Q.1 A) What is security?

Explain the precise definition of security with special

focus on its basic key elements.
Information security
Information security, sometimes abbreviated to InfoSec, is a set of practices intended to keep data secure
from unauthorized access or alterations, both when it's being stored and when it's being transmitted from
one machine or physical location to another. You might sometimes see it referred to as data security. As
knowledge has become one of the 21st century's most important assets, efforts to keep information secure
have correspondingly become increasingly important.
Information security principles
The basic components of information security are most often summed up by the so-called CIA
triad: confidentiality, integrity, and availability.
Confidentiality is perhaps the element of the triad that most immediately comes to mind when you think
of information security. Data is confidential when only those people who are authorized to access it can
do so; to ensure confidentiality, you need to be able to identify who is trying to access data and block
attempts by those without authorization. Passwords, encryption, authentication, and defense against
penetration attacks are all techniques designed to ensure confidentiality.
Integrity means maintaining data in its correct state and preventing it from being improperly modified,
either by accident or maliciously. Many of the techniques that ensure confidentiality will also protect data
integrity—after all, a hacker can't change data they can't access—but there are other tools that help
provide a defense of integrity in depth: checksums can help you verify data integrity, for instance, and
version control software and frequent backups can help you restore data to a correct state if need be.
Integrity also covers the concept of non-repudiation: you must be able to prove that you've maintained the
integrity of your data, especially in legal contexts.
Availability is the mirror image of confidentiality: while you need to make sure that your data can't be
accessed by unauthorized users, you also need to ensure that it can be accessed by those who have the
proper permissions. Ensuring data availability means matching network and computing resources to the
volume of data access you expect and implementing a good backup policy for disaster recovery purposes.
In an ideal world, your data should always be kept confidential, in its correct state, and available; in
practice, of course, you often need to make choices about which information security principles to
emphasize, and that requires assessing your data. If you're storing sensitive medical information, for
instance, you'll focus on confidentiality, whereas a financial institution might emphasize data integrity to
ensure that nobody's bank account is credited or debited incorrectly.
Information security policy
The means by which these principles are applied to an organization take the form of a security
policy. This isn't a piece of security hardware or software; rather, it's a document that an enterprise draws
up, based on its own specific needs and quirks, to establish what data needs to be protected and in what
ways. These policies guide the organization's decisions around procuring cybersecurity tools, and also
mandate employee behavior and responsibilities.
Among other things, your company's information security policy should include:
 A statement describing the purpose of the InfoSec program and your overall objectives
 Definitions of key terms used in the document to ensure shared understanding
  An access control policy, determining who has access to what data and how they can establish
their rights
 A password policy
 A data support and operations plan to ensure that data is always available to those who need it
 Employee roles and responsibilities when it comes to safeguarding data, including who is
ultimately responsible for information security
One important thing to keep in mind is that, in a world where many companies outsource some computer
services or store data in the cloud, your security policy needs to cover more than just the assets you own.
You need to know how you'll deal with everything from personally identifying information stored on
AWS instances to third-party contractors who need to be able to authenticate to access sensitive corporate
info.
Information security measures
As should be clear by now, just about all the technical measures associated with cybersecurity touch on
information security to a certain degree, but there it is worthwhile to think about InfoSec measures in a
big-picture way:
 Technical measures include the hardware and software that protects data — everything from
encryption to firewalls
 Organizational measures include the creation of an internal unit dedicated to information security,
along with making InfoSec part of the duties of some staff in every department
 Human measures include providing awareness training for users on proper InfoSec practices
 Physical measures include controlling access to the office locations and, especially, data centers

Q.1B) briefly explain following terminologies:

a) Principle
A principle is a proposition or value that is a guide for behavior or evaluation. In law, it is a rule that has
to be or usually is to be followed, or can be desirably followed, or is an inevitable consequence of
something, such as the laws observed in nature or the way that a system is constructed. The principles of
such a system are understood by its users as the essential characteristics of the system, or reflecting
system's designed purpose, and the effective operation or use of which would be impossible if any one of
the principles was to be ignored. A system may be explicitly based on and implemented from a document
of principles as was done in IBM's 360/370 Principles of Operation.
Examples of principles are, entropy in a number of fields, least action in physics, those in descriptive
comprehensive and fundamental law: doctrines or assumptions forming normative rules of
conduct, separation of church and state in statecraft, the central dogma of molecular biology, fairness in
ethics, etc.

