PROJECT TITLE: SECURITY AND CRYPTOGRAPHY CASE STUDY FOR

PHYSICAL ENTERPRISE NETWORK DEVICES

INTRODUCTION
Safaricom Kenya stands as the leading telecommunications provider in the country, offering a
comprehensive array of services to millions of users nationwide. At the heart of Safaricom's
operations lies its robust network infrastructure, meticulously designed and strategically
positioned to deliver seamless connectivity to both urban centers and remote areas.
Central to Safaricom's infrastructure is its extensive mobile network, comprising an intricate web
of cell towers, base stations, and antennas spanning the Kenyan landscape. This infrastructure
ensures that voice and data services are readily accessible to subscribers across the nation,
fostering communication and connectivity on a massive scale.
Complementing its mobile network, Safaricom maintains a network of advanced data centers
strategically dispersed throughout Kenya. These facilities serve as the backbone of Safaricom's
data processing and storage operations, housing vast repositories of subscriber data, billing
information, and critical business data. Equipped with state-of-the-art security measures, these
data centers safeguard sensitive information from physical and cyber threats, ensuring the
integrity and confidentiality of data.
Within Safaricom's core network infrastructure, a sophisticated array of switches, routers, and
networking equipment orchestrates the flow of voice and data traffic, facilitating efficient
communication across the network. Safaricom employs robust security protocols, including
firewalls, intrusion detection systems, and encryption mechanisms, to fortify its core network
against unauthorized access and cyber intrusions.
Moreover, Safaricom extends its services beyond traditional telecommunications, offering a
diverse portfolio of internet services and enterprise solutions. From broadband internet and
leased lines to cloud services and managed security solutions, Safaricom's offerings cater to the
evolving needs of both consumers and businesses alike. Leveraging its extensive network
infrastructure and technical expertise, Safaricom delivers innovative and reliable solutions that
empower businesses to thrive in the digital age.
In essence, Safaricom's physical enterprise and network infrastructure form the backbone of its
operations, underpinning the delivery of reliable and secure telecommunications services to
millions of users across Kenya. With a steadfast commitment to excellence and innovation,
Safaricom continues to drive connectivity and foster digital inclusion nationwide.

OBJECTIVES
 Assess the effectiveness of existing security measures in Safaricom's network devices.
 Identify vulnerabilities within Safaricom's network infrastructure.
  Recommend strategies to enhance the security posture of Safaricom's network devices.
 Prioritize remediation efforts based on the severity and potential impact of vulnerabilities.
 Raise security awareness among Safaricom's staff and stakeholders.
SCOPE OF THE STUDY.
The scope of the case study includes assessing security measures in Safaricom's network devices,
identifying vulnerabilities, recommending strategies for enhancement, documenting findings,
prioritizing remediation, promoting security awareness, ensuring compliance, and compiling a
concise report.

METHODOLOGY
Security testing of network devices involves a systematic approach to identifying vulnerabilities
and ensuring the robustness of network security. The following are the key methodologies and
tools that the study will employ;
 Network Scanning: Network security scanning is a fundamental method to identify
vulnerabilities in a network, computer, or application by analyzing the network structure
and traffic flow.
 Vulnerability Scanning: This technique involves scanning for weaknesses in network
devices, servers, and applications to detect potential security risks
 Ethical Hacking: Ethical hacking, also known as penetration testing, is a proactive
approach where security experts simulate cyberattacks to uncover vulnerabilities and
assess the network's resilience
 Password Cracking: Password cracking techniques are used to test the strength of
passwords within the network, identifying weak or easily compromised credentials
 Tool Selection: Choosing the right tools is crucial for effective security testing. Tools
like Intruder, NMAP, Wireshark, Metasploit, Nessus, and others play a vital role in
assessing network security.
Tools and Techniques Employed in Assessment
 Intruder: A powerful vulnerability scanner that identifies cybersecurity weaknesses in
network systems and aids in remediation before breaches occur
 NMAP: An open-source tool used for network mapping and scanning to detect
misconfigurations and vulnerabilities
 Wireshark: A network protocol analyzer supporting various protocols for in-depth
analysis of network traffic
  Metasploit: A penetration testing tool used for simulating cyberattacks to identify
vulnerabilities and test defenses
 Nessus: A comprehensive vulnerability assessment tool that scans networks for
weaknesses and provides detailed reports for remediation

FINDINGS
Safaricom, as a leading mobile network operator in Kenya, faces various security vulnerabilities
that can impact its operations and overall performance. The following security vulnerabilities
were identified:
a) Regulatory Changes
Safaricom operates in a dynamic regulatory environment, facing risks from significant changes
in regulations that can impact its operations and strategic initiatives. Adapting to evolving laws
and policies is crucial to mitigate potential impacts on financial performance and operations.
b) Cybersecurity Threats
In today's digital age, cybersecurity threats pose a significant risk to Safaricom's network and
services. The company is increasingly targeted by cyber threats that can lead to data breaches,
compromising customer trust and data privacy. Safaricom must remain vigilant in implementing
robust cybersecurity measures to protect its systems, infrastructure, and customer information
from unauthorized access and cyber-attacks.
c) Infrastructure Disruptions
Disruptions in Safaricom's infrastructure, including cyber-attacks, outages, equipment failures,
and natural disasters, can have adverse effects on its operations and service delivery. Safaricom's
network infrastructure, data centers, and critical facilities are vulnerable to disruptions that can
result in financial losses, service interruptions, and reputational damage. Investing in robust
infrastructure and disaster recovery measures is essential to minimize the impact of such
disruptions.
d) Supply Chain Disruptions
Safaricom relies on a complex supply chain for critical components and services required for its
operations. The company faces the risk of supply chain disruptions from third-party suppliers
and vendors due to factors like natural disasters or political instability. Proactively managing the
supply chain and establishing contingency plans are crucial to mitigate the impact of potential
disruptions on operations and profitability.

Overview of cryptographic weaknesses and assessment results.

As per OWASP, cryptographic failure is a symptom instead of a cause. Any failure responsible
for the exposure of sensitive and critical data to an unauthorized entity can be considered a
cryptographic failure.
There can be various reasons for cryptographic failure. Some of the Common Weakness
Enumerations (CWEs) are:
 CWE-259: Use of Hard-coded Password,
 CWE-327: Broken or Risky Crypto Algorithm, and
 CWE-331: Insufficient Entropy.
The following weaknesses were found;
Cybersecurity Threats
Safaricom encounters cybersecurity threats that can exploit cryptographic weaknesses,
potentially leading to data breaches and unauthorized access to sensitive information. The
company must continuously assess its cryptographic protocols and encryption methods to
mitigate these risks
Vulnerability Testing
Safaricom routinely tests for weaknesses in its network devices through security reviews and
penetration testing to identify vulnerabilities in web applications and frameworks. This proactive
approach helps in identifying and addressing potential security gaps before they are exploited by
malicious actors
Security Solutions
Safaricom has introduced IT security solutions for its enterprise customers, offering managed
security solutions, security assurance, advisory services, and managed security operations center
solutions. These services aim to protect IT systems, secure emails and websites, manage
vulnerabilities, conduct system audits, and provide real-time monitoring to enhance overall
cybersecurity
Operational Resilience
To mitigate operational risks, Safaricom focuses on strengthening its operational resilience to
minimize service disruptions, ensure continuity of operations, and address supply chain
vulnerabilities. By implementing robust systems and processes, the company aims to maintain
uninterrupted service delivery to its customers
Financial Risk Management
Safaricom proactively manages financial risks by implementing measures to address fraud,
revenue leakages, and billing inaccuracies within its network. Strengthening fraud management
systems and enhancing financial controls are essential steps to protect revenue streams and
maintain financial stability amidst potential vulnerabilities
RECOMMENDATIONS
It is recommended that;
 Implement a prioritization strategy based on severity levels to address critical
vulnerabilities within 15 days and high vulnerabilities within 30 days of detection
 Develop a remediation plan for vulnerabilities that cannot be fixed within the
recommended timeframes.
 Automate vulnerability management processes to streamline remediation tasks, enhance
efficiency, and reduce risk exposure. Consider adopting continuous remediation practices
and deploying compensating controls
 Facilitate continuous, real-time network monitoring, data logging, and vulnerability
scanning to detect and address new potential vulnerabilities promptly. Utilize monitoring
tools for quick response and prioritization of risks
 Establish a Vulnerability Management Process: Create a structured vulnerability
management process that includes identifying, evaluating, monitoring, and remediating
vulnerabilities. This process guides actions to address weak spots effectively and ensures
timely mitigation
 Follow Remediation Guidelines: Adhere to established guidelines from organizations like
CISA for setting practical time frames for addressing vulnerabilities. Incorporate these
guidelines into your remediation plan to ensure timely resolution of identified
weaknesses
 Implement IT Automation: Utilize IT automation tools to speed up vulnerability
management processes, streamline repetitive tasks like patch deployment and
vulnerability scanning, and reduce human error in securing devices and the IT
environment.
 It is recommended that all the encryption keys should be created cryptographically. They
should be stored in the form of byte arrays. Plain text passwords should always be
converted into cipher text or encrypt them using these keys. It should only be done using
a strong encryption method or algorithm. Using lengthy salts for sensitive data
additionally increases security.
 Secure coding; secure coding is a set of guidelines that developers follow to integrate
security within the application’s code. These practices ensure the use of strong
cryptography practices in various parts of the application rather than only on the
perimeter of the application’s components. Therefore reducing the chances of
cryptographic failures.
CONCLUSION
The case study of Safaricom, a leading integrated communication company in Africa, reveals
key insights into its operations and strategic initiatives. Safaricom, with over 17 million
subscribers, offers a comprehensive range of services including mobile and fixed voice, data
services, and the successful M-PESA money transfer product. The company's success is
attributed to its innovative solutions that empower Kenyans through advanced technologies like
broadband data services and mobile financial services.
In addressing security vulnerabilities, the case study emphasizes the importance of robust
security measures and cryptography in safeguarding network infrastructure. Safaricom faces
cybersecurity threats that exploit cryptographic weaknesses, necessitating continuous assessment
and improvement of encryption protocols to prevent data breaches and unauthorized access. By
prioritizing robust security measures, implementing encryption as part of a comprehensive
security strategy, and investing in employee training, Safaricom can enhance its network security
posture effectively.
Overall, the case study underscores the critical role of encryption in protecting sensitive
information, the need for proactive vulnerability testing and security solutions deployment, and
the significance of continuous security updates to mitigate risks effectively. Safaricom's
commitment to addressing vulnerabilities through strategic measures highlights its dedication to
maintaining a secure network environment amidst evolving cyber threats in the
telecommunications industry.
REFERENCE
 Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne, ―Evaluating
Computer Intrusion Detection Systems: A Survey of Common Practices,‖
ACM Comput. Surv., vol. 48, no. 1, pp. 12:1--12:41, Sep. 2015, doi:
10.1145/2808691
 R. Fotohi, Y. Ebazadeh, and M. S. Geshlag, ―A New Approach for
Improvement Security against DoS Attacks in Vehicular Ad-hoc Network,‖
arXiv, 2020, doi: 10.14569/ijacsa.2016.070702.
 A. J. Menezes, P. C. Van Oorschot, and S. a. Vanstone, Handbook of
Applied Cryptography, vol. 106. 1997. doi: 10.1.1.99.2838
 H. M. Ying and N. Kunihiro, ―Cold Boot Attack Methods for the Discrete
Logarithm Problem,‖ in 2016 Fourth International Symposium on Computing
and Networking (CANDAR), Nov. 2016, pp. 154–160. doi:
10.1109/CANDAR.2016.0037.
 H. Handschuh, ―RC6,‖ in Encyclopedia of Cryptography and Security, H.
C. A. van Tilborg and S. Jajodia, Eds. Boston, MA: Springer US, 2011, pp.
1033–1034. doi: 10.1007/978-1-4419-5906-5_608.
 M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel, “An Empirical Study of
CryptographicMisuse in Android Applications”, In ACM Conference on
Computer and CommunicationsSecurity, CCS’13, pages 73–84, 2013
 Mahmoud Alfadel, Diego Elias Costa, Emad Shihab, “Empirical Analysis of
SecurityVulnerabilities in Python Packages”, Data-driven Analysis of Software
(DAS) Lab, ConcordiaUniversity, Montreal, Canada
 Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G. and Tsay, J.-K.
2012. Efficient Padding Oracle Attacks on Cryptographic Hardware. Advances in
 Cryptology – CRYPTO 2012. R. Safavi-Naini and R. Canetti, eds. Springer
Berlin Heidelberg. 608–625
 Viega, J. 2003. Practical random number generation in software. Computer
Security Applications Conference, 2003. Proceedings. 19th Annual (Dec. 2003),
129–140.
 Klima, V. and Rosa, T. 2003. Side Channel Attacks on CBC Encrypted Messages
in the PKCS#7 Format. Cryptology ePrint Archive, Report 2003/098 (2003).
 www.safaricom.co.ke