CYB 201 FUNDAMENTALS OF CYBER SECURITY II LECTURE

NOTES
Operating system protection mechanisms
Operating systems manage both logical and physical resources to
prevent interference with each other and unauthorized access from
external sources. These methods are categorized as protection and
security in the operating system. Computing resources, such
as CPUs, disks, and memory, are secured and protected by this
management. This can be accomplished by assuring the operating
system's, confidentiality, availability, and integrity. Unauthorized
access, viruses, worms, and other threats must be prevented from
entering the system.
What is Protection and Security in Operating Systems?
OS uses two sets of techniques to counter threats to information
namely:
 Protection
 Security
Protection
Protection tackles the system's internal threats. It provides a
mechanism for controlling access to processes, programs, and user
resources. In simple words, It specifies which files a specific user
can access or view and modify to maintain the proper functioning
of the system. It allows the safe sharing of common physical
address space or common logical address space which means
that multiple users can access the memory due to the physical
address space.
Let's take an example for a better understanding, suppose In a
small organization there are four employees p1, p2, p3, p4, and two
data resources r1 and r2. The various departments frequently
exchange information but not sensitive information between all
employees. The employees p1 and p2 can only access r1 data
resources and employees p3 and p4 can only access r2 resources. If
the employee p1 tries to access the data resource r2, then the
employee p1 is restricted from accessing that resource. Hence, p1
will not be able to access the r2 resource.
Security
Security tackles the system's external threats. The safety of their
system resources such as saved data, disks, memory, etc. is
secured by the security systems against harmful modifications,
unauthorized access, and inconsistency. It provides a
mechanism (encryption and authentication) to analyze the user
before allowing access to the system.
As discussed in the previous example, In the organization data
resources are shared with many employees but a user who does not
work for that specific company cannot access this information.
Security can be achieved by three
attributes: confidentiality (prevention of unauthorized resources

1
and modification), integrity (prevention of all unauthorized users),
and availability (unauthorized withholding of resources).
Difference between Protection and Security
Protection Security
Protection deals with who has access Security gives the system access only to
to the system resources. authorized users.
Protection tackles the Security tackles the
system's internal threats. system's external threats.
More complex queries are addressed in
Protection addresses simple queries.
security.
It specifies which files a specific user It defines who is permitted to
can access or view and modify. access the system.
Encryption and certification
An authorization mechanism is used
(authentication) mechanisms are
in protection.
implemented.
Protection provides a mechanism for While security provides a mechanism to
controlling access to processes, safeguard the system resources and the
programs, and user resources. user resources from all external users.
Threats to Protection and Security
A program that is malicious in nature and has harmful impacts on a
system is called a threat. Protection and security in an operating
system refer to the measures and procedures that can ensure the
confidentiality, integrity, and availability (CIA) of operating
systems. The main goal is to protect the OS from various threats,
and malicious software such as trojans, worms, and other viruses,
misconfigurations, and remote intrusions.
Common Threats That Occur in a System
In a system, some common threats include the following:
Virus
A computer virus is a form of malware, or malicious software, that
transmits between computers and corrupts software and data.
Generally, viruses are small pieces of code that are embedded in a
system. They can corrupt files, erase data, crash systems, and other
things, making them extremely dangerous. Also, they can expand
by replicating themselves.
Trojan Horse
A Trojan Horse Virus is a form of malware that downloads on a
computer by impersonating a trustworthy program. A Trojan
horse can get unauthorized access to a system's login information.
A malicious user may then use them to enter the system.
Worm
A computer worm is a sort of malware whose main purpose is to
keep operating on infected systems while self-replicating and
infecting other computers. By using a system's resources to
extreme levels, a worm can completely destroy it. It has the ability

2
to produce duplicate copies that occupy all available resources and
prevent any other processes from using them.
Trap Door
A trap door is basically a back door into software that anyone can
use to access any system without having to follow the normal
security access procedures. It may exist in a system without the
user's knowledge. As they're so hard to detect, trap doors need
programmers or developers to thoroughly examine all of the
system's components in order to find them.
Denial of Service
A Denial-of-Service (DoS) attack aims to shut down a computer
system or network so that its intended users are unable to access
it. These kinds of attacks prevent authorized users from accessing
a system.
Methods to Ensure Protection and Security in Operating
System
 Keep a Data Backup: It is a safe option in case of data
corruption due to problems in protection and security, you
can always require it from the Backup.
 Beware of suspicious emails and links: When we visit
some malicious link over the internet, it can cause a serious
issue by acquiring user access.
 Secure Authentication and Authorization: OS should
provide secure authentication and authorization for access to
resources and also users should keep the credentials safe to
avoid illegal access to resources.
 Use Secure Wi-Fi Only: Sometimes using free wifi or
insecure wifi may cause security issues, because attackers
can transmit harmful programs over the network or record
the activity etc, which could cause a big problem in the worst
case.
 Install anti-virus and malware protection: It helps to
remove and avoid viruses and malware from the system.
 Manage access wisely: The access should be provided to
apps and software by thorough analysis because no software
can harm our system until it acquires access. So, we can
ensure to provide suitable access to software and we can
always keep an eye on software to see what resources and
access it is using.
 Firewalls Utilities: It enables us to monitor and filter
network traffic. We can use firewalls to ensure that only
authorized users are allowed to access or transfer data.
 Encryption and Decryption Based transfer: The data
content must be transferred according to an encryption
algorithm that can only be reversed with the appropriate
decryption key. This process protects your data from
unauthorized access over the internet, also even if data is
stolen it would always remain unreadable.

