IT SECURITY: RISKS, POLICIES, AND PROCEDURES -

WHAT YOU NEED TO KNOW

 TYPES OF SECURITY RISKS

• COMPUTER VIRUSES:- A virus is a harmful software program that can transmit from one computer
to another or from one network to another without the user's awareness. It has the power to corrupt or
harm important data in organizations, as well as destroy files and format hard drives.
• TROJANS HORSE:- A trojan horse is a harmful code or program created by hackers to masquerade as
genuine software in order to gain access to an organization's systems. It is intended to remove, change,
damage, block, or perform any other destructive activity on your data or network.
• ADWARE:- Adware is a type of software that contains commercial and marketing-related adverts, such
as pop-up windows or bars, banner ads, and video on your computer screen. Its primary goal is to create
cash for its developer (adware) by displaying various forms of adverts to internet users.
• SPYWARE:- Spyware is unwanted types of security threats to organizations which installed in user’s
computer and collects sensitive information such as personal or organization’s business
information, login credentials and credit card details without user knowledge. This type of threats
monitor your internet activity, tracking your login credentials, and spying on your sensitive information.
• WORM:- A computer worm is a sort of malicious software or program that spreads within a network and copies itself from one
computer to another within an organization.

• DENIAL-OF-SERVICE (DOS) ATTACKS:- Denial-of-service (dos) is an attack that causes a machine or network to shut down
or become unreachable to users. It typically floods a targeted system with requests until normal traffic is unable to be processed,
resulting in user denial of service.

• PHISHING:- Phishing is a type of social engineering attack in which the attacker attempts to get sensitive information such as
usernames, passwords, credit card information, login credentials, and so on.

• SQL INJECTION:- SQL injection is a form of injection attack and one of the most frequent web hacking tactics that allows the
attacker to edit or remove data in the back end database.

• ROOTKIT:- A rootkit is a malicious program that installs and runs harmful code on a computer or network system without the
user's knowledge in order to gain administrator-level access to the computer or network system. Rootkit viruses are classified into
four types: bootkits, firmware rootkits, kernel-level rootkits, and application rootkits.

• MALWARE:- Malware is software that is often composed of a program or code that is created by cyber attackers. It is a form of
cyber security threat to companies that is intended to cause substantial damage to systems or gain unauthorized access to a
computer.

• RANSOMWARE:- Ransomware is a form of security threat that prevents access to a computer system and demands bitcoin in
exchange for access. Wannacry, petya, cerber, locky, and cryptolocker are among the most dangerous ransomware outbreaks.
 SECURITY PROCEDURES
Security procedures are step-by-step instructions for implementing, enabling, or enforcing security controls outlined in your organization's
security policies. Security procedures should cover the wide range of hardware and software components that support your business
processes, as well as any security-related business processes (e.G. Onboarding of a new employee and assignment of access privileges).

The Purpose of Security Procedures and Why They Are Required in an Organization

Security procedures are designed to provide consistency in the application of a security control or the execution of a security-related business
process. They must be followed each time a control is to be implemented or a security-related business process is to be followed. Here's an
example. The pilot will perform a pre-flight checklist as part of every aircraft flight, they do it to guarantee that the aircraft is ready to fly and
that every precaution is taken to ensure a safe flight. Even if a pilot has flown thousands of hours, he or she must nonetheless adhere to the
checklist. Following the checklist ensures that the behavior is consistent each and every time.

Security procedures, like pre-flight checklists, direct the individual carrying out the procedure to the desired end. Server hardening is one
example. Even if a system administrator has constructed and hardened hundreds of servers, the hardening protocol must be followed to
guarantee the server is hardened appropriately and to a level that allows operability with the system of which it is a part. If the hardening
protocol is not followed, the system administrator may skip a stage, exposing the server or data to unacceptable risk (e.G., Leaving unneeded
ports open on the server or the permissions on a directory open to unauthorized users). The ideal way would be to use scripts or other
automation tools to automate the hardening procedure (e.g. Puppet or Chef). This will verify that the hardening "process" is followed
consistently.
 AN OVERVIEW OF HOW IT SECURITY RISKS CAN BE
ASSESSED/TREATED

Steps To Perform A Security Risk Assessment

1. Assets must be identified and prioritized.
2. Identify threats
3. Identify vulnerabilities
4. Analyze controls
5. Determine the likelihood of an incident
6. Assess the impact a threat could have
7. Prioritize the information security risks
8. Recommend controls
9. Document the results
The Risks Should Then Be Treated Appropriately.
1. Accept the risk as it is.
2. Transfer the risk, i.e. purchase insurance to mitigate financial losses.
3. Treat the risk, that is, take real efforts to lower the likelihood of the event occurring and/or to
lessen the damage if it does occur.
4. Stop the activity that is causing the risk.
 FIREWALL
A firewall is a network security device that monitors incoming
and outgoing network traffic and allows or blocks data packets
based on a set of security rules. Its purpose is to create a barrier
between your internal network and incoming traffic from external
sources (such as the internet) in order to prevent malicious traffic
such as viruses and hackers.
A poorly constructed firewall might be just as harmful as no
firewall at all. Here are four typical firewall mistakes that can
expose any network to attack. Even after years of research and
experience, many firms still commit setup errors that leave their
networks open to data theft, sabotage, and other sorts of mayhem.
Here's a breakdown of four bad firewall practices to avoid at all
costs:-
Types Of Firewalls

Firewalls can be either software or hardware, though it is preferable to have both. A piece of software A
firewall is a program that is placed on each computer that restricts traffic via port numbers and programs,
whereas a physical firewall is a piece of equipment that is situated between your network and gateway.

1. Packet-filtering Firewalls:- The most common sort of firewall examines packets and prevents them from
passing through if they do not match a predefined set of security rules. This sort of firewall examines the
source and destination IP addresses of the packet. If packets match a "allowed" rule on the firewall, they
are allowed to enter the network. There are two types of packet filtering firewalls: stateful and stateless.
Because stateless firewalls review packets independently of one another and lack context, they are
attractive targets for hackers. Stateful firewalls, on the other hand, remember information about previously
transmitted packets and are considered far more secure.
2. Next-generation Firewalls (NGFW):- Traditional firewall technology is combined with extra functions
such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Its most notable
feature is deep packet inspection (DPU). While traditional firewalls just check packet headers, deep packet
inspection analyses the data within the packet itself, allowing users to more efficiently identify, categorize,
and halt dangerous data packets.

3. Proxy Firewalls:- At the application level, network traffic is filtered. Unlike traditional firewalls, the proxy
operates as a go-between for two end systems. The client must send a request to the firewall, which must
then analyze it against a set of security rules before allowing or blocking it. Proxy firewalls, in particular,
monitor traffic for layer 7 protocols such as HTTP and FTP, and detect malicious traffic using both stateful
and deep packet inspection.

4. Network Address Translation (NAT) Firewalls:- Allow many devices with different network addresses
to connect to the internet using a single IP address while hiding individual IP addresses. As a result,
attackers scanning a network for IP addresses are unable to obtain detailed details, increasing protection
against attacks. NAT firewalls, like proxy firewalls, serve as an intermediate between a group of computers
and outside traffic.
 VIRTUAL PRIVATE NETWORK (VPN)
A Virtual Private Network Extends A Private Network
Across A Public Network, Allowing Users To Send And
Receive Data Across Shared Or Public Networks As
Though Their Computer Equipment Were Directly Linked
To The Private Network.
Improper configuration of third-party VPNs may have
an impact on IT security.
VPNs can be tough to set up and maintain unless you have
the necessary specialized gear. When a VPN connection
fails, the client-side program displays an error message
with some code. There are hundreds of various VPN error
codes, but only a few of them show in most circumstances.
Types Of Third Party VPNs

1. Remote Access VPNs:- A remote access VPN allows you to connect to a private network, such as your
company's office network, via the internet.The internet is an untrustworthy communication channel. VPN
encryption is used to keep data secret and secure as it travels between the public and private networks.

2. Personal VPN Services:- A personal VPN service links you to a VPN server, which functions as a go-
between for your device and the internet services you want to use. The personal VPN, often known as a
'consumer' or 'commercial' VPN, encrypts your connection, hides your identity online, and allows you to
spoof your physical location.

3. Mobile VPNs:- With a mobile VPN, the VPN connection is maintained even if the user changes WiFi or
cellular networks, loses connections, or turns their device off for an extended period of time.

4. Site-to-site VPNs:- A remote access VPN allows individual users to connect to a network and use its
services, whereas a site-to-site VPN connects two networks at different locations.For example, if a
corporation had two offices on the east and west coasts, a site-to-site VPN might be used to connect them
into a single network.
 DMZ
NETWORK SECURITY CAN BE IMPROVED BY:-
1. Enabling Access Control:- Businesses can give consumers with
access to services outside of their network's boundaries via the public
internet. The DMZ provides access to these services while also
employing network segmentation to make it more difficult for an
unauthorized user to get access to the private network. A proxy server
may also be included in a DMZ, which centralizes internal network
flow and simplifies monitoring and recording of that traffic.
2. Preventing Network Reconnaissance:- A DMZ stops attackers from
undertaking reconnaissance work in the hunt for possible targets by
acting as a buffer between the internet and a private network. Servers
in the DMZ are exposed to the public but are protected by a firewall
that prevents an attacker from seeing inside the internal network. Even
if a DMZ system is compromised, the internal firewall keeps the
private network safe and makes external reconnaissance impossible.
3. Blocking Internet Protocol (IP) Spoofing:- Attackers try to get access to systems by faking an IP
address and impersonating an authorized device that is logged in to a network. A DMZ can detect and
thwart such spoofing efforts while another service confirms the IP address's legitimacy. The DMZ also
allows network segmentation, allowing traffic to be organized and public services to be accessed outside
of the internal private network.

Services Of A DMZ Include:

• DNS Servers

• FTP Servers

• Mail Servers

• Proxy Servers

• Web Servers
 STATIC IP
NETWORK SECURITY CAN BE IMPROVED BY:-

1. Providing A Better Level Of Protection:- Even though a static IP address creates a fact, and a
dynamic IP address creates change, utilizing this choice over a DHCP address assignment
gives you a benefit. When you use a static IP address, your home network obtains an extra
layer of protection against security issues that may arise on the network.

2. Giving You Remote Access:- With a static IP address, you can connect to your computer (or
device) from anywhere in the globe. You'll be able to view your data as long as the device is
connected to the internet and turned on. This makes it easier to work on projects while
traveling, stay in touch with people, and take use of the benefits provided by a VPN.
3. Reducing The Risk Of Losing An Important Message:- If you use a dynamic IP address
instead of a static IP address for your server, you may not get all messages sent to you. When
the dynamic IP address changes, any messages sent to the old address are lost until the DNS
records are restored. This is never an issue with a static IP address. Your address remains the
same at all times, so you'll always know when someone is attempting to contact you.

4. Reduced Lapses In Connection:- If you use a dynamic IP address at home with your ISP (or
with your business), you may face interruptions in internet connectivity. Some of these lapses
may be brief, while others may necessitate a reboot of your equipment. Although this is
commonly referred to as a "ping," what is actually happening is a lack of recognition. You
become more difficult to locate when your IP address changes. Using a static IP address
alleviates this problem, which is beneficial for high bandwidth users because the IP address
never resets.
 NAT

Benefits That Help In Improving The Network Security Of NAT:-

1. IP address spaces can be saved since several hosts connect to the global Internet using a single
dynamic external IP address.
2. Connecting a large number of hosts to the global Internet using fewer public (external) IP
addresses, therefore preserving IP address space
3. Private IP address re-use
 Benefits Of Network Monitoring

1. Fix Issues Faster:- When you're in a bad situation, time is money. For time-pressed network
workers, network monitoring makes problem-solving easier and faster.Whether you're dealing
with a setup error or a spike in traffic, network monitoring software can help you solve
problems once and for all. Live network maps guide you to the source of problems, while
status displays provide performance measurements over time.Furthermore, network
automation technologies assist you in going one step further. Not only can network monitoring
detect problems, but it can also automatically resolve them without the need for human
intervention.
2. Identify Security Threats:- Network monitoring can assist secure your business-critical data
when you don't have the cash for intrusion detection software but still want a tier 1 approach to
help protect against data breaches.That first level of protection can be provided by a network
monitoring tool. The most significant advantage is a picture of what "normal" performance looks
like for your company, making it easy to notice anything out of the ordinary—whether it's a spike
in traffic or an unusual device connected to your network. You can take a proactive approach to
network security by diving down to determine when and on what device an incident occurred.

3. Stay Ahead Of Outages:- It outages are caused by a variety of circumstances, including human
mistake, configuration errors, and environmental variables. Implementing network monitoring is
one of the most fundamental and straightforward techniques to avoid outages in the first
place.Network monitoring provides the visibility required to stay one step ahead of potential
problems. Network monitoring software assists you in identifying outages that may cause
bottlenecks by displaying real network performance data in an easy-to-read interface.
PHYSICAL SECURITY
Physical security refers to the physical safeguarding of IT assets such as premises, equipment, staff, resources, and
other items against harm and unlawful physical access. Physical security precautions are performed to safeguard these
assets against physical dangers such as theft, vandalism, fire, and natural catastrophes.

VIRTUAL SECURITY
Virtual security solutions allow you to benefit from the intelligence and agility of professional security personnel
without having to pay for full-time, on-site guards. They are a means of supplementing existing security measures and
making them more effective at spotting possible threats and catching criminals in the act. Consider the following:
visibility and surveillance are important in crime prevention because they show criminals that their acts will not go
unnoticed. Surveillance is classified into three types: natural, casual, and formal. Natural surveillance focuses on
improving line-of-sight around your business by installing new light fixtures, trimming large trees, and reducing the
number of "blind spots" where criminals can hide undetected, whereas informal surveillance relies on employee
observation and the goodwill of neighbors to report suspicious activity.
 THREE OF PHYSICAL SECURITY MEASURES THAT CAN BE EMPLOYED TO ENSURE THE
INTEGRITY OF ORGANISATIONAL IT SECURITY.

