1

Security

Final Assignment

Prepared for :

Mr. Dang Quang Hien

Greenwich University Da Nang

Prepared by:

Le Vo Thang
 2

Student Name /ID Number Le Vo Thang / GCD17011

Unit Number and Title Unit : Security
Unit assessor
Assignment Title Security

Issue Date 28/10/2018

Submission Date 27/10/2018
IV Name

Date

Unit Learning Outcomes

LO1: Assess risks to IT security.
LO 2: Describe IT security solutions.
LO3: Review mechanisms to control organisational IT security.
LO4: Manage organisational security.

Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO1: Assess risks to IT security D1 (LO1 & 2)

P1
Explains what IT security is and why it
is important today. Also include who
is responsible for attacks and their
attack techniques.
P2
M1 Based on your own
personal experiences or
those of someone you know
(you may have to interview
other students or a friend),
write a paragraph regarding
a computer attack that
Security defenses should be
based on five fundamental
security principles: layering,
limiting, diversity, obscurity,
and simplicity. Analyze these
principles for the computers
that you use. Create a table
that lists the five fundamental
security principles across the

Outlines general principles that can
be used to protect valuable assets.
LO2: Describe IT security solutions
P3
Use the Internet to research some of
the different ransomware attacks that
have occurred recently. Identify at
least three attacks that are current.
What do they do? Why are they so
successful? How are they being
spread? What can users do to protect
themselves? How can ransomware
be removed from a computer?
P4.
Attacks that exploit previously
unknown vulnerabilities are
considered some of the most
dangerous attacks. Use the Internet
to research these attacks. How are
the vulnerabilities discovered? What
are some of the most recent zero-day
attacks? What defenses are there
against them?
LO3: Review mechanisms to control organisational IT security
P5.
3
occurred. When did it
happen? What was the
attack? What type of
damage did it inflict? List
the reason or reasons you
think that the attack was
successful. How was the
computer fixed after the
attack? What could have
prevented it?
top, and then list down the
side at least three computers
that you commonly use at
school, your place of
employment, home, a friend’s
house, etc. Then enter the
security element of each
principle for each of the
computers (such as, for
Limiting you may indicate the
number of people who have
keys to the door of the office
or apartment that contains the
computer). Leave blank any
box for which that security
layer does not exist.
Based on your analysis, what
can you say regarding the
security of these computers?
Finally, for each of the
elements that you think is
inadequate or missing, add
what you believe would
improve security.
D2 (LO3 &LO4)
 4

Discuss about the basic steps in

securing a host system, why it is Search the Internet for one
important, what antimalware software instance of a security breach
should be considered, etc. that occurred for each of the
four best practices of access
P6. control (separation of duties,
job rotation, least privilege,
Discuss about network security, and implicit deny). Write a
include what it is, why it is important, short summary of that breach.
and how it can be achieved using Then rank these four best
network devices, technologies, and practices from most effective
design elements. to least effective. Give an
explanation of your rankings.
P7.

Use the Internet to research OTPs:

who was behind the initial idea, when
they were first used, in what
applications they were found, how
they are used today, etc.

Then visit an online OTP creation site

such as

www.braingle.com/
brainteasers/codes/onetimepad.php
and practice creating your own
ciphertext with OTP. If possible
exchange your OTPs with other
students to see how you might try to
break them. Would it be practical to
use OTPs? Why or why not ?.

P7. M2

Is the wireless network you own as Discuss about the

secure as it should be? Examine your
wireless network or that of a friend or
neighbor and determine which
security model it uses. Next, outline
the steps it would take to move it to
advantages and risks of
BYOD. Be sure to cover
these from the perspective
of the organization, the IT
department, and the end-

the next highest level. Estimate how
much it would cost and how much
time it would take to increase the
level.
LO4. Manage organisational security
P8
Select four risks that your school or
organization may face and develop a
brief business continuity plan.
P9
Explains what a security policy is, the
security policy cycle, and the steps in
developing a security policy.
P10
Describe steps in a vulnerability
assessment. List in detail the actions
under each step and what should
expect in the assessment.
5
user
M3
Select a social network site
and research its security
features. Are they
sufficient? Should they be
stronger? What
recommendations would
you make?
D3 (LO5)
Perform an abbreviated risk
management study on your
personal computer. Conduct
asset identification, threat
identification, vulnerability
appraisal, risk assessment,
and risk mitigation. Under
each category, list the
elements that pertain to your
system. What major
vulnerabilities did you
uncover? How can you
mitigate the risks?
 6

Table of Contents
P1 .................................................................................................................................... 8
-IT security definition : .................................................................................................. 8
-Why IT security is important :...................................................................................... 8
P2 .................................................................................................................................. 10
1. Encryption: ............................................................................................................. 10
2. Two-factor authentication: ...................................................................................... 10
P3 .................................................................................................................................. 11
1. WannaCry .............................................................................................................. 11
2. Petya ...................................................................................................................... 12
3. Bad Rabbit ............................................................................................................. 13
P4. ................................................................................................................................. 14
1.The EternalBlue ...................................................................................................... 14
2. Cloudbleed ............................................................................................................. 15
P5. ................................................................................................................................. 16
* Steps in securing a host system : ............................................................................ 16
* Some of antimalware software user should be considered :.................................... 17
P6. ................................................................................................................................. 18
Network security definition : ....................................................................................... 18
*Why network security is important : .......................................................................... 18
-Implement security configuration on network devices ............................................... 19
* Technology in Network security: .............................................................................. 20
*Design a secure network plan for the E-commerce website : ................................. 21
P7.1 ............................................................................................................................... 22
*OTPs ........................................................................................................................ 22
Would it be practical to use OTPs? Why or why not ?. .............................................. 23
P7.2 ............................................................................................................................... 24
* Examine my wireless network ................................................................................. 24
*The steps to move wireless network to the next highest level securiy. ..................... 24
 7

