information technology assignment 1 unit security

Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security P4.. - Static IP addresses can be used in network monitoring because

BTEC FPT INTERNATIONAL COLLEGE

INFORMATION TECHNOLOGY ASSIGNMENT 1

ASSIGNMENT 1 FRONT SHEET

Grading grid

Unit number and title Unit2: Security

(2nd submission)

❒❒❒❒❒ Summative Feedbacks: ❒❒Resubmission Feedbacks:

Internal Verifier’s Comments:

Signature & Date:

Performed Student: LE VAN HANH

First of all, allow me to thank my family for giving me so much encouragement, love and timely help They were clearly the most important motivators for me to complete this report

Secondly, I also appreciate Mr Xuan Ly NGUYEN THI because his lectures and instructions are a rich source of knowledge for me to refer to

Third, a big thank you to all my BTEC friends for the memorable times we had Last but not least, I express my deep gratitude to all the authors who have generously provided excellent wisdom to be used as a reference throughout this document

Performed Student: LE VAN HANH

I certify that this assignment is my own work, based on my own research and my own acknowledges all materials and sources used in the preparation, whether it is books, articles, lecture notes and any other type of material, electronic or personal communication I also certify that this assignment has not previously been submitted for review in any other unit, unless specifically authorized by all relevant unit coordinators, or at any other time in this unit and I have not copied in whole or in part plagiarism or otherwise plagiarism of the work of others

Performed Student: LE VAN HANH

TABLE OF CONTENT

BTEC FPT INTERNATIONAL COLLEGE 2

ASSIGNMENT 1 FRONT SHEET 3

ACKNOWLEDGMENTS 5

ASSURANCE 6

Chapter: I ASSESS RISK TO IT SECURITY 14

I Identify types of security threat to organisations (P1) 14

1 Define threats 14

2 Identify threats agents to organizations 14

3 List type of threats that organizations will face 15

4 Give an example of a recently publicized security breach and discuss its consequences 16

5 What are the recent 2018/2019/2020 security breach? List and give examples with dates 16

6 Discuss the consequences of this breach? 17

7 Suggest solutions to organizations 18

II Describe at least 3 organizational security procedures (P2) 19

Chapter: II Describe IT security solutions 23

I Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS (P2) 23

1 Discuss briefly firewall and policies, its usage and advantages in a network 23

2 How does a firewalls provide a security to a network? 25

3 Define IDS, its usage, show with diagrams examples 26

4 Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the network 29

II Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security (P4) 30

1 Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage 30

2 Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage 32

3 Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage 34

III Propose a method to assess and treat IT security risks (M1) 35

1 Discuss methods required to assess it security threat? E.g Monitoring tools 35

2 What are the current weakness or threat of the organization? 38

3 What tools will you propose to treat the IT security risk? 39

Performed Student: LE VAN HANH

IV Discuss three benefits to implement network monitoring systems with

supporting reasons (M2) 39

1 List some of the networking monitoring devices and discuss each 39

2 Why do you need to monitor network? 40

3 What are the benefits of monitoring a network? 40

CONCLUSION 42

REFERENCES 43

9

LIST OF FIGURES Figure 1 Infrastructure of Happy company 11

Figure 2: Photo threat security 14

Figure 3: Photo proceduce of security 19

Figure 4 Definition of firewall 23

Figure 5 Photo diagram of firewalls 26

Figure 6 Photo IDS 28

Figure 7 Photo IDS 28

Figure 8 Photo of DMZ 30

Figure 9 Photo statics IP for server 32

Figure 10 Definition of NAT in security 34

Figure 11 Tool Nessus vulnerability scanner 36

Figure 12 Tool Qualys vulnerability management 37

Figure 13 Tool metaspiloit framework 38

10

LIST OF THE ACRONYM

Entity relationship Diagram DMZ Demilitarized Zone IP

NAT

Internet Protocol Network address translation

11

INTRODUCTION

In the current 4.0 technology era, information technology develops as fast as the wind, exploiting and ensuring information security is increasingly prioritized and concerned, posing a great concern for data security is quite important of joint enterprises So how and how to ensure good security is not known to everyone, but today McAfee is a company specializing in providing information security solutions for businesses and organizations In Vietnam Our project today has the participation of a company specializing in providing food from rural to urban areas, which is Happy Company

Before going into the analysis, I would like to discuss a few things about Happy Company The company is a four-story building located in the countryside far from the city with the following distribution system:

The 1st, 2nd and 3rd floors are for employees, engineers, marketing, accounting,

Figure 1 Infrastructure of Happy company

12

materials, human resources and the 4th floor is for directors and staff, divided into 30 departments There are 28 departments for employees including departments such as engineering, accounting and sales, each with 10-12 computer desks, 1 printer and 1 surveillance camera Each floor has 10 identical rooms A VLAN system is created for each branch The remaining rooms are allocated for private purposes such as storage rooms, document rooms, meeting rooms, event rooms and reception halls The wireless system provides wireless connection for 300 devices at the same time, the access point is installed on the floor between the 1st and 2nd floors in the center of the reception hall The 3rd floor is installed with a separate VLAN Finally, the fourth floor belongs to the company's executive board, which includes the chief executive officer, CEO, CFO, CTO, and their secretary Because this floor is full of people with important company information, when accessing wifi, it is necessary to have high security and reduce IP for it to increase security

At the floor, there are 3 building guards on duty from 6:30 to 23:00, the building is covered with a surveillance camera system in key areas, many people pass by The control system is located in the security room

The same requirements are required by Happy Company to use services such as FTP, DNS and Web Some additional services are added like VPN, remote access, VoIP

As an employee of the IT Security Specialist of Vietnam's leading security consulting group McAfee Information Security Le Van Hanh, authorized and authorized by Mr Kha Tran, I would like to introduce briefly below summarizes the tools and techniques involved in identifying and assessing IT security risks, along with the organization's policies for data protection equipment and business-critical data, and simulate and provide basic recommendations for the security of your Happy Company

33

When usage it?

