure website
 Click on the ad
 Use an infected removable storage device, such as a USB drive
 Open the spam email or click the URL link
  Download free games, toolbars, media players, and other software.

Figure 1 : Computer Virus.

2. TROJANS HORSE :

A Trojan horse is a malicious code or program developed by hackers that disguises itself as
legitimate software to gain access to an organization's systems. It is designed to delete, modify,
corrupt, block or some other harmful action on your data or network [ CITATION Touhid \l 1033 ].

HOW DOES TROJANS HORSE ATTACK?

 The victim receives an email with an attachment that looks like the original official email.
The attachment may contain malicious code that is executed immediately after the victim
clicks the attachment.
 In that case, the victim does not suspect or understand that the attachment is actually a
Trojan horse.
 Figure 2 : Trojan horse

3. ADWARE :

Adware is a software program that contains commercial and marketing related advertisements
such as advertisements displayed through pop-ups or bars, banner ads, videos on your computer
screen. . . . . .

Its main purpose is to generate developer revenue (Adware) by serving different types of ads to
internet users [ CITATION Touhid \l 1033 ].

HOW DOES ADWARE ATTACK?

 When you click on that ad type, it redirects you to an advertising website and collects
information from you.
 It can also be used to steal all of your sensitive information and login information by
tracking your online activities and selling that information to third parties.
 Figure 3 : Adware

4. SKYWARE :
Spyware is a kind of undesirable security threat to organizations that are installed on users'
computers and collect sensitive information such as personal or organizational business
information or posts. . enter and credit card without user knowledge.

This type of threat monitors your internet activity, monitors your credentials, and monitors your
sensitive information.

Therefore, every organization or individual should take action to prevent spyware by using anti-
virus software, firewalls and downloading from reliable sources [ CITATION Touhid \l 1033 ].

HOW DOES SPYWARE INSTALL?

It can be automatically installed on your computer or a hidden component of the software

package, or it can be installed as traditional malware such as advertisements, emails, and instant
messages.
 Figure 4 : Spyware

5. WORM :

A worm is a type of malware or program that spreads in its connected network and copies itself
from one computer to another in the organization [ CITATION Touhid \l 1033 ].

HOW DOES WORM SPREADS?

It can spread without any human help and exploit software security flaws and access attempts to
steal sensitive information, corrupt files, and windows settings. for remote access to the system.

Figure 5 : Computer Worm

6. DENIAL-OF-SERVICE (DOS) ATTACKS

Denial-of-service is an attack that causes shutdown or network or makes users inaccessible. It often
floods a targeted system with requests until it cannot handle the normal traffic, resulting in denial
of service to users [ CITATION Touhid \l 1033 ].

HOW DOES DOS ATTACK?

 It happens when an attacker prevents legitimate users from accessing specific computer
systems, devices, or other resources.
 The attacker sends too much traffic to the target server
 Overload it with traffic and the server is overloaded, which causes websites, email servers,
and other services to connect to the Internet.

Figure 6 : DOS Attack

7. PHISHING :

Phishing is a type of social engineering attack that tries to get confidential information like
usernames, passwords, credit card information, login information, etc [ CITATION Touhid \l 1033 ].
 HOW DOES PHISHING ATTACK?

 In a phishing email attack, the attacker sends a phishing email to the victim's email, it
appears to have come from your bank and they are asked to provide your personal
information.
 The message contains a link that redirects you to another vulnerable website to steal your
information.
 So it is better that you avoid or click or open such email type and provide your sensitive
information.

Figure 7 : Phising Attack

8. SQL INJECTION

SQL injection is a type of injection attack and one of the most popular web hacking techniques
allows an attacker to take control of a database in the background to change or delete data
[ CITATION Touhid \l 1033 ].

HOW DOES SQL INJECTION ATTACK?

