p

Assignment
Course Tittle Pearson BTEC Higher National Diploma in Computing.

Unit Number and Title: 05: Security

Assignment Title Security Solution for E-Tec

Name of the Learner Mohamed Atheeb

Ref. No. of the Learner Pearson Regd. No.
01, 02, 03 & 04 Batch No & Semester HND 12,13 & 14
Assignment Number Semester 01
Issue Date 11.01.2023 Final Submission Date 11.02.2023

Re-submission Date Actual Submission Date

Unit Assessor: Mr. Mohamed Ishraque Academic Year 2022/2023

Assessor Summative Feedback

Formative feedback

Grade: Assessor Signature: Date

Feedback: Student to Assessor

Student Signature Date

Student Agreement:
I understand the feedback given to me and agree to carry out the actions in future works as required and indicated.

Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken
place and grades decisions have been agreed at the assessment board.

1|Page
 STUDENT ASSESSMENT SUBMISSION AND DECLARATION
When submitting evidence for assessment, each student must sign a declaration confirming that the work is their own.

Student name: Assessor name: Mr. Mohamed Nizzad

Issue date: Submission date: Submitted on:

11.02.2023
11.01.2023
Programme:
Pearson BTEC Higher National Diploma in Computing.

Unit: 05: Security

Assignment number and title:

Security Solution for E-Tec

Plagiarism
Plagiarism is a particular form of cheating. Plagiarism must be avoided at all costs and students who break the rules, however
innocently, may be penalized. It is your responsibility to ensure that you understand correct referencing practices.As a university level
student, you are expected to use appropriate references throughout and keep carefully detailed notes of all your sources of materials for
material you have used in your work, including any material downloaded from the Internet. Please consult the relevant unit lecturer or
your course tutor if you need any further advice.

Student Declaration
Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. Iunderstand
that making a false declaration is a form of malpractice.

Student signature: Atheeb 2023/02/06

Date:

2|Page
 Task Evidence

Review plan and Progress Review 1: Date Task to be

completed Review 2: Date Task to be completed

Review Number Review 2

Tasks shown (To be filled by Student)

Date of work shown

Type of evidence shown

Student Signature

Assessor Signature

3|Page
 Achievement Summary and Review Feedback

Achieve
Grading criteria Reference Task feedback to student(comments) d(Yes/No
)

Review
Feedback

Part
LO 1&2 1

LO
Summative
Feedback

Review
Feedback

Part
LO 3 & 4 2

LO
Summative
Feedback

4|Page
 Higher National Diploma in Computing
Assignment Brief

Student Name/ ID Number

Unit Number and Title 05: Security
Academic Year Year 1, Semester 2
Unit Tutor Mr. Mohamed Ishraque
Assignment Title Security Solution
Issue Date 11.01.2023
Submission Date 11.02.2023

Submission Format
Part 1:
The submission is in the form of an individual written report. This should be written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs, and subsections as
appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please
also provide a bibliography using the Harvard referencing system. The recommended word limit is 1500-2,500 words,
although you will not be penalized for exceeding the total wordlimit

Part 2:
The submission is in the form of an individual written report. This should be written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs, and subsections as
appropriate, and all work must be supported with research and referenced using the Harvard referencing system.
Please also provide a bibliography using the Harvard referencing system. The recommended word limit is 1500-2,500
words, although you will not be penalized for exceeding the total wordlimit

Part 3:
The submission is in the form of an individual written report. This should be written in a concise, formal business style
using single spacing and font size 12. You are required to make use of headings, paragraphs, and subsections as
appropriate, and all work must be supported with research and referenced using the Harvard referencing system.
Please also provide a bibliography using the Harvard referencing system. The recommended word limit is2000-2,500
words, although you will not be penalized for exceeding the total wordlimit

Security policies must be separately attached. This should be written in a concise, formal business style using single
spacing and font size 12. You are required to make use of headings, paragraphs, and subsections as appropriate.

Unit Learning Outcomes

LO1 Assess risks to IT security LO2
Describe IT security solutions
LO3 Review mechanisms to control organizational IT securityLO4
Manage organizational security
5|Page
 Assignment Brief and Guidance

Part 1
E- Tec Is a software development company in Kalmunai. Recently E-Tec lost several important data due tosecurity
vulnerabilities. Immediately E-Tec wanted to solve this problem at any cost.

You have been appointed as the Penetration tester to E-tec. As the first part of your duty, you decided to identifythe possible
security risks E-Tec might have faced and to require to access and treat the identified risks.

And additionally, you decided to suggest security procedures to E-Tec, to streamline and to avoid any futuresecurity
threats.

Part 2
You work as IT security head in E-Tec company. One of your junior network administrators made a mistake by incorrect
configuration of firewall, thankfully you noticed it by regular monitoring and prevented the exposure. Because of this
incident you thought of conducting a workshop for all the junior IT staff members who work under you. For your
workshop you decided to address the following issues.
1. The potential impact of incorrect configuration of Firewalls and third-party VPNs. Provide real time
examples.
2. To improve network security in any organization, how implementing DMZ, static IP, and NAT aid the
security?
3. Discuss the importance of network monitoring, provide benefits with proper reasons.
4. Evaluate suitable physical and virtual security measures for E-Tec company, which can ensure theintegrity
of the E-tec’s IT security. (3 security measures for each)
Part 3
As the penetration tester you decided to conduct an IT security Audit for ABC. Before conducting the audit ABC
management asked you to give a report about the possible impacts of an IT security audit to ABC company.
Your report should include the recommendations suggested by the stakeholders.

After you conducted the audit successfully, you found some major flows in the current security system and
procedures.
The problems are listed below

 No proper procedures to assess the risks and ABC does not comply with any data protection processesor
regulations.
 No organizational disaster recovery plans
 No IT security policy
To streamline ABC’s IT security, you decided to create a report to do the following steps as the initial part of thesolution.

 Explain about the applicable data protection processes and regulations to ABC Company with the guidance
of ISO 31000 Standard
 Proper risk assessment procedures and the possible impact of not having a risk assessment procedurefor ABC
company.
 Create a disaster recovery plan by identifying the key components of an organizational disaster recovery
plan with the proper justification for the inclusion of the key components.
 Create an IT security policy for ABC, in your IT security policy include 3 of the following policies. (Password
Policy, email policy, acceptable use policy, Ethics policy, DRP policy & clean desk policy)
 Explain how IT security policy can be aligned with organizational policy, and negative impacts of
misalignments of these policies.
 Finally identify the tools used in the organizational policy and evaluate them.

6|Page
 Learning Outcomes and Assessment Criteria
Pass Merit Distinction
LO1 Assess risks to IT security LO1 & 2
P1 Identify types of security M1 Propose a method to assessand D1 Investigate how a ‘trusted network’
risks to organizations. treat IT security risks. may be part of an IT security solution.

P2 Describe organizational
security procedures.
LO2 Describe IT security solutions

P3 Identify the potential M2 Discuss three benefits to

impact to IT security of implement network monitoring
incorrect configuration of systems with supporting reasons.
firewall policies and third-
party VPNs.

P4 Show, using an example for

each, how implementing aDMZ,
static IP and NAT in a network
can improve Network
Security.
LO3 Review mechanisms to control organizational IT security

P5 Discuss risk assessment M3 Summaries the ISO 31000 risk D2 Consider how IT security can be
procedures. management methodology and its aligned with organizational policy,
application in IT security. detailing the security impact of any
misalignment.
P6 Explain data protection
processes and regulations as M4 Discuss possible impacts to
applicable to an organization. organizational security resulting
from an IT security audit.
LO4 Manage organizational security

P7 Design and implement a M5 Discuss the roles of stakeholders D3 Evaluate the suitability of the tools
security policy for an in the organization toimplement used in an organizational policy.
organization. security audit recommendations.

P8 List the main componentsof

an organizational disaster
recovery plan, justifying the
reasons for inclusion

7|Page
PART 01
1.IT threats

An event constitutes a threat if it has the potential to exploit a vulnerability (a prospective attack just waiting to
happen) and cause damage to the network. Threats in the virtual world usually parallel those in the physical world.
Threats including robbery, vandalism, and eavesdropping have all made their way into cyberspace from the real world,
typically via the Internet. But there are also significant differences in the application of various assaults, the level of
automation needed, and the dissemination (or propagation) of attack techniques.

1.1Malware attack

Computer malware, or malware, is developed by internet attackers and often takes the form of a program or piece of
code. Some cyber security assaults that try to seriously destroy systems or gain unauthorized access to a computer put
organizations at risk.

How does malware attack?

 Malware can infect a device in a variety of ways, including through email attachments that contain links or files
that must be opened by the user in order for the malware to run.
 This category of assault includes: computer viruses, Trojan horses, worms and spyware.

1.1.1 Computer viruses

A computer virus is a malicious software program that silently loads into a user's computer and does evil activities.

