ASSIGNMENT 1 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 5: Security

Submission date 11/3/2024 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name PHUNG BA QUOC ANH Student ID BH00610

Class SE06202 Assessor name LE VAN THUAN

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.

Student’s signature ANH

Grading grid

P1 P2 P3 P4 M1 M2 D1
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

 Table of Contents
I.I ntroduction.....................................................................................................................................................5

II. Content ..........................................................................................................................................................6

P1.Discuss types of security risks to organisations ............................................................................................. 6

1. Define IT risks ......................................................................................................................................... 6
2. Discuss types of risks to organizations ...................................................................................................... 6
3. What are the recent security breaches? List and give examples with dates ................................................. 9
4. Discuss the consequences of this breach .................................................................................................13
5. Suggest solutions to organizations ..........................................................................................................13
P2 Describe at least 3 organizational security procedures. ................................................................................14
1. Definition..............................................................................................................................................14
2. Organizational security procedures .........................................................................................................14
P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and VPN ..................17
1. Discuss briefly firewall and policies, its usage and advantages in a network................................................17
2. How does a firewall provides a security to a network ...............................................................................20
3. Show with diagrams the example of how firewall works ...........................................................................21
4. Define VPN, its usage, and show it with diagrams examplesa ....................................................................23
5. Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the network.
................................................................................................................................................................26

P4.Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve
Network Security ..........................................................................................................................................27
1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage..........27

2. Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage . 30

3. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage...........32

M2.Propose a method to assess and treat IT security risks. ..............................................................................34

1. Discuss methods required to assess it security threat? E.g. Monitoring tools..............................................34
2. What are the current weakness or threat of the organization ?.................................................................37
3. What tools will you propose to treat the IT security risk? ..........................................................................37
M1.Discuss three benefits to implement network monitoring systems with supporting reasons .........................38
1. List some of the networking monitoring devices and discuss each .................................................................38
2. Why do you need to monitor network.....................................................................................................41
3. What are the benefits of monitoring a network .......................................................................................42
III. Evaluation....................................................................................................................................................44

IV. Conclusion....................................................................................................................................................45

V. References .................................................................................................................................................... 46

Table of Figure

Figure 1 : Viruses ............................................................................................................................................... 6

Figure 2 : Worm................................................................................................................................................. 7
Figure 3 : Trojan ................................................................................................................................................ 7
Figure 4 : Adware .............................................................................................................................................. 8
Figure 5 : Spyware...............................................................................................................................................8
Figure 6 : Ransomware.........................................................................................................................................9
Figure 7 : Image for representation. | Noah Seelam/AFP ......................................................................................10
Figure 8 : UK and allies sanctions Russian cyber hacker ........................................................................................12
Figure 9 : Password Management .......................................................................................................................15
Figure 10 : Access Control ..................................................................................................................................16
Figure 11 : Incident Response ............................................................................................................................17
Figure 12 : Definition Firewall.............................................................................................................................18
Figure 13 : diagrams the example of how firewall works.......................................................................................21
Figure 14 : What is a VPN service........................................................................................................................23
Figure 15 : Definition of DMZ .............................................................................................................................27
Figure 16 : Structure of DMZ ..............................................................................................................................29
Figure 17 : Definition IP .....................................................................................................................................30
Figure 18 : Definition of NAT ..............................................................................................................................32
Figure 19 : Router .............................................................................................................................................39
Figure 20 : Switch..............................................................................................................................................40
Figure 21 : Monitoring Server.............................................................................................................................41

List of Table
Table 1 : Advantages and Disadvantages of VPN .................................................................................................24
Table 2 : Example diagram VNP .........................................................................................................................24
Table 3 : Advantages and disadvantages of DMZ .................................................................................................30
Table 4 : Advantages and disadvantages of static IP ............................................................................................32
Table 5 : Advantages and disadvantages of NAT ..................................................................................................34
I.I ntroduction
As part of the esteemed team at FPT Information Security (FIS), we understand the paramount importance
of staying ahead in the ever-evolving landscape of cybersecurity. FIS, a leading Security consultancy in
Vietnam, is committed to partnering with medium-sized companies, offering expert guidance and tailored
solutions to combat the intricate challenges posed by IT security threats.
In our line of work, we often encounter clients who have chosen to entrust their security concerns to FIS,
recognizing the expertise and dedication we bring to the table. Many of these organizations have opted
for outsourcing due to the inherent complexity of IT security and the scarcity of in -house technical
proficiency. It is within this context that our role as trainee IT Security Specialists gains heightened
significance.
Today, under the directive of our esteemed manager, Jonson, we embark on a journey to equip ourselves
with the indispensable knowledge and skills required to effectively identify and assess IT security risks. Our
objective is not only to fortify the defenses of our clients but also to empower ourselves with the expertise
needed to navigate the intricate nuances of cybersecurity.
Throughout this session, we will explore the diverse array of tools and techniques essential for robust risk
identification and assessment. From vulnerability scanning to threat intelligence analysis, we will delve
into practical methodologies aimed at strengthening our understanding and proficiency in this critical
domain.
As we delve deeper into the intricacies of IT security, let us approach this learning opportunity with
enthusiasm and dedication. Let us leverage the collective expertise within our organization to foster a
culture of continuous learning and innovation.
II. Content
P1.Discuss types of security risks to organisations
1. Define IT risks
A network security threat is exactly that: a threat to your network and data systems. Any attempt to breach
your network and obtain access to your data is a network threat.There are different kinds of network
threats, and each has different goals. Some, like distributed denial-of-service (DDoS) attacks, seek to shut
down your network or servers by overwhelming it with requests. Other threats, like malware or credential
theft, are aimed at stealing your data . Still others, like spyware, will insert themselves into your
organization’s network, where they’ll lie in wait, collecting information about your organization.
• Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter,
erase, harm object or objects of interest.
• Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware,
virus, worms, bots are all same things. But they are not same, only similarity is that they all are malicious
software that behaves differently.[1]
2. Discuss types of risks to organizations
a. Malware attacks
Malware attacks are any type of malicious software designed to cause harm or damage to a computer,
server, client or computer network and/or infrastructure without end -user knowledge.
Cyber attackers create, use and sell malware for many different reasons, but it is most frequently used to
steal personal, financial or business information. While their motivations vary, cyber attackers nearly
always focus their tactics, techniques and procedures (TTPs) on gaining access to privileged credenti als
and accounts to carry out their mission.[2]
Types of malwares:
• Viruses : When a computer virus is executed, it can replicate itself by modifying other programs
and inserting its malicious code. It is the only type of malware that can “infect” other fil es and is
one of the most difficult types of malware to remove.

Figure 1 : Viruses
• Worm : A worm has the power to self-replicate without end-user involvement and can infect entire
networks quickly by moving from one machine to another.

Figure 2 : Worm

• Trojan : Trojan malware disguises itself as a legitimate program, making it one of the most difficult
types of malware to detect. This type of malware contains malicious code and instructions that,
once executed by the victim, can operate under the radar. It is often used to let other types of
malware into the system.

