ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 8/3/2024 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Student ID

Class Assessor name

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that
making a false declaration is a form of malpractice.

Student’s signature

Grading grid

P1 P2 P3 P4 M1 M2 D1

1
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Versifier's Comments:

Signature & Date:

Vocational scenario

2
 Catalog
I. Introduction....................................................................................................................................................................................4
II. Main body.....................................................................................................................................................................................4
1. Discuss types of security risks to organisations. (P1)...................................................................................................................4
1.1 Define IT risks...........................................................................................................................................................................4
1.2 Discuss types of risks to organizations.......................................................................................................................................5
1.3 Recent security breaches.............................................................................................................................................................6
1.4 Discuss the consequences of security breaches:.........................................................................................................................6
1.5 Proposed solutions for organizations:.........................................................................................................................................7
2. Assess organizational security procedures (P2)............................................................................................................................7
2.1 Physical security.........................................................................................................................................................................7
3. Discuss the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs (P3)............10
3.1 Discuss briefly firewalls and policies, their usage and advantages in a network.....................................................................10
3.2 How does a firewall provide security to a network..................................................................................................................10
3.3 Show with diagrams the example of how firewall works.........................................................................................................11
3.4 Define VPN, its usage, and show it with diagrams examples ..................................................................................................11
3.5 Potential impact of incorrectly configured firewall and VPN in a network:............................................................................13
4. Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve network
security (P4)....................................................................................................................................................................................13
4.1 Define and discuss with the aid of diagram DMZ....................................................................................................................13
a, Concepts and uses:............................................................................................................................................13
b, Properties and characteristics:..........................................................................................................................14
c, Advantages........................................................................................................................................................14
d, Diagram:...........................................................................................................................................................14
4.2 Define and discuss with the aid of diagram static IP................................................................................................................15
a, Concepts and uses:............................................................................................................................................15
b, Properties and characteristics:..........................................................................................................................15
c, Advantages.......................................................................................................................................................15
d, Diagram:...........................................................................................................................................................16
4.3 Define and discuss with the aid of diagram NAT.....................................................................................................................16
a, Concepts and uses:............................................................................................................................................16
b, Properties and characteristics:..........................................................................................................................16
c, Advantages........................................................................................................................................................16
d, Diagram:...........................................................................................................................................................17
5. Analyse the benefits of implementing network monitoring systems with supporting reasons (M1)..........................................17
5.1 List some of the networking monitoring devices and discuss each of them.............................................................................17
5.2 Why do you need to monitor networks.....................................................................................................................................21
5.3 What are the benefits of monitoring a network.........................................................................................................................21
6. Propose a method to assess and treat IT security risks (M2)......................................................................................................22
6.1 Discuss methods required to assess security threats.................................................................................................................22
6. 2 What is the current weakness or threats of an organization?...................................................................................................23
6.3 What tools will you propose to treat IT security risks?............................................................................................................23
7. Evaluate a range of physical and virtual security measures that can be employed to ensure the integrity of organizational IT
security (D1)...................................................................................................................................................................................24
7.1 Define and explain what are physical and virtual security measures .......................................................................................24
7.2 Give brief details with an example on their uses......................................................................................................................25
7.3 How can they be a solution in IT security................................................................................................................................26
III. CONCLUSION.........................................................................................................................................................................28
IV. Evaluation.................................................................................................................................................................................28
V. REFERENCES...........................................................................................................................................................................29

Figure

3
Figure 1. Definition rick.................................................................................................................................5

Figure 2. Physical security.............................................................................................................................8

Figure 3. Firewall works...............................................................................................................................11

Figure 4. VPN...............................................................................................................................................12

Figure 5.diagram of VPN..............................................................................................................................12

Figure 6. DMZ..............................................................................................................................................14

Figure 7.
IP ...................................................................................................................................................15

Figure 8. NAT...............................................................................................................................................17

Figure 9. Network TAPs...............................................................................................................................18

Figure 10.Network Probes ...........................................................................................................................18

Figure 11. Network Analyzers......................................................................................................................19

Figure 12. SNMP..........................................................................................................................................19

Figure 13. Flow Analyzers............................................................................................................................20

Figure 14. IDS/IPS........................................................................................................................................20

Figure 15. Physical security..........................................................................................................................25

Figure 16 Virtual security.............................................................................................................................25

4
I. Introduction
I am an IT Security Expert Intern for FPT Information Security (FIS) - a leading information security
consulting company in Vietnam. We are a trusted partner to mid-sized companies, and we leverage our
knowledge and experience to advise and implement technical solutions for potential IT security risks. W e
understand the critical importance of addressing and mitigating potential security risks in the field of
information and communication technology (ICT). Our advisory services are designed to provide
guidance and develop technical solutions to safeguard organizations against hidden cybersecurity risks in
their ICT systems.

II. Main body

1. Discuss types of security risks to organisations. (P1)

1.1 Define IT risks.

Information technology or IT risk is basically any threat to your business data, critical systems and
business processes. It is the risk associated with the use, ownership, operation, involvement, influence and
adoption of IT within an organization. IT risks have the potential to damage business value and often
come from poor management of processes and events. [1]

Figure 1. Definition rick

1.2 Discuss types of risks to organizations.

a, Risks:

 Security Risks: Security risks involve the unauthorized access, use, or disclosure of sensitive
information

 Compromised Business Data: Unauthorized access to business data can lead to financial losses,
reputation damage, and loss of customer trust. For example, a data breach where customer
information, such as credit card numbers or personal identifiers, is stolen.

