ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Date Received 1st

Submission date
submission

Date Received 2nd

Re-submission Date
submission

Student Name Phạm Sơn Tùng Student ID GCD201512

Class GCD0905 Assessor name Trần Trọng Minh

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I
understand that making a false declaration is a form of malpractice.

Student’s signature Tùng

Grading grid

P1 P2 P3 P4 M1 M2 D1
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
 Table of content
Table of Contents
I, Identify types of security threat to organisations. Give an example of a recently publicized security breach and
discuss its consequences (P1)........................................................................................................................................ 5
1, Define threats ........................................................................................................................................................ 5
2, Identify threats agents to organizations ................................................................................................................. 5
2.1, Nation States................................................................................................................................................... 5
2.2, Criminal Groups ............................................................................................................................................. 5
2.3, Hackers ........................................................................................................................................................... 5
2.4, Terrorist Groups ............................................................................................................................................. 5
2.5, Hacktivists ...................................................................................................................................................... 6
2.6, Malicious Insiders .......................................................................................................................................... 6
2.7, Corporate Spies .............................................................................................................................................. 6
3, List type of threats that organizations will face..................................................................................................... 6
3.1, Malware attack ............................................................................................................................................... 7
3.2 Ransomware .............................................................................................................................................. 7
3.3 Denial of Service attacks (DOS) ............................................................................................................... 7
3.4 DNS attack................................................................................................................................................. 7
3.5 Man in the Middle Attack.......................................................................................................................... 7
3.6 Phishing ..................................................................................................................................................... 7
3.7 SQL injection............................................................................................................................................. 8
3.8 Baiting attack ............................................................................................................................................. 8
3.9 Scareware .................................................................................................................................................. 8
3.10 Insider attack ................................................................................................................................................. 8
4, What are the recent security breaches? List and give examples with dates .......................................................... 8
5, Discuss the consequences of this breach ............................................................................................................... 9
6, Suggest solutions to organizations ........................................................................................................................ 9
Chapter II: Describe at least 3 organizational security procedures .......................................................................... 10
 1. What are security procedures ........................................................................................................................ 10
2. Three organizational security procedures. .................................................................................................... 10
2.1 Monitoring procedure ............................................................................................................................ 10
2.2 Patching procedure ................................................................................................................................. 12
2.3 Configuration management procedure ................................................................................................. 14
Chapter III: Identify the potential impact on IT security of incorrect configuration of firewall policies and IDS (P3)
..................................................................................................................................................................................... 16
1. Discuss briefly firewalls and policies, their usage, and advantages in a network ........................................ 16
1.1 What is a firewall? .................................................................................................................................. 16
1.2 Type of firewalls ...................................................................................................................................... 16
1.3 What does a firewall do? ........................................................................................................................ 17
1.4 How to Use Firewall Protection.............................................................................................................. 17
1.5 Advantages of a firewall ......................................................................................................................... 17
1.6 What is the policy? ................................................................................................................................. 18
1.7 Implement the policy .............................................................................................................................. 18
1.8 Advantages of the policy ........................................................................................................................ 19
2. How does a firewall provide security to a network? ..................................................................................... 19
3. Show with diagrams the example of how a firewall works .......................................................................... 20
4. Define IDS, and its usage, and show it with diagrams and examples ........................................................... 21
4.1 What is an intrusion detection system (IDS) ......................................................................................... 21
4.2 How does an Intrusion Detection System work?................................................................................... 22
4.3 Types of Instruction Detection System with diagrams .......................................................................... 23
5. The potential impact (Threat-Risk) of a firewall and IDS if they are incorrectly configured in a network . 24
5.1 What happens if a firewall is incorrectly configurated?........................................................................ 24
5.2 What happens if an IDS is incorrectly configurated? ............................................................................ 25
Chapter IV: Show, using an example for each, how implementing a DMZ, static IP, and NAT in a network can
improve Network Security (P4) ................................................................................................................................... 25
1. Define and discuss DMZ with the aid of the diagram DMZ ........................................................................... 25
1.1 What is a DMZ ............................................................................................................................................... 25
1.2 How does a DMZ work?................................................................................................................................. 26
 1.3 Functions of a DMZ network ......................................................................................................................... 26
1.4 Types of DMZ architectures........................................................................................................................... 27
2. Define and discuss with the aid of a diagram static IP .................................................................................. 28
2.1 What is static IP ...................................................................................................................................... 28
2.2 Benefits of static IP ................................................................................................................................. 29
2.3 How to set up static IP for the computer. .............................................................................................. 29
3. What is the network address translation (NAT)? .......................................................................................... 33
3.1 Overall about NAT .................................................................................................................................. 33
3.2 How does NAT work? ............................................................................................................................. 34
3.3 Network address translation types ........................................................................................................ 34
3.4 Advantages of NAT ................................................................................................................................. 36
References ................................................................................................................................................................... 37
I, Identify types of security threat to organisations. Give an example of
a recently publicized security breach and discuss its consequences
(P1)

1, Define threats
A security threat is a malicious act that aims to seek to unlawfully access data, disrupt digital operations,
or damage information. Various actors, such as corporate spies, hacktivists, terrorist organizations, hostile
nation-states, criminal organizations, lone hackers, and disgruntled workers, might pose security threats.

