Department of Information Security and Assurance
Permanent URI for this collectionhttps://cris.hit.ac.zw/handle/123456789/23
Browse
Item Enhancing Security in Electronic Health Records using AES and PBKDF2: A case study of Zimbabwe e-health system(IST-Africa, 2018-01-28) Mutandavari, Mainford; Matema, Chantel; Gotora, Tatenda; Mukosera, Macdonald; Manjoro, WellingtonAs health IT is evolving, the use of traditional methods of storing patient information is being phased out. Notably Zimbabwe has begun digitalizing its medical records in most private and public health centres but limited internet connectivity and patient data harmonisation is still an issue. The viable solution lies in adopting Electronic Health Records (EHRs) which promote data sharing across healthcare providers while also ensuring data integrity and availability. Despite the many efforts by various researchers in suggesting strong encryption and biometric techniques to circumvent data loss or hacks, cyber criminals are getting more experienced due to the availability of more exploitation tools. This technical research presents an analysis of some of the widely implemented security techniques used in securing EHRs and proposes an enhanced hybrid mechanism for EHRs using AES and PBKDF2 within the Zimbabwe health care context. Observations made indicate the enhancement of data integrity, authentication and improved service delivery within the private and public health set up. Furthermore if scaled the e-health platform requires rigorous health personnel training in usage and changing mentality towards user acceptance.Item The Heartbleed Bug: An Open Secure Sockets Layer Vulnerability(International Journal of Science and Research (IJSR), 2012-05-17) Mpofu, Thabiso Peter; Noe, Elisa; Gati, NicholausThe Open Secure Sockets Layer (OpenSSL) is used to provide a secure platform for transactions that happen over theinternet. About two thirds of the servers on the internet use the OpenSSL platform to provide secure transaction over the internet. The OpenSSL is a widely used open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Transactions such as online shopping, emails and online banking are carried out on the internet through the OpenSSL and other platforms which provide a security. Vulnerabilities have however been found in the OpenSSL that has resulted in a wide public outcry all over the world. A vulnerability referred to as the Heartbleed Bug has sent shockwaves all over the internet. From the study we conducted, the scope of the data that has been potentially compromised is astronomical and includes usernames, passwords, bank account and credit card numbers, medical data, documents in online cloud storage. Not only has all of this user data been directly compromised, but, what are worse, the private keys of the servers running the vulnerable versions of OpenSSL were also almost certainly compromised. We recommend patching of affected applications or/and upgrade to versions that are not vulnerable in order to mitigate the risks identified.Item The Use of the Internet to Attract Tourists to Zimbabwe. An Analysis of the Zimbabwe Tourism Authority Website(IJMBS, 2013-03-01) Weston, Darlington Govere; Tsokota, Theo; Chikuta, Oliver; Mukwembi, Alex; Chinofunga, PeterThe continuing rise of the internet as a communications tool for organizations in this informational era presents greater opportunities for marketing activities for tourism enterprises. In other words, the internet serves as a new communication and distribution channel for relevant and necessary tourism information. It is therefore Zimbabwe Tourism Authority’s’ mandate to lure tourists to Zimbabwe using this communication and distribution channel. Zimbabwe Tourism Authority (ZTA) has since employed various marketing techniques to try and lure back the tourists. Among the different and most interesting strategies being used by ZTA, a sound web presence in the form of a good and informative website This paper looks at the potentials inherent in internet technology and highlights how it can be useful in promoting tourism. The research will give Zimbabwe Government, Zimbabwe Tourism Authority (ZTA) and other Organizations involved in promoting Zimbabwe insight on the current situation regarding tourism and the internet in Zimbabwe. To achieve this we assessed the ZTA webpage to determine whether it gives adequate and relevant information to attract tourists.Item Virtual Firewall Security on Virtual Machines in Cloud Environment(International Journal of Scientific & Engineering Research, 2015-02-01) Jekese, G; Subburaj, R; Hwata, CVirtualization is revolutionizing how information technology resources and services are used and managed and has led to an explosive growth in the cloud computing industry, illustrated by Google’s Cloud Platform and Amazon’s Elastic Cloud. It brings unique security problems such as virtual traffic, denial of service and intrusion, resulting in penetration of virtual machines, which is disastrous for the enterprise, the user and the cloud provider. Virtual traffic between virtual machines may never leave the physical host hardware; making traditional physical firewalls hopeless to monitor and secure it. This paper proposes a virtual firewall which allows managing the network security of the virtual infrastructure per-virtual machine basis, defining network traffic rules, and hardening the security of the virtual environment. A private cloud is designed using open source solutions and to manage the firewall rules, we implement a Tree-Rule firewall technique which filters packets in a tree-like way based on their attributes such as IP address and protocols. The speed of filtering and processing packets on virtual firewall is highly improved to avoid overload of the firewall in the particular case. It permits to log and analyze network traffic logs for each of the monitored virtual machines. The virtual firewall will provide the power to control the bandwidth utilization of each virtual machine in the infrastructure, preventing overutilization and denial of service to critical applications.