b) Credential
A credential is a piece of any document that labels a person the HNIC of qualification, competence, or
authority issued to an individual by a third party with a relevant or de facto authority or assumed
competence to do so.
Examples of credentials include academic diplomas, academic degrees, certifications, security
clearances, identification documents, badges, passwords, user names, keys, powers of attorney, and so on.
Sometimes publications, such as scientific papers or books, may be viewed as similar to credentials by
some people, especially if the publication was peer reviewed or made in a well-known journal or
reputable publisher.

c) Vulnerabilities
Vulnerability refers to the inability (of a system or a unit) to withstand the effects of a hostile
environment. A window of vulnerability (WOV) is a time frame within which defensive measures are
diminished, compromised or lacking.
The understanding of social and environmental vulnerability, as a methodological approach, involves the
analysis of the risks and assets of disadvantaged groups, such as the elderly. The approach of
vulnerability in itself brings great expectations of social policy and erotological planning.

d) Authentication
Authentication is the act of proving an assertion, such as the identity of a computer system user. In
contrast with identification, the act of indicating a person or thing's identity, authentication is the process
of verifying that identity. It might involve validating personal identity documents, verifying the
authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or
ensuring that a product or document is not counterfeit.

e) Authorization
Authorization is the function of specifying access rights/privileges to resources, which is related
to information security and computer security in general and to access control in particular. More
formally, "to authorize" is to define an access policy. For example, human resources staff are normally
authorized to access employee records and this policy is usually formalized as access control rules in a
computer system. During operation, the system uses the access control rules to decide whether access
requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources
include individual files or an item's data, computer programs, computer devices and functionality
provided by computer applications. Examples of consumers are computer users, computer Software and
other Hardware on the computer.

Q.2) What is SSL (Secure Sockets Layer)? Also list down the steps involved in
working of SSL/TLS.
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between
a server and a client—typically a web server (website) and a browser, or a mail server and a mail client
(e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login
credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in
plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent
between a browser and a web server, they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used. In this
case, the SSL protocol determines variables of the encryption for both the link and the data being
transmitted. All browsers have the capability to interact with secured web servers using the SSL protocol.
However, the browser and the server need what is called an SSL Certificate to be able to establish a
secure connection.
SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or
when transmitting confidential information. Internet users have come to associate their online security
with the lock icon that comes with an SSL-secured website or green address bar that comes with an
Extended Validation SSL-secured website. SSL-secured websites also begin with https rather than http.

