Task 1 - Security
Task 1 - Security
Task 1 - Security
• COMPUTER VIRUSES:- A virus is a harmful software program that can transmit from one computer
to another or from one network to another without the user's awareness. It has the power to corrupt or
harm important data in organizations, as well as destroy files and format hard drives.
• TROJANS HORSE:- A trojan horse is a harmful code or program created by hackers to masquerade as
genuine software in order to gain access to an organization's systems. It is intended to remove, change,
damage, block, or perform any other destructive activity on your data or network.
• ADWARE:- Adware is a type of software that contains commercial and marketing-related adverts, such
as pop-up windows or bars, banner ads, and video on your computer screen. Its primary goal is to create
cash for its developer (adware) by displaying various forms of adverts to internet users.
• SPYWARE:- Spyware is unwanted types of security threats to organizations which installed in user’s
computer and collects sensitive information such as personal or organization’s business
information, login credentials and credit card details without user knowledge. This type of threats
monitor your internet activity, tracking your login credentials, and spying on your sensitive information.
• WORM:- A computer worm is a sort of malicious software or program that spreads within a network and copies itself from one
computer to another within an organization.
• DENIAL-OF-SERVICE (DOS) ATTACKS:- Denial-of-service (dos) is an attack that causes a machine or network to shut down
or become unreachable to users. It typically floods a targeted system with requests until normal traffic is unable to be processed,
resulting in user denial of service.
• PHISHING:- Phishing is a type of social engineering attack in which the attacker attempts to get sensitive information such as
usernames, passwords, credit card information, login credentials, and so on.
• SQL INJECTION:- SQL injection is a form of injection attack and one of the most frequent web hacking tactics that allows the
attacker to edit or remove data in the back end database.
• ROOTKIT:- A rootkit is a malicious program that installs and runs harmful code on a computer or network system without the
user's knowledge in order to gain administrator-level access to the computer or network system. Rootkit viruses are classified into
four types: bootkits, firmware rootkits, kernel-level rootkits, and application rootkits.
• MALWARE:- Malware is software that is often composed of a program or code that is created by cyber attackers. It is a form of
cyber security threat to companies that is intended to cause substantial damage to systems or gain unauthorized access to a
computer.
• RANSOMWARE:- Ransomware is a form of security threat that prevents access to a computer system and demands bitcoin in
exchange for access. Wannacry, petya, cerber, locky, and cryptolocker are among the most dangerous ransomware outbreaks.
SECURITY PROCEDURES
Security procedures are step-by-step instructions for implementing, enabling, or enforcing security controls outlined in your organization's
security policies. Security procedures should cover the wide range of hardware and software components that support your business
processes, as well as any security-related business processes (e.G. Onboarding of a new employee and assignment of access privileges).
The Purpose of Security Procedures and Why They Are Required in an Organization
Security procedures are designed to provide consistency in the application of a security control or the execution of a security-related business
process. They must be followed each time a control is to be implemented or a security-related business process is to be followed. Here's an
example. The pilot will perform a pre-flight checklist as part of every aircraft flight, they do it to guarantee that the aircraft is ready to fly and
that every precaution is taken to ensure a safe flight. Even if a pilot has flown thousands of hours, he or she must nonetheless adhere to the
checklist. Following the checklist ensures that the behavior is consistent each and every time.
Security procedures, like pre-flight checklists, direct the individual carrying out the procedure to the desired end. Server hardening is one
example. Even if a system administrator has constructed and hardened hundreds of servers, the hardening protocol must be followed to
guarantee the server is hardened appropriately and to a level that allows operability with the system of which it is a part. If the hardening
protocol is not followed, the system administrator may skip a stage, exposing the server or data to unacceptable risk (e.G., Leaving unneeded
ports open on the server or the permissions on a directory open to unauthorized users). The ideal way would be to use scripts or other
automation tools to automate the hardening procedure (e.g. Puppet or Chef). This will verify that the hardening "process" is followed
consistently.
AN OVERVIEW OF HOW IT SECURITY RISKS CAN BE
ASSESSED/TREATED
Firewalls can be either software or hardware, though it is preferable to have both. A piece of software A
firewall is a program that is placed on each computer that restricts traffic via port numbers and programs,
whereas a physical firewall is a piece of equipment that is situated between your network and gateway.
1. Packet-filtering Firewalls:- The most common sort of firewall examines packets and prevents them from
passing through if they do not match a predefined set of security rules. This sort of firewall examines the
source and destination IP addresses of the packet. If packets match a "allowed" rule on the firewall, they
are allowed to enter the network. There are two types of packet filtering firewalls: stateful and stateless.
Because stateless firewalls review packets independently of one another and lack context, they are
attractive targets for hackers. Stateful firewalls, on the other hand, remember information about previously
transmitted packets and are considered far more secure.