Figure 3 : Trojan
• Adware : Adware serves unwanted and aggressive advertising (e.g., pop-up ads) to the end-user.

Figure 4 : Adware

• Spyware : Spyware spies on the unsuspecting end-user, collecting credentials and passwords,
browsing history and more.

Figure 5 : Spyware
 • Ransomware : Ransomware infects machines, encrypts files and holds the needed decryption key
for ransom until the victim pays. Ransomware attacks targeting enterprises and government
entities are on the rise, costing millions of organizations as some pay off the attackers to restore
vital systems. Cyptolocker, Petya and Loky are some of the most common and notorious families
of ransomware.

Figure 6 : Ransomware

3. What are the recent security breaches? List and give examples with dates
a. 'Mother of all breaches': 26 BILLION records leaked
Security researcher Bob Diachenko and Cybernews investigators discovered an open version with more
than 26 billion data records, mostly compiled from previous breaches – although it may also including new
data.
Organizations involved in these data records include:
• Tencent QQ – 1.4 billion records;
• weibo – 504 million records;
• Myspace – 360 million records;
• X/Twitter – 281 million records;
• Deezer – 258 million records;
• LinkedIn – 251 million profiles;
• AdultFriendFinder – 220 million profiles;
• Adobe – 153 million records;
 • Canva – 143 million records;
• VK – 101 million records;
• Dailymotion – 86 million records;
• Dropbox – 69 million records;
• Telegram – 41 million profiles
Data is more than just authentic information – according to Cybernews, most of the exposed data is
sensitive.
Given the unusual scale of the data breach, it was dubbed the 'MOAB' (mother of all breaches). A total of
3,876 domains were included in the exposed dataset.
Leon Teale is a senior penetration tester at IT Administration with over ten years of experience performing
penetration tests for clients in various industries worldwide. Leon has also won hackathon events in the
UK and internationally, and has been recognized for numerous bug awards.[2]
b. Aadhaar details, phone numbers of nearly 75 crore Indians put up for sale, cybersecurity firm claims
The threat actors selling the data allegedly obtained the data through ‘vulnerabilities in government
databases or telecommunication systems’, said CloudSek.

Figure 7 : Image for representation. | Noah Seelam/AFP

Personal data such as Aadhaar details and mobile phone numbers of nearly 75 crore Indians has been
allegedly put up for sale online, said digital threat analysis company CloudSek in a report on Wednesday.
The company said that its digital risk protection platform discovered that a threat actor named CyboDevil
had made a post on an “underground forum” promoting the sale of the comprehensive mobile network
consumer database on Tuesday.

It said that a similar post was made by another threat actor named UNIT8200 on January 14 on the instant
messaging platform Telegram.

The database allegedly includes the name of the mobile user, their phone numbers, residential addresses,
Aadhaar details and names of their family members.

The CyboDevil and UNIT8200 are a part of the CYBOCREW group, which was founded around July 2023.
The CYBOCREW group has been “linked to significant breaches, targeting Netplus Co, Zivame, Giva Co, and
a Hyundai data breach affecting 2.1 million individuals”, according to the cybersecurity firm.

In its report, the firm also included screengrabs of the posts made on Telegram and the “underground
forum”. It, however, did not mention if CloudSek had independently verified the dataset.

It said that the exact way in which the data was breached is not clear but added that the threat actors
hinted at “exploiting vulnerabilities within government databases or telecommunication systems”.

The report said that when CYBOCREW was asked how it acquired the extensive dataset, the group
“asserted obtaining the data through undisclosed asset work within law enforcement channels”.

“This opaque explanation prompts a critical examination into the legitimacy and ethical consid erations
surrounding the actor’s access to highly sensitive information,” the company said. “Further scrutiny is
warranted to validate the veracity of the claim and assess the potential implications of such data sourcing
practices.”

The report also raised alarms about the significant risks due to such leaks and said that it could be used
for “sophisticated ransomware attacks or data exfiltration”.

In December, Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar
said that there have been 165 breaches of data of Indian citizens between January 2018 and October
2023.[3]

c. UK and allies sanctions Russian cyber hacker

The UK, US and Australia have sanctioned a Russia-based cyber hacker in coordinated action aimed at
cracking down on international cyber crime.
 Figure 8 : UK and allies sanctions Russian cyber hacker

The UK, US and Australia have today (Tuesday 23 January) sanctioned a Russia-based cyber hacker in the
latest wave of coordinated action aimed at cracking down on international cyber crime.

Today’s sanctions target Russian national Aleksandr Ermakov who has been identified by the Australian
Signals Directorate and Australian Federal Police along with international partners as a key actor in the
Australia Medibank cyber attack in 2022.

The attack, largely considered one of the worst cyber incidents in Australia’s history saw 9.7 million
customers’ records, containing medical and personal data, and data on over 480,000 health claims leaked
on the dark web.

The data leaked contained highly sensitive medical information about individuals’ treatment, including
records on mental health, sexual health and drug use.

Today’s measures will hold the individual responsible for this atrociou s attack accountable. Ermakov will
now be subject to a series of asset freezes and travel bans.

The UK has sanctioned Aleksandr Ermakov as part of our wider commitment to cracking down on malicious
cyber activity and working with our international partners to promote international security and stability
in cyberspace.
4. Discuss the consequences of this breach
The consequences of information security violations can be very serious and can affect individual s,
organizations and society as follows:

• Data loss and financial loss: In the case of ransomware attacks or other data breaches, financial
losses can be huge. The loss of important data or personal information can lead to financial and
reputational consequences for the organization.
• Loss of reputation and brand: Organizations and businesses are affected by loss of reputation and
brand due to the disclosure of personal or confidential information, especially if they fail to meet
the trust of their customers in protecting their data.
• Legal risks: Information security breaches can lead to legal consequences, including facing legal
action, fines and lawsuits from affected parties.
• Loss of operations: In some cases, cyber attacks can disrupt an organization's business or service
operations, causing major economic loss and affecting its ability to deliver. service for customers.
• National security risk: Particularly complex and sophisticated cyber attacks can threaten national
security, including the disclosure of military or national intelligence information, or cause the loss
of in terms of nuclear, grid power, or infrastructure management systems.
• Impact on individuals and society: Loss of personal information can have significant consequences
for individuals, including loss of account security, financial fraud, or other consequences such as
assassination honor or unemployment.

To minimize the consequences of information security breaches, organizations need to implement

effective security measures, train employees on cybersecurity, and comply with security regulations and
standards. international network.

5. Suggest solutions to organizations

Implement a comprehensive cybersecurity strategy: Develop and implement a comprehensive
cybersecurity strategy, including identifying, assessing and managin g information security risks, as well as
establishing policies policies and procedures to protect systems and data.

Invest in modern security technology: Use advanced security technologies such as firewalls, data
encryption, intrusion detection systems (IDS), and malware prevention systems to prevent attacks.
network and protect the system from risks.

Training and raising security awareness for employees: Organizations need to train employees on the risks
and prevention measures of cyber attacks, as well as promote information security awareness in all their
activities. .
Periodic audits and assessments: Conduct periodic cybersecurity audits and risk assessments to ensure
that security measures are implemented effectively and that the organization has the ability to respond
quickly to incidents. new threats.

