Qn a.

) Describe the differences between Symmetric encryption and Asymmetric

encryption, and provide examples of when each type of encryption is
commomly used in cyber security.

Encryption

In cryptography, encryption is the process of transforming (more specifically, encoding)

information in a way that, ideally, only authorized parties can decode. This process converts the
original representation of the information, known as plaintext, into an alternative form known
as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the
intelligible content to a would-be interceptor. They are two types of encryption; symmetric and
Asymmetric encryption

Symmetric Encryption
Symmetric encryption is a method of encryption where the same key is used for both
encryption and decryption of data. This key is a shared secret between the sender and the
receiver, making it essential to keep it secure. Symmetric encryption is also known as "shared-
key" or "private-key" encryption. Its only one key is used on both encryption and decryption.

How Symmetric Encryption works

The process of symmetric encryption involves several steps:
1. Key Generation: A private key is generated and securely shared between the sender and
the receiver.
2. Encryption: The plaintext (original message) is converted into ciphertext (unintelligible
text) using the shared secret key and an encryption algorithm.
3. Transfer of Ciphertext: The ciphertext is transmitted over the network. Even if
intercepted, it remains unintelligible without the shared secret key.
4. Decryption: The receiver uses the shared secret key and the reverse encryption
algorithm to convert the ciphertext back into plaintext1.

Asymmetric Encryption
Asymmetric encryption, also known as public-key cryptography, is a method of encryption that
uses a pair of keys: a public key and a private key. This technique is fundamental to secure
communications over the internet and is widely used in various applications such as secure
email, online banking, and digital signatures
How It Works
In asymmetric encryption, the public key is used to encrypt data, and the private key is used to
decrypt it. The public key can be shared with anyone, while the private key is kept secret by the
owner. This eliminates the need for a secure key exchange, which is a significant advantage
over symmetric encryption
For example, if Alice wants to send a secure message to Bob, she would use Bob's public key to
encrypt the message. Bob would then use his private key to decrypt it. This ensures that only
Bob can read the message, even if it is intercepted by a third party

Differences between Symmetric encryption and Asymmetric encryption

Let’s both types of encryption to explore their algorithms, use cases, strengths, and
weaknesses.

Symmetric Key Encryption Asymmetric Key Encryption

Number of Only one key is used for encryption and This process uses two separate keys to
Keys decryption. encrypt (public) and decrypt (private) data.

The message sender can access the

The symmetric key is accessible to both
Key recipient’s public key (which is publicly
the sender and recipient. However, it
Security known), whereas the private key securely
should not be shared publicly.
remains with the recipient only.

Popular Advanced Encryption Standard

Diffie-HellmanRSAECDSAElGamalDSAECC
Algorithms (AES)ChaCha20BlowfishSerpentRC5

Symmetric key length ranges from 40 bits Asymmetric keys can be as long as 4096
Key Length
to 256 bits. bits.

Processes faster due to its shorter key and It’s a slower process due to its larger keys
Speed
smaller computational load. and larger computational load.
 It is preferable for encrypting data at rest
It is preferable for encrypting smaller
Preferable and large quantities of transmitted data
amounts of data, particularly in a public
Usage when using a secure, encrypted
(i.e., insecure) channel.
connection.

The more endpoints that are involved, the

Number of Asymmetric encryption is preferable when
riskier the key distribution process
Endpoints many endpoints are involved.
becomes.

Examples of when each type of encryption is commonly used in cybersecurity

Example when Symmetric is commonly used in Cyber security

Symmetric encryption is widely used in cybersecurity because it provides fast and efficient
encryption and decryption for protecting sensitive data. Here are several common scenarios
where symmetric encryption is used:

1. Encrypting Files and Data at Rest

 Example: File Encryption

Symmetric encryption is often used to protect files stored on a device or server. For
example, if you use encryption software to protect files on your laptop, such as
BitLocker (Windows) or FileVault (macOS), they encrypt the files using a symmetric
encryption algorithm (like AES). This ensures that even if someone gains unauthorized
access to your storage, they cannot read your files without the encryption key.

2. Virtual Private Networks (VPNs)

 Example: VPN Data Encryption

When you connect to a VPN, your internet traffic is encrypted using symmetric
encryption. The VPN client and server exchange a session key (using asymmetric
encryption), then use that key to encrypt and decrypt data between your device and the
VPN server. This ensures that your online activities are kept private, even on unsecured
networks (like public Wi-Fi).