2. Next-generation Firewalls (NGFW):- Traditional firewall technology is combined with extra functions
such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Its most notable
feature is deep packet inspection (DPU). While traditional firewalls just check packet headers, deep packet
inspection analyses the data within the packet itself, allowing users to more efficiently identify, categorize,
and halt dangerous data packets.
3. Proxy Firewalls:- At the application level, network traffic is filtered. Unlike traditional firewalls, the proxy
operates as a go-between for two end systems. The client must send a request to the firewall, which must
then analyze it against a set of security rules before allowing or blocking it. Proxy firewalls, in particular,
monitor traffic for layer 7 protocols such as HTTP and FTP, and detect malicious traffic using both stateful
and deep packet inspection.
4. Network Address Translation (NAT) Firewalls:- Allow many devices with different network addresses
to connect to the internet using a single IP address while hiding individual IP addresses. As a result,
attackers scanning a network for IP addresses are unable to obtain detailed details, increasing protection
against attacks. NAT firewalls, like proxy firewalls, serve as an intermediate between a group of computers
and outside traffic.
VIRTUAL PRIVATE NETWORK (VPN)
A Virtual Private Network Extends A Private Network
Across A Public Network, Allowing Users To Send And
Receive Data Across Shared Or Public Networks As
Though Their Computer Equipment Were Directly Linked
To The Private Network.
Improper configuration of third-party VPNs may have
an impact on IT security.
VPNs can be tough to set up and maintain unless you have
the necessary specialized gear. When a VPN connection
fails, the client-side program displays an error message
with some code. There are hundreds of various VPN error
codes, but only a few of them show in most circumstances.
Types Of Third Party VPNs
1. Remote Access VPNs:- A remote access VPN allows you to connect to a private network, such as your
company's office network, via the internet.The internet is an untrustworthy communication channel. VPN
encryption is used to keep data secret and secure as it travels between the public and private networks.
2. Personal VPN Services:- A personal VPN service links you to a VPN server, which functions as a go-
between for your device and the internet services you want to use. The personal VPN, often known as a
'consumer' or 'commercial' VPN, encrypts your connection, hides your identity online, and allows you to
spoof your physical location.
3. Mobile VPNs:- With a mobile VPN, the VPN connection is maintained even if the user changes WiFi or
cellular networks, loses connections, or turns their device off for an extended period of time.
4. Site-to-site VPNs:- A remote access VPN allows individual users to connect to a network and use its
services, whereas a site-to-site VPN connects two networks at different locations.For example, if a
corporation had two offices on the east and west coasts, a site-to-site VPN might be used to connect them
into a single network.
DMZ
NETWORK SECURITY CAN BE IMPROVED BY:-
1. Enabling Access Control:- Businesses can give consumers with
access to services outside of their network's boundaries via the public
internet. The DMZ provides access to these services while also
employing network segmentation to make it more difficult for an
unauthorized user to get access to the private network. A proxy server
may also be included in a DMZ, which centralizes internal network
flow and simplifies monitoring and recording of that traffic.
2. Preventing Network Reconnaissance:- A DMZ stops attackers from
undertaking reconnaissance work in the hunt for possible targets by
acting as a buffer between the internet and a private network. Servers
in the DMZ are exposed to the public but are protected by a firewall
that prevents an attacker from seeing inside the internal network. Even
if a DMZ system is compromised, the internal firewall keeps the
private network safe and makes external reconnaissance impossible.
3. Blocking Internet Protocol (IP) Spoofing:- Attackers try to get access to systems by faking an IP
address and impersonating an authorized device that is logged in to a network. A DMZ can detect and
thwart such spoofing efforts while another service confirms the IP address's legitimacy. The DMZ also
allows network segmentation, allowing traffic to be organized and public services to be accessed outside
of the internal private network.
• FTP Servers
• Mail Servers
• Proxy Servers
• Web Servers
STATIC IP
NETWORK SECURITY CAN BE IMPROVED BY:-
1. Providing A Better Level Of Protection:- Even though a static IP address creates a fact, and a
dynamic IP address creates change, utilizing this choice over a DHCP address assignment
gives you a benefit. When you use a static IP address, your home network obtains an extra
layer of protection against security issues that may arise on the network.
2. Giving You Remote Access:- With a static IP address, you can connect to your computer (or
device) from anywhere in the globe. You'll be able to view your data as long as the device is
connected to the internet and turned on. This makes it easier to work on projects while
traveling, stay in touch with people, and take use of the benefits provided by a VPN.
3. Reducing The Risk Of Losing An Important Message:- If you use a dynamic IP address
instead of a static IP address for your server, you may not get all messages sent to you. When
the dynamic IP address changes, any messages sent to the old address are lost until the DNS
records are restored. This is never an issue with a static IP address. Your address remains the
same at all times, so you'll always know when someone is attempting to contact you.