Partner and vendor management and monitoring: Ensure that the organization's vendors and partners
comply with cybersecurity standards and provide security measures that are strong enough to protect
critical information organization's.

Incident prevention and recovery planning: Develop a detailed prevention and recovery plan so the
organization can quickly respond to and recover from cyber attacks and security incidents.

Compliance with cybersecurity regulations and standards: Ensure that the organization complies with
international cybersecurity regulations and standards such as GDPR, PCI DSS, or ISO/IEC 27001 to protect
data and comply with regulatory requirements. Legal requirements.

P2 Describe at least 3 organizational security procedures.

1. Definition
A security procedure is a set sequence of necessary activities that performs a specific security task or
function. Procedures are normally designed as a series of steps to be followed as a consistent and
repetitive approach or cycle to accomplish an end result. Once implemented, security procedures provide
a set of established actions for conducting the security affairs of the organization, which will facilitate
training, process auditing, and process improvement. - The purpose of security procedures is to ensure
consistency in the implementation of a security control or execution of a security relevant business
process. They are to be followed each time the control needs to be implemented or the security relevant
business process followed. In addition, security procedures also guide the individual executing the
procedure to an expected outcome.

2. Organizational security procedures

a. Password Management

This procedure outlines the creation, usage, and storage of strong passwords for accessing organizational
systems and accounts.

It typically includes:

• Minimum password complexity requirements: Enforcing a minimum length, character variety

(uppercase, lowercase, numbers, symbols), and password history to prevent reuse of recent
passwords.
 • Regular password changes: Requiring users to update their passwords periodically to reduce the
risk of unauthorized access if a password is compromised.
• Prohibition of password sharing: Emphasizing the importance of individual accountability for login
credentials and the dangers of sharing them with others.
• Use of password managers: Encouraging the use of secure password management tools to store
and manage complex passwords effectively.

Figure 9 : Password Management

b. Access Control

This procedure defines who has access to specific systems, data, and resources within the organization.

It involves:

• User authentication: Implementing mechanisms like multi-factor authentication (MFA) to verify a

user's identity beyond just usernames and passwords.
• Least privilege principle: Granting users only the minimum level of access necessary to perform
their assigned tasks, reducing the potential damage if their credentials are compromised .
• Regular review of access privileges: Periodically reviewing user access to ensure it remains
appropriate and aligned with their current roles and responsibilities.
 Figure 10 : Access Control

c. Incident Response

This procedure outlines the steps to take when a security incident, such as a data breach or cyberattack,
occurs.

It includes :

• Detection and reporting of incidents: Establishing clear channels for employees to report suspicious
activity or potential security breaches.
• Investigation and containment: Defining a process to investigate the incident, determine its scope
and impact, and contain the threat to prevent further damage.
• Eradication and recovery: Taking steps to remove the threat from the system and restore affected
systems and data to a functional state.
• Communication and learning: Communicating the incident to relevant stakeholders and learning
from the experience to improve future security posture.
 Figure 11 : Incident Response

P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and VPN.

1. Discuss briefly firewall and policies, its usage and advantages in a network.
a. Definition

Firewall is also known in English as Firewall, this is a familiar specialized term in computer network
technology. It is a hardware or software tool, or possibly both, integrated into the system to prevent
unauthorized access, prevent virus intrusion... ensuring that internal information sources are always
protected. full. In the shortest and easiest way to understand, a Firewall is the security boundary between
the inside and outside of a computer network system. The birth of a Firewall plays an essential role fo r any
computer with a system. connected to the internet, as it will help manage what is allowed on the network
and what is allowed out of the network. Having such a “gatekeeper” to monitor how everything happens
is extremely important.
 Figure 12 : Definition Firewall

b. There are several types of Firewalls

Personal firewall

• This type is designed to protect the computer against unauthorized access from the outside.
Personal Firewall also integrates useful features such as monitoring anti-virus software and anti-
intrusion software to keep data safe.
• Some popular Personal Firewalls include: Microsoft Internet connection firewall, Symantec
personal firewall, Cisco Security Agent...
• This type of firewall will be more suitable for individuals because they usually only need to protect
their computers. Firewalls are often built into laptops, PCs, etc.

Network Firewalls

• Designed to protect network hosts against outside attacks. We have Appliance-Based network
Firewalls such as Cisco PIX, Nokia firewalls, Symantec's Enterprise Firewall, Juniper NetScreen
firewall, Cisco ASA. Or some examples of Software-Base firewalls include Check Point's Firewall,
Linux-based IPTables, Microsoft ISA Server .
 • The difference between these two types of firewalls is the number of hosts that the firewall is
responsible for protecting. Please keep in mind that Personal firewall can only protect a single
computer. As for Network firewall, it is different, it can protect an entire computer network system.

c. How does a firewall work?

Basically, a Firewall is a shield between your computer and the Internet, like a security guard that helps
you escape from enemies who want to attack you. When a Firewall is active, it can deny or allow network
traffic between devices based on the rules that have been configured or installed by a firewall
administrator.

There are many personal firewalls like Windows firewall that operate on a set of pre-installed settings.
Thus, users do not need to worry about how to configure the firewall. But in a large network, configuring
a firewall is extremely important to avoid possible threats in the network.

d. Benefits of firewalls

- Enhanced Security:

• Blocks unauthorized access: Firewalls act as a barrier, preventing unauthorized users, devices, or
malware from infiltrating your network and potentially causing harm.
• Shields against cyberattacks: By filtering and blocking malicious traffic, firewalls significantly reduce
the risk of cyberattacks like phishing attempts, malware intrusions, and data breaches.
• Protects from data breaches: By controlling data flow, firewalls help prevent sensitive information
from being leaked or accessed by unauthorized individuals.

- Improved Network Control:

• Limits internet usage: Firewalls can be configured to restrict access to specific websites or
applications, promoting responsible internet usage and potentially enhancing productivity.
• Enforces access control: By defining access rules, firewalls dictate which devices and users can
access specific resources within the network, preventing unauthorized modification or misuse.
• Manages bandwidth allocation: Firewalls can help optimize network performance by regulating
bandwidth usage, ensuring critical applications have sufficient resources to function smoothly.

- Increased Visibility and Monitoring:

• Tracks network activity: Firewalls log network traffic, providing valuable insights into data flow
patterns and potential security concerns.
• Detects suspicious activity: By analyzing traffic logs, firewalls can help identify anomalies and
suspicious activity, enabling timely intervention to mitigate potential threats.
 • Simplifies security management: Firewalls offer centralized management tools, allowing
administrators to configure, monitor, and maintain security policies efficiently

e. Firewall Policy, Firewall Usage

Firewall Policy

• Packet filtering: Determines packets allowed in and out of the network based on IP address, port,
protocol and other criteria.
• NAT Rules: Translates internal IP addresses into public IP addresses for Internet access.
• Network segmentation: Divide the network into separate areas with different levels of security.