P8 .................................................................................................................................. 27
*Four risks that school may face : ............................................................................. 27
*A brief business continuity plan : .............................................................................. 27
P9 .................................................................................................................................. 28
*A security policy definition : ...................................................................................... 28
* Security policy cycle : .............................................................................................. 28
* The steps in developing a security policy.( .............................................................. 31
P10 ................................................................................................................................ 33
References .................................................................................................................... 36
 8

P1
Explains what IT security is and why it is important today. Also include who is
responsible for attacks and their attack techniques.

-IT security definition :

Information security (IS) is designed to protect the confidentiality, integrity and
availability of computer system data from those with malicious intentions.
Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of
information security.

These objectives ensure that sensitive information is only disclosed to authorized

parties (confidentiality), prevent unauthorized modification of data (integrity) and
guarantee the data can be accessed by authorized parties when requested (availability).

-Why IT security is important :

Nowadays, with the blessing of the internet of things or the cloud, most of the
companies ‘s information is storaged in digital form. The companies ‘s information
usually is financial results , confidential business plans and employees' personal files,
because these files is especially important and valuable for reason that the data should
be suitably protected. Here are some threats will happen if your company ‘s IT security
system is not guarantee :

DDoS attack or botnet

Your computer can be a part of botnet. Botnet is a network of infected computers

remotely controlled by cybercriminals. Cybercriminals use special Trojan viruses to
breach the security of several users’ computers, take control computer and organise all
of the infected computers into a network that the criminal can remotely manage .Then
criminals delivering a Distributed Denial of Service (DDoS) attack, a large-scale spam
campaign or other types of cyberattack by using the bot-network.

Installing effective anti-malware software will help to protect your computer against
Trojans and other threats.
 9

Spear Phishing

Spear phishing happens when you receive an email from an enterprise or individual that
you’re familiar with—but will eventually result in you having your private information
stolen.

Because it tricks you into giving your data over willingly— like handing your keys over to
a burglar disguised as the custodian

Understanding about spear phishing and installing scanning and blocking systems will
prevent a lot of threats in the future.

The Cloud

Like any third-party vendor, using an outside platform means that your data might be at
risk for a breach. Keeping an eye on what sort of services you’re using in the cloud and
being fully aware of the security standards that your cloud services provide can keeping
your data safe.

Ransomware

This sort of attack encrypts your data and renders it unusable until you pay money,
making it more and more appealing to cyber criminals because most of the time
businesses can’t afford to fight back. The best way to avoid an attack with ransomware
is to have real-time security protection, and hiring an IT security specialist to perform
regular backup routines.
 10

P2
Outlines general principles that can be used to protect valuable assets.

1. Encryption: if you encrypt your data, it will be unreadable for any third-party which
may get hold of it. We can encrypt hard drive and also USB drive. Disable logging of
past conversations and remove any logs that leak confidential information. Thirdly, you
should encrypt your internet traffic as it can be intercepted. When using an unsecured
Wi-Fi network, encrypt it by creating a secure tunnel to a trusted third-party server
(VPN). So, do not send confidential information without proper encryption.

2. Two-factor authentication: Requiring two-factor authentication increases the

safety of the confidential data and decreases the probability of data leakage. Two-factor
authentication enables you to access the information only if you have both a physical
object (like a card) and an immaterial* one (like a security code). Thus, two-factor
authentication means that there must be a thing that you know* and a thing that you
possess in order to gain access.

3. Backup your information

The information should be accessible but encrypted and stored in a secure place.
Business contracts often have confidential information clauses, which are inserted to
protect sensitive information and from disclosure to unauthorized third parties.

A standard clause extracted from a non-disclosure agreement of Microsoft goes like

this: “‘Confidential Information’ means nonpublic information that Microsoft designates
as being confidential or which, under the circumstances surrounding disclosure ought to
be treated as confidential by Recipient”. It is worth mentioning that it is much more
desirable to enlist the types of information that are to be considered confidential and, in
this way, create a narrow and unambiguous clause. Mary Hanson, a California business
lawyer, asserts that “Trying to cover too much information by defining the confidential
information as ‘all business information’ may backfire. It is important to try to identify
particular information, without giving out valuable information.” Accordingly, the
confidential information involved in the agreement must be defined to the extent which
makes it enforceable in court without any particular sensitive information being
disclosed in it.
 11

P3
Use the Internet to research some of the different ransomware attacks that have
occurred recently. Identify at least three attacks that are current. What do they
do? Why are they so successful? How are they being spread? What can users do
to protect themselves? How can ransomware be removed from a computer?