4. Reduced Lapses In Connection:- If you use a dynamic IP address at home with your ISP (or
with your business), you may face interruptions in internet connectivity. Some of these lapses
may be brief, while others may necessitate a reboot of your equipment. Although this is
commonly referred to as a "ping," what is actually happening is a lack of recognition. You
become more difficult to locate when your IP address changes. Using a static IP address
alleviates this problem, which is beneficial for high bandwidth users because the IP address
never resets.
NAT
1. Fix Issues Faster:- When you're in a bad situation, time is money. For time-pressed network
workers, network monitoring makes problem-solving easier and faster.Whether you're dealing
with a setup error or a spike in traffic, network monitoring software can help you solve
problems once and for all. Live network maps guide you to the source of problems, while
status displays provide performance measurements over time.Furthermore, network
automation technologies assist you in going one step further. Not only can network monitoring
detect problems, but it can also automatically resolve them without the need for human
intervention.
2. Identify Security Threats:- Network monitoring can assist secure your business-critical data
when you don't have the cash for intrusion detection software but still want a tier 1 approach to
help protect against data breaches.That first level of protection can be provided by a network
monitoring tool. The most significant advantage is a picture of what "normal" performance looks
like for your company, making it easy to notice anything out of the ordinary—whether it's a spike
in traffic or an unusual device connected to your network. You can take a proactive approach to
network security by diving down to determine when and on what device an incident occurred.
3. Stay Ahead Of Outages:- It outages are caused by a variety of circumstances, including human
mistake, configuration errors, and environmental variables. Implementing network monitoring is
one of the most fundamental and straightforward techniques to avoid outages in the first
place.Network monitoring provides the visibility required to stay one step ahead of potential
problems. Network monitoring software assists you in identifying outages that may cause
bottlenecks by displaying real network performance data in an easy-to-read interface.
PHYSICAL SECURITY
Physical security refers to the physical safeguarding of IT assets such as premises, equipment, staff, resources, and
other items against harm and unlawful physical access. Physical security precautions are performed to safeguard these
assets against physical dangers such as theft, vandalism, fire, and natural catastrophes.
VIRTUAL SECURITY
Virtual security solutions allow you to benefit from the intelligence and agility of professional security personnel
without having to pay for full-time, on-site guards. They are a means of supplementing existing security measures and
making them more effective at spotting possible threats and catching criminals in the act. Consider the following:
visibility and surveillance are important in crime prevention because they show criminals that their acts will not go
unnoticed. Surveillance is classified into three types: natural, casual, and formal. Natural surveillance focuses on
improving line-of-sight around your business by installing new light fixtures, trimming large trees, and reducing the
number of "blind spots" where criminals can hide undetected, whereas informal surveillance relies on employee
observation and the goodwill of neighbors to report suspicious activity.
THREE OF PHYSICAL SECURITY MEASURES THAT CAN BE EMPLOYED TO ENSURE THE
INTEGRITY OF ORGANISATIONAL IT SECURITY.
1. GET A VPN:- A VPN can help any business that has an online
connection. The phrase refers to a virtual private network, which
is an additional layer of security that hides your internet activity
from third parties. Vpns simply route your data and IP address
through a secure link between your own internet connection and
the website or online service that you require access to. It's
especially handy when connecting to a public internet
connection, such as one at a coffee shop or an airbnb. These
connections are notoriously insecure, and hackers can easily
exploit them to steal the personal information of anyone who
logs on to them. With a VPN, your new, secure connection will
keep the hacker away from the data they are attempting to steal.
2. INSTALL RELIABLE ANTIVIRUS SOFTWARE:-
Malware refers to any program developed with harmful
intent, whereas viruses are a sort of malware that repeats
itself within a computer until it has spread throughout the
entire system. Spyware is a sort of malware that is meant to
remain hidden from view while gathering data about the
business that it has latched onto. Needless to say, you'll need
to protect yourself from all of these forms of virtual warfare.
A solid, dependable antivirus tool is a must-have component
of any virtual security system. Aside from that, anti-malware
software is a must. They serve as the last line of defense
against malicious attacks that have penetrated your security
network. They function by identifying and eradicating viruses
and malware, as well as adware and spyware. They also
monitor and filter potentially dangerous files and emails.
You'll need to keep this software updated in order to avoid the
latest scams and to fix any issues.
3. Protect with a firewall:- A firewall protects both
hardware and software, making it a boon to any
organization that has its own physical servers.
However, a firewall also works by preventing
viruses from accessing your network, whereas an
antivirus works by attacking the software that has
already been infected by a virus. In other words,
they complement each other well. Installing a
firewall protects a small business's network
traffic, both inbound and outbound. By banning
specific websites, it can prevent hackers from
attacking your network. It can also be designed to
block the transmission of proprietary data and
private emails from your company's network.