Firewall Usage

• Configure rules: Define rules that allow or block traffic based on specific network needs.
• Regular updates: Update software and virus signature database to protect against new threats.
• Activity monitoring: Monitor firewall logs to detect suspicious activities and unauthorized access.

2. How does a firewall provides a security to a network

Filtering :

Firewalls analyze each data packet, similar to checking an ID, based on pre-defined rules and criteria. These
criteria can include:

• Source and destination IP addresses: Identifying who sent the data and where it's intended to go.
• Port numbers: Recognizing the specific type of communication (e.g., web browsing, email).
• Protocols: Determining the communication language used (e.g., HTTP, HTTPS).

Based on these criteria, the firewall decides whether to:

• Allow: If the data adheres to the security rules, the firewall permits it to pass through, ensuring
smooth communication for legitimate activities.
• Block: If the data appears suspicious or violates the rules (e.g., originating from a known malicious
source or attempting unauthorized access), the firewall blocks it, preventing potential harm to the
network.

Access Control:

Firewalls can implement access control mechanisms by defining who can access specific resources within
the network. This helps:
 • Restrict unauthorized access: Only authorized users and devices with proper credentials can access
designated resources, preventing unauthorized individuals from infiltrating the network.
• Segment the network: Firewalls can be used to create separate network segments, isolating
sensitive areas like financial data or internal servers from other parts of the network, minimizing
the potential damage if a breach occurs in one segment.

Additional Security Features:

Modern firewalls often incorporate additional features to further enhance network security:

• Deep packet inspection: Goes beyond basic packet analysis, examining the actual content of the
data packets to identify hidden threats like malware or malicious code.
• Application control: Allows granular control over specific applications and their network access,
providing more comprehensive protection against vulnerabilities specific to certain applications.
• Intrusion prevention systems (IPS): These work in conjunction with firewalls to actively identify and
block malicious activities like denial-of-service attacks or unauthorized attempts to access network
resources.

3. Show with diagrams the example of how firewall works

Figure 13 : diagrams the example of how firewall works

Diagrammatic explanation of how a firewall works

- Intranet

The area protected by the firewall, including devices such as computers, printers, servers, phones, etc.

The hard drive icon represents sensitive data and information stored on the internal network.

- External network

Represents the internet or any other network outside the internal network.

The globe symbol symbolizes the vast and diverse connections of the internet.

- Firewall

The security system acts as a "gatekeeper", controlling traffic between the internal network and the
external network.

The "wall" icon represents the ability to protect and prevent unauthorized access.

- Packet

Units of data transmitted over a network, represented by moving arrows.

Packets may include access requests, data sent, or responses received.

- Firewall rules

A set of rules is defined on the firewall to determine the action for each packet.

The "document" icon represents a set of rules configured according to security requirements.

- Submit request

A device on a local network (for example, a computer) sends an access request to a service or website on
the internet.

The request is packaged into packets and sent to the firewall.

- Check and compare

The firewall examines each packet based on defined rules.

Rules include information such as source/destination IP addresses, ports, protocols, etc.

- Allow or block

If the packet matches the allowed rules, it is allowed to pass through the firewall and reach the internet.

If the packet does not conform to any of the rules, or violates a security rule, it is blocked and not a llowed
to pass through.

- Logging

Firewalls record information about packets processed, including time, IP address, action taken
(allow/block), etc.

Logs help monitor network activity and assist in identifying and resolving security issues.

4. Define VPN, its usage, and show it with diagrams examplesa.

a.What is a VPN service?

VPN is Virtual Private Network, translated as virtual private network, a technology that allows users to
establish a virtual private network with another network on the Internet.

VPNs are used to transmit data securely and anonymously, protecting web browsing activity over public
networks. Through VPN, users can access websites that are geographically blocked from access.

VPNs work by hiding the user's IP address and encrypting data so that only those authorized to receive the
data can read it. VPN will forward all of your Network Traffic to the system. This system helps you access
websites remotely and bypass Internet censorship.

Figure 14 : What is a VPN service

b. How VPN Work

When your personal devices such as computers, phones, etc. are connected to a VPN virtual private
network, these devices will operate similar to a local connection network like a VPN. All network traffic
will be sent through a secure connection system to the VPN.

Your devices are operating on a virtual private network, so you are allowed to access local resources
without geographical limitations.

Besides, you can use the Internet connection as if you were present at the VPN's location. This is very
beneficial in case you are using public Wifi or want to access any geographically restricted website.

c. Advantages and Disadvantages of VPN

Advantages Disadvantages
VPN has a friendly interface, simple and easy to Depending on the type of VPN network, you may
use. encounter many corresponding obstacles in the
VPN helps secure information and encrypt process of setting up security protocols. If done
personal traffic when transmitted over the incorrectly, security will not be effective and may
Internet, thereby helping to ensure safety in even leak information.
cyberspace. During the VPN setup process, if something goes
Prevent hacker attacks. wrong, your DNS and IP addresses can easily be
Feel secure when accessing public networks, no exposed, creating favorable conditions for hackers
need to worry about data theft to penetrate and steal information.
Access restricted websites anywhere, anytime and To ensure maximum safety when using VPN
your device will stay anonymous. technology, you will need to pay an additional fee
instead of using the free version.
Table 1 : Advantages and Disadvantages of VPN

d. Example diagram

Table 2 : Example diagram VNP

Image illustrates a home network with routers, servers, and computers. The network is divided into two
parts: the home network and the VPN network.

Home network includes:

• The two computers have IP addresses 192.168.1.100 and 192.168.1.101.

• A router has IP address 192.168.1.1.

VPN network includes:

• Two VPN users with IP addresses 10.1.1.10 and 10.1.1.11.

• A VPN router with IP address 10.1.2.1.

A home router connects the home network to the internet. A VPN router connects the VPN network to
the internet.

VPN networks are used to secure the internet connection of VPN users. When VPN users connect to a VPN
network, their internet traffic is encrypted and routed through the VPN router. This helps protect their
internet traffic from being tracked or stolen.

Home network

A home network is a local area network used by devices in the home. Devices on a home network can
connect to each other and to the internet.

A home router is a device that connects a home network to the internet. Home routers also assign IP
addresses to devices on the home network.

VPN network

A VPN network is a virtual private network used to secure a user's internet connection. When VPN users
connect to a VPN network, their internet traffic is encrypted and routed through the VPN router. This helps
protect their internet traffic from being tracked or stolen.

A VPN router is a device that connects a VPN network to the internet. VPN routers also assign IP addresses
to VPN users.
5. Write down the potential impact(Threat-Risk) of FIREWALL and IDS incorrect configuration to the
network.
a. Write down the potential impact(Threat-Risk) of FIREWALL

Increased network vulnerabilities:

Unwanted access: Incorrect firewall rules can allow unauthorized access to sensitive resources within the
network, putting them at risk of theft, manipulation, or destruction.

Exposure to malware: Improper configuration can leave vulnerabilities unblocked, allowing malware such
as viruses, worms, or ransomware to enter the network and cause disruption widespread.

Data breaches: Accidentally allowing access to sensitive data through misconfigured rules can lead to data
breaches, compromise of confidential information, and potentially cause financial loss. financial or
reputational damage.