5
 Insider Threats: This refers to risks posed by individuals within the organization who have access to
sensitive data and misuse it for personal gain or malicious purposes. For instance, an employee
leaking confidential company information to a competitor.

b, Availability Risks: Availability risks impact the ability to access IT systems needed for
business operations.

 Downtime: System failures, network outages, or power outages can result in the unavailability of
critical systems, leading to disruptions in business operations. For example, a hardware failure that
causes a server to crash, rendering a key application inaccessible.

 Distributed Denial of Service (D Dos) Attacks: D Dos attacks overwhelm systems with a flood of
traffic, making them inaccessible to legitimate users. An example is the 2016 Dy attack, where major
websites were disrupted by a massive D Dos attack.

c) Performance Risks: Performance risks affect the efficiency and responsiveness of IT

systems.

 Slow or Delayed Access: Inadequate infrastructure or network congestion can lead to slow or delayed
access to critical systems, reducing productivity and user satisfaction. For instance, a network
bottleneck that causes significant delays in accessing shared files.

 Scalability Issues: Inability to handle increased user demand or sudden spikes in traffic can result in
system slowdowns or crashes. This can impact user experience and business operations during peak
periods. An example is an e-commerce website crashing during a major sale event due to high user
traffic.

d) Compliance Risks: Compliance risks involve the failure to follow laws, regulations, or
industry standards.

 Data Protection Regulations: Non-compliance with data protection regulations, such as the General
Data Protection Regulation (GDPR), can lead to legal penalties and reputation damage. An
organization failing to implement proper data protection measures or obtain user consent can face
consequences.

1.3 Recent security breaches

1. T-Mobile was attacked, more than 37 million customers affected: T-Mobile discovered malicious
activity from Cybercrime. Attackers have been using the API to steal data since November 22, 2022.

2. Mail-chimp data breach exposes personal information: In January 2023 email and digital marketing
company Mail-chimp discovered a data breach affecting user accounts. It also exposes employee
information and credentials

6
3. ChatGPT faced a major data breach: The incident exposed users' full names and email addresses.
Additionally, hackers gained access to the billing address and last four digits of ChatGPT subscribers'
credit cards in March 2023.

4. More than 200 organizations affected in Move-it breach: The June 2023 data breach of the Move-it file
transfer tool affected more than 17 million individuals and 200 organizations

5. Parent company KFC, Taco Bell and Pizza Hut were attacked: in April 2023. There are attacks that only
affect company data and expose employee and customer information.

6. MCNA Insurance suffered a data breach: In May 2023, Managed Care of North America Insurance
Company (MCNA) announced a data breach that occurred since the beginning of the year. Exposed data
includes internal systems

7. Attack on game publisher Activation: a third-party security research group discovered hackers may
have accessed sensitive employee information in December 2022

8. Google Fi affected by T-Mobile breach: Google Fi customer phone numbers were exposed in the T-
Mobile data breach in January 2023.

9. Nearly 6 million people affected in PharMerica breach: Millions of individuals were affected in the
March 2023 data breach at PharMerica

10. Microsoft cloud email breach: Microsoft cloud email service was revealed in June 2023. The severity
of the incident lies in the fact that many accounts belong to US government agencies. [3]

1.4 Discuss the consequences of security breaches:

- The consequences of security breaches can vary depending on various factors, including the type and
scale of the breach.

1. Financial Losses: Organizations may incur financial losses due to theft of funds, legal fees,
compensation payments, or loss of business opportunities.

2. Reputation Damage: Security breaches can erode customer trust and damage the organization's
reputation, leading to a loss of customers, partners, and market share.

3. Legal and Regulatory Penalties: Non-compliance with data protection, privacy, or other regulations
can result in legal penalties, fines, or sanctions imposed by regulatory bodies.

4. Business Disruption: Security breaches can cause operational disruptions, system downtime, and loss
of productivity, impacting the organization's ability to deliver products or services.

5. Loss of Intellectual Property: Breaches that involve the theft or exposure of proprietary information or
trade secrets can have long-term consequences for an organization's competitive advantage.

7
 1.5 Proposed solutions for organizations:
- Several solutions can be implemented to minimize the risks and consequences of security breaches:

 Strong security measures: Implement strong access controls, encryption, firewalls, intrusion detection
systems, and regular security updates to protect systems and data from access unauthorized access.

 Employee training and awareness: Educate employees on security best practices, such as strong
password management, identifying phishing attempts, and securely handling sensitive data full.

 Incident response and disaster recovery plans: Develop and regularly test plans to respond to security
incidents, including steps to prevent, investigate, and recover from breaches.

 Regular security testing and assessments: Conduct periodic security testing to identify vulnerabilities
and evaluate the effectiveness of security controls. Promptly address any identified weaknesses.

 Third-party risk management: Evaluate and monitor the security practices of third-party vendors and
partners to ensure they meet the organization's security standards.

 Data backup and recovery: Implement regular data backups and offsite storage to ensure data can be
restored in the event of a breach or system failure.

 Compliance with regulations: Stay up to date with relevant laws and regulations, such as data
protection requirements, and ensure compliance to avoid legal and regulatory penalties.

 Continuous monitoring and threat intelligence: Deploy robust monitoring systems to promptly detect
and respond to security threats. Stay informed about emerging threats through threat intelligence
sources.

