MZUMBE UNIVERSITY

FACULTY OF SCIENCE AND TECHNOLOGY (FST)

DEPARTMENT OF COMPUTING SCIENCE STUDIES (CSS)

COURSE NAME: CRYPTOGRAPHY AND NETWORK SECURITY

COURSE CODE: CSS 325
PROGRAMME: ICTB III
ASSIGNMENT: GROUP ASSIGNEMENT
LECTURER’S NAME: MR. LAURENT PATRICE
SUBMISSION DATE: SATURDAY, 7 JUNE 2025

GROUP NUMBER TWO:

SCOLASTICA S. JAGADI 14323043/T.22
HILDEGALDA MASSAWE 14323038/T.22
FARID K. SULEIMANI 14323007/T.22
ANOLD DEUS KOHOYE 14323018/T.22
CAREEN KALALU 14323045/T.22
SAIDA SALIM HAMIDU 14323022/T.22
NORBETH MWALONGO 14323019/T.22

QUESTIONS.
1.What are the major threats to database security and how can these threats be addressed?
2. Discuss the need for database auditing as the means to secure databases.
3. Why should database servers be placed in a separate network segment or VLAN?
4.What risks are associated with running web applications and databases on the same server?
5. Explain the role of Open Authorization (OAuth) in securing resources for web-based
applications.
QUESTIONS.1
Major threat Major solutions
Unauthorized Access Implement strong authentication and authorization mechanisms.
Use role-based access control (RBAC) to limit access to only
what's necessary.
Enforce multi-factor authentication (MFA).
SQL Injection Use Web Application Firewalls (WAFs) to detect and block SQL
injection attempts.
Validate and sanitize all user inputs.
Ensure proper database design

Unencrypted Data Use TLS/SSL encryption for data in transit.

Transmission Avoid transmitting sensitive data over insecure networks.
Unpatched Vulnerabilities Regularly apply security patches and updates.
Use automated vulnerability scanning tools.
Insider Threats Monitor access logs and use auditing.
Implement least privilege access.
Conduct background checks and regular training on data security.
Denial of Service Use rate limiting and firewalls
(DoS/DDoS) Attacks Implement database resource limits and monitoring.
Deploy redundant systems and load balancing.
Malware and Ransomware Use antivirus and anti-malware tools.
Isolate database servers from general network segments.
Poor Database Follow security best practices for database setup.
Configuration Regularly review configuration settings.
Inadequate Auditing Monitoring who accesses the database and analyzing usage
patterns

Question 2.

Database auditing is the process of monitoring and recording selected user database actions. It is
a critical security control used to detect, deter, and respond to unauthorized or suspicious
activities in a database system.

The reason for the need for Database Auditing as a Means to Secure Databases are: -

Detecting unauthorized access.

Auditing helps identify who accessed what, when, and how. If someone tries to read or modify
data they shouldn't, the audit trail can:

 Reveal the unauthorized activity

  Provide evidence for further investigation

Ensuring Accountability. With auditing:

 Every action is tied to a user or application

 Users are less likely to misuse privileges if they know their actions are being recorded
 Organizations can enforce non-repudiation (users can't deny their actions)

Supporting Compliance. Many data protection regulations (e.g., GDPR, HIPAA, SOX) require:

 Full transparency into data access and usage

 Regular auditing and reporting
 Database auditing provides the records needed to demonstrate compliance and pass
security audits.

Monitoring Privileged Users. Administrators and developers have broad access, which can be
misused. Auditing:

 Tracks high-level operations by privileged accounts

 Detects abnormal behavior like data dumping, schema modifications, or permission
changes

Intrusion Detection and Response. Auditing can function as an early warning system:

 Alerts can be set up for suspicious patterns (e.g., access during odd hours, mass deletions)
 Logs assist in real-time threat detection and post-incident forensics

Maintaining Data Integrity. By recording insert, update, and delete operations, auditing allows
you to:

 Identify and reverse unauthorized or incorrect changes

 Track who altered critical records
 Maintain historical accuracy for business continuity

Question 3.

Placing database servers in a separate network segment or VLAN is a fundamental security and
performance best practice in network architecture. Here’s are reasons below.
Enhanced Security.

 Limits access only to trusted application or web servers

 Reduces the risk of direct attacks from compromised devices or unauthorized users on the
main network
 Protects sensitive data from lateral movement if an attacker breaches another part of the
network.