2, Identify threats agents to organizations

2.1, Nation States

A nation state can attack and attempt to harm another country's computer or information network using
techniques such as computer viruses or denial of service attacks, a country-state or organization
International organizations can engage in cyber warfare.

2.2, Criminal Groups

Criminal groups aim to infiltrate systems or networks for financial gain. These groups use phishing, spam,
spyware, and malware to conduct identity theft, online fraud, and system extortion.

2.3, Hackers
Hackers explore various cyber techniques to breach defenses and exploit vulnerabilities in a computer
system or network. They are motivated by personal gain, revenge, stalking, financial gain, and political
activism. For the joy of a challenge or for the sake of bragging rights within the hacker community,
hackers create new kinds of threats.

2.4, Terrorist Groups

Terrorists conduct cyber attacks to destroy, infiltrate, or exploit critical infrastructure to threaten national
security, compromise military equipment, disrupt the economy, and cause mass casualties.
2.5, Hacktivists
Hacktivists carry out cyberattacks in support of political causes rather than for financial gain. They go
after businesses, associations, or people who disagree with their political views and objectives.

2.6, Malicious Insiders

Concerns regarding insider threats to cyber security were voiced by 97% of the IT leaders questioned.
Employees, outside suppliers, contractors, or other business partners who legitimately have access to
enterprise assets but abuse that access to steal or destroy information for their own or others' financial
advantage are examples of insiders.

2.7, Corporate Spies

Corporate spies conduct industrial or business espionage to either make a profit or disrupt a competitor’s
business by attacking critical infrastructure, stealing trade secrets, and gaining access.

3, List type of threats that organizations will face

Figure 1

In this assignment, we will discuss different types of security threats to organizations will face, as
follows:
3.1, Malware attack
Malware attacks are frequent cyberattacks in which the victim's system is compromised by
malware, which is typically malicious software. Ransomware, malware, command and control, and other
specialized sorts of attacks are all included in malicious software, sometimes known as viruses.

Malware deployment has been linked to criminal organizations, governmental actors, and even
well-known corporations; in some situations, it has even been shown to have occurred. Some malware
attacks, like other cyberattacks, have a significant enough effect to make headline news.

3.2 Ransomware
In a ransomware attack, the victim's computer is usually encrypted and locked, preventing them
from accessing the system or the data that is stored on it. The victim is required to pay the hacker a
ransom, generally in a digital currency like Bitcoin, in order to recover access to the device or data.
Malicious email attachments, corrupted software programs, infected external storage devices, and hacked
websites may all transmit ransomware.

3.3 Denial of Service attacks (DOS)

Attacks are known as Denial of Service attempts to overload servers, networks, or systems with a
large volume of traffic, preventing them from responding to valid requests. The target system may
potentially be attacked via a number of infected devices. This is known as a Distributed Denial of Service
(DDoS) attack.

3.4 DNS attack

A cyberattack known as a DNS attack takes advantage of holes in the Domain Name System
(DNS). The attackers take use of DNS vulnerabilities to direct site visitors to harmful sites and steal data
from infected PCs.

3.5 Man in the Middle Attack

An attack known as a "Man in the Middle" (MitM) happens when online criminals place
themselves in the middle of a two-party conversation. Once the attacker has interpreted the conversation,
they may filter and steal sensitive information while returning different responses to the user.

3.6 Phishing
Malicious emails are sent by cybercriminals that appear to be from reliable sources. The victim is
then duped into clicking the email's malicious link, which results in the installation of malware or the
revealing of private data like login passwords and credit card information.
3.7 SQL injection
A Structured Query Language (SQL) injection attack occurs when cybercriminals attempt to
access the database by uploading malicious SQL scripts. Once successful, the malicious actor can view,
change, or delete data stored in the SQL database.

3.8 Baiting attack

Baiting is a type of social engineering attack in which a scammer uses a false promise to lure a
victim into a trap which may steal personal and financial information or inflict the system with malware.
The trap can be a link with a malicious attachment that can steal information or transfer malicious code to
the system. It’s generally said that baiting can be regarded as a modern version of ‘Trojan Horse’.

3.9 Scareware
Scareware overwhelms victims with fake threats and misleading alarms. Users are tricked into
believing their computer is infected with malware, which requires them to install software that gives the
criminal remote access or to pay the criminal in a form of bitcoin in order to pay fines for crimes that the
criminal claims to have.

3.10 Insider attack

An insider attack is a security risk that originates from within the targeted organization It usually
involves a current or former employee or business associate who gains unauthorized access to private data
or privileged accounts on an organization's network. Insider attacks can affect all computer security
elements and range from stealing sensitive data to injecting Trojan viruses in a system or network.