They are usually brought on by humans. However, since they are

produced and dispersed, no one has direct control over how they diffuse.
A virus that has infected a computer attaches itself to another software
so that when the host program runs, the virus's actions are also activated.
It has the ability to replicate itself, attaching to other files or programs
and infect them in the process. However, not all computer infections are
harmful. However, the majority of them carry out malicious acts, like
erasing data. Some viruses wreak remain dormant until a specific event
(as intended) is started, which triggers their code to run in the computer.
Some viruses cause havoc as soon as their code is executed, while others wait till that event is initiated. When software
or documents with viruses are moved from one computer to another over a network, a disk, file-sharing protocols, or
through contaminated email attachments, viruses are disseminated. Different stealth techniques are employed by some
infections to evade detection by anti-virus software. Some viruses, for instance, can infect files without making them
larger, while others attempt to avoid detection by terminating the processes connected to antivirus software before they
are discovered. When they infect a host file, some vintage viruses make certain that the "last changed" date stays the
same

8|Page
There are many ways to virus can be spread or attack
 Downloading free games, toolbars, media players and other software.
 Visiting an infected and unsecured website.
 Clicking on advertisement.
 Clicking on an executable file.
 Using of infected removable storage devices, such USB drives.
 Opening spam email or clicking on URL link.
 Installing free software and app.

1.1.2 Trojan horse

Computer viruses are known as "trojans" or "trojan horses." It's a type of computer program that masquerades as
commonplace tools, entertainment software, and occasionally even antivirus software. It can harm file allocation
systems, destroy data from the hard drive, and halt background system processes once it has been installed on the
computer.

,
Typically, email attachments are used to spread Trojans. These emails have been changed to give the impression that
they are real. The system gets damaged as soon as the user downloads and opens the associated file. Additionally,
shareware and freeware downloads online sometimes include Trojans. Even while not all shareware contains Trojans,
it is nevertheless advisable to only download software and freeware from trustworthy sites. Furthermore, it is crucial
that you make a wise decision while having the installation done. Depending on the objectives of the attacker, there are
many different methods to utilize Trojans. Examples include user activity tracking, data theft, computer breakdowns,
espionage, and identity theft. Most anti-virus systems often spot Trojans, and unless they are intentionally installed,
they have little impact on the computer.

Additionally, they are not self-replicating but can join a virus that spreads to other machines on the network. One may
maintain a computer safe and secure by installing reputable anti-virus software, updating computer virus definitions,
being cautious when opening email attachments, even if they appear to be legitimate, and paying attention to system
security popup notifications.

9|Page
1.1.3 Worm

A malicious, self-replicating computer program known as "malware" that obstructs the functionality of software and
hardware programs is known as a computer worm.

In many aspects, it satisfies the definition of a computer virus. It can, for instance, duplicate itself and propagate
throughout networks. For this reason, worms are frequently referred to as viruses as well. Computer worms, however,
vary from computer viruses in a few ways. First, worms exist as distinct entities or freestanding software, in contrast to
viruses, which must latch onto files (host files) before they can spread inside a computer. They don't require host
applications or files. Second, unlike viruses, worms only live-in active memory and replicate themselves rather than
altering files. Worms make use of automatic and frequently unnoticeable operating system components. Only when
their unchecked replication uses up system resources and slows down or stops other tasks does their presence in the
system become obvious. Worms employ one of two methods to spread: they either take advantage of the target
system's vulnerability or deceive people into running them. Once they are within a system, they use its file-transport or
information-transport capabilities to move around on their own. Recently, a computer virus known as the "Stuxnet
worm" made headlines around the globe when it attacked Iran's nuclear facilities.

How does worm spread?

It has the ability to spread automatically, exploit security holes in software, and try to get access in order to steal
sensitive information, corrupt files, and install a back door that allows remote access to the system.

1.1.4 Spyware

A sort of software known as "spyware" aims to steal private or business information. It is performed by doing a
number of tasks without the required user rights, sometimes even covertly. Spyware frequently engages in advertising,
data collection, and changes to user configuration settings on the computer.

The most prevalent types of spyware include Trojans, Trojan horses, adware, tracking cookies, and system mo nitors.
The most common methods for spyware to reach a computer are through freeware and shareware packages containing
hidden components. Once properly installed, a spyware application starts passing data from that computer in the
background to a separate location.

Today, pop-up adverts are commonly sent via spyware based on user behavior and search history. However, dangerous
spyware is difficult to recognize since it is hidden in system files on the computer.

One of the simplest and most prevalent yet dangerous tools is the keylogger. Because it can record passwords, credit
card numbers, and other sensitive information, it is used to record keystrokes that might be deadly. Additionally, it is
installed on certain company PCs and shared networks on purpose to keep track of user behavior.

Spyware has the ability to alter user preferences, permissions, and administrative rights when it is installed on a
computer. This may prevent people from accessing their own computers and, in rare instances, lead to the total loss of
all data. Spyware is created to keep an eye on a machine. Additionally, malware that runs in the background may raise
the number of processes and increase crash frequency. Also commonly slowed down is a computer.

Utilizing reputable antivirus and antispyware software is the best way to keep protected. More significantly, take care
to correctly remove the pre-checked options when installing freeware products.
10 | P a g e
How does spyware attack?

It may be deployed as standard malware like deceptive adverts, emails, and instant messages, be an unnoticed
component of software packages, or begin operating automatically on your machine.

1.2 Social engineering

A broad variety of hostile activities carried out through interactions with other individuals are referred to as "social
engineering" in this context. Users are psychologically manipulated into disclosing important information or making
security mistakes. Social engineering attacks can take one or more steps. A perpetrator first researches the target to
obtain background information such as likely avenues of entry and inadequate security measures in order tosq1 get
ready for an assault. The attacker then tries to gain the victim's confidence by promising rewards in exchange for
subsequent security-breaking behaviors, including releasing private information or granting access to essential
resources. Anywhere there is a prospect of human connection, social engineering attacks may be conducted. Below is a
list of the five most common forms of cyber social engineering assaults.

1.2.1 Phishing

Phishing is a kind of network attack in which the attacker pretends to be a reliable company in order to trick consumers
into giving them their personal information.

Hackers regularly assume the identities of companiess, online transaction websites, e-wallets, and credit card
companies in order to trick clients into divulging valuable information including login credentials, transaction
passwords, credit card numbers, and other crucial details. Hackers frequently employ this attack method through email
and SMS messages. If users read an email and click on a malicious link, they will be asked to log in. If "hooked," the
hacker will immediately acquire the data. Phishing first became known in 1987. The words "fishing for information"
and "phreaking," which describes a free phone-based scam, are combined to generate the term "phishing." Due to the
parallels between "fishing" and "fishing for user information," the word "phishing" was developed.

How does phishing attack?

 In a phishing email assault, an attacker sends phishing emails to the victim's email address that appear to have
come from their companies and requests personal data from them.
 The message includes a link that takes you to another vulnerable website in order to steal your personal data.
 Therefore, it is best to avoid clicking on or opening such emails and to refrain from giving out important
information

1.2.2 Baiting

As the term suggests, baiting attacks use a fictitious promise to spark a victim's curiosity or sense of avarice. In order
to steal their personal information or infect their systems with malware, they trick users into falling for a trap.

The most despised type of baiting spreads malware using tangible media. Infected flash drives are frequently used as
bait by attackers, who place them in plain sight where potential victims are sure to see them (e.g., bathrooms,
elevators, the parking lot of a targeted company). The lure has a legitimate appearance, including a label that presents
it as the business's payroll list.

11 | P a g e
Out of curiosity, the victims pick up the bait and place it into their home or office computer, which causes the system
to automatically download malware. Baiting con games don't always have to be played out in the real world. Online
baiting takes the form of attractive advertisements that direct visitors to harmful websites or prod them to download
malware-laden software

1.2.3 Scareware

Scareware constantly barrages victims with false alerts and fraudulent threats. Users are duped into thinking that their
computer is infected with malware, which causes them to install software that either serves simply to make money for
the offender or is malware in and of itself. Scareware is also known as fraud ware, deception software, and malicious
scanning software.

Scareware frequently takes the form of the seemingly genuine popup advertising that display in your browser as you
browse the internet and contain text like "Your computer may be infected with hazardous spyware software." Either it
offers to install the dangerous tool on your computer for you, or it refers you to a malicious website that infects your
computer.

1.2.4 Pretexting

Here, an assailant uses a series of expertly crafted falsehoods to obtain information. A perpetrator who claims to
require the victim's private information to do an important assignment is typically the one who starts the deception.

By pretending to be a coworker, police officer, companies or tax official, or any other person with the power to know
anything, the attacker often starts by winning the victim's confidence. The pretexter gathers vital personal data by
asking questions that are ostensibly required to confirm the victim's identity.

Social security numbers, individual addresses and phone numbers, phone records, dates of staff vacation, companies
records, and even security information linked to a physical plant are all obtained through this scam.

1.2.5 Spare phishing

In this more focused variation of the phishing scam, the attacker picks certain people or companies to target. Then, in
order to make their attack less obvious, they modify their communications based on the traits, positions held, and
contacts of their victims. Spear phishing is far more difficult to pull off and might take weeks or even months to
complete. If done expertly, they're significantly more difficult to detect and have higher success rates.

An attacker could send an email to one or more employees while posing as an organization's IT consultant in a spear
phishing scenario. It is written and signed exactly like the consultant would, leading recipients to believe it is an actual
message. Recipients of the mail are urged to update their passwords, and a link in the message sends them to a
fraudulent page where the attacker can now steal their credentials.

12 | P a g e
1.3 Network attack

A network attack is an attempt to gain unauthorized access to a company's network with the goal of stealing
information or engaging in other damaging conduct. Generally speaking, there are two types of network attacks:

 Attackers that get access to a network and are able to monitor or take sensitive data do so passively, preserving
the data's integrity.
 Attackers who are actively altering data in addition to getting unauthorized access to it may delete, encrypt, or
damage it in some other way.

