BIT 2317

QUESTION ONE (30 MARKS)

(a) Describe briefly the following as used in computer security:

(i) Malware: Malware, short for "malicious software," refers to any software designed to harm,
disrupt, or gain unauthorized access to computer systems, networks, or data. It includes various types
such as viruses, worms, Trojans, and ransomware.

(ii) Hackers: Hackers are individuals who possess advanced technical skills and expertise in computer
systems. They can be categorized as "white hat" (ethical) hackers who improve security, "black hat"
hackers who engage in malicious activities, and "grey hat" hackers who fall in between.

(iii) Virus: A virus is a type of malware that attaches itself to legitimate programs or files. Once executed,
it can replicate and spread throughout a computer system, often causing damage by modifying or
destroying data.

(iv) Worms: Worms are a self-replicating type of malware that spread across computer networks without
requiring human interaction. They exploit vulnerabilities to create copies of themselves and can consume
network resources, slowing down systems.

(v) Spyware: Spyware is a type of malware designed to covertly gather information from a user's device.
It monitors activities, captures sensitive data, and transmits it to malicious actors.

(b) Common security goals in computer security include:

1. **Confidentiality**: This goal focuses on keeping sensitive information private and preventing
unauthorized access. Encryption is commonly used to ensure that only authorized parties can access the
data.

2. **Integrity**: Ensuring data integrity means that information remains accurate and unaltered during
storage, transmission, or processing. Techniques like hashing and digital signatures help verify the
integrity of data.

3. **Availability**: This goal aims to ensure that computer systems and data are accessible and usable
when needed. Measures like redundancy, backup systems, and load balancing help maintain system
availability even during disruptions.

4. **Authentication**: Authentication verifies the identity of users or entities trying to access a system.
Passwords, biometrics, and multi-factor authentication are used to establish the authenticity of users.

5. **Authorization**: Once a user is authenticated, authorization defines what actions or resources they
are allowed to access. Access control mechanisms ensure that users only have access to the resources they
are authorized to use.

1
 BIT 2317
6. **Non-repudiation**: Non-repudiation ensures that a sender cannot deny sending a message and a
receiver cannot deny receiving it. Digital signatures and timestamps provide evidence of the origin and
receipt of messages.

7. **Accountability**: Accountability involves tracking and logging actions performed on a system. It

helps identify who performed what actions, which can aid in investigating security breaches and ensuring
responsible behavior.

8. **Auditability**: Auditability allows for the review and analysis of security measures, logs, and events
to identify vulnerabilities or breaches. It supports ongoing monitoring and improvement of security
practices.

These security goals collectively contribute to creating a robust and comprehensive security posture for
computer systems and networks.

(c) Explain the three main countermeasures used to stop threats. [4 marks]
Certainly! The three main countermeasures used to stop threats in computer security are:

1. **Preventive Countermeasures**: These measures are designed to proactively prevent threats from
occurring. They aim to eliminate or reduce vulnerabilities in a system to make it less susceptible to
attacks. Examples include using firewalls to block unauthorized access, keeping software up to date to
patch known vulnerabilities, and employing strong authentication methods to prevent unauthorized
access.

2. **Detective Countermeasures**: Detective countermeasures focus on identifying and detecting threats

that have already breached the system's defenses. They involve monitoring system activities and
behaviors to identify unusual or suspicious patterns. Intrusion detection systems, security logs, and
anomaly detection algorithms are used to detect and raise alarms about potential threats.

3. **Corrective Countermeasures**: Once a threat has been identified, corrective countermeasures aim to
mitigate the impact and restore the system to a secure state. This involves responding to incidents,
isolating affected systems, removing malware, and recovering compromised data. Backup and disaster
recovery plans play a crucial role in corrective measures by allowing organizations to restore systems and
data to a known good state.

By employing a combination of preventive, detective, and corrective countermeasures, organizations can

establish a layered defense strategy that addresses a wide range of potential threats and helps maintain the
security and integrity of their computer systems and data.

(d) Employees are the people who can be dangerous to a systems explain. [3 marks]

Employees can pose potential risks to computer systems due to various reasons:

1. **Insider Threats**: Employees have access to sensitive data and critical systems. In some cases,
disgruntled employees or those with malicious intent may misuse their privileges to steal, manipulate, or
leak confidential information. This insider access makes it challenging to detect and prevent such threats.

2
 BIT 2317
2. **Accidental Actions**: Employees might unknowingly compromise security through unintentional
actions. For instance, clicking on phishing emails, downloading malware, or misconfiguring system
settings can inadvertently expose systems to threats. These actions can result from lack of awareness or
inadequate training.

3. **Lack of Awareness**: Employees might not fully understand the importance of security practices,
such as creating strong passwords, avoiding sharing credentials, or following safe browsing habits. Their
lack of awareness can lead to weak points that attackers can exploit.

4. **Social Engineering**: Attackers often target employees using social engineering tactics,
manipulating them into divulging sensitive information or performing actions that compromise security.
This can include tactics like pretexting, phishing, or baiting.

To mitigate these risks, organizations should implement robust security policies, conduct regular
employee training on security awareness, enforce access controls and least privilege principles, and
establish monitoring mechanisms to detect and respond to suspicious activities.

(e) Discuss briefly cyber-crime. [2 marks]

Cybercrime refers to criminal activities carried out using digital technologies and the internet. It
encompasses a wide range of illegal actions that exploit vulnerabilities in computer systems, networks,
and user behavior. Some common forms of cybercrime include:

1. **Hacking and Unauthorized Access**: This involves gaining unauthorized access to computer
systems or networks with the intent of stealing sensitive data, causing disruptions, or carrying out
malicious activities.

2. **Phishing**: Phishing attacks use deceptive emails, messages, or websites to trick individuals into
revealing personal information, such as passwords, credit card numbers, or account credentials.

3. **Malware Attacks**: Malicious software, or malware, includes viruses, worms, Trojans, and
ransomware. These programs are designed to infect computers and devices, causing data breaches,
financial losses, or system disruptions.

4. **Ransomware**: Ransomware encrypts a victim's data and demands a ransom payment in exchange
for the decryption key. If the ransom is not paid, the victim's data remains locked.

5. **Identity Theft**: Cybercriminals steal personal information to impersonate victims, conduct

fraudulent transactions, or commit other crimes under their identity.

6. **Cyberbullying and Harassment**: Online platforms can be used for bullying, harassment, and
spreading hate speech, causing emotional distress and psychological harm.

7. **Data Breaches**: Hackers gain unauthorized access to databases containing sensitive user data, such
as credit card information, passwords, and personal details. This stolen data is often sold on the black
market or used for further cybercrimes.

8. **Denial of Service (DoS) Attacks**: These attacks flood a network or website with excessive traffic,
causing it to become unavailable or slow down significantly.

3
 BIT 2317

9. **Online Fraud**: Cybercriminals engage in various forms of fraud, such as credit card fraud,
investment scams, and online auction fraud, to deceive victims into providing money or valuable
information.

10. **Cyber Espionage**: Nation-states, corporate entities, or individuals engage in cyber espionage to
steal sensitive information, trade secrets, and intellectual property for political, economic, or competitive
advantage.

11. **Child Exploitation**: Criminals may use the internet to distribute and trade explicit material
involving minors, contributing to the exploitation and abuse of children.

To combat cybercrime, organizations and individuals need to implement robust cybersecurity measures,
stay informed about emerging threats, regularly update software and systems, use strong authentication
methods, and educate themselves about safe online practices. Additionally, law enforcement agencies and
international collaborations play a crucial role in investigating and prosecuting cybercriminals.

(f) Risk to computer security can apply to a number of people. Using examples,
explain.
[4 marks]
Certainly, computer security risks can affect various individuals and entities. Here are some examples:

1. **Individual Users**: Everyday users can face risks such as identity theft through phishing attacks,
malware infections from downloading malicious files, and financial losses due to online scams or
unauthorized access to bank accounts.

2. **Employees**: Employees may inadvertently contribute to security risks by clicking on malicious

links in emails, using weak passwords, or mishandling sensitive company data, leading to data breaches
or exposing internal systems to attackers.

3. **Businesses and Organizations**: Companies can experience financial losses due to cyberattacks,
suffer reputational damage from data breaches, and face legal consequences if they fail to protect
customer or employee data adequately.

4. **Government Agencies**: Government entities may face cyber espionage attacks aiming to steal
classified information, disrupt critical infrastructure, or compromise national security.

5. **Healthcare Providers**: Cyberattacks on healthcare organizations can lead to the theft of patient
records, compromising individuals' medical history and personal data.

6. **Financial Institutions**: Banks and financial institutions are targeted for financial gain, with risks
ranging from unauthorized transactions and theft of customer data to ransomware attacks that could
disrupt operations.

7. **Critical Infrastructure**: Attacks on critical infrastructure, such as power grids, water treatment
plants, and transportation systems, can have far-reaching consequences, impacting public safety and the
economy.

4
 BIT 2317
8. **Educational Institutions**: Schools and universities may be targeted for student data, financial
records, and research information, leading to breaches of confidentiality and intellectual property theft.

9. **Non-Profit Organizations**: Non-profits can be vulnerable to attacks seeking to exploit donor

information or disrupt their operations, affecting their ability to provide services.

10. **Individual Privacy Advocates**: Individuals advocating for online privacy and security might be
targeted by cybercriminals or state-sponsored attackers seeking to silence or intimidate them.

11. **Developers and Software Companies**: Software vulnerabilities can be exploited to compromise
the security of applications, potentially leading to data breaches or unauthorized access.

12. **Consumers**: Consumers face risks when their personal information, such as credit card details or
addresses, is stolen from online retailers, leading to financial loss and potential identity theft.

These examples highlight the wide-ranging impact of computer security risks, affecting individuals,
organizations, and even society as a whole. It underscores the importance of taking proactive measures to
mitigate and manage these risks effectively.

(g) Clearly differentiate between firewalls and gateways. [4 marks]

Certainly, let's differentiate between firewalls and gateways:

**Firewall**:
A firewall is a network security device or software that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. Its primary purpose is to create a barrier between a
trusted internal network and untrusted external networks, such as the internet. Firewalls can be hardware
appliances or software solutions installed on servers, routers, or computers. They operate at the network
level, examining data packets and deciding whether to allow or block them based on defined security
policies.

Firewall Functions:
- Controls access to and from a network based on rules, typically defined by IP addresses, ports, and
protocols.
- Filters traffic to prevent unauthorized access, malware, and attacks from reaching the internal network.
- Provides Network Address Translation (NAT) to hide internal IP addresses from external networks.
- Can be configured to allow or deny specific services or applications.

**Gateway**:
A gateway is a more general term that refers to a hardware or software component that connects two
different networks, allowing them to communicate and share data. Gateways can function at various
layers of the networking stack, including the application, transport, and network layers. They often serve
as intermediaries or translators between networks with different protocols, addressing schemes, or
communication requirements.

Gateway Functions:
- Translates protocols to enable communication between networks that use different communication
standards.

5
 BIT 2317
- Provides interfaces for different types of networks, such as a local area network (LAN) to a wide area
network (WAN).
- Can perform security functions, such as content filtering, antivirus scanning, and intrusion detection, in
addition to facilitating communication.

In summary, a firewall is a specific type of network security device that enforces security policies to
control traffic flow between networks, focusing on access control and protection against threats. A
gateway, on the other hand, is a more general networking term that refers to a point of entry or exit
between networks, often performing protocol translation or providing connectivity between different
types of networks. Firewalls can be considered a subset of gateways with a primary focus on security
enforcement.

(h) With the invent of social media platforms, how do you think they can be part of
influencing computer security problems. [4 marks]

QUESTION TWO (20 MARKS)

(a) Describe using examples any four security control measures. [10 marks]

(b) Discuss the types of damage that can be done to computer system. [10 marks]
Various types of damage can be inflicted upon computer systems, compromising their integrity,
availability, and confidentiality. Here are some types of damage:

1. **Data Loss or Corruption**:

- Accidental Deletion: Users can inadvertently delete critical files or data.
- Data Corruption: Errors in storage or transmission can corrupt data, rendering it unusable.
- Malware: Malicious software like viruses and ransomware can encrypt or destroy data.

2. **Malware Infections**:
- Viruses: Attach themselves to legitimate files and spread when those files are executed.
- Worms: Replicate and spread across networks, causing congestion and consuming resources.
- Trojans: Disguise themselves as legitimate software but perform malicious actions, like stealing data
or providing backdoor access.

3. **Denial of Service (DoS) Attacks**:

- Flood a system or network with excessive traffic, rendering it unavailable to users.
- Distributed Denial of Service (DDoS) attacks use multiple compromised devices to amplify the
attack's impact.

4. **Ransomware**:
- Encrypts files on a victim's system, demanding a ransom payment for the decryption key.
- Can lead to data loss, financial extortion, and disruptions to business operations.

5. **Unauthorized Access and Breaches**:

- Hackers gaining unauthorized access to systems, networks, or databases.
- Data breaches involve the theft of sensitive information, leading to privacy violations and potential
identity theft.

6
 BIT 2317

6. **Phishing and Social Engineering**:

- Phishing emails trick users into revealing personal information, passwords, or financial details.
- Social engineering manipulates individuals into divulging confidential information or performing
actions they shouldn't.

7. **Physical Damage**:
- Hardware failures due to power surges, overheating, or other physical issues.
- Theft or damage to computer equipment can disrupt operations and compromise data.

8. **Insider Threats**:
- Employees or insiders with access to systems can intentionally or unintentionally compromise
security.
- Disgruntled employees might leak sensitive information or sabotage systems.

9. **Intellectual Property Theft**:

- Theft of proprietary information, trade secrets, or sensitive research data can harm organizations'
competitive advantage.

10. **Cyber Espionage**:

- State-sponsored or corporate actors target systems to steal classified information, research, or
intellectual property.

11. **Financial Loss**:

- Cybercriminals can carry out fraud, unauthorized transactions, or investment scams, resulting in
monetary losses.

12. **Reputation Damage**:

- Publicized security breaches can erode customer trust, damage reputation, and result in loss of
business.

Protecting against these types of damage involves implementing robust security measures, including
regular updates, firewalls, intrusion detection systems, employee training, encryption, and proactive
monitoring.

QUESTION THREE (20 MARKS)

(a) Describe the top ten database security threats. [10 marks]

Certainly, here are descriptions of the top ten database security threats:

1. **SQL Injection**:
Attackers insert malicious SQL code into input fields, exploiting vulnerabilities to gain unauthorized
access to the database or execute arbitrary commands.

2. **Data Breaches**:

7
 BIT 2317
Unauthorized access to sensitive data, often through stolen credentials or weak access controls, can lead
to data leaks, identity theft, and financial losses.

3. **Insider Threats**:
Malicious or negligent insiders, such as employees or contractors, can abuse their access to steal,
modify, or leak data.

4. **Unprotected Backup Data**:

Neglecting to secure backup copies of databases can expose them to unauthorized access, leading to
data breaches or loss.

5. **Insecure Authentication and Authorization**:

Weak or poorly managed authentication methods and inadequate authorization controls can lead to
unauthorized access to sensitive data.

6. **Inadequate Encryption**:
Failing to encrypt sensitive data at rest or during transmission leaves it vulnerable to interception and
theft.

7. **Weak Access Controls**:

Poorly configured or mismanaged access controls can lead to users having excessive privileges,
increasing the risk of data misuse.

8. **Misconfiguration**:
Improperly configured databases can expose sensitive data to the internet or allow unintended access,
compromising security.

9. **Denial of Service (DoS)**:

Attackers can overload the database with requests, causing system slowdowns or crashes, leading to
service disruptions.

10. **Lack of Monitoring and Auditing**:

Without proper monitoring and auditing, suspicious activities can go unnoticed, enabling attackers to
exploit vulnerabilities undetected.

To counter these threats, organizations should implement multi-layered security measures, including
regular security assessments, access controls, encryption, intrusion detection, and comprehensive security
policies. Regular employee training and keeping database software up to date are also crucial for
maintaining database security.

(b) Vulnerability to a system can be either physical, natural, hardware/software or

human. Discuss. [10 marks]

QUESTION FOUR (20 MARKS)

(a) Discuss the five principles of risk management. [10 marks

8
 BIT 2317
Certainly, the five principles of risk management provide a framework for identifying, assessing, and
mitigating risks in a systematic and effective manner:

1. **Risk Identification**:
This involves identifying potential risks that could impact an organization's objectives, projects, or
operations. It requires a comprehensive review of processes, assets, and potential threats. Risk
identification can be facilitated through brainstorming sessions, historical data analysis, and expert input.

2. **Risk Assessment**:
After identifying risks, the next step is to assess their potential impact and likelihood. This helps
prioritize risks based on their significance. Risk assessment involves quantifying and qualifying risks to
determine which ones require immediate attention and which ones can be managed over time.

3. **Risk Evaluation**:
In this phase, the assessed risks are compared to risk criteria or thresholds established by the
organization. This evaluation helps determine if the identified risks are acceptable or if further action is
required. Risks that exceed the established criteria may require mitigation strategies, while those within
acceptable limits might be monitored or accepted as part of the organization's risk appetite.

4. **Risk Mitigation**:
Risk mitigation involves developing and implementing strategies to reduce the impact or likelihood of
identified risks. Mitigation measures could include implementing security controls, improving processes,
enhancing employee training, or transferring the risk through insurance. The goal is to minimize the
potential negative consequences of risks.

5. **Risk Monitoring and Review**:

Risk management is an ongoing process. Regular monitoring and review of identified risks, their
effectiveness, and changes in the risk landscape are essential. If new risks emerge or existing risks evolve,
adjustments to mitigation strategies may be necessary. This phase ensures that the risk management
process remains current and adaptive.

These five principles guide organizations in making informed decisions about managing risks effectively.
By following these principles, organizations can create a structured approach to identify, assess, and
manage risks, ensuring that they are better equipped to handle uncertainties and maintain resilience in the
face of potential challenges.]

(b) Describe the organizational security policies towards security planning.

[10 marks]

Organizational security policies play a crucial role in security planning by providing a framework for
establishing and maintaining effective security practices within an organization. These policies outline
guidelines, rules, and responsibilities to ensure consistent and comprehensive security measures.
Here's how organizational security policies contribute to security planning:

1. **Defining Objectives and Goals**:

Security policies outline the organization's security objectives and goals. These goals align with the
organization's overall mission and help set the direction for security planning efforts.

9
 BIT 2317

2. **Risk Assessment and Management**:

Policies define how risk assessment and management processes should be conducted. They specify
the criteria for identifying, assessing, and prioritizing risks, ensuring that security planning is aligned
with the organization's risk appetite.

3. **Roles and Responsibilities**:

Policies assign roles and responsibilities for security planning and implementation. They specify
who is accountable for various security tasks, such as risk assessment, incident response, and user
access management.

4. **Access Control and Authorization**:

Security policies detail access control measures, including user authentication, authorization levels,
and data access restrictions. This ensures that security planning includes robust mechanisms for
controlling user access to sensitive information.

5. **Incident Response**:
Organizational policies outline the procedures for responding to security incidents, including
reporting, investigation, and mitigation steps. Security planning incorporates these procedures to
ensure a coordinated and effective response to potential incidents.

6. **Data Protection and Privacy**:

Policies define how sensitive data should be handled, stored, transmitted, and protected. Security
planning includes strategies to safeguard sensitive information, such as encryption, data classification,
and data retention policies.

7. **Compliance and Legal Requirements**:

Organizational policies ensure that security planning aligns with legal and regulatory requirements.
This includes industry standards, data protection regulations, and other compliance obligations.

8. **Employee Training and Awareness**:

Policies emphasize the importance of security training and awareness programs for employees.
Security planning includes the development and implementation of training initiatives to educate
employees about security best practices.

9. **Vendor and Third-Party Management**:

Policies provide guidelines for assessing and managing security risks associated with third-party
vendors. Security planning involves evaluating the security practices of vendors and incorporating
necessary safeguards.

10. **Technology and Infrastructure Guidelines**:

Policies offer guidelines for the use of technology, software, and hardware. Security planning
includes evaluating and selecting secure technologies that align with the organization's needs.

Overall, organizational security policies guide security planning by providing a structured approach to
addressing security challenges and aligning security practices with the organization's goals and
objectives.

10
 BIT 2317

. Distinguish between “passive” and “Active” security threats. (4 marks)

In summary, passive threats focus on unauthorized data gathering without altering the original content,
while active threats involve actions that actively manipulate, destroy, or disrupt systems and data.
Both types of threats pose significant risks to the security and integrity of computer systems and
networks.

c. Outline any four vulnerabilities to computer infrastructure. (4 marks)

Certainly, here are four vulnerabilities that can affect computer infrastructure:

1. **Software Vulnerabilities**: Flaws or weaknesses in software applications or operating systems

that can be exploited by attackers. These vulnerabilities could allow unauthorized access, data
breaches, or even the execution of malicious code. Regular software updates and patches are essential
to address these vulnerabilities.

2. **Network Vulnerabilities**: Weaknesses in network configurations that could be exploited to gain

unauthorized access or launch attacks. These vulnerabilities might include open ports, misconfigured
firewalls, and insecure protocols. Implementing strong network security measures, such as firewalls
and intrusion detection systems, can help mitigate these risks.

3. **Human Factors**: Human errors or negligence can lead to vulnerabilities. Examples include
weak passwords, sharing sensitive information, falling for phishing attacks, and improper handling of
data. Educating users about cybersecurity best practices and enforcing strong password policies can
reduce these risks.

4. **Hardware Vulnerabilities**: Flaws or weaknesses in hardware components, including processors,

memory modules, and storage devices. Vulnerabilities like "Spectre" and "Meltdown" demonstrated
how hardware vulnerabilities can be exploited to access sensitive data. Manufacturers releasing
firmware updates can help address these issues.

These vulnerabilities highlight the importance of proactive cybersecurity measures to protect

computer infrastructure from potential threats and attacks.

d. Explain the need of a firewall in the context of network security.

(4 marks)

e. Explain the term “Public Key Infrastructure” (4 marks)

Public Key Infrastructure (PKI) is a comprehensive framework that manages the creation, distribution,
storage, and revocation of digital certificates and keys for secure communication, authentication, and
data encryption. PKI employs a pair of cryptographic keys: a public key and a private key. Here's a
breakdown of PKI:

Public Key and Private Key Pair:

PKI utilizes asymmetric cryptography, where each entity (user, device, server) possesses a pair of
cryptographic keys
f. Describe the term “malware”. (4 marks)

g. Explain the term “off-site” security. (4 marks)

11
 BIT 2317
"Off-site" security refers to the measures and strategies implemented to protect data, assets, or
resources outside of the primary physical or digital location where they are normally housed or
managed. This approach aims to ensure the safety and availability of critical information or services
even in the event of disasters, emergencies, or unexpected incidents affecting the primary location.
Here are a few key points to understand about off-site security:

1. **Disaster Recovery and Business Continuity**: Off-site security is closely tied to disaster
recovery and business continuity planning. Organizations establish off-site locations, often
geographically distant from their primary site, to store backups, redundant systems, and data copies.
This ensures that operations can continue even if the primary site becomes unavailable due to natural
disasters, fires, or other catastrophic events.

2. **Data Replication**: To achieve data redundancy and availability, organizations replicate data in
real-time or at regular intervals to off-site locations. This ensures that in the event of data loss or
corruption at the primary site, a recent copy of the data can be restored from the off-site location.

3. **Cloud Services**: Cloud computing plays a significant role in off-site security. Organizations
can store data and run applications on remote cloud servers, allowing for data recovery, access, and
business operations from virtually anywhere with an internet connection.

4. **Security Measures**: While off-site locations provide data protection, they must also be secured
against unauthorized access. This involves implementing encryption, access controls, and other
security measures to safeguard the data stored off-site.

5. **Testing and Maintenance**: Regular testing and maintenance of off-site backup systems and
disaster recovery plans are essential to ensure their effectiveness. Periodic drills and simulations help
organizations identify weaknesses and improve their response capabilities.

6. **Regulatory Compliance**: In some industries, regulatory requirements mandate that

organizations have off-site security measures in place to protect sensitive customer data and maintain
service availability.

In summary, off-site security involves planning, strategies, and infrastructure to ensure data
availability, business continuity, and disaster recovery by maintaining redundant resources at remote
locations. This approach helps organizations minimize risks and maintain operations even in the face
of unexpected disruptions.

QUESTION TWO

a. Explain any four threats in a packet switched network. (8 marks)

Certainly! In a packet-switched network, data is divided into packets that are transmitted separately
and reassembled at the destination. However, this method introduces several potential threats to the
network's security and integrity. Here are four common threats in a packet-switched network:

Packet Sniffing and Eavesdropping:

Attackers can intercept and capture packets as they traverse the network. This allows them to gather
sensitive information, such as passwords, confidential data, or intellectual property. Packet sniffing
tools or devices can be used to monitor network traffic and extract valuable information.

12
 BIT 2317

Packet Modification and Tampering:

Attackers may modify the content of packets in transit to alter the information being sent. This can
lead to data corruption, unauthorized access, or even the insertion of malicious code. Packet
modification attacks can disrupt communication, compromise data integrity, and create security
vulnerabilities.

Packet Flooding and Denial of Service (DoS):

Attackers can flood the network with a high volume of packets, overwhelming network resources and
causing network congestion. This leads to slow or unresponsive network services, effectively denying
legitimate users access. Distributed Denial of Service (DDoS) attacks involve multiple compromised
systems to amplify the attack's impact.

Packet Fragmentation and Reassembly Attacks:

Packet fragmentation involves breaking larger packets into smaller fragments for transmission.
Attackers can exploit this process by sending maliciously crafted fragments that, when reassembled at
the destination, create unintended effects or

network error

1/2

b. Explain the term “Non-repudiation” in the context of online transactions and explain how
digital signatures can address this. (12 marks)

**Non-repudiation** in the context of online transactions refers to the assurance that the parties
involved in a transaction cannot later deny their involvement or the validity of the transaction. It
prevents either the sender or the receiver from denying that they sent or received a message or
performed a specific action. Non-repudiation ensures accountability and trust in digital
communications and transactions.

**Digital Signatures** play a vital role in achieving non-repudiation. A digital signature is a

cryptographic technique that provides authenticity and integrity to a digital message or document.
Here's how digital signatures address the issue of non-repudiation:

1. **Authentication of Sender**:
When a sender attaches a digital signature to a message or document, it verifies their identity and
confirms their role in the transaction. The sender's private key is used to create the digital signature,
and the corresponding public key is used by the recipient to verify the signature's authenticity.

2. **Integrity of Data**:

13
 BIT 2317
Digital signatures also ensure the integrity of the data. If any part of the signed message is altered in
transit, the digital signature will no longer match, indicating that the message has been tampered with.

3. **Non-Repudiation of Origin**:
The sender cannot later deny having sent the message, as the digital signature provides evidence of
their involvement. The recipient can provide the digitally signed message as proof that the sender
indeed sent the message.

4. **Non-Repudiation of Receipt**:
On the recipient's end, the digital signature confirms that the message has not been altered since it
was signed by the sender. This prevents the recipient from denying receipt of the original, unaltered
message.

5. **Timestamps and Third Parties**:

To enhance non-repudiation further, timestamps can be added to digital signatures, providing
evidence of when the signature was created. Additionally, trusted third parties (like a Timestamp
Authority) can provide time-stamping services to verify the time of signing.

6. **Public Key Infrastructure (PKI)**:

PKI plays a crucial role in enabling digital signatures and non-repudiation. Certificate Authorities
(CAs) issue digital certificates that bind a public key to an individual or entity, verifying their identity.
These certificates are used for creating and verifying digital signatures.

In summary, digital signatures ensure non-repudiation in online transactions by authenticating the

sender, validating the integrity of the data, and providing evidence that the sender cannot deny their
involvement. This helps build trust and accountability in digital communication and transactions.

QUESTION THREE

a. Explain any five controls you may institute to safeguard against the entry of invalid data into
your database. (10 marks)

b. Discuss any five Non-intentional threats to computer systems (10 marks)

Non-intentional threats, often referred to as "accidental threats" or "unintentional threats," are risks
that arise from errors, mistakes, or negligence rather than malicious intent. These threats can still have
significant consequences for computer systems and data. Here are five common non-intentional
threats to computer systems:

1. **Human Errors**:
Human errors are a major source of unintentional threats. These errors can include accidental
deletion of important files, misconfiguration of systems or security settings, and input mistakes that
lead to data corruption. Human errors can have far-reaching effects, potentially compromising data
integrity and availability.

2. **Software Bugs and Glitches**:

Software bugs, programming errors, and glitches can cause unintended system behavior, crashes, or
data corruption. These issues can stem from coding mistakes, insufficient testing, or compatibility

14
 BIT 2317
problems with other software components. A poorly designed application can lead to unintended
vulnerabilities that attackers might exploit.

3. **Hardware Failures**:
Hardware components can fail due to manufacturing defects, wear and tear, or environmental
factors. Disk drives, memory modules, power supplies, and other critical components can malfunction,
leading to data loss, system crashes, and downtime. Redundancy and regular hardware maintenance
help mitigate the impact of hardware failures.

4. **Natural Disasters**:
Natural disasters such as earthquakes, floods, fires, and hurricanes can damage or destroy physical
infrastructure, including data centers and servers. This can result in data loss and prolonged system
downtime. Disaster recovery and off-site backups are crucial to minimize the impact of such events.

5. **Power Outages and Electrical Issues**:

Power outages, voltage fluctuations, and electrical surges can disrupt computer systems and damage
hardware components. Abrupt power loss can lead to file corruption and data loss if systems aren't
shut down properly. Uninterruptible power supplies (UPS) and surge protectors can mitigate these
risks.

6. **Data Transmission Errors**:

During data transmission, errors can occur due to network congestion, interference, or signal
degradation. These errors can lead to data corruption, incomplete transfers, or miscommunication
between systems.

Non-intentional threats underscore the importance of proactive measures such as data backups,
redundancy, regular maintenance, and training to reduce the likelihood of accidents and mitigate the
impact of these threats on computer systems.

QUESTION FOUR

a. Define the term “authentication” and outline 3 types of credentials that can be used to
authenticate a person to a system. (12 marks)
**Authentication** is the process of verifying the identity of a person, system, or entity to ensure that
they are who they claim to be. It is a fundamental aspect of security used to control access to
resources, systems, or information. Authentication methods typically involve the presentation of
credentials, which are pieces of information that help confirm the identity of the user. Here are three
types of credentials that can be used for authentication:

1. **Knowledge-Based Credentials**:
These credentials involve something the user knows, such as a password or a PIN. The user must
provide the correct password or PIN to gain access. However, the effectiveness of this method
depends on users choosing strong and unique passwords and not sharing them with others. Weak
passwords or password reuse can compromise security.

2. **Possession-Based Credentials**:
Possession-based credentials involve something the user possesses, such as a physical device or a
token. Examples include:

15
 BIT 2317
- **Smartcards**: Small cards containing a microchip that stores authentication information.
- **One-Time Password (OTP) Tokens**: Devices that generate temporary passwords that are valid
for a single use or a short period.
- **Mobile Devices**: Using a smartphone to receive verification codes via SMS or authenticator
apps.

3. **Inherence-Based Credentials (Biometrics)**:

Inherence-based credentials involve unique physical or behavioral characteristics of the user.
Biometric authentication includes:
- **Fingerprint Recognition**: Analyzing the unique pattern of ridges and valleys on a person's
fingertip.
- **Face Recognition**: Analyzing facial features to identify individuals.
- **Voice Recognition**: Analyzing the unique characteristics of a person's voice.
- **Iris or Retina Scans**: Analyzing patterns in the iris or retina of the eye.

Each type of credential has its strengths and weaknesses. Combining multiple factors, known as multi-
factor authentication (MFA), can enhance security. For instance, using both a password (knowledge-
based) and a fingerprint scan (inherence-based) provides an extra layer of authentication, making it
more difficult for unauthorized users to gain access. The choice of authentication method depends on
factors like security requirements, convenience, user behavior, and the level of risk associated with the
system or resource being protected.

b. Define the term “authorization” and illustrate how an access control matrix can be used to
effect authorization to a system. (8 marks)
**Authorization** refers to the process of granting or denying access to specific resources,
functionalities, or actions based on the identity, privileges, and permissions of users. It determines
what a user is allowed to do within a system or application after they have been authenticated.
Authorization ensures that users have appropriate access rights and restrictions to maintain security
and prevent unauthorized actions.

**Access Control Matrix**:

An access control matrix is a table that maps subjects (users, processes) to objects (resources, files)
and defines the types of access rights each subject has over each object. It provides a clear overview of
the permissions granted to various users or groups within a system.

Here's an example of how an access control matrix can be used to effect authorization:

Consider a simple file-sharing system with three users (Alice, Bob, and Carol) and three files (File1,
File2, and File3). The access control matrix might look like this:

| | File1 | File2 | File3 |

|--------|-------|-------|-------|
| Alice | Read | Write | Read |
| Bob | Write | Read | Write |
| Carol | Read | Read | Write |

In this matrix:
- Alice can read File1 and File3, and write to File2.

16
 BIT 2317
- Bob can read File2 and File3, and write to File1.
- Carol can read File1 and File2, and write to File3.

This matrix represents the authorization policies for the system. When Alice tries to read File2, the
system consults the matrix and sees that Alice is not authorized to read File2. Therefore, the system
denies the access request. Similarly, when Bob wants to write to File2, the system checks the matrix
and grants access since Bob is authorized to write to File2.

The access control matrix provides a clear and structured way to manage and enforce authorization
policies. It ensures that users are only granted access to the resources and actions that align with their
permissions, contributing to the security and integrity of the system.

QUESTION FIVE
Explain the following terms in the context of security:- (12 marks)

**i. Phishing Attack**:

Phishing is a type of cyberattack where attackers impersonate legitimate entities, often through emails,
messages, or websites, to trick recipients into revealing sensitive information such as passwords,
credit card details, or personal information. These messages appear authentic, but they contain
malicious links or attachments designed to steal data or install malware.

**ii. Pharming**:
Pharming is a cyberattack that redirects users to fraudulent websites without their knowledge.
Attackers manipulate DNS (Domain Name System) records or compromise routers to send users to
fake websites that mimic legitimate ones. Users unknowingly enter their credentials, thinking they're
on a legitimate site, but their sensitive information is then captured by the attackers.

**iii. SQL Injection**:

SQL injection is a type of attack where malicious SQL queries are injected into input fields of a web
application to manipulate the database and potentially gain unauthorized access to data. If the
application doesn't properly sanitize user inputs, attackers can exploit vulnerabilities to execute
unintended SQL commands.

**iv. Identity Theft**:

Identity theft involves the unauthorized acquisition and use of another person's personal or financial
information for fraudulent purposes. Cybercriminals can use stolen information to impersonate
victims, make unauthorized transactions, or commit other crimes under the victim's name.

**v. SSL (Secure Sockets Layer)**:

SSL is a protocol that provides secure communication over the internet by encrypting data transmitted
between a user's browser and a website's server. It ensures that the information exchanged, such as
login credentials and payment details, remains confidential and cannot be easily intercepted by
malicious actors.

**vi. Penetration Testing**:

Penetration testing, also known as ethical hacking or pen testing, is a security practice where
authorized professionals simulate real-world cyberattacks on a system, network, or application to

17
 BIT 2317
identify vulnerabilities and weaknesses. The goal is to discover security gaps before malicious hackers
can exploit them, helping organizations strengthen their defenses.

These terms highlight different aspects of security threats and measures, emphasizing the importance
of awareness, prevention, and proactive measures to safeguard sensitive information and digital assets.

b. Differentiate between Business continuity planning (BCD) and Disaster Recovery Planning
(DRP) and explain how each us used in the context of computer systems security.
(8 marks)
**Business Continuity Planning (BCP)** and **Disaster Recovery Planning (DRP)** are two closely
related but distinct approaches to ensure the availability and resilience of an organization's operations
in the face of disruptions. Here's how they differ and how they are used in the context of computer
systems security:

**Business Continuity Planning (BCP)**:

BCP is a strategic process that involves creating a framework to maintain essential business functions
during and after disruptions. It's a holistic approach that focuses on keeping the organization running
even in challenging circumstances. BCP considers various aspects beyond IT, including personnel,
facilities, communication, and business processes.

**Role in Computer Systems Security**:

BCP takes a broader view, incorporating IT systems as part of the overall business continuity strategy.
In the context of computer systems security, BCP:
- Identifies critical IT systems and data needed to maintain business operations.
- Develops plans to ensure IT systems and data can be accessed and used even during disruptions.
- Considers alternate communication methods and workspaces for employees to continue working.
- Addresses workforce availability and cross-training to maintain IT support functions.
- Implements redundant systems and backup data centers to ensure IT infrastructure availability.
- Ensures that data and systems can be restored in a timely manner after an incident.

**Disaster Recovery Planning (DRP)**:

DRP is a subset of BCP that specifically focuses on the recovery of IT systems and data after a
disaster or disruption. It outlines procedures and measures to restore and recover IT infrastructure,
applications, and data to their normal state.

**Role in Computer Systems Security**:

In the context of computer systems security, DRP:
- Identifies critical systems, applications, and data needed for business operations.
- Establishes recovery time objectives (RTOs) and recovery point objectives (RPOs) to determine how
quickly systems must be restored and how much data loss is acceptable.
- Develops backup and recovery strategies, including data backup schedules, off-site storage, and
restoration procedures.

- Tests and rehearses recovery procedures to ensure they are effective and can be executed promptly.
- Addresses security considerations during the recovery process to ensure that restored systems are
secure.
- Considers incident response plans in case the disaster is the result of a security breach.

18
 BIT 2317
In summary, BCP encompasses a wider scope of business operations, while DRP focuses specifically
on IT system recovery. Both are vital for maintaining the organization's resilience and ensuring that it
can continue functioning despite disruptions, including those related to computer systems security.

Highlight on the basic components of security. (6 Marks)

. Organizations often refer to this triad as CIA: Confidentiality, Integrity, and Availability.
Implementing security controls and practices that address all three components is essential to
building a robust and effective security posture

b) Elude the main essentials of computer security. (6 Marks)

The main essentials of computer security encompass a range of practices, policies, and technologies
aimed at safeguarding computer systems, networks, and data from various threats and risks.
Here are the main essentials of computer security:

1. **Access Control**:
Implement access controls to ensure that only authorized individuals or entities can access sensitive
data and resources. This involves defining user privileges, enforcing strong authentication
methods, and using role-based access to limit access to what is necessary for each user's role.

2. **Authentication and Authorization**:

Require users to prove their identity through authentication methods such as passwords, biometrics,
or two-factor authentication. Authorization determines what actions and data each
authenticated user is allowed to access based on their role and permissions.

3. **Encryption**:
Encryption transforms data into a secure form that can only be read by authorized parties. It protects
sensitive information from unauthorized access during transmission and storage. Both data at
rest and data in transit should be encrypted.

4. **Firewalls and Network Security**:

Deploy firewalls to monitor and control incoming and outgoing network traffic. Network security
measures, such as intrusion detection and prevention systems, help detect and mitigate
unauthorized access attempts and potential threats.

5. **Patch Management and Updates**:

Regularly update operating systems, applications, and software to address known vulnerabilities.
Patch management helps prevent exploitation of known security weaknesses.

6. **Security Awareness and Training**:

Educate users and employees about security best practices to avoid falling victim to social
engineering attacks, phishing attempts, and other threats. Regular training helps individuals
recognize and respond to security risks.

7. **Vulnerability Management**:
Continuously assess and identify vulnerabilities in software, systems, and networks. Establish a
process for timely remediation to reduce the risk of exploitation.

8. **Incident Response Planning**:

19
 BIT 2317
Develop an incident response plan to handle security breaches and incidents effectively. This plan
outlines steps to detect, respond to, mitigate, and recover from security breaches while
minimizing impact.

9. **Backup and Disaster Recovery**:

Regularly back up critical data and develop a disaster recovery plan to ensure the ability to recover
data and restore systems in case of data loss or system failures.

10. **Physical Security**:

Protect physical assets, such as servers and networking equipment, from unauthorized access.
Implement measures such as restricted access areas, security cameras, and biometric access
controls.

11. **Policies and Compliance**:

Establish security policies and procedures that outline acceptable use, data handling, password
policies, and other security practices. Ensure compliance with relevant industry regulations and
standards.

Combining these essentials creates a layered defense that helps organizations effectively manage and
mitigate the risks associated with computer security threats.

c) List down the three (3) major goals of computer security. (3 Marks)

d) Explain the two (2) types of human issues that rise up as concerned with computer security.
(6 Marks)
Human issues play a significant role in computer security and can contribute both to the effectiveness
of security measures and to potential vulnerabilities. Here are two types of human issues that
are commonly associated with computer security:

1. **User Awareness and Education**:

Users are often the weakest link in the security chain. Lack of awareness, understanding, and
adherence to security best practices can lead to various security issues. This includes:

- **Phishing and Social Engineering**: Users falling victim to phishing emails, scams, or
manipulation by attackers who exploit their lack of awareness.
- **Weak Passwords**: Users choosing easily guessable passwords, reusing passwords across
multiple accounts, or not updating them regularly.
- **Unauthorized Access**: Allowing others to access their accounts or devices, or failing to log out
of public computers.
- **Data Handling**: Mishandling sensitive information, sharing confidential data without proper
encryption, or not following data classification protocols.

Addressing these issues requires comprehensive user education programs that promote security
awareness, teach safe online practices, and provide guidance on identifying and responding to
security threats.

2. **Insider Threats**:

20
 BIT 2317
Insider threats originate from individuals within the organization who misuse their access privileges,
either intentionally or unintentionally. This category includes:

- **Malicious Insiders**: Employees, contractors, or other trusted individuals intentionally abusing

their access for personal gain or to harm the organization.
- **Negligent Insiders**: Employees who inadvertently cause security incidents due to carelessness,
lack of understanding, or disregard for security policies.
- **Compromised Insiders**: Individuals whose accounts or credentials have been compromised by
external attackers, turning them into unwitting accomplices.

To mitigate insider threats, organizations need to implement strict access controls, monitor user
activities, conduct periodic security training, and foster a culture of accountability and
integrity.

Both user awareness and insider threats highlight the importance of the "human factor" in computer
security. Establishing a security-conscious culture within an organization, coupled with
ongoing training and clear communication of policies, can significantly reduce human-related
vulnerabilities and enhance overall security posture.

e) Briefly highlight on the Advanced Encryption Standard (AES) algorithm. (5 Marks)

The Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that
ensures the confidentiality and security of sensitive data. It was established as the standard
encryption algorithm by the U.S. National Institute of Standards and Technology (NIST) in
2001. AES operates on fixed-size blocks of data and supports key lengths of 128, 192, or 256
bits. Here are some key points about the AES algorithm:

1. **Symmetric Encryption**:
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and
decryption. This key must be kept secure and shared only among authorized parties.

2. **Block Cipher**:
AES processes data in fixed-size blocks (128 bits) and is classified as a block cipher. It breaks down
the plaintext into blocks and encrypts each block independently.

3. **Key Length Options**:

AES offers three different key lengths: 128, 192, and 256 bits. Longer key lengths generally provide
higher security, but they also increase the computational complexity of encryption and
decryption.

4. **Substitution-Permutation Network**:
AES employs a substitution-permutation network (SPN) structure. The algorithm consists of
multiple rounds, each involving specific operations such as substitution (substituting bytes)
and permutation (rearranging bytes).

5. **Rounds**:
The number of rounds in AES depends on the key length: 10 rounds for a 128-bit key, 12 rounds for
a 192-bit key, and 14 rounds for a 256-bit key. Each round applies a series of transformations
to the data.

21
 BIT 2317

6. **MixColumns, SubBytes, ShiftRows, AddRoundKey**:

These are key operations performed in each round of AES:
- SubBytes: Applies a substitution based on a predefined lookup table (S-box).
- ShiftRows: Shifts rows of data to create diffusion.
- MixColumns: Mixes columns to provide further diffusion and increase security.
- AddRoundKey: XORs the round key with the data.

7. **Key Expansion**:
AES uses a key expansion algorithm to generate a set of round keys from the original encryption
key. Each round key is derived from the previous round key and undergoes a series of
transformations.

8. **Efficiency and Security**:

AES is known for its balance between security and efficiency. It has undergone extensive analysis
and scrutiny by cryptographic experts and has demonstrated strong resistance against various
attacks.

AES has become the foundation for secure data communication and encryption across a wide range of
applications, including securing communications over the internet, protecting sensitive files,
and ensuring the confidentiality of stored data.

f) Highlight any four (4) security precautions to be undertaken to ensure computer security is not
compromised. (4 Marks)

Question Two (20 Marks)

a) Explain the main threats of computer security. (10 Marks)

**a) Main Threats of Computer Security:**

Computer security faces a variety of threats that can compromise the confidentiality, integrity, and
availability of data and systems. Here are some main threats in computer security:

1. **Malware**:
Malware includes viruses, worms, Trojans, and other malicious software designed to infiltrate
systems, steal data, or cause damage.

2. **Phishing and Social Engineering**:

Attackers use deceptive tactics to manipulate users into revealing sensitive information, such as
passwords or financial details.

3. **Hacking**:
Unauthorized access to computer systems, networks, and data, often with the intent to steal, modify,
or delete information.

4. **Denial of Service (DoS) and Distributed Denial of Service (DDoS)**:

22
 BIT 2317
DoS attacks overload systems or networks to render them unavailable. DDoS attacks involve
multiple compromised systems targeting a single target.

5. **Data Breaches**:
Unauthorized access to sensitive data, often resulting in the exposure of personal, financial, or
confidential information.

6. **Insider Threats**:
Malicious or negligent actions by employees, contractors, or other trusted individuals within an
organization.

7. **Ransomware**:
Malicious software that encrypts data and demands a ransom for its decryption, often leading to data
loss or disruption.

8. **Data Interception**:
Unauthorized interception of data during transmission, allowing attackers to access sensitive
information.

9. **Man-in-the-Middle (MitM)**:
Attackers intercept and alter communications between parties without their knowledge, potentially
gaining access to confidential data.

10. **Eavesdropping**:
Unauthorized monitoring or interception of network traffic to obtain sensitive information.

11. **Zero-Day Exploits**:

Attacks that exploit vulnerabilities in software or hardware before vendors release patches or
updates.

12. **Physical Theft or Damage**:

Theft or physical damage to computer equipment, leading to loss of data or service disruption.

13. **Web-based Attacks**:

Attacks targeting vulnerabilities in web applications, often leading to unauthorized access, data
theft, or defacement.

14. **IoT Vulnerabilities**:

Security weaknesses in Internet of Things (IoT) devices that can be exploited to gain unauthorized
access or launch attacks.

b) Why do we need security policy in our organizations? Explain. (10 Marks)

A security policy is a critical component of an organization's overall security strategy. It outlines the
rules, guidelines, and procedures that employees, contractors, and users must follow to ensure
the security of data, systems, and resources. Here's why security policies are essential:

1. **Risk Management**: Security policies help identify and mitigate security risks by providing
guidelines on secure practices and procedures.

23
 BIT 2317

2. **Regulatory Compliance**: Many industries have specific security regulations that organizations
must adhere to. A security policy ensures that the organization complies with these
requirements.

3. **Data Protection**: Security policies safeguard sensitive data by defining how it should be stored,
accessed, and transmitted.

4. **User Behavior**: Policies set expectations for acceptable user behavior, reducing the likelihood
of accidental or intentional security breaches.

5. **Incident Response**: A well-defined policy outlines steps to take in case of security incidents,
helping the organization respond promptly and effectively.

6. **Consistency**: A security policy ensures consistent security practices across the organization,
preventing confusion or discrepancies.

7. **Employee Training**: Policies provide a foundation for security training and awareness
programs, educating users about security best practices.

8. **Resource Allocation**: Policies guide the allocation of resources, budget, and personnel to
security initiatives.

9. **Legal Protection**: A comprehensive security policy can offer legal protection by demonstrating
that the organization has taken reasonable measures to protect data and systems.

10. **Vendor and Third-Party Management**: Security policies extend to third-party partners and
vendors, ensuring they meet the organization's security requirements.

In summary, security policies provide a framework for implementing effective security measures,
ensuring compliance, and protecting the organization's digital assets and reputation.

Question Three (20 Marks)

a) Explain some of the methods that can be used to audit a system. (8 Marks)

System auditing involves assessing the security, performance, and compliance of a computer system.
Various methods can be used to conduct system audits to ensure that the system is functioning
optimally and adhering to security and regulatory standards. Here are some methods commonly used
for system auditing:

1. **Log Analysis**:
Analyzing system logs and event logs provides insights into user activities, system events, and
potential security incidents. By reviewing logs, auditors can identify abnormal or unauthorized
activities and track changes to the system.

2. **Vulnerability Scanning**:

24
 BIT 2317
Conducting vulnerability scans using specialized tools helps identify weaknesses in the system's
configuration, software, and services. Auditors can then assess the severity of vulnerabilities and
recommend remediation actions.

3. **Penetration Testing**:
Penetration testing (pen testing) involves simulating real-world attacks on the system to identify
vulnerabilities and assess the system's resilience against potential threats. This method provides a
practical assessment of the system's security posture.

4. **Configuration Review**:
Auditors review the system's configuration settings to ensure that security best practices are
followed. This includes verifying that unnecessary services are disabled, access controls are
appropriately configured, and default passwords are changed.

5. **Policy and Compliance Review**:

Auditors assess whether the system adheres to internal security policies and external regulatory
requirements. This involves checking that the system meets specific standards and guidelines set by
the organization or industry.

6. **User and Access Auditing**:

Auditing user accounts and access permissions involves reviewing user roles, permissions, and
entitlements to ensure that access is granted on a need-to-know basis and that former employees no
longer have access.

7. **File Integrity Monitoring (FIM)**:

FIM tools monitor and compare the integrity of system files against a known baseline. Any
unauthorized changes to files are flagged, indicating potential security breaches or unauthorized
modifications.

8. **Network Traffic Analysis**:

Analyzing network traffic helps auditors identify unusual or unauthorized communication patterns,
potential data leaks, and signs of intrusion attempts.

9. **Physical Security Audit**:

This audit assesses the physical security measures in place, such as access controls, surveillance, and
environmental protections (e.g., temperature control) to safeguard the system's hardware and
infrastructure.

10. **Application Security Review**:

Auditors assess the security of applications hosted on the system, identifying vulnerabilities and
weaknesses that could be exploited by attackers.

11. **Compliance Audits**:

These audits ensure that the system conforms to relevant industry standards, regulations, and legal
requirements.

By employing these methods, organizations can thoroughly assess the security, functionality, and
compliance of their systems, identifying and addressing potential vulnerabilities and risks.

25
 BIT 2317

b) What is cryptography? Explain the two (2) major types of encryption methods that are used
with at least one example in each. (12 Marks)
**Cryptography** is the practice and study of techniques for secure communication in the presence of
third parties (adversaries). It involves various processes and mathematical algorithms that transform
information into a format that is unreadable without the appropriate decryption key. Cryptography
ensures confidentiality, integrity, authentication, and non-repudiation of data.

There are two major types of encryption methods used in cryptography:

1. **Symmetric Encryption**:
Symmetric encryption, also known as secret-key or private-key encryption, uses a single secret key
for both encryption and decryption. The same key is shared between the sender and the receiver to
secure communication.

**Example**: Advanced Encryption Standard (AES)

AES is a widely used symmetric encryption algorithm. For instance, when Alice wants to send a
secure message to Bob, she encrypts the message using a secret key that she shares with Bob. Bob
then uses the same key to decrypt the message and read its contents.

2. **Asymmetric Encryption**:
Asymmetric encryption, also known as public-key encryption, employs a pair of keys: a public key
and a private key. The public key is used for encryption, while the private key is used for decryption.
Each user has a unique key pair.

**Example**: RSA (Rivest-Shamir-Adleman)

RSA is a well-known asymmetric encryption algorithm. If Alice wants to send a secure message to
Bob using RSA, she would use Bob's public key to encrypt the message. Only Bob, who possesses the
corresponding private key, can decrypt and read the message.

Asymmetric encryption provides enhanced security for tasks such as key exchange, digital signatures,
and securing communication between parties that have not previously shared a secret key. Symmetric
encryption, on the other hand, is often faster and more efficient for bulk data encryption because it
uses a single key for both encryption and decryption.

Both types of encryption play essential roles in securing digital communication and protecting
sensitive data from unauthorized access.

Question Four (20 Marks)

a) Briefly highlight on the concept of access control mechanism as used in computer security.
(10 Marks)

b) Explain the four (4) types of Intrusion Prevention Systems. (8 Marks)

26
 BIT 2317
Intrusion Prevention Systems (IPS) are security solutions designed to detect and prevent unauthorized
access and malicious activities within a network or system. IPS analyzes network traffic and takes
action to block or mitigate threats. There are four main types of Intrusion Prevention Systems:

1. **Network-Based Intrusion Prevention System (NIPS)**:

NIPS operates at the network level and monitors incoming and outgoing traffic to detect and prevent
threats. It inspects packets for known attack patterns, anomalies, or behavior that indicates malicious
intent. When suspicious activity is identified, NIPS can take immediate action to block or alert about
the threat. NIPS is placed at strategic points in the network architecture to provide comprehensive
protection.

2. **Host-Based Intrusion Prevention System (HIPS)**:

HIPS focuses on individual host machines or endpoints. It monitors activities and processes on a
host, looking for signs of intrusion or abnormal behavior. HIPS can detect malware, unauthorized
software installations, and unusual changes to system files. It can then take actions such as blocking
processes, alerting administrators, or isolating the host from the network to prevent further spread of
threats.

3. **Wireless Intrusion Prevention System (WIPS)**:

WIPS is designed specifically for wireless networks and aims to detect and prevent unauthorized
access and attacks targeting wireless devices. It monitors the wireless spectrum for rogue access
points, unauthorized clients, and other abnormal activities. WIPS can identify potential security
vulnerabilities and prevent wireless attacks like man-in-the-middle attacks or denial of service (DoS)
attacks.

4. **Virtual Intrusion Prevention System (VIPS)**:

VIPS is deployed in virtualized environments to protect virtual machines and virtual networks. As
virtualization introduces unique security challenges, VIPS is tailored to monitor and protect the
dynamic nature of virtualized infrastructures. It ensures that virtual machines adhere to security
policies and that communication between virtual machines is secure.

Each type of Intrusion Prevention System serves a specific purpose and can be deployed individually
or in combination to provide layered protection against a wide range of cyber threats. These systems
play a crucial role in detecting and mitigating intrusions in real-time, helping organizations maintain
the security and integrity of their networks and systems.

c) State three (3) classes of intruders. (2 Marks)

Three classes of intruders are:

1. **Criminal Hackers (Black Hat Hackers)**:

These are malicious individuals who exploit vulnerabilities in computer systems and networks for
personal gain or to cause harm. They engage in illegal activities, such as stealing sensitive
information, conducting financial fraud, and spreading malware.

2. **Ethical Hackers (White Hat Hackers)**:

Ethical hackers are security experts who use their skills to identify vulnerabilities in systems and
networks. They work with organizations to assess security weaknesses and help improve defenses.
Ethical hackers operate within legal and ethical boundaries.

27
 BIT 2317

3. **Hacktivists**:
Hacktivists are individuals or groups that hack computer systems and networks to promote a social
or political cause. They often engage in online activism, such as defacing websites or leaking sensitive
information to raise awareness about their agenda.

Each class of intruder has different motivations, methods, and intentions when it comes to interacting
with computer systems and networks.

Question Five (20 Marks)

a) Explain five (5) main goals of networking. (10 Marks)

The main goals of networking are to establish efficient and reliable communication between devices
and systems, enabling seamless data exchange, resource sharing, and collaboration. Here are five key
goals of networking:

1. **Resource Sharing**:
Networking allows devices to share resources such as printers, files, and databases. By enabling
multiple users to access and use shared resources, networking optimizes resource utilization and
reduces redundancy.

2. **Communication and Collaboration**:

Networking facilitates real-time communication and collaboration among individuals and groups
regardless of their physical locations. This is essential for businesses, organizations, and individuals to
interact, share information, and work together effectively.

3. **Data Exchange and Transfer**:

Networking enables the transfer of data between devices, whether it's sending emails, sharing files,
or transmitting data across long distances. Fast and reliable data exchange is crucial for businesses to
operate efficiently and for individuals to stay connected.

4. **Centralized Data Management**:

Networking allows centralized data storage and management. Data can be stored on dedicated
servers, making it easier to back up, secure, and manage information across an organization.
Centralized data management enhances data security and accessibility.

5. **Remote Access and Mobility**:

Networking enables remote access to resources, applications, and data from anywhere with an
internet connection. This is particularly valuable in today's mobile and remote work environments,
allowing users to access information and perform tasks outside of the office.

6. **Cost Efficiency**:
Networking can lead to cost savings by enabling organizations to consolidate resources, reduce
hardware and software duplication, and optimize IT infrastructure. For example, cloud computing
leverages network connectivity to offer scalable and cost-effective solutions.

7. **Scalability and Flexibility**:

28
 BIT 2317
Networking allows organizations to easily scale their resources up or down based on their needs.
Whether adding new devices or expanding a network's capacity, networking provides the flexibility to
adapt to changing requirements.

8. **Fault Tolerance and Redundancy**:

Networking supports fault tolerance by allowing the distribution of data across multiple devices or
locations. Redundancy ensures that if one component fails, the network can still function, minimizing
disruptions.

9. **Global Connectivity**:
Networking connects systems and devices on a global scale, enabling worldwide communication,
data sharing, and access to information across different regions and countries.

Overall, the goals of networking are focused on improving efficiency, accessibility, collaboration, and
connectivity, enabling individuals and organizations to leverage technology for enhanced productivity
and communication.

b) Define the term “firewall”. Explain three (3) types of firewalls. (10 Marks)
**Firewall** is a network security device or software that acts as a barrier between a trusted internal
network and untrusted external networks, such as the internet. Its primary purpose is to control and
monitor incoming and outgoing network traffic, allowing only authorized and safe traffic to pass while
blocking or filtering potentially malicious or unauthorized traffic.

There are three main types of firewalls:

1. **Packet Filtering Firewall**:

Packet filtering firewalls operate at the network layer (Layer 3) of the OSI model. They examine
individual packets of data and determine whether to allow or block them based on predefined rules.
Packet filtering is based on information such as source and destination IP addresses, port numbers, and
protocol types.

2. **Stateful Inspection Firewall**:

Stateful inspection firewalls combine aspects of packet filtering and session tracking. They keep
track of the state of active connections and analyze the context of traffic to determine whether it's
legitimate. Stateful inspection firewalls can distinguish between inbound and outbound traffic,
ensuring that only responses to legitimate requests are allowed.

3. **Application Layer Firewall (Proxy Firewall)**:

Application layer firewalls operate at the application layer (Layer 7) of the OSI model. They
examine the content of data packets and can understand and filter traffic based on specific applications
or protocols. Application layer firewalls act as intermediaries between the client and the server,
receiving and forwarding requests on behalf of the client.

4. **Next-Generation Firewall (NGFW)**:

NGFWs combine traditional firewall functionalities with advanced features like intrusion prevention
systems (IPS), deep packet inspection, and application awareness. They can identify and control

29
 BIT 2317
applications, users, and content within the network traffic, providing more granular control and
enhanced security.

Firewalls are essential components of network security, helping to prevent unauthorized access,
protect sensitive data, and block various types of cyber threats. The choice of firewall type depends on
the specific security requirements of an organization and the level of control and visibility needed over
network traffic.

30