Contents
Extended Guidebook: .......................................................................................................................... 2
Manual: .............................................................................................................................................. 2
Potential Security attacks & risks to an organisation: ............................................................. 2
Prevention of security attacks & risks: ...................................................................................... 4
Organisational security procedures: .......................................................................................... 7
NAT: ............................................................................................................................................... 8
DMZ: ............................................................................................................................................... 9
Static IP:....................................................................................................................................... 10
Benefits of implementing network monitoring systems: ....................................................... 11
Trusted Network: ........................................................................................................................ 11
References: ......................................................................................................................................... 13
Extended Guidebook:
Manual:
Potential Security attacks & risks to an organisation:
There are so many different ways a security can be at risk but, I will
firstly be going through some of the most common security threats that
are typically used and that you must be aware of.
Phishing attacks – This is when you the user click on a message/email
etc. these messages are typically from very similar to legitimate address
but, will have a spelling mistake in their name or sounds the same but
spelt differently etc. These messages will most likely come with a link
that when clicked on will requests for your sensitive data, such as a
password and username, by having your sensitive information they are
then able to grab important data and information. This is typically an
older method that requires social engineering to be able to achieve its
goal.
Similarly, to phishing attacks there is another simpler but harder method
depending on how you gain access towards the username and
password, what I am referring to is password theft, this is when
unwanted users who should not have access towards something has
access towards it by either guessing or from being told it as well as brute
forcing their way through. As a result, typically they will change the
password to lock you out of it or grab important data and information.
This is why it is important to avoid at all costs telling people who do not
work with you your sensitive information such as a password. it should
be noted that, attacks that are password thefts such as ARP spoofing
attack does not work at all anymore in modern days.
Malware – This is an extremely common way of an attack; this is when
an unwanted piece of programming tool or software installs itself onto
your devices system leading to an unusual behaviour or sometimes an
unnoticeable behaviour depending on the type of malware it is. The
result of this can range from denying access to certain files and
programs, deleting files, stealing information, and spreading itself to
other parts of the systems.
There are some instances where people will not attempt to grab
sensitive information but, instead to sometimes voice an opinion or just
out of pure hatred towards a company, a common attack which will be
used to do this is a DDoS attack. A DDoS stands for Distributed Denial
of Service and is used to overload a server with user traffic to the point
where the server can no longer handle the incoming requests, as a
result the website that is hosted from that server will shut down or
become extremely slow to the point of being unusable.
Some common security risks that can occur to an organisation are:
The vulnerabilities of cloud services – As businesses are rapidly
growing with the use of cloud services so are its attacks. Examples are
unauthorized access, DDoS attacks, insecure APIs, misconfigurations in
the cloud, data breaches, etc.
Ransomware – This is the act of someone attacking your network by
infecting it and holding important data until a ransom has been paid, this
is extremely bad for an organisation as this will affect their productivity
depending on the amount paid for the ransom. As a result, businesses
tend to shut down within 6 months of the ransomware.
Internet of Things (IoT) – This is the act of devices being connected to
the internet and collecting or sharing data amongst them. Examples of
security risks to an IoT are a lack of compliance on the part of IoT
manufacturers ranging from hardware to the actual security, this leads to
a weak and unprotected passwords in some, this as a result can lead to
attacks such as botnet attacks etc. Another example is the user
themselves and their lack of knowledge and awareness, just like how
some not most but, some had fell for spam in their emails or entering the
wrong web address which led to a fake website clone of what you were
trying to get to only for your information and details to be stolen and so
on, so it is always important to understand the actual functionality of the
IoT.
Outdated Hardware – As time passes on new updates for security
risks/threats are being made however, as newer updates are being
made so are newer ways/more advanced versions of these attacks. As
hardware’s become more obsolete it will struggle to keep up with the
changes and will find it harder or may not even support the newer and
more secure security measures which are used to put a business
organisation at risks, so it is extremely vital that they are changed and
upgraded over time.
Prevention of security attacks & risks:
I will be talking about how to prevent some of the mentioned security
threats from before.