We differentiate between several other form of assaults and network attacks

 Endpoint attacks: unauthorized access to user devices, servers, or other endpoints, usually by malware
infection.
 Malware attacks: introducing malware into IT resources, which enables attackers to take control of systems,
steal data, and cause harm. Attacks using ransomware are also among them.
 Vulnerabilities, exploits and attacks: using software flaws in the organization's software to compromise,
sabotage, or obtain illegal access to systems.
 Advanced persistent threats: These are sophisticated, multi-layered threats that encompass both network and
other assault type.

The fundamental objective of an assault on a business network is to breach the perimeter and get access to inside
systems. Once inside, attackers typically combine various attack strategies, like damaging an endpoint, spreading
malware, or exploiting a weakness in a network architecture.

1.3.1 SQL injection

SQL injection is an application layer attack technique that hackers use to exploit web-based systems and steal
information from businesses.

By taking advantage of poor coding practices or insufficient database credentials granted to the application user who
accesses this database, hackers can attack a web application's underlying data storage using SQL injection. If user
input fields are not properly checked at the application level, SQL statements can pass through and directly query the
database, leading to SQL injection. This gives attackers the ability to alter or even delete existing data, spoof identities,
change administrative rights, and in some cases, void transactions and change balances.

Consider a standard login page where users can input their usernames and passwords to view or edit their personal
information, for illustration. Following the user's submission of the information, a SQL query is created using that
information and submitted to the database for validation. If the user is deemed legitimate, access is granted. The
attacker can now bypass the login form and view what is behind it by inserting certain specially designed SQL queries
through SQL injection. This is made feasible by inputs that are improperly sanitized (i.e., rendered invulnerable) and
are sent along with the SQL query to the database, which allows the attacker to access the database. Because of the
prevalence of outdated functional interfaces, SQL injection attacks frequently target PHP and ASP applications.
However, stronger programmatic interfaces make J2EE and ASP.NET applications less vulnerable to SQL injection
attacks. The skills, creativity, and intent of the attacker have a greater impact
on the severity of SQL injection. This system vulnerability has a high impact severity and has to be fixed right away.

13 | P a g e
1.3.2 Distribute Daniel of Service (DDoS) attack

Attackers build sizable compromised device fleets called "botnets" and use them to transmit false traffic to your
servers or network. DDoS can occur at the application level, for instance by executing complex SQL queries that bring
down a database, or at the network level, for instance by flooding a server with SYN/ACC packets.

1.3.4 Insider threats

A network's weakness can be exploited by malicious insiders who already have privileged access to organizational
systems. Insider attacks can be difficult to detect and protect against because insiders may harm the system without
breaching the network. New technologies like User and Even Behavioral Analytics (UEBA) can help in recognizing
suspicious or out-of-the-ordinary activity by internal users in order to detect insider assaults.

1.4 Application attack

Online criminals accessing restricted areas constitute an application assault. Attackers usually scan the code for
application vulnerabilities before moving on to the data layer. Even though some programming languages are more
commonly targeted than others, attacks target a number of apps that represent many programming languages,
including.NET, Ruby, Java, Node.js, Python, and many more. Security issues exist in both proprietary software and
open-source frameworks and libraries.

1.4.1 Session hijacking attacks

Session IDs are modified when a session hijacking attack is conducted. By tracking a user's online activity with this
special ID, subsequent logins are made simpler and more effective. Attackers could be able to get and alter the session
ID depending on how strong it is, starting a session hijacking attack. In the event that the attack is successful, the
attackers will be in possession of all data transmitted by the server during that session as well as the ability to gain user
passwords for accessing private accounts.

1.4.2 SQL injection attack

65% of the apps had vulnerabilities that were exploited by SQL injection attacks. SQL statements are used in
applications and network communications to provide access through authorization and authentication. When malicious
actors get SQL statements and tamper with them, they can eventually gain access to typically prohibited places by
tricking programs into executing corrupted instructions. By gaining access to the core code and interfering with other
online programs' communications, cybercriminals may exploit the whole software environment, avoid security checks
and protocols, and remain undetected until it's too late.

1.4.3 Cross-site Scripting (XSS) Attack

Cross-site scripting (XSS) attacks are among the most common application attacks used today and are included in the
OWASP Top 10. Attackers often carry out this form of attack by creating a contaminated link and disseminating it by
email or text message in order to find a weakness that allows them access to the core code. Cybercriminals that take
advantage of this application vulnerability can manipulate HTTP requests by introducing malicious code on the client
side. Virtually any personally identifiable information (PII), including companiesing details, Social Security numbers,
and even very sensitive government data, may be accessed by cybercriminals who have total control over
14 | P a g e
HTTPexecutions.
1.5 Internet attack

An internal attack is when someone or a group within an organization seeks to undermine operations or exploit
organizational resources. In many cases, the attacker uses a lot of money, equipment, and knowledge to carry out a
sophisticated computer attack and potentially even get rid of any evidence of that assault.

Highly skilled and disgruntled employees (such system administrators and programmers) who stand to benefit
financially from undermining corporate operations may decide to attack a company internally utilizing its computer
systems.

1.5.1 Employee sabotage ad theft

Inside of a business, employees are having access to a variety of physical assets, and the only thing standing between
them and theft or damage is trust. This implies that equipment like hard disks, which house a lot of crucial data, can be
physically taken from the business; alternatively, the information on it can be moved to a USB flash drive and then
exposed and copied online.

1.5.2 Unauthorized access by employees

Because they already have access to a company's system, employees can be able to access areas of these machines that
they shouldn't. This may occur if a coworker forgets to sign out or if a door to a room is left open, allowing access to a
server.

The ability to do more administrative activities, such as changing other users' access permissions or disabling network
security mechanisms, depends on whether they regularly possess administrator credentials or maliciously gain them.

1.5.3 Accidental loss or disclosure of data

As was already established, the same security holes that permit malicious action may also let simple accidents to occur
and do extensive harm.

For instance, a person may carry their laptop to and from work. They might do this and leave the laptop on the train
journey home one day, giving anyone who discovers it access to all the data it contains and perhaps disclosing
important information.

Another example of this may be if an employee accidentally deletes data from a folder or spills something on a gadget.
Some of these accidents may be the consequence of workers not receiving enough time for proper training and
supervision. By educating staff members on how to keep their devices secure and the proper use of the company's IT
systems.

15 | P a g e
 E-Tec software companies security procedures
1.Acceptable use

Before being allowed access to the corporate network or the internet, a user of organizational IT resources must agree
to the terms and conditions (AUP), which are detailed. It is customary practice during onboarding for new employees.
They are provided an AUP to read and sign before getting a network ID. The scope of this policy should be discussed
by the organization's IT, security, legal, and HR departments. SANS has a fair use example that is acceptable.

2.Access control

Employee access to a business's data and information systems is described in the ACP. The Access Control and
Implementation Guides produced by NIST are one of the standards for access control that are frequently discussed in
the policy. This policy also addresses user access standards, operating system software controls, network access
limitations, and the difficulty of company passwords. Other extra elements that are typically covered are the protocols
for controlling access to and usage of corporate systems, how unattended workstations should be protected, and how
access is terminated when an employee leaves the organization. IAPP provides a wonderful example of this rule.

3.Change management

A structured procedure for making changes to IT, software development, and security services/operations is referred to
as a change management policy. A change management program aims to raise organizational knowledge and
understanding of proposed changes while ensuring that all changes are implemented methodically to reduce any
negative effects on products and clients. SANS provides a solid illustration of an IT change management policy that is
open for fair use.

4.Information security

For a company, information security policies are often high-level policies that might encompass a variety of security
measures. The main information security policy is issued by the company to ensure that the guidelines and regulations
are followed by all personnel who use information technology resources inside the company's networks. I've seen
companies ask employees to sign this document to attest that they have read it (which is generally done with the
signing of the AUP policy). This policy is meant to inform workers of the requirements they must satisfy with regard
to the sensitivity of company information and IT assets. One from the State of Illinois serves as a superb illustration of
a cybersecurity policy that is available for download.

5.Insidence response

The incident response strategy is a methodical approach the company uses to deal with occurrences and minimise the
impact they have on daily operations. The CISOs regret having to implement this particular policy. However, the
purpose of this policy is to lay out the process for dealing with an occurrence in order to reduce damage to business
operations, clients, and recovery time and expenses. Carnegie Mellon University provides an example of a high-level
IR plan, while SANS offers a plan for data breaches.

16 | P a g e
6.Remote access

The remote access policy specifies and defines the acceptable methods of remote access to an organization's internal
networks. I've also seen addenda to this policy that offer instructions on how to use BYOD assets. This policy must be
established by organizations that have dispersed networks that can connect to dangerous network places, such the local
coffee shop or unmanaged home networks. An example remote access policy is available from SANS.

7.Email/Communication

The usage of the electronic communication method of the company's choosing by workers is outlined in the written
email policy of the organization. This policy appears to apply to email, blogs, social media, and chat. The primary goal
of this policy is to provide guidance to staff on what constitutes suitable and incorrect usage of any business
communication technology. SANS provides a sample email policy.

Security procedures to avoid future security threats

Standard procedure to securing information system

Step 01. Encrypt data information

 This is the first step in the security process for information systems. You're all too used to shopping, reading
newspapers, and doing business online these days. Any online activity on the network might raise concerns
about the security of data and information. One remedy for this is the encryption of sensitive data. Although it
seems challenging, we are not yet very interested in encoding. In reality, employing encryption software will
allow you to do this. TrueCrypt is the program that Security Box prefers to use. The PC's and external hard
drive's data will be well-protected. If your data is properly secured, even if you forget your password no one
else will be able to access it.

