BTEC FPT INTERNATIONAL COLLEGE

INFORMATION TECHNOLOGY
ASSIGNMENT 1
UNIT: Security

STUDENT : NGUYEN VAN ANH

CLASS : PBIT15101
STUDENT ID : BDAF190028
SUPERVISOR : Le Van Thuan

DaNang, Nov 2021

 ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 4 HND Diploma in Computing

Unit number and title Unit: Secutity

Date received (1st sub-

Submission date 25/11/2021
mission)

Date received (2nd

Re-submission date
submission)

Student name Nguyen Van Anh Student ID BDAF190028

Class PBIT15101 Assessor name Le Van Thuan

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the conse-
quences of plagiarism. I understand that making a false declaration is a form of malpractice.

Student’s signature:

Grading grid

P1 P2 P3 P4 M1 M2 D1 D2
 Summative Feedbacks: Resubmission Feedbacks:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

Perfomed Student: NguyenVanAnh 1

 TABLE OF CONTENT

TABLE OF CONTENT.............................................................................................. 2

LIST OF TABLES AND FIGURES ........................................................................... 4

INTRODUCTION ...................................................................................................... 5

CHAPTER 1 BASIC KNOWLEDGE ...................................................................... 6

1.1 Overview about Network Security ................................................................. 6

1.2 Some security threats to organisations. (P1) ................................................ 6

1.2.1 Define threats ......................................................................................... 6

1.2.2 Threat agents to organizations ............................................................... 7

1.2.3 Some threats that organizations will face ............................................... 7

1.2.4 Some Recent 2018/2019/2020 Security Breach ..................................... 7

1.3 Some of the organization's security procedures.(P2) ................................... 9

1.4 Propose a method to assess and treat IT security risks. (M1) .................... 10

1.4.1 Necessary methods for security threat assessment and some examples
of Monitoring Tools ..................................................................................................... 10

1.4.2 The organization's current weakness or threat ..................................... 14

1.4.3 My recommend tools to handle IT security risks ................................... 14

CHAPTER 2 SECURITY SYSTEM ...................................................................... 16

2.1 The potential impact to IT security of incorrect configuration of firewall

policies and IDS. (P3) .................................................................................................... 16

2.1.1 Firewall ................................................................................................. 16

2.1.2 IDS ....................................................................................................... 19

2.1.3 Potential impact (Threat-Risk) of FIREWALL and misconfigured IDS on

the network. 22

2.1.4 Show, using an example for each, how to implement a DMZ, static IP
and NAT in a network can improve Network Security. (P4) ........................................ 22

2.1.5 DMZ...................................................................................................... 22

Perfomed Student: NguyenVanAnh 2

 2.1.6 Static IP ................................................................................................ 23

2.1.7 NAT ...................................................................................................... 24

2.2 Discuss three benefits to implement network monitoring systems with

supporting reasons (M2) ................................................................................................ 26

2.2.1 Network monitoring systems overview. ................................................ 26

2.2.2 Some of the networking monitoring software and discuss each ........... 27

2.2.3 The reason why need to monitor network ............................................. 30

2.2.4 Some benefits of monitoring a network ................................................ 31

CONCLUSION ........................................................................................................ 32

REFERENCES ....................................................................................................... 33

Perfomed Student: NguyenVanAnh 3

 LIST OF TABLES AND FIGURES

No table of figures entries found.

Figure 1 Firewall ..................................................................................................... 16

Figure 2 Firewall activity diagrams .......................................................................... 18

Figure 3 Windown Firewall ...................................................................................... 18

Figure 4 IDS ............................................................................................................ 19

Figure 5 IDS activity diagram .................................................................................. 21

Figure 6 DMZ .......................................................................................................... 22

Figure 7 NAT .......................................................................................................... 24

Figure 8 illustration static NAT ................................................................................ 25

Figure 9 SolarWinds Network Performance Monitor ............................................... 27

Figure 10 PRTG Network Monitor ........................................................................... 28

Figure 11 ManageEngine OpManager .................................................................... 29

Figure 12 WhatsUp Gold ........................................................................................ 29

Perfomed Student: NguyenVanAnh 4

 INTRODUCTION

NorthStar Secure works with medium sized companies in the Vietnam, advising and
implementing technical solutions to potential IT security risks. Most customers have out-
sourced their security concerns due to lacking the technical expertise in house. As part of
your role, your manager Khuong, has asked you to create an engaging presentation to
help train junior staff members on the tools and techniques associated with identifying and
assessing IT security risks together with the organisational policies to protect business crit-
ical data and equipment.

In this report, I will act as a network security person.

Perfomed Student: NguyenVanAnh 5

 CHAPTER 1 BASIC KNOWLEDGE

LO1 Assess risks to IT security.