4, What are the recent security breaches? List and give examples with dates
A security breach is any incident that results in unauthorized access to computer data, applications,
networks, or devices. As a result, unapproved access to information occurs. Usually, it happens when a
hacker is able to get past security protocols.

There are some security breaches that were occurring at major organizations:

• Yahoo - After a phishing effort allowed hackers access to the network, 3 billion Yahoo user
accounts were hacked in 2013.

• Facebook - In 2018, Facebook had internal technical issues that resulted in the loss of 29
million users' sensitive data. Since the accounts that were compromised including the one
belonging to the company's CEO Mark Zuckerberg, this security breach was very embarrassing.
 • LinkedIn - In June 2021, the dark web forum with 700 million LinkedIn members' personal
information was exposed, affecting over 90% of the company's user base.

• Sina Weibo - An attacker accessed a part of the company's database in March 2020,
affecting 538 million Weibo users' personal information, including actual names, site usernames,
gender, location, and phone numbers.

• Adobe - Early in October 2013, Adobe said that hackers had obtained login information for
an unknown number of user accounts, as well as almost three million encrypted consumer credit
card records.

5, Discuss the consequences of this breach

The consequences of a cybersecurity breach could be:

• Financial loss: Inability to operate, failure to finish client work or commercial transactions,
decreased productivity, employee downtime, higher insurance premiums, and the expense of
attempting to retrieve lost information, equipment, or data can all result in loss of cash for the
company.

• Reputational harm: Clients expect high standards and a safe and secure working
environment from their application. A security breach will harm the company's reputation and can
drive away current and future customers.

• Breach of a legal obligation: The General Data Protection Regulation (GDPR) and Data
Protection Act 2018 require appropriate technical and organizational security. Fines, enforcement
notifications, or an investigation by the Information Commissioner's Office, the data protection
authority, may be issued for noncompliance. Regulation-related fines for non-compliance can
reach €20 million or 4% of the yearly worldwide revenue.

• Breach of contract: If a security breach causes a data loss, officials on panel appointments,
such as those with banks or public institutions, may be in violation of the contract and subject to
indemnity responsibilities to their clients.

6, Suggest solutions to organizations

• Encrypt data and create backups: Data encryption will only allow people with the
encryption key access to the data. Additionally, it makes sure that even if unauthorized individuals access
the data, they are unable to read it. Also, the important information should be backed up regularly. Data
loss can occur sometimes as a result of cybersecurity breaches. If this happens and you don't have a
trustworthy and secure backup, it might lead to operational interruptions and significant financial loss for
your company.
 • Conduct regular employee training: One of the common ways malicious hackers gain
access to the database is through phishing emails sent to employees of the organization. Therefore,
training for employees to raise awareness is very vital while phishing emails are often hard to
detect and prevent.

• Keep the system and software updated: Your cyber security and digital safety are
significantly impacted by software and system updates. This is because they don't only bring new
features; they also fix bugs and aid in patching exploitable security holes and vulnerabilities.

• Use strong passwords: Simple passwords are no longer effective defenses against password
cracking due to the advancement of technology. Instead, you should implement multi-factor
authentication techniques and employ complex passwords to prevent hacking in your company.

• Reduce the attack surface: Your attack surfaces are the holes or weaknesses that malicious
hackers can utilize to get access to confidential information. They may include IoT devices,
software, online application systems, or even staff members who are frequently the targets of
social engineering attacks like phishing.

• Install firewall: A trustworthy system will successfully defend you from brute force attacks
or prevent security incidents that can cause irreversible damage. Additionally, firewalls keep an
eye on network traffic to detect any unusual activity that can endanger the security of your data.
They also support data privacy and stop sophisticated viruses from accessing your computers.

Chapter II: Describe at least 3 organizational security

procedures
1. What are security procedures
Security procedures are detailed step-by-step instructions on how to implement, enable, or
enforce security controls as enumerated in your organization’s security policies. Security
procedures should cover the multitude of hardware and software components supporting
your business processes as well as any security-related business processes themselves.
The goal of security procedures is to provide consistency in the application of security
controls or in the execution of business processes that are related to security. They must be
followed each time control must be put into place or a security-related business operation is
carried out.
2. Three organizational security procedures.
Organizations commonly should have the following procedures in their policy frameworks:
2.1 Monitoring procedure
The monitoring procedure involves gathering and examining data to find suspicious
activities or illegal system modifications on your network, identifying the kinds of
activity that should result in alerts, and acting upon alerts as necessary.

Figure 2: Monitoring procedure example

In order to make sure that information resource and technology security controls are
implemented, functional, and not being bypassed, the Security Monitoring method was
created. Early detection of wrongdoing or product security vulnerabilities is one
advantage of security monitoring. By spotting the problem early, it may be possible to
prevent harm from occurring or at the very least lessen its effects.
Objects of monitoring procedure include firewalls, access control, key information
routes, important servers, important devices, or important terminals.
 Methods of monitoring: Monitoring is done through direct monitoring or indirect
monitoring.