Step 02. Use strong passwords

 The data encryption used in step one of the information system security procedure will be ineffective in step
two if hackers are able to simply acquire your password. Create a strong password by lengthening it and adding
letters, numbers, and special characters. Here are some tools to help you create a strong password that even a
serious attack would probably find difficult to crack. Among the resources for generating safe passwords are:
o Random Password Generator for PC Tools.
o A strong password
o Create strong passwords.
o Password Generator with Ultra High Security by GRC

Step 03 2 Step authentication

 When transmitting over an insecure wireless network, such as a Wi-Fi network at a cafe or a school network,
you can still lose your password even if you have a strong password set up and your data is encrypted. In step 3
of the information system security process, you employ 2-step verification, also known as 2-factor
authentication, to be able to self-secure data. This indicates that you must additional information in addition to
your password in order to access the website or service.
 The large the moniker "2-step verification" is a service supplied by Google. In accordance with Security Box
study, even if someone were to learn your Google account password, they would not be able to access your
17 | P a g e
 account since they would not be able to decipher the 6-digit code that is created at random.
Step 04 Securing the network
 Information security also includes how you interact with the outside world. Which protocol are you currently
utilizing on the network? How frequently do you utilize unsecure networks? Turning on MAC Address
Filtering, AP Isolation, and turning off SSID Broadcast while setting your wifi network will dramatically
increase security. Make sure to set firewalls on both your network and PC to prevent apps from delivering
unauthorized messages.

Step 05 Use anti-virus software

 Will the above-mentioned security measures be? It may be possible for hackers to remotely control your device
or just take data from it if, as was discovered in step 5 of the system security method, this data contains viruses
or other malicious software that has gained access to your system without authorization. This issue can be
resolved by using antivirus software. Utilize antivirus software like Avira, Avast! or AVG.

Router security procedures

1.Avoid basic setup

 By just pushing a button, you may rapidly connect to a huge number of Wi-Fi routers. This is highly practical
for both you and anyone who wants to break in and use your router

2.Change the name of the WI FI router

 Technically, this doesn't improve the security of your network, but it may still make a huge difference. When
utilizing Wi-Fi or accompanying a visitor, you won't need to remember the cryptic Linksys-u8i9o or the
number NETGEAR58843. Use Wi-Fi 1 or any name that is more memorable and attractive.

3.Change the WI FI router’s login name

 New Wi-Fi routers are always pre-configured with a login and password. You may even get this login
information online; based on the model, some manufacturers will use "admin" or leave the username and
password blank. The default setup is therefore completely hazardous. To protect your Wi-Fi network, bear in
mind to keep the new username and password you set for the device confidential. You can choose a strong
password for yourself by using Kaspersky Lab's password-checking tool.

4. Make sure your Router login page is not accessible from the internet
 Modern router models have a feature that allows for remote setup and installation through the Internet.
Naturally, they will come in handy in some situations. However, they lack enough security; if you do not need
them, turn off this feature. Although various manufacturers will use different names for this function, you may
find it in the settings under a term like "Remote Management" and turn it off.

5.Secure with a reliable encryption Protocol (Protocol) and use a strong password.
 This setting is essential. In step 3, we adjust the Wi-Fi credentials to protect the router settings. The next step is
to choose a network password. Alternatively, the Wi-Fi password we employ to log in utilizing a laptop, a Mac,
a phone, or a tablet... It goes without saying that you don't want neighbors or stray users to use your Wi-Fi. We
suggest you to use the WPA2 - Personal protocol to secure your passwords. A random phrase may also be used
to create a password that is both more difficult to crack and simpler to remember than a complex one.

18 | P a g e
Server security procedures

1.Review the server status

 By using a regular and systematic monitoring approach, an issue might be discovered before it becomes worse.
Start by reviewing the health of your server and looking for any concerns with its CPU, RAM, disk utilization,
running processes, and other metrics, as these are frequently helpful in identifying server security risks.
 Network service logs, site access logs, and database logs (Microsoft SQL Server, MySQL, Oracle) should
ideally all be kept and checked periodically. Then look into the origin of any odd log entries you come across.
 Always store your scripts on a different drive from your operating system, logs, and any other system files. In
addition, even if a hacker has access to your web root directory, they won't be able to command the server
through the operating system

2.Automate your security updates

 The majority of vulnerabilities are regarded as zero-days. A rapid attack may be launched using a public
vulnerability. However, you may lessen the risk by applying automatic updates and security fixes as soon as
they are made available.

3.Setup perimeter security with firewalls

 Applications like border routers and firewalls can help with screening for known dangers, automated assaults,
malicious traffic, DDoS filters, phony IP addresses, and unreliable networks. Infiltration efforts can be
thwarted by your local firewall by keeping a watch out for attacks like port scanning and SSH password
guessing. A web application firewall will also screen incoming web page requests, stopping those that have
been purposefully created to harm or endanger your website.

4.Security tools
 Web server software typically includes security capabilities (URL scan, mod security, etc.) that administrators
may enable to help protect the web server installation. Even while configuring these tools might be time-
consuming, especially when working with complex web applications, they will provide you peace of mind.

 Scanners may carry out complicated security checks on open ports and network services to help safeguard your
server and web applications. They may search for security holes like SQL Injection, Cross-Site Scripting, and
configuration problems with the web server. Some can also audit shopping carts automatically, examine forms
and dynamic site content, and alert users to any vulnerabilities they discover.

5.Remove unnecessary services

 The RAS network settings, Remote Registry Services, and Print Server Service are examples of conventional,
insecure default operating system implementations. Ports are overused more when an operating system has
more services running. As a result, it is advised to disable any unnecessary services.
6.Permissions
 In the event that an account is hacked, file and network service permissions might help to mitigate the harm.
As a result, scheduling frequent checks of your file system permissions is a smart idea. Allow just what is
absolutely essential for each user or service to perform. Remove the "root" account if necessary to allow SSH
login, and deactivate any default account shells that are not commonly used. Any online business that handles
network transactions, but especially those that do, must maintain server security. They think that this is a
problem that cannot be ignored, hence network transactions are increasingly being secured by the use of

19 | P a g e
 HTTPS & SSL certificates to encrypt communications.
Part 2
The potential impact of incorrect configuration of Firewalls and third-party VPNs.

1.Firewall policies

1.1 Definition
A firewall is a physical barrier that controls traffic between a local network and another network, such the Internet.
If there isn't a firewall, there won't be any restrictions on the traffic to the internal network, and after one is
installed, the settings on the firewall will control the traffic. A properly set up firewall will stop this from
happening and assist the computer in effectively " hiding," letting users to take advantage of everything the internet
has to offer in comfort. A firewall differs from an antivirus application. Instead, it uses these techniques to make
sure that computers are safeguarded against the majority of frequent harmful threats.

1.2 Functions of the firewall

In order to prevent viruses and other harmful access points from destroying or seriously impairing your system, a
firewall may filter traffic from these sources. Furthermore, because firewalls are required for access sources
between internal and external networks, they may track and examine traffic flows and make decisions about how to
handle traffic. Unauthorized access to or tracking of a suspicious transaction are prevented by suspicious
quantities, such as closing down specific data sources.

As a result, installing a firewall is crucial, particularly for computers that often connect to the internet.

1.3 Types of firewalls

1.Hard firewall
2.Soft firewall

1.3.1 Hard firewall

A physical appliance called a hardware firewall is used to impose a network border. This firewall is used to perform
inspection of both inbound and outgoing network traffic as well as to enforce access rules and other security policies.
All network links that cross this border must travel through this firewall.

Hard Firewall is the firewall integrated on the Router. Some common hard firewall: NAT, Cisco ASA 5500, ...

Characteristics

Not flexible: cannot add functions, add rules such as soft firewall.
Hard firewall works at a lower level than soft firewall (network layer and transport layer) -
Hard firewall cannot check the contents of a packet.

20 | P a g e
1.3.2 Soft firewall
A software firewall is a network security device that is placed on a computer or server. It integrates with a wide
range of other technological security solutions to give businesses of all sizes more reliable and comprehensive
security.

Soft firewalls are those that are set up on servers. Zone Alarm, Microsoft ISA Server 2006, Norton Firewall,
and others are popular soft firewalls.

1.4 The potential impact of firewall

A firewall is a network security device which helps to tracks all the incoming and outgoing traffics. It is able to
allow or block the traffics based on the security rules of the organizations. Firewall is the most important
component to improve the network security from the attack in the system. It is used to filter the traffics in the
systems. Firewall is placed at the edge of the network and it can also be placed in the core side of the network for
the further protection of the system and to provide the better service to the end user by filtering the unusual traffics.
Firewall is especially designed for prevent the unauthorized access to the network. Internet used from the private
network which is intranet. It can be implemented in both hardware and software. Outgoing and incoming message
from the intranet is passed through the firewall, which observe each of the messages and block it in the case where
it does not meet the criteria.

