Unit 5 - Assignment 1 Nguyen Phuoc Trong.docx - ASSIGNMENT...

This preview shows page 1 - 4 out of 30 pages.

ASSIGNMENT FRONT SHEET Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Nguyen Phuoc Trong Student ID GCD191107 Class GCD0808 Assessor name Dang Quang Hien Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature trong Grading grid P1 P2 P3 P4 M1 M2 D1 1
Contents Introduction: ................................................................................................................................................... 4 LO1 Assess risks to IT security ......................................................................................................................... 4 P1 Identify types of security threat to organizations ..................................................................................... 4 1. Define threats ...................................................................................................................................... 4 P2 Describe at least 3 organizational security procedures ........................................................................... 11 1. Password Procedure .......................................................................................................................... 11 2. Acceptable Use Procedure ................................................................................................................. 12 3. Access Control List Procedure ............................................................................................................ 14 P3 Identify the potential impact to IT security of incorrect configuration of firewall policies and IDS ....... 16 P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security ............................................................................................................................ 22 1. Define and discuss with the aid of a diagram DMZ focus on usage and security function as advantage ................................................................................................................................................. 23 2. Define and discuss with the aid of a diagram static IP focus on usage and security function as advantage ................................................................................................................................................. 25 3. Define and discuss with the aid of a diagram NAT focus on usage and security function as advantage ................................................................................................................................................. 26 References: ............................................................................................................................................... 30
Introduction: Cybersecurity is a set of forms, resources, devices, and systems that an organization uses to protect the privacy and keep information secure. Network protection limits your ability to view, change, and steal information from other users or organizations. Network protection is often understood as a method of detecting and fixing errors in IT networks, applications, applications, websites, ... Protect corporations from threats from hackers. LO1 Assess risks to IT security. P1 Identify types of security threat to organizations. 1. Define threats Looking in the literature, we can find several definitions of the term. Two rather short and concise can be found in documents from IETF and NIST. In RFC 4949, IETF defines a threat as A potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event that could cause harm. NIST, in SP800-160, defines it as An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss. Cyber threats are sometimes incorrectly confused with vulnerabilities. Looking at the definitions, the keyword is “potential”. The threat is not a security problem that exists in implementation or organization. Instead, it is something that can violate security. This can be compared to a vulnerability which is an actual weakness that can be exploited. The threat always exists, regardless of any countermeasures.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture