Đang tải... (xem toàn văn)
Khóa học này cung cấp cái nhìn tổng quan về các thách thức bảo mật và chiến lược đối phó trong môi trường hệ thống thông tin. Các chủ đề bao gồm định nghĩa về các thuật ngữ, khái niệm, thành phần và mục tiêu kết hợp các tiêu chuẩn và thực tiễn của ngành với trọng tâm là các khía cạnh sẵn có, dễ bị tổn thương, tính toàn vẹn và bảo mật của hệ thống thông tin.
ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 5: Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Bui Quang Minh Student ID GCD210325 Class GCD1104 Assessor name Tran Thanh Truc Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P1 P2 P3 P4 M1 M2 D1 Summative Feedback: Grade: Lecturer Signature: Resubmission Feedback: Assessor Signature: Date: Contents Task Indetifying types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences (P1) I Threats definition II Threat agents to organizations III List type of threats that organizations will face IV Recent security breaches V Consequences of these breaches VI Solutions to organizations Task Describing at least organisational security procedures (P2) I Data Classification II Strict Access Controls III Physical Security Monitoring 10 Task 2.1 Proposing a method to assess and treat IT security risks (M1) 11 I Methods required to access security threats 11 II Current weakness or threats of an organization 13 III Proposing tools to treat IT security risks 14 Task - Identifying the potential impact to IT security of incorrect configuration of firewall policies and IDS (P3) 16 I Firewalls and policies 16 II How firewall provide security to a network 17 III Diagrams of how firewall works 18 IV IDS definition, its usage and diagram 18 4.1 Definition 18 4.2 Usage 19 4.3 Diagrams examples 19 V Potential impact of a firewall and IDS if they are incorrectly configured 20 Task - Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) 21 I DMZ 21 II Static IP 22 III NAT 23 Task 4.1 - Discuss three benefits to implement network monitoring systems with supporting reasons (M2) 25 I Networking monitoring devices 25 II Why needs monitor networks 27 III Benefits of monitoring a network 28 Task 4.1.1 - Investigate how a ‘trusted network’ may be part of an IT security solution (D1) 30 I Trusted network 30 II How it can be a solution in IT security 31 Reference list 32 Task Indetifying types of security threat to organisations Give an example of a recently publicized security breach and discuss its consequences (P1) I Threats definition Threats to Information Systems A threat is any action that could harm an asset Natural and human-induced threats are the two things that information systems have to face The threats of a flood, earthquake, or severe storms require companies to create schemes to make sure that business operations continue and that the organization can recover A Business Continuity Plan (BCP) gives priorities to the functions a company needs to keep going On the other hand, a Disaster Recovery Plan (DRP) defines how a business regains after a massive disaster such as a fire or hurricane Human-Caused Threats to Computer Systems Human-caused threats to a computer system include viruses, malicious code, and unauthorized access • A virus is a piece of software designed with the intent to harm a system, an application, or data • Malicious code, or malware, is a computer program written to cause a specific action to happen, such as deleting a hard drive These threats can harm individuals, businesses, or organizations II Threat agents to organizations A thread agent is an individual or group that acts or has the power to, exploit a vulnerability or conduct other damaging activities Various types of such threat agents are introduced as follows: • Natural Disasters: Natural disasters such as storms, floods, earth quakes can cause the risk to the infrastructure of the organization’s information system These threat agents are considered the natural threat agents • Workforces: Organizations have to engage their workforces to perform their respective jobs following the policies of the organization When an employee makes a critical mistake in data entry, releases proprietary data, or deceives the organization, he or she becomes a major threat to the concerned organization • Malicious Hackers: Information systems if interlinked with other systems or even the Internet are exposed to thousands of potential hackers through social engineering, modem connections, or physical attacks They not care about the interface, be it public or private • Industrial Spies: Industrial espionage is a dangerous threat to most organizations It can result in loss of profits, competitive advantage, or even the business itself • Foreign Government Spies: Foreign spies can be involved in espionage with a view to enhancing the capabilities of their own government, reducing the native government’s abilities Their activities can even include foreign-sponsored industrial espionage III List type of threats that organizations will face Attacks on Availability: This category aligns with threats such as Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that impact access or uptime to critical systems, applications, or data Attacks on People: This category can relate to threats such as social engineering attacks, where attackers use coercion or deception to manipulate individuals into divulging sensitive information or performing certain actions, like clicking on malicious URLs or opening suspicious email attachments Attacks on IT Assets: This category aligns with various threats such as penetration testing (in the context of unauthorized and malicious penetration testing), unauthorized access, privileged escalation, stolen passwords, data deletion, and data breaches Figure threats from cyber crime illustration IV Recent security breaches A security breach refers to an incident where unauthorized individuals or entities gain access to sensitive or confidential information, computer systems, networks, or digital resources without proper authorization Such breaches may result in data theft, data exposure, system compromise, or other harmful consequences to the affected individuals or organizations The examples have been described below 1) On July 11th 2023, it was revealed that Chinese hackers infiltrated U.S government agencies using a vulnerability in Microsoft's cloud services The attack was discovered by an unnamed government agency in June, and both Microsoft and the Department of Homeland Security were notified about the incident The group responsible for the attack, known as "Storm-0558" by Microsoft, is believed to have ties to the Chinese government Their targets were State and Commerce department emails, particularly around the time of U.S Secretary of State Antony Blinken's visit to China in June Fortunately, U.S officials have stated that sensitive data was not compromised in this specific email breach 2) On July 2nd 2023, the hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts The group provided a sample of the data, but so far it has not been determined where exactly the data came from A Microsoft spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.” 