The potential impact of hardware firewall

 Incorrect port connected
 Forgot to close the port
 Forgot to lock the IP address and domain name
 Forgot to purify specific words or phrases
 Broken firewall

The potential impact of software firewall

 Firewall out of date
 Server broken

Without a firewall, it is simply not feasible to construct an effective cybersecurity defense. Firewalls are an essential
part of network design. A firewall, however, must be reinforced by specific firewall policies and processes that are
under professional supervision and management once it has been installed. Without this additional step, it's quite
probable that your firewall may malfunction, leaving your network vulnerable to hackers, malware, and other
unwanted traffic.

There will be instances where the firewall malfunctions, endangering both the IT infrastructure of your business and
the data of your clients. This article examines the most common reasons for firewall failures, including functional,
configuration, and compatibility concerns.

The common cause of firewall failures

 Miss configuration
 Software vulnerabilities
 Hardware bottleneck

21 | P a g e
  Missing firewall policies
The biggest issues of firewalls are
 Insider threats
 Missed security patches
 Configuration mistakes
 A lack of deep packet inspection
 DDoS attack

The potential impact of incorrect configuration of firewall

The following list of effects of poor firewall policy setting on IT security includes:

1. Destroy of privileges policies

 Unauthorized access issues can occur when firewall policies are configured incorrectly. The privilege
policies are destroyed by unauthorized access to the organization's system or network. A individual who is
not permitted to work for the company might be the adversary, attacking the system with the goal of
leaking confidential information and altering company policy. The system's firewall may not be
configured properly, which might result in the deletion of privileges.

2. Desired traffic does not reach its intended destination

 The systems' whole incoming and outgoing traffic is examined by the firewall. Also, it prevents
unexpected traffic from entering the system. When a message is sent, the firewall examines the message
and sends the pertinent message to the end users. Yet, the firewall is configured wrongly, blocking the
required message and preventing it from reaching the actual users, which negatively impacts the operation
of the businesses.

3. Undersides traffic to reaches at unwanted destination

 Incorrect firewall configuration increases the likelihood of receiving unwanted traffic going to the wrong
place. The firewall may prohibit desired traffic from reaching its intended destination. When the firewall
is configured incorrectly, it stops examining the message to determine if it is real or phony by blocking
desired traffic.

4. Permit access to all the system

 Blocking unauthorized access and undesired traffic is the firewall's primary goal. The organization system
and policy may be affected if the firewall is configured wrongly, which allows any data and packets to
access the system without any limitation. Without limits, it facilitates entry of spam, malware, and
unwanted emails.

22 | P a g e
2.Third party VPNs

2.1 Definition
Virtual Private Network, or VPN for short, is a networking technique that creates a secure network connection while
using a private network because of a paid service provider or a public network like the Internet.
Large corporations, educational institutions, and government organizations frequently employ VPN technology to
enable remote users to connect securely to their own private network. You need an authenticated account to access a
VPN system (username and password must be obtained from the VPN system)

2.2 Function of VPN

 Help to remote access via the internet to enterprise or personal network to share data or manipulate
internal data
 If the company has many branches or offices, connecting networks at branches and offices together into a
unified network will bring impressive effects in managing and sharing information
 Use to transmit and exchange private information that needs security between one or several parts. Good
solution at low cost for same things that require high salary

2.3 Types of VPNs

 Site to site VPN - is a paradigm used to link network systems in many locations to create a single network
system. The terminal in the Site serves as the gateway in this form of connection, and it is here that
numerous security policies are located to safely send data between Sites.

 Remote access VPN - This type typically applies to remote or mobile employees that need a secure
connection to the company network. can be used for distant tiny offices that are connected to the central
office of the business. Remote access VPN is sometimes referred to as user-to-LAN form, enabling remote
users to connect to the VPN Server using VPN Client software.

2.4 Most common VPNs protocol

 Internet protocol security
 Layer 2 tunneling protocol
 Point to point tunneling protocol
 SSL & TLS
 Open VPN
 Secure Shells

2.5 Some benefits of VPNs

 Low cost
 Enhancing the security for the system
 VPN stability and Flexibility

23 | P a g e
2.6 The potential Impact of VPNs

By the use of a virtual private network (VPN), a secure and encrypted connection may be established across a less
secure network, such the internet. VPN enables safe online connections between individual computers or large
networks. Basically, it's utilized by the remote client to establish a secure connection to the company network. It is
utilized by the business to keep the network's security up. VPNs provide secure connections by adding an extra layer
of privacy and security to online activities from the client device to any other section of the server device. Our web
connection is encrypted with a VPN to thwart hackers. A VPN offers an authenticated and encrypted connection or
tunnel between two destinations. VPN aids in preventing data breaches as well.

2.7 The potential impact of incorrect configuration of third-party VPNs

VPNs may be challenging to set up and maintain without the necessary specialist expertise. The client-side software
will display an error message with some code when the VPN connection fails. Hundreds of distinct VPN error codes
are available, but only a few arise often.

1.VPN 800
 When the VPN client is unable to connect to the server, this error occurs. This may occur if the network is
momentarily down, the VPN server is improperly linked to the network, or the server or network is
overburdened with too much traffic. Moreover, the VPN client's wrong configuration settings might result in
the 800-error code. Lastly, it's possible that the local router's firmware has to be updated because it may not be
compatible with the VPN type being utilized.

2.VPN 619
 Even if the server is reachable, this error happens when a firewall or port configuration issue prevents the VPN
client from connecting.

3.VPN 691
 While attempting to authenticate using Windows VPN, the user could have given an erroneous name or
password. The login domain must also be properly defined for Windows PCs.

4.VPN 712/832/834
 The person trying to authenticate the connection on Windows VPN could not have access. The network
administrator must update the user permissions to fix this problem.

There are various kinds of impacts while it is configured incorrectly

1.lead of security breeches

 When someone or something improperly penetrates a logical IT perimeter that is private, confidential, or off
limits, a security breach occurs. Security violations are another name for security breaches. It is the deliberate
or accidental disclosure of secure private data and information to an unreliable setting. If the VPN is incorrectly
setup, traffic won't deliver the system's secured resources, which might result in security breaches.
2.Increase risk for unauthorized to access the data
 Between the two endpoints, a VPN offers an encrypted and authenticated communication channel as well as tunneling
capabilities. The likelihood of unauthorized access to the system will rise if the VPN is setup improperly. If the VPN is
configured incorrectly, hackers may simply access the system without any limits, which might result in a significant
24 | P a g e
 amount of data loss for the company. VPN allows secure connectivity to our devices to get into any areas of the network.
To improve network security in any organization, how implementing DMZ, static
IP, and aid the security?

1.DMZ (Demilitarized Zone)

1.1 Definition of DMZ

A physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks,
often the public internet, is known as a DMZ (demilitarized zone) in computer networks. It is also commonly
known as a screened subnetwork or a perimeter network. Servers, resources, and services with an external
emphasis are kept in the DMZ. The majority of the internal Network is still unavailable despite the fact that they
are now internet-accessible. This increases the LAN's security by prohibiting hackers from rapidly accessing
internal servers and data over the internet.

Every internet-related service should be located in the DMZ network. Some of the most well-known of these
services are web servers, proxy servers, email, domain name systems (DNS), File Transfer Protocol (FTP), and
voice over IP servers (VoIP)

1.2 How to DMZ works

DMZs are designed to serve as a buffer zone between private networks and the open internet. When the DMZ is
positioned between two firewalls, all incoming network packets are examined by a firewall or other security
appliance before they reach the servers the organization hosts in the DMZ.

Before a threat actor could do any damage after getting beyond the initial firewall, they would need to get
unauthorized access to those services, and those systems would likely be protected against these assaults.

The internal firewall must still be breached in order for a threat actor to get access to critical corporate resources,
even if they are able to bypass the external firewall and take control of a machine in the DMZ. A determined
attacker can infiltrate even the most well-secured DMZ design, but alarms should go out when a DMZ is being
targeted, giving security specialists plenty of time to stop a total penetration of their organization.

25 | P a g e
1.3 Configuration of DMZ
IP addresses and firewalls are the fundamental parts of DMZ. The firewall separates the internal network and
Internet from one another, giving the DMZ its own network ID. It is also isolated from both of these networks.

There are two ways to set up the DMZ zone:

1. Set the DMZ between 2 firewalls to filter the information from the internet and to check the flow of
information from internet network

2. Use the router with multiple ports to place the DMZ zone into the branch separate from the local network

26 | P a g e
1.4 How to implementing a DMZ in network can improve network security?
The local area network (LAN) and other untrusted networks, like the internet, are independent from the subnet.
The DMZ will house external servers, data, and services. The remainder of the internal Network is still
unavailable, even if they are accessible via the internet. By preventing hackers from directly accessing the server
and internal data via the internet, this adds an extra layer of protection to the LAN.
You can treat the DMZ as a "semi-trust, half-trust" semi-trusted network if you consider the external networks to
be "untrusted networks" and the internal networks to be "trusted networks." While it is protected by a firewall, it is
more secure than the Internet even if it is not as secure as a LAN.

For the example…...

Servers that offer fundamental services like Directory Service (Active Directory, Open LDAP, etc.), DNS, DHCP,
File / Print Sharing, Web, Mail, and FTP are often part of an organization's internal network. Web, Mail, and FTP
servers in particular frequently must offer their services to both internal and external users of the company's
internal network.

If this company configured all of these servers to belong to the same network class as the users' workstations, it is
possible that a hacker from an external network, such as the Internet, could take control of "public servers" like
Web, Mail, and FTP and use them to attack other servers, including DNS, DHCP, and Domain Name.

as well as penetrate deeper into the internal workstations. Therefore, the DMZ is a solution to limit the possibility
that the internal network is compromised when the public servers are attacked.

