R K

O
W
U P
RO
G
T Y
R I
C U
SE
IT
GROUP MEMBERS
1. STEPHEN NJOROGE
2. JEREMIAH KITHEKA
3. NANCY JEBIWOTT
4. PA U L I N E G AT W I R I
5. GRIFFIN WILLIAM
6. E N O C K L A N G AT
 Question One:
Software and handware firewall
A firewall is a network security system or shielding layer that lies between the internet and the
computer networks. A firewall typically set up a barrier between a trusted network and an
untrusted network. An Internet firewall is a device or software which is designed to protect your
computer from data and viruses that you do not want.

1. Software Firewall:
A software firewall is a special type of computer software that runs on a computer/server. Its
main purpose is to protect your computer/server from outside attempts to control or gain access
and depending on your choice of a software firewall. A software firewall can also be configured
for checking any suspicious outgoing requests.
 Advantages:
1. Helpful in blocking particular sites
2. Juniors and parental controls can be supervised
3. Ease in maintenance
4. Valuable for home users
5. Assignment of different levels of access and permissions to the user can be done with ease

Disadvantages:
6. Installation and up-gradation are required on individual computers.
7. Slow Performance of the system.
8. Due to its installation, system resources are consumed.
9. Does not work on smart TVs, gaming consoles, etc.
2. Hardware Firewall:
It is physical piece of equipment planned to perform firewall duties. A hardware firewall can be a
computer or a dedicated piece of equipment which serve as a firewall. Hardware firewall are
incorporated into the router that is situated between the computer and the internet gateway.
Advantages:
1. Independently run so less prone to cyber-attacks.
2. Installation is external so resources are free from the server.
3. Increased bandwidth enables the handling of more data packets per second.
4. Reduced latency.
5. VPN connection is also supported for increased security and encryption.

Disadvantages:
6. Hardware devices can take extra space
7. A skilled IT person is required
8. Upgradation challenge as it is not cost-effective because multiple devices need to be
replaced
9. Difference between Hardware and Software firewall:
NOA Parameters Software Firewall Hardware Firewall
1. Operates on A software Firewall operates on the system. Hardware Firewall do not operate on the system.

2. Configuration Configuration of a software firewall is easy. Configuration of hardware firewall is not easy.

3. Working It is installed on individual devices like computes and It is required to install the device between the
phones which results in blocking users or devices from computer and the Internet so that it will not be easily
accessing the individual components of the network. It accessible. The installation requires a connection of
basically inspects the packets and then blocks the network cable with the firewall rather than directly
unauthorized access. connecting to the router. Hence, a barrier is formed
for blocking the incoming and outgoing data packets
between the network and the Internet. It protects
against viruses, malware, spyware, email spam, and
other similar attacks from outside.
4. Cost It is less expensive to install though the cost may It is more expensive than a software firewall as an
increase in case of variation in computers. initial investment is required based on the protection
level.

5. Flexibility It is flexible i.e., you can choose which application has It is not flexible like software firewall.
to be installed.
6. Installation It is installed inside the individual system. It is installed outside the system.

7. Protects It protects one system at a time and is not enabled for It protects a whole network at a time.
smart TVs, gaming consoles, and other devices.

8. Performance It makes the performance of computers slows down. It doesn’t affect the performance of the computer.

9. Requirement It is needed to be installed on every individual system It needs only one hardware to be installed for a whole
on a network. network.
10. Blocking In software firewall, content based on keywords can be A domain or website can be blocked using hardware
blocked. firewall.
 Question Two:
DATABASE SECURITY
Database security refers to the range of tools, controls and measures designed to establish and
preserve database confidentiality, integrity and availability. Confidentiality is the element
that’s compromised in most data breaches.

Database security must address and protect the following:

1. The data in the database.
2. The database management system (DBMS).
3. Any associated applications.
4. The physical database server or the virtual database server and the underlying hardware.
5. The computing or network infrastructure that is used to access the database.
Properties of database security
Database security best practices
 Data breach
A data breach is an incident where sensitive, protected, or confidential data is accessed,
disclosed, or stolen without authorization. This can include personal information like names,
addresses, financial details, or login credentials. Data breaches can occur through a variety
of methods, such as hacking, theft of hardware or software, or the accidental exposure of
data. Once a breach occurs, the affected organization must investigate the incident, notify
impacted individuals, and take steps to secure their systems and prevent future breaches.
Data breaches can have significant consequences, including financial losses, reputational
damage, legal liability, and identity theft for affected individuals.
 Data breach in Relation to Database Security
Some common ways databases are vulnerable to breaches include:
1. Unpatched software vulnerabilities: Cybercriminals exploit known flaws in database
management systems to gain unauthorized access.
2. Weak access controls: Inadequate authentication, authorization, and access management
procedures allow malicious actors to access the database.
3. Misconfigured settings: Improperly configured database settings and security controls can
leave sensitive data exposed.
4. Insider threats: Malicious or negligent database administrators, developers, or other
authorized users can misuse their privileges to steal data.
5. SQL injection attacks: Attackers exploit poorly sanitized user input to execute malicious SQL
commands and extract data from the database.

To prevent database breaches, organizations need to implement robust security measures such
as:
6. Keeping database software and systems fully patched and updated
7. Enforcing strong access controls and access logging
8. Encrypting data both at rest and in transit
9. Implementing firewalls, intrusion detection, and other network security controls
10. Conducting regular security audits and penetration testing
11. Training staff on secure database management practices
When evaluating database security in your environment to decide on your team’s top priorities,
consider each of the following areas:

1. Physical security: Whether your database server is on-premises or in a cloud data center, it must
be located within a secure, climate-controlled environment. If your database server is in a cloud
data center, your cloud provider takes care of this for you.

2. Administrative and network access controls: The practical minimum number of users should
have access to the database, and their permissions should be restricted to the minimum levels
necessary for them to do their jobs. Likewise, network access should be limited to the minimum
level of permissions necessary.

3. User account and device security: Always be aware of who is accessing the database and when
and how the data is being used. Data monitoring solutions can alert you if data activities are
unusual or appear risky. All user devices connecting to the network housing the database should
be physically secure (in the hands of the right user only) and subject to security controls at all
times.

4. Encryption: All data, including data in the database and credential data, should be protected
with best-in-class encryption while at rest and in transit. All encryption keys should be handled in
accordance with best practice guidelines.
5. Database software security: Always use the latest version of your database management
software, and apply all patches when they are issued.

6. Application and web server security: Any application or web server that interacts with the
database can be a channel for attack and should be subject to ongoing security testing and best
practice management.

7. Backup security: All backups, copies or images of the database must be subject to the same (or
equally stringent) security controls as the database itself.

8. Auditing: Record all logins to the database server and operating system, and log all operations
that are performed on sensitive data as well. Database security standard audits should be performed
regularly.
Data protection tools and platforms
capabilities:
Discovery: Look for a tool that can scan for and classify vulnerabilities across all your.

Data activity monitoring: The solution should be able to monitor and audit all data activities
across all databases. It should alert you to suspicious activities in real-time so that you can
respond to threats more quickly. Make sure that any solution you choose can generate the reports
you need to meet compliance requirements.

Encryption and tokenization capabilities: Upon a breach, encryption offers a final line of defense
against compromise. Any tool that you choose should include flexible encryption capabilities that
can safeguard data in on-premises, cloud, hybrid or multi-cloud environments. Look for a tool
with file, volume and application encryption capabilities that conform to your industry’s
compliance requirements, which might demand tokenization (data masking) or advanced security
key management capabilities.

Data security optimization and risk analysis: A tool that can generate contextual insights by
combining data security information with advanced analytics will enable you to accomplish
optimization, risk analysis and reporting with ease. Choose a solution that can retain and
synthesize large quantities of historical and recent data about the status and security of your
databases, and look for one that offers data exploration, auditing and reporting capabilities
through a comprehensive but user-friendly self-service dashboard.
 What is network security?
Network security encompasses all the steps taken to protect the integrity of a computer network
and the data within it. Network security is important because it keeps sensitive data safe from
cyber-attacks and ensures the network is usable and trustworthy. Successful network security
strategies employ multiple security solutions to protect users and organizations from malware
and cyber-attacks, like distributed denial of service.

A network is composed of interconnected devices, such as computers, servers and wireless

networks. Many of these devices are susceptible to potential attackers. Network security involves
the use of a variety of software and hardware tools on a network or as software as a service.
Security becomes more important as networks grow more complex and enterprises rely more on
their networks and data to conduct business. Security methods must evolve as threat actors create
new attack methods on these increasingly complex networks.

No matter the specific method or enterprise security strategy, security is usually framed as
everyone's responsibility because every user on the network represents a possible vulnerability in
that network.
 How does network security work?
Network security is enforced using a combination of hardware and software tools. The primary
goal of network security is to prevent unauthorized access into or between parts of a network.

A security official or team determines strategies and policies that keep an organization's
network safe and help it comply with security standards and regulations. Everyone on the
network must abide by these security policies. Every point in the network where an authorized
user could access data is also a point where data can be compromised, either by a malicious
actor or through user carelessness or mistakes.
 Types of network security software and tools
The choice of security policies and tools varies from network to network and changes over time.
Strong security often involves using multiple approaches, known as layered security or defense in
depth to give organizations as many security controls as possible. The following are some
commonly used types of network security tools and software:

Access control. This method limits access to network applications and systems to a specific
group of users and devices. These systems deny access to users and devices not already
sanctioned.
Antivirus and antimalware. Antivirus and antimalware are software designed to detect, remove or
prevent viruses and malware, such as Trojan horses, ransomware and spyware, from infecting a
computer and, consequently, a network.
Application security. It is crucial to monitor and protect applications that organizations use to run
their businesses. This is true whether an organization creates that application or buys it, as
modern malware threats often target Open Source code and containers that organizations use to
build software and applications.
Behavioral analytics. This method analyzes network behavior and automatically detects and
alerts organizations to abnormal activities.
Cloud security. Cloud providers often sell add-on cloud security tools that provide security
capabilities in their cloud. The cloud provider manages the security of its overall infrastructure
and offers tools for the user to protect their instances within the overall cloud infrastructure. For
example, Amazon Web Services provides security groups that control the incoming and outgoing
traffic associated with an application or resource.
 Cont’
Data loss prevention (DLP). These tools monitor data in use, in motion and at rest to detect and
prevent data breaches. DLP often classifies the most important and at-risk data and trains
employees in best practices to protect that data. For instance, not sending important files as
attachments in emails is one such best practice.

Email security. Email is one of the most vulnerable points in a network. Employees become
victims of phishing and malware attacks when they click on email links that secretly download
malicious software. Email is also an insecure method of sending files and sensitive data that
employees unwittingly engage in.

Firewall. Software or firmware inspects incoming and outgoing traffic to prevent unauthorized
network access. Firewalls are some of the most widely used security tools. They are positioned in
multiple areas on the network. Next-generation firewalls offer increased protection against
application-layer attacks and advanced malware defense with inline deep packet inspection.

Intrusion detection system (IDS). An IDS detects unauthorized access attempts and flags them as
potentially dangerous but does not remove them. An IDS and an intrusion prevention system
(IPS) are often used in combination with a firewall.
Intrusion prevention system. IPSes are designed to prevent intrusions by detecting and blocking
unauthorized attempts to access a network.
 Cont’
Virtual private network (VPN). A VPN secures the connection from an endpoint to an
organization's network. It uses tunneling protocols to encrypt information that is sent over a less
secure network. Remote access VPNs let employees access their company network remotely.

Web security. This practice controls employee web use on an organization's network and devices,
including blocking certain threats and websites, while also protecting the integrity of an
organization's websites themselves.

Wireless security. Wireless networks are one of the riskiest parts of a network and require
stringent protections and monitoring. It's important to follow wireless security best practices,
such as segmenting Wi-Fi users by service set identifiers, or SSIDs, and using 802.1X
authentication. Good monitoring and auditing tools are also needed to ensure wireless network
security.

Workload security. When organizations balance workloads among multiple devices across cloud
and hybrid environments, they increase the potential attack surfaces. Workload security measures
and secure load balancers are crucial to protecting the data contained in these workloads.

Zero-trust network access. Similar to network access control, zero-trust network access only
grants a user the access they must have do their job. It blocks all other permissions.
Benefits of network security
The following are the main benefits of network security:

Functionality. Network security ensures the ongoing high performance of the networks that
businesses and individual users rely on.

Privacy and security. Many organizations handle user data and must ensure the confidentiality,
integrity and availability of data on a network, known as the CIA triad. Network security
prevents the security breaches that can expose PII and other sensitive information, damage a
business's reputation and result in financial losses.

Intellectual property protection. Intellectual property is key to many companies' ability to

compete. Securing access to intellectual property related to products, services and business
strategies helps organizations maintain their competitive edge.

Compliance. Complying with data security and privacy regulations, such as HIPAA and GDPR,
is legally required in many countries. Secure networks are a key part of adhering to these
mandates.
Challenges of network security
Network security involves a number of challenges, including the following:

Evolving network attack methods. The biggest network security challenge is the rate at which
cyber attacks evolve. Threat actors and their methods constantly change as technology changes.
For example, new technology, such as block chain, has led to new types of malware attacks, such
as crypto jacking. As a result, network security defense strategies must adapt to these new
threats.

User adherence. As mentioned, security is every network user's responsibility. It can be difficult
for organizations to ensure that everyone is adhering to network security best practices, while
simultaneously evolving those strategies to address the newest threats.

Remote and mobile access. More companies are adopting bring your own device policies, which
means a more distributed and complex network of devices for organizations to protect. Remote
work is also more prevalent. This makes wireless security more important, as users are more
likely to be using a personal or public network when accessing company networks.

Third-party partners. Cloud providers, managed security services and security product vendors
often get access to an organization's network, opening new potential vulnerabilities.
 Network layers and security
Networks contain layers, as represented by the Open Systems Interconnection (OSI) model. Data
passes through these layers as it travels among devices, and different cyber threats target different
layers. Therefore, each layer in the stack must be secured for the network to be considered
secure.

The defense-in-depth strategy involves multiple layers of security.