1. WannaCry
The WannaCry ransomware consists of multiple components : An application that
encrypts and decrypts data , files containing encryption keys, a copy of Tor. Once
launched, WannaCry tries to access a hard-coded URL (the so-called kill switch); if it
can't, it proceeds to search for and encrypt files in a slew of important formats, ranging
from Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user. It
then displays a ransom notice, demanding $300 in Bitcoin to decrypt the files.

The vulnerability WannaCry exploits lies in the Windows implementation of the Server
Message Block (SMB) protocol. The SMB protocol helps various nodes on a network
communicate, and Microsoft's implementation could be tricked by specially crafted
packets into executing arbitrary code.

Ironically, the patch needed to prevent WannaCry infections was actually available
before the attack began: Microsoft Security Bulletin MS17-010, released on March 14,
2017, updated the Windows implementation of the SMB protocol to prevent infection via
EternalBlue. However, despite the fact that Microsoft had flagged the patch as critical,
many systems were still unpatched as of May of 2017 when WannaCry began its rapid
spread.

For those unpatched systems that are infected, there is little remedy beyond restoring
files from a safe backup — so let that be a lesson that you should always back up your
files. While those monitoring the bitcoin wallets identified in the extortion message say
that some people are paying the ransom, there's little evidence that they're regaining
access to their files.
 12

2. Petya
Petya is ransomware — a form of malware that infects a target computer, encrypts
some of the data on it, and gives the victim a message explaining how they can pay in
Bitcoin to get the keys to get their data back.

The initial version of the Petya malware, which began to spread in March of 2016,
arrives on the victim's computer attached to an email purporting to be a job applicant's
resume. It's a package with two files: an image of young man (supposedly of the job
applicant, but actually a stock image) and an executable file, often with "PDF"
somewhere in the file name. The plan is to get you to click on that file, and to
subsequently agree to the Windows User Access Control warning that tells you that the
executable is going to make changes to your computer. (Petya only affects Windows
computers.)

The malware is already working behind the scenes to make your files unreachable. it
installs its own boot loader, overwriting the affected system's master boot record, then
encrypts the master file table, which is the part of the filesystem that serves as sort of a
roadmap for the hard drive. the computer can't access the part of the filesystem that
tells it where they are, so they might as well be lost. At this point, the ransomware
demands a Bitcoin payment in order to decrypt the hard drive.

In June of 2017 that all changed radically. A new version of the malware began
spreading rapidly, with infection sites focused in Ukraine, but it also appeared across
Europe and beyond. The new variant spread rapidly from computer to computer and
network to network without requiring spam emails or social engineering to gain
administrative access .

Many of the computers infected by Petya were running older versions of Windows.
Microsoft says that Windows 10 was particularly able to fend of Petya attacks, not just
because most installs auto-updated to fix the SMB vulnerability, but because improved
security measures blocked some of the other ways NotPetya spread from machine to
machine.
 13

3. Bad Rabbit
Analysis by researchers at Crowdstrike has found that Bad Rabbit and NotPetya's DLL
(dynamic link library) share 67 percent of the same code, indicating the two ransomware
variants are closely related, potentially even the work of the same threat actor

The main way Bad Rabbit spreads is drive-by downloads on hacked websites.Users
visit hacked websites are told that they need to install a Flash update. Of course, this is
no Flash update, but a dropper for the malicious install. Those unfortunate enough to
fall victim to the attack quickly realised what had happened -- it presents victims with a
ransom note telling them their files are "no longer accessible" and "no one will be able
to recover them without our decryption service". Victims are directed to a Tor payment
page and are presented with a countdown timer. Pay within the first 40 hours or so,
they're told, and the payment for decrypting files is 0.05 bitcoin -- around $285. Those
who don't pay the ransom before the timer reaches zero are told the fee will go up and
they'll have to pay more.

At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without
giving in and paying the ransom - although researchers say that those who fall victim
shouldn't pay the fee, as it will only encourage the growth of ransomware.

Much like Petya, Bad Rabbit comes with a potent trick up its sleeve in that it contains an
SMB component which allows it to move laterally across an infected network and
propagate without user interaction.

What aids Bad Rabbit's ability to spread is a list of simple username and password
combinations which it can exploit to brute-force its way across networks. The weak
passwords list consists of a number of the usual suspects for weak passwords such as
simple number combinations and 'password'.

A number of security vendors say their products protect against Bad Rabbit. But for
those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab
says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \
cscc.dat.' in order to prevent infection.
 14

P4.
Attacks that exploit previously unknown vulnerabilities are considered some of
the most dangerous attacks. Use the Internet to research these attacks. How are
the vulnerabilities discovered? What are some of the most recent zero-day
attacks? What defenses are there against them?

1.The EternalBlue

The EternalBlue exploitation tool was leaked by “The Shadow Brokers” group on April
14, 2017, in their fifth leak, “Lost in Translation.” The leak included many exploitation
tools like EternalBlue that are based on multiple vulnerabilities in the Windows
implementation of SMB protocol.

EternalBlue works on all Windows versions prior to Windows 8. These versions contain
an interprocess communication share (IPC$) that allows a null session. This means that
the connection is established via anonymous login and null session is allowed by
default. Null session allows the client to send different commands to the server.