 It is an application's security weakness, and when an application cannot properly clean up the SQL
statements, an attacker can include their own malicious SQL commands to access the database.
organization's. The attacker includes malicious code in SQL statements, via web page input.

Figure 8: SQL Injection Attack

9. ROOTKIT

A rootkit is a malicious program that installs and executes malicious code on a system without the
user's consent to gain administrator-level access to a computer or network system.

There are different types of Rootkit viruses like Bootkit, Firmware Rootkit, Kernel-Level Rootkit,
and Application Rootkit [ CITATION Touhid \l 1033 ].

HOW DOES ROOTKIT INSTALL?

It can infect your computer by sharing an infected drive or drive. It is usually installed through
stolen passwords or installed by exploiting system vulnerabilities, social engineering tactics and
phishing techniques unaware of the victim.
10. MALWARE

Malware is software that often consists of programs or code and is developed by network
attackers. This is a type of network security threat to organizations designed to cause major
damage to a system or unauthorized access to a computer [ CITATION Touhid \l 1033 ].

HOW DOES MALWARE ATTACK?

There are various ways a malware can infect a device, such as it can be sent as a link or file via
email and it requires the user to click on that link or open the file to do malware.

This type of attack includes computer viruses, worms, Trojan horses and spyware.

11. RANSOMWARE

Ransomware is a type of security threat that blocks computer system access and requires bitcoin
to access the system. The most dangerous ransomware attacks are WannaCry, Petya, Cerber, Locky
and CryptoLocker, etc [ CITATION Touhid \l 1033 ].

HOW DOES RANSOMWARE INSTALL?

 When downloading and opening malicious email attachments

  Install infected software or applications
 When a user visits a malicious or vulnerable website
 Click an untrusted web link or image

12. DATA BREACH

Data breach is a security threat that exposes confidential or protected information and the
information is accessed from the system without the system owner's permission.

Information may be related to sensitive, proprietary or confidential such as credit card numbers,
customer data, trade secrets, etc [ CITATION Touhid \l 1033 ].

13. ZERO DAY ATTACK

Zero day attacks are application-based cybersecurity threats that are unspecified vulnerabilities in
computer software or applications. When an organization launches an application, what kinds of
security holes do they have ? [ CITATION Touhid \l 1033 ].

HOW DOES ZERO DAY ATTACK?

 When a patch has not been released or the software developer does not know or has
insufficient time to fix an application vulnerability.
 If the security hole is not addressed by the developer, it could affect computer programs,
data or the network.

14. CARELESS EMPLOYEES OF ORGANIZATION

Employees are the greatest security risk to any organization, as they know everything about the
organization, like where sensitive information is stored and how it is accessed. In addition to
malicious attacks, careless employees are other types of cybersecurity threats to organizations
[ CITATION Touhid \l 1033 ].

HOW DOES ATTACK?

 they use very simple passwords to remind and also share passwords. another common problem is
that employees open suspicious email attachments, click on links or visit malicious websites, which
can introduce malware into the system.[ CITATION Touhid \l 1033 ]

GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES.

What are the recent security breach? List and give examples with dates :

A hacker / hacking group named ShinyHunters flooded a hacker forum with 386 million
stolen user profiles from 18 companies around the world ( July 21, 2020 )

Discuss the consequences of this breach?

As a result of this cybersecurity, it is dangerous to have a lot of personal information (about 386
million people) of customers and service users of 18 companies. There are many ways for bad guys
to use such data for bad purposes such as selling personal information, hacking important data on
computers, data of bank accounts, ...

Suggest solutions to deals :

Use a unique password for your system, some people use their Date of birth for the password
( including me ), that’s a very bad habit because bad guy easily to check your password and use
your bank account, facebook, instagram, … and update it frequently.