2. Assess organizational security procedures (P2)

2.1 Physical security

- Physical security refers to the measures and practices implemented by an organization to protect its
physical assets, resources, and personnel from unauthorized access, damage, theft, or harm. It involves the
use of physical barriers, controls, and surveillance systems to safeguard the physical environment and
prevent security breaches. Physical security is crucial for organizations as it forms the foundational layer
of overall security measures. [2]

8
 Figure 2. Physical security

a, Define

- Physical security measures.

1. Access Control Systems: Access control systems are used to regulate and monitor entry and exit
points within an organization's premises. This can involve the use of physical barriers such as gates,
fences, turnstiles, or security guards to control access to sensitive areas. Access control systems may
also incorporate electronic methods such as key cards, biometric scanners, or PIN codes to
authenticate and authorize individuals.

→Assessment: Access control systems are an effective physical security measure as they help prevent
unauthorized individuals from entering restricted areas. By limiting access to sensitive locations,
organizations can reduce the risk of theft, vandalism, or unauthorized access to critical assets. However,
the effectiveness of access control systems depends on proper implementation, regular maintenance, and
strict adherence to access control policies.

2. Video Surveillance Systems: Video surveillance systems use cameras and recording devices to
monitor and record activities in and around an organization's premises. These systems provide real-
time monitoring and evidence collection capabilities, acting as a deterrent to potential security threats.
Surveillance systems can be supplemented with features such as motion detection, facial recognition,
and remote monitoring.

→Assessment: Video surveillance systems are valuable tools for enhancing physical security. They can
help identify security breaches, monitor suspicious activities, and provide evidence for investigations.
However, it is important to ensure that surveillance cameras are strategically placed to cover critical areas
effectively. Adequate storage and retention policies should also be in place to manage the large volumes
of recorded video data while respecting privacy laws and regulations.

3. Perimeter Protection: Perimeter protection involves securing the boundaries of an organization's

premises to prevent unauthorized access. This can include physical barriers such as fences, walls, or
bollards, along with appropriate signage to demarcate restricted areas. Lighting and alarm systems can
also be installed to enhance the visibility and deterrence of potential intruders.

9
→Assessment: Perimeter protection measures are essential for preventing unauthorized access and
deterring potential threats. Robust physical barriers, combined with appropriate signage and lighting, can
send a clear message that unauthorized entry is not permitted. Regular inspections and maintenance of
perimeter protection systems are critical to ensure their continued effectiveness.

4. Firewall: Set up and configure firewalls to limit outside access to the network and protect against
Internet attacks. Firewalls can control and monitor network traffic based on established rules and
policies.

→ Assessment: Firewalls need to be configured properly and updated regularly to prevent attacks from
the Internet. Testing and evaluating the effectiveness of a firewall includes determining whether the
firewall can successfully prevent cyber attacks and whether it meets the security requirements of the
system.

5. Plolicies: Access control policy direction ensures that only authorized users can access resources and
data in the system.

→ Assessment: Evaluating an access control policy includes determining whether the policy is properly
implemented and followed, and identifying gaps or regulatory violations. At the same time, check that the
policy meets security requirements and complies with relevant legal regulations.

6. Intenal: Access control includes determining whether policies have been properly implemented and
followed, and identifying vulnerabilities or regulatory violations. At the same time, check whether the
policy meets security requirements and complies with relevant legal regulations.

→ Assessment: The authentication and authorization system includes testing the effectiveness of the
authentication methods used (such as usernames and passwords, digital certificates, two-factor
authentication codes) and determining whether the system The authorization system clearly defines the
rights and scope of activities of each user in the system.

7. Encrypt: Data encryption ensures that important information is protected before transmission or
storage.
→ Assessment: Data encryption includes checking that data is properly and securely encrypted, and
determining whether the algorithms and encryption methods used meet security requirements.

3. Discuss the potential impact to IT security of incorrect configuration of firewall policies and
third-party VPNs (P3)

3.1 Discuss briefly firewalls and policies, their usage and advantages in a network

a, firewalls and policies

10
A firewall is a network security device that acts as a barrier between an internal network and external
networks, such as the internet. It monitors and controls incoming and outgoing network traffic based on
predefined security rules known as firewall policies. These policies determine which connections and data
packets are allowed or denied based on criteria such as source/destination IP addresses, port numbers, and
protocols.

b, Usage and advantages

 Network Segmentation: Firewalls enable network segmentation by dividing the network into separate
security zones or subsets. This helps isolate sensitive systems or resources from the rest of the
network, limiting the potential impact of security breaches.

 Access Control: Firewall policies allow organizations to control and restrict network access, both
inbound and outbound. They can specify which services and ports are accessible, preventing
unauthorized access and reducing the attack surface.

 Threat Prevention: Firewalls can be equipped with various security features such as intrusion
detection and prevention systems (IDS/IPS), antivirus scanning, and content filtering. These features
help detect and block malicious traffic, preventing attacks and malware infections.

3.2 How does a firewall provide security to a network

- A firewall provides security to a network by enforcing the defined firewall policies. It examines network
traffic passing through it and applies the configured rules to determine whether to allow or block the
traffic. The firewall inspects packets at the network and transport layers of the OSI model, analyzing the
source and destination addresses, port numbers, and protocols. Based on this analysis, the firewall can
make decisions to permit or deny traffic.