Reduced network performance:

Overly restrictive rules: Overly restrictive firewall rules can block legitimate traffic, hindering normal
network operations and user productivity. This can lead to frustration and inefficiency for authorized
users.

Resource depletion: Complex or poorly optimized firewall configurations can consume too many system
resources, impacting overall network performance and potentially causing delays or disruptions.

Operational challenges:

Management complexity: Difficulty managing and maintaining complex firewall configurations can lead to
human error and inconsistency, further increasing security risks.

Limited visibility: Inadequate logging or monitoring can make it difficult to detect and investigate
suspicious activities, potentially delaying response to security incidents.

b. and IDS incorrect configuration to the network.

Missed threats

Inadequate signature updates: Failure to regularly update the IDS signature database can leave the system
vulnerable to new and emerging threats, causing them to evade detection.

False negatives: Incorrect configuration or incomplete tuning can cause an IDS to miss real threats, leaving
the network exposed and vulnerable to attack.

False positive results

Settings that are too sensitive: An IDS that is too sensitive can produce many false positives, causing
security personnel to send alerts about non-threatening events. This can lead to alert fatigue and
potentially hinder the timely identification of real threats.

**wasted resources:** Investigating and responding to many false positives can consume valuable time
and resources, leaving them unable to address real security concerns.

Obstacles in operations

Over-monitoring: Monitoring too much data or using overly complex detection techniques can overload
the IDS, impacting IDS performance and potentially leading to missed alerts.

Limited integration: Poor integration with other security tools can hinder the sharing of important
information, making it difficult to gain a comprehensive view of the network's security posture.

P4.Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can
improve Network Security

1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage
a.Definition of DMZ

What is DMZ? To explain this concept, in the field of information technology, DMZ is a neutral network
area between the internal network and the Internet. The role of DMZ is to enhance system security and
minimize risks from cyber attacks.

In a network system, DMZ is often used to place servers such as web servers, mail servers or other
applications that can be accessed from the Internet. These servers are placed in the DMZ to ensure that
external attacks can only impact the DMZ and cannot reach internal servers within the internal network.

Figure 15 : Definition of DMZ

b. The importance of DMZ

Deploy online services: DMZ allows deploying online services such as websites, email, FTP, etc. without
affecting the internal network. These services are located in the DMZ and only allow access from outside
via the Internet, minimizing risks to the internal network system.

Network protection: DMZ helps protect the network from outside attacks. A DMZ firewall helps control
network traffic accessing services and applications located in the DMZ, allowing only accepted connections
and blocking malicious connections.

Providing services to partners and customers: DMZ provides a secure environment to provide services to
partners and customers remotely. Services are located in a DMZ and controlled by a firewall to ensure that
only legitimate connections are allowed access.

Access management: DMZ allows access to services and applications to be manage d from the outside.
Administrators can configure the DMZ firewall to control access to services and applications, allow only
specific connections, and block malicious connections.

c. Structure of DMZ

DMZ Server: Is a server located in the DMZ and contains services or applications that can be accessed from
the Internet such as Web Server, Mail Server, DNS Server, and many other services. However, these servers
are only allowed to access the internal network in case of necessity.

DMZ firewall: A firewall placed on the DMZ, with the function of filtering packets entering and exiting the
DMZ to ensure that only valid and authorized packets are transmitted. The firewall in the DMZ network is
configured to only allow specified connections to be established between hosts in the DMZ and hosts on
the internal network.

Security server: A server located on the internal network, with the role of monitoring and managing
activities on the DMZ. Security servers are often installed with security event management (SIEM) software
and log analysis systems to monitor activities on the DMZ and detect potential threats. Additionally, the
security server can be configured to send alerts to administrators as soon as it detects attacks that have
passed through the DMZ's firewall.
 Figure 16 : Structure of DMZ

DMZ has two common architectural styles today:

Single firewall: DMZ with single firewall design requires three or more network interfaces. The first is the
external network, which connects the public internet connection to the firewall. The second network
forms the internal network, while the third network is connected to the DMZ. Various rules monitor and
control traffic allowed to access the DMZ and restrict connections to the internal network.

Dual Firewalls: Deploying two firewalls with a DMZ between them is often a more secure option. The first
firewall only allows external traffic to the DMZ, and the second firewall only allows traffic to go from the
DMZ into the internal network. An attacker would have to compromise both firewalls to gain access to the
organization's LAN.

d. How does a DMZ work

The DMZ acts as a buffer zone between the public internet and the private network. The DMZ subnet is
deployed between two firewalls. All incoming network packets are then screened by a firewall or other
security device before they reach the servers stored in the DMZ.

If hacker attacks get past the firewall first, they must gain unauthorized access to services within the DMZ
before they can cause any damage to the internal network. Finally, in case the services in the DMZ are
successfully penetrated, hackers still have to overcome the final firewall of the internal network before
being able to access sensitive business resources or data.

Attackers can attack the most secure DMZ architecture. However, once an attack takes place, an alarm
will be activated and security experts will be notified to promptly prevent the attacks.
To explain simply, the way a DMZ works is to use Mail, Web servers and Firewalls to isolate services and
applications accessed from the Internet and keep the internal network secure. It helps prevent cyber
attacks and minimize risks to the network system.

e. Advantages and disadvantages of DMZ

Advantages Disadvantages
Enhanced security: DMZ creates an additional Complexity: Setting up and managing a DMZ can
layer of security for internal networks by isolating be complex and requires network and security
publicly accessible services from critical systems. expertise.
Access Control: DMZ allows granular control of
access to services, helping to protect against Cost: Deploying and maintaining a DMZ can be
unauthorized access. expensive due to requiring additional hardware,
software, and expertise.
Flexibility: DMZ allows organizations to deploy
new services without compromising the security of Risk of attack: DMZ can become an attractive
the internal network. target for cyber attacks.

Scalability: DMZ can be easily expanded to meet Performance issues: DMZs can impact network
the needs of the organization. performance because traffic must pass through
multiple layers of security.
Table 3 : Advantages and disadvantages of DMZ

2. Define and discuss with the aid of a diagram static IP focus on usage and security function as
advantage
a. Definition IP

Static IP (also known as static IP), this is a fixed IP address reserved for a person or group of users whose
devices connected to the Internet are always assigned an IP address. Usually a static IP is given to a server
with a specific purpose such as a web server, mail server, etc. so that many people can access it without
interrupting those processes.

Figure 17 : Definition IP
b. The importance of static IP

Remote access and server storage:

• Reliable connection: Static IP enables consistent remote access to devices such as servers, security
cameras or home automation systems. You can connect from anywhere to the internet without
having to re-establish the connection every time the IP changes.
• Server Management: Static IP is important for hosting web server, email server or any server
application. They allow users to easily find your server using a Domain Name System (DNS) service
that associates domain names with static IP addresses.

Business applications:

• VPN Connectivity: Static IP simplifies setting up and managing a Virtual Private Network (VPN) for
secure remote access to the corporate network. Employees can always connect to the same IP
address for a seamless experience.
• Business Continuity: Static IP ensures consistent communication with business partners or
suppliers that rely on specific IP addresses for data exchange or collaboration tools.

