P1

Spoofing- The act of Spoofing refers to when the attacker impersonates another device or user on a
network to launch any attack that would usually require a reply from the victim device network such
as a sending a ping command or packets. However, the attacker spoofs their identity to portray
themselves as another device or user, and therefore any reply from the attack will not go back to the
attacker themselves, but to the spoofed identity. This form of attack is usually carried out on a larger
scale, so that the attacker can make use of a collection of infected computers without having to do
much work himself when attacking a network. Some of the most common forms of Spoofing are the
likes of IP Address Spoofing, ARP Spoofing and DNS Spoofing. With the example of IP Address
Spoofing, this form of attack fits together with DoS attacks, as it would result in the victim being
targeted by what seems to be many 'legitimate' sources, rather than the one source, being the
hacker himself. 

Software exploitation- This is when people try to exploit faults in software to gain access to
computer systems. Could maybe be people who worked for the company who know the software
inside out or someone who has been searching for an exploit since it was released.

Rootkits- Rootkits are another type of malicious software, they are activated before your system's
operating system has completely booted up making them difficult to detect. Rootkits can get onto
your computer hidden within software you download or attached to emails you open. A Rootkit will
allow somebody to administratively control your computer, meaning they can install files, monitor
user activity, create hidden user accounts, access logs and even change the computers configuration;
all without you even noticing, this is what makes them so dangerous. Rootkits are also able to
intercept data from terminals, network connections and even the keyboard.

Brute force- A brute force attack is an attack when the hacker will try to gain access to an account
by using software to repeatedly guess their password. Instead of just trying every word in the
dictionary, a brute force attack will try literally every combination possible, out of all the characters,
letters, and numbers there are on your keyboard. This type of attack is usually more successful than
the dictionary method but does however take longer to do.

Back door- A backdoor attack has many different methods an example of which is A Trojan which is
a destructive program that is hidden inside an application, at first glance it will appear to be useful
software but will damage your computer once installed or run. For example, the hacker would
upload a file to the Internet called "Photoshop Cs5 For Free", within that application he would attach
a Trojan Horse, anybody that downloads this file and runs it will be infected meaning the hacker
could have access to thousands of computers. The Trojan can then create a backdoor by opening
some of the computer ports without the user realising, these ports will then be used by he hacker to
gain access to the user’s computer.

Sources of attack:
Hacker – This could be a hacker who is looking for information to sell to make a profit. These types of
hackers will break a lot of laws to get what they want; these are known as black hats. On the other
hand, there are white hats who tend to hack networks and then tell whoever owns it how they did it
so that it can be fixed. They do this even though they are still breaking laws. Hackers will use all
different network attacking types to get access to the network such as backdoors and brute force.
Ex-employee  – This could be a programmer who was fired from their job and want revenge on the
business. They could possibly use software exploitations if they were one of the ones working on the
software themselves and know it inside out. Or they may know of a backdoor in the businesses
network that they could access to erase all of the data.

Online strangers – When a person gets extremely annoyed playing an online video game as they’re
losing, they can use a programme to get the IP addresses on the opposing team and DDoS them. This
is if they have the necessary programmes and know how to do this. Not only is this being a bad
sport, but they can actually effect peoples gameplay and sometimes completely knock their router
offline.

P2
Secure MIME- secure multi-purpose Internet mail extension is a widely used method of securing
emails. This protocol will encrypt all incoming and outgoing emails which is vitally important for any
organisation that may be exchanging sensitive information. 

Digital signatures- A digital signature is an attachment put on an electronic message as a method of

authenticating the person sending the message. The signature must be obtained through a
recognized authority. It basically means when someone is sending personal information it is
encrypted, this is important for information such as credit card numbers when making online
purchases. The information is then decrypted once it has been sent via the signature. The main
advantage of this being when a user is entering confidential information they know they can trust
the website. One of the disadvantages is that it can be expensive to maintain.

Biometrics- Biometrics is a unique method of authentication, this is because it can either make
decisions based on the user’s behaviour or their physical attributes. I.e., fingerprints, Retina Scan,
Palm scan. These are all things an attacker cannot physically steal or easily forge, which is what
makes this method so secure. The disadvantages of this method are that it is very expensive to set
up and maintain and it can also be more time consuming than simply entering a password

MAC Association- MAC association is another method of securing a network; you set up MAC
association by providing the DHCP server with a list of all of the computers MAC addresses you want
to be able to access the network. This means only the computers with one of the given MAC
addresses will be able to access the network. You cannot change your computers MAC address
meaning it would be very difficult for an attacker to access your network.

WEP & WPA- WEP is short for wired equipment privacy; it is a method of encrypting data over IEEE
802.11 wireless networks. WEP is designed to provide the same level of security as wired LAN
networks. Wireless networks are broadcast using radio waves meaning they are more vulnerable to
tampering. WEP is a very weak method of encryption so data can be intercepted quite easily. WPA
stands for Wi-Fi protected access, it is another method used to secure wireless networks. WPA was
designed to work with existing Wi-Fi products already configured with WEP and improve upon WEPs
security features.