• Direct monitoring is a monitoring activity conducted by placing devices with the

function of analyzing data flows, directly acquiring log information, and alerting
the monitored system to detect signs of Attacks, risks, network information
security incidents
• Indirect monitoring means monitoring the performance of techniques for
gathering information from relevant information sources; checking and
reviewing objects to be monitored to detect operational status, and
responsiveness, and combining with a number of other relevant factors for
analysis to detect attacks, risks, and incidents.
2.2 Patching procedure
Patching procedures describe the process of applying patches to applications and
systems. Patch management is the process that helps acquire, test, and install multiple
patches (code changes) on existing applications and software tools on a computer,
enabling systems to stay updated on existing patches and determine which patches are
the appropriate ones.
 Figure 3: Patching management life cycle
The patching procedure is generally used to fix a defect or vulnerability found after the
release of a piece of software or an application. Newly released patches can improve
apps with new features and solve security vulnerabilities in addition to fixing bugs and
security holes.

Some of the best practices of patch management that will allow organizations to
enhance cybersecurity are:
• Understanding the importance of patch management –Knowing why patch
management is an important aspect of cybersecurity solutions is essential. Rapid
reaction to the most recent patch releases would prevent and protect vulnerable
systems from zero-day attacks.
• The outcome of delayed patch application - Major security breaches are driven
by patch application delays. The danger of not applying patch fixes to outdated
software was exposed by the Wannacry attack. The victims of Wannacry were
individuals who put off installing the Windows patch that fixed the SMB v1
protocol vulnerability, which led to data loss and economic losses.
 • Deploying managed service providers' services - In order to meet the needs of
the business, managed service providers offer patch management software. While
the companies may concentrate on the management and revenue-generating
areas, MSPs take complete charge of the patch management process.
• Deploying patch testing - Some patches cause system crashes because they are
incompatible with specific operating systems or programs. Before applying fixes
to endpoint systems, IT administrators should execute a patch test.
The patch management life cycle:
• Update vulnerability details from software vendors.
• Scan the network of the company for vulnerabilities.
• Examine the Vulnerability and identify the missing patches.
• Deploy patches and validate patch installation.
• Generate Status Report on the latest patch update.

2.3 Configuration management procedure

The Configuration Management procedure makes sure that specific parts of an entire IT
service or system are identified, tracked, and maintained, and that any modifications to
them are controlled. By keeping track of the relationships between service assets and
Configuration Items, it offers a Configuration model of the services, assets, and
infrastructure.

Figure 4: Configuration management and planning

The basic activities within the scope of Configuration Management are:

• Configuration Management Planning: You may use it to plan the function,

scope, and goals of the Service Manager for your company.
• Configuration Identification: the processes that allow you to identify and label
every IT component currently in use at your company. The data you keep track
of includes model or version information, asset network relationships, and
asset identification.
• Configuration control: the step you may take to make sure that the data about
your IT components are accurate and up to date. Only via controlled
documentation, such as an approved Request for Change, may components be
added, changed, or deleted.
• Master data management: You can reconcile master reference data that is
controlled by different administrations in this phase.
• Configuration Status Accounting and Reporting: includes the activities that
enable you to run reports of the current and historical data that is concerned
with each IT component throughout its life cycle.
• Configuration Verification and Audit: in this phase, you need to check and
verify the physical existence of IT components and ensure that they are
correctly recorded in the database.

Benefits of using configuration management:

• Disaster recovery: Using configuration management, we can always be

guaranteed that our assets can be recovered quickly. When we release poor
code, configuration management enables us to roll back to the state of our
product before to the modification.
• Avoid downtime: Bad deployments, which can be brought on by running
production servers differently from test servers, are a common reason for
downtime. By applying the configuration, the test environments can match
production when the setup is correctly controlled, lowering the chances of an
unpleasant experience.
• Easier scaling: Adding extra resources to an application that is already
operating is known as provisioning. Configuration management makes sure we
are aware of the optimal condition of our service. In this method, increasing the
number of servers we run just requires that a script be performed.
Chapter III: Identify the potential impact on IT security
of incorrect configuration of firewall policies and IDS
(P3)
1. Discuss briefly firewalls and policies, their usage, and advantages in a
network
1.1 What is a firewall?
A firewall is a network security device installed at the business network's edge. The
firewall's primary function is to filter all packets coming into, going out of, and moving
across the network to stop illegal access between two or more devices. A firewall scans
all the packets and accordingly accepts, rejects, or drops the packet, depending upon the
rules configured on it. Rules are defined based on the security policy of the organization.