3
  Be cautious when sharing personal information: The
personal information and credentials must be shared only
with trusted and safe sources by not doing so attackers can
use this information for their intent which could be harmful
to the system's security.
Study Question:
1. Which mechanism is implemented in protection to control
access to system resources?
2. What type of attack aims to shut down a computer system or
network, preventing its intended users from accessing it?

Intrusion detection system (IDS)

Originally, system administrators performed intrusion detection by sitting
in front of a console and monitoring user activities. They might detect
intrusions by noticing, for example, that a vacationing user is logged in
locally or that a seldom-used printer is unusually active. Although
effective enough at the time, this early form of intrusion detection was ad
hoc and not scalable.
More recent intrusion detection efforts have centered on developing
products that users can effectively deploy in large networks. This is no
easy task, given increasing security concerns, countless new attack
techniques, and continuous changes in the surrounding computing
environment.
Intrusion Detection Overview: The goal of intrusion detection is
seemingly simple: to detect intrusions. However, the task is difficult, and
in fact intrusion detection systems do not detect intrusions at all—they
only identify evidence of intrusions, either while they're in progress or
after the fact. Such evidence is sometimes referred to as an attack's
"manifestation." If there is no manifestation, if the manifestation lacks
sufficient information, or if the information it contains is untrustworthy,
then the system cannot detect the intrusion.
For example, suppose a house monitoring system is analyzing camera
output that shows a person fiddling with the front door. The camera's
video data is the manifestation of the occurring intrusion. If the camera
lens is dirty or out of focus, the system will be unable to determine
whether the person is a burglar or the owner.
Data collection issues: For accurate intrusion detection, we must have
reliable and complete data about the target system's activities. Reliable
data collection is a complex issue in itself. Most operating systems offer

4
some form of auditing that provides an operations log for different users.
These logs might be limited to the security-relevant events (such as failed
login attempts) or they might offer a complete report on every system call
invoked by every process. Similarly, routers and firewalls provide event
logs for network activity. These logs might contain simple information,
such as network connection openings and closings, or a complete record
of every packet that appeared on the wire.
Detection techniques Auditing your system is useless if you don't
analyze the resulting information. How intrusion detection systems
analyze collected data is an important system characteristic. There are
two basic categories of intrusion detection techniques: anomaly detection
and misuse detection.
Anomaly detection: Anomaly detection uses models of the intended
behavior of users and applications, interpreting deviations from this
"normal" behavior as a problem. A basic assumption of anomaly detection
is that attacks differ from normal behavior. For example, we can model
certain users' daily activity (type and amount) quite precisely. Suppose a
particular user typically logs in around 10 a.m., reads mail, performs
database transactions, takes a break between noon and 1 p.m., has very
few file access errors, and so on. If the system notices that this same user
logs in at 3 a.m., starts using compilers and debugging tools, and has
numerous file access errors, it will flag this activity as suspicious. The
main advantage of anomaly detection systems is that they can detect
previously unknown attacks. By defining what's normal, they can identify
any violation, whether it is part of the threat model or not. In actual
systems, however, the advantage of detecting previously unknown
attacks is paid for in terms of high false-positive rates. Anomaly detection
systems are also difficult to train in highly dynamic environments.
Misuse detection. Misuse detection systems essentially define what's
wrong. They contain attack descriptions (or "signatures") and match
them against the audit data stream, looking for evidence of known
attacks. One such attack, for example, would occur if someone created a
symbolic link to a UNIX system's password file and executed a privileged
application that accesses the symbolic link. In this example, the attack
exploits the lack of file access checks. The main advantage of misuse
detection systems is that they focus analysis on the audit data and

5
typically produce few false positives. The main disadvantage of misuse
detection systems is that they can detect only known attacks for which
they have a defined signature. As new attacks are discovered, developers
must model and add them to the signature database.
Response: After the intrusion An intrusion detection system's response
is its output or action upon detecting a problem. A response can take
many different forms; the most common is to generate an alert that
describes the detected intrusion.
There are also more aggressive responses, such as paging a system
administrator, sounding a siren, or even mounting a counter-attack. A
counterattack might include re-configuring a router to block the
attacker's address or even attacking the culprit. Obviously, aggressive
responses can be dangerous, since they could be launched against
innocent victims.
For example, a hacker can attack a network using spoofed traffic—traffic
that appears to come from a certain address, but that is actually
generated elsewhere. If the intrusion detection system detected the
attack and reconfigured the network routers to block traffic from that
address, it would effectively be executing a denial-of-service attack
against the impersonated site.
Internal and external threats to data, attacks:
To protect your systems completely, you must first recognize who or what
you’re protecting them from. What typically comes to mind when
discussing network security is protecting the network from mysterious
hackers operating from a dark room full of sophisticated computer
systems. This is rarely the