Advanced network and security:

• Port forwarding: Static IP is needed to configure port forwarding, which allows external devices to
access specific services running on your network (e.g. gaming servers, security cameras) .
• Firewall Rules: Static IP simplifies creating firewall rules to control incoming and outgoing traffic
for specific devices on your network.

In short, static IP provides:

• Reliability: Consistent IP addresses ensure consistent connections for remote access and server
management.
• Control: You have more control over how your device interacts with the internet.
• Security: Static IP can increase security by simplifying firewall configuration and allowing secure
remote access.

c. Advantages and disadvantages of static IP

Advantages Disadvantages
A static IP address will make connections faster The first disadvantage that static IP has is that you
because users do not need to re-assign a new IP. have to configure the devices manually. Servers
To put it more simply, a static IP is similar to an and remote access require you to set up the
email or home address, it will not change, making correct IP and router to communicate with that
communication and use convenient.
 Static IP is very suitable for environments that use address. Meanwhile, for dynamic IP, just plug in
many computers, business fax machines or cafe the router and it will issue a dynamic IP via DHCP.
systems. It will minimize the risks of data loss.
Static IP will help computers work together more The second disadvantage is that the security of a
stably. For example, if the company has set up a static IP will not be equal to that of a dynamic IP.
static IP, the machines in the company will connect Since it never changes, hackers have time to find
to that IP to be able to fax and print easily. For vulnerabilities more easily. Dynamic IPs that
dynamic IP, when the server starts, the IP will constantly change will make it difficult for hackers.
change. This causes connections to become
interrupted and you have to reset the IP for each
device, which is very time-consuming.
Not only that, static IP also helps companies use
cameras and fax machines to monitor from
outside.
Table 4 : Advantages and disadvantages of static IP

3. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage
a. Definition of NAT

NAT (Network Address Translation) est une technique qui permet la conversion d'une adresse IP vers une
autre adresse IP. Normalement, NAT est couramment utilisé dans les réseaux utilisant des adresses locales,
nécessitant un accès au réseau public (Internet). L'emplacement où NAT est implémenté est le routeur
frontalier reliant les deux réseaux.

Figure 18 : Definition of NAT

b. Classement NAT

Static NAT - Static NAT

Static NAT, also known as Static NAT, is a one-to-one NAT method. This means that a fixed IP address in
the LAN will be mapped to a fixed Public IP address before the packet goes out to the Internet. This method
is not intended to save IP addresses but only to map an IP in the LAN to a Public IP to hide the source IP
before going out to the Internet, reducing the risk of online attacks.

This technique is often used to convert from one IP address to another on a permanent basis, and usually
from a private address to a public address. This entire process is set up manually, IP addresses are statically
mapped to each other through configuration commands.

Dynamic NAT - Dynamic NAT

NAT is performed automatically. On the Router, the administrator configures a list of internal addresses
that need to go out to the Internet and a list of external addresses that represent internal addresses. Next,
the administrator configures the Router NAT request from the internal list to the external list. The Router's
NAT table will not have any pre-created NAT information lines, but NAT information lines will only be
created when a packet arrives at the Router to the Internet.

Dynamic NAT is more complicated than Static, they must store connection information and even find TCP
information in the packet. Due to its higher level of complexity, Dynamic NAT is only used instead of Static
NAT for security purposes. Outsiders cannot find out the IP connected to the specified host because at the
next moment this host may receive a completely different IP.

NAT Overload - PAT

NAT Overload - PAT is the most used solution, especially in ADSL Modems, this is a solution that brings
both advantages of NAT: hiding the IP address in the internal network system before the packet goes out.
Integra aims to minimize the risk of cyber attacks and save IP address space. PAT essentially combines the
Public IP and port number before going out to the Internet. At this time, each IP in the LAN when going
out to the Internet will be mapped to a Public IP combined with the port number.

c. What is the mission of NAT?

Generally, the border router is configured for NAT i.e the router which has one interface in the local (inside)
network and one interface in the global (outside) network. When a packet traverses outside the local
(inside) network, then NAT converts that local (private) IP address to a global (public) IP address.

When a packet enters the local network, the global (public) IP address is converted to a local (private) IP
address. If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will
be dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the destination
is sent. sent.

d. Advantages and disadvantages of NAT

Advantages Disadvantages
Save IP addresses: NAT helps save IP addresses, Reduced performance: NAT can reduce network
especially IPv4 addresses that are gradually performance because IP address translation
running out. By using one public IP address for requires additional processing time.
multiple devices, NAT helps minimize the need for
IP addresses. Difficulty in remote access: NAT can make it
difficult to access devices on the LAN remotely,
Security: NAT helps secure LAN networks by hiding especially when using applications that require a
the real IP addresses of devices inside the network direct connection.
from the internet. This helps minimize the risk of
cyber attacks. Compatibility: NAT may not be compatible with
some applications and services.
Easy Management: NAT simplifies LAN
management by configuring only one public IP
address for the entire network.
Table 5 : Advantages and disadvantages of NAT

M2.Propose a method to assess and treat IT security risks.

1. Discuss methods required to assess it security threat? E.g. Monitoring tools

a.Below are the detailed steps to perform a cybersecurity threat assessment

Identify assets:

• Identify all of the organization's information assets, including:

• Data: confidential data, sensitive data, financial data, customer data, etc.
• System: servers, computers, network devices, mobile devices, etc.
• Applications: web applications, mobile applications, internal applications, etc.
• Network infrastructure: LAN, WAN, VPN, etc.

Vulnerability analysis:

Use automated vulnerability scanning tools or manual assessments to identify security vulnerabilities in
assets.

Some common types of vulnerabilities include:

 • Software vulnerabilities: errors in software that can be exploited by attackers.
• Configuration Vulnerabilities: Misconfigured configurations can create security vulnerabilities.
• Human vulnerability: human error can lead to data leaks or cyber attacks.

Assess the threat level:

• Identify potential threats that could affect assets.

• Some common types of threats include:
• Cyber attacks: phishing attacks, malware attacks, DDoS attacks, etc.
• Internal discrimination: employees intentionally or unintentionally cause harm to the organization.
• Natural disasters and disasters: fires, floods, earthquakes, etc.

Impact analysis:

• Assess the impact of threats on assets.

• The following factors should be considered:
• Incident severity: the extent of the incident's impact on the organization's business operations.
• Likelihood of an incident: the possibility of an incident occurring in the future.

Plan to minimize risks:

• Based on the assessment results, create a risk mitigation plan including prevention, detection and
response measures.
• Some common preventative measures include:
• Install security software: antivirus, firewall, intrusion detection system, etc.
• Cyber security awareness training for employees.
• Identify and implement access controls.

b. E.g. Monitoring tools

Intrusion detection system (IDS)

IDS monitors networks and systems to detect suspicious activity that could be a sign of a cyberattack. IDS
can be classified into two main types:

• Network-based IDS: Monitor network traffic to detect malicious activities.

• Host-based IDS: Monitors activities on servers and computers to detect signs of attack.