- Firewalls use different filtering techniques, including:

 Packet Filtering: This technique examines individual packets based on specific criteria defined in the
firewall policies. It compares the packet's source and destination IP addresses, port numbers, and
protocols against the allowed rules and makes filtering decisions accordingly.

 Stateful Inspection: Stateful firewalls maintain a record of the state of network connections. They
analyze and track the state of packets, ensuring that only valid packets belonging to established
connections are allowed through the firewall.

 Application-Level Gateway (Proxy): Application-level gateways act as intermediaries between

internal users and external services. They inspect the application-layer data, such as HTTP requests or
FTP commands, to provide granular control and additional security checks.

11
 3.3 Show with diagrams the example of how firewall works
- Definition: A firewall is a network security device that monitors and filters incoming and outgoing
network traffic, complying with security policies defined by the organization. It essentially acts as a
protective wall between a private intranet and the public Internet. [4]

Figure 3. Firewall works

- In this diagram, the firewall is between the internal network and the external network. It acts as a
gateway and enforces defined firewall policies to control the flow of traffic between two networks.

3.4 Define VPN, its usage, and show it with diagrams examples
a, Define VPN

A virtual private network (VPN) is a technology that extends a private network over a public network,
such as the internet. It creates a secure and encrypted connection between the user's device and the private
network, allowing users to access network resources remotely. [5]

Figure 4. VPN

b, Its usage

12
 Remote access: VPNs allow users to securely access their organization's network resources from
remote locations, such as home or public Wi-Fi networks. This provides a secure connection and
allows users to work as if they were directly connected to the internal network.

 Site-to-Site connectivity: VPNs can be used to connect multiple networks together, creating a secure
communication channel between different locations or branch offices. This allows organizations to
establish private and encrypted connections over public networks.

 Anonymity and privacy: VPNs can be used to encrypt and route internet traffic through a remote
server, providing anonymity and privacy by masking the user's IP address and encrypt their data.

c, Here is a simple diagram illustrating how a VPN works:

Figure 5.diagram of VPN

- In this diagram, two internal networks are securely connected over the internet using a VPN. VPN
gateways establish an encrypted tunnel between them, ensuring the confidentiality and integrity of
transmitted data.

3.5 Potential impact of incorrectly configured firewall and VPN in a network:

a, Firewall:

 Increased Vulnerability: Incorrectly configured firewall policies can lead to unintended access to
sensitive resources, allowing unauthorized users to penetrate the network and compromise its security.
This can result in data breaches, unauthorized modifications, or theft of sensitive information.

 Network Downtime: Misconfigured firewall rules can block legitimate traffic or allow malicious
traffic, leading to network disruptions and service outages. This can impact business operations,
productivity, and customer satisfaction.

13
 Inadequate Protection: Improperly configured firewalls may fail to detect and block malicious traffic,
rendering the network more susceptible to attacks such as malware infections, Distributed Denial of
Service (D Dos) attacks, or unauthorized access attempts.

b, VPN:

 Data Breaches: Incorrectly configured VPN settings can result in data leaks or breaches,
compromising the confidentiality and integrity of transmitted data. Unsecured VPN connections can
expose sensitive information to eavesdropping or interception by unauthorized parties.

 Unauthorized Access: Configurations in VPN authentication and access control settings can allow
unauthorized individuals to gain access to the network resources. This can lead to unauthorized
system access, data theft, or unauthorized modifications to critical systems.

 Compliance Violations: Organizations may have specific compliance requirements for protecting data
and ensuring secure remote access. Incorrectly configured VPNs may result in non-compliance with
industry regulations, leading to legal and financial consequences.

 Network Performance Issues: Improper VPN configurations can cause network performance
degradation due to increased latency, bandwidth limitations, or inefficient routing. This can impact
user experience, productivity, and overall network performance.

4. Discuss, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security (P4)

4.1 Define and discuss with the aid of diagram DMZ.

a, Concepts and uses:

- Concepts: DMZ is an intermediate network between the internal network and the public network, used
to place public services such as web servers, email, FTP.

- Uses: The main function of the DMZ is to create an intermediate security zone to minimize the risk of
attacks from the public network to the internal network.

b, Properties and characteristics:

 DMZ is an independent virtual private network that can be isolated from the internal network and
public network.

 DMZs typically have strict security setups and use firewalls, proxies, and security appliances to
control data flow and access to services within the DMZ.- Here is a simplified diagram illustrating the
concept of a DMZ:

14
 Figure 6. DMZ

c, Advantages

 Controlled Access: The DMZ acts as a controlled entry point for external traffic. By placing public-
facing servers in the DMZ, organizations can apply strict security policies and access controls to limit
the exposure of their internal network to external threats.

 Reduced Attack Surface: By segregating public-facing servers from the internal network, a
compromised server in the DMZ has limited access to sensitive resources. This containment helps
reduce the potential damage caused by an attacker, limiting their lateral movement within the
network.

 Network Isolation: The DMZ provides a physical and logical separation between the internal network
and external network. This isolation prevents direct access to internal resources, ensuring that any
compromise in the DMZ does not directly impact critical systems or data.

d, Diagram:

A popular DMZ model is the "three-tier model". In this model, the DMZ is located between the internal
network and the public network. Public services such as web, email or DNS servers are located in the
DMZ, while data servers and internal management systems are located in the internal network. Firewalls
and security devices are deployed to control the flow of information between layers. The DMZ model
helps ensure security and confidentiality for both internal networks and public services.

