PROGRAMME: MASTER IN INFORMATION

SECURITY (MIS)
MODULE NAME: INFORMATION SECURITY AND
CRYPTOGRAPHY
MODULE CODE: ISG09104
NAME: GROUP F BLENDED
GROUP MEMBERS
S/N NAMES REGISTRATION NUMBER
1 ALPHA EPAPHRA MIS-02-0091-2023

2 KAROLI JP MINAMIRA MIS-04-0027-2024

3 ARON DICKSON MIS-05-0102-2023

4 OSWALD STEVEN SAM MIS-04-0097-2023

5 HOPEMAN PHILEMON MBUKWA MIS-04-0114-2023

6 GEOFREY RWELA MIS-05-0131-2023

7 LUGENDO MASSAWE MIS-04-0112-2023

8 ANDREW MALYAMUHINDI MIS-04-0101-2023

9 ACLEUS KAMWENDO MIS-04-0137-2023

10 BARAKA EMMANUEL MIS-01-0121-2023

11 TUMAINI JAMES MACHA MIS-04-0057-2024

Question 1:
Discuss the current information security incidences in Tanzania and suggest the means
for mitigation.
Answer:

Introduction:

In the modern world, Tanzania is undergoing tremendous technological growth which

facilitates the use of digital platforms for almost all activities like banking, government
services, education and health care services. The increase use of technology has improved
service delivery, time saving, enhance operational efficiency and expanded access to
critical services. Indeed, these developments improve quality and access but at the same
time, they leave the country exposed to serious information security risks. Incidences like
digital Fraud, data breach, ransomware and even cyber-attacks on critical national
infrastructures are becoming daily realities which endanger individual personality,
organizations and even public institutions.

The large dependency on online services in combination with a low level of cybersecurity
knowledge, obsolete technologies and poor enforcement of regulations puts Tanzania at
risk of being a target for cyber criminals. The information threatened relates to the core
principles of information security; confidentiality, integrity and availability, and results in
economic losses, business interruptions and the deterioration of trust of individuals in
electronic systems.

The following are trending information security incidences in Tanzania and their
mitigation measures;

1. Online Mobile Money Coning

Deception through Mobile money is the highly current leading information security
incident in Tanzania; where cyber-criminals use social engineering to gain access to
individual’s mobile phone information and resulting on SIM Swapping and eventually
stealing the individual’s money. This fraudulent activity is reported by MNO’s (M-Pesa,
MIX by YAS and Airtel Money)

2. Ransomware and Malware Attacks

There have been reports from Tanzanian organizations which include public institutions
and SMEs of incidents where cyber criminals adopted a ransomware approach that
involved encrypting sensitive information and then making ransom demands. Malware
infections usually are the result of the use of pirated applications and unprotected end
connections.

3. Insider Threats

Sensitive information and data sometimes are accessed and used improperly by negligent
employees or employees with malicious intent. This always results in unauthorized access
to the systems or data breaches to sensitive information e.g. violation of personal privacy.

4. Data Breaches

Certain industries like telecommunications, finance, and health have weak security
measures in place which has led to instances where highly private customer information
is exposed to unintended person.

5. Phishing Attacks

Deceptive websites and emails attraction the users into giving away crucial details. This
resulting on giving sensitive information for both individual and organization which can
lead to security breach and loss of fund and organization reputation e.g. social engineering,
impersonation and deceptive social media links.

Means to mitigate current information security indecencies;

1. Improving Legal and Policy Frameworks

 Cybercrime Laws Enforcement Action

Utilize the provisions of the Cybercrimes Act of 2015 fully for the purposes of prosecuting
offenders and preventing similar offenses in the future.
 Data Confidentiality Framework
Maintain and capacitate effective legislative and institutional frameworks for the
protection of personal data.
 Standards of Compliance
Promote global security standards IS027001 amongst organizations to comply with.

2. Improving Cybersecurity Awareness

 Public Awareness Campaigns

Launch education campaigns in public and private sectors which assist individuals in
detecting phishing and protecting their mobile money accounts from being compromised.

 Employee Training
Issue training materials and conduct regular training for both general and technical
employees of all public and private organizations on how to effectively scan for and
control cyberspace threats.

3. Enhancing IT Facilities
  Patching systems on a continuous basis
Weaknesses in the system should be minimized by routinely updating and monitoring
patches on operating and application systems.

 Configurations for Secure Networks

Employ encryptions, firewalls and VPNs, as well as rigid access restrictions and other
secure network configurations.

4. Investing in Advanced Technology

 AI and Machine Learning

Implementing AI-based solutions in anomaly detection for transaction tracking, risk
exposure, and automated responses to incidents.

 Network and Computer Protection Systems

Implementing intricate network firewalls (IPS & IDS) on systems as well as installing
the antivirus software and regular updating.

 Device Security
Every computer device connected to the network domain should be secured and
maintained through active directory.

5. Collaboration and Sharing of Knowledge

 Cross-Sectoral Collaboration
Foster relationships among Government, private sectors and international organizations
to facilitate information sharing on threats and practices.
 Public-Private Collaboration
 Collaborate with Technology Providers and assist in improving cyber security tools and
skills in Tanzania.

Question 2:
Discuss the network and internet security.
• Web security issues
• SSL and TLS
• Digital certificate and digital signature
• IPSec and VPN
• Tunnel mode Vs Transport mode
• Tradition Firewall, Cyberoam Firewall, and Sophos Firewall
• What is DMZ, how does it used to solve the issue of network security
• Intrusion Detection and Prevention systems (IDPS)
Answer:
• Web security issues
Web security issues are obstacles that endanger the security, integrity, and usability of
information, software and even users on the internet. Examples SQL Injection, DDOS
Attack, Phishing, Ransomwares, Virus and Worms, Cross-Site Scripting (XSS),
unencrypted website and Cross-Site Request Forgery (CSRF).

• SSL and TLS

i. SSL
Secure Socket Layer (SSL) is a technology that encrypts data between a web browser
and a server. SSL was developed by Netscape in the mid-1990s to protect sensitive data
from unauthorized access
Features of SSL:
(i) Encryption: With the use of SSL, the client and server data is encrypted which keeps
passwords, and credit card details on a secure lock.
(ii) Authentication: This type of encryption does authentication over the server and, if
desired, the client as well by employing the use of SSL certificates given only by
approved CAs.
(iii) Data Integrity: SSL ensures that the exchanged data remains intact, without any
alterations made to it while being in transmission.

ii. TLS
Transport Layer Security (TLS) is a cryptographic protocol that encrypts data transfer
over the internet. It's used to protect data privacy and integrity for communications like
web browsing, email, and video conferencing. It is the successor to SSL to enhance
security and performance.
TLS Features:
(i) Encryption Functionality: TLS operation mode is to ensure all information
exchanged between a client (for example, a web browser) and a server remains
confidential so that unauthorized interception or eavesdropping cannot occur.
(ii) Authentication Functionality: Using digital certificates that are issued by well-
trusted or recognized Certificate Authorities (CAs), TLS enables the verification of
the identity of each participant of the communication.
(iii) Data Integrity: TLS guarantees an unaltered transfer of data through the use of
message authentication codes (MACs) among other methods.
(iv) Forward Secrecy: Many of the newer implementations of TLS are compatible with
the forward secrecy option making sure that earlier communication will remain
indecipherable no matter what happens to the private key in the future.

• Digital certificate and digital signature

i. Digital Certificate
Digital certificate also known as a public key certificate or identity is an electronic file
that is encrypted by the public key used to authenticate the identity and authenticity of the
device, server, website, organization, individual or user.
A digital certificate is a file that is used to identify entity uniquely online and to facilitate
encrypted connections.
ii. Digital Signature
The digital signature is a mathematical technique that is used to validate the integrity and
authenticity of a message, digital documents or software.
 - is a string of decimal numbers that is attached to a file to assist with identifying the
signer and ensuring its integrity.
- It is used to declare non-repudiation of the information
- Ensures the sender and the receiver of the message are accountable and responsible on
the information exchanged between them
- Non repudiation – is the assurance that the sender of information is provided with proof
of delivery and the recipient is provided with proof of the sender's identity.

• IPSec and VPN

i. IPSec
-IPsec is a protocol used to set up the encrypted connection between devices or networks
to help secure data sent over the public network.
- It is used to setup VPN and it works by encrypting the IP packets and authenticating the
source
- The IPsec defines two protocols that are used for securing the IP Packets
- The Authentication Header (AH) and the encapsulating security payload(ESP)
- The AH is used for data integrity and anti-replay service - The ESP encrypts and
authenticates data.
- IPsec assures data confidentiality, integrity, authenticity and anti-replay
- The IPsec uses two types of algorithms, authentication and encryption algorithms 17
-The authentication algorithms such as HMAC-MD5 and HMAC-SHA-1 produce an
integrity checksum value or a digest that is based on the data and a key.
- The encryption algorithm uses DES-CBC, 3DES–CBC or Triple-DES, Blowfish and
AES-CBC as encryption algorithms to encrypt data with a key
ii. VPN
-A VPN is an encrypted network connection between two or more networked devices on
public networks, that ensures the data exchange is private and encrypted
- By encrypting data passing through the VPN, it is possible to securely access and
exchange confidential information over a shared network or internet. For example,
employees can work remotely from the remote office by using VPN to access corporate
private applications and files
- VPNs use various secure protocols such as an L2TP/IPsec, SSL/TLS, OpenVPN,
IKEv2/IPsec, SSTP or PPTP

• Tunnel mode Vs Transport mode

i. Tunnel Mode
-A security protocol mode for creating VPN tunnels that enable transmitting data over the
internet where both the data and the original IP address are encrypted
- The Encapsulating security payload (ESP) encrypts both the data and the IP header
information
- It is highly secure because both the data and tunnel IP are protected
ii. Transport Mode
-A security protocol for creating and protecting VPN tunnels which only encrypts the data
being sent without checking the integrity or authentication of the connection channel
- this makes it faster but less secure than the tunnel mode
- ensure that the data is secure while in transit without establishing a secure connection
between the two networks

• What is DMZ, how does it used to solve the issue of network security
 What is DMZ (Demilitarized Zone)
A DMZ for the context of security is a perimeter network security that creates a security
region by separates an internal network from external internet. And also acts as a buffer
zone by isolating trusted network (internal) from untrusted network (external).
 Usage of DMZ to solve network security issues:
Segmentation of Network: DMZ used to separate and isolated the internal network by
placing those services which are accessed publicly from services which accessed
internally. It makes demarcation point to the internal network.
Minimize attacks: By separating the internal network into two parts, public accessed and
internal accessed services it minimizes attack chances by applying specific control
measurements to the respective area.
Network resource access management: Firewalls between DMZ and internal network
is used to control access to the resources like web server, mail server and others and also
monitoring network traffics across the internal and external network.

• Tradition Firewall, Cyberoam Firewall, and Sophos Firewall

 Tradition Firewall: This is the firewall that operates at network and transport layers
and performing packet filtering, network access control by using access control lists,
stateful inspection as well as network address translation (NAT).
 Cyberoam Firewall: This is the layer 7 application firewall and unified threat
management appliance that offering advanced centralized security management by
performing deep packet inspection, user identification, intrusion prevention and web
filtering contents.
 Sophos Firewall: This is the next-generation firewall (NGFW) designed to provide
more comprehensive and advanced security in both hardware and software. It provides
centralized management, identity based policies and advanced threat protection.

• Intrusion Detection and Prevention systems (IDPS)

Are crucial and important tools which used to enhance network security by detecting and
preventing potential attacks which may cause damage to the systems and data. They are
performing detections, continuously monitoring of network traffics and host services and
preventing malicious activities.
These tools have two types:
i. Network Intrusion and Prevention System (NIDPS)
Are systems that implemented at network for the purpose of monitoring network traffics
for detection and prevention of malicious activities which may take place on network
systems, e.g. DDoS, port scanning.
ii. Host Intrusion and Prevention System (HIDPS)
Are systems that installed and implemented at individual devices, endpoint system,
servers and workstations for the purpose of monitoring system activities, detecting and
preventing malicious activities and threats which may compromise devices, e.g. login, file
access.
Question 2:
Use Cisco Packet Tracer to configure
Configure and Apply a Named Standard ACL, configure OSPF Authentication and use
tutorial in https://cybr.com/network-security-archives/project-dmz-and-network-
hardening-tutorial-with-packet-tracer/ to configure DMZ Firewall of your network design.
Answer:
A network topology designed to cover a named standard ACL, OSPF authentication and
DMZ Firewall configurations

In this scenario as shown in the topology above uses two layer three switches, one for the
internal network and the other for external network, the other device is the router which
configured as DMZ firewall

1. Internal LAN
In this LAN with network address 192.168.1.0/24, have two devices (computers) which
are connected to a layer three switch with port numbers Fa0/2 and Fa0/3.
The layer three switch is connected through port number Fa0/1 to the DMZ router which
allowing internal network to access DMZ and outside network. In this internal LAN the
configuration will be done on the firewall to secure sensitive systems and data from
external threats.

2. DMZ (Demilitarized Zone)

This is the network where hosting servers and systems that are exposed to external
network while isolating them from the internal LAN. In this scenario we have two servers
which are connected to layer two switch with network address 192.168.3.0/24. This layer
two switch connects to the DMZ firewall router through port number Fa0/1 interface to
facilitate controlled communication between the DMZ, Internal, and External zones.
Also this is the router which acts as the core of the network that manage traffic flow across
the three zones through port Gig0/0 for internal LAN, port number Gig0/1 for DMZ and
port number Gig0/2 for external network. Through this router/firewall the implementation
of access control lists (ACLs) are done to secure and restrict traffic between the zones. In
this DMZ it’s where buffer zone hosting public-facing services (e.g., web or mail servers).
It isolates these services from the internal network to minimize risk.

3. External Network
This outside network with network address 11.1.1.0/29 comprises one computer and one
server connected to layer three switch through port numbers Fa0/1 and Fa0/2 respectively.
Also, this layer three switch connects to the router through interface Gig0/2, providing
access to other zones (DMZ and internal LAN). This is the one that connects to the
untrusted public internet or external systems that interact with the DMZ.

Screenshots of the ping results are illustrated below

 Ping from external network to internal network
  Ping from internal network to DMZ and external network

 Ping from DMZ to internet (outside network) and internal network

Other illustrations are within attached packet tracer file.

REFERENCES:
1. Blake, W., & Jones, C. (2016). Implementing IPsec VPNs: Understanding IPsec,
MPLS, and VPN design. Wiley
2. Stallings, W. (2017). Network security essentials: Applications and standards (6th
ed.). Pearson.
3. Stallings, W., & Brown, L. (2019). Computer security: Principles and practice
(4th ed.). Pearson