Intrusion prevention system (IPS)

IPS works similarly to IDS, but has the ability to prevent malicious activities before they happen. IPS can be
classified into two main types:
 • Network-based IPS: Prevents malicious network traffic.
• Host-based IPS: Prevents malicious activities on servers and computers.

Security information and event management system (SIEM)

SIEM collects and analyzes security logs from a variety of sources to give organizations a comprehensive
view of their security posture. SIEM can help organizations:

• Detect threats earlier.

• Investigate security incidents more effectively.
• Comply with security regulations.

Security Orchestration, Automation and Response (SOAR) system

SOAR automates incident response processes to help organizations respond more quickly and effectively
to cybersecurity threats. SOAR can help organizations:

• Reduce the time needed to respond to security incidents.

• Minimize the impact of security incidents.
• Improve defense against cyber security threats.

c. The problem of monitoring tools

ABC Company is a large company with more than 1000 employees and uses many different networks and
applications. Company management is concerned about the risk of cyber attacks and wants to strengthen
the company's security capabilities.

Request:

• Choose the right monitoring tools to protect your company's network and applications.
• Deploy and configure selected monitoring tools.
• Train employees on how to use monitoring tools.
• Monitor and analyze alerts generated by monitoring tools.

Select monitoring tool:

• IDS/IPS: Monitors networks and systems to detect malicious activities.

• SIEM: Collect and analyze security logs from various sources.
• SOAR: Automate incident response processes.

Deployment and configuration:

 • Install and configure monitoring tools according to vendor instructions.
• Identify appropriate rules and alerts.
• Integrate monitoring tools with other company security systems.

Monitor and analyze:

• Monitor and analyze alerts generated by monitoring tools.

• Investigate security incidents and implement remedial measures.
• Update rules and alerts based on new threats.

2. What are the current weakness or threat of the organization ?

Based on the scenario of ABC Company, here are some current weaknesses or threats to their organization:
Weaknesses:
• Lack of security measures: The scenario mentioned their concerns about potential cyber-attacks,
implying a lack of existing security measures. This can include missing firewalls, outdated software,
or insecure configurations.
• Large attack surface: With over 1000 employees and a diverse network, ABC Company provides a
large attack surface for hackers to exploit. More devices and systems increase the number of
potential entry points.
• Limited security awareness: The need for employee training reveals potential weaknesses in
employee security awareness. Unaware employees can fall for scams or click on malicious links,
unintentionally compromising company security.
Threats:
• Cyberattacks: The most prominent threat is cyberattacks, including malware, ransomware, data
breaches, and denial of service attacks. These can disrupt operations, steal sensitive data, or cause
financial loss.
• Advanced persistent threats (APT): These targeted attacks by skilled attackers pose a significant
threat. APTs can infiltrate networks, remain undetected for long periods of time, and steal valuable
data.
• Social engineering: Social engineering tactics such as phishing emails or phone phishing can trick
employees into revealing sensitive information or granting access to systems.
• Insider threats: Disgruntled employees or those with high access privileges can pose a threat by
intentionally stealing data, sabotaging systems, or selling confidential information.

3. What tools will you propose to treat the IT security risk?

a. Detection and prevention
Security information and event management (SIEM): Tools like Splunk, Elastic SIEM, or Sumo Logic can
centrally collect and analyze security logs from firewalls, IDS/IPS, endpoints, and other sources. This
enables comprehensive threat detection and investigation.
Intrusion detection/prevention system (IDS/IPS): Snort or Suricata are open source options for network-
based IDS/IPS, while Cisco Security and McAfee offer commercial solutions. These tools monitor network
traffic for suspicious activity and can detect or block potential attacks.

b. Endpoint protection:

Anti-virus and anti-malware: Crowdstrike Falcon or SentinelOne are some Endpoint Detection and
Response (EDR) solutions that go beyond traditional antivirus software by providing real -time threat
monitoring and hunting capabilities.

c. Vulnerability management:

Nessus or OpenVAS: These open source vulnerability scanners can identify security weaknesses in
operating systems, applications, and network devices.

Quality or rentability:These commercial vulnerability management platforms offer more features,

including automated patching and remediation.

d. Security Orchestration, Automation and Response (SOAR):

apid7 InsightConnect or Palo Alto Networks Cortex XSOAR : These SOAR platforms automate repetitive
security tasks such as incident response processes, streamlining processes and minimizing human error.

M1.Discuss three benefits to implement network monitoring systems with supporting reasons

1. List some of the networking monitoring devices and discuss each.

a.Router

A router is a networking device that forwards data packets between computer networks. Types of routers
perform traffic directing functions on the Internet. A data packet is typically forwarded from one router to
another through the networks that constitute an internal network until it reaches its destination node.

A router is connected to two or more data lines from different networks. When a data packet arrives on
one of the streams, the router reads the network address information in the packet to determine the final
destination. Then, using the information in its routing table or routing policy, it directs the data packet to
the next network on its journey.
There are three main devices that work to connect one computer to another. A network hub, network
switch, and router can perform this function. It can sometimes be confusing trying to figure out what
device is currently in use on a computer network without knowing which device is active.

Figure 19 : Router

How do routers work?

We will introduce how routers work, the router routing table and the IP router routing section

So, how does a router work? Well, before we get into that you should know the basics of IP addresses,
subnet masks, and default gateways before continuing.

b.Switch

A network switch or switch is a network device used to forward data between devices such as computers
and printers in a LAN or from a LAN to a WAN network.

In the OSI network model, the Switch mainly operates at layer 2 (Data Link layer) and is an important
device used to connect network segments together according to the star network model. The switch acts
as a central device, all computers are connected here in a network system. Switch can be compared to a
moderator and news distributor in the network system with the following two characteristics:
Data censorship: Switch based on the MAC address of the devices. When data is sent, the target device's
MAC address is attached, just like the address on a delivery parcel. The switch only forwards data to the
destination (output port) based on known address information, refusing to forward invalid data.

Data distribution: Switch distributes data from one source to many different destinations based on the
MAC address table. Accordingly, the switch knows which device is on which port number to route data to
the correct output port and ensure that information is only sent to the appropriate destination device.
This also avoids network data conflicts and transmits data faster and more accurately.

In addition, the Switch can also operate at layer 3 of the OSI model, at this layer the switch has additional
routing features like a Router. Switches are now used to route traffic between subnets in a more complex
network.

Figure 20 : Switch

Switch function in the network

The main purpose of using a network switch is to expand the network. Assuming you have a router with 5
connection ports, you will only be able to connect to a maximum of 5 comp uters. However, if you use a
24-port Switch connected to the Router for expansion, you can connect to 24 computers using the Switch
and add 4 free ports from the Router. So there are 28 devices in total.
This is just a simple example. Switch usage can be divided into different tiers and layers to scale for complex
networks.

In addition, the Switch also allows you to manage data and forward data more efficiently and intelligently.
Switch features such as VLAN, QoS, DHCP, STP, VTP,... will help users manage traffic, distribute and secure
data streams effectively.

c.Monitoring Server

What does VTOC's Network Monitoring service do?