If a DMZ is installed, the DMZ and the external network can be set up to allow external connections to reach the
DMZ only. But between the internal network and the DMZ, we can add another firewall to control the traffic from
DMZ going into internal. Thus, the DMZ here has created a separation between two opposing sides: internal and
external networks. And it can be said that the DMZ has added a layer of isolation protection to the internal
network when the hackers from the outside network can only access the machines within the DMZ.

2.Static IP

2.1 Definition of static IP

In contrast to the address issued by the DHCP server, a static IP address is one that is specifically established for the
device. Because it never changes, it is referred to as a static address. This stands in sharp contrast to the dynamic IP
address, which is always changing. Every device that uses IP addresses, including routers, mobile devices, tablets,
desktop computers, and laptops, can be set up to have a static IP address. This may be done either by manually
inputting the IP address into the device from the device itself or by using a device that offers an IP address (such a
router).

Static IP address assignment is the responsibility of internet service providers (ISPs). Your ISP could or might not
provide you a static IP address depending on the particulars of your service agreement. Before we discuss your
alternatives, be prepared that a static IP address will raise the cost of your ISP subscription.

Whether IPv4 or IPv6, a static IP address is essential in this case. In the future, each piece of our networked hardware
may have a unique static IPv6 address. We are still on the way. Nowadays, static IPv4 addresses are frequently issued
to permanent addresses.
27 | P a g e
2.2 Used of static IP
Static IP addresses are required for devices that need constant access. For instance, they are fundamentally required if
your computer is configured as a server, such as an FTP server or a web server. This is useful because if you want to
ensure that people can always access the computer to download files, you must have it use a static, never-changing IP
address. On the other hand, if the server were given a dynamic IP address, it may change on sometimes and your
router wouldn't be able to recognize the server machine on the network. In a manner similar to this, configuring a
computer to use a static IP address enables you to access it constantly without worrying that the address may change
and prohibit you from accessing it while you're gone.

2.3 How to implementing a static IP in network can improve network security?

Clients won't connect to each other on servers that have several workstations, such as those used by businesses, if
the IP address is constantly changing with a dynamic IP. In order to ensure that server activity continues to be
constant and usual even when a problem arises, static IP is a set range of IP addresses.

Using static IP is crucial for firms that utilize several computers and fax machines as it will help reduce the risks
and losses of data loss in the event of a malfunction. Static IP will also contribute to the server system running
more steadily and efficiently.

For the example

For fax, print, and transfer tasks, an organization's internal corporate customers will connect to the 192.168.1.1
static IP address that they specified for their company's server. data, but if they assign a dynamic IP address to the
server, the server IP will likewise vary each time they reboot the modem or stop the source. This will need the
organization to spend time and disrupt work, disconnect the internal computer network, and reinstall the IP for
each device inside.

Yet, users of dynamic IP (mixed IP sharing) are more likely to experience the negative effects of prior IP users'
vandalism (or at the same time due to shared IP). Internet, several websites

From IP addresses recognized as being issued to IXPs and ISPs, service providers, etc., have prohibited (blocked)
specific IP addresses from dispersing spam or causing harm. Network security is more challenging when using
dynamic IP since it is hard to identify whose IP address it is.

When a device's domain name cannot be accessed, static IP addresses become very helpful. One can configure a
computer linked to a file server in the office network so that it always connects to the server using its static IP
address rather than its hostname. Computers can still reach the file server even if the DNS server is unavailable
since they will speak with the file server directly via the IP address.

28 | P a g e
3.NAT (Network Address Translation)

3.1 Definition of NAT

One IP address can be converted to another using the Nat (Network Address Translation) method. NAT is typically
employed in local address networks that require access to public networks (Internet). The router that links the two
networks is the NAT execution site.

3.2 How NAT works?

For each client (client) having its own IP, NAT utilizes that client's own IP as a public IP. The data that a client
connects to or transmits to a computer on another local network is transmitted to the NAT, which then replaces the
client's original IP address. NAT's IP address is sent with data packets. Since they believe the NAT computer to be
the device that transmitted the packets, distant computers that receive signals send packets back to the NAT
computer. NAT distributes the incoming packets to the appropriate computer and keeps track of the machines that
have sent outgoing packets on each service port (client)

3.3 How to implementing a NAT in network can improve network security?

NAT acts as an "interface" between a private non-public LAN and the worldwide public WAN Internet. Although
NAT is not often bought for its security features, all NAT automatically serve as highly powerful hardware
firewalls (with a few caveats examined below). They act as a hardware firewall by preventing "unsolicited",
"unwanted," and possibly bothersome or harmful traffic from the public Internet from going through the router and
getting into the user's private LAN network. 2019 (Steve Gibson). NAT will assist in preventing illegal infiltration
by outside hackers by masking the client's IP address.

For the example,

NAT is like a receptionist at a large office. If you want to meet someone in the company you have to go through
and follow the receptionist's instructions. Or if you want to call and talk to someone but the person is not at the
company or they are busy at the meeting, you can leave a message for the receptionist then they will forward the
message to the person You need to talk to inform. In another case you can talk to the receptionist and ask them to
connect to the person you need to meet. Or you can understand when someone wants to talk to you, but they only
know the office phone number where you work.

They will call your office and ask the receptionist to forward the call to you. Now the receptionist will conduct a
check on the lookup table to find out your name and other extended information. And then they will forward the
call to you on your extension. And after everything, outsiders cannot directly contact or know much about you,

29 | P a g e
 because you're hiding behind the NAT "reception"
Discuss the importance of network monitoring, provide benefits with proper
reason.
1. What is network monitoring?
The process of continuously checking a computer network for errors or flaws to maintain network performance
is known as network monitoring, sometimes known as network management. Although the two concepts are
identical in practice, network connectivity may be thought of as a subset of network management technically.

1.1 Importance of network monitoring

1. Early detection of problems: Network monitoring aids in the early detection of issues before they become out
of hand. A monitoring system can notify administrators, for instance, if there is an unexpected increase in
network traffic, allowing them to look into the situation and take the required steps to avoid network outages.

2. Improved network problems: Keeping an eye on network performance might assist find bottlenecks and
opportunities for improvement. Network managers may improve network performance to make sure it satisfies
user demands by studying network usage trends and finding regions of heavy traffic.

3. Enhanced security: Malware, viruses, and unauthorized access attempts are a few examples of security risks
that network monitoring may assist identify and stop. Administrators can swiftly identify and respond to
security breaches by keeping an eye on network traffic and examining patterns of behavior.

4. Better capacity planning: For capacity planning, network monitoring can offer useful information on how the
network is being used. Administrators can plan improvements and growth by analyzing how network resources
are being used.

5. Trouble shooting: When problems do occur, network monitoring may assist administrators in finding the
issue's root cause promptly, saving time and lowering irritation.

6. Cost saving: Firms can cut expenses by reallocating resources by using network monitoring to find locations
where resources are being underused.

7. Compliance & Reporting: Network monitoring may assist firms in meeting these criteria by providing data
for compliance reporting. Several sectors are obliged to comply with standards like HIPAA or PCI DSS.

8. Proactive maintenance: Regular network monitoring can help identify potential issues before they become
problems, allowing administrators to take proactive steps to prevent downtime and minimize disruptions.

9. Improves user experience: A well-monitored network can provide a better user experience, with faster
performance and fewer disruptions.

10. Better decision making: By providing valuable data on network usage and performance, network monitoring
can help administrators make informed decisions about upgrades, investments, and other strategic initiatives.

30 | P a g e
 Evaluate suitable physical and virtual security measures for E – TEC company.
Which can ensure the integrity of the E- TEC IT security.

Protecting sensitive data is becoming a primary responsibility for companies of all sizes in the digital era. Data
breaches, cyberattacks, and other security risks can have negative effects on businesses' finances, legal standing, and
reputation. Due to security flaws, Kalmunai-based software development business E-Tec recently lost a number of
crucial data. In order to uncover potential security risks and provide security processes to simplify and prevent further
security issues, the organization has hired a penetration tester. We'll talk about appropriate physical and virtual security
measures in this post that the E-Tec corporation may use to maintain the integrity of its IT security.

1.Physical security measures

 Access control: To restrict physical access to its computer infrastructure, E-Tec can put access control
measures in place. Security guards, biometric authentication, and access control cameras are all examples of
access control measures. Physical security measures can assist prevent illegal entry and offer an extra layer of
security to the business's facilities, such as security guards and surveillance cameras. Only authorized staff will
be able to access the company's IT infrastructure thanks to biometric identification methods like fingerprint or
face recognition.

 Security facilities: E-Tec can guarantee the safety of its physical premises by putting in place safeguards like
alarms, CCTV cameras, and strong locks on doors and windows. Security workers can be informed of
intrusions using alarms and CCTV cameras positioned throughout the facility to monitor access. Secure
window and door locks can also aid in preventing illegal access to the computer infrastructure of the business.

 Equipment security: By ensuring that it is locked away when not in use and that only authorized workers have
access to it, E-Tec can safeguard its IT equipment. The business may also find lost or stolen equipment using
tracking devices. Moreover, the business may use remote wipe capabilities to erase data from stolen or lost
devices, preventing the loss of vital data.

2.Virtual security measures

 Firewalls: Firewalls can be used by E-Tec to guard its network against illegal access. Firewalls can be
configured to filter traffic, preventing any communication that does not comply with certain requirements or
originates from unreliable sources. By denying traffic from sources that are known to be malicious, firewalls
may also be used to stop Denial of Service (DoS) assaults.

 Encryption: E-Tec can utilize encryption to safeguard private information kept on its servers and other
hardware. Even if data is intercepted during transmission or if a device is lost or stolen, encryption may
ensure that it is safeguarded. Data in use, data in transit, and data at rest can all be encrypted.

 Two factors authentication: To be certain that only authorized individuals may access company systems and
data, E-Tec can adopt two-factor authentication. Before they can access a system or data, users must submit
two kinds of identity, such as a password and a token, according to two-factor authentication. Even if a
password is hacked, this can stop unwanted access to the company's Computer system.

31 | P a g e
The integrity of E-Tec Company's IT security may be guaranteed by putting physical and virtual security measures in
place. Unauthorized physical access to the company's IT infrastructure can be prevented by physical security measures
including access control, secure buildings, and equipment protection. Firewalls, encryption, and two-factor
authentication are examples of virtual security tools that may shield a network and its data from online attacks. To
make sure that security measures are still effective against newly emerging security risks, it is crucial to continuously
assess and update them. By putting these procedures in place, E-Tec can defend its customers' confidence, secure its
sensitive data, and avoid loss of money and reputational harm.

Why we need a trusted network?

Many individuals still lack suitable and correct conceptions regarding network safety now as there were many years
before. They believed that in order to safeguard their network, they needed to purchase a firewall product, modify
some of its configuration, and do so. An intrusion detection and prevention system, in addition to antivirus software,
will be used if their firm is more concerned with network security. IDS/IPS, firewall, antivirus, etc. work together to
form a protective system for a reliable defensive network. They still fall short of the standards for secure connections
in the modern, highly complicated network environment.

For example

Many clients of a business may be found throughout numerous continents, nations, and places. Every client must be
able to communicate with the company as promptly as feasible. Giving them a direct link to the company network is
one method to do this. Customers, suppliers, and partners must thus have access to both publicly available information,
such as that found on a website, as well as secret corporate information. Instead, then being saved on public servers
like the webpage, this private information is kept inside the business network.

We now need to consider who the individual users outside of that organization are and how to put our faith in their
communication methods. The need for secure, dependable communication routes is constant. Thus, a system exists to
ensure that nobody may read sensitive information on the channel. Moreover, precautions must be taken to prevent
anyone from supposing that a user has authorized access to the network of the company. People have created a Trusted
Network as a result.

We may infer from the example above that a "trusted network" also has to address three key goals: secrecy, integrity,
and availability.

How trusted network may be part of an IT security solution

Can an IT security solution include a "trusted network"? Overall, we can see that the qualities required for a "Trusted
Network" and those in a security solution are the same. When a network is completely protected and meets security
objectives, it is referred to be a "trusted network," and vice versa. An administrator often oversees the machines
running a trusted system to prevent the leakage of confidential and verified information. Information may be
transferred easily through such networks, and access to the system is limited. Because of solid firewalls, computers
using trustworthy networks are more secure and private.

Security reasons

We must demonstrate that the network our security solution is protecting must be a trusted network in order to have a
full security solution. Despite all of our attempts to repair them, there are still several vulnerabilities that hackers have
32 | P a g e
been attempting to exploit to attack the network or company. Attacks are frequently categorized as Backdoor or Do
sentries, where a Backdoor attack is a covert way to get through the standard user authentication process or to maintain
remote access to a computer, while a Do sentries assault seeks to avoid being picked up by regular or lax monitoring.
They exist for a variety of reasons, such as inadequate setup or poor initial design. These could have been installed by
an approved group to permit some legal access or by attackers for nefarious purposes.

Efficiency reasons

Making the network system into a "trusted network" is crucial because it decreases end user response times and makes
it easier for network monitoring systems to identify and screen more information when monitoring network security. In
addition, NAT struggles to check the origin of IP in end-to-end connections and find packet traces of packets that have
repeatedly changed addresses over multiple times of NAT.

Trusted Network is genuinely a component of security processes and security solutions since it completes and aids in
the security of network security processes, lowering risks as well as harm and mistakes caused by negligence while
putting network security protocols into place. Trusted Networks is a great starting point for creating network security
and security solutions since such solutions perform best when built on a dependable web platform.

33 | P a g e
Part 3
Introduction:

I will now discuss and assess the procedures that regulate organizational security after risk assessment and workable
protection measures have been finished. Due to this, I've given a lot of consideration to factors like community
exchange management, audit controls, catastrophe recovery plans, Data Protection Acts, Computer Misuse Act, ISO
3001 standards, etc. As a result, in this challenge, I'll discuss unique risk assessment procedures, explain statistics
protection procedures, summarize the ISO 31000 threat administration methodology and its use in IT protection, and
then discuss fee. At the conclusion of the project, I have to discuss how IT security can be in line with corporate policy
and outline the security repercussions of any inconsistency.

Risk assessment procedure:

The evaluation of the many elements that expose companies to risk is known as risk assessment. It involves assessing
the risks brought on by potential hazards, factoring in the effectiveness of any current controls, and deciding whether
the risks are acceptable or not. Risks have the potential to succeed or fail. The audit methods are carried out to obtain
the entity and its environs and to analyze the risks, whether they are brought on by fraud or error. Determining the
damaging risks to companies is the fundamental goal of the risk assessment. The risks are elevated to the highest level
for mitigation if it is assessed that they will harm the organizations. The following list of risk assessment techniques is
used to manage and mitigate hazards that have happened inside the company.

Identifying the risks:

Hazards can exist in every industry. Risk identification is the first stage in risk management and mitigation. There is a
significant chance that system dangers may increase as technology advances. It will be easier to reduce the risks to the
organization after the threats have been identified. Once all the risks have been recognized, the detection of risks
continues. It is simpler to reduce risks with the right solutions after all potential threats to a company have been
identified. By asking questions about how risks exist in businesses, what happens when various types of risks occur in
companies, and how to develop answers to the risks, hazards of organizations may be discovered.

Analyzing the risks:

The risks are discovered in the first phase, and the hazards from that step are then examined in this step. Risks are
examined in this stage to determine their nature, which will make them easier to mitigate in the system. Finding
potential solutions that could be connected to the risks is greatly aided by risk analysis. It is necessary to examine the
organization's risks in order to secure the information, its policy, and its important data. Finding security holes in the
system and removing its weaknesses and strengths are both aided by risk analysis. By analyzing the dangers, the staff's
awareness of security is improved.

Evaluating the risks:

At this stage, the risks are assessed to determine their significance and if they require immediate action or mitigation.
In order to prioritize the risks and find solutions to the risks, sensitive data, public information, non-sensitive
34 | P a g e
information, and the information are categorized. Organizational risks are assessed to determine whether to ignore
them or to address them using the available solutions. We can determine if a risk is hazardous to an organization by
examining its dangers.

Data protection process and regulations

The process of safeguarding sensitive information against tampering, compromise, or data loss is known as data
protection. To preserve the data in the company, data protection and regulation are crucial. The amount of data at call
centers and companiess is always growing, thus it is important to safeguard it properly for usage in the future. Data
must be swiftly saved while being entered or changed, and this is a key component of the data security strategy. Other
crucial elements of data security and data backup include safeguarding data privacy and protecting data from
compromise. The measures that we must do in order to implement data protection plans are listed below.

Classify nature of the data:

It is the process of sorting and categorizing the data in the various formats. Data is the set of values of qualitative and
quantitative variables. Data can be measured, collected, reported and analyzed. Data can be visualized using the graphs
or an image. Data classification is mainly done through the help of database or software which provides the ability,
scans, identifies and separates the data. Different types of organization have various kinds of different data.
Educational consultancies have the data of all students who have passed their higher level of educations. Companiess
have their own data they basically companies have a lot of information about account holders. According to the nature
of the organization they have their own nature of the data. According to the nature of the organizations we need to
classify the data. Some of the organizations have very sensitive data but some of them have no any sensitive data. In
this case we need to classify the data which need to be given more priority.

Training the awareness in the organization:

When the data are categorized in accordance with the nature of the organizations, we then educate the company about
the significance of the data and the advantages of data security. Every employee in the company receives training on
data protection and is made aware of its advantages. Staff members constantly engage with the data and work with it.
If they made any mistakes, the data may be misused by others. Data may be safeguarded more readily if we can give
the companies training and awareness. The value of information and data for firms must be understood by staff who
work with data constantly. today everyone gives data centers to protect their data information which helps to protect
the data

Design plan for the data security:

The single most effective strategy that businesses can use to lessen the high costs of rectifying a data breach is to adopt
a strong security posture and to create a thorough privacy and data protection plan. There are many different types of
data protection processes used for data security in the development of security strategies for enterprises, including.

Data backup for organizational level:

Data duplication is a method that makes duplicate sets of data retrievable in the case of a data loss incident. Nowadays,
a variety of data backup services are available to businesses and organizations to assist them guarantee that their data is
35 | P a g e
safe and that crucial information won't be lost in the event of a natural catastrophe, theft, or other emergency
(techopedia.com, /definition/23338/data-backup). Data backup from a personal computer (PC) used to include copying
data from the hard drive to floppy disks in earlier times. Data backup gives computer users a ton of power,
adaptability, and ease-of-use to quickly secure the information. Data backup is the process of transferring virtual and
physical files, or a database, to a backup place or device in order to prevent loss of information in the event that an
electronic device malfunctions or is damaged. For the company to preserve current data for future references, data
backup is increasingly crucial. If the electronic gadget is failure in an office backup data helps to restore all the data
and information more rapidly. Data are increasingly important assets for any type of company, thus it must be treated
carefully and backed up to ensure future security. Data should be kept in a secure manner by adding different sorts of
security measures since if it is lost, the organization's primary objectives might fail.

Encryption for the data for user level:

Data encryption is a security technique in which data is encoded and can only be viewed or decoded by someone who
has the right encryption key. Data that has been encrypted, also known as cipher text, is unintelligible to anybody or
anything accessing it without authorization. (forcepoint.com). Data is encrypted so that individuals cannot access it in
a readable form by converting it into another form or a code. You need a secret password in order to read the encrypted
data. Unencrypted data is in plain text, but when it is encrypted, it is transformed into what is essentially cipher text. It
is the most well-liked and practical way for safeguarding data in businesses. Data encryption is used for end-to-end
network transmission. Nowadays, encryption techniques are mostly used online to safeguard user data exchanged
between browsers and servers, including passwords, credit card pin numbers, payment methods, and personally
identifiable information that should be made more private. The majority of the time, corporations utilize encryption
techniques to conceal all of the confidential and highly important data that is kept on their computers, servers, and
mobile devices like phones and tablets. Because to the fact that users always utilize computers for various tasks, the
majority of organizations have implemented data encryption at the user level. Some of the staff members are probably
only interested in the tiniest details of the company and are not all real. There may be significant hazards to the firm if
its most crucial plans and data are not secured and given authorization to every user.

NTFS security for user level:

The operating system stores and retrieves files and directories from the hard drive using the standard Windows file
system known as NTFS. By enabling us to give, cancel, modify/edit, and copy the NTFS permission for the users and
groups of the organization using built-in rules for assigning the permission, NTFS security aids us in managing the
security level of our Windows files and folder server. We may simply reduce the risks of unwanted access to the files
and folders that may contain sensitive data and information by implementing NTFS security at the user level inside the
company. It aids in keeping the files and folders hidden from those to whom NTFS is applied. Also, by eliminating any
unauthorized permissions and restricting access to just authorized accounts for the files and folders, it aids in
protecting the server's free data. To limit access to NTFS objects, we may set each permission to either "Allow" or
"Deny." These are the fundamental categories of access permissions.

Complete Control—Users have the ability to create, modify, move, and delete files, folders, and the properties linked
to them. Users can also modify the permissions settings for each file and each subdirectory.
Users can add files to or remove files from a directory, as well as add or remove file properties to or from a file while
viewing and editing files and file properties.
Users have the ability to read and execute executable files, including scripts.
Read— Users have access to directories, file properties, and files.

36 | P a g e
RAID for user level:

The term "RAID" (Redundant Array of Independent Disk) refers to a computer storage technology that uses
redundancy data to implement the fault tolerance feature of computer storage media, primarily Hard disks, either by
using software or by using device units that can physically break a RAID array apart. The data is divided up or
replicated using this method onto other independent hard drives. Hard drives' I/O performance and/or data restrictions
can both be improved by RAID. (medium.com). For the sake of data redundancy and performance, it is the data
storage virtualization technique that merges numerous physical drives into one component. To defend against data
loss, the same data is sorted over numerous hard disks in various locations .

Summary of ISO 31000 & implementation

Depending on the organization's nature, there are many different dangers connected to environmental and physical
variables. Risk management aids in identifying and assessing organizational flaws and errors. Risk-related issues may
have an impact on economic performance, employee reputations, and social, environmental, and safety results. Hence,
successfully controlling risks enables completion of all duties in a right manner. The ISO 31000 standard comprises of
outlining specific guidelines, a solid structure upon which to build, and procedures for efficiently managing risks.

The principles, strategies, and procedures that a company uses to manage risks are all guided by risk management. An
organization may raise its goals, enhance all aspects of threat detection, and employ resources for risk management
with the support of ISO31000.

The ISO3100 can be used as guideline for both internal and external audits of the Organizations but cannot be utilized
as a validated certification. By using ISO31000, a firm may assess its risk management procedures against a globally
accepted benchmark and derive strong management and corporate governance principles. According to organizational
levels, ISO 31000 ensures that information regarding risks identified throughout the risk management process is
reported and used for decision-making.

Together with the internal and external context that are formed to assure the aims and the concerns of the external
stakeholders, the execution of the risk management process is strongly incorporated in the technique described in the
ISO31000 standard. Four processes make up the majority of risk assessment methodologies: risk identification, risk
analysis, risk evaluation, and risk treatment.

According to the nature of the organization there are many types of risks, some of them may be harmful and must be
solved at a time and some of them are not very harmful. After the risk is occurred in the organization different types of
risk assessment procedure are applied to solve the problem such as risk identification, analyzation, evaluation and
treatment of the risks. At the first stage of risk assessment procedure the risk is identified in the organization which
will be more helpful and easier to find the exact solution of risk. Until the exact risk is not finding the identification
process is continued. When the risk is identified in the organization it will be helpful to analyze the nature of the risk.
By this it will be helpful to know the risk types. If we know the risk occurred in the organization it will be easier to
mitigate it. It also helps to identify the security gaps in the organization and determine the steps to eliminate the
weakness and strength of the security risks. During the risk identification step, the organization develops a
comprehensive list of the risks that might prevent it from achieving its objectives, as well as the causes and possible
outcomes of those risks materializing. After the risk is evaluated, the organization implements controls designed to
reduce risk, assess the effectiveness of those controls and implement additional controls on an as- needed basis. Risk is
evaluated to know either it can be ignored or solved. In addition to the four stages of the risk assessment procedures
37 | P a g e
ISO31000 recognize that there are two similarly significant equal procedures that must to happen at each phase of the
evaluation: correspondence and discussion, observing and survey. Organization conducting an assessment should keep
stakeholders informed throughout the procedure and lead checking to guarantee the procedure isfeasible.ISO31000
provide the full guidelines on how the plans are implemented and measure to the risk management system which helps
to perform the systematic assessment in order to balance the economic gain over uncertainty and loss of the
organization. ISO should be taken to any kinds of the Network Security2019Organization for risk management process
but it cannot be used as a certification purpose.ISO31000 mainly covers most of the business activities in an
organization including research, planning, management and communication. ISO31000 also offer the best technique to
manage the risks. It helps to analyze the risk and opportunities across all business functions. Similarly, it helps to
improve the operational efficiency and governance of the organization. By implementing ISO31000, confidence of
stakeholder can be increased in the risk management techniques. ISO 31000risk management access risk and describes
this systematic and logical process in detail. Implementing ISO 31000, enhance your organization’s reputation and
give a competitive advantage when bidding for commercial tenders.

38 | P a g e
References
(Anon, 2023) (Anon, 2023) (Anon, 2023) (Anon, 2023) (Anon, 2023) (Touhid, 2023) (Xuan, 2023) (shop, 2023)
(gibson, 2023) (Koasn, 2023) (Koasn, 2023) (Luminant, 2023) (Study.com, 2023)

References
Anon., 2. T. E. T. [., n.d. [Online]
Available at: https://economictimes.indiatimes.com/definition/sql-injection
Anon, 2023. Google. [Online]
Available at: https://economictimes.indiatimes.com/definition/spyware
[Accessed 02 01 2023].
Anon, 2023. Google. [Online]
Available at: https://economictimes.indiatimes.com/definition/computer-worm
[Accessed 05 01 2023].
Anon, 2023. Google. [Online]
Available at: https://www.contrastsecurity.com/glossary/application-attacks
[Accessed 01 01 2023].
Anon, 2023. Google. [Online]
Available at: https://www.fortinet.com/resources/cyberglossary/what-is-dmz
[Accessed 02 01 2023].
Anon, 2023. Google. [Online]
Available at: https://www.knowitallninja.com/lessons/how-internal-threats-occu
[Accessed 05 01 2023].
Anon, 2023. Google. [Online]
Available at: https://economictimes.indiatimes.com/definition/trojan
[Accessed 01 02 2023].
gibson, S., 2023. NAT. [Online]
Available at: https://www.grc.com/nat/nat.htm
[Accessed 01 01 2023].
Koasn, 2023. Google. [Online]
[Accessed 2023].
Luminant, 2023. Google. [Online]
Available at: https://luminet.co.uk/top-5-benefits-network-monitoring/
[Accessed 01 02 2023].
shop, D. w., 2023. google. [Online]
Available at: https://dpworkshop.org/dpm-eng/oldmedia/threats.html
[Accessed 02 01 2023].
Study.com, 2023. Google. [Online]
Available at: https://study.com/academy/lesson/trusted-network-solutions-environment-technologies.html [Accessed 9 Aug.2019]
[Accessed 01 01 2023].
times, T. e., 2023. Google. [Online]
Available at: https://economictimes.indiatimes.com/definition/sql-injection
[Accessed 2 01 2023].
Touhid, 2023. cyber. [Online]
Available at: https://cyberthreatportal.com/types-of-security-threats-to-organizations/
[Accessed 01 02 2023].
Xuan, 2023. Google. [Online]
Available at: https://www.dienmayxanh.com/kinh-nghiem-hay/malware-la-gi-co-phai-la-virus-khong-cac-loai-malw-1138301
[Accessed 01 01 2023].

39 | P a g e
40 | P a g e