Figure 5: a model of a firewall in a network

1.2 Type of firewalls

• Packet Filtering Firewall: Since they do not save the status of the stream of packets
going into and out of the network, packet filtering firewalls are also known as stateless
firewalls. A packet filtering firewall regulates network access by keeping track of
incoming and outgoing packets and filtering them according to IP addresses, ports, and
protocols.
 • Stateful Inspection Firewall: Stateful firewalls are more effective than Stateless
firewalls (Packet Filtering firewalls) because they can determine the connection status
of the packet. Before applying any firewall rules to the traffic, a stateful firewall
combines relevant packets until the connection state is known. As a result, filtering
choices in stateful firewalls take into consideration both set rules and the packet
history the firewall has gathered.
• Application Layer Firewall: Application layer firewalls are capable of inspecting and
filtering the packets on any OSI layer, up to the application layer. Application layer
firewalls can detect when certain programs and protocols (FTP, HTTP) are being
abused and can restrict specific types of traffic.
• Next-generation firewalls combine conventional firewall technology with new
capabilities including intrusion prevention systems, anti-virus software, encrypted
traffic inspection, and more. Among its features is deep packet inspection (DPI). Deep
packet inspection looks at the contents included within the packet, enabling users to
more quickly recognize, classify, and block packets containing harmful material.
1.3 What does a firewall do?
Firewalls focus on blocking malware and application-layer attacks, along with an
integrated intrusion prevention system. These days, firewalls are capable of detecting
and responding to external assaults across the whole network rapidly and efficiently.
They can implement policies to better protect your network and do speedy analyses to
find threatening or doubtful activities, like malware, and stop it.
1.4 How to Use Firewall Protection
Make that the firewall is configured and maintained effectively to keep the network and
devices secure. The following advice can help us increase firewall security:
• Update the firewalls frequently as soon as you can: Your firewall is updated
against any recently discovered vulnerabilities thanks to firmware patches.
• Use antivirus protection: To protect your system from viruses and other
infections, you need also use antivirus software in addition to firewalls.
• Limit accessible ports and host: Limit inbound and outbound connections to a
strict whitelist of trusted IP addresses.
• Have an active network: Have active network backups to prevent downtime. You
can prevent data loss and lost productivity in the event of a disaster by using data
backups for network hosts and other crucial systems.
1.5 Advantages of a firewall
• it stops someone from remotely accessing and controlling your computer without
authorization for malicious intentions.
• Data security is ensured based on IP address and protocol.
 • It prevents ransomware, malware, and phishing attacks.
• It ensures continuity of operations and availability of information.
• It stops hackers who are continuously on the lookout for network flaws. Without
the firewall, hackers can go after your computers and do things like propagate the
malware through a botnet, install keyloggers, and so on.

1.6 What is the policy?

Network policies are sets of conditions, constraints, and settings that allow you to
designate who is authorized to connect to the network and the circumstances under
which they can or cannot connect.
Network policies can be viewed as rules. Each rule contains a set of requirements and
parameters. The attributes of connection requests are compared by Network Policy
Server to the conditions of the rule. If a match occurs between the rule and the
connection request, the settings defined in the rule are applied to the connection.

Figure 6: Network security policy

1.7 Implement the policy

 There are some steps that make policies effectively:
• Identify: Analyze the network's connections to see who and what are connected
to it. It's likely that departments installed IoT devices without the administrator's
knowledge and that individuals brought their own devices. It's challenging to
create rules that limit the uses and locations of devices on the network without a
list of those devices and their security postures.
• Visualize: Improve your knowledge of how users and gadgets interact.
• Define: After you have a clear understanding of how your network is used, you
may start implementing policies to accept, restrict, or modify flows.
• Model: Before deploying your rules, do a test to evaluate how they will affect
users, traffic, and performance once you have defined and visualized them.
• Activate: Depending on their capabilities, network devices can enforce rules
using this option.
• Assure: You need to analyze the network to see if it is enforcing the policies and,
if so, whether any change is necessary.
1.8 Advantages of the policy
An automated network that operates based on policies can adapt more rapidly to
changing demands. Many common tasks, such as adding devices and users and inserting
new applications and services, can now be easily accomplished. A network can gain from
clearly defined policies in the following ways:
• Align the network with business needs.
• Provide consistent services across the entire infrastructure.
• Bring agility through greater automation.
• Make performance dependable and verifiable.
2. How does a firewall provide security to a network?
Firewalls perform two basic security functions for a network. These are known as packet
filtering and act as an application proxy.
• In packet filtering, sometimes called static filtering, the firewall operates at the packet
level. This means that every data packet entering or leaving the computer network is
examined by the firewall. It employs user-defined rules to decide whether to accept or
reject these packets while it is examining them. As a result of system monitoring and
the rules of the network, packet filtering functions as a kind of gatekeeper that
controls what can get through.
• The other function of a firewall is to act as an application proxy. This firewall, which is
sometimes referred to as an application-level gateway, operates at the application
level as opposed to the packet level. Packet filtering, for example, can't recognize
malware trying to break into your system because it doesn't have any basis for
 understanding the entire application. However, using a firewall that acts as an
application proxy, the system is able to recognize and block malware attempts
because it can examine the entire application being used.
Features of a firewall in the network:
Feature What it does
Application monitoring It monitors applications receiving data from outside sources and
allows or blocks access as appropriate.
User monitoring it monitors users on the network, whether data is incoming or
outgoing, to ensure safe practices.
Traffic blocking It prevents unauthorized access to network applications from
outside traffic.
Alert notification It informs network security staff of any illegal connections or
breach activity.
Address detailing When an attempt is made to access a server, it provides network
operators with information about the destination address.
Hacker blocking It stops hackers in their tracks by blocking their access to your
network.
Information control It involves controlling the types of data that network users are
permitted to send and receive.
Management tools Security administrators may use them to automate tasks, define
firewall rules, and analyze network capabilities.
Instruction detection Network traffic is monitored by an intrusion detection system to
look for potential security holes.
Virus protection Some firewalls contain built-in anti-virus software that inspects
and scans all traffic for malicious files or applications instead of
additional anti-virus software.