The NSA created a framework (much like Metasploit) named FuzzBunch, which was
part of the leak. The purpose of this framework is to configure, for example, set victim
ip, and execute the exploitation tools.

Microsoft released patches for the vulnerabilities in the leak, under the MS17-010
(Microsoft Security Bulletin).

CVE-2017-0144 is the CVE ID in MS17-010 that is related to EternalBlue.

SMB Protocol

Server Message Block (SMB), one version of which is also known as Common Internet
File System (CIFS), operates as an application-layer network protocol mainly used for
providing shared access to files, printers, and serial ports and miscellaneous
communications between nodes on a network.

It also provides an authenticated inter-process communication mechanism. Most SMB

use involves computers running Microsoft Windows, where it was known as the
“Microsoft Windows Network” before the subsequent introduction of Active Directory.
Corresponding Windows services are LAN Manager Server (for the server component)
and LAN Manager Workstation .
 15

2. Cloudbleed

Cloudbleed is the name of a major security breach from the internet company
Cloudflare that leaked user passwords, and other potentially sensitive information to
thousands of websites over six months.

At this point, we know that Uber, Fitbit and OKCupid were three directly affected, but
there's thousands more. The peak of the Cloudbleed bug was between Feb. 13 to 18. In
a post on the its website, Cloudflare states that during this time about "1 in every
3,300,000 HTTP requests through Cloudflare" potentially resulted in memory leakage.

Services like Cloudflare help move information entered on those "https" websites
between users and servers securely. What happened here is some of that secure
information was unexpectedly saved when it should not have been. And to make
matters worse, some of the saved secure information was cached by search engines
like Google, Bing and Yahoo. So it could have been a username or a password, a photo
or frames of a video as well as behind-the-scenes things like server information and
security protocols.

There are things you can do to protect yourself from such things happening again
before the next Cloudbleed-like incident happens.

The first thing to do is change the passwords for any of your accounts that use
Cloudflare. Fitbit, OKCupid and Medium are a few, but you can find out if websites you
use rely on Cloudfare with this tool.

And, if any of those websites or services offer two-step verification (sometimes called
two-factor verification), use it. It ensures that even if someone were to get a hold of your
password, they would not be able to access your account.
 16

P5.
Discuss about the basic steps in securing a host system, why it is important,
what antimalware software should be considered, etc.

-In networking, a host is any device that has an IP address. Hosts include: Servers,
Clients , Routers, Firewalls.

* Steps in securing a host system :

+Host Hardening

-Back up the host regularly (High Priority)

-Restrict physical access to the host.

-Encrypt data if appropriate.

+Host Protections:

-Install the operating system with secure configuration options.

-Replace all default passwords with strong passwords.

-Install and configure a host firewall.

-Install and maintain patches for known operating system vulnerabilities.

-Manage users and groups along with their access permissions.

-Install and maintain an antivirus protection software.

Why host secure is important :

The most important reason is to protect your online identity, prevent identity theft, and to
ensure the safety of any information transmitted over the web. Secure hosting ensures
that your Internet is protected from hackers and unscrupulous individuals that want to
steal your information. Secure email hosting is also preferred, as many users transmit
important information and documents via email.

With the rise of credit card payments over the Internet. Customers want their dealing
with credit card or other sensitive information such as names, addresses, social
security numbers, tax information, banking numbers transmitted over the Internet are
being safe. Secure email hosting is one of the most important features any business
can have as it will produce trust in clients and customers.
 17

* Some of antimalware software user should be considered :

1. Bitdefender Antivirus

Discreet but effective, Bitdefender is the best anti-malware for your PC

Operating system: Windows

User-friendlyClean and simple interfaceNo options or settings

Bitdefender Antivirus Free Edition is the strong, silent type. This anti-malware software
doesn't even ask questions when you install it – it just quietly gets on with the job of
identifying and eliminating anything that poses a risk to your safety and security.

Proactive malware and spyware scanning that can detect threats nobody has
encountered before; and boot scanning every time you start your PC.

Its comprehensive suite of tools to protect your PC makes Bitdefender the best free
anti-malware software you can download today. It's all the protection you need in one
handy package.

2. AVG AntiVirus

A simple interface and effective scanning with remote activation

Operating system: Windows, Mac, Android

If you're looking for anti-malware software that keeps quiet and won't disturb your work,
be warned – AVG Antivirus Free is quite vocal with its notifications, and irks us from
time to time with pop-ups telling us we've done something fantastic with regard to our
online safety.

The dashboard is user-friendly, there's protection not just from downloadable threats,
but from dodgy links too, and you can use your mobile to scan your PC remotely, which
is pretty clever.

The paid-for Pro model has more security options - it has more robust download
protection, offers data encryption includes a firewall - but the free version offers decent
protection for most PC users.
 18

P6.
Discuss about network security, include what it is, why it is important, and how it
can be achieved using network devices, technologies, and design elements.

Network security definition :

consists of the policies and practices adopted to prevent and monitor unauthorized
access, misuse, modification, or denial of a computer network and network-accessible
resources. Network security involves the authorization of access to data in a network,
which is controlled by the network administrator. Users choose or are assigned an ID
and password or other authenticating information that allows them access to information
and programs within their authority. A well-implemented network security blocks viruses,
malware, hackers from accessing or altering secure information. Network security
covers a variety of computer networks, both public and private, that are used in
everyday jobs; conducting transactions and communications among businesses,
government agencies and individuals.