P2. DESCRIBE AT LEAST 3 ORGANIZATIONAL SECURITY PROCEDURES :

1. Have a strong and effective security plan :

A security plan is an extremely important thing for a database protection system. With a clear and
specific plan, dealing with current, current and future situations will become much easier for employees
and their companies. Make a specific list of things to do and allocate responsibilities for each employee
before the incident

2. Conduct a comprehensive risk assessment :

First of all, we need to have complete knowledge of network threats and vulnerabilities that are
relevant to our individual and corporate departments. It is necessary to identify specific problems
that the company is facing in order to provide policies and solutions to solve the problems they are
facing.

After testing everything, the company will come up with requirements as well as a plan and
management to minimize the attacks spreading to other devices within the company. A good risk
assessment can be of great help in the handling and control of problems encountered

3. Raising awareness about network security among employees in the company :

This is an extremely effective way to secure important information and avoid cyber attacks. The
fact that a hacker can attack a device without any loopholes is almost impossible. And if you want a
device like that, you need to add your own staff's knowledge of network security. It will help
minimize the cases where viruses, trojans can penetrate your computer through such things as
spam emails, advertisements or unsafe links on the Internet.

P3. IDENTIFY THE POTENTIAL IMPACT TO IT SECURITY OF INCORRECT

CONFIGURATION OF FIREWALL POLICIES AND IDS.
Discuss briefly firewall and policies, its usage and advantages in a network :
A firewall is like a barrier between a local area network (LAN) and other networks, for example the
Internet. The firewall is responsible for regulating incoming and outgoing traffic on the local
network based on the settings made on the firewall. Otherwise, the traffic going in and out of the
local network will not be regulated
 A firewall is like a filter on traffic coming from dangerous sources like hackers, some viruses make
them unable to attack your data. In addition, the firewall can also monitor, analyze traffic flows and
decide what to do with suspicious traffic flows, such as blocking some data sources that do not
allow access or monitoring one. suspicious transaction because the sources of access must go
through it

How does a firewall provide a security to a network?

- The functions of the firewall :

 Allows or disables applications from accessing outside or from outside to the internal system
 Detect and block outside attacks
 Control access from users (forbidden or allowed)
 Manage and control network data flow
 Authenticate access
 Support to control the content of information and packets circulating on the network
 Filter packets based on source address, destination address, port number, network protocol
 Firewall acts as an intermediary Proxy
 Protect system resources by security threats

Show with diagrams the example of how firewall works :

Figure 9 : Firewall work

Define IDS, its usage, show with diagrams examples :
IDS stands for Intrusion Detection System - Intrusion Detection System. These are software or tools
that help you secure your system and warn you when there is an intrusion. An IDS is usually part of
other security systems or software, accompanied by the task of protecting information systems.

The most important features of IDS include: monitoring network traffic and suspicious activity;
provides warnings about anomalies to the system and network administrator; Combined with
firewall, anti-virus software creates a complete security system.

Figure 10 : IDS Diagram

Write down the potential impact (Threat-Risk) of FIREWALL and IDS incorrect configuration to the
network.
Compliance Violation: Properly configured firewalls are essential for businesses to comply with PCI
standards or regulations in industries like finance or healthcare. Failure to comply will result in a penalty.

Pathways of breach: Incorrect firewall configuration resulting in unwanted access can open doors for
breach, data loss and IP theft or ransom.

Unplanned crash: Misconfiguration can prevent customers from interacting with the business, and
downtime leads to loss of revenue. For example, large e-commerce businesses can lose thousands or
even millions of dollars until defects are fixed [ CITATION Ber20 \l 1033 ].
P4. SHOW, USING AN EXAMPLE FOR EACH, HOW IMPLEMENTING A DMZ,
STATIC IP AND NAT IN A NETWORK CAN IMPROVE NETWORK SECURITY.
Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage :

The DMZ zone is a neutral network area between the internal network and the Internet, which contains
information allowing users from the Internet to access and accept attacks from the Internet. The services
commonly developed in the DMZ are: Web servers, Mail servers, DNS servers, FTP servers,…