Phishing attacks – It should be common knowledge to understand that
office emails from organisations do not request sensitive data as a
requirement, this will typically be your giveaway for a malicious intent
happening towards you. It is also good to check the address of the
sender and make sure it aligns with the correct address as the official
ones.
Password theft – There is not anything really that will 100 percent
protect you from a password theft however, by using two-factor
authentication as a protection method will decrease your chances of a
password theft occurring towards you. It is also important to have a
strong password involving Capital and small letters, numbers, and
possibly even special characteristics as an extra safety measure, as this
increases the workload for the attackers and gives more combinations
for them to come across.
Malware – Some of the best ways to be able to detect and remove
malware program tools/software is to have installed an anti-malware
program, having that combined with caution when downloading files
from websites or emails and clicking on suspicious links is an effective
approach to be able to defend yourself from a malware risk.
DDoS – This is quite tricky as it requires constant oversee of traffic and
incoming access, in most case scenarios for unprotected and smaller
organisations the servers will just be taken offline for maintenance. You
could increase your bandwidth available to your web server more than
you will ever need, the reason for this is this can act as a way for you to
understand that there is an unexpected surge in traffic and will allow you
to take action quicker than without having an increase in bandwidth.
Another method is to secure your network infrastructure by having a
multi-level protection strategies in place such firewalls, VPN, anti-spam,
content filtering, load balancing etc. You should also maintain strong
Network Architecture by having extra servers that are located in different
geographical location, this is so that resources are more spread out
allowing for a difficult time for attackers to target you, when one server
goes down the other servers can handle the extra network traffic.
Preventing security risks:
Outdated hardware – Maintain a check-up on your hardware and
replace/upgrade hardware’s that cannot keep up with the ever-changing
security updates.
Ransomware – Take proactive steps to ensure that your data is being
protected by installing antivirus software’s and ensuring that they are up
to date, maintain a schedule to ensure that everything is fine and that
there is nothing unwanted installed or running, scan and filter emails for
your employees, users etc. so that it can better your security and no one
accidentally clicks on something that will be installed, prepare a plan to
respond to this attack and more measures are available.
Cloud services – don’t share personal information, ensure that exemployees, ex-users detail no longer work, ensure that each employees,
users etc. have their own unique specific details, don’t share sensitive
email, use strong passwords and enable two-factor authentication as a
means to improve your defences, set up privacy settings, use antimalware programs etc.
IoT – Know what you have, understand your hardware’s, become more
aware of it. Use strong passwords for each device as well as your Wi-Fi
networks, update your device as well as checking your devices
manufacture for updates, VPN changes who is looking at what you are
doing (the ones who are providing your VPN are the ones who can now
see whilst the people before were your internet providers) and your data
is sent through a secure provided channel so unwanted users cannot
attempt to see. Ensure apps and such have the correct permissions and
no unnecessary permissions are granted to it.
To be able to identify and evaluate risks that could be affected by
attacks, you must identify both internal and external threats and then
evaluate their potential impact. 3 questions should be asked when
assessing this, what are your organisations most important information
and assets? i.e., things which will have the most impact on your
organisations. Secondly, what are the main processes that utilize or
require these information’s? And finally, what threats could affect this
and stop the functioning of these? Once you know and answer these
questions you can develop strategies, you must carefully consider which
risk you are addressing and the best solution for it along with giving each
risk a priority. We can also understand a risk by using the risk equation.
This is not all about numbers but, more of a logical construct. An
example of a situation that would be given a high proprity is when you
have a system that has no firewalls or any protection but, contains an
extremely valuable amount of data and and assets, then this particular
systems risk should be valued and given a high prority.
Typically, there is an IT risk assessment procedure that cyber security
experts will use, these are:
Step 1 – Identify and prioritize assets.
Step 2 – Identify threats
Step 3- Identify vulnerabilities i.e., potential weaknesses that could lead
to enable a threat
Step 4 – Analyse controls, controls could include encryption, intrusion
detection mechanism, identification, and authentication etc. Analyse
these and minimize or eliminate the probability of a threat to exploit any
vulnerabilities.