1.1 Overview about Network Security

Define:

Network security is a term that describes security tools, tactics, and policies de-
signed to monitor, prevent, and respond to network intrusions, and protect technical as-
sets. numbers, including network traffic. Cybersecurity encompasses hardware and soft-
ware technologies (including resources like savvy security analysts, hunters, incident re-
sponders, etc.) potential threats targeting your network.

In other words, it's a defense you use to keep wrong people out of your sensitive
data.

Benefits of network security:

Cybersecurity exists to help your organization protect not only sensitive information,
but also performance, reputation, and even business viability. Continuity and integrity are
two key benefits of effective network security.

1.2 Some security threats to organisations. (P1)

1.2.1 Define threats

Cyber security hazards are dangers that can befall everyone who uses the internet
and are perpetrated by cybercriminals. Cybercriminals have the ability to attack anyone or
any organization.

There are many types of threats to cybersecurity, not to mention threats such as:

• Impersonation
• Eavesdropping
• Denial-of-service
• Packet replay
• Man-in-the-middle
• Packet modification
• Information theft

Perfomed Student: NguyenVanAnh 6

1.2.2 Threat agents to organizations

One of the most serious hazards to businesses is a security system with numerous
flaws and simple access for crooks. Criminals are attracted to data systems because they
have a lot of value. The data is not rigorously monitored, and it could have been caused by
employees who were complicit in the organization's attack.

1.2.3 Some threats that organizations will face

The threats that the organization faces

• Stolen data:
For an organization, data theft is the biggest cause of financial loss due to a
security breach.
• Identity theft:
Identity theft can discredit someone, for example using the stolen person's
information to forge notifications, or it can be used to set up a bank account
or credit card without being paid, causing the victim to fall into debt,…
• And many other threats including destroying the operational structure of the
system, slowing productivity, ... all of these hazards can lead to serious con-
sequences, even leading to disintegration. property of an organization or
business.

1.2.4 Some Recent 2018/2019/2020 Security Breach

Crisis of user information leakage [1]

1. The world's largest social network, Facebook, is expected to have a rocky year in
2018.
The first occurrence took occurred in mid-March 2018, when Facebook reported
that the Cambridge Analytica scandal had touched 87 million users worldwide, including
more than 420,000 in Vietnam. After exposing a security weakness in its "View As" feature
in September 2018, Facebook remained the center of public criticism. This flaw gave
hackers access to any associated accounts, including Instagram, Spotify, Tinder, Airbnb,
and others. It was estimated that around 50 million Facebook users were affected at the
time.At the end of December 2018, Facebook again announced that there was a vulnera-
bility that allowed more than 1,500 applications to access private photos of nearly 7 million
users. As noted, many Facebook users in Vietnam are affected by these security flaws.At
the end of December 2018, Facebook again announced that there was a vulnerability that

Perfomed Student: NguyenVanAnh 7

allowed more than 1,500 applications to access private photos of nearly 7 million users. As
noted, many Facebook users in Vietnam are affected by these security flaws.

In Vietnam, multiple cyber assaults targeting significant organizations and corpora-

tions resulted in the leaking of user data in 2018. The RaidForums Forum published infor-
mation thought to be the data of over 5 million consumers of the Mobile World digital retail
chain in November 2018. Email addresses, transaction histories, and even bank card
numbers are among the items that are missing. Shortly after, the data for FPT Shop's
F.Friends program's contracts was also released. Hackers have targeted some Vietnam-
ese organizations, including Pet Joint Stock Company and Vietnam Cooperative Bank...

2. More than 35,000 smartphones in Vietnam are infected with GhostTeam virus
In January 2018, according to statistics from Bkav's virus monitoring system, more
than 35,000 smartphone devices in Vietnam were infected with GhostTeam virus and stole
Facebook passwords. This malicious code takes advantage of a series of popular Viet-
namese applications on Google Play to distribute. Hackers' attack methods are quite so-
phisticated, firstly, hackers put "clean" popular applications such as perpetual calendar,
flashlight, compass ... on Google Play for users to install. phone. After that, these applica-
tions will automatically download another malicious application, in order to trick the victim,
this "clean" application will display security warnings such as an infected phone or an in-
fected phone. slow… with instructions for handling. These are essentially fake warnings
and when following the instructions, the viruses will take control of the phone and steal the
password of the Facebook account that is using on the device.

All of the aforementioned events have had far-reaching ramifications. It causes

firms to lose a great deal of prestige in information security by causing information and
identity theft to many users. This is a major setback for organizations, both in terms of sta-
tus and financial viability.

Here are some solutions for organizational security:

• Multi-factor authentication
• User security training
• Web & eMail filtering
• Threats detection by installing additional detection applications
• Use Business Continuity Solution for continuous synchronization

Perfomed Student: NguyenVanAnh 8

 • In particular, a team of detection and repair should be built to keep the or-
ganization's ongoing confidentiality secure.

1.3 Some of the organization's security procedures.(P2)

• Information encryption
Information encryption is a method of converting data into a different form of data
that has a different meaning than the data before it was altered, with the goal of allowing
only a limited number of individuals to access it. Initially, by decoding the data that has
been transformed. Information encryption is a critical component of preventing data
breaches.

• Multi-factor authentication
Multi-Factor Authentication (MFA) protects your account, even if your password is
compromised. It combines something you know (your password) with something you have
(your phone). When you log in to your account, it will send your phone a code. If a cyber-
criminal breaks your password but doesn't have your phone, then they won't be able to ac-
cess your account. [2]

The nicest aspect about MFA is that it comes standard with most of your accounts,
such as Microsoft Office 365, Facebook, and LinkedIn. All you have to do now is enable it.
If you just remember one thing from this blog, make it to enable MFA for your personal
bank account. You only need one password to prevent fraudsters from stealing your life
savings.

• User security training

When it comes to cyber security, people are your weakest link. They enjoy opening
attachments and links in eMails, which makes it easy for fraudsters to obtain their creden-
tials. Implementing a network security training plan for your entire organization is the
greatest method to prevent this risk. Learning what not to click on should be part of a solid
strategy, as should fake phishing attempts that mimic contemporary cyber-attacks. This
learning and testing procedure should be repeated on a regular basis to help build your
human firewall.

• Web & eMail filtering

Because humans are incapable of catching every attack, it's a good idea to enlist
the help of a threat intelligence filtering service. Before they reach your users, the service
examines eMail attachments and internet hyperlinks and activates them securely in the

Perfomed Student: NguyenVanAnh 9

cloud. If the attachment or links is suspected of being harmful, it will be blocked before
your user can open it. You may also use a filtering service to ban specific websites based
on their category and boost productivity by limiting access to social media platforms.

• Threat detection
The firewall and antivirus program that we defend acts as a locked door, preventing
cybercriminals from entering and breaking in. Unfortunately, when a cybercriminal tries to
get access, this key is triggered. The threat detection solution functions similarly to your
company's alarm system. The solution checks your network and PC for threats on a regu-
lar basis and reports any suspicious discoveries to the threat intelligence service for re-
view. This service is offered by a group of security and artificial intelligence professionals
who will respond if a threat is detected.

• Business continuity solutions

Examine your current backup solution in greater detail. How long would it take you
to diagnose and bring your users back to work after a catastrophic event like a hardware
failure or ransomware? A better question to ask is how much money you'll waste while
troubleshooting. A corporate solution for reducing downtime by being prepared in the
event of a significant system failure. It functions similarly to a backup generator in the
event of a power loss. The enterprise continuity solution synchronizes any modifications to
your essential systems and minimizes negative effects on user productivity once the situa-
tion has been handled.

• Data backup
Data backup is a form in which you copy the entire piece of data in your company or
organization and then store it in one or more other storage devices to make backup data.
this can avoid power outages or crashes due to hacker intrusion or a virus attack that
wipes out the company's data, avoiding heavy damage due to unreasonable causes.

1.4 Propose a method to assess and treat IT security risks. (M1)

1.4.1 Necessary methods for security threat assessment and some examples of
Monitoring Tools

Currently, information technology (IT) security operations are largely reactive, with
many organizations focusing on implementing security controls to detect attacker behavior.
Then there's the reaction when threat metrics are identified on corporate networks, which
have often been seen as a central element of security practices in recent years and earlier.

Perfomed Student: NguyenVanAnh 10

However, a reactive defense approach essentially inadvertently allows sophisticated ad-
versaries to "dwell" undetected inside the network for weeks, months, or even years.
years, giving them plenty of time to find and steal valuable data or disrupt business.

Threat tracing, on the other hand, is a proactive way to safeguarding an organiza-

tion's IT infrastructure. It is the proactive practice of searching an enterprise network for
signals of hostile activity without being aware of them beforehand. This mission helps se-
curity professionals to detect sophisticated dangers lurking in a company's network envi-
ronment.

After looking for threats, we can build a network security assessment process as
follows:

Step 1: Preliminary survey of the system

Depending on the requirements of each person, each facility, conduct customer in-
terviews, learn and collect basic information about the network system and their needs.

The goal of preliminary research is to figure out what the nature of any lingering is-
sues in the customer's system is. This study is unique to each customer, thus there is no
standard format, but it is heavily influenced by the customer's existing system and the ex-
pert's prior experience with gathering preliminary data.

Step 2: Build an assessment scenario

Based on preliminary research results, recommend to the organization the evalua-

tion method and criteria suitable to the organization's system. The methods that are se-
lected include:

• Select the item needed for a comprehensive cybersecurity risk assessment:

Website or intranet
• Select the appropriate evaluation criteria for the existing network: the net-
work security assessment standard for the Bank is different from the network
security assessment standard of the Airport, the Hospital...
• Select the Checklist to evaluate the suitability of the network system: for ex-
ample, the current network system of Cisco needs to evaluate the security of
network equipment according to the Checklist proposed by Cisco itself.
• Choose whether to re-plan the network, build a new network or temporarily
repair it to limit security risks.