TKIP- Temporal Key Integrity Protocol is a wireless network security protocol. TKIP encryption is
stronger than WEP, which was the first Wi-Fi security protocol. With TKIP comes the ability to
increase your encryption strength, avoid collision attacks without hardware replacement, it will
serve as a WEP code wrapper and adding per-packet mixing of MAC base keys and serial numbers, it
can also assign a unique 48-bit sequencing number to each packet.

M1.
Firewalls- Firewalls are designed to prevent unauthorised access to a computer or network. You can
implement a firewall in both hardware and software, or a combination of both. A firewall will
monitor data packets coming in and out of the network it is protecting and will enforce the
company's network security policy. It filters out the packets that look suspicious and do not meet the
specified security criteria. Most organisations use firewalls to protect their network from the
Internet.
There are a few different types of firewall, these are Packet Filtering Firewall, Stateful Inspection and
Proxy Firewalls.

Packet Firewalls- Packet filtering was the first type of firewall to be created, a packet filtering firewall
will control what data can flow into and out of a network. It will accept or reject packets of data
based on a set of user-defined rules, these rules are called ACLs. ACLs are lines of text that the
firewall will apply to each packet of data it receives, these lines of text provide specific information
defining what packets can be accepted, and what packets must be denied. The main advantage of
using a packet filtering firewall is that they are very flexible, you can easily customise the firewall and
allow it to work with many different protocols and applications. Another advantage is that they are
not application-dependant and they can work at high speeds because they do not carry out
extensive processing on the data packets. However, there are a few disadvantages of packet filtering
firewalls. Due to the small number of variables used in access control decisions, they are susceptible
to security breaches caused by improper configurations and they also cannot prevent attacks that
employ application-specific vulnerabilities.

Stateful Firewalls- Stateful inspection packet filtering tracks each connection travelling across the
network. The firewall is programmed to remove packets that come from an unknown connection,
only the packets that come from a known, trusted connection will be allowed through the firewall.
Stateful inspection firewalls will maintain a state table that will keep track of all the communication
channels, filtering decisions are based not only on user-defined rules (as in packet filtering) but also
on context that has been established by prior packets that have passed through the firewall.

Proxy Firewalls- Proxy firewalls are very secure, this does however come at the expense of speed
and functionality. Proxy firewalls are secure because unlike other types of firewall, data packets do
not pass through a proxy; instead, the proxy acts as a mirror and makes a new network connection
based on the request. This prevents direct connections meaning it is harder for attackers to discover
the location of the network. When the proxy firewall receives the request it first looks it over for
suspicious information before allowing that data to reach the protected network. The advantages of
using proxy firewalls are that it is the most secure type there is, they look at information within the
packets up to the application layer and they also break the connection between trusted and
untrusted systems. There are however a few disadvantages, proxy firewalls can only support a
limited number of applications, they generally degrade traffic performance and slow the network
down and the breaking of untrusted connections can be bad for functionality.
File monitoring- File monitoring is a system used to detect malicious files that may be infected with
viruses and cause harm to a computers on a server and is commonly used to protect several and is
also more effective this way rather than just protecting one computer as it quarantines the files and
stops the spreading to other computers nearby.

Honeypots- This is a system where a server would be set up in the screened subnet or demilitarised
zone to lure attackers to it. This server would be set up separately from the actual server and will
hold dummy information, this will trick the attacker into thinking they have found the organisations
actual server. To make this server attractive to attackers the organisation would leave some ports
open that are popular to attack. To help make the Honeypot more realistic the server would contain
some security software, this software will be easy enough to get through but will still reassure the
attacker they have found the correct server. While the attacker is trying to gain access to the dummy
server the organisation can monitor what the attacker does so that they can prevent future attacks
to the real server and improve overall security. Some administrators may even use detailed logs to
gain the identity of the attacker and either attack back or notify the police.

P3
Policies and Procedures

Security Policies- A security policy is a document containing the rules and regulations regarding
computer network access within an organisation. The purpose of the security policy is so that all the
users within the organisation have a set of rules to follow and so the organisation can protect their
devices. The security policy will be constantly changing and being improved because over time they
will discover more and more things they have missed out. It is important to have a security policy in
place so that all their data is secure and can only be accessed by authorised people.

Backup- All organisations should have very clear policies regarding backup. In most IT organisations a
backup is taken at the end of each day to ensure all work completed that day cannot be lost. Usually
at the end of each month all backups are checked to ensure they are being taken correctly. Backups
are essential in any organisation to ensure no important files are ever lost.

Monitoring- Organisations should have policies in place regarding computer monitoring for all
employees. Monitoring refers to watching an employee’s screen to ensure they are not doing
anything they are not meant to be doing, and that they are getting on with their work as they should
be. Random monitoring should take place at various times to ensure that the network stays secure
and no employees are trying to do anything they should not be.

Access permissions- Access permissions are a list of rules stating what things a user is able to do on
their computer, for example some people may have access to more data than others. Every
employee working for the organisation will have a set of access permissions unique to them,
although usually it is done in groups, for example managers will have access to more than a regular
employee would have access to.

User Responsibility.