Step 5 – Determine the likelihood of an incident
Step 6 – Assess the impact of said threat could have on you as the
organisation, plan out the outcome of what would happen and another
plan (plan B) so that if something were to happen then the organisation
would not be shocked and find that something unexpected has occur
that would ultimately lead to a downfall and at worst shutting down the
organisation, as mentioned before how after 6 months organisations
tend to shut down after an attack.
Step 7 – Prioritize the information security risks
Step 8 – Recommend controls i.e., high, low, medium risks allowing for
users to understand what to work on first
Step 9 – Document everything along with its results for future references
Organisational security procedures:
An organisational security policy is a set of rules or procedures that is
imposed by an organisation on its operations to protect its sensitive
data. There are a few set requirements that should be followed and met
in this policy, these are:
1.
2.
3.
4.
Only authorized users who have been authorized from the system
can have access to the system.
The system has a limitation for what the users can do and see, this
is so that the system can protect itself or nothing unexpected can
occur.
The users of the system will be held accountable for their actions
they take that occur within the system.
Labelled security only: The system will limit itself if the following
requirements are met:
 Sensitivity of the information that is contained in objects, as
represented by a label
 Formal clearance of users to access that information, as
represented by user profiles
Enforcing rules for access limits users and prevents them from
accessing unwanted information or sensitive data. Furthermore, it can
cause unwanted or accidental modifications. What’s classified
information/sensitive data and whatnot is defined by the organisation
themselves.
It is extremely important that configurations for things such as a firewall,
third party VPNs etc. are done properly. This is because it can lead to
many different situations due to its poor configurations such as: the
desired traffic of information does not reach its proper intended
destination due to reasons such as it being blocked, the wrong rate
limiting occurs, routed the wrong way that leads to a different destination
or it just could not be routed at all. It can also open up an easier pathway
for users with malicious intent due to undesirable traffic being able to
reach the destination when it should not and the security being
practically defenceless. You should also make sure you are aware of
what port you are using for your root gateways etc. when configuring
your firewall, as servers could go down stopping everyone (the
employees) to do their work which as a result wastes time. And there are
many more other things that could occur if the incorrect configuration
occurs so you must ensure that you are doing the correct configurations
for such things like these.
This also applies to VPNs, sometimes some things that a VPN do are
out of our control such as not being able to create or enforce policies
that protect our credentials. Furthermore, VPNs tend to have a slow
internet so having a bad configuration will further slow down your work
progress.
NAT:
A Network Address Translation (NAT) allows for a single device to act as
an agent between the internet and the LAN and hides all devices inside
the network by making them appear to be coming from a single IP
address, this essentially allows for the whole entire group to be under a
single unique IP address. The benefits of using a NAT within your
network security is that it reuses a private IP address and transfers
packets of data from public to private addresses, it also prevents
unwanted authorization from the devices within the NAT. This is not full
proof and has its flaws but is generally considered to be one of the very
first defences to a network security. Furthermore, the security of private
networks can be enhanced by hiding the internal addresses from
external networks. Also using a NAT can help save the amount of IP
addresses available.
As you can see the source IP address changes so its hidden away from
external networks. I used this example to show what changes and how
helpful it could be for an organisation so that attackers cant tracks the
source IP address of an organisation and relate it back to the devices,
as losing an IP address to an attacker is definitely dangerous.
DMZ:
A Data Management Zone/Demilitarized Zone or DMZ for short is a
secure server that adds an additional layer of security to the network by
protecting an organizations internal LAN network from any untrusted
traffic, it also acts as a buffer between a LAN and the internet and
provides a firewall, monitoring and protecting all traffic to and from hosts
as well as extra security controls. It is best to use a DMZ when two or
more separate devices need to access the same resources, it is so that
these devices don’t end up talking to each other. A DMZ cannot take
connections to a private network so when an attacker infiltrates a server,
they wont be able to move from one database to another because of the
DMZ. If a DMZ is compromised your entire network doesn’t go down so
it becomes easier to rebuild and the since the DMZ can’t take private
network all the data lost was public pretty much anyways. Here is an
example of how a DMZ would protect your network as a firewall:
Although just like the NAT it is by passable however, it still counts as an
extra measure of defence making it tougher for attackers to break in. I
used this example because just like how some houses are made of
brick, we still use it as a way of protection since it can protect us from
certain things in our homes even though It can be broken with enough
force by other ways of attacks. This logic can be applied to an
organisation, the more defences security we have the harder it will be for
attackers to enter our organisations network.
Static IP:
A static IP address is an address that does not change once a device
has been assigned to this address it will typically stay that way unless a
device has shut down from the network. A static IP helps improve the
direction of your traffic to your destination and at a better rate compared
to something like a dynamic IP, it also supports DNS better, can be
remotely accessed anywhere, reliable communication and location
services as well as good for server hosting. Since you yourself are
hosting the server with the static IP you are able to find out faster any
huge spikes of incoming traffic/unwanted traffic much faster than using
another’s server, since you are using static IP so there is a reduced
lapse of connection and you have remote access. Furthermore, you
would have to contact them to get assistance sometimes whilst when
hosting your own you do not since you have access to everything
already. An example of why static IP should be used in an organisation
is that because it is easier to identify devices, any unwanted authorized
devices connected to the network, it will be easier to find since
connected devices are always on the same unique static IP in an
organisation and considering that the devices aren’t turned off until the
end of the day it becomes much easier to find if someone is on the
network when they shouldn’t be.
Benefits of implementing network monitoring systems:
You should always aim to monitor your network as many benefits can
come by doing this, such as:
Performance reports – A network monitoring tool can offer a report of
your performance data which is helpful as some situations may require
for you to be away from monitoring the network. Additionally, reports are
helpful for higher ups within an organisations as they can have a better
grasp of what is happening and review the report, furthermore, a report
can act as a justification for equipment upgrades.
Identify security threats – This is a major problem for any organisation so
by having a network monitoring tool that keeps track of what’s
considered normal traffic within the organisation can help you to
determine any changes that don’t fit the norm faster and therefore,
allowing you to react and respond faster to the problem in a proactive
way.
Justify equipment upgrades – being able to monitor your network can
allow you to understand what equipment is lagging behind in terms of
hardware and security, hardware is important as having a better
hardware allows for the device to keep up with the constant changes
with security updates and more. By understanding what’s lagging behind
an employee would be able to justify their reasonings for requesting an
upgrade without being rejected. You are typically able to figure out when
something is not on par with what you need it to be by using network
monitoring tools as they can give an insight on how the equipment is
being performed over time(trends analysis).
Trusted Network:
Using a trusted network is beneficial and is a good solution for
administrators to use as part of their network security solution. A trusted
network offers a secure guest access, user authentication to help better
manage who can use the network and what they are allowed to do, such
as for a student in a College you will need to provide your user login and
details, this typically is the same credentials to log into a PC, and then
once on the network your searches and what you can do is limited for
example, you are unable to download and install applications as they
could potentially be dangerous, as well as not being able to search some
contents for example a video game website, since this is not essential
for a college to have or want.
Another benefit is endpoint integrity, a trusted network provides a health
check for devices that are connected to the network, devices that do not
meet the standard health check can be repaired or restricted to meet the
compliance.
Another benefit that a trusted network has to offer is encryption and
firewall, encryption would act as an extra means of defence as the
existing data on an organisations server would become much more
secure and cannot be intercepted or transmitted to unauthorized users,
furthermore, having a trusted network that has a firewall which can act
as another means of defence will only further strengthen the network
system from being attacked from attackers. Since a trusted network
offers integrity employees within an organisation can use their devices in
a way that they were intended to behave.
Typically, an organisation will also use a trusted network for internal
employees to use when at an office or via a secure controlled dial-in
mechanism. So essentially, a trusted network eliminates security
problems such as malicious users, inadequate controls, non-compliant
devices since a trusted network includes both software and hardware
security such as encryption of data.
References:
Ibm.com. 2021. IBM Docs. [online] Available at:
<https://www.ibm.com/docs/en/db2-for-zos/11?topic=db2-organizationalsecurity-policies> [Accessed 29 April 2021].