lOMoARcPSD|49743364

Unit 5 Security HND in computing Final assignment

HND in Computing (ESOFT Metro Campus)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)
 lOMoARcPSD|49743364

Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)
INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 05: Security
Unit(s)
EMC Cloud Solutions
Assignment title
M.M.M.Inshaf
Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance?
Y/N
• Agreeing actions? Y/N

Does the assessment decision need

Y/N
amending?
Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
Date
required)

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Confirm action completed

Remedial action taken
Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Higher Nationals - Summative Assignment Feedback Form

Student Name/ID M.M.M.Inshaf / KAN/A-008235

Unit Title Unit 05: Security

Assignment Number 1 Assessor

Date Received 1st
Submission Date
submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1
Descripts
LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2
Descripts

LO4. Manage organisational security.

Pass, Merit & Distinction P7 P8 M5 D3
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board.

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Pearson
Higher Nationals in
Computing
Unit 5 : Security

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.

Word Processing Rules

1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should be
in the style of Time New Roman.
2. Use 1.5 line word-processing. Left justify all paragraphs.
3. Ensure that all headings are consistent in terms of size and font style.
4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help edit your assignment.

Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked
to complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them,
using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of
plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.
4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and where
I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between
myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.

02/11/2018
inshaf404@gmail.com

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Assignment Brief
Student Name /ID Number M.M.M.Inshaf / KAN/A-008235

Unit Number and Title Unit 5- Security

Academic Year 2017/2018

Unit Tutor

Assignment Title EMC Cloud Solutions

Issue Date

Submission Date

IV Name & Date

Submission Format:

The submission is in the form of an individual written report. This should be written in a concise, formal business
style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections
as appropriate, and all work must be supported with research and referenced using the Harvard referencing system.
Please also provide an end list of references using the Harvard referencing system.

Unit Learning Outcomes:

LO1 Assess risks to IT security.

LO2 Describe IT security solutions.
LO3 Review mechanisms to control organisational IT security.
LO4 Manage organisational security.

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Assignment Brief and Guidance:

EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Sri Lanka. A
number of high profile businesses in Sri Lanka including Esoft Metro Camps network, SME Bank Sri Lanka and
WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides nearly 500 of its customers with SaaS,
PaaS & IaaS solutions with high capacity compute and storage options. Also EMC is a selected contractor for Sri
Lanka, The Ministry of Defense for hosting government and defense systems.

EMC’s central data center facility is located at Colombo Sri Lanka along with its corporate head-office in
Bambalapitiya. Their premises at Bambalapitiya is a six story building with the 1 st floor dedicated to sales and
customer services equipped with public wifi facility. Second-floor hosts HR, Finance and Training & Development
departments and the third-floor hosts boardroom and offices for senior executives along with the IT and Data center
department. Floor 4,5,6 hosts computer servers which make up the data center.

With the rapid growth of information technology in Kandy area in recent years, EMC seeks opportunity to extend
its services to Kandy, Sri Lanka. As of yet, the organization still considers the nature of such extension with what to
implement, where is the suitable location and other essential options such as security are actually being discussed.

You are hired by the management of EMC Solutions as a Security Expert to evaluate the security-related specifics
of its present system and provide recommendations on security and reliability related improvements of its present
system as well as to plan the establishment of the extension on a solid security foundation.

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Activity 01
Assuming the role of External Security Consultant, you need to compile a report focusing on following elements to
the board of EMC Cloud Solutions;
1.1 Identify types of security risks EMC Cloud is subject to, in its present setup and the impact, such issues would
create on the business itself.

1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of issues discussed in section
(1.1) by assessing and treating the risks.

Activity 02
2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect configurations which are
applicable to firewalls and VPN solutions.

2.2 Explain how following technologies would benefit EMC Cloud and its Clients by facilitating a ‘trusted
network’. (Support your answer with suitable illustrations).
i) DMZ
ii) Static IP
iii)NAT
2.3 Discuss the benefits of implementing network monitoring systems.

Activity 03
3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to safeguard itself and its clients.

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage solutions
provided by EMC Cloud. You may also highlight on ISO 3100 risk management methodology.

3.3 Comment on the topic, ‘IT Security & Organizational Policy’

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Activity 04
4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while evaluating the
suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure maximum uptime for
its customers (Student should produce a PowerPoint-based presentation which illustrates the recovery plan within
15 minutes of time including justifications and reasons for decisions and options used).