Password Policy- A password policy will dictate what an employee can have as their password, for
example how many letters it should contain and whether it should contain numbers and characters.
The policy will also state that the password must be changed every so often, usually around every 6
weeks. This is to ensure the network always stays secure. Password policies are designed to keep all
employees accounts safe and make it harder for an attacker to gain access to the network.

Data Protection Policy- A data protection policy will control how personal information is used by the
organisation, they will have to follow strict rules called ‘data protection principles’ to ensure
personal data is used and lawfully and they abide by the data protection act.

Software Installation- Employees cannot install any software they like on the organization's
computers; this is because software could contain harmful files such as viruses that could access the
network and the corrupt sensitive data. When an employee needs to use a piece of software they
will have to apply to get it installed on their PC.

Internet use policy- an internet use policy will list the do's and don'ts when using the internet at
work, for example employees are not allowed to access the internet for personal use i.e., social
networking. They must only access the internet if it is work related.

Education of IT professionals

All organisations should have policies in place regarding education and training, this is to ensure all
colleagues are able to use the latest software and are aware of the latest and best techniques to use
when working on the organization's network. If a colleague regularly uses a piece of software, and a
2013 version is released with new helpful features, training all your colleagues to use the latest
version will cost you money, but in return it will theoretically enable them to produce work faster
and easier than before. 

Continuous Professional Development- It is important to ensure that every member of staff working
for your organisation has up to date knowledge regarding security threats. Organising training
sessions is important to ensure your network stays secure. Your organisation should have a policy
regarding CPD for IT professionals.

Physical Security

Organisations need to physically secure their computer systems, there is no point spending time and
money preventing hackers from gaining access to your network when somebody could easily walk
into the office and sit down at one of your physical computers connected to the network. There are
a few methods you could use to physically secure your network.

Lock and Key - Using a lock and key is a good method because only the keyholders will be able to
gain access, the disadvantage of this method however, is that the key could be stolen and used by
anybody.

CCTV/Security Guards - Using cameras and security guards would be a very good method to use as it
is very secure and will be harder for an attacker to bypass. The disadvantage of this method is that it
is by far the most expensive as you will have to pay the guards a salary.
Logging of entry - This is a secure method that will only allow card holders onto the organization's
premises; however, it shares the same disadvantage of the lock and key method where anybody can
steal a card and use it to gain access.

Biometrics Authentication - This method allows access based on physical attributes. I.e., fingerprints,
Retina Scan, Palm scan. These are all things an attacker cannot physically steal or easily forge, which
is what makes this method so secure. The disadvantages of this method are that it is very expensive
to set up and maintain and it can also be more time consuming than simply entering a password.

Risk Assessment and Reduction

Risk assessment takes place to assess what risks there are in the workplace, for example broken
chairs, loose cables and other health and safety issues another method is for the company to hire an
ethical hacker to try and gain access to their network, if the hacker can break their system they will
then be able to fix it and improve their security.

M2

Two Factor Standard of Authentication- Two factor standard of authentication is when two different
types of proof are necessary. For example, when withdrawing money from an ATM you would need
a valid debit card and the corresponding PIN number. Two factor standards of authentication are
better and far more secure than one factor standard authentication because it requires the attacker
to gain two different types of authentication which is much harder than finding out just one. 

Username/Password- This method requires the user to provide a valid username and corresponding
password, if either of these is incorrect they will be denied access. This is a good method of
authentication because it requires two pieces of confidential information, which can both be
updated and changed regularly to keep the account secure. An advantage of using this method of
authentication is that there is nothing physical that an attacker can steal, such as an ID card or key.
However, a disadvantage of this method is if an attacker got hold of your password either through a
keylogger or by looking over your shoulder it would be very easy to gain access to your account.

Biometrics Authentication- Biometrics is a unique method of authentication, this is because it can

either make decisions based on the user’s behaviour or their physical attributes. I.e., fingerprints,
Retina Scan, Palm scan. These are all things an attacker cannot physically steal or easily forge, which
is what makes this method so secure. The disadvantages of this method are that it is very expensive
to set up and maintain and it can also be more time consuming than simply entering a password.

Digital Certificate- A Digital Certificate is a hash value that has been encrypted with the sender’s
private key. Forging a digital signature is impossible, this means by using a signature you are
eliminating the possibility of an imposter signing the document. By having a digital Certificate, you
are proving the message is from you and therefore reassuring the recipient the document is valid
and it does not contain false information. . The main advantage of this being when a user is entering
confidential information they know they can trust the website. One of the disadvantages is that it
can be expensive to maintain.

Token-based authentication- Token-based authentication technologies enable users to enter their

credentials once and receive a unique encrypted string of random characters in exchange. You can
then use the token to access protected systems instead of entering your credentials all over again.
The digital token proves that you already have access permission. Use cases of token-based
authentication include RESTful APIs that are used by multiple frameworks and clients.

In conclusion Authentication technology is always changing. Businesses must move beyond

passwords and think of authentication as a means of enhancing user experience. Authentication
methods like biometrics eliminate the need to remember long and complex passwords. As a result of
enhanced authentication methods and technologies, attackers will not be able to exploit passwords,
and a data breach will be prevented as a result of this I would have to recommend biometric
authentication.