TLS
TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over
the Internet. It is mostly familiar to users through its use in secure web browsing, and in particular the
padlock icon that appears in web browsers when a secure session is established. However, it can and
indeed should also be used for other applications such as e-mail, file transfers, video/audioconferencing,
instant messaging and voice-over-IP, as well as Internet services such as DNS and NTP.
TLS evolved from Secure Socket Layers (SSL) which was originally developed by Netscape
Communications Corporation in 1994 to secure web sessions. SSL 1.0 was never publicly released, whilst
SSL 2.0 was quickly replaced by SSL 3.0 on which TLS is based.
TLS was first specified in RFC 2246 in 1999 as an applications independent protocol, and whilst was not
directly interoperable with SSL 3.0, offered a fallback mode if necessary. However, SSL 3.0 is now
considered insecure and was deprecated by RFC 7568 in June 2015, with the recommendation that TLS
1.2 should be used. TLS 1.3 is also currently (as of December 2015) under development and will drop
support for less secure algorithms. It should be noted that TLS does not secure data on end systems. It
simply ensures the secure delivery of data over the Internet, avoiding possible eavesdropping and/or
alteration of the content.
TLS is normally implemented on top of TCP in order to encrypt Application Layer protocols such as
HTTP, FTP, SMTP and IMAP, although it can also be implemented on UDP, DCCP and SCTP as well
(e.g. for VPN and SIP-based application uses). This is known as Datagram Transport Layer Security
(DTLS) and is specified in RFCs 6347, 5238 and 6083.
Working of TLS
TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good compromise
between performance and security when transmitting data securely.
With symmetric cryptography, data is encrypted and decrypted with a secret key known to both sender
and recipient; typically 128 but preferably 256 bits in length (anything less than 80 bits is now considered
insecure). Symmetric cryptography is efficient in terms of computation, but having a common secret key
means it needs to be shared in a secure manner.
Asymmetric cryptography uses key pairs – a public key, and a private key. The public key is
mathematically related to the private key, but given sufficient key length, it is computationally
impractical to derive the private key from the public key. This allows the public key of the recipient to be
used by the sender to encrypt the data they wish to send to them, but that data can only be decrypted with
the private key of the recipient.
The advantage of asymmetric cryptography is that the process of sharing encryption keys does not have to
be secure, but the mathematical relationship between public and private keys means that much larger key
sizes are required. The recommended minimum key length is 1024 bits, with 2048 bits preferred, but this
is up to a thousand times more computationally intensive than symmetric keys of equivalent strength (e.g.
a 2048-bit asymmetric key is approximately equivalent to a 112-bit symmetric key) and makes
asymmetric encryption too slow for many purposes.
For this reason, TLS uses asymmetric cryptography for securely generating and exchanging a session key.
The session key is then used for encrypting the data transmitted by one party, and for decrypting the data
received at the other end. Once the session is over, the session key is discarded.
A variety of different key generation and exchange methods can be used, including RSA, Diffie-Hellman
(DH), Ephemeral Diffie-Hellman (DHE), Elliptic Curve Diffie-Hellman (ECDH) and Ephemeral Elliptic
Curve Diffie-Hellman (ECDHE). DHE and ECDHE also offer forward secrecy whereby a session key
will not be compromised if one of the private keys is obtained in future, although weak random number
generation and/or usage of a limited range of prime numbers has been postulated to allow the cracking of
even 1024-bit DH keys given state-level computing resources. However, these may be considered
implementation rather than protocol issues, and there are tools available to test for weaker cipher suites.
With TLS it is also desirable that a client connecting to a server is able to validate ownership of the
server’s public key. This is normally undertaken using an X.509 digital certificate issued by a trusted
third party known as a Certificate Authority (CA) which asserts the authenticity of the public key. In
some cases, a server may use a self-signed certificate which needs to be explicitly trusted by the client
(browsers should display a warning when an untrusted certificate is encountered), but this may be
acceptable in private networks and/or where secure certificate distribution is possible. It is highly
recommended though, to use certificates issued by publicly trusted CAs.

Q.3) Explain SS7 protocol stack in detail.

SS7 protocol stack
SS7 is structured in a multi-layered stack which corresponds closely to the layers of the standard OSI
model, although some SS7 components span a number of layers.

The SS7 component parts are:

Layer 1 (Physical): MTP-1 (Message Transfer Part-1)
MTP-1 defines the physical means by which SS7 messages are transferred from one node to another. For
E1 to T1 networks, the physical layer is usually a timeslot of an E1 or T1 frame respectively.
The physical layer specifies only how a sequence of bits is conveyed from one SS7 node to another. It
says nothing about the actual meaning of the bits or how they are grouped together to form a message.
Layer 2 (Data Link): MTP-2
MTP–2 defines how an MTP-1 bit transfer mechanism is used to reliably pass variable length messages
from one SS7 node to another. MTP-2 uses a variant of the High level Data Link Control (HDLC) used in
most modern data transfer protocols. This uses a delimiter to define the start and end of a data frame,
prevents flags occurring in a frame (bit-stuffing) and protection for the entire frame (CRC at the end). It
also defines how CRC errors are handled (by error response and retransmission).
MTP-2 says nothing about the actual content of a message. It simply defines a mechanism by which a
message of any length can be sent 100% reliably between SS7 nodes and can be used by higher layers of
the SS7 protocol.
MTP-2 knows nothing beyond the single point-to-point link it operates on.
Layer 3 (Network Layer): MTP–3
MTP-3 builds on top of the lower-level MTP layers to allow the creation of a network of telephony
network nodes interconnected by SS7 links. Each node is assigned a unique address in the network
(known as a Signaling Point Code or SPC). Messages can be sent at the MTP-3 level in one node to a
topologically distant node (that is with one or more intermediate SS7 nodes) simply by specifying the
Destination Point Code (DPC). MTP-3 entities on the SPC node, the DPC node, and all intermediate
nodes coordinate the transfer of a higher-layer message through the network.
MTP-3 can use multiple parallel routes from SPC to DPC through the network to take account of link
loading and availability (there should always be more than one way to get from any SPC to any DPC).
Upper Layers: TUP (Telephone User Part)
The Telephone User Part (TUP) is used to set up a telephone call between two SS7 nodes. It defines a set
of messages and a protocol using these messages that allows a telephone call to be set up and torn down.
TUP messages flow only immediately before a call is established and then immediately before it is
terminated. No TUP messages are exchanged when a call is in progress.
TUP was one of the first SS7 protocols and designed to support simple analog phones (with little function
over and above call setup and tear-down).
Upper Layers: ISUP (Integrated Services User Part)
The ISUP performs the same function as the TUP (that is, it handles the setup and tear-down of telephone
calls) but it is much more sophisticated providing function available with primary rate ISDN. This
includes calling and called number notification (or suppression), the ability to control billing (charging)
rates, advanced telephony functions such as transfer, and control over whether the voice channel is used
for voice, fax, or data.
As with TUP, ISUP messages flow only during the setup and tear-down phases of a call.
Upper layers: SCCP (Signaling Connection Control Part)
The SCCP runs above the MTP layers and provides a set of facilities similar to those provided by the
UDP and TCP layers of TCP/IP. Specifically, SCCP provides five classes of service such as
connectionless (like UDP) and connection-oriented (like TCP) with options of error recovery and flow
control. It also provides what is known in SS7 as Global Title Translation.
Upper layers: TCAP (Transaction Capabilities Application Part)
The TCAP is designed to implement functions in the SS7 network which are unrelated to the origination
and termination of actual telephone calls. TCAP provides a means by which information can be
transferred from an application at a switch location to another application in another network entity.
One example of TCAP usage is number translation and database transactions and lookup. Another
example of the use of TCAP is the Message Waiting Indicator (MWI) on some telephones which
indicates that a voice message is waiting for the subscriber. An SS7-connected voice mail system sends a
TCAP message to the network to set the MWI flag in a subscriber's database.
Note that TCAP can be used by itself (on top of SCCP and the MTP layers), or it can be used as a
transport layer for higher-level layers such as MAP and INAP (described in following sections).
Upper layers: MAP (Mobile Application Part)
Mobile Application Part (MAP) is the most complex SS7 component and is used in GSM mobile
telephone systems to pass information between the components of the network.
Upper layers: INAP (Intelligent Network Application Part)
The Intelligent Network Application Part (INAP) is used to implement services within a network, which
involve accesses to an SCP and might also involve the use of an Intelligent Peripheral (IP). INAP
messages are sent between network entities using TCAP transactions.
Upper layers: OMAP (Operations and Administration Application Part)
The OMAP is typically used by a network administration facility to control an entire network from a
central point. Facilities provided in OMAP include administration of system databases, maintenance
access and performance monitoring.
SS7 Support for Blueworx Voice Response, which is discussed in the next section, supports the MTP
layers and the ISUP. If you need other layers to be supported contact your Blueworx representative.

Q.4) What is Malware? Briefly explain its types.

Malware
Malware is a program designed to gain access to computer systems, normally for the benefit of some third
party, without the user’s permission. Malware includes computer viruses, worms, Trojan horses,
ransomware, spyware and other malicious programs.

Types of Malware:
Viruses –
A Virus is a malicious executable code attached to another executable file. The virus spreads when an
infected file is passed from system to system. Viruses can be harmless or they can modify or delete data.
Opening a file can trigger a virus. Once a program virus is active, it will infect other programs on the
computer.

Worms –
Worms replicate themselves on the system, attaching themselves to different files and looking for
pathways between computers, such as computer network that shares common file storage areas. Worms
usually slow down networks. A virus needs a host program to run but worms can run by themselves.
After a worm affects a host, it is able to spread very quickly over the network.
Spyware –
Its purpose is to steal private information from a computer system for a third party. Spyware collects
information and sends it to the hacker.

Trojan horse –
A Trojan horse is malware that carries out malicious operations under the appearance of a desired
operation such as playing an online game. A Trojan horse varies from a virus because the Trojan binds
itself to non-executable files, such as image files, audio files.

Logic Bombs –
A logic bomb is a malicious program that uses a trigger to activate the malicious code. The logic bomb
remains non-functioning until that trigger event happens. Once triggered, a logic bomb implements a
malicious code that causes harm to a computer. Cybersecurity specialists recently discovered logic bombs
that attack and destroy the hardware components in a workstation or server including the cooling fans,
hard drives, and power supplies. The logic bomb overdrives these devices until they overheat or fail.

Ransomware –
Ransomware grasps a computer system or the data it contains until the victim makes a payment.
Ransomware encrypts data in the computer with a key which is unknown to the user. The user has to pay
a ransom (price) to the criminals to retrieve data. Once the amount is paid the victim can resume using
his/her system.