4.3 ‘Creditors, directors, employees, government and its agencies, owners / shareholders, suppliers, unions, and
the other parties the business draws its resources’ are the main branches of any organization. Discuss the role of
these groups to implement security audit recommendations for the organization.

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Table of Contents
Table of Figures ............................................................................................................ 13

Interaction ..................................................................................................................... 14

Task 1: Assuming the role of External Security Consultant, you need to compile a report
focusing on following elements to the board of EMC Cloud Solutions; ......................... 15

Task 1.1: Identify types of security risks EMC Cloud is subject to, in its present setup
and the impact, such issues would create on the business itself. ................................. 15

What is EMC? ....................................................................................................... 15

Task 1.2: Develop and describe security procedures for EMC Cloud to minimize the
impact of issues discussed in section (1.1) by assessing and treating the risks. ........... 17

Task 2: .......................................................................................................................... 20

Task 2.1: Discuss how EMC Cloud and its clients will be impacted by improper/
incorrect configurations which are applicable to firewalls and VPN solutions. ........... 20

Task 2.2: Explain how following technologies would benefit EMC Cloud and its
Clients by facilitating a ‘trusted network’. (Support your answer with suitable
illustrations). ............................................................................................................. 23

What is trusted network?........................................................................................ 23

Task 2.3: Discuss the benefits of implementing network monitoring systems. ............ 27

What is network monitoring? ................................................................................. 27

Task 3: .......................................................................................................................... 29

Task 3.1: Formulate a suitable risk assessment procedure for EMC Cloud solutions to
safeguard itself and its clients. ................................................................................... 29

Penetrate testing ..................................................................................................... 29

Task 3.2: Explain the mandatory data protection laws and procedures which will be
applied to data storage solutions provided by EMC Cloud. You may also highlight on
ISO 3100 risk management methodology. ................................................................. 31

General data protection regulation (GDPR) ............................................................ 31

Page 11 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

ISO 3100 risk management methodology. .............................................................. 32

Task 4: .......................................................................................................................... 33

Task 4.1: Develop a security policy for EMC Cloud to minimize exploitations and
misuses while evaluating the suitability of the tools used in an organizational policy. 33

What is Security Policies? ...................................................................................... 33

Bibliography.................................................................................................................. 35

Page 12 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Table of Figures
Figure 1 ......................................................................................................................... 24
Figure 2 ......................................................................................................................... 25
Figure 3 ......................................................................................................................... 26
Figure 4 ......................................................................................................................... 32

Page 13 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Interaction
EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in
Sri Lanka. A number of high profile businesses in Sri Lanka including Esoft Metro
Camps network, SME Bank Sri Lanka and WEEFM are facilitated by EMC Cloud
Solutions. EMC Cloud provides nearly 500 of its customers with SaaS, PaaS & IaaS
solutions with high capacity compute and storage options. Also EMC is a selected
contractor for Sri Lanka, The Ministry of Defense for hosting government and defense
systems.

EMC’s central data center facility is located at Colombo Sri Lanka along with its
corporate head-office in Bambalapitiya. Their premises at Bambalapitiya is a six story
building with the 1st floor dedicated to sales and customer services equipped with public
wifi facility. Second-floor hosts HR, Finance and Training & Development departments
and the third-floor hosts boardroom and offices for senior executives along with the IT
and Data center department. Floor 4,5,6 hosts computer servers which make up the data
center.

With the rapid growth of information technology in Kandy area in recent years, EMC
seeks opportunity to extend its services to Kandy, Sri Lanka. As of yet, the organization
still considers the nature of such extension with what to implement, where is the suitable
location and other essential options such as security are actually being discussed.

You are hired by the management of EMC Solutions as a Security Expert to evaluate the
security-related specifics of its present system and provide recommendations on security
and reliability related improvements of its present system as well as to plan the
establishment of the extension on a solid security foundation.

Page 14 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 1: Assuming the role of External Security Consultant,

you need to compile a report focusing on following elements to
the board of EMC Cloud Solutions;

Task 1.1: Identify types of security risks EMC Cloud is subject to, in its
present setup and the impact, such issues would create on the business
itself.

What is EMC?
EMC storage refers back to the diverse storage products, systems and services being
supplied by means of EMC organization, which encompass disk, flash and hybrid
storage structures and arrays. These systems are offered to corporations of all sizes so
that you can fulfill their storage wishes, and blended with EMC's data management
approach services, enable organizations to arrange unstructured information as well as
to recognition on reducing storage value and increasing security or safety.
EMC offers an extensive variety of storage alternatives. Starting from the flagship
product EMC to ultra-modern offerings inside the all flash section. Also it gives a
spread of alternatives based totally available on the market and necessities inside the
SAN and NAS segments.
Above scenario EMC Cloud provides nearly 500 of its customers with SaaS, PaaS &
IaaS solutions with high capacity compute and storage options. In their all the cloud
system will storing in EMC cloud. Bamabalapitya branch is logical and physical
security control. There are so many impact, such issues are held on bambalabiya branch.
First we want to clearly understand why this type of impact, such issues is held on EMC
center.
The Weakness
There to type of security weakness included
1. Physical security weakness
2. Logical security weakness
What is physical security?
Physical security is the protection of personnel, hardware, software, networks and data
from Physical actions and occasions that could cause critical loss or harm to an

Page 15 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

employer, organization or organization. This includes safety from fireplace, flood,

natural disasters, theft and terrorism
Physical security weakness
 There are no have CCTV facility to identify the physical threats
 They’re not have a high security environment in Bamaplabiya branch mainly
first, second and third floors.
 There are no have high fast data transfer.
 No have a educative staff in EMC center

What is logical security?

Logical security protects laptop or computer software program by means of
discouraging person extra through implementing person identifications, passwords and
authentication,
Logical security weakness
 There are no have proper Antivirus and anti-spyware software
 In EMC center easily can hack EMC system
 No have a proper firewalls security
 There are no have high a fast internet connation(example: VPN)
 No have a backup facilities
In this weakness there are so many impact, issues are held on EMC center

Page 16 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 1.2: Develop and describe security procedures for EMC Cloud to
minimize the impact of issues discussed in section (1.1) by assessing and
treating the risks.
What we want to do?
physical security prevents and discourages attackers from getting into a building by
using putting in fences, alarms, cameras, protection guards and puppies, digital get
admission to manage, intrusion detection and administration get right of entry to
controls. the distinction among logical protection and physical protection is logical
protection protects get

Physical security requirements need to additionally be considered at some point of the

construction phase of latest builds or the modification of existing facilities, as those are
in all likelihood to be subject to extraordinary risks and problems(issues). attention
should be given to:

 identification and assessment of existing and new protection risks

 identification of safety requirements for both the development works and any
modifications to the safety of the facility itself (this will depend on whether the
construction works are adjoining to or within the facility)
 Determination of the transition of the security measures from ‘production phase’
into everyday operations.

Want to fix CCTV

A closed — circuit TV camera (CCTV) records videos and photos for security,
surveillance or different private purposes. security cameras have grow to be an essential
issue in security and are in particular used for surveillance functions. facts display that
putting in a CCTV camera reduces crimes inside the place protected as much as 95%.
CCTV’s are used by many for numerous reasons. each organization has CCTV’s
installed for 24x7 surveillance in EMC center.

Page 17 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Implement Firewall

Let’s assume that you work at a business enterprise with 500 employees. the
organization will therefore have hundreds of computer systems that each one have
network cards connecting them together..
Without a firewall in place, all of those hundred of computers are at once handy to
everybody on the internet. Someone who is aware of what she or he is doing can probe
those computers, attempt to make FTP connections to them, try to make telnet
connections to them and so on. If one employee makes a mistake and leaves a security
hollow, hackers can get to the machine and make the most the hole.
With a firewall in area, the landscape is tons exclusive. a organization will location a
firewall at every connection to the net the firewall can implement safety regulations

Access to data center

A data center is a large group of computer servers that are connected together. Every
organization, whether big or small, has a large amount of data that are needed to be
stored somewhere in EMC center. A data center is essential to store, manage, process,
and distribute large amounts of data of an organization. In case of any disaster, a data
center professional can help in recovering the lost data. In today’s modern era, every
organization needs to have a data center for its smooth running. For EMC center, it is
better to take suggestions of an expert in this field.
Data which can be read and understood without any special efforts are known as plain-
text or clear-text. The method to disguise these plain-text in such a way as to hide its
substance is known as data encryption.

Page 18 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Data encrypted
In other words, data encryption is one of the mechanisms which are used to protect
confidential information of users like personal documents, pictures, online transaction or
any other important things which user would not like to share with anyone, unless they
are permitted.
Encryption works through mathematical formula which is known as cipher and a key to
convert readable data (Plain Text) into a form that no one can understand (Cipher Text).
The cipher is the general way for encryption, & the associated key makes that encrypted
data unique. In order to achieve Encryption, there are 3 widely used methods, Hashing,
Symmetric & Asymmetric methods. These are 3 of the methods which are used widely.

Insuring the company

This is the most valuable think we can do for natural disasters or any other problem. Its
help to recover our company easily

Page 19 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 2:

Task 2.1: Discuss how EMC Cloud and its clients will be impacted by
improper/ incorrect configurations which are applicable to firewalls
and VPN solutions.
What is VPN?
A virtual private network (VPN) is a network that uses a public telecommunication
infrastructure, such as the Internet, to provide remote offices or individual users with
secure access to their organization's network. In a VPN, the computers at each end of the
tunnel encrypt the data entering the tunnel and decrypt it at the other end.
Here are some important uses of VPN:
1) Use Public wi-fi securely: Public Wi-Fi offers no encryption security to its users,
and your signals are broadcast for anyone savvy enough to eavesdrop, therefore some
people use VPNs at Wi-Fi hotspots to prevent snoopers from collecting private
information. Generally, the most effective way to keep your data from entering the
wrong hands is by using a VPN service which makes all Internet use totally private and
secure.

2) Secure Communication between Sites: Many businesses today have branch offices,
and connect these branches to the main office over the Internet using a site-to-site VPN
connection. For example, businesses can enable workers with laptops on the road or at
home to connect to the company network as if they were sat at a desk in the office. A
company that has offices in two locations can connect them using a VPN across the
internet so there appears to be one network. Linking remote sites with a main office lets
users send and receive information via a secure connection. Employees can use file
servers and printers which are not physically in the same office.

Page 20 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

3) Bypass the Web Censorship and Content Surveillance: Some countries put up
firewalls to restrict what their residents see, hear, and share with other people within and
beyond their borders. Connecting to a VPN server will enable you to 'tunnel out' of the
censorship restrictions and access the full World Wide Web.
In our EMC center

Regarding your last question, simply using a VPN service doesn't hide your true identity
or your location. If you don't secure your browser and PC there are many ways to be
identified and tracked.
Firewall
Let’s assume that you work at a business enterprise with 500 employees. the
organization will therefore have hundreds of computer systems that each one have
network cards connecting them together..
Without a firewall in place, all of those hundred of computers are at once handy to
everybody on the internet. Someone who is aware of what she or he is doing can probe
those computers, attempt to make FTP connections to them, try to make telnet
connections to them and so on. If one employee makes a mistake and leaves a security
hollow, hackers can get to the machine and make the most the hole.
With a firewall in area, the landscape is tons exclusive. a organization will location a
firewall at every connection to the net the firewall can implement safety regulations

Encryption
Encryption is the process to switch statistics securely in a secretive way. It protects your
information over the net. It enables to guard your privateness or anonymity and
conversations, whether video, voice, or textual content.
Encryption is wanted when you don't need everybody else to have get entry to.
Allow me explain how it's implementing:
 When you switch your data or information over the net, the information first
dispatched on your local network.
 Then your statistics sent for your net service issuer who can view this
information.
 And then in the end, the information gets the supposed person.

Page 21 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

So, throughout this complete process several man or woman can get entry to your
information. Subsequently, the encryption is needed to preserve your information secure
& unreadable.
The pleasant way to encrypt your data over the net is using SSL (Secure Socket Layer)
that encrypt your statistics and make customers assured to technique.

Page 22 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 2.2: Explain how following technologies would benefit EMC

Cloud and its Clients by facilitating a ‘trusted network’. (Support your
answer with suitable illustrations).

What is trusted network?

Such networks permit information to be transferred transparently. The machines using a
trusted network are typically administered by way of an administrator to ensure that
private and secured records are not leaked. Get entry to this network is restrained.
Computer systems the use of trusted networks are greater secured and exclusive due to
best firewalls.

What is DMZ?
De-Militarized Zone refers to a subset of network which is directly accessible from
Internet/external networks. DMZ or Dematerialized Zone is like another layer of
Security (firewall) in your network. Demilitarized zone. It means only one device will
be connected to public network while other devices will be safe and connected to private
network.
DMZ is a physical or logical subnet that separates your inner compter network from
public network, i.e. internet
Things to know about DMZ network:
 It shields internal network or intranet from direct external/Internet access
 DMZ network may screen network traffic and allow only a subset of traffic
towards internal network.
 DMZ network may provision network security features like access control, rate
limiting.

Page 23 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

(Obodoeze, 2016)

Figure 1

Static IP
Static IP is an IP address assigned permanently to a computer and cannot be changed
dynamically from time to time and you must have to configure address manually by
going into network options. But Dynamic IP address is a kind of IP address offered by
the ISP (Internet Service Providers) and changes from time to time, since Dynamic IP
address is assigned by a Protocol named DHCP I.E. Dynamic Host Configuration
Protocol, which assigns the IP addresses temporarily.
Now this public IP is of two types.
1) Dynamic
2) Static
Advantages of Static IP:

 Remote access – with a static IP address you can get entry to your computer
irrespective of where you're in the world. The usage of applications consisting
of remote administrator and computer anywhere you may log into your work or
home computer no matter where you're. Even though you could set the
connection up no matter what sort of IP address with you have, you want a set
address with to hold it in any other case the program will not be capable of
discovering your pc whilst your pc refreshes its dynamic address.

Page 24 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

 Anonymous FTP – it approaches that anyone the usage of the FTP software
can get entry to documents in a unique listing of your website online. it’s
known as nameless FTP due to the fact the username used to get entry to is
“anonymous.” many net hosting providers require a static IP for the anonymous
FTP function to paintings well.
You want to access your internet site by way of FTP or internet browser even if
the area call is inaccessible, which include domain name propagation periods.

 Less downtime – on each time your IP address with refreshes you run the
threat of downtime from the server. At the same time as that is typically best for
a very quick time.

(hotcomm)
Figure 2

Page 25 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Networks address translation protocol (NAT)

What is NAT?
Networks address translation protocol (NAT) affords a one-to-one translation from IP
address. That is generally utilized in an enterprise that desires to give an internal system
get entry to to the internet with a single public IP address translating to a single IP
address with within the personal address area.
When you make an internet request, your device sent the request to the router. The
router, knowing that your IP address is not routable, codes your IP address and port for
this session, translates the address to its out bound IP address, and assigns a source port
that is available and forward the request to the destination.
When the responses come back from the destination, the router performs a lookup and
finds the IP address and source port for the device that started the query. It changes the
IP address and source port to those in the table and forwards it to the device.
This way, you can communicate with a device outside your subnet without having to use
the unroutrable IP address.

(Vader, 2012)
Figure 3

Page 26 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 2.3: Discuss the benefits of implementing network monitoring

systems.

What is network monitoring?

Network Monitoring by and large deals with monitoring all elements of a network
including servers, routers, firewalls, traffic & bandwidth, network device configurations
and the applications hosted in them.
Also, a holistic network monitoring doesn't end with just monitoring and providing
information. Here's a list of a few key aspects of network monitoring:

1. Application performance
 Application Discovery and Dependency Mapping (ADDM)
 Anomaly Detection
 Fault Management with Root Cause Analysis
2. Network performance
 Health, availability and performance of network and its devices
 Fault detection, alerts and troubleshooting
 Network visualisation and usage trends
 Capacity-planning
 Bandwidth usage analysis
 Network traffic analysis (Based on speed, usage, packets and volume)
 QoS policy performance monitoring
 Traffic shaping
 WLC controller monitoring (Usage by SSID, access points, clients and apps)

3. Configuration, change and compliance management

 Configuration back
 Real-time change tracking
 Config change and network compliance

Page 27 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

4. IP Address management
 Switch Port Mapping
 MIB Browser
5. Network security analysis
 Firewall policy management
 Log analysis
 Anomaly alerts
 Firewall compliance and device management
To understand and troubleshoot network issues effectively, it is imperative that all the
elements of a network are monitored centrally and the alerts are in correlation.

Page 28 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 3:

Task 3.1: Formulate a suitable risk assessment procedure for EMC

Cloud solutions to safeguard itself and its clients.

Penetrate testing
What is Penetrate testing?
Penetration testing is done to determine if there is a way to break into your network.
Penetration testing’s is usually done by someone outside of your company who is trying
to determine the easiest way into your network.
 First, they test your firewall looking for open ports on the firewall itself. If they
find SSH, HTTP, HTTPS open on the firewall they will try to determine the
type of firewall and use the default logins for that make and manufacturer.
Sometimes it’s that easy. If the default password doesn't work they use the
default user and hit the firewall with a password cracker. If the default user is
still in place most firewalls will fall in 4 hours.
 Next,your firewall has survived. Same process on the the name servers, web
servers, mail servers, VPN and any other servers they find on the Internet side
of your network. Most Linux installs default to root SSH on any interface.
Penetration testers know this and will use the root user name and hit the box
with a password cracker. Again probably in, in under 4 hours.
 Email servers make wonderful targets. Every known Send mail exploit is tried.
Is the server an open relay? Will it forward spam?
 The VPN is tested to see if traffic can be intercepted and read.
 The web server gets attacked to see if they can determine the server type,
Apache, Tomcat, IIS, and the underlying applications, PHP, PERL, Java, .NET.
All known vulnerabilities are tested.
 Windows Servers are hit with every known method of attack, basically there is
an encyclopedia of vulnerabilities and unless you have been religious in your
patching they will find the holes. Remember root on Linux, Administrator
works well on Windows.
 And to make matters just a little more fun; you have to turn off programs such
as fail to ban or port sentry which will catch and disconnect the attempts to

Page 29 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

hack you. However, they will allow you to keep programs such Snort (intrusion
detection) running. You will learn the meaning of Snot, from that test.
Some companies will stop at this point and issue a report; telling you every
vulnerability they have found. Others will do social testing.

Page 30 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 3.2: Explain the mandatory data protection laws and procedures
which will be applied to data storage solutions provided by EMC
Cloud. You may also highlight on ISO 3100 risk management
methodology.

General data protection regulation (GDPR)

GDPR is the brand new set of records safety rules with the intention to take impact in
may additionally 2018. GDPR will alternate the manner that businesses, particularly,
marketers can perform.
You need to remember the grounds that you will use to process the facts from the
subsequent:
 consent
 performance of a contract
 pleasing a criminal duty
 important interests
 completing a public task
 legitimate interests
 special category
 criminal offence

For entrepreneurs, it's more greater than probably that you'll want to establish consent
out of your subscribers to market to them. To market to a contact, they need to be
obtained with a double choose-in subscription system. This confirms that the contact
wants to hear from you. it blessings the marketer as the contact has additionally
confirmed that they are interested about the content they're going to be dispatched
If you are but to prepare for GDPR, it's far nicely worth considering how the regulations
will impact your business now. You’ll want to be organized for the implementation of
the new regulations on the 25th may 2018. This will mean changing the way that touch
records is treated on your enterprise.
You can also need to trade the way that statistics is processed as soon as you have got
gathered it.

Page 31 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

(onelogin)

Figure 4

ISO 3100 risk management methodology.

Risk affecting agencies will have outcomes in terms of economic performance and
professional recognition, as well as environmental, protection and societal results.
Therefore, managing with rick correctly allows businesses to carry out nicely in a n
environment full of uncertainty.
ISO 31000:
ISO 31000: risk management – suggestions, affords ideas, framework and a manner for
handling risk. It may be used by any employer regardless of its size, activity or zone.
The use of ISO 31000 can help companies increase the chance of reaching objectives or
goals improve the identity of possibilities and threats and correctly allocate and use
assets for risk treatment.
But, ISO 31000 cannot be used for certification purposes, however does provide
guidance for inner or external audit programmers’. Companies the usage of it could
evaluate their risk management. Practices with a world over known benchmark,
supplying sound ideas for powerful management and company governance.

(iso)

Page 32 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Task 4:

Task 4.1: Develop a security policy for EMC Cloud to minimize

exploitations and misuses while evaluating the suitability of the tools
used in an organizational policy.

What is Security Policies?

Identifies the guidelines and procedures for all people accessing and the use of a
corporation's IT assets and assets. Effective IT Security policy is a version of the
company’s subculture, wherein rules and tactics are driven from its employees'
technique to their facts and work.
A security policy is a written document in an employer outlining a way to defend the
company from threats, consisting of computer security threats, and how to cope with
situations after they do arise.
Safety policy should identify all of a corporation's assets in addition to all of the
capability threats to those belongings. Organization employees need to be stored
updated on the corporation's security rules. The rules themselves must be updated
regularly as properly

User and Password security policy

A user account policy is a file which outlines the requirements for soliciting for and
preserving an account on pc structures or networks, generally within an enterprise. It is
very critical for huge websites in which users usually have bills on many systems. some
sites have customers study and signal an account policy as a part of the account request
technique.
• Use an encrypting method to store your password.
• Yours a password given policy
• Password ought to by no means be shared with any other character for any cause
• if an worker believes his password has been compromised, he should right now
contact the it department so his password may be changed.
• if an worker desires to change his password he should touch it department.