3. Show with diagrams the example of how a firewall works

According to the packet filtering firewall, a firewall will be configured with a set of rules.
Normally, it filters data by allowing or disallowing the data packet based on these rules.
Specifically, each packet, which contains user data and control information, is examined by
the firewall and put through a set of pre-rules. The firewall permits the packet to go to its
destination if it successfully passes the test. If the packets fail the test is rejected. Firewalls
test packets by examining sets of rules, protocols, ports, and destination addresses.
 Figure 7: The diagram about the way a firewall work

4. Define IDS, and its usage, and show it with diagrams and examples
4.1 What is an intrusion detection system (IDS)
An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues an alert when such activity is discovered. It is software that
analyzes a network for malicious activities or data breaches. Any illegal activity or
violation is often recorded either centrally using a security information and event
management (SIEM) system or notified to an administrator. A SIEM system combines
outputs from several sources and uses alarm filtering methods to distinguish between
valid and false alarms.
 Figure 8: Intrusion Detection System

4.2 How does an Intrusion Detection System work?

An IDS is made to analyze network traffic after data collection and compare traffic
patterns to well-known attacks. An intrusion detection system may use this technique,
also known as pattern correlation, to identify whether unexpected behavior reflects a
cyberattack. An intrusion detection system will alert certain technicians or IT
administrators when it detects suspicious or harmful behavior. IDS alerts provide you
the ability to quickly start troubleshooting, identify the causes of problems, or find and
destroy dangerous agents.
4.3 Types of Instruction Detection System with diagrams
The Network Instruction Detection System (NIDS): Network intrusion detection
systems are installed at a designated location inside the network to monitor all network
traffic coming from all connected devices. It carries out an observation of all subnet
traffic passing through and compares that traffic to a database of known attacks. The
warning can be delivered to the administrator as soon as an attack is detected or unusual
activity is noticed.

Figure 9: NIDS diagram

Host Intrusion Detection System (HIDS): Host intrusion detection systems run on
independent hosts or devices on the network. Only the incoming and outgoing packets
from the device are monitored by a HIDS, which notifies the administrator of any unusual
or malicious behavior. It compares the current snapshot of the system files with the
previous snapshot. An alert is given to the administrator to look into if the analytical
system files were modified or deleted. Mission-critical equipment, which is not
anticipated to modify its layout, is an example of HIDS usage.
 Figure 10: HIDS diagram

5. The potential impact (Threat-Risk) of a firewall and IDS if they are

incorrectly configured in a network
5.1 What happens if a firewall is incorrectly configurated?
There are a lot of serious threats that are caused by incorrect configuration for the
firewall in the network:
• Breach avenues: A misconfigured firewall that allows unauthorized access can
open the door to breaches, data loss, and malware. Because of these breach
avenues, hackers can use them to access the network and destroy it.
• Unplanned outages: A misconfiguration might make it impossible for a client to
engage with a company, and that downtime results in lost revenues. Even a
misconfigured firewall can cause an entire network failure as hackers can take
advantage of these vulnerabilities for an attack.
 • Unencrypted HTTP connections: On the same network, such as an open wireless
network, unencrypted HTTP connections can be abused by an outsider, allowing
anybody on the Internet to access the firewall.
5.2 What happens if an IDS is incorrectly configurated?
• Fragmentation: Sending fragmented packets allows the attacker to remain undetected
by the detection system. This means the intrusion detection system becomes useless
in the network.
• Pattern change evasion: IDS relies on pattern matching to detect attacks. By making
small adjustments to the attack architecture, IDS can't discover an attack.
• Address spoofing/proxying: by an attack through proxy servers that are incorrectly
configured, attackers can hide the attack's source. It might be quite difficult to tell if
the source is faked and bounced by a server.