Backdoors –
A backdoor bypasses the usual authentication used to access a system. The purpose of the backdoor is to
grant the cyber criminals future access to the system even if the organization fixes the original
vulnerability used to attack the system.

Rootkits –
A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to access the computer
distantly. Most rootkits take advantage of software vulnerabilities to modify system files.

Key loggers –
Key logger records everything the user types on his/her computer system to obtain passwords and other
sensitive information and send them to the source of the keylogging program.
Q.5) What are the steps involved in delivering message? Briefly explain.
Today’s computers are capable of storing all types of files, including documents, songs, videos, and full
applications. When you move one or more files from your local computer to another device or remote
location, you are partaking in the activity of file sharing. In some scenarios, the recipient will have to
accept the file, but typically the transfer will complete automatically.

The Pros and Cons of File Sharing

There are a number of factors to keep in mind before you start actively file sharing. Let’s walk through
some of the key positives and negatives about the process.
Pros
 Allows you to transfer large files over a network connection.
 Makes it easier to collaborate with other people across the globe.
 Reduces the need to maintain a central file server that is always online.
Cons
 Amount of bandwidth required can be costly.
 Hard to trace what happens to a file after it is shared publicly.
 Higher risk of acquiring a virus or other type of malware from a remote file.
 Types of File Sharing
Before you can start distributing files over the internet, you need to determine what method and protocol
you want to use. Your decision should be based on what types of files you are moving and who will be
receiving them. We’ll dive into the main options and explain what scenarios they can help with the most.

File Transfer Protocol (FTP)

FTP was one of the first methods invented for moving data across networks and it remains very popular
today thanks to its reliability and efficiency. FTP actions can be run through a command prompt window
or a tool with a user interface. All it requires is for you to specify the source file you want to move and
the destination where it should be placed.
Great for: Large files, unusual file types, or legacy data.
Example programs: FileZilla, Telnet, WinSCP.

Peer to Peer (P2P)

The purpose of a P2P file transfer is to remove the need for a central server that hosts the data. Instead,
individual clients connect to a distributed network of peers and complete the file transfers over their own
network connections. P2P might eventually be used to create an unstoppable TOR. Whether or not The
Onion Router (TOR) is a truly P2P environment depends on many factors, but its popularity in creating a
more secure online connection is unquestioned.
Great for: Sharing files with a small group of people, files that are unavailable in public repositories.
Example programs: Limewire, Gnutella, BearShare.
Cloud Services
With a cloud file sharing service, one user uploads their data to a central repository and then other users
can download the files to their own devices. All data is hosted by a third party provider, although users
can specify what types of permission levels to put on the files.
Great for: Fast sharing of files, creating backups of data.
Example programs: Dropbox, Box, OneDrive, iCloud.

Email Providers
Some people don’t realize that email can actually function as a file transfer system. Every time you attach
a document to an outgoing message, you are initiating a transfer of that data over the open internet.
Great for: Small files, data that needs explanation.
Example programs: Gmail, Outlook, Yahoo! Mail.

Removable Storage
When no network-based option will fulfill your needs, you can always rely on a physical drive to serve as
your file transfer operation. This means you are literally copying data to a USB flash drive or external
hard drive and plugging that device into the destination computer.
Great for: Massive files, sensitive data.
Example programs: USB thumb drives or external hard drives.

Selecting the Best File Sharing Option

Once you’ve determined what method of file sharing you will use, it’s time to pick an individual service
or product. This can be challenging because of how many options there are, ranging from established
companies to new start-ups. Here are some tips of things to consider when selecting a file sharing
solution.