Perfomed Student: NguyenVanAnh 11

 • Select a tool to perform a network security assessment.

Step 3: Check and assess network security risks

Cybersecurity engineers will perform a comprehensive network security assess-

ment of the network according to the method chosen by the customer in step 2. Although
the assessment may vary depending on different network systems, The method will still
revolve around the following basic issues:

• Black box testing (BlackBox). Engineers act as users and will not be deeply
involved in the system. A black box assessment may not take as much time
and effort as a white box, but the results are incredibly important. The reason
is that Hacker basically starts out as a regular user as well. Vulnerabilities
and threats reported from black box testing are extremely important.
• White Box Testing. Evaluation engineers will be deeply involved and sys-
tematic, knowledgeable about the system. The assessment of risks will come
from inside and outside the system. Evaluation results from white box testing
are more comprehensive than black box. White box testing can include code
review.

Factors to ensure information security

Cybersecurity engineers must have a thorough understanding of the variables that

contribute to information and network security, as well as the ability to comprehensively
assess potential security hazards to the customer's system. These elements include:

• Confidentiality. Information must be kept confidential and used for the right
audience.
• Integrity. Information must be complete, structurally intact, and free from con-
tradictions.
• Ready. Information must always be readily accessible, to serve the right pur-
pose and in the right way.
• Accuracy. Information must be accurate and reliable.
• Non-repudiation (non-repudiation). The information is verifiable from the
source or the informant.

Cybersecurity and information security threats

Perfomed Student: NguyenVanAnh 12

 Identify threats to the above-mentioned information security factors. Threats
(threads) are acts and behaviors that may jeopardize the system's security, such as:

• The target threatens to attack. Examples are web services (www), domain
name services (dns), file services (ftp)... of customers.
• Threat of attack. is the subject of harm to the system, or the Hacker. This ob-
ject has different capabilities, is capable of finding holes in different systems,
has different purposes: deliberate, conquest, personal gain...
• Threats to attack. Taking advantage of access to system information, inten-
tionally or unintentionally changing system information, illegally accessing in-
formation, eavesdropping on information, stealing software or hardware.
• Classify threats. There is a purpose, there is no purpose, from the outside,
from within.

The results obtained from the evaluation

• Clearly identify threats.

• Clearly identify potential security threats.
• Clearly identify vulnerabilities that can be attacked.
• Assess the amount of damage if an attack occurs.

Step 4: Report the results of the network security assessment

Network security engineers will synthesize a complete report of risks, vulnerabilities,

attack techniques, detailed harm if attacked, and measures to be taken to rectify the out-
comes of the network security assessment in step 3.

Step 5: Develop measures to overcome network security risks

Engineers will develop a solution and to issue a plan to fix the network security vul-
nerabilities reported in step 4. Remedial measures may include:

• Software update consulting.

• Advice on changing device configuration.
• Safe programming advice.
• Consulting to change network security policy.
• And other necessary methods to overcome and minimize security risks.

Step 6: Warranty and periodic maintenance

Perfomed Student: NguyenVanAnh 13

 To ensure security, it is necessary to maintain warranty and maintenance for net-
work security services every 3 months, 6 months or 1 year. The Cybersecurity Engineer
will assist in a cybersecurity reassessment for required system changes:

• Add services to the system.

• Update professional software in the system.
• Change the Security policy to accommodate new systems.
• Change hardware: Firewall, Switch, server...
• And any changes that affect the results of the cybersecurity assessment.

Step 7: Solve network security problems

After completing the above steps, based on the assessment in step 3 and the report
in step 4, remove threats and build defenses for the system.

1.4.2 The organization's current weakness or threat

Businesses must boost the protection of one of their most precious assets – data –
as the frequency of cyberattacks continues to rise. To do so, companies must first identify
their shortcomings before taking steps to address them.

Current weaknesses or threats the organization may face:

• The computers in the enterprise's system can be controlled, infected with vi-
ruses, malicious code.
• Organization hacked Web server, FTP server, Email server.
• Organization suffers from a denial of service attack.
• Organization has a need to investigate the perpetrators of network attacks.
• Organization is smeared, defamed, impersonated on social networks, needs
to collect information about the perpetrator.

1.4.3 My recommend tools to handle IT security risks

Some website security testing tool:

• Gamasec

Gamasec is a website scanning application that can analyze the whole file and
structure of a website. To avoid any security concerns, Gamasec scans and detects net-
work weaknesses and malware. This utility will export a report after the scan is completed
so that the administrator can comprehend the network state.

Perfomed Student: NguyenVanAnh 14

 • Norton Safe Web

Symantec's Norton Safe Web is a dependable piece of software. This tool will de-
termine whether or not the website is safe for users and their computers to visit.