1. SURVEILLANCE CAMERAS :- Can be used as a deterrent when installed in

high-traffic areas, as well as for incident assessment and historical
research. For example, if alarms are triggered and a camera is present,
security staff can examine the situation using the camera feed. When an
attack has already occurred and a camera is installed at the site of the
attack, the recorded video can be seen. Although the term closed-circuit
television (CCTV) is widely used, it is soon becoming obsolete as more
video systems abandon the closed circuit for signal transmission in favor
of IP camera networks. A human response is not always guaranteed by
video monitoring. In order to respond in a timely manner, a human must
be monitoring the event in real time; otherwise, video monitoring is only
a technique of gathering evidence for later study. However, technological
advancements such as video analytics are minimizing the amount of
effort necessary for video monitoring by automatically notifying security
employees of potential security occurrences.
2. ALARM SYSTEMS AND SENSORS:- When unlawful access is
attempted, alarm systems can be established to notify security staff.
Alarm systems act in conjunction with physical barriers, mechanical
systems, and security guards to initiate A response when these other
forms of security are compromised. Sensors such as perimeter
sensors, motion sensors, touch sensors, and glass break detectors are
included. Alarms, on the other hand, are only beneficial if there is A
quick response when they are activated. Some burglars will test the
response time of security staff to A purposely tripped alarm system
during the reconnaissance phase prior to A real attack. The attacker
can evaluate if an attempt will succeed before authorities arrive to
eliminate the threat by measuring the time it takes for A security
team to arrive (assuming they come at all). Loud audible alarms can
also serve as A psychological deterrent by alerting intruders to the
fact that their presence has been discovered.
3.Access control management & security systems:- the word access
control refers to limiting access to a property, a building, or a space to
only authorized individuals. Mechanical access control is accomplished
by the use of locks and keys, among other things. However, such access
control systems do not enable time-controlled access and do not provide
access control records or reports. Physical access control is concerned
with who, where, and when access is granted or denied. An access
control system determines who is permitted to enter or exit, where they
may exit or enter, and when they may enter or exit. Electronic access
control eliminates the constraints of mechanical locks and keys by
utilizing modern electronics. To replace mechanical keys, a wide choice
of credentials and authentication alternatives are now accessible. Access
is granted by the electronic access control system based on the credential
given. These credentials can include pins, biometrics, and multi-
credential combinations, among other things. When access is allowed,
the door is opened for a set amount of time, and the transaction is
logged.
 THREE OF VIRTUAL SECURITY MEASURES THAT CAN BE EMPLOYED TO ENSURE THE
INTEGRITY OF ORGANISATIONAL IT SECURITY.

1. GET A VPN:- A VPN can help any business that has an online
connection. The phrase refers to a virtual private network, which
is an additional layer of security that hides your internet activity
from third parties. Vpns simply route your data and IP address
through a secure link between your own internet connection and
the website or online service that you require access to. It's
especially handy when connecting to a public internet
connection, such as one at a coffee shop or an airbnb. These
connections are notoriously insecure, and hackers can easily
exploit them to steal the personal information of anyone who
logs on to them. With a VPN, your new, secure connection will
keep the hacker away from the data they are attempting to steal.
2. INSTALL RELIABLE ANTIVIRUS SOFTWARE:-
Malware refers to any program developed with harmful
intent, whereas viruses are a sort of malware that repeats
itself within a computer until it has spread throughout the
entire system. Spyware is a sort of malware that is meant to
remain hidden from view while gathering data about the
business that it has latched onto. Needless to say, you'll need
to protect yourself from all of these forms of virtual warfare.
A solid, dependable antivirus tool is a must-have component
of any virtual security system. Aside from that, anti-malware
software is a must. They serve as the last line of defense
against malicious attacks that have penetrated your security
network. They function by identifying and eradicating viruses
and malware, as well as adware and spyware. They also
monitor and filter potentially dangerous files and emails.
You'll need to keep this software updated in order to avoid the
latest scams and to fix any issues.
3. Protect with a firewall:- A firewall protects both
hardware and software, making it a boon to any
organization that has its own physical servers.
However, a firewall also works by preventing
viruses from accessing your network, whereas an
antivirus works by attacking the software that has
already been infected by a virus. In other words,
they complement each other well. Installing a
firewall protects a small business's network
traffic, both inbound and outbound. By banning
specific websites, it can prevent hackers from
attacking your network. It can also be designed to
block the transmission of proprietary data and
private emails from your company's network.