*Why network security is important :

-Protect the Data

In today’s day and age identity or information theft is on the rise and as a business it is
your duty to keep all your existing client’s data safe and secure.Because the data play
the vital role in your business so that a high quality Network Security system can help
reduce the risk of your business falling and avoiding data theft .

-Protect Computers From Harmful Spyware

Network Security systems can be effective in protecting your computers from physical
harm, helping to safeguard your machines against virus or spyware attacks from
external threats.

-Keep shared data secure

For computers on a shared network a Network Security system can help keep shared
information and data safe.

-Increased network performance - Use IT ComputersIncreased Network Performance

Investing in high quality Network Security facilities will benefit your business massively
and reduce costs in the long run. A high quality Network Security system can reduce the
risk of attack and improve user experience.
 19

-Implement security configuration on network devices :

+Firewalls :

Firewalls are the very important part of the system because they can actually keep the
threats away and creates a wall between the computer and the attacks. When the
firewall rule changes, we should document all the firewall changes. It should be
matching some security policy changes. The documentation of the security policy and
the rule change both are the elements of the change controlling process or some
workflow. The change must be applied and should be tested too for confirming that the
traffic is blocked or allowed. Next thing is that the internet should be accessed with the
minimum access rights. The configuration of the firewall with some minimum inbound
controls can follow the same logic as it does in the outbound.

+ Routers

Routers security is very vital when we are using the internet. The first one is that you
should not try to enable the remote management on the internet. The webservers which
are embedded are the main sources of several flaws. The security policy should be
moderated and the IP ranges should not be the default one. It is some simple but very
effective method to decrease the likelihood of the successful attacks for viruses.
Another most important thing is that the WPS should be turned off since it isn't secured
and the encryption should be turned on which should be WPA-2.
 20

* Technology in Network security:

CLOUD TECHNOLOGY

The cloud is set to have a significant impact on the transformation of systems security
technology. More business enterprises and government agencies have embraced cloud
technology to store the vast amounts of information that they generate on a daily basis.
Components such as virtualized intrusion detection and prevention systems, virtualized
firewalls and virtualized systems security will now be used from the cloud as opposed to
the traditional forms.

DEEP LEARNING

Some technologies are encompassed in deep learning, such as machine learning and
artificial intelligence. There is a significant deal of interest for purposes of systems
security in these technologies.

Deep learning, just like behavior analytics, focuses on anomalous behavior. Whenever
AI and machine learning systems are fed with the right data regarding potential systems
security threats, they can make decisions on how to prevent hacks depending on their
immediate environment without any human input. Business organizations and
government agencies can now be able to stamp out any persistent or advanced cyber
threats using artificial intelligence and machine learning.
 21

*Design a secure network plan for the E-commerce website :

1.There will be two separate network services – public network and the internal network.
The public network will hold public services such as web servers, email servers. These
servers have to be public because the customers must place their Internet orders and
send email notifications. The Internal network will hold workstations and servers that are
shielded from public access.

2.A border router is placed before the organization’s traffic tries to reach the Internet.
This router is the first in the line of defense against malicious elements. Inbound
packets that have illegal addresses will be blocked in this line of defense. Outbound
packets that do not have a valid IP address will also be blocked. Valid outbound packets
are blocked so that the servers are not used in any type of attack.

3.Next in line of defense will be the “firewall”. As we have already seen “firewalls” are
the “chokepoints” of the network. It has a set of rules that will determine what goes
through it and what cannot. The firewall rules will be configured to protect customer
information. Thus, a firewall acts as a type of access control regulating traffic.

4.IDS or Intrusion Detection systems are placed so that they listen for malicious
activities and raise an alarm.

5.VPN access will be given to the employees to access the corporate data using the
existing public infrastructure such as the Internet, LAN or WAN. It can be recollected
that the information is encrypted on the sender’s end and decrypted on the receiver’s
end.

6.The employee workstations can be placed on the internal network and can access the
Internet only through a proxy firewall. This ensures that they are protected as well.

7.Apart from these security controls, patch management will also be applied to patch
vulnerabilities in applications.
 22

P7.1
Use the Internet to research OTPs: who was behind the initial idea, when they
were first used, in what applications they were found, how they are used today,
etc.

*OTPs

Frank Miller in 1882 was the first to describe the one-time pad system for securing
telegraphy.

The next one-time pad system was electrical. In 1917, Gilbert Vernam (of AT&T
Corporation) invented and later patented in 1919 (U.S. Patent 1,310,719) a cipher
based on teleprinter technology. Each character in a message was electrically
combined with a character on a paper tape key. Joseph Mauborgne (then a captain in
the U.S. Army and later chief of the Signal Corps) recognized that the character
sequence on the key tape could be completely random and that, if so, cryptanalysis
would be more difficult. Together they invented the first one-time tape system

In cryptography, the one-time pad (OTP) is an encryption technique that cannot be

cracked, but requires the use of a one-time pre-shared key the same size as, or longer
than, the message being sent. In this technique, a plaintext is paired with a random
secret key (also referred to as a one-time pad). Then, each bit or character of the
plaintext is encrypted by combining it with the corresponding bit or character from the
pad using modular addition. If the key is truly random, is at least as long as the
plaintext, is never reused in whole or in part, and is kept completely secret, then the
resulting ciphertext will be impossible to decrypt or break.