• McAfee SiteAdvisor Software

McAfee SiteAdvisor Software is a tool to help check for malicious code, malicious
java, and spyware that can harm your computer. Besides, this tool also helps Google give
warnings about unsafe websites.

• AVG Online Web Page Scanner

This website security check tool allows to check the safety of the website. The task
of the tool is to see if the website has any risk of harming users

• McAfee – Domain Health Check

This is a free tool of McAfee that allows you to check the website's traffic and as-
sess the "health of the website" of the business.

Some system security tool:

• Nessus – System security checker

For network administrators, finding security holes in the system is always the most
important thing. And Nessus is the most popular tool because Nessus has a large data-
base of security vulnerabilities. On the other hand, this tool can automatically update new
errors after checking.

• Kali Linux Tools

Kali Linux is considered a perfect product to detect attack vulnerabilities in the net-
work. This is a free, open source tool that helps you penetrate many small systems at the
same time.

In fact, this Kali Linux System Security Tool is combined with 300 penetration test-
ing and security testing programs with a single Linux operating system. Thus, network ad-
ministrators can effectively check the risk, the threat of attack

• System Security Tool OpenVas

Perfomed Student: NguyenVanAnh 15

 OpenVas is the most feature-rich tool that is the foundation of the free network se-
curity scanning toolkit. OpenVas can scan hundreds of thousands of different vulnerabili-
ties. What's more, this tool can automatically schedule scans and support multiple execu-
tion tasks at the same time

CHAPTER 2 SECURITY SYSTEM

2.1 The potential impact to IT security of incorrect configuration of firewall

policies and IDS. (P3)

2.1.1 Firewall

What is firewall? [3]

Figure 1 Firewall
A firewall is a network security system that can be based on hardware or software
that uses rules to control traffic entering and leaving the system. Firewalls act as a barrier
between a secure network and an insecure network. It controls access to network re-
sources through an active control model. That is, only traffic that conforms to the policy de-
fined in the firewall can access the network, and all other traffic will be rejected.

Any computer connected to the Internet needs a firewall, which helps to manage
what is allowed on the network and what is allowed out of the network.

Any computer connected to the internet needs a firewall to manage incoming and
outgoing information, because:

• Internet-connected computers often face many stalking risks.

Perfomed Student: NguyenVanAnh 16

 • Each online computer has its own digital signature, called an IP (Internet
Protocol address). Therefore, without the support of a firewall, it is very easy
to get infected with malicious code and lose data.
• A correctly configured firewall will help the computer "hide" itself effectively
without worrying about being intruded by hackers. A firewall does not work
like anti-virus software. However, it is a tool to ensure your computer is free
from common network attacks.

Firewall Effect:

• Firewalls bring many beneficial effects to computer systems. Specifically:

• Firewalls prevent unauthorized access to private networks. It acts as a gate-
keeper, monitoring all data entering or leaving from the private network.
When it detects any unauthorized access, it will prevent and prevent that traf-
fic from reaching the private network.
• Firewalls help block network attacks.
• Firewalls work as security checkpoints. By filtering information connected
over the internet to the network or personal computer.
• Easily control connections to the website or restrict some connections from
users that the business does not want.
• You can customize the firewall according to your needs. By setting the right
privacy policies.

Perfomed Student: NguyenVanAnh 17

 Figure 2 Firewall activity diagrams
Built-in firewall on your computer, to turn on just open the windown firewall click on
the tick "Turn Windows Firewall On or Off". Now the options panel will appear. According
to this table, the system allows you to enable or disable the firewall. You can even aggre-
gate connections to your computer. This is extremely useful when you're on public net-
works, as they provide you with a secure connection.

Figure 3 Windown Firewall

Perfomed Student: NguyenVanAnh 18

2.1.2 IDS

Define:
IDS stands for Intrusion Detection System. These are software or tools that help
you secure your system and warn you when there is an intrusion. An IDS is usually part of
other security systems or software, accompanied by the task of protecting information sys-
tems.

The most important features of IDS include: monitoring network traffic and suspi-
cious activity; provides warnings about anomalies to systems and network administrators;
Combined with firewall, anti-virus software creates a complete security system.

Firewalls or anti-virus software are only a very small part of the entire security sys-
tem. As the size of the business grows, firewalls or anti-virus software are not enough to
protect the entire system from attacks.

You need to use IDS as an official part of the network. IDS can then be captured
system-wide, combined with AI and pre-configured configurations to track system anoma-
lies, determine when attacks occur, or analyze how attacks happen. [4]

Figure 4 IDS
Classification of intrusion detection systems

Perfomed Student: NguyenVanAnh 19

 IDS uses two techniques for intrusion detection: behavior detection and signature
detection to confirm attacks, from which the following types of IDS are available:

HIDS (Host intrusion detection system): used on individual machines

NIDS (Network intrusion detection system): Not only install on the machine but it
supports many devices in the network.

