Activity 01

1.1 Explain CIA concept aligned with international banking system

1.1.1 CIA Tried

The CIA Triad divide 3 parts

 Confidentiality: Ensuring that only authorized individuals and systems have access to
sensitive information. Think of it as keeping secrets safe.
 Integrity: Protecting the accuracy and completeness of information from unauthorized
modification or deletion. Imagine maintaining the right data in the right form.
 Availability: Guaranteeing that authorized users have timely and reliable access to
information and systems when needed. Picture ensuring doors are open for those who
should be using them.

Important of CIA Triad

Comprehensive Security Framework- The trio offers a thorough framework for handling
various information security-related issues. Together, confidentiality, integrity, and availability
can help firms create a comprehensive security strategy that addresses a variety of possible risks
and threats.

Risk management- Organizations may detect, evaluate, and reduce threats to their information
assets with the aid of the CIA triad. Organizations may protect sensitive data and crucial systems
by allocating resources wisely and prioritizing security measures that uphold confidentiality,
integrity, and availability.

Protection against Cyber Threats: Organizations can protect themselves against a range of
cyberthreats, such as malware assaults, denial-of-service incidents, unauthorized access, and data
breaches, by implementing the CIA trinity principles. Organizations can reduce the risk of
cyberattacks and safeguard their information assets from compromise by putting in place security
controls and safeguards that maintain confidentiality, integrity, and availability.

Example Of how The CIA Triad implement:

 Confidentiality: Access controls, encryption, data anonymization.

 integrity: Data validation, checksums, version control systems.
 Availability: Backups, redundancy, disaster recovery plans.

1.2 Definition of information Security

Preventing unauthorized parties from accessing, using, disclosing, disrupting, altering, or

destroying data is known as information security. It includes a range of procedures and methods
for safeguarding the accuracy, privacy, and accessibility of data, as well as the infrastructure and
systems that support it. Reduced risks, secure information assets, and sensitive data protection
are the goals of information security. This necessitates protecting both data that is delivered via
various communication channels as well as data that is maintained in digital representations on
systems like databases, computers, and networks. Policies, procedures, technologies, and
practices are just a few of the components that make up information security. These include
safeguarding data integrity, preventing unwanted access and privacy violations, and maintaining
the continuous availability of vital information and systems. It covers a variety of topics,
including risk management, awareness training, incident response, network security, encryption,
and access control. Organizations and individuals can lessen the effects of security events or data
breaches by putting in place effective information security measures that address possible threats
and vulnerabilities, preserve sensitive data, uphold stakeholder trust, and comply with legal and
regulatory requirements.

1.2.1 Advantage and Disadvantage Information security.

Advantage Disadvantage
 Information security is quite easy to use. It is Because technology is constantly evolving,
simple for users to password-protect files in users must contentedly investment in update
order to secure less important data. Installing information security.
firewalls, fingerprint scanners, or detection
systems for the most sensitive content is an
option for users.

There will be an increase in technology- Since technology is always changing, nothing

related crimes as well. Increasing the is ever really safe.
effectiveness of information security use

There will be an increase in technology- Since technology is always changing, nothing

related crimes as well. maximizing the is ever really safe.
effectiveness of information security use

It prevents unauthorized access to sensitive If a user misses even one location that has to
personal information. be protected, the security of the entire system
could be compromised.

By preventing terrorists and foreign nations People may find it challenging to properly
from accessing top-secret information and understand what they are dealing with.
plots, it safeguards the government.

Information security safeguards users' If a person must input passwords frequently,

sensitive data both during use and storage. their productivity may decrease.

Table 1 Advantage and Disadvantage of information security

1.3 Definition Of an attack

One of the largest security risks in information technology is an assault, which can come in many
different forms. Passive attacks are those that acquire information without significantly affecting
systems. One notable instance of this is wiretapping. Because an active attack attempts to modify
system resources or impede their functionality, it can inflict significant harm to an individual or
an organization's resources. A virus or other form of malware would be a great example of this.

1.3.1 Types of attack

Figure I Active and passive attack Source: Shiksha.com, 2023

Active attack

A type of cybersecurity attack known as a "active attack" occurs when an attacker attempts to
alter, harm, or interfere with a system's or network's normal operation. Since active attacks entail
the attacker actually taking action against the target system or network, they can be more
damaging than passive assaults, which only involve monitoring or listening in on a system or
network.
Figure II Active attack

Source: Pynetlabs.com, 2022

Types Of Active attack are Following

 Masquerade
 Modification of message
 Repudiation
 Replay
 Denial of service

Passive Attack

Rather than depleting system resources, a passive attack aims to obtain or utilize data from the
system. Passive attacks monitor or eavesdrop on data transfer. The enemy aims to obtain
information by intercepting the communication. Passive attackers watch or collect information
without altering or deleting it. Eavesdropping, in which the attacker listens in on network traffic
to obtain sensitive data, and sniffing, in which the attacker intercepts and examines data packets
to steal sensitive data, are two examples of passive attacks.
Figure III Passive Attack

Source: Alimam miya(2023)

Types of Passive attack are as follows

 The release of massage content.

 Traffic analysis.
 Packet sniffing
 Remote monitoring

1.3.2 Difference between Active Attack and Passive Attack

Active Attack Passive Attack

1. Information can be change 1. Information cannot be changed
2. Attack victims who are still conscious are 2. A passive attack victim is unaware that
informed about the attack. they are being attacked.
3. Resources on the system are modified. 3. No changes are made to the system’s
resources.
4. Active attacks jeopardize data availability 4. Passive attacks may pose a danger to the
and integrity. availability and integrity of data.
 5. It is preferable to prevent such attacks. 5. Passive attack detection is prioritized above
prevention.
6. Completed quickly 6. Was performed over an extended time.
7. It is considerable simpler to avoid. 7. it is challenging to stop.
8. was done to assault the system. 8. Executed to get system information.
9. This kind of attack damages the execution 9. The system is not damage.
system.
Table 2 Different between active attack and passive attack

1.4 Definition of a Threat

Malware, an acronym for "malicious software," which includes viruses, worms, trojan horses,
spyware, and ransomware, is the most common type of cyberattack. Malware usually infects a
system via an email, an unwelcome software download, or a link on a dubious website. It installs
on the intended system, collects personal data, modifies and restricts access to network elements,
and has the ability to erase data or bring the system to a complete stop. Below are a few of the
most common kinds of malware attacks.

Source: Xcitium. Gstatic.com, 2020

Viruses

A piece of code infects an application. When the application is launched, the malicious code is
run.

Worms
malware that uses backdoors and software defects to enter an operating system. Once the worm
has established itself in the network, it can conduct attacks such as distributed denial of service
(DDoS).

Trojans

malevolent code or software that poses as a trustworthy program and is hidden in games, apps, or
email attachments. An unsuspecting victim downloads the malware, allowing it to take control of
their machine.

Ransomware

An individual or organization can't access their own systems or data when they use encryption. It
is not guaranteed that full access or functionality will be returned in exchange for paying the
ransom. Rather, the attacker frequently requests a ransom in return for the decryption key.

Spyware

A hostile actor gains access to the data of an unsuspecting user, including sensitive information
like credit card numbers and passwords. Spyware can affect desktop applications, online
browsers, and mobile devices.

Files Malware

There is no software installed on the operating system. Native files like WMI and PowerShell are
altered with malevolent intent. This stealthy attack approach is difficult to detect since the
compromised files are acknowledged as authentic (antivirus cannot identify it).

Dos Attack

A denial-of-service (DoS) attack is an attempt to take down a device or network such that the
intended users can't use it. DoS attacks do this by supplying the target of the attack with data that
causes a problem or by barraged it with connections.

DDOS Attack

A denial-of-service (DDoS) attack is launched by multiple compromised networks against a

target, making the targeted resource inaccessible to users. A server, webpage, or other type of
network resource could be the target. The flood of incoming messages, connection requests, or
malformed packets causes the target system to slow down, possibly crash, and shut down,
depriving genuine users or systems of service.
1.5 IT Security Risk

Some experts claim that well-designed software can be built correctly the first time. They even
assert that there are mathematical methods for proving a program's accuracy. But most
programmers are used to the idea that, since the world is still imperfect, their newly created
programs will have a few bugs. Since programmers are frequently exact, careful, detail-oriented,
and proud of their work, this first look looks depressing. However, there are several ways for
programs to include faults, and you will probably find many of them, just like those who came
before you. Information security risks are those that could arise from unauthorized use, access,
disclosure, disruption, alteration, or destruction of digital information. Some potential sources of
this risk include malware, data breaches, cyberthreats, and other security incidents that
compromise the confidentiality, integrity, and accessibility of sensitive data. To fully grasp the
concept of information security risk, one must be able to distinguish between threats and risks. A
threat is a potential risk, like a malware infection or an attempted hack, to a company's
information assets. A risk is the potential for the threat to really cause harm to the company. To
put it another way, an organization is not always in danger just because a threat exists.
Information security risks can have detrimental effects on businesses. For example, sensitive data
breaches may result in the loss of financial and personal information, which may have negative
effects on one's reputation and result in legal issues as well as monetary losses. Malware and
other cyberthreats can disrupt corporate operations and cause downtime on systems and
networks. Missed sales, lower output, and strained client relationships could result from this.

1.5.1 Definition of risk management

The process of detecting, evaluating, and controlling risks to the company's assets and revenue is
known as risk management. Numerous things, such as unstable financial markets, unfulfilled
legal responsibilities, technological problems, ineffective strategic planning, mishaps, and
extreme weather, might increase the likelihood of these hazards. A corporation that has a good
risk management strategy is better able to take into account all possible risks. The relationship
between risks and the potential domino effects they could have on an organization's strategic
objectives is another aspect of risk management
1.5.2 Five principles of risk management

1. Risk identification
2. Risk control
3. Claims management
4. Risk financing
5. Risk analysis

1.6 Definition of Organizational Risk

An organizational risk is the possible losses that an organization could sustain as a result of an
unfavorable incident or activity. The likelihood of a specific activity or event happening could
make it more challenging for an organization to accomplish its goals. Organizational risk
includes reputational harm, operations halts, regulatory problems, and financial difficulties.

1.6.1 Types of organizational risk

 Market/ reputation risk

 Financial risk
 Legal risk
 Strategic risk
 Culture risk
 Fraud risk

1. Market/ reputation risk

Reputational risk is any threat or danger that could negatively impact your business's standing
with clients and its overall performance. These risks can occur abruptly and often come as a
surprise. Source: (Needle, 2024)

2. Financial risk
The risk associated with the company's finances is that it might not be able to pay off its debt and
fulfill its financial obligations. This type of risk is typically caused by instability, losses in the
financial sector, or variations in stock prices, interest rates, currency exchange rates, etc.
3. Operational Risk

Operational risk is the potential for losses brought on by inefficient or faulty protocols,
guidelines, policies, plans, or circumstances that obstruct company operations. Natural disasters,
criminal activity such as fraud, and human error are some of the causes of operational risk.

4. Legal Risk

Businesses run the danger of legal trouble if they make a mistake or deliberately ignore their
customer obligations. The same legal framework that establishes requirements for products,
clients, and business operations also governs it. From the perspective of an investor, the possible
consequences of breaking tax regulations are perceived.

5. Strategic risk

Events that carry a high risk of negatively impacting a company's business model are called
strategic risks. The value offer that attracts customers and generates income is jeopardized by a
calculated risk. For example, if a company's value proposition is to be the lowest-cost supplier of
a product and a competitor from a low-wage nation enters the market abruptly, the company's
strategy will be destroyed.

6. Technology risk

The term "technology risk," usually referred to as "information technology risk," refers to the
potential for a technological malfunction to disrupt a business. A few of the numerous
technology risks that firms face are events related to information security, cyberattacks, password
theft, service outages, and other threats. If a proper incident response is not employed, any type
of technology risk has the potential to cause damage to finances, reputation, regulations, or
strategy. Therefore, in order to anticipate such problems, it's critical to have a solid technological
risk management strategy in place.
7. Culture risk

"Risk culture" describes the shared values, beliefs, knowledge, attitudes, and risk awareness of a
group of people who share a same objective. This regulation must be adhered to by all
organizations, including public and nonprofit organizations as well as for-profit businesses.

8. Fraud risk

The term "risk culture" refers to the common values, attitudes, knowledge, and risk awareness of
a group of individuals who have a common goal. All organizations, including for-profit
companies and public and nonprofit organizations, are required to abide by this legislation.

1.6.2 The way organization risk can impact to Metropolis capital bank.

Organizational risk can have a big influence on Metropolis Capital Bank's standing,
performance, and financial stability. Organizational risks can cause the bank to suffer large
financial losses. Examples of these risks include fraud, ineffective financial management, and
operational inefficiencies. Among other things, money theft, bad investments or disciplinary
actions could cause these losses. A bank's capital base may be lowered by financial losses, which
may also limit the loans the bank may make and reduce shareholder value. Organizational risks
that produce negative press or a negative public image could damage the bank's standing. For
example, clients may lose trust in the bank if it is associated with a scandal or is perceived to
have acted unethically. A bank's reputation can be ruined, which could hurt its market standing
and cause it to lose clients. It can also struggle to draw in new customers. If the bank disregards
its legal and regulatory obligations, it could be subject to fines, legal action, and other
repercussions. Risks to a firm, such as breaking anti-money laundering rules or misinterpreting
customer expectations, can have serious consequences. Regulators may impose restrictions on a
bank's capacity to conduct business, forbid specific operations, or even withdraw the bank's
license. Hazards to the organization, including internal system malfunctions, hacks, and
technological setbacks, could make it more difficult for the bank to carry out business.
Transactions were hampered by the loss of services, and these disruptions could have left
customers unhappy. Operational mishaps damage the bank's credibility with its clients by
undermining their confidence in its ability to provide consistent services. Low employee
engagement or a toxic work environment are examples of organizational risks that can have an
impact on productivity and morale. Excessive rates of employee turnover can negatively impact
service continuity, institutional knowledge loss, and the expense of employing new staff.
Employee dissatisfaction may result in subpar customer service and low customer satisfaction.
Organizational issues could hinder a bank's capacity to draw in customers. acquire access to the
capital markets and investors. If investors believe a bank has a high-risk profile or inadequate
risk management procedures, they may be hesitant to contribute or lend money. Reduced
investor trust could make it more difficult for the bank to get financing and grow. Metropolis
Capital Bank needs to have effective risk management procedures in place to stop the effects of
these risks, such as continuous monitoring, effective compliance systems, and frequent risk
assessments. In order to guarantee that everyone is aware of their responsibilities in risk
management, it should also encourage a culture of risk accountability and knowledge among all
employees. The bank can maintain its long-term profitability, preserve its excellent reputation,
and maintain its financial stability by proactively identifying, evaluating, and managing
organizational risks.

1.6.3 Recommendation for preventing risk

There are some recommendations for metropolis capital bank prevent risk.

To mitigate risk, all banks must first establish a framework for risk management; the Metropolis
Capital Bank is no exception. Make a comprehensive framework for risk management that
addresses all facets of the bank's operations. This should entail identifying, evaluating, keeping
an eye on, and reducing a range of risks, such as market, liquidity, credit, and operational risks.
Secondly, robust corporate governance is necessary to mitigate risk. The corporate governance
structure of a capital bank located in a metropolis is robust, with clearly defined positions,
functions, and reporting lines. Make sure the board of directors maintains effective control over
management and that they are held accountable for risk management practices. Additionally,
make sure that all applicable laws, regulations, and industry standards are followed by
implementing strong compliance systems. It is important to regularly examine and update
compliance policies and practices in order to stay on top of evolving regulatory requirements.
Regular risk assessments are carried out by Metropolis Capital Bank to identify operational
vulnerabilities and possible risks. This should entail assessing the effectiveness of current risk
controls and analyzing emerging hazards. Strong internal control procedures should be in place
at Metropolis Capital Bank to safeguard assets, thwart fraud, and identify irregularities. This
includes the regular conduct of internal audits, authorization protocols, and role segregation. Hire
and train competent employees who have the skills and knowledge necessary to effectively
manage risks. to ensure that employees are knowledgeable of the best risk management
practices, foster a culture of risk awareness, and provide ongoing training. Establish robust
information security policies to protect customer data, prevent data breaches, and ensure the
availability and integrity of critical systems. Tight access restrictions, encryption, frequent
security assessments, and employee awareness campaigns are also part of it. Risk prevention is
an ongoing process that necessitates ongoing review, analysis, and adjustment. By implementing
these recommendations and maintaining a strong risk management culture, Metropolitan Capital
Bank may increase its resilience and protect against a variety of hazards.

1.7 Definition of security procedure

A predefined sequence of actions that must be followed in order to fulfill a certain security task
or function is known as a security procedure. Procedures usually consist of a series of steps that
need to be followed repeatedly and consistently in order to accomplish an objective. After they
are implemented, security procedures provide an organized set of actions for handling the
organization's security concerns. This documentation will support process improvement,
auditing, and training. Procedures provide a starting point for establishing the uniformity needed
to increase internal security control and eliminate variation in security processes. Reducing
variation is another useful tactic for improving production, elevating quality, and reducing waste
in the security division.

(Source: Security procedure,2022)

1.7.1 Definition of organization security procedures.

A security protocol is a set of guidelines that must be adhered to in order to maintain security
while doing regular business operations. Security policies, standards, and guidelines collaborate
with security procedures to create a framework for safe business operations. The security
measures specified in your organization's policies can also be enabled, enforced, or put into
effect by a security procedure. All safety procedures follow security laws, guidelines, policies,
and standards. Furthermore, a company's security policy forms the foundation of its security
program.

1.7.2 Types of Organization security procedures.

There are numerous types of security Policies and procedures. From there the 2 main types of
organization security procedures are:

1. Administrative
2. Technical

01. Administrative

Both the kind of risks that should be avoided and the proper reactions to those risks are governed
by administrative regulations. At work, they are employed to stop injuries and property damage.
They achieve this by outlawing specific actions that pose a risk to employees or the workplace.
The administrative category, in contrast to the real environmental hazard, frequently concentrates
on monitoring and altering human behavior.

02. Technical

The information technology (IT) security policy of the organization acts as a guide for its culture.
Organizations and their workers are safeguarded by technical security standards, which also
specify the procedures for anyone gaining access to an organization's resources. Unauthorized
users are prevented from accessing the network and data of an organization by these policies and
procedures. Cybersecurity protocols and additional instruments are required to identify
potentially harmful vulnerabilities hidden in products.
1.8 Definition of network monitoring system

The technique of employing network monitoring software to check a computer network's

dependability and health is known as network monitoring. Performance data collected and
analyzed is usually the foundation for the topology maps and insightful reports generated by
network performance monitoring (NPM) systems. IT teams can monitor the overall health of the
network, spot warning indicators, and enhance data flow with complete access to network
elements, application performance monitoring, and related IT infrastructure thanks to this
network mapping. Whether network resources are housed on-site, in a data center, by a cloud
services provider, or as part of a hybrid ecosystem, a network monitoring system keeps an eye
out for malfunctioning parts and overloaded resources. For example, it could identify sudden
spikes in network traffic, routers and switches with a high error rate, or servers with CPU
overload. NPM software's ability to alert network managers to performance problems is
essential. Network monitoring systems also collect data to assess traffic trends, measure
performance, and verify availability. One technique to monitor for performance issues and
bottlenecks is to set up criteria that, when broken, send out instant warnings. Modern NPM
systems use machine learning (ML) to estimate normal performance across all of a network's
metrics based on the day and hour of the week, even when certain thresholds are simple static
thresholds. When NPM systems use such ML-driven baselines, the alerts they provide are often
more actionable.

(Source: network monitoring,2024)

Figure IV Network monitoring system

(Source: Avinetworks.com, 2023)

1.8.1 Types of network monitoring system

There are four types of network monitoring. Thay are

1. Availability monitoring
2. Configuration monitoring
3. Performance monitoring
4. Cloude in infrastructure monitoring

1.9 supports that can be gain through monitoring system of metropolis capital bank.

Various types can support monitoring the systems of metropolis capital bank

By regularly checking for any unexpected activity or potential security risks, the monitoring
system can strengthen the security of Metropolis Capital Bank. Unauthorized access attempts,
strange transaction patterns, and any other signs of fraud or aggressive conduct might all be
picked up by it. The solution helps to avoid security breaches and shields the bank and its clients
from any threats by promptly notifying the right authorities. The detection and prevention of
fraud depend heavily on a monitoring system. It can monitor customer behavior and transactional
data to identify fraudulent behaviors such as identity theft, account theft, and erroneous
transactions. The technology allows Metropolis Capital Bank to take prompt action, investigate
deeper, and safeguard the assets and accounts of its customers by identifying suspicious activity
or trends. Financial institutions must adhere to a variety of regulatory guidelines and standards.
The monitoring system checks transactions for any possible infractions to make sure the
Metropolis Capital Bank complies with these rules. It can identify and report suspicious activities
in compliance with regulatory authorities' guidelines, such as money laundering or financing
terrorism. The monitoring system's encouragement of compliance aids the bank in upholding
moral standards, avoiding difficulty, and preserving its reputation. The Metropolis Capital Bank
uses monitoring systems to identify and reduce operational risk. The technology can detect risk
factors, including odd trading activity, large fund transfers, or notable changes in customer
behavior, by evaluating transactional and client data. This makes it possible for the bank to
decrease potential losses, use efficient risk mitigation strategies, and manage risks proactively.
Automating transaction detection and analysis can boost the operational efficacy of the
monitoring system. Bank employees can concentrate on other vital duties by using less manual
labor to identify anomalies or possible risks. The system's real-time alerting, data visualization,
and report generation capabilities speed up decision-making and increase overall operational
effectiveness. To further safeguard the bank's clients, the technology closely monitors customer
accounts for any unusual activity. To provide an extra degree of security, it can identify illegal
access attempts, odd login patterns, or modifications to personal data. The technology assists
consumers in taking the required security measures to safeguard their accounts and sensitive data
by instantly alerting users of potential dangers and encouraging them to change their passwords
or get in touch with their bank.

The Metropolis Capital Bank's monitoring system is a vital resource for security, compliance,
risk management, fraud prevention, operational efficiency, and consumer safety. It safeguards the
bank's efficient operation while upholding the rights of the company and its customers.

1.10 Definition of security

Information technology (IT) security describes the procedures, equipment, and people that are
employed to protect a company's digital assets. Protecting these resources—devices, assets, and
services—from unauthorized users, or "threat actors," who may interfere with, steal from, or
exploit them—is the fundamental objective of IT security. These dangers may originate inside or
externally, intentionally or in advertently. A good security plan makes use of several techniques
to reduce vulnerabilities and focus on particular cyberthreats. To identify, stop, and address
security concerns, security policies, IT services, and software tools are all used. That being said,
advances in technology are advantageous to both IT security companies and cybercriminals.
Businesses need to constantly assess, improve, and upgrade security in order to protect company
assets and remain ahead of increasingly crafty hackers and threats.

Source: (Bacon & Contributor, 2023)

1.10.1 Types of security
 Physical security
 Virtual security
1.10.2 physical security

Physical security measures are a mix of tools and practices that reduce the possibility of theft,
damage, and harm to people and property. You can use physical security to safeguard anything
that you can touch. This is a catch-all term for all strategies of protecting tangible assets.

Advantages and disadvantages of physical security

Advantages Disadvantages
Physical security measures can act as a High coast
deterrent to unauthorized visitors or potential
thieves, such as access control systems,
CCTV video, and security guards.

Physical security also protects valuable assets, False sense

such as inventories and confidential
documents. Physical security measures are
also implemented to secure physical assets.

Ensuring the safety and security of clients, Limited Scope

guests, and staff is facilitated by physical
security measures.

Have a bylaw with defined standards and Potential for human error
guidelines for physical security.

Table 3 Advantage and Disadvantage of physical security

(Source: Author’s work)

1.10.3 Virtual security

Software-based security solutions created to work in a virtualized IT environment are referred to
as virtualized security solutions. Compare this to conventional hardware-based network security,
which is built on outdated technology and employs static firewalls, routers, and switches.
Advantage and disadvantage of virtual security

Advantages Disadvantage
Scalability and flexibility Complexity and technical expertise.
Rapid incident response Insider threats and human error
Compliance and regulatory requirement Coast consideration
Protecting against cyber threats Potential vulnerably and exploits
Real- time monitoring and detection Constantly evolving threat landscape
Table 4 Advantage and disadvantage of virtual security
1.11 The way physical security and virtual security impact metropolis capital bank

Physical and virtual security are equally important for securing the assets and activities of
Metropolis Capital Bank.

Physical security methods, including surveillance systems, server rooms, and datacenters, help
prevent unauthorized individuals from physically entering vital areas of the bank. These include
vaults, access controls, and perimeter protection. The Metropolis Capital Bank can help prevent
theft, damage, and unauthorized interference with the physical assets and important data of the
bank by taking this action. Physical risks like thefts, fires, and break-ins can be promptly
identified and dealt with with the aid of security cameras, fire suppression systems, and intrusion
detection systems, among other tools. Prompt detection and intervention mitigate any damage or
loss, ensuring uninterrupted business operations and safeguarding client information. Sensitive
financial data must be protected by physical security measures, per a number of statutory
frameworks and industry standards. In order to stay out of trouble with the law, avoid penalties,
and boost customer confidence in the security of their financial information, Metropolis Capital
Bank needs to meet these requirements. Customer data is protected from unauthorized access,
manipulation, and disclosure by virtual security methods such as intrusion prevention systems,
firewalls, and encryption. To safeguard client information against cyber dangers, such as data
breaches and illegal access attempts, the bank safeguards its networks, systems, and data.
Cyberattacks such as ransomware, phishing, malware, and other undesired activities are
preventable with the aid of virtual security measures. The Metropolis Capital Bank implements
stringent access controls, regular system patches, and security awareness training to reduce the
likelihood of successful cyberattacks and to guarantee the availability and integrity of its IT
infrastructure. The bank can carry on with business as usual in the case of a physical security
incident or system failure because of virtual security measures such as data backups, disaster
recovery plans, and reaction processes. By implementing these protections, Metropolis Capital
Bank can minimize downtime and guarantee that clients enjoy uninterrupted services by quickly
recovering systems and data. Metropolis Capital Bank's strong virtual security measures
demonstrate its commitment to protecting client data and maintaining the integrity of its systems.
By guaranteeing the security of online transactions, preventing identity theft, and guarding
against financial crime, Metropolis Capital Bank promotes client trust and confidence in its
services. One area's breach could have an impact on another. Therefore, it's vital to comprehend
the relationship between physical and virtual security measures. Therefore, a thorough and
integrated approach to security is required to safeguard the resources, operations, and
confidential financial data that the Metropolis Capital Bank manages.

Activity 02

2.1 Discuss the potential impact to IT security of incorrect configuration of firewall policies
and third-party VPNs.

2.1.1 Introducing about firewall

A firewall is a type of network security device that can be either hardware or software-based. It
examines all incoming and outgoing data and decides whether to accept, reject, or delete it
depending on a predefined set of security rules. Permit: Give the traffic permission. If you are
ejected, block the traffic and respond with "unreachable error". Drop: impede traffic while
leaving a note A firewall keeps safe internal networks isolated from an outside, untrusted
network, like the Internet.
Figure V Firewall

(Source: Geekflare.com,2024)

2.1.2 Types of firewalls

There are five types of firewalls in security:

 Packet Filtering firewall

 Circuit level gateway
 Application-level gateway
 Stateful inspection firewall
 Next generation firewall

2.1.3 Impact of incorrect configuration of firewall.

The improper installation of a firewall could significantly impact Metropolis Capital Bank's
security and daily operations. A firewall acts as a barrier between potential external threats and
the internal network. Incorrect firewall configuration could allow unauthorized access to the
bank's systems and confidential information. Hackers and other malicious individuals could
exploit these vulnerabilities to gain unauthorized access, steal client data, commit fraud, or
disrupt financial services. Inadequate firewall configuration could permit unwanted access to
sensitive information. Consequently, there is an increased risk of data breaches, potentially
leading to the theft of sensitive client data, such as account numbers, personal identifiers, and
financial information. These incidents could result in financial losses for the bank and its
customers, as well as damage to Metropolis Capital Bank's reputation.

Financial institutions, particularly banks, must comply with various laws and industry guidelines
concerning information security and data protection. A weak firewall could facilitate non-
compliance with these regulations, leading to fines, legal consequences, and a decline in
stakeholder and customer trust. Inadequate firewall settings could also inadvertently disrupt
essential financial services or block legitimate network traffic. Customers might be unable to
access their accounts, use online banking, or complete transactions, leading to frustration and a
loss of confidence in the bank's ability to provide reliable services, which could harm the bank's
reputation.

Firewall configuration issues can be difficult to detect and fix, potentially incurring significant
costs and effort. IT specialists might be required for troubleshooting, security audits, and
implementing corrective measures. Redirecting resources from other crucial tasks and strategic
objectives can increase operational expenses. A poorly designed firewall could also hinder
Metropolis Capital Bank from leveraging advanced technologies, integrating with other
businesses, or offering innovative solutions. Competitors might capitalize on the bank's potential
inability to respond swiftly to changing market conditions and new business opportunities.

To mitigate these risks, Metropolis Capital Bank must regularly review and update firewall
configurations, adhere to industry standards for network security, conduct frequent security
audits, and maintain continuous monitoring and maintenance of the firewall infrastructure. By
collaborating with skilled cybersecurity experts and implementing a comprehensive security
framework, the bank can enhance the security of its systems and customer data.

2.1.4 Definition of VPN

The ability to establish a secure network connection when using public networks is known as a
"virtual private network," or VPN. VPNs encrypt your internet usage and conceal your identity
online. This increases the difficulty level for third parties to track your online activities and steal
data. Encryption in real time is used.

Figure VI VPN

(Source: S-Microsoft.com, 2024)

2.1.5 Types of VPN

1. Remote access VPN

2. Site to Site VPN

1. Remote access VPN

A user can connect to a private network and remotely access all of its resources and services with
the help of a remote access VPN. The user and the private network are connected via a secure
and private link established via the Internet. Users of remote access VPNs can be both home and
business users. An employee of the company uses a VPN to connect to the private network of the
business when they are not in the office in order to access files and resources remotely. VPN
services are mostly used by private users, or users at home, to circumvent regional Internet limits
and access blocked websites. VPN services are also used by users who are worried about internet
security in order to improve their online privacy and security.

Figure VII Remote access VPN

(Source: Greyson.com, 2023)

 2. Site to site VPN

Large organizations frequently utilize Site-to-Site VPNs, also known as Router-to-Router VPNs.
Site-to-site VPN is a tool used by businesses or organizations with branch offices spread over
many sites to link the networks at each location.

 Interact based VPN: When several officers of the same company are connected using
site to site VPN types, it is called as intranet-based VPN.
 Extranet based VPN: When companies use site to site VPN type to connect to the
officer of another company, it is called as extranet based VPN.

Figure VIII Site to site VPN

(Source: Gstatic.com, 2024)

2.1.6 Advantage and Disadvantage of VPN

Advantages Disadvantage
Safeguards your data Decreases the speed of the internet connection
Protect your online privacy Cheap or free VPNs are Riky and may grab
your info.
Your IP address is concealed Premium VPN services are pricey
Serves as useful method of defense for VPN do not shield users from social media
activists in difficult environment. data archiving. Some devices are unreliable
Depends on special steps to prevent VPN are not allowed in several countries.
bandwidth restriction
Protect against DDoS attack VPN do not protect you from voluntarily
disclosing your information.
 Protect you when working remotely Decreases the speed of the internet connection
Figure IX Advantage and disadvantage of VPN
2.1.7 Impact of incorrect configuration of VPN

A badly configured virtual private network, or VPN, might be bad for Metropolis Capital Bank
in a lot of ways. Unauthorized users or hostile actors may get access to vital information and
internal systems of Metropolis Capital Bank through a VPN that has been set incorrectly. Data
theft, unlawful access to consumer information, or network infrastructure compromise might all
arise from this incident. Inadvertent disclosure of private network information might occur as a
result of an improperly configured VPN. Private information, financial transactions, or consumer
data may be compromised as a result, which might have negative financial and legal
ramifications. Strict legislative criteria, such as the General Data Protection Regulation (GDPR)
and the Payment Card Industry Data Security Standard (PCI DSS), which are outlined by the
payment card industry, must be followed by financial institutions like Metropolis Capital Bank.
These restrictions may be broken by a poorly setup VPN, putting the bank at risk of fines, legal
action, and harm to its reputation. An improperly configured VPN might disclose the network
architecture of the bank. Cybercriminals may utilize these vulnerabilities to initiate attacks, gain
unauthorized access, or take advantage of holes in the system's security protocols. An incorrectly
setup VPN might disrupt the bank's operations, jeopardizing staff productivity, customer access
to services, and business continuity as a whole. A misconfiguration might cost the bank money
and harm its reputation by causing downtime. The reputation of Metropolis Capital Bank might
be seriously harmed by a security breach or data disclosure. Consumers' mistrust in the bank's
capacity to protect their financial information might result in lower profits and make it more
difficult to draw in new business.

Metropolis Capital Bank must ensure that the VPN is configured correctly and that it is regularly
checked and validated for any potential vulnerabilities in order to lessen these effects. Such
problems may be avoided, and the bank's infrastructure and sensitive data can be safeguarded by
carrying out exhaustive security audits, adhering to industry best practices, and working with
certified network security professionals.
2.2 Discuss. Using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve network security.

2.2.1 Definition of DMZ

A demilitarized zone, or DMZ, is a perimeter network that keeps unauthorized traffic out of an
organization's internal local area network. A company can connect to erratic networks like the
internet without jeopardizing the security of its local area network (LAN) or private network by
utilizing a demilitarized zone network. Domain Name Systems (DNS), File Transfer Protocol
(FTP), communications, a third party, Telephone over the Internet Protocol (VoIP), and web
servers are a few instances of servers that companies employ to store data and provide services
that are accessible from the outside, among other things. To guarantee that these servers and
resources may be accessible over the internet but not the internal LAN, they are divided and have
limited access to the LAN. As a result, using a DMZ technique increases the difficulty of hackers
accessing.

Source: (Lutkevich, 2021)

Figure X DMZ

(Source: Ttgtmedia.com, 2021)

Example of DMZ

 Web severs
 FTP Servers
 Email Servers
 DNS servers

2.2.2 Important of DMZ

1. Security Barrier:

A company's internal network acts as a trusted network firewall between the public internet and
that organization. By separating critical internal resources like application servers, databases, and
other systems from direct internet exposure, it minimizes the attack surface and the risk of
unwanted access.

2. Protection for public – facing services:

Web servers, email servers, and file transfer protocol servers are among the services offered by
companies that need to be regularly accessible over the internet. Putting these services in the
DMZ can help you improve security. Even if the services are hacked, attackers will be restricted
to the DMZ and unable to access the internal network.

3.Containtment of Threats:

In the unfortunate event of a malware outbreak or security breach, a DMZ can stop threats from
moving laterally. If an attacker manages to breach the DMZ, their access will be restricted and
they will not be able to directly access critical resources on the internal network.

4. Enhanced network Segmentation:

The DMZ creates distinct security zones and divides different kinds of network traffic, enabling
logical network segmentation. Security administrators may more easily enforce access controls,
monitor network activities, and successfully apply security rules as a result of this isolation.
5. Simplified security management

Security managers can focus their attention on protecting a specific section of the network by
consolidating the company's services that are visible to the outside world within the DMZ. The
process of compartmentalization facilitates both security management and the identification of
possible security breaches.
6. Compliance and regulatory Requirement

Several industry regulations and data protection laws must be followed while implementing
network security measures, including the usage of DMZs. Organizations who abide by these
requirements can show that they are committed to maintaining solid security practices.

7. Redundancy and high availability

DMZs often contain redundant systems and load balancers, which can offer high availability for
services that are accessible to the general public. In the event that one server dies, other servers
can take over, reducing downtime and maintaining service continuity.

8. Incident Response and Monitoring

By monitoring network traffic entering and leaving the DMZ, security teams can identify
questionable activities and possible security breaches. This visibility is crucial for timely incident
response and the implementation of robust security measures.

2.2.3 Definition of static IP

An internet computer's address on the internet is represented by a 32-bit number called a static IP
address. What looks like a dotted quadrilateral is the number that an internet service provider
(ISP) would often give to you. An internet protocol address, or IP address, serves as a device's
distinct identity when it is connected to the internet. Similar to how individuals use phone
numbers to discover and contact one another over the phone, computers use IP addresses to
locate and communicate with one another online. You may use an IP address to learn more about
the region and the hosting company.

(Source: Gillis 2020)

Example for static IP

The author's home server is set up to 192.1688.1.10, the primary laptop to 192.168.1.11, and so
on. These configurations are simple to remember, rational, and consistent. By changing the
network settings on each computer in Windows, for example, the client can assign these static IP
addresses directly to the device. Alternatively, the client can allocate them at the router level.
Figure XI Example for IP Address

(Source: JasonGerend,2018)

2.2.4 Definition of NAT

A service known as "Network Address Translation" (NAT) allows private IP networks to access
the internet and cloud. NAT changes private IP addresses within an internal network to public IP
addresses prior to packets being sent to an external network.

Figure XII NAT

(Source: What is Network Address Translation,2024)

Types Of NAT
 Class A: 10.0.0.0 - 10.255.255.255 (10.0.0.0 / 8)
 Class B: 172.16.0.0 - 172.31.255.255 (172.16.0.0/12
 Class C: 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)

2.2.5 Static NAT

Using static NAT, routers and firewalls convert a single private IP address to a single public IP
address. Every private IP address has a unique public IP address given to it. Static NAT is not
widely used since it needs one public IP address for each private IP address. Three actions must
be taken in order to configure static NAT:

1. Configure Privet/public IP address mapping by using the ip nat inside source static
PRIVATE_IP_PUBLIC_IP command.
2. Configure the router s inside interface using the ip nat inside command
3. Configure the routers outside interface using the ip nat outside command

Figure XIII Example for Static NAT

(Source: uprivik,2023)