3. Disk Encryption
  Example: Full Disk Encryption (FDE)
Symmetric encryption is also used for encrypting entire hard drives or storage devices.
Tools like BitLocker, Veracrypt, or LUKS use symmetric encryption (typically AES) to
encrypt the entire disk. This prevents unauthorized users from accessing the data if the
device is lost or stolen. Only those with the decryption key can access the data.

4. Secure Communications (End-to-End Encryption)

 Example: Messaging Apps (e.g., WhatsApp, Signal)

Symmetric encryption is used in messaging applications like WhatsApp or Signal for
encrypting the messages exchanged between users. When you send a message, it's
encrypted using a symmetric key, which both the sender and recipient share. Since
symmetric encryption is faster, it's ideal for encrypting the bulk of the communication
(the message itself). Only the intended recipient can decrypt the message with the
shared key.

5. SSL/TLS for Web Browsing (HTTPS)

 Example: Web Traffic Encryption

Symmetric encryption is a crucial part of the SSL/TLS protocol used in HTTPS to secure
web browsing. Initially, the browser and server use asymmetric encryption to exchange
a session key securely. Then, they use symmetric encryption (like AES) to encrypt the
actual data (e.g., web pages, login credentials) during transmission. This ensures that
the data sent between your browser and the web server is private and protected from
eavesdropping.

6. Secure Email Communication

 Example: Email Encryption (S/MIME or PGP)

Symmetric encryption can also be used to protect email messages. In systems like
S/MIME or PGP, the email body and attachments are encrypted using a symmetric key.
The symmetric key is then itself encrypted using the recipient's public key (asymmetric
encryption), ensuring that only the intended recipient can decrypt the message with
their private key.

7. Database Encryption

 Example: Database at Rest

Databases often use symmetric encryption to protect sensitive data stored within them.
For example, a company may encrypt sensitive customer information (such as credit
card numbers) using symmetric encryption (AES or 3DES) before storing it in a database.
This ensures that even if an attacker gains access to the database, they cannot read the
encrypted data without the key.
8. Encrypted Backups

 Example: Backup Encryption

Backups of important data (whether cloud-based or on physical storage) are often
encrypted using symmetric encryption to ensure the data remains secure. For instance,
backup solutions like Acronis True Image or Veeam encrypt backup files with symmetric
encryption to prevent unauthorized access if the backup media is lost, stolen, or
compromised.

9. Wi-Fi Encryption

 Example: WPA2/WPA3 Encryption for Wi-Fi

Symmetric encryption is used in Wi-Fi security protocols, such as WPA2 or WPA3. When
a device connects to a Wi-Fi network, the router and device agree on a symmetric key
that will be used to encrypt all the data transmitted over the Wi-Fi connection. This
prevents attackers from intercepting and reading the data sent over the network.

10. Tokenization and Payment Systems

 Example: Payment Card Encryption (Tokenization)

In payment systems, symmetric encryption is often used to protect sensitive card
information during transactions. For example, when you use a credit card online, the
card details may be tokenized replacing your real card number with a randomly
generated token and then encrypted using a symmetric encryption algorithm before
being transmitted securely.

Example when Symmetric is commonly used in Cyber security

Here are some common scenarios where asymmetric encryption is used in cybersecurity:

1. Secure Web Browsing (SSL/TLS)

 Example: HTTPS and SSL/TLS Protocol

Asymmetric encryption is crucial in establishing a secure connection between your
browser and a web server. When you visit a secure website (HTTPS), the server sends its
public key to your browser. Your browser uses this public key to encrypt a symmetric
session key (using RSA or another algorithm), which is then shared securely with the
server. Once the session key is established, symmetric encryption (like AES) is used to
encrypt the data for speed. Thus, asymmetric encryption ensures a secure key exchange
before switching to faster symmetric encryption.
2. Digital Signatures

 Example: Signing Documents or Software

Asymmetric encryption is used for digital signatures, which verify the authenticity and
integrity of data. For example, when someone sends you a digitally signed document or
email, the sender signs it using their private key. You can verify the signature using the
sender’s public key. This ensures that the document was sent by the true sender and
has not been altered.
o Application in Software: Developers often use asymmetric encryption to sign
software code (e.g., for apps or operating system updates). The signature proves
the software's authenticity and that it hasn't been tampered with during
transmission.

3. Email Encryption

 Example: PGP or S/MIME for Encrypted Emails

Asymmetric encryption is used in email encryption systems like PGP (Pretty Good
Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions). With these
systems:
o The sender encrypts the email using the recipient’s public key.
o The recipient then decrypts it using their private key.

This ensures that only the intended recipient can read the email, even if it is intercepted
in transit.

4. SSH (Secure Shell) for Remote Access

 Example: Secure Remote Login and File Transfer

When you access a remote server via SSH (commonly used for secure command-line
access or file transfer), asymmetric encryption is used for authentication and
establishing the connection:
o The server has a public key that it shares with clients.
o Clients use the server’s public key to encrypt the session initiation, while the
server decrypts it using its private key.

SSH also uses asymmetric encryption to verify the identity of the connecting device (by
comparing the stored public keys with the keys presented during connection), ensuring
that the user is connecting to the correct server and not a man-in-the-middle.

5. Cryptocurrencies and Blockchain

 Example: Bitcoin and Blockchain Transactions

Asymmetric encryption is used extensively in cryptocurrencies like Bitcoin to secure
 transactions. Every cryptocurrency wallet contains a private key (used to sign
transactions) and a public key (used to receive funds).
o When you initiate a transaction, you sign it using your private key.
o The network verifies your transaction by checking it against your public key.

This ensures that only the owner of the private key (the person with the corresponding
public key) can authorize transactions, providing a secure way to transfer
cryptocurrency.

6. Two-Factor Authentication (2FA)

 Example: RSA or ECDSA in 2FA Systems

Asymmetric encryption is sometimes used in two-factor authentication (2FA) systems,
especially in hardware tokens or certificates. For example:
o In systems like RSA SecurID or smartcards, the device contains a private key that
is used to sign authentication requests.
o The service you’re authenticating to has the corresponding public key to verify
the signature and confirm your identity.

This strengthens the security of the authentication process because only someone with
the correct private key can authenticate successfully.

7. VPN Key Exchange (IPsec)

 Example: IPsec VPNs

Asymmetric encryption is used in IPsec (Internet Protocol Security) VPNs to securely
exchange keys between devices.
o In an IPsec VPN connection, the two devices (e.g., client and server) use
asymmetric encryption to exchange symmetric keys securely.
o After the keys are exchanged using public-private key pairs, symmetric
encryption (like AES) is used for the actual data transfer because it's faster.

8. Digital Certificates and Public Key Infrastructure (PKI)

 Example: SSL/TLS Certificates

Digital certificates are a form of asymmetric encryption used to verify the identity of
websites, organizations, or individuals. The certificate contains the public key of the
certificate holder and is issued by a trusted Certificate Authority (CA).
o When you visit a website using HTTPS, the server sends you its public key
through its SSL/TLS certificate. Your browser uses the public key to encrypt data
sent to the server, ensuring that communication is secure and that you’re
interacting with a trusted entity.

9. Secure File Sharing

  Example: Encrypted File Sharing Services
Asymmetric encryption is used in many file-sharing services to protect files during
transmission. For instance, when you upload a file to a cloud storage service, the service
may encrypt the file using your public key, ensuring that only you (with the
corresponding private key) can decrypt and access it. This prevents unauthorized
access, even if someone gains access to the cloud storage system.

Qn b.) What are the role of a firewall in networking security, and how does it
protect against unauthorized access and cyber threats?

A Firewall is a network security device that monitors and filters incoming and outgoing network
traffic based on an organization’s previously established security policies. At its most basic, a
firewall is essentially the barrier that sits between a private internal network and the public
Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous
traffic out.

What Does A Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the guesswork out of host
level protections and entrusts them to your network security device. Firewalls, and especially
Next Generation Firewalls, focus on blocking malware and application-layer attacks, along with
an integrated intrusion prevention system (IPS), these Next Generation Firewalls can react
quickly and seamlessly to detect and react to outside attacks across the whole network. They
can set policies to better defend your network and carry out quick assessments to detect
invasive or suspicious activity, like malware, and shut it down.

The Different Types of Firewalls

 Packet filtering

A small amount of data is analyzed and distributed according to the filter’s standards.
 Proxy service

Network security system that protects while filtering messages at the application layer.

 Stateful inspection firewall

Dynamic packet filtering that monitors active connections to determine which network packets
to allow through the Firewall.

 Next Generation Firewall (NGFW)

Deep packet inspection Firewall with application-level inspection.

Roles of a firewall

The primary use of a firewall in networking is to secure the network from cyberattacks. For
example, a firewall prevents malicious and unwanted content from entering your environment.
As well, a firewall protects vulnerable systems and private data in the network from
unauthorized access–such as hackers or insiders. Below are the explained roles of a firewall;

1. Protection against cyber threats: Protects against cyber threats by monitoring and
controlling incoming and outgoing network traffic based on predetermined security
rules. For example if a firewall detects an attempt from unauthorized IP address to
access an internal database, it will block the request, there by preventing data
breaches.
2. Access control: Deals with the restrictions and manages who or what can view or use
resources in a computing Environment. It plays a critical role in protecting data,
applications and networks by ensuring that only authorized users have access to specific
resources and preventing un authorized users from entering restricted areas
3. Traffic filtering: Firewalls filter data packets entering and leaving the network. They
examine each packet and determine if it meets the security criteria set by the
organization. For instance, if an attacker tried to access a sensitive part of a network, a
firewall can block that request based on its rules.
4. Network monitoring and logging: Network monitoring is the process of discovering,
mapping, and tracking the health of a network across the hardware and software layers.
 The aim is to keep track of every aspect of the network infrastructure and provide
comprehensive visibility. It is the work of a firewall to monitor the functionality of the
network without cyber-attacks and this is done through the protocols put across for the
right users of the network
5. Content filtering: a content filter firewall works to block access to information that can
be deemed malicious or harmful. In an organization, a content filtering firewall can be
used to screen and exclude access to certain websites or emails deemed unsafe,
suspicious, or objectionable. The most common security measure is when companies
filter and block employee access to certain social media and streaming services. But it
works beyond blocking certain sites. Organizations are also able to block keywords and
search terms. Network content filtering systems help ensure that organizations are
automatically reinforcing their security and actively enforcing their corporate policies
around information system management.
6. Data loss prevention: DLP enables businesses to detect data loss, as well as prevent the
illicit transfer of data outside the organization and the unwanted destruction of sensitive
or personally identifiable data

Network address translation: Is a process in which one or more local IP addresses are
translated into one or more Global IP addresses and vice versa to provide Internet access to the
local hosts. It also does the translation of port numbers, i.e., masks the port number of the host
with another port number in the packet that will be routed to the destination. It then makes
the corresponding entries of IP address and port number in the NAT table. NAT generally
operates on a router or firewall.
Working of Network Address Translation (NAT)
Generally, the border router is configured for NAT i.e. the router which has one interface in
the local (inside) network and one interface in the global (outside) network. When a packet
traverse outside the local (inside) network, then NAT converts that local (private) IP address
to a global (public) IP address. When a packet enters the local network, the global (public) IP
address is converted to a local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets
will be dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to
the destination is sent.

7. Intrusion prevention Intrusion Prevention are network security technologies that monitor
real-time network activity for suspicious activity and take automated actions to prevent
it. They are usually located behind a firewall and function as another filter for malicious
activity.
How does Firewall protect against unauthorized access and cyber threats?

Here’s how a firewall protects against unauthorized access and cyber threats:

1. Traffic Filtering and Inspection

 A firewall examines the data packets that flow between networks to determine whether
they should be allowed or blocked. It inspects key attributes of each packet, such as the
source IP address, destination IP address, port numbers, and protocol (e.g., TCP, UDP,
ICMP).
 Based on these attributes, the firewall applies rules to decide whether to permit or
block the traffic. For example, a rule might allow traffic from trusted internal systems
but block incoming connections on ports commonly used for attacks (e.g., port 23, used
for Telnet).
 Firewalls can block malicious or unauthorized traffic while permitting legitimate traffic.
This helps prevent unauthorized access and restricts the ability of attackers to gain entry
into the network.

2. Access Control

 Access control lists (ACLs) are used to define which users or devices can access specific
resources in the network. For example, a firewall can be configured to allow only
specific IP addresses or subnets to access a certain server or application.
 Firewalls can enforce policies such as:
o Allowing only certain devices or IP addresses to communicate with critical
systems (e.g., allowing only corporate laptops to connect to a server).
o Blocking access from known malicious IP addresses or geographical regions
(e.g., blocking all inbound traffic from countries where the organization does not
do business).
o Restricting traffic to specific ports or services to minimize attack surfaces.

3. Stateful Packet Inspection (SPI)

 Modern firewalls, particularly stateful firewalls, maintain a record of ongoing network

connections. When a packet arrives, the firewall checks whether it is part of an existing,
legitimate connection or a new, unsolicited connection.
 Stateful Packet Inspection (SPI) ensures that incoming packets are part of an
established, legitimate connection. For example, if a user inside the network initiates a
request to a web server, the firewall allows the response from the server to return to
the user. However, it will block any unsolicited requests from external sources that try
to establish a connection.
  This prevents attackers from establishing unauthorized connections with systems inside
the network (e.g., blocking external attempts to initiate communication with internal
servers).

4. Application Layer Filtering

 Firewalls can also filter traffic based on specific applications or services rather than just
network protocols or ports. This is called application-layer filtering or deep packet
inspection (DPI).
 For example, a firewall can inspect traffic for specific applications like HTTP (web traffic),
FTP (file transfers), or DNS (domain name resolution). It can block or restrict specific
applications that are often targeted by cyber threats, such as:
o Blocking dangerous file-sharing protocols (e.g., FTP, SMB) that are commonly
used for data exfiltration.
o Blocking malicious websites or known phishing sites that try to trick users into
disclosing sensitive information.

5. Intrusion Detection and Prevention (IDP)

 Many firewalls are equipped with intrusion detection (IDS) and intrusion prevention
(IPS) capabilities, which analyze network traffic in real-time for signs of malicious
activity.
 Intrusion Detection: The firewall monitors traffic for suspicious patterns, such as
unusual access attempts, port scans, or known attack signatures (e.g., SQL injection or
cross-site scripting attempts). If it detects such activities, it alerts administrators.
 Intrusion Prevention: In addition to detecting threats, the firewall can actively block
traffic that matches known attack patterns or signatures, preventing an attack before it
can cause harm.

6. Virtual Private Network (VPN) Support

 Many firewalls also support VPNs (Virtual Private Networks), which create secure,
encrypted tunnels for remote users to connect to the internal network over the
internet.
 By encrypting the traffic between a remote user and the internal network, a firewall
ensures that even if the communication is intercepted by attackers, it remains
unreadable.
 The firewall can also authenticate remote users, ensuring that only authorized
individuals can access the network via the VPN.

7. Blocking Malicious Outbound Traffic

 While firewalls primarily focus on blocking incoming traffic from external sources, they
can also block outbound traffic that is suspicious or unauthorized.
  This is particularly important in the event of a compromise if an attacker gains access to
a network, they might attempt to send stolen data out to an external server or
communicate with a command-and-control server.
 By monitoring and controlling outbound connections, firewalls can prevent attackers
from exfiltrating sensitive data or furthering their malicious activities.

8. Blocking Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

Attacks

 DoS and DDoS attacks involve overwhelming a target system with massive amounts of
traffic to make it unavailable. Firewalls can detect and block these attacks by identifying
abnormal traffic patterns and limiting or blocking requests that exceed normal
thresholds.
 Firewalls may use rate limiting, IP blacklisting, and traffic analysis to mitigate the
effects of DDoS attacks.

9. Logging and Monitoring

 Firewalls log all incoming and outgoing traffic, including allowed and blocked
connections. These logs are essential for identifying potential security incidents and for
auditing network activity.
 Administrators can analyze these logs to spot signs of unauthorized access, data
breaches, or other suspicious activity. For example, if there’s a sudden surge in traffic
from an external IP address, the firewall log might indicate an attempted brute-force
attack or port scan.
 Regular monitoring of firewall logs and alerts allows for quick response to potential
threats.

10. Policy Enforcement and Compliance

 Firewalls help organizations enforce security policies and compliance regulations by

controlling access to sensitive data or systems based on user roles, applications, or
devices.
 For example, firewalls can block non-compliant devices (e.g., unencrypted devices or
unauthorized devices) from accessing critical resources, ensuring compliance with
standards like HIPAA, PCI-DSS, or GDPR.
COLLEGE : SOMAC
COURSE UNIT : INTRODUCTION TO INFORMATION TECHNOLOGY
COURSE CODE : ITE 1101/ DIT 1102
GROUP : ONE
LECTURER : MR LABOR SIMON
GROUP MEMBERS

NAMES REGISTRATION NUMBER programm SIGNTURE

1 Atuhairwe Andrew 2024-08-31430 BIT
2 Amaro Gift 2024-08-30342 DIT
3 Atulinda Bruse 2024-08- BIT
4 Babirye Shamilah 2024-08-31887 BIT
5 Kavuma ELVIS 2024-08-33218 BIT
6 Rashmie Hanan Nabbosa 2024-08-32528 BIT