JKUAT

EXAMINATION FOR THE DEGREE OF BACHELOR OF

SCIENCE IN IT AND BSC DSA.

: COMPUTER SECURITY AND

CRYPTOGRAPHY.

ASSIGNMENT. DATE DUE: TUESDAY 2nd OCT 2024.

Instructions: Attempt ALL questions.

QUESTION 1

a) Describe the term firewall.

computer network security system that restricts internet traffic in to, out of, or within a
private network depending on authorization. [2 Marks]
b) Describe the following firewall types/technologies
i. Packet filtering
It is a technique used to control network access by monitoring outgoing
and incoming packets and allowing them to pass or halt based on the
source and destination Internet Protocol (IP) addresses, protocols, and
ports.
ii. Application level gateway
These firewalls can examine application layer (of OSI model) information
like an HTTP request. If finds some suspicious application that can be
responsible for harming our network or that is not safe for our network then
it gets blocked right away
iii. Stateful inspection firewalls
It is also a type of packet filtering that is used to control how data packets move through a firewall.
It is also called dynamic packet filtering. These firewalls can inspect that if the packet belongs to a
particular session or not. It only permits communication if and only if, the session is perfectly
established between two endpoints else it will block the communication.
[6 Marks]
c) With the aid of a suitable diagram describe the following firewall configurable
architectures
i. Multi-homed host
In this architectural approach, the bastion host accommodates multiple
NICs (Network Interface Cards) in the bastion host configuration. One of
the NIC is connected to the external network, and the other one is
connected to the internal network thus providing an additional layer of
protection
ii. Screened host
This firewall combines a packet-filtering router with a discrete firewall
such as an application proxy server. In this approach, the router screens the
packet before entering the internal network and minimizes the traffic and
 network load on the internal proxy. The application proxy inspects
application layer protocol such as HTTP or HTTPS and performs the proxy
services.
iii. Screened subnet
Screened Subnet Firewalls as the name suggests make use of DMZ
(demilitarized zone) and are a combination of dual-homed gateways and
screened host firewalls. [9 Marks]
d) Describe the following firewall terminologies
i. DMZ
(demilitarized zone) The DMZ is a network barrier and buffer zone
between the trusted and untrusted networks in a company’s private and
public networks.
ii. Zombie
a computer or electronic device compromised by malware or malicious
software and can then be controlled by the attacker. [3 Marks]

QUESTION 2

a) Describe the term Intrusion Detection.

Secutity tool ability to monitors a computer network or systems for malicious activities or
policy violations. It helps detect unauthorized access, potential threats, and abnormal
activities by analyzing traffic and alerting administrators to take action. [2 Marks]
b) Discuss the following intrusion detection systems . For each state two advantages
and two disadvantages of application. [8 Marks]
i. Network
Network intrusion detection systems (NIDS) are set up at a planned point
within the network to examine traffic from all devices on the network. It
performs an observation of passing traffic on the entire subnet and matches
the traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behavior is observed, the alert can
be sent to the administrator.
ii. Host
Host intrusion detection systems (HIDS) run on independent hosts or
devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if suspicious
or malicious activity is detected. It takes a snapshot of existing system files
and compares it with the previous snapshot. If the analytical system files
were edited or deleted, an alert is sent to the administrator to investigate
iii. Application
An application Protocol-based Intrusion Detection System (APIDS) is a
system or agent that generally resides within a group of servers. It
identifies the intrusions by monitoring and interpreting the communication
on application-specific protocols.
c) Distinguish between anomaly and misuse forms of intrusion detection mechanisms
stating their strengths and weaknesses. Describe areas where each can be suitably
implemented. [6 Marks]
d) Distinguish between IDS and IPS. [3 Marks]
e) Describe the three main methods used when evaluating IDS for effectiveness. [6 Marks]
QUESTION 3

a) Describe the term access control and outline its relevance/goals in information systems
security. [5 marks]
b) Describe the three main access control methods. Outline their main limitations. [6 Marks]
c) Describe the three main access control models. Outline the pros and cons of these models
implementation. [9 Marks]