- Static IP addresses are often used in situations where you need consistent and reliable access to a device or service, such as a website hosting service or email server They are also useful in situations where network administrators want to maintain control over which devices are allowed to access the network The following static IP addresses can be configured for use in the following scenarios: - First, static IP addresses are often used for hosting services, such as web servers, email servers, or FTP

servers, because the service needs to be accessed consistently on the same IP address

- Static IP addresses can be used in network monitoring because they make it easy to identify specific devices and track their activity over time Then it can be more secure to have fewer dynamic IP addresses as they are less susceptible to attacks like IP spoofing

- Static IP addresses can be useful for remote network access because they allow access to devices from anywhere with an internet connection

- Limited availability: Static IP addresses can be more difficult and expensive to obtain than dynamic IP addresses, as they are typically reserved for business and enterprise use

- Configuration and maintenance: Setting up and maintaining a static IP address can be more complicated and time consuming than a dynamic IP address, as each device needs to be manually configured with its own IP address

Disadvantages and Advantages of statics IP o Advantages of statics IP

- Let's talk about reliability first: it is many times more reliable with DHCP configurable ip because it cannot be changed, making it easier to access devices or services that require a consistent IP address - About security: set up advanced security measures such as firewalls, access control lists and intrusion

detection systems to restrict access to the network

- Easier remote access: remote devices or services are easier because you can access them with the same IP address all the time

- Improve network performance: Static IP addresses can improve network performance as they eliminate the overhead associated with dynamic IP address assignment

o Disadvantages of statics IP

- With many advantages in terms of security, it also has the following disadvantages:

- The first is time consuming: because when we configure with a small number of machines and servers, it will feel normal, but if the number is large, it is very time consuming and it leads to complications when re-linking and transferring data whether together

34

- Difficult to configure as the first drawback because of the large number it cannot remember or do anything

- Next comes the static IP address which is not flexible and cannot be changed easily

- Higher cost: Since a large number of static IP addresses are needed, it can be more expensive than using dynamic IP addresses, which are often included in basic network packages

3 Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage

When usage it?

- In a NAT environment, a router or firewall device sits between a private network and the public internet When a device on a private network sends a request to the internet, the router/firewall replaces the private IP address with its own public IP address Hence NAT is used to preserve public IP

Figure 10 Definition of NAT in security.

35

addresses, as it allows multiple devices to share one IP address It is also used to add an extra layer of security to the network, as it can prevent unauthorized access to devices on a private network by masking their IP addresses

Advantages and Disadvantages of it o Advantages of NAT

- NAT is that it allows multiple devices on a private network to share or hide multiple addresses into one public IP address This saves the limited supply of public IP addresses needed for devices to connect to the internet

- It also provides the benefit of increased security for devices, and NAT addresses can add an extra layer of security to the network by hiding the IP addresses of devices on a private network

- NAT can simplify network management by allowing multiple devices on a private network to share a single public IP address resulting in reduced complexity of routing and addressing, which can help manage network and make troubleshooting easier

- NAT allows devices on a private network to connect to the internet, which is essential for accessing online resources and services

o Disadvantages of NAT

- May cause network performance problems reducing network throughput

- NAT can limit the ability of devices on a private network to receive inbound connections from the internet

- NAT requires additional configuration on the router or firewall device, which can further complicate network setup and increase the risk of misconfiguration

III Propose a method to assess and treat IT security risks (M1)

1 Discuss methods required to assess it security threat? E.g Monitoring tools

Here are some methods that can be used to assess security threats:

- The first method we can use is vulnerability scanning, which uses automated tools to scan the network and identify vulnerabilities in software, hardware or configuration that an attacker can exploit Some software scan for vulnerabilities such as: Nessus, Qualys Vulnerability Management and OpenVAS These tools are used to scan entire networks or specific systems and can be scheduled to run regularly to keep the network up to date

- The second method of penetration testing: When we do penetration testing it can simulate an attack

36

on the network to identify vulnerabilities and test the effectiveness of security controls

- The next method is to review log files and system events to identify suspicious or unusual activity that could indicate a security threat

- Next comes network traffic analysis: When analyzing network traffic to identify anomalies or patterns that could indicate a security threat, such as a denial of service attack or an access attempt illegal - Next comes malware analysis to determine the behavior, capabilities, and potential impact of malware

on the network

- Threat intelligence monitoring: When we monitor external threat information sources such as security blogs, news feeds and government alerts

To perform security measures, we can use a number of monitoring tools as follows:

- Nessus vulnerability scanner

o Nessus comes in two versions: Nessus Professional and Nessus Essentials Nessus Professional is a commercial product that offers more features and support, while Nessus Essentials is a free, limited version of the tool

o The Nessus Vulnerability Tool can be integrated with other security tools, such as SIEM systems and ticketing systems, to automate the vulnerability management process

o Nessus vulnerability scanning tool provides many options for scanning or scanning such as: server discovery scan, vulnerability scan and authentication scan Scans are more thoroughly authenticated because they allow Nessus to scan the system from within, using administrative credentials Nessus can be used to scan cloud-based assets such as Amazon Web Services (AWS) and Microsoft Azure o Tool Nessus has a user-friendly web interface that allows users to configure and run scans The

interface also provides a dashboard that shows an overview of the organization's security health and

Figure 11 Tool Nessus vulnerability scanner.