NNIDS (Network node Intrusion detection system): Combines the HIDS and NIDS.

Perfomed Student: NguyenVanAnh 20

 Advantages and disadvantages of IDS:

Advantages:

• Suitable for collecting data and evidence for investigation and incident re-
sponse
• Giving a comprehensive and comprehensive view of the entire network
• Is a suitable tool for checking problems in the network.

Disadvantages:

• It needs to be configured properly, otherwise it will cause false alarm

• The ability to analyze encrypted traffic is relatively low
• The cost of developing and operating the system is relatively high.

Figure 5 IDS activity diagram

Perfomed Student: NguyenVanAnh 21
2.1.3 Potential impact (Threat-Risk) of FIREWALL and misconfigured IDS on the
network.

The security system was greatly weakened when the ids and firewall were miscon-
figured. When the firewall is misconfigured, it is unable to validate the suitability of header
packets, and it fails to detect policies based on protocol types, source addresses, and des-
tination addresses, resulting in packets that do not match. Compliance with the policy will
not be refused; however, the consequences may result in the spread of viruses to our own
computers. It's difficult to evaluate the header and payload packets when the IDS is mis-
configured, and erroneous messages can lead to harmful data. Hackers will have an op-
portunity to attack our system now. Once this occurs, it may be too late to reverse the situ-
ation, and data theft or loss will almost certainly occur. So be careful in configuring firewall
and IDS.

2.1.4 Show, using an example for each, how to implement a DMZ, static IP and NAT
in a network can improve Network Security. (P4)

2.1.5 DMZ

Define:

The DMZ (Demilitarized Zone) is an area located between the Local Area Network
and the Internet. This is a place to host servers and provide services for hosts on LAN as
well as other hosts coming from outside LAN. The last step that data packets pass before
being transmitted out to the Internet. This is also the first place where packets arrive be-
fore they are entered on the LAN. [5]

Figure 6 DMZ
Perfomed Student: NguyenVanAnh 22
 Its usage:

If we want to secure the local network and reduce damage to the hosts on the LAN,
then we use the DMZ. The DMZ will have different network lines or subnets from the local
network, so hosts from other LANs will not be able to access the LANs, but they can still
use the services that the DMZ provides.

In between the DMZ and the external network we can put a firewall. It will control
the connections from the external network to the DMZ. As for the internal network and the
DMZ, we can add another firewall to control the traffic from the DMZ to the internal net-
work.

How implementing a DMZ:

A single firewall and a dual firewall are two common configurations. Devices con-
nected to the network interface card (NIC) of a single firewall will connect from the DMZ,
LAN, and Internet, respectively. There will be two firewall devices if dual firewall is used.
Each device will have two network interface cards (NICs). The first firewall will connect to
the Internet and the DMZ, while the second firewall will connect to the DMZ and the LAN.
In comparison to the first way, this strategy is relatively costly. It is, however, far more se-
cure than employing a single firewall.

The DMZ is created to secure the LAN network with two roles that are to provide
services to the host of the LAN and other hosts from other LANs, as well as to protect the
hosts on the LAN from being affected. Hackers attack from other LAN hosts.

2.1.6 Static IP

Define:

An IP address that does not change is known as a static IP address. A static IP is

typically assigned to a server for a specific purpose, such as a mail server, web server, or
other key devices, to ensure that users' access is uninterrupted.

Function of static IP:

• Static IP address will help you connect to the Internet quickly without having
to re-issue a new IP address.
• Some services and games require a static IP address. That means the fixed
IP address does not change, even after rebooting the model.

Perfomed Student: NguyenVanAnh 23

 • Static IP addresses also help speed up web access and download torrent
files
• Static IP address is essentially for stable communication with computers on
the internal network. For example, companies use network printer equipment
with static IP addresses.
• The company can use the fax machine to observe the camera from outside
when there is static IP.
• They provide slightly better protection against network security issues than
DHCP address assignments.
• Helps avoid potential IP address collisions where DHCP can deliver the
specified address elsewhere.
• Provides a more accurate geographical location than a dynamic IP address
(more secure to access).
• Also, if the server is assigned a dynamic IP address, it will change some-
times causing your router to not know which computer on the network is the
host, creating a vulnerability that creates an opportunity for hackers to attack.

2.1.7 NAT

Define: [6]

NAT (Network Address Translation) is a technique for converting from one IP ad-
dress to another. Typically, NAT is commonly used in networks using local addresses, re-
quiring access to the public network (Internet). The place where NAT is performed is the
edge router connecting the two networks.

In addition, many organizations can deploy the same IP together, NAT will be used
to solve problems when these organizations want to communicate with each other over the
network.

Figure 7 NAT
Perfomed Student: NguyenVanAnh 24
 Usage of NAT:

• NAT helps to reduce the number of IP addresses to use.