OTPs was used in account encrypt applications or message applications.

In the modern-age, any digital storage device (USB stick, iPod, iPhone, Android phone,
CD/DVD, portable hard drive, etc) can be used to store and/or transport one-time pad
information. Although the one-time pad system has a number of physical security
barriers to effective use, it continues to have practical interest in scenarios where a
computation by hand is useful for a given situation in intelligence circles. In these cases,
pads can be delivered by hand via a “handler” or centralized point of contact to agents
in the field, or via secure phone or computer connection.

.
 23

Would it be practical to use OTPs? Why or why not ?.

The one-time-pad is one of the most practical methods of encryption where one or both
parties must do all work by hand, without the aid of a computer. This made it important
in the pre-computer era, and it could conceivably still be useful in situations where
possession of a computer is illegal or incriminating or where trustworthy computers are
not available.

One-time pads are practical in situations where two parties in a secure environment
must be able to depart from one another and communicate from two separate secure
environments with perfect secrecy.

But in real life , physical meetings in a globalised world are often not that practical and
we have cheaper and far more practical alternatives at the cost of computational
privacy.

OTP's would require meeting with the other side directly, or alternatively using a trusted
courier; we rarely want to put up with the expense, especially since there are cheaper
alternatives available.

So it would be not practical to use OTPs in practical .

 24

P7.2
Is the wireless network you own as secure as it should be? Examine your
wireless network or that of a friend or neighbor and determine which security
model it uses. Next, outline the steps it would take to move it to the next highest
level. Estimate how much it would cost and how much time it would take to
increase the level.

* Examine my wireless network.

-My home wireless network is not secure as it should be. It use WPA2 security model.

Wi-Fi Protected Access 2 (WPA2) is a network security technology commonly used on

Wi-Fi wireless networks. It's an upgrade from the original WPA technology, which was
designed as a replacement for the older and much less secure WEP.

WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE
802.11i technology standard for data encryption.

WPA2 Pre-Shared Key uses keys that are 64 hexadecimal digits long; it's the method
most commonly used on home networks. Many home routers interchange "WPA2 PSK"
and "WPA2 Personal" mode — they refer to the same underlying technology.

*The steps to move wireless network to the next highest level securiy.
It would cost no money and take 1 day to finish.

Step 1. Set a strong and unique password for wireless network

Every wireless router comes pre-set with a default username and password, which is
needed in the first place to install and connect your router. The worst part: it’s easy for
hackers to guess it, especially if they know the manufacturer.

So, make sure to change them both immediately.

A good wireless password should be at least 20 characters long and include numbers,
letters, and various symbols.
 25

Step 2. Increase Wi-Fi security by activating network encryption

1. Log into your wireless router's administrator console. This is usually done by opening
a browser window and typing in the address of your wireless router (usually
http://192.168.0.1, http://192.168.1.1, http://10.0.0.1, or something similar). You will then
be prompted for the admin name and password. If you don't know any of this
information check the wireless router manufacturer's website for help.

2. Locate the "Wireless Security" or "Wireless Network" settings page.

3. Look for the Wireless Encryption Type setting and change it to WPA2-PSK (you may
see a WPA2-Enterprise settings. The enterprise version of WPA2 is intended more for
corporate-type environments and requires a much more complicated set up process).

4. Create a strong wireless network name (SSID) coupled with a strong wireless
network password (Pre-shared Key).

5. Click "Save" and "Apply". The wireless router may have to reboot for the settings to
take effect.

6. Reconnect all your wireless devices by selecting the wireless network name and
entering in the new password on each device.

Step 3. Turn off the DHCP functionality on the router

To enhance the wireless network security, we should turn off the Dynamic Host
Configuration Protocol (DHCP) server in router which is what IP addresses are
assigned to each device on a network. Instead, we should make use of a static address
and enter our network settings.

This means that we enter into our device and assign it an IP address that is suitable to
our router.
 26

Step 4. Disable Remote Access

Most routers allow we to access their interface only from a connected device. However,
some of them allow access even from remote systems.

Once we turned off the remote access, malicious actors won’t be able to access our
router’s privacy settings from a device not connected to wireless network.

To make this change, access the web interface and search for “Remote access” or
“Remote Administration“.

Step 5. Enhance protection for the devices most frequently connected to home network

-Remember to always keep our devices up to date with the most recent software
available;

-Always apply the latest security patches to ensure no security hole is left open to
malicious actors.

-Check which devices connect most often to our home network and make sure they
have antivirus and/or an anti-malware security software installed.

- Protect our devices using multiple security layers consisting of specialized security
software such as updated antivirus programs and traffic filtering software. You may
consider using an antimalware software program like Heimdal PRO or Malwarebytes.
 27

P8
Select four risks that your school or organization may face and develop a brief
business continuity plan.