Chapter IV: Show, using an example for each, how

implementing a DMZ, static IP, and NAT in a network
can improve Network Security (P4)
1. Define and discuss DMZ with the aid of the diagram DMZ
1.1 What is a DMZ
A DMZ network known as the demilitarized zone is a logical or physical subnet that protects
a local area network (LAN) from other untrusted networks, usually the public internet. Any
service provided to users of the public web should be installed in the DMZ network. A DMZ is
used to provide an area for services that are less trusted or more exposed to attack, so the
DMZ network typically contains servers such as the web, Domain Name System (DNS),
email, and resources that are accessible from the outside.
 Figure 11: DMZ network diagram

1.2 How does a DMZ work?

The DMZ network serves as a buffer between the public internet and an organization's
internal network. It is isolated by a security gateway like a firewall that filters traffic
between the DMZ and LAN. Another gateway that protects the default DMZ server filters
incoming data from external networks.

Before arriving at the servers placed in the DMZ, incoming network packets are ensured by
a firewall or other security technologies thanks to the DMZ firewall setup. Therefore, even
if an attacker passed the first firewall, they would still need access to the protected services
in the DMZ in order to seriously harm a business.

1.3 Functions of a DMZ network

It's obvious that DMZ is used to protect sensitive organizational systems and resources.
Specifically, it is used to isolate and maintain distance between potential target systems and
internal networks. By providing a buffer between a private network and the internet, it can
prevent attackers from performing reconnaissance work that is carried out to search for
potential targets. Additionally, it limits and manages external users' access to such systems.

Further, DMZs are proving useful in countering the security risks resulting from new
technology such as operational technology (OT) systems, which make production and
manufacturing smarter but create a vast threat surface. The reason for this is that OT
equipment has not been intended to cope with or recover from cyberattacks, which poses a
serious danger to organizations' important data and resources. A DMZ offers network
segmentation to reduce the possibility of an attack that might damage business
infrastructure.

1.4 Types of DMZ architectures

Single firewall: A DMZ with a single firewall requires three network interfaces at least.
The first is the external network, which links the firewall and the public internet connection.
The second is the internal network, and the third is connected to the DMZ. Between the
public internet and the internal network (including the DMZ), there is a firewall that is
configured with some rules to monitor and control traffic, so it can allow to access the DMZ
and limit connectivity to the internal network.

Figure 12: The single firewall diagram

Dual firewall: A DMZ with a dual firewall uses 2 firewalls, so it’s more secure than that
with a single firewall. The first firewall is placed between the DMZ and the external network.
It can keep an eye on and filter any traffic that passes between the DMZ and the external
network. The second firewall can be placed between the internal network and the DMZ to
monitor over and filter traffic between the two networks.
 Figure 13: The Dual Firewall diagram

1.5 How DMZ can improve network security?

Because of the invention of firewalls, DMZ networks have played an essential role in
protecting international company networks. By separating internal networks from systems
that may be attacked, they safeguard the sensitive information, systems, and resources of
businesses. Specifically, it can improve network security by these ways:

• Access control: Organizations can give consumers access to services outside the
bounds of their network through the public internet. The DMZ enables access to
these services while implementing network segmentation to make it more difficult
for an unauthorized user to reach the private network. A proxy server, which
centralizes internal traffic flow and makes it easier to monitor and record that traffic,
may also be present in a DMZ.
• Preventing network reconnaissance: By providing a buffer between the internet and
a private network, a DMZ can prevent attackers from performing the reconnaissance
work they carry out in the search for potential targets. Although servers in the DMZ
are accessible to the public, a firewall that stops an attacker from seeing inside the
internal network provides another layer of security. Even if a DMZ system gets
compromised, the internal firewall separates the private network from the DMZ to
keep it secure and make external reconnaissance difficult.
2. Define and discuss with the aid of a diagram static IP
2.1 What is static IP
 A static IP address is an IP address that never changes. In other words, once a device
receives a unique static IP address, that number stays with it until the network
architecture changes. Internet service providers (ISPs) typically provide static IP
addresses to servers and other crucial devices that must maintain the same addresses for
a long period of time.
2.2 Benefits of static IP
• Server hosting: Having a static IP address makes it simpler for clients to find you
via DNS whether you are operating a web server, email server, or any other form of
server. In real terms, this means that customers who have a static IP address will be
able to access your websites and services more quickly.
• Convenient remote access: Using a Virtual Private Network (VPN) or other remote
access software is made simpler with a static IP address.
• Faster: Devices assigned a static IP address often operate more quickly because
static IP addresses have fewer conflicts. This is especially beneficial if you are
constantly uploading and downloading files.
• More secure: Using a static IP can help you quickly identify which devices are
affecting your network so you can cut them off or isolate them from your network.
In contrast, devices with dynamic IPs will make it difficult to find vulnerabilities in
the network because the IP that DHCP provides to devices changes constantly.
2.3 How to set up static IP for the computer.
• Firstly, open Control Panel and click on “Network and Internet”
 Figure 14: Set up static IP (1)

• Next, Click on “Network and Sharing Center”

Figure 15: Set up static IP (2)

• Next, choose “Change adapter setting”

 Figure 16: set up static IP (3)

• Click on “properties”
 Figure 17: Set up static IP (4)

• Choose “Internet Protocol Version 4 (TCP/IPv4)” and configure it as the blow

image
 Figure 18: Set up static IP (5)

3. What is the network address translation (NAT)?

3.1 Overall about NAT
Nowadays, we are using Internet Protocol Version 4, that only provide more than 4 billion
IP while the devices that need an IP to be able to access the internet are more than the
number of current IPs many times. Therefore, in order to overcome this problem, the
private IP is born. In fact, all devices in a LAN will be provided a private IP that can't help
devices access the internet like a public address. As a result, the network address
translation (NAT) is created to resolve this problem.
 Figure 19: Network Address Translation

The purpose of NAT is to enable multiple devices to access the Internet through a single
public address. To do this, a private IP address must be converted to a public IP address. A
technique known as Network Address Translation (NAT) transfers one or more local IP
addresses into one or more public IP addresses and vice versa in order to provide local
hosts access to the Internet.
3.2 How does NAT work?
In a basic, NAT is configured at the border router that has one interface in the local
network and another in the outside network. When a packet is transferred outside the
local network, NAT will immediately translate that private IP into a public IP. NAT also
converts the public IP into a private IP when a packet is sent to the local network.
3.3 Network address translation types
• Static NAT: Static NAT is used to manually convert one IP address to another,
usually from a private address to a public address, meaning one-to-one mapping
between private and public addresses. Static NAT is useful in cases where devices
need to have a fixed address to be accessible from outside the Internet. This type is
commonly used for servers such as Web, and Mail.
 Figure 20: Static NAT

• Dynamic NAT: Dynamic NAT is used to automatically map one IP address to

another, typically mapping from a local address to a registered address. Any IP
address within a pool of public IP addresses can be assigned a device within the
network.

Figure 21: Dynamic NAT

• NAT Overload: This type allows for the conversion of several private IP addresses
to a single registered IP address. To identify the traffic, or which traffic comes from
 which IP address, port numbers are employed. This is the most popular method
since it saves money because hundreds of people may access the Internet with a
single public IP address.

Figure 22: NAT overload

3.4 Advantages of NAT

• It helps to conserve the public IP address space while the number of network
devices these days was more than many times the number of the public IP address.
• By dividing the internal network from the external network, NAT provides strong
security characteristics that improve the security of private networks.
• By using NAT in the network, organizations can reduce the cost since they don’t
need to buy many public IP addresses for all the computers they have.
• NAT includes a variety of services, including backup and load balancing services.
The network's overall flexibility and reliability will be improved with the assistance
of these services.
References
Anon., 2020. Cyber Security Threats and Attacks: All You Need to Know. [Online]
Available at: https://www.stealthlabs.com/blog/cyber-security-threats-all-you-need-to-know/
[Accessed 8 8 2022].

Anon., 2021. [Online]

Available at: https://logicalread.com/intrusion-detection-system/#.YvWllvhBw7d
[Accessed 12 8 2022].

Anon., 2021. Network Policies. [Online]

Available at: https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-
overview
[Accessed 2022 8 9].

Anon., 2022. What is DMZ Network?. [Online]

Available at: https://intellipaat.com/blog/what-is-dmz-network/
[Accessed 9 8 2022].

Anon., n.d. Configuration Management process overview. [Online]

Available at:
https://docs.microfocus.com/SM/9.61/Hybrid/Content/BestPracticesGuide_PD/ConfigurationManagement
BestPractice/Configuration_Management_process_overview.htm
[Accessed 9 8 2022].

Anon., n.d. The consequences of a cybersecurity breach. [Online]

Available at: https://www.lawscot.org.uk/members/business-support/technology/cybersecurity-guide/the-
consequences-of-a-cybersecurity-breach/
[Accessed 8 8 2022].

Anon., n.d. What is a security breach?. [Online]

Available at: https://www.kaspersky.com/resource-center/threats/what-is-a-security-breach
[Accessed 8 8 2022].

Anon., n.d. What is Security Monitoring?. [Online]

Available at: https://www.hpe.com/us/en/what-is/security-
monitoring.html#:~:text=Security%20monitoring%20is%20the%20automated,these%20threats%20with%
20appropriate%20action
[Accessed 9 8 2022].

Hendricks, B., n.d. Firewalls in Network Security: Features & Functions. [Online]
Available at: https://study.com/academy/lesson/firewalls-in-network-security-features-functions.html
[Accessed 9 8 2022].
Malviya, N., 2021. What is a firewall: An overview. [Online]
Available at: https://resources.infosecinstitute.com/topic/firewall-overview/
[Accessed 9 8 2022].

Rosencrance, L., n.d. Top 10 types of information security threats for IT teams. [Online]
Available at: https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-
threats-for-IT-teams
[Accessed 9 8 2022].