Price — You’ll want to know how much the service costs upfront and on a monthly or yearly basis. In
some cases you may also have to pay for the bandwidth used during a transfer.
Security — If you are going to trust a cloud provider with hosting of your data, make sure to research
how that information is stored and what is done to protect it.
Compatibility — Find out what types of devices and operating systems will support the file transfers. If
some of your users are not comfortable with new technology, look for options that have simple interfaces.
Limitations — Before making a big investment in a file sharing service, make sure to identify any limits
or restrictions the provider has in terms of the number of files shared or the total amount of data stored.
In most cases, a cloud-based solution will meet your file sharing needs. For personal use, you’ll find a
range of free options. When it comes to file sharing at the enterprise level, you’ll want to look for a tool
that is robust and flexible. The alphabetized list below will help you narrow down the choices.
1. Box
Box was one of the very first cloud-based file storage services to gain popularity. It allows users and
organizations to centralize all of their data and collaborate with other people. Box offers a free option for
individual users and a wide range of paid plans for enterprises.
Great for: Large companies that need to manage huge data systems across the globe.
Pros: Integrates well with enterprise security systems, allows for workflow configuration, and meets
compliance requirements.
Cons: Cheaper plans are very limited, hard to preview files from computers and devices.
Pro tip: Enable email alerts to automatically get notified when a document gets uploaded or changed.
2. Dropbox
Dropbox seeks to provide a single place for individual users and organizations to store all of their
important data. Syncing is a big focus of Dropbox, as it has native applications for mobile devices and
allows you to take your files on the go.
Great for: Small and medium-sized businesses that do not require advanced features, users looking to
back up critical data.
Pros: Large network of users so it is easier to share documents securely, files are always encrypted,
integrate desktop experience.
Cons: Personal free plan only includes 2 GB of storage, new collaboration solutions can be confusing.
Pro tip: Check the version history of a document to see how it has changed over time or even recover it if
it has been accidentally deleted.
3. Google Drive
Google Drive was one of the first companies to bring document collaboration to the cloud with its Google
Docs suite of browser-based tools. The platform behind that is Google Drive, which also works as a great
file sharing service.
Great for: People who already have a Gmail account, small organizations that don’t want to worry about
local storage.
Pros: New users get 15 gigabytes for free, files can be shared with any email address.
Cons: Collaboration requires a Google account, can be difficult to see sharing settings.
Pro tip: Upload images and let Google Drive extract text from them for searching.
4. iCloud Drive
Apple has steadily been releasing improvements to its iCloud suite of online software. New Mac
computers and iOS devices now come with iCloud Drive already installed so that files can be synced
automatically.
Great for: Users who use Apple products at home and at work, file sharing between Apple users.
Pros: Frees up storage space on local hard drive, integration with iMessage and other Apple services.
Cons: Limited integration with Windows, new users only get 5 GB of storage, limited business support.
Pro tip: Try out the family sharing options to easily share images and videos across multiple users.
5. MediaFire
MediaFire is a small but growing cloud-based storage platform that can be used in a browser or on mobile
devices. It aims to be a simplified file sharing solution for users who don’t require fancy features.
Great for: Quick file transfers from one person to another, users who like to share via email.
Pros: No bandwidth limitations, fast bulk downloads, handles multiple uploads through a browser.
Cons: Basic plan includes on-screen ads, limited collaboration options.
Pro tip: Configure a one-time link so that you can make sure your files are not shared more than once.
6. OneDrive
As Microsoft has moved many of its core business products to the cloud, their OneDrive tool has become
an essential part of the Windows operating system. Individual users can back-up their data and create
shared folders across an organization.
Great for: Businesses that use PCs with Windows, individuals with an Outlook email account.
Pros: Integration with Sharepoint, granular permission setting, easy to use with Office.
Cons: No support for Mac OS, can suffer from slow upload and download speeds.
Pro tip: Use the OneDrive mobile app to automatically back up all of your photos to the cloud.
7. SecureDocs
SecureDocs is considered a virtual data room and is designed to cater to businesses that are pursuing
mergers or acquisitions and need to manage secure document sharing. The company offers a flat monthly
pricing structure that includes access for an unlimited number of users. They also offer single-sign-on
options for your existing enterprise authentication tools.
Great for: Instances where security is the top priority.
Pros: Drag and drop folders, flat-rate pricing, one of few providers offering unlimited accounts.
Cons: Challenging to configure permissions, limited integration.
Pro tip: Turn on two-factor authentication to boost security.
8. SugarSync
SugarSync can be run on Mac or Windows computers so that users can easily sync folders to their cloud
account. It first launched in 2008 and caters to both consumer and business users. Their security standard
is equivalent to that of the banking industry.
Great for: Users with messy folders, businesses without a backup solution.
Pros: Easy to restore files online, can create public links to documents.
Cons: No free plan option, syncing speeds can be slow.
Pro tip: View snapshots of your synced documents at any point in time.

9. WeTransfer
WeTransfer aims to be the simplest file sharing service to use by reducing the administrative effort. The
company was founded in 2009. Their primary service allows you to send any file to an email address or
create a one-time link that other people can access.
Great for: One-time file transfers.
Pros: Extremely fast and easy to use, no account required.
Cons: Limit of 2 GB per transfer, no security features.
Pro tip: Upgrade to a business account to track download history.