*Four risks that school may face :

- Increased hacking of security camera systems with remote viewing capability will likely
continue when encrypted devices are not utilized. Individual or group hacking into a
school’s security camera system to conduct pre-attack surveillance and to take over the
school security camera system during an attack .

- The recent increase in the number of terrorist attacks school globally indicates the
elevated risk of terrorism will probably continue .

-Phishing, ransomware, and malware from emails, social media, and the Web seem to
be increasing at a rapid pace.Cybercriminals are always on the lookout for financial
gains, and what better way to do it than to fool unsuspecting students by using emails or
Web accounts that spoof official school mailings or brand new bank accounts. Young
adults are among those most at risk at being the victim of a phishing scam that results
in malware or ransomware downloads.

- Out of Date Technology : Contrary to popular misconception, user interaction isn’t

always required for a cyber attack to be launched. The WannaCry attack targeted
hundreds of computers all with the same security vulnerability on their Windows
operating systems. While newer versions of Windows now come with that weakness
patched, the victims were all users who hadn’t updated to the latest OS or downloaded
the necessary patch.

*A brief business continuity plan :

- Consider including assessment of the vulnerability of school security camera systems,
proximity card systems that lack encryption and other security systems that can be
compromised in your cyber security audit processes.

- Update your emergency protocols for hazardous materials incidents, bomb threats,
explosion, food and beverage contamination.

-Updated anti-viruses, which also anti-malware and Web scans .

- An IT solution that tracks all devices is important, but check on software upgrades and
block access to certain apps is ideal.
 28

P9
Explains what a security policy is, the security policy cycle, and the steps in
developing a security policy.

*A security policy definition :

A security policy is a written document in an organization outlining how to protect the
organization from threats, including computer security threats, and how to handle
situations when they do occur.

A security policy must identify all of a company's assets as well as all the potential
threats to those assets. Company employees need to be kept updated on the
company's security policies. The policies themselves should be updated regularly as
well . A security policy should outline the key items in an organization that need to be
protected. This might include the company's network, its physical building, and more. It
also needs to outline the potential threats to those items. If the document focuses on
cyber security, threats could include those from the inside, such as possibility that
disgruntled employees will steal important information or launch an internal virus on the
company's network. Alternatively, a hacker from outside the company could penetrate
the system and cause loss of data, change data, or steal it .There also needs to be a
plan for what to do when a threat actually happens .

* Security policy cycle :

 29

1.Risk identification :

2.Security policy development :

 30

3.Compliance monitoring and evaluation :

-When the securiry breach happens , an Incidence response policy team must respond
to the initial attack and reexamine security policies that address the vulnerability to
determine what changes need to be made to prevent its reoccurence.
 31

* The steps in developing a security policy.(4 steps)

Step 1: Planning

A deep investigation of users' access to the internet together with your data security
needs will help you to begin your security policy.

1. What do you want to protect?

2. What are the risks?

3. What parts of your business are relevant?

4. What do your users expecting from their computers? What do they need for their
jobs?

Step 2: Defining

Now, you can start writing your security policy. The best way to develop a policy is to
work from an example policy. You can find several templates of security policies in the
internet.

You must define the mission of information security in your company: scope,
responsibilities, enforcements, revision.

You need a Continuity Plan; which will involve a lot of areas in your company, such as
technology, electric power, engineering, staff planning, communication, etc.

Your users must know the Security Policy and they need to be trained constantly.

Processes must be review in a constant basis, to ensure that you have the latest and
most up-to-date version of a solution. Remember that threats and vulnerabilities are
constantly evolving.
 32

Step 3: Implementing

So, you make business decisions and you know how important is protect you computer
data.

Security systems are the implementation of those decisions. Good security system
starts with careful planning and understanding company business, not robust hardware
and software.

Security policies are strategic documents that guide you for security. If you don’t
understand your business needs it will be difficult implement and configure those
security systems.

Remember that a firewall security policy cannot exist alone. It must be accompanied by
your company board support, a policy that establishes how to maintaining physical
security, staff training and awareness, and other specific security controls.

Step 4: Using

A firewall stands between your protected network and public internet. Its main function
is to examine traffic coming from the public side to the private; to make sure it reflects
your security policies before permitting that traffic to pass through your private network.

Two things you must think about implementing firewalls:

1. Acquire the right firewall for you company

There are lots of firewalls in the market, but without a solid and trustable host, your
firewall will be worthless.

2. Configure your firewall to meet your security policies

You could create rules that allow your users to access local web servers but that
prevent employees to access local systems such as financial, development and human
resources.
 33

P10
Describe steps in a vulnerability assessment. List in detail the actions under each
step and what should expect in the assessment.

1. Initial Assessment

Identify the assets and define the risk and critical value for each device (based on the
client input), such as a security assessment vulnerability scanner. It’s important to
identify at least the importance of the device that you have on your network or at least
the devices that you’ll test.

-Understand the strategic factors and have a clear understanding of details, including:

+Risk tolerance level

+Risk mitigation practices and policies for each device

+Business impact analysis

2. System Baseline Definition

Second, gather information about the systems before the vulnerability assessment..
Also, understand the approved drivers and software (that should be installed on the
device) and the basic configuration of each device .