4.2 Define and discuss with the aid of diagram static IP.
a, Concepts and uses:

- Concepts: Static IP (Internet Protocol) is an unchanging IP address for a device connected to the
network. It is manually configured on the device and does not change over time.

- Uses: The main use of Static IP is to identify a unique address for a device on a network, allowing the
device to be identified and accessed from a peripheral network or the Internet.

15
 b, Properties and characteristics:

 Static IP is a static IP address that does not change during network operation.

 Static IP addresses are configured on the device and are not automatically changed by the network.

 With Static IP, the device has a fixed IP address that does not change when rebooting or connecting to
the network.

Figure 7. IP

c, Advantages

 Access Control: By assigning static IP addresses to specific devices, organizations can implement
access control policies that allow or deny connections based on IP addresses. This helps in identifying
and authorizing trusted devices or networks while restricting access to unauthorized entities.

 Network Monitoring: Static IP addresses make it easier to monitor network traffic and identify
potential security threats. Network administrators can track and analyze traffic patterns associated
with specific IP addresses, facilitating the detection of suspicious activities or unauthorized access
attempts.

 Server Identification: Static IP addresses are particularly useful for servers hosting critical services or
resources. By using static IP addresses, organizations can ensure consistent accessibility to these
servers and simplify the process of configuring firewalls, access control lists, and other security
measures.

d, Diagram:

A popular diagram related to Static IP is the LAN (Local Area Network) network model that uses static IP
addresses for devices on the network. In this model, each device on the network (such as computers,

16
servers, printers) is assigned a unique static IP address. These devices can access and communicate with
each other via static IP addresses. This model ensures stability and easy management in the LAN.

4.3 Define and discuss with the aid of diagram NAT.

a, Concepts and uses:

- Concepts: Static NAT (Network Address Translation) is the process of converting the IP address and
port of a network protocol from an internal IP address to a fixed public IP address.

- Uses: The main use of Static NAT is to allow multiple devices on a local network to share a single
public IP address when connecting to a public network or the Internet.

b, Properties and characteristics:

 Static NAT maps a fixed internal IP address to a fixed public IP address, which does not change
during network operation.

 The NAT process is configured on the firewall or router and usually comes with the configuration of a
pair of internal and public IP addresses to perform mapping.

Figure 8. NAT

c, Advantages

 IP Address Obfuscation: NAT masks the private IP addresses of devices within the internal network,
replacing them with a single public IP address. This obfuscation helps conceal the internal network
structure and devices from external networks, making it more difficult for potential attackers to target
specific devices directly.

 Enhanced Privacy: NAT provides an additional layer of privacy as external networks only see the
public IP address, not the private IP addresses of individual devices. This helps protect the internal
network from reconnaissance attempts or unauthorized scanning.

 Traffic Filtering: NAT can be used in conjunction with firewalls to filter and control incoming and
outgoing traffic. By associating specific rules with the NAT device, organizations can enforce access
control policies and prevent unauthorized access to the internal network.

17
 IP Address Conservation: NAT allows organizations to conserve public IP addresses by assigning a
single public IP address to multiple devices in the internal network. This is particularly useful in
situations where public IP addresses are limited or costly.

d, Diagram:

A popular diagram related to Static NAT is the NAT (Network Address Translation) network model. In
this model, the internal network uses internal IP addresses, while the public network uses public IP
addresses. A firewall or router configured with Static NAT to map internal IP addresses to public IP
addresses. When devices on the internal network access the Internet, the internal IP address will be
converted to a public IP address through the NAT process. This allows devices on the local network to
communicate with the public network or the Internet via a fixed public IP address.

5. Analyse the benefits of implementing network monitoring systems with supporting reasons
(M1)

5.1 List some of the networking monitoring devices and discuss each of them.
a, List some network monitoring devices

1. Proactive Issue Detection: Network monitoring systems continuously monitor the network
infrastructure and detect any anomalies or performance issues in real-time. This proactive approach
allows network administrators to identify and address potential problems before they escalate and
cause significant disruptions to the network.

2. Improved Network Performance: Network monitoring systems provide insights into network traffic
patterns, bandwidth utilization, and application performance. This information helps administrators
optimize network resources, identify bottlenecks, and ensure optimal network performance. By
monitoring and managing network traffic effectively, organizations can reduce latency, improve
response times, and enhance user experience.

3. Enhanced Security: Network monitoring systems play a crucial role in detecting and mitigating
security threats. They can monitor network traffic for suspicious activity, such as unauthorized access
attempts, malware infections, or data ex filtration. By alerting administrators to potential security
breaches, these systems enable swift response and mitigation, thereby bolstering the overall security
posture of the network.

4. Capacity Planning and Scalability: Network monitoring systems provide valuable insights into
network usage trends and patterns, allowing organizations to plan for future capacity needs. By
analyzing historical data and forecasting network growth, administrators can make informed decisions
regarding network upgrades, resource allocation, and scalability. This proactive approach helps
organizations avoid unexpected network congestion or performance issues due to inadequate capacity.

18
5. Compliance and Regulatory Requirements: Many industries have specific compliance and regulatory
requirements related to network monitoring and security. Implementing network monitoring systems
helps organizations meet these obligations by providing the necessary visibility and controls to ensure
compliance. These systems can generate audit logs, track user activity, and monitor data flows, which
are essential for regulatory compliance.

b, Discuss each one

 Network TAPs (Test Access Points): Network TAPs are hardware devices that allow passive
monitoring of network traffic. They are typically installed between network devices, such as switches
or routers, and mirror a copy of the traffic to the monitoring system. TAPs ensure that monitoring
does not impact network performance and provide full visibility into network traffic.

Figure 9. Network TAPs

 Network Probes: Network probes are software or hardware devices that capture network traffic and
analyze it for various purposes, such as performance monitoring, security analysis, or protocol
analysis. Probes can monitor specific segments of the network or capture traffic from multiple points
to provide a comprehensive view of network activity.

Figure 10.Network Probes

19
 Network Analyzers: Network analyzers are software applications that capture and analyze network
traffic. They provide detailed insights into network protocols, packet-level information, and
application performance. Network analyzers are often used for troubleshooting network issues,
identifying performance bottlenecks, and analyzing network behavior.

Figure 11. Network Analyzers

 SNMP (Simple Network Management Protocol) Monitors: SNMP monitors are used to monitor and
manage network devices, such as routers, switches, or servers, that support SNMP. These monitors
collect data on network device performance, availability, and utilization, allowing administrators to
monitor and control network resources effectively.

Figure 12. SNMP

 Flow Analyzers: Flow analyzers collect and analyze network flow data, which includes information
about source and destination IP addresses, ports, protocols, and data volumes. Flow analyzers can
provide insights into network traffic patterns, top talkers, and application usage. They are commonly
used for capacity planning, troubleshooting, and security analysis.

20
 Figure 13. Flow Analyzers

 Intrusion Detection/Prevention Systems (IDS/IPS): IDS/IPS devices monitor network traffic for signs
of malicious activity or policy violations. They analyze traffic patterns, signatures, and behavioral
anomalies to detect and prevent security incidents. IDS/IPS devices can generate alerts or take
automated actions to mitigate threats, such as blocking suspicious traffic or isolating compromised
hosts.

Figure 14. IDS/IPS

5.2 Why do you need to monitor networks

 Proactively detect problems: Network monitoring allows administrators to identify and resolve
potential problems before they escalate. By continuously monitoring network performance,
administrators can detect anomalies, bottlenecks, or security incidents early and take appropriate
actions to prevent or minimize impact to network operations. network.

 Troubleshoot and resolve problems: When network problems occur, monitoring tools provide
valuable insights into the root cause. Administrators can analyze network data, identify the source of
problems, and implement remedial measures more effectively. Network monitoring speeds up
troubleshooting, reduces downtime, and improves network availability.

21
 Capacity planning: Monitoring network traffic and performance helps administrators understand
network usage patterns and plan for future growth. By analyzing historical data and trends, they can
predict capacity requirements, identify potential scalability issues, and make informed decisions about
upgrades or optimizations. network.

 Enhanced security: Network monitoring plays a vital role in identifying and mitigating security
threats. Monitoring tools can detect suspicious network activity, unauthorized access attempts, or
malware infections. They enable timely response to security incidents, preventing unauthorized
access, data breaches or other cyber threats.

5.3 What are the benefits of monitoring a network

 Improved Network Performance: Network monitoring allows administrators to identify and resolve
performance issues promptly. By monitoring key performance metrics such as bandwidth utilization,
latency, and packet loss, administrators can proactively address issues, optimize network
configurations, and ensure optimal network performance.

 Enhanced Network Security: Network monitoring tools provide real-time visibility into network
traffic, enabling the detection of security threats and suspicious activity. By monitoring for anomalies,
unauthorized access attempts, or known attack patterns, administrators can quickly respond to
potential security incidents. This leads to improved network security, reduced risk of data breaches,
and protection of sensitive information.

 Increased Network Availability: By continuously monitoring network devices, connections, and

performance, administrators can detect and resolve issues that could lead to network downtime.
Proactive monitoring helps ensure high network availability, reducing the impact of service
disruptions and maintaining productivity.

 Efficient Resource Utilization: Network monitoring allows administrators to track resource usage,
such as bandwidth or device capacity. By analyzing this data, they can identify underutilized
resources, optimize network configurations, and allocate resources effectively. This leads to cost
savings, improved overall network efficiency, and better utilization of network resources.

 Compliance and Reporting: Network monitoring helps organizations meet regulatory compliance
requirements by providing audit logs and reports on network activities. These reports can be used for
compliance audits, security assessments, and incident investigations, ensuring adherence to industry
regulations and standards. Compliance and reporting help organizations demonstrate their
commitment to data security and regulatory compliance.

22
 6. Propose a method to assess and treat IT security risks (M2)

6.1 Discuss methods required to assess security threats

 Risk Assessment: Conduct a thorough risk assessment to identify potential vulnerabilities, threats,
and their potential impact on the organization's IT infrastructure. This involves analyzing the
organization's assets, identifying potential threats and vulnerabilities, and assessing the likelihood and
potential impact of each risk.

 For example: An organization assesses the security risk of its network by identifying sensitive assets
such as customer data, financial information, and business processes. They then identify potential threats
such as cyberattacks, phishing, or malicious viruses. Finally, they evaluate the likelihood of each threat
occurring and its impact on the organization.

 Vulnerability Scanning: Use vulnerability scanning tools to identify weaknesses and vulnerabilities in
the organization's IT systems and infrastructure. These tools scan networks, systems, and applications
to detect known vulnerabilities and provide recommendations for remediation.