3) On July 8th 2023, an anonymous hacker posted on an online forum that they had stolen source codes and other data from Razer, a consumer electronics company The hacker offered to sell this data for $100,000 worth of cryptocurrency On July 10, Razer acknowledged that they were investigating this incident V Consequences of these breaches Chinese hackers infiltrated U.S government agencies via Microsoft's cloud services, raising concerns about intelligence loss and diplomatic tensions Hacktivist group Anonymous Sudan claimed to have pilfered data from 30 million Microsoft accounts, leading to data privacy concerns and trust issues for Microsoft An anonymous hacker stole source codes and data from Razer, risking intellectual property, brand reputation, and potential financial loss for the company Consquences of breaches in general: • • • • • • Data Exposure and Loss: Breaches often lead to unauthorized access and exposure of sensitive or confidential data, resulting in potential data theft or loss Financial Loss: Organizations may incur significant financial losses due to the cost of investigating the breach, implementing security improvements, and potential legal fees and fines Reputation Damage: A breach can tarnish an organization's reputation, leading to a loss of trust from customers, partners, and stakeholders Disruption of Operations: Breaches can cause disruptions to normal business operations, leading to downtime, loss of productivity, and revenue impact Intellectual Property Theft: Cybercriminals may target intellectual property, trade secrets, or proprietary information, leading to potential competitive disadvantages Loss of Customer Trust: Customers may lose confidence in an organization's ability to protect their data, leading to decreased customer loyalty and potential customer churn VI Solutions to organizations Limit access to your most valuable data When you limit who is permitted to see particular documents, you limit the group of employees who could accidentally click on a harmful link As organizations move into the future, expect to see all records partitioned off so that only those who need access will have it This is one of those commonsense solutions that companies probably should have been doing all along Third-party vendors must comply Enterprises that are permitted to see your valuable data, demand transparency Make sure they are complying with privacy rules; don’t just assume Ask for background checks for third-party vendors who must enter your company on a regular basis CEOs need to get tougher on security if they really want to enhance change Conduct employee security awareness training According to recent surveys, employees are the weakest link in the data security chain Instead of training, employees open suspicious emails every day that have the potential to download viruses One mistake that employers make is thinking that one training class about cybersecurity is enough If you’re serious about safeguarding your important data, schedule regular classes each quarter or even monthly Update software regularly Experts recommend keeping all application software and operating systems updated often Install patches whenever available Your network is vulnerable when programs aren’t patched and updated regularly Microsoft now has a product called Baseline Security Analyzer that can regularly check to make sure all programs are patched and upgraded This is a fairly easy and cost-effective way to strengthen your network and stop attacks before they occur Figure Detecting arrors illustration Task Describing at least organisational security procedures (P2) I Data Classification Data classification is the process of categorizing data based on its sensitivity, value, and criticality to the organization By understanding the type and importance of data they possess, organizations can apply appropriate security measures and controls to protect it effectively Procedure: • • • Data Inventory: Organizations conduct an inventory of all data they store and process to understand the types and locations of sensitive information Data Categorization: Data is categorized into different levels (e.g., public, internal, confidential, highly confidential) based on predefined criteria Data Handling Guidelines: Policies are established to define how each data category should be handled, stored, transmitted, and accessed Benefits: • • • Focused Security Measures: Data classification allows organizations to allocate security resources based on the sensitivity and importance of the data, making security efforts more effective and efficient Compliance: Properly classified data helps organizations meet regulatory requirements related to data protection and privacy Risk Management: Identifying and prioritizing sensitive data enables organizations to focus on protecting their most critical assets from potential threats II Strict Access Controls Access controls are security measures that limit access to information systems, resources, and data to authorized users only Implementing strict access controls is crucial in preventing unauthorized access and protecting sensitive information Procedure: • • Role-Based Access Control (RBAC): Employees are assigned specific roles, and access permissions are associated with those roles Users receive access to resources based on their roles Multi-Factor Authentication (MFA): MFA requires users to provide multiple forms of identification (e.g., password and one-time code) to access sensitive systems or data Additionally, the intrusion prevention system also keeps a check on the network packets to detect malicious activity 4.2 Usage Intrusion detection systems offer organizations several benefits, starting with the ability to identify security incidents An IDS can be used to help analyze the quantity and types of attacks Organizations can use this information to change their security systems or implement more effective controls An intrusion detection system can also help companies identify bugs or problems with their network device configurations These metrics can then be used to assess future risks Intrusion detection systems can also help enterprises attain regulatory compliance An IDS gives companies greater visibility across their networks, making it easier to meet security regulations Additionally, businesses can use their IDS logs as part of the documentation to show they are meeting certain compliance requirements Intrusion detection systems can also improve security responses Since IDS sensors can detect network hosts and devices, they can also be used to inspect data within the network packets, as well as identify the OSes of services being used Using an IDS to collect this information can be much more efficient than manual censuses of connected systems 4.3 Diagrams examples An IDS only needs to detect potential threats It is placed out of band on the network infrastructure Consequently, it is not in the real-time communication path between the sender and receiver of information Network intrusion detection systems are used to detect suspicious activity to catch hackers before damage is done to the network There are network-based and host-based intrusion detection systems Host-based IDSes are installed on client computers; network-based IDSes are on the network itself An IDS can be implemented as a network security device or a software application To protect data and systems in cloud environments, cloud-based IDSes are also available