• Helps to conceal IP inside LAN.
• NAT can share internet connection for many different computers, mobile de-
vices in LAN with only one public IP address.
• NAT helps network administrators filter incoming packets and verify public
IP's access to any port

Static NAT

Static NAT is used to permanently convert one IP address to another, usually from
a local address to a public address and the process is manually set, i.e. only mapping and
address mapping explicitly specify corresponding only.

Static NAT is very useful in cases where devices need a fixed address to be acces-
sible from outside the Internet. These devices are popular servers such as Web, Mail, ...

Figure 8 illustration static NAT

PAT:

PAT (Port Address Translation) is a type of NAT that accomplishes the same thing.
Instead of only converting the IP address, the port address is now translated as well (as
determined by Router NAT), so the benefit of NAT is that it can use a public IP address
instead. many private IP addresses - effective for saving IP.

Perfomed Student: NguyenVanAnh 25

2.2 Discuss three benefits to implement network monitoring systems with
supporting reasons (M2)

2.2.1 Network monitoring systems overview.

The process of monitoring network components such as routers, switches, firewalls,

and servers is known as network monitoring.

The Network Monitoring Tool is a program that gathers important data from various
portions of the network. It will aid in network management and control. Performance moni-
toring, error monitoring, and account monitoring will be the focus of network monitoring.

It's used to test things like apps, email servers, and so on. It sends a signal or Ping
to the system ports to test the network or its internals. The process of monitoring network
components such as routers, switches, firewalls, and servers is known as network monitor-
ing.

Core elements in network monitoring

In order to be highly effective in network monitoring, we need to master the unique

core elements of this work. Specifics include:

• Mastering tools, equipment, and software for monitoring work, including in-
ternal and open software
• Master the parts, units, systems, services and equipment for monitoring
• Methodically use tools and solutions to support the processing and analysis
of monitoring results. Some tools like Snort, Wireshark, Nessus, Nmap ...
• Make sure employees have good knowledge of this area

Components of a network system

Because it is a comprehensive network system, network safety monitoring is very

important, requiring you to understand the system's components such as:

• Server – server
• Network infrastructure devices such as hubs, routers, switches.
• Workstation, workstation model
• Devices and systems for network monitoring
• Software and applications in workstations, servers.

Perfomed Student: NguyenVanAnh 26

2.2.2 Some of the networking monitoring software and discuss each

1. Monitor Solarwinds network performance

SolarWinds Network Performance Monitor is easy to set up and can be ready out of
the box. The tool automatically detects network devices and deploys within an hour. Its
simple approach to monitoring the entire network makes it one of the easiest and most in-
tuitive user interfaces to use.

The product is highly customizable and the interface is easy to manage, changing
very quickly. You can customize web-based performance dashboards, charts, and views.
You can design the right topology for your entire network infrastructure. You can also cre-
ate custom dependency-aware smart alerts and more. [7]

Figure 9 SolarWinds Network Performance Monitor

2. Monitor PRTG network from Paessler

PRTG Network Monitor software is commonly known for its advanced infrastructure
management capabilities. All devices, systems, traffic, and applications on your network
can be easily displayed in a hierarchical view that summarizes performance and alerts.
PRTG monitors IT infrastructure using technologies such as SNMP, WMI, SSH,
Flows/Packet Sniffing, HTTP requests, REST APIs, Pings, SQL and many more.

This is one of the best options for organizations with low network monitoring experi-
ence. The user interface is really powerful and very easy to use.

Perfomed Student: NguyenVanAnh 27

 A very special feature of PRTG is the ability to monitor devices in the data center
using a mobile application. The QR code corresponding to the sensor is printed out and
attached to the physical hardware. The mobile application is used to scan the code and
the device summary is displayed on the mobile screen.

Figure 10 PRTG Network Monitor

3. ManageEngine OpManager

At its core, ManageEngine OpManager is infrastructure management, network mon-

itoring, and Application Performance Management “APM” software (with APM plug-in). The
product is well balanced when it comes to monitoring and analytics features.

The solution can manage your network, servers, network configuration and errors &
performance; It can also analyze your network traffic. To run Manage Engine OpManager,
it must be installed in place.

The highlight of this product is that it comes with pre-configured network monitoring
device models. They contain predefined parameters and monitoring intervals for specific
types of devices. The Essential Edition product can be purchased for $595, allowing up to
25 devices.

Perfomed Student: NguyenVanAnh 28

 Figure 11 ManageEngine OpManager
4. WhatsUp Gold 2017

WhatsUp Gold (WUG) is an Ipswitch network monitoring software. It is one of the

easiest to use and highly configurable tools on the market. The control panels are user-
friendly and visually appealing.

For day-to-day IT management, WhatsUp Gold is a price/feature balanced network

monitoring tool. It is also fully customizable. The dashboard can be customized to show IT
infrastructure and alerts to fit your requirements.

Highlights of the latest 2017 Plus release are hybrid cloud monitoring, real-time per-
formance monitoring, automatic and manual failover, and expanded visibility for distributed
networks.

WhatsUp Gold is only supported for Windows operating system. The software
comes with different pricing plans to suit your network and wallet.

Figure 12 WhatsUp Gold

Perfomed Student: NguyenVanAnh 29
2.2.3 The reason why need to monitor network

• Know what's going on

The network monitoring solution always provides timely notification of the connec-
tion information and the operating status of the devices and resources on the network,
without this solution, you will have to wait until someone among them Use complain with
you, then you will know how to fix the error.

• Actively plan to replace or upgrade

If a device frequently stops working, or the bandwidth for a network segment is of-
ten in a critical condition, it must be changed… all the information that needs to be
changed or upgraded above is covered by the application. network monitoring application
allows you to know in time to make timely decisions.

• Diagnose problems quickly

One of your servers is not working properly, or users cannot access it from the In-
tranet… Without a network monitoring tool, you cannot be sure that the problem is with the
server, the device. switch to which the server is connected, or the router in the network.
Knowing exactly where the problem occurs will save you a lot of time.

• Monitor the status of online activities

Graphical reports will help you keep track of details about the status and activities
going on on the network. They are very useful tools to ensure the quality of services,
promptly indicating which equipment needs to be replaced.

• Timely warning when disaster recovery solutions are needed

With timely alertness, you have the time and conditions you need to migrate your
critical servers to a backup system until the main system is repaired and back to normal.
often. Without a network monitoring solution, you won't be able to keep up when some-
thing goes wrong and all efforts are already too late.

• Monitoring Security system operation

Many companies spend a lot of money on security hardware and software, but
without a network monitoring solution, you cannot be sure that the security devices are
working properly.

• Take control of the resources your customers need to exploit

Perfomed Student: NguyenVanAnh 30
 Many devices on the network are really just serving applications running on servers
(e.g. HTTP, FTP, Mail, ...). Through a network monitoring application you can see the sta-
tus of these applications and ensure your customers can connect to the servers and query
what they need.

2.2.4 Some benefits of monitoring a network

The nature of SIEM, also known as Security information and event management,
was created with the main purpose of collecting data and information about security
events. It ranges from terminals to centralized data storage. Thanks to the analysis results
of the network security system tool, we can detect the risks before the attack of hackers.
[8]

The main benefits of a network security monitoring system are:

• Make management more centralized

• SIEM can detect network penetration and attack problems that are difficult
for conventional devices to detect.
• Make troubleshooting simpler and more effective
• Overall, SIEM is a great product for large organizations, businesses, banks,
corporations and government agencies.

Perfomed Student: NguyenVanAnh 31

 CONCLUSION

After completing this report, I have gathered my knowledge. I would like to give
special thanks to those who passed this knowledge on to me. And thank you for taking the
time to read my report.

In this assignment 1, I have presented the types of cyber security crimes, how to
fight crimes and protect the network for the company that has hired us as their cybersecu-
rity person. In addition, I also cover firewalls, intrusion detection systems, recent malicious
security incidents, present about DMZ, static IP, NAT, present Propose a method to as-
sess and treat IT security risks, discuss about network monitoring systems and a lot of
knowledge related to keeping the network secure.

Perfomed Student: NguyenVanAnh 32

 REFERENCES
[1]. Rathore, N.C. and Tripathy, S., 2020. AppMonitor: restricting information leakage to third-party
applications. Social Network Analysis and Mining, 10(1), pp.1-20.

[2]. Ruighaver, A.B., Maynard, S.B. and Chang, S., 2007. Organisational security culture: Extending
the end-user perspective. Computers & security, 26(1), pp.56-62.

[3]. Ioannidis, S., Keromytis, A.D., Bellovin, S.M. and Smith, J.M., 2000, November. Implementing a
distributed firewall. In Proceedings of the 7th ACM conference on Computer and communications securi-
ty (pp. 190-199).

[4]. Ashoor, A.S. and Gore, S., 2011. Importance of intrusion detection system (IDS). International
Journal of Scientific and Engineering Research, 2(1), pp.1-4.

[5]. Dart, E., Rotman, L., Tierney, B., Hester, M. and Zurawski, J., 2014. The science dmz: A network
design pattern for data-intensive science. Scientific Programming, 22(2), pp.173-185.

[6]. Egevang, K. and Francis, P., 1994. The IP network address translator (NAT) (pp. 1-10). RFC
1631, may.

[7]. Dauer, P., Khondoker, R., Marx, R. and Bayarou, K., 2015, June. Security analysis of software
defined networking applications for monitoring and measurement: sflow and bigtap. In The 10th international
conference on future internet (pp. 51-56).

[8]. Stolze, M., Pawlitzek, R. and Wespi, A., 2003. Visual problem-solving support for new event tri-
age in centralized network security monitoring: Challenges, tools and benefits. IT-incident management & IT-
forensics–IMF 2003.

Perfomed Student: NguyenVanAnh 33