Internet usage policies

Page 33 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

This pattern net utilization coverage applies to all employees of company who have get
entry to computers and the net to be used within the performance of their work. Use of
the net by using employees of company is authorized and endorsed in which such use
helps the desires and objectives of the enterprise. But, access to the internet thru
company is a privilege and all personnel ought to adhere to the policies regarding
computer laptop, e-mail and internet usage. Violation of those regulations ought to
result in disciplinary and/or prison motion leading as much as such as termination of
employment. Employees may also be held individually liable for damages resulting
from any violations of this policy. All employees are required to renowned receipt and
affirm that they have understood and conform to abide by the regulations hereunder.

Page 34 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Bibliography
hotcomm. (n.d.). Retrieved 11 01, 2018, from www.hotcomm.com:
https://hotcomm.com/FAQ/FAQ_staticIPXP.asp
iso. (n.d.). Retrieved 11 02, 2018, from www.iso.org: https://www.iso.org/iso-31000-
risk-management.html
Obodoeze, f. c. (2016, October ). researchgate. Retrieved 11 01, 2018, from
www.researchgate.net: https://www.researchgate.net/figure/An-organizations-the-
Application-and-database-servers-protected-by-a-Demilitarized-Zone_fig8_322465819
onelogin. (n.d.). Retrieved 11 02, 2018, from www.onelogin.com:
https://www.onelogin.com/compliance/gdpr
Vader, D. (2012, May 05). tomicki. Retrieved 11 01, 2018, from www.tomicki.net:
https://www.tomicki.net/naptd.php
https://searchsecurity.techtarget.com/definition/physical-security [Accessed 31 October
2018]
https://www.careerride.com/Networking-trusted-and-untrusted-networks.aspx[Accessed
31 October 2018]
https://www.greennet.org.uk/support/what-are-benefits-having-dedicated-ip-address
[Accessed 02 November 2018]
https://www.techopedia.com/definition/4099/security-policy[Accessed 01 November
2018]
https://searchsecurity.techtarget.com/definition/security-policy[Accessed 29 October
2018]
https://en.wikipedia.org/wiki/User_account_policy[Accessed 02 November 2018]

https://www.gfi.com/pages/sample-internet-usage-policy [Accessed 02 November 2018]

Page 35 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

Grading Rubric
Grading Criteria Achieved Feedback

LO1 Assess risks to IT security

P1 Identify types of security risks to organisations.

P2 Describe organizational security procedures.

M1 Propose a method to assess and treat IT security risks.

LO2 Describe IT security solutions

P3 Identify the potential impact to IT security of incorrect

configuration of firewall policies and thirparty VPNs.

P4 Show, using an example for each, how implementing a DMZ,

static IP and NAT in a network can improve Network Security.
M2 Discuss three benefits to implement network monitoring systems
with supporting reasons.
D1 Investigate how a ‘trusted network’ may be part of an IT security
solution.

LO3 Review mechanisms to control organisational IT

security

Page 36 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)

 lOMoARcPSD|49743364

P5 Discuss risk assessment procedures.

P6 Explain data protection processes and regulations as applicable to

an organisation.

M3 Summarise the ISO 31000 risk management methodology and its

application in IT security.
M4 Discuss possible impacts to organizational security resulting
from an IT security audit.
D2 Consider how IT security can be aligned with organisational
policy, detailing the security impact of any misalignment.
LO4 Manage organizational security

P7 Design and implement a security policy for an organisation.

P8 List the main components of an organisational disaster recovery

plan, justifying the reasons for inclusion.
M5 Discuss the roles of stakeholders in the organisation to
implement security audit recommendations.
D3 Evaluate the suitability of the tools used in an organisational
policy.

Page 37 of 37
M.M.M.INSHAF KAN/A-008235

Downloaded by Lasindu Induwara 1 (lasinduinduwara100@gmail.com)