 For example: An organization uses a vulnerability scanning tool to test its infrastructure and systems.
They will use a network scanning tool to look for vulnerabilities in the network configuration, such as
unsecured network ports or unnecessary services being opened. Application scanning tools can detect
vulnerabilities in software or security patches that are not installed.

 Penetration Testing: Perform regular penetration testing to simulate real-world attacks and assess the
effectiveness of existing security controls. Penetration testing involves attempting to exploit
vulnerabilities in a controlled manner to identify weaknesses and potential entry points for attackers.

 For example: An organization hires a team of cybersquatting experts to perform penetration testing.
This group simulates external or internal attacks to see if they can penetrate systems and steal important
data. They will look for weaknesses and vulnerabilities to recommend improved security measures.

 Security Audits: Conduct regular security audits to evaluate the organization's adherence to security
policies, procedures, and compliance requirements. Security audits help identify gaps in security
controls and identify areas that need improvement.

 For example: An organization performs internal security audits to assess compliance with security
policies and procedures. And they will check that employees are following a policy of strong passwords
and frequent changes. They also evaluate the implementation of security measures such as firewalls, data
encryption, and access controls.

 Log Monitoring and Analysis: Implement log monitoring and analysis tools to monitor network,
system, and application logs for suspicious activities or anomalies. Log analysis can help identify
potential security incidents, unauthorized access attempts, or abnormal behavior.

23
 For example: An organization deploys a log analytic tool to monitor activity on the system. They will
analyze network logs, system logs, and application logs to detect suspicious activities such as failed login
attempts, access from unusual locations, or unauthorized configuration changes. . Log analysis helps
identify security incidents and unusual behavior.

6. 2 What is the current weakness or threats of an organization?

 Network and system vulnerabilities: Certain vulnerabilities may exist in network infrastructure,
operating systems, applications, and hardware components and may include outdated software,
configurations, or communications. network is not safe.

 User awareness and training: Evaluate user awareness and training on security best practices. To
know if employees are adequately trained to recognize and respond to potential security threats such
as phishing attacks or phishing attempts.

 Incident response capabilities: The organization's incident response capabilities, including current
processes and procedures to detect, respond to, and recover from security incidents. To be aware of
any weaknesses in incident detection, response times or communication channels.

6.3 What tools will you propose to treat IT security risks?

 Firewall and Intrusion Prevention Systems (IPS): Deploy firewalls and IPS devices to monitor and
filter network traffic, blocking unauthorized access attempts and known malicious activities.

 TotalAV Antivirus anti-virus and anti-malware solution: Install and regularly update anti-virus and
anti-malware software on all systems to detect and remove software toxic.

 Security Information and Event Management (SIEM): Implement a SIEM solution to centralize log
management, event correlation, and real-time threat detection. SIEM tools can help identify security
incidents, automate incident response, and provide valuable insights for security monitoring.

 Data Loss Prevention (DLP) Solutions: Utilize DLP solutions to monitor and prevent the
unauthorized transfer or leakage of sensitive data. DLP tools can identify and block data exfiltration
attempts, enforce data handling policies, and ensure compliance with data protection regulations.

 Manage Engine Patch Manager Plus patch management system: Use the patch management system to
ensure that the operating system, applications, and firmware are always up to date with the latest
security patches. Regular patching helps address known vulnerabilities and protects against
exploitation.

24
 7. Evaluate a range of physical and virtual security measures that can be employed to ensure
the integrity of organizational IT security (D1)

7.1 Define and explain what are physical and virtual security measures
 Physical

- Define: Physical security is related to measures to protect physical elements in an IT system, including
hardware, equipment, infrastructure and physical environment. The goal of physical security is to protect
physical assets and ensure system integrity.

- Advantage:

 Direct Protection: Physical security provides direct protection to the physical elements of the system,
such as data centers, servers, network devices, etc.

 Easy to understand and implement: Physical security measures are often easy to understand and
implement, and do not require in-depth knowledge of technology.

- Defect:

 High cost: Implementing physical security measures can be financially expensive, including
purchasing equipment, security systems, etc.

 Geographic restrictions: Physical security has geographical limitations, only protecting within a
limited physical range.

 Virtual

- Define: Virtual security refers to measures that protect virtual or digital elements within an IT system,
including data, applications, operating systems, networks and components. other digital. The goal of
virtual security is to protect the integrity and availability of virtual elements in the system.

- Advantage:

 Flexibility: Virtual security allows for flexible deployment and management, allowing security
measures to be easily adjusted and updated.

 Comprehensive protection: Virtual security provides protection for virtual elements in the system,
including data, applications and networks.

- Defect:

 Remote attack capabilities: Virtual systems often face cyber threats, including remote attacks and
network attacks.

25
 Dependence on physical hardware: Although virtual security focuses on virtual elements, it still
depends on physical hardware to function.

7.2 Give brief details with an example on their uses

a, Physical

For example:

- Physical access control system: Use smart cards or biometric recognition systems to limit access to
sensitive areas.

Figure 15. Physical security

How it works:

- Example of a physical access control system: Users would need to use a smart card or log in via a
biometric recognition system to gain access to a sensitive area. The system will authenticate the
information and decide whether the user has access rights or not.

b, Virtual

For example:

- Virtual Firewall: Use firewall software to control and monitor network traffic in a virtual environment.

Figure 16 Virtual security

26
How it works:

- Example of a virtual firewall: A virtual firewall is deployed on a physical server or a virtual

environment. It monitors network traffic to and from virtual machines and applies security rules to control
and block unwanted or malicious traffic.