Try to learn what kind of “public” information should be accessible based on the
configuration baseline.Are the logs at least stored in a central repository? Gather public
information and vulnerabilities regarding the device platform, version, vendor and other
relevant details.
 34

3. Perform the Vulnerability Scan

Third, Use the right policy on your scanner to accomplish the desired results. Prior to
starting the vulnerability scan, look for any compliance requirements based on your
company’s posture and business, and know the best time and date to perform the scan.

For the best results, use related tools and plug-ins on the vulnerability assessment
platform, such as:

-Best scan (i.e., popular ports)

-CMS web scan (Joomla, WordPress, Drupal, general CMS, etc.)

-Quick scan

-Most common ports best scan (i.e., 65,535 ports)

-Firewall scan

-Stealth scan

-Aggressive scan

-Full scan, exploits and distributed denial-of-service (DDoS) attacks

-Open Web Application Security Project (OWASP) Top 10 Scan, OWASP Checks

-Payment Card Industry Data Security Standard (PCI DSS) preparation for web
applications

-Health Insurance Portability and Accountability Act (HIPAA) policy scan for compliance
 35

4. Vulnerability Assessment Report Creation

The fourth and most important step is the report creation. Pay attention to the details
and try to add extra value on the recommendations phase. To get real value from the
final report, add recommendations based on the initial assessment goals.

Also, add risk mitigation techniques based on the criticalness of the assets and results.
Add findings related to any possible gap between the results and the system baseline
definition (deviations in any misconfiguration and discoveries made), and
recommendations to correct the deviations and mitigate possible vulnerabilities.
Findings on the vulnerability assessment are normally very useful and are ordered in a
way to ensure the understanding of the finding.

However, it’s important to keep the following details in mind and realize that high and
medium vulnerabilities should have a detailed report that may include:

+The name of vulnerability

+The date of discovery

+A detailed description of the vulnerability

+Details regarding the affected systems

+Details regarding the process to correct the vulnerability

 36

References

P1
Techopedia.com. (2018). What is Information Security (IS)? - Definition from Techopedia. [online]
Available at: https://www.techopedia.com/definition/10282/information-security-is [Accessed 27 Oct.
2018].

P3

Fruhlinger, J. (2018). What is WannaCry ransomware, how does it infect, and who was responsible?.
[online] CSO Online. Available at: https://www.csoonline.com/article/3227906/ransomware/what-is-
wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html [Accessed 27 Oct. 2018].

Fruhlinger, J. (2018). Petya ransomware and NotPetya malware: What you need to know now. [online]
CSO Online. Available at: https://www.csoonline.com/article/3233210/ransomware/petya-ransomware-
and-notpetya-malware-what-you-need-to-know-now.html [Accessed 27 Oct. 2018].

Palmer, D. (2018). Bad Rabbit: Ten things you need to know about the latest ransomware outbreak |
ZDNet. [online] ZDNet. Available at: https://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-
know-about-the-latest-ransomware-outbreak/ [Accessed 27 Oct. 2018].

P4

-->, <. (2018). How to Discover Computers Vulnerable to EternalBlue & EternalRomance Zero-Days.
[online] WonderHowTo. Available at: https://null-byte.wonderhowto.com/how-to/discover-computers-
vulnerable-eternalblue-eternalromance-zero-days-0181327/ [Accessed 27 Oct. 2018].

CNET. (2018). The Cloudbleed bug may have leaked your info: This is what you need to know. [online]
Available at: https://www.cnet.com/how-to/cloudbleed-bug-everything-you-need-to-know/ [Accessed 27
Oct. 2018].

P5

Hostingreviews.com. (2018). Online Information Security: The Importance of Using a Secure Web Hosting
Service. [online] Available at: http://www.hostingreviews.com/online-information-security-the-importance-
of-using-a-secure-web-hosting-service/ [Accessed 27 Oct. 2018].
 37

P6

Use It Computers. (2018). 5 Reasons Why Network Security Is Critical For Business - Use It News.
[online] Available at: https://www.use-it.co.uk/use-it-news/5-reasons-network-security-incredibly-
important-business-users/ [Accessed 27 Oct. 2018].

ExamCollection. (2018). Network Devices: How to Implement Security Configuration Parameters on

Network Devices. [online] Available at: https://www.examcollection.com/certification-training/security-plus-
network-devices-how-to-implement-security-configuration-parameters-on-network-devices.html [Accessed
27 Oct. 2018].

Tripwire, I. (2018). 3 Emerging Innovations in Technology that Will Impact Cyber Security. [online] The
State of Security. Available at: https://www.tripwire.com/state-of-security/featured/emerging-technology-
cyber-security/ [Accessed 27 Oct. 2018].

Simplilearn.com. (2018). IT Security Management: Network Perimeter Security Design. [online] Available
at: https://www.simplilearn.com/network-perimeter-security-design-article [Accessed 27 Oct. 2018].

P7

En.wikipedia.org. (2018). One-time pad. [online] Available at: https://en.wikipedia.org/wiki/One-time_pad

[Accessed 27 Oct. 2018].

P9

Techopedia.com. (2018). What is Security Policy? - Definition from Techopedia. [online] Available at:
https://www.techopedia.com/definition/4099/security-policy [Accessed 27 Oct. 2018].