Improved Performance,

 Reduced Network Congestion: Separating database traffic from regular user traffic
ensures that queries and transactions are not slowed down by other network activities.
 Optimized Resource Allocation: Dedicated bandwidth for database communication
prevents interference from other applications.

Better Compliance and Monitoring.

 Regulatory Compliance: Many security standards (e.g., PCI-DSS, HIPAA, GDPR)

require sensitive data to be stored in isolated environments.
 Simplified Auditing: Monitoring database traffic separately makes it easier to detect
anomalies and unauthorized access attempts.

Fault Isolation and Reliability.

 Protection Against Broadcast Storms: VLAN segmentation prevents unintended network

issues from impacting the database.
 Resilience to External Failures: If another segment experiences high traffic or an attack,
the database remains unaffected.

Better Access Control. Using VLANs or subnets allows you to:

 Apply network access control lists (ACLs) or firewall rules specific to the database
segment
 Enforce least privilege network access (e.g., no direct internet access to the database)

Supports Defense-in-Depth Strategy. By isolating your database layer:

 You create an additional barrier in a multi-layered security model.

  Even if an attacker breaches the web server, they still face another hurdle to access the
database.

In short, isolating database servers in a separate VLAN is a practical, scalable, and essential
measure to secure critical assets in modern IT environments.

Questions 4.

Running web applications and databases on the same server introduces several risks, here is the
breakdown of the risks: -

Security Risks.

 Increased Attack Surface: If an attacker compromises the web application, they gain
direct access to the database.
 Privilege Escalation: A vulnerability in the web application could allow unauthorized
users to execute database commands, leading to data leaks or manipulation.
 Limited Network Isolation: Without segmentation, security policies like firewalls and
access controls are harder to enforce, making it easier for attackers to move laterally.

Compliance and Regulatory Issues

 Data Protection Concerns: Many security standards (e.g., PCI-DSS, HIPAA, GDPR)
recommend separating databases from web-facing applications to reduce exposure.
 Audit Complexity: Monitoring and logging security events are more difficult when both
services run on the same machine.

Performance Issues

 Resource Contention: The web application and database compete for CPU, memory, and
disk I/O, potentially slowing down both services.
 High Traffic Bottlenecks: A surge in web traffic can overload the server, affecting
database query performance and causing delays in data retrieval.

Reliability and Availability issues.

 Single Point of Failure: If the server crashes, both the web application and database go
down.
  Backup Complexity: Maintaining proper backups becomes challenging since both web
and database operations need careful synchronization

Scalability Challenges

 Difficult Upgrades: Scaling a web application or database independently is harder when

they share the same server.

Question 5.

OAuth (Open Authorization) is an open standard protocol that enables secure, delegated access
to protected resources without exposing user credentials. It plays a critical role in securing
modern web-based applications by allowing users to grant limited access to their resources on
one service (like Google or Facebook) to another service (like a third-party app), without sharing
their passwords. Below are the Roles of OAuth in Securing resources for web-based
applications: -

Secure access without Passwords: Users authenticate via a trusted provider, avoiding direct
password sharing.

Token-based authorization: OAuth issues access tokens with limited permissions and expiration
times.

Restricted resource access: Applications can only access specific data that users approve.

Protection against unauthorized Access: Tokens can be revoked, preventing compromised

credentials from affecting accounts.

Enhanced API security: OAuth ensures only authorized apps can interact with protected
resources.
References.
William Stallings, Cryptography and Network Security, Prentice Hall, 2005.
Alfred J. Menezes, Paul C. Oorschot & Scott A. Vanstone, Handbook of Applied
Cryptography, CRC Press, 2001
Michael Howard, David LeBlanc & John Viega, “24 Deadly Sins of Software Security,”
McGraw Hill, 2010.
Thomas Connolly & Carolyn Begg, Database Systems, Addidon-Wesley, 2005.
Charles P. Pflegeer & Shari L. Pfleeger, Security in Computing, Prentice Hall, 2007.
Chris Fry & Martin Nystrom, Security Monitoring, O’Really, 2009.
D. Hardt, “The OAuth 2.0 Authorization Framework,” RFC 6749, Internet Engineering
D. Stuttard and M. Pinto, The Web Application Hacker’s Handbook: Finding and Exploiting
Security Flaws, 2nd ed., Wiley, 2011.
M. Schwartz, Securing the Perimeter: Deploying Identity and Access Management with Free
Open Source Software, Apress, 2018.