7.3 How can they be a solution in IT security

Physical Virtual

Protecting Hardware Protecting Data

Preventing Physical Attacks Network Security

Securing Data Centers Virtual Machine Security

- Physical and virtual security provide a comprehensive solution for IT security by addressing different
aspects and layers of protection.

1. Comprehensive Protection: Physical security focuses on securing the physical infrastructure,

including servers, networking equipment, and data centers. Virtual security, on the other hand,
focuses on securing digital assets such as data, applications, and virtualized environments. By
combining both, organizations can ensure holistic protection for their IT systems, addressing
vulnerabilities in both the physical and digital realms.

 For example, A bank implements comprehensive security by combining both physical and virtual
security. They use physical security systems such as surveillance cameras, security doors, and access
control systems to protect data centers and critical servers. At the same time, they deploy firewalls,
data encryption, and network access controls to ensure the security of their data, applications, and
networks.

2. Defense in Depth: The principle of defense in depth suggests that multiple layers of security are
more effective than relying on a single layer. Physical security provides the first line of defense by
preventing unauthorized physical access and protecting against theft or damage of hardware.
Virtual security adds an additional layer by implementing measures such as firewalls, encryption,
and access controls to safeguard against cyber threats and data breaches. This multi-layered
approach significantly strengthens the overall security posture.

 For example, A company uses a physical server room to protect servers containing sensitive data.
They also deployed a network firewall system to prevent outside attacks. Additionally, the company
uses data encryption to protect data on servers and during data transmission across the network.

27
 3. Addressing Diverse Threats: Physical security is crucial for mitigating physical threats, such as
unauthorized access, theft, or vandalism. Virtual security, on the other hand, focuses on addressing
cyber threats, including malware, hacking attempts, and data breaches. By combining both,
organizations can effectively address a wide range of potential threats, ensuring comprehensive
protection from both physical and digital risks.

 For example, A government organization uses a physical security system to protect a data center
containing sensitive information. Besides, they deploy virtual security measures such as intrusion
detection systems, network monitoring, and malicious object analysis to detect and prevent remote
and internal cyber attacks.

4. Redundancy and Resilience: Combining physical and virtual security measures provides
redundancy and resilience. If one layer of security is compromised, the other layer can act as a
backup or provide an additional barrier.

 For example, if a cyber attacker manages to bypass virtual security controls, physical security
measures such as surveillance cameras or access control systems can detect and prevent further
unauthorized access.

5. Compliance and Regulatory Requirements: Many industries have specific compliance and
regulatory requirements that necessitate the implementation of both physical and virtual security
measures.

 For example, data protection regulations often require organizations to have physical safeguards, such
as secure data centers, in addition to virtual safeguards like encryption and access controls. By
combining both, organizations can meet these requirements and ensure compliance with relevant
regulations.

→ Therefore, physical and virtual security complement each other and provide a comprehensive solution
for IT security. By combining the two, organizations can address a wide range of threats, create multiple
layers of defense, and ensure comprehensive protection for their physical and digital assets.

III. CONCLUSION
Identify types of organizational security threats. Describe some of the procedures that ensure
organizational security. Propose a framework to assess and address threats to IT protection. Identify the
possible impact of Firewall regulations and settings IDS is not suitable for IT protection. Explain how
implementing DMZ, static IP, and NAT in a network will enhance network stability, using illustrations for
each

28
IV. Evaluation
- All the theories in the presentation are synthesized from good reputation sources with my own research
based on those available theories so information that this report brings to are reach even higher standard
level.

- Strengths: This course offers students a lot of simple yet practical cybersecurity information

- Weakness: This course is strong on theory, easily repetitive for students to research, particularly the
conventional type of learning, with little interaction between instructor and student.

- Opportunities: This subject opens new job opportunities for graduates, providing an option

- Threats: students need to study constantly and invest a lot of time focused on learning a great deal of
content, as well as a requirement for students to scan and pick awareness resources and improve their
recall resources.

V. REFERENCES

[1] IT risk management (no date) What is IT risk? Available at:

https://www.nibusinessinfo.co.uk/content/what-it-risk (Accessed: 7 March 2024).

[2] Cobb, M. (2021) What is physical security?, Security. TechTarget. Available at:
https://www.techtarget.com/searchsecurity/definition/physical-security (Accessed: 7 March 2024).

[3] VietnamNet, B. (2021) 10 vụ tấn công mạng và xâm phạm dữ liệu hàng đầu năm
2023, https://baomoi.com. baomoi.com. Available at: https://baomoi.com/10-vu-tan-cong-mang-va-xam-
pham-du-lieu-hang-dau-nam-2023-c48291951.epi (Accessed: 7 March 2024).

[4] Deshpande, C. (2023) What Is Firewall: Types, How Does It Work & Advantages:
Simplilearn, Simplilearn.com. Simplilearn. Available at: https://www.simplilearn.com/tutorials/cyber-
security-tutorial/what-is-firewall#:~:text=Firewalls%20are%20network%20security%20systems,in
%20enterprise%20and%20personal%20settings. (Accessed: 7 March 2024).

[5] What is a VPN? Why Should I Use a VPN?: Microsoft Azure (no date) Why Should I Use a VPN? |
Microsoft Azure. Available at: https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/
what-is-vpn (Accessed: 7 March 2024).

29