BARNABAS S MUNATSI

2128500

1. What is the relationship between a TCP packet and UDP packet? Will any specific
transaction usually involve both types of packets? [2M]
Whereas UDP is more concerned with speed and does not report back to the sender, TCP sends a
data packet and then updates the sender on the status of the transfer. I don't believe that any
particular transaction would typically include both TCP and UDP. Personally, I would choose
TCP.
2 How is an application layer proxy firewall different from a packet-filtering firewall?
[2M]
A firewall with packet filtering checks each packet for the permitted source, destination, and port
information. When configured properly, the application layer firewall either permits or prohibits
communication between two programs. They are frequently accessed remotely, which makes
them more up to date and secure against security breaches. Employed for long-term application
objectives.
A firewall with packet filtering, however, permits all packets with a specific source, port, and
destination. The firewall operates by opening and closing information based on the data present
in the packet header. Following the conventional proxy system, the packet behaves as a service
request for the proxy once it has been received and acknowledged by the other end.

3. What is a VPN? Why is it becoming more widely used? [3M]

A virtual private network (VPN) is a method for establishing a secure connection over an
unsecured communication channel, like the public Internet, between a computing device and a
computer network or between two networks.
In its most basic form, a VPN provides an encrypted server and hides your IP address from
organizations, authorities, and potential hackers. A VPN protects your identity and keeps your
data hidden from prying online eyes when utilizing shared or public Wi-Fi.
Instead of routing your internet connection to a hosted server, a VPN gets around your own ISP.
Users can "relocate" themselves and access the internet from almost anyplace thanks to the
widespread distribution of servers. Encryption provides an additional degree of security,
especially for companies that routinely use remote access. Additionally, it can be a useful tool
for streaming, gaming, and travel.
 4. What is RADIUS? What advantage does it have over TACACS? [2M]
RADIUS is an acronym for Remote Authentication Dial-In User Service. Users of this method
connect to a centralized user authentication service using a modem via dial-up. The access point
accepts or rejects the connection based on the service's "accept" or "decline" reply. It has an
advantage over TACACS since it offers a single centralized server to authenticate user access
and reports directly to the remote access server (RAS).

5. What is a DMZ? Is this really an appropriate name for the technology, considering the
function this type of subnet performs? [2M]
Between a trusted network and an untrusted network is a space known as a demilitarized zone
(DMZ). The moniker is appropriate given that arriving traffic cannot reach its target directly.
Because it restricts access and potential vulnerabilities, the DMZ is a security feature.

6. What is Port Address Translation (PAT) and how does it work? [2M]
In addition to network address translation (NAT), port address translation (PAT) enables the
mapping of numerous devices on a local area network (LAN) to a single public IP address. The
preservation of IP addresses is the aim of PAT.
PAT is used by most home networks. In such a case, the router on the home network is given a
single IP address by the Internet Service Provider (ISP). The router assigns Computer X a port
number when it connects to the Internet, and this port number is then added to the computer's
internal IP address. As a result, Computer X now has a special address. When Computer Z
connects to the Internet simultaneously, the router gives it a different port number but the same
local IP address as Computer Y.

7. What is an open port? Why is it important to limit the number of open ports to those
that are absolutely essential? [2M]
Any TCP or UDP service port that receives traffic and provides services at that port address is
said to be open. Unneeded ports are frequently improperly setup and open to abuse. On secure
networks, only necessary services should be made available.
8. What is a vulnerability scanner? How is it used to improve security? What is the
difference between active and passive vulnerability scanners? [4M]
Automated technologies called vulnerability scanners enable enterprises to determine whether
their networks, systems, and applications have security flaws that could make them vulnerable to
assaults. a piece of software or network equipment that searches a variety of network addresses
and port ranges for available services. When a service port is discovered, an attempt is made to
determine the service being offered and to assess its security, maybe through compromising the
service. It is possible to remove or fix a service port that has been poorly configured or is weak
in order to lower risk.
The way they work is the primary distinction between active and passive scanning techniques.
Active scanners query endpoints with test traffic packets, and then examine each response to
look for vulnerabilities. Without actively engaging with endpoints. Passive scanners silently
glean network data to detect weaknesses without actively interacting with endpoints.

9. What are the components of PKI (Public Key Infrastructure)? Explain them? [5M]
PKI (or Public Key Infrastructure) is a framework for encryption and cybersecurity that secures
communications between the server (your website) and the client (the users).Consider all the
resources, people, and services that your team uses to collaborate and exchange information. PKI
is essential in establishing a reliable and secure corporate environment since it permits data
exchange and verification between various servers and users.
Components of Public Key Infrastructure.
1. Digital Certificates- Digital certificates are essential to PKI's operation. A digital certificate
serves as a website or organization's means of electronic identification, similar to a driver's
license. Because the identities of the two parties may be confirmed through certificates, PKI
enables secure connections between two communicating machines. So how are these certificates
obtained by devices? For internal communications, you can make your own certificates. You can
obtain a PKI digital certificate from a reputable third-party issuer, known as a Certificate
Authority, if you need certificates for a business site or something else on a bigger scale.
 2. Certificate Authority- Digital certificates are essential to PKI's operation. A digital
certificate serves as a website or organization's means of electronic identification, similar to a
driver's license. Because the identities of the two parties may be confirmed through certificates,
PKI enables secure connections between two communicating machines. So how are these
certificates obtained by devices? For internal communications, you can make your own
certificates. You can obtain a PKI digital certificate from a reputable third-party issuer, known as
a Certificate Authority, if you need certificates for a business site or something else on a bigger
scale.
 3. Registration Authority- Registration Authority (RA), which is permitted by the Certificate
Authority to give users individual digital certificates. An encrypted certificate database houses
all the certifications that are sought, granted, and revoked by the Registration Authority as well
as the Certificate Authority. A device known as a certificate store, which is often based on a
particular computer and serves as a storage area for all memory pertinent to the certificate
history, including issued certificates and private encryption keys, is another place where
certificate history and information are preserved. A good example of this is Google Wallet.

10. What are the fundamental differences between symmetric and asymmetric

encryption? [4M]
Public-key encryption is another name for asymmetric encryption. The public key and the private
key are used to encrypt communications separately. Because just one key is needed for both
message encryption and decryption, symmetric encryption is unique. Symmetric encryption
increases key management expenses while being much faster for the computer to process.
The same key is utilized for both message encrypting and decrypting in symmetric encryption,
also known as private key encryption. The encryption key must be owned by both the sender and
the recipient. The drawback of symmetric encryption is that the sender can obtain a copy of the
key.
Two distinct keys are used for asymmetries. The message may be encrypted or decrypted using
either key, but only one key may be used for encryption and the other exclusively for decryption.
When one key is used as a private key and the other as a public key, the strategy is most
valuable. The public key is kept in a public place and is accessible to everyone. Asymmetric
encryption has the drawback that it needs four keys to maintain a single conversation between
two parties. Asymmetric encryption uses more keys than symmetric encryption, which makes it
less efficient in terms of CPU computations and key management.

11. If you were setting up an encryption-based network, what key size would you choose
and why? [2M]
Choose the largest key size that is compatible with the tools being used and the environmental
impact on overhead performance. The current gold standard is to guarantee that AES 256-bit
encryption is available on all computing devices.
I have learnt that there are many different security positions that exist in various industries and
organizations, each with its own specific responsibilities and some of them includes
Loss Prevention Officer: A loss prevention officer is responsible for preventing theft or loss
within a retail or commercial organization. This may involve monitoring customers and
employees, conducting investigations, and implementing security measures. Cybersecurity
Analyst: A cybersecurity analyst is responsible for protecting an organization's computer systems
and networks from cyber-attacks. This may involve monitoring network activity, identifying and
addressing vulnerabilities, and responding to security incidents. Information Security Manager:
An information security manager is responsible for developing and implementing an
organization's information security strategy. This may include establishing security policies and
procedures, training employees on security best practices, and managing the organization's
security budget.
Also that The separation of duties is a principle in security and risk management that aims to
prevent fraud, errors, and other types of unauthorized activity by dividing responsibilities among
multiple individuals. The idea is that by dividing tasks and responsibilities, no one individual has
complete control over a particular process or activity, which reduces the risk of mistakes or
malicious behavior.
 

I've looked over my colleagues work and realized that if staff members are well-informed and
fully comprehend the security awareness plan, they can now come up with good ideas on how to
carry out their job functions in accordance with the security policies and how they should handle
security threats. This would involve knowing how to use information technology systems
effectively or securely, handling email attachments and other private matters like creating
passwords, and realizing how crucial timing is in handling security compromise scenarios.