With VTOC's network monitoring service, you can monitor and manage all of your business's systems,
devices, traffic and applications simply and effectively across your entire IT infrastructure.

With leading network monitoring technology PRTG, Solarwinds, ManageEngine, Icinga, Cacti, Zabbix...
helps accurately identify incidents and automatically warn to reduce system error rates. With VTOC's
network monitoring service, you can monitor and manage all of your business's systems, devices, traffic
and applications in a simple, effective way.

Figure 21 : Monitoring Server

2. Why do you need to monitor network

Preventive maintenance: Think of your network as a car. You wouldn't wait for the engine to stall before
checking the oil, right? Network monitoring works like an audit, identifying potential problems before they
cause outages or slowdowns. This proactive approach saves you time, money and frustration compared
to reactive troubleshooting after an incident disrupts operations.
Improved performance: Network monitoring gives you a clear picture of how your network is performing.
You can see bottlenecks, identify underutilized resources, and optimize configurations to ensure smooth
operations. This means faster load times, better app responsiveness, and a more efficient user experience.

Advanced security: Network monitoring helps you stay ahead of security threats. By monitoring traffic
patterns and device activity, you can detect suspicious behavior such as unauthorized access attempts,
malware infections, or unusual data transfers. Early detection allows you to take quick action to mitigate
threats and protect your network from cyberattacks that could compromise sensitive data.

Effective troubleshooting: When network problems arise, network monitoring provides valuable data to
quickly identify the source of the problem. Analyzing metrics and logs helps you identify root causes and
resolve issues faster, minimizing downtime and getting your network back online efficiently.

Capacity planning: Network monitoring helps you understand how your network resources are being used.
You can see trends in bandwidth consumption, device load, and user activity. This data helps you plan for
future growth and ensure your network is capable of meeting growing demand.

Compliance requirements: Many industries have regulations that require organizations to monitor their
networks for security purposes. Network monitoring tools can help you meet these compliance
requirements by providing detailed audits and logs of network activity.
3. What are the benefits of monitoring a network

Preventive maintenance:

Network monitoring helps detect potential problems early before they cause disruption or slow down the
network. This proactive approach saves time, money and effort compared to fixing a problem after it
occurs.

Improve performance:

Network monitoring gives you a clear picture of your network performance. You can identify bottlenecks,
unused resources, and optimize configurations to ensure smooth operations. This results in faster load
times, better app responsiveness, and a more efficient user experience.

Enhance security:

Network monitoring helps you stay ahead of security threats. By monitoring traffic patterns and device
activity, you can detect suspicious behavior such as unauthorized access, malware infections, or unusual
data transfers. Early detection allows you to act quickly to mitigate threats and protect your network from
cyberattacks that could endanger sensitive data.

Effective troubleshooting:
When network problems occur, network monitoring provides valuable data to quickly identify the source
of the problem. Analyzing metrics and logs helps you isolate the root cause and resolve issues faster,
minimizing downtime and getting your network back to running efficiently.

Capacity planning:

Network monitoring helps you understand how your network resources are being used. You can see trends
in bandwidth consumption, device load, and user activity. This data helps you plan for future growth and
ensure your network has the capacity to handle growing demand.

Compliance requirements:

Many industries have regulations that require organizations to monitor their networks for security
purposes. Network monitoring tools can help you meet these compliance requirements by providing
detailed audits and logs of network activity.
III. Evaluation
This evaluation aims to evaluate the effectiveness of the FIS Trainee IT Security Specialist program in
equipping students with the knowledge and skills necessary to identify and assess cyber security risks.
The FIS Trainee IT Security Specialist program has proven very effective in meeting the growing market
demand for cybersecurity professionals. This is demonstrated through a number of strengths:
First, the program clearly identified the growing need for cybersecurity and the challenges facing mid -
market companies. This established a strong basis for curriculum development.
Second, the program has a strong focus on equipping students with practical knowledge and skills through
exploring tools and techniques such as vulnerability scanning and threat intelligence analysis. This practical
approach not only helps students gain a deeper understanding of the field but also helps them apply
knowledge in practice flexibly and effectively.
Third, the program has emphasized a culture of continuous learning and innovation , which is important in
the growing and constantly changing field of cybersecurity.
First is the acquisition of knowledge, which evaluates the student's understanding of key cybersecurity
concepts, threats and vulnerabilities through written tests or practical exercises.
Next, evaluate the ability to use tools and techniques to identify and assess risks through simulated
scenarios or real customer projects.
Finally, measure students' confidence in approaching security challenges through presentations or peer
reviews.
To improve the program, several suggestions were also made such as inviting guest lecturers from industry
experts, encouraging students to document their learning journey, and establishing a mentoring program
to support Support students to continuously improve and develop.
In summary, the FIS Trainee IT Security Specialist program not only meets the needs of the market but also
provides a learning and development environment for students with the necessary skills and knowledge
to become experts. Strong cybersecurity in an evolving cybersecurity landscape.
IV. Conclusion
In conclusion, our thorough examination of organizational security has illuminated the complex landscape
of security risks confronting modern organizations. We have delved into the various threats that pose a
risk to an organization's information assets, spanning from cyberattacks to internal vulnerabi lities,
underscoring the necessity for robust security measures.

Moreover, our discussion on evaluating organizational security procedures highlights the critical need for
regular assessments and updates to security protocols to adapt to evolving threats and technologies.
Effective security procedures not only mitigate risks but also enhance an organization's resilience in
challenging circumstances.

We have also discussed the potential consequences of misconfigurations in firewall policies and third -
party VPNs, emphasizing their pivotal role in safeguarding an organization's IT infrastructure. It is
imperative for organizations to allocate time and resources to ensure these configurations are optimized
for maximum security.

Finally, we explored the practicality of implementing a Demilitarized Zone (DMZ), static IP addressing, and
Network Address Translation (NAT) as strategies to bolster network security. Real-world examples have
illustrated how these measures can significantly reduce the attack surface, safeguard sensitive
information, and strengthen an organization's overall cybersecurity posture.
V. References
1. nibusinessinfo.co.uk. (2017). What is IT risk? [online] Available at:
https://www.nibusinessinfo.co.uk/content/what-it-risk.

2. Cyberark (2023). Malware Attacks. [online] CyberArk. Available at:

https://www.cyberark.com/what-is/malware/.

3. Consultant, I.G. (2024). ‘Mother of All Breaches’: 26 BILLION Records Leaked. [online] IT Governance
UK Blog. Available at:
https://www.itgovernance.co.uk/blog/mother-of-all-breaches-26-billion-records-leaked.

4. Staff, S. (2024). Aadhaar details, phone numbers of nearly 75 crore Indians put up for sale, claims
cybersecurity firm. [online] Scroll.in. Available at:
https://scroll.in/latest/1062708/aadhaar-details-phone-numbers-of-nearly-75-crore-indians-put-up-for-
sale-says-cybersecurity-firm.
VI.Slide
Slide :
https://www.canva.com/design/DAF_TWWIWU0/ZNJzp1CHWtzpdgd9gn8Vcw/edit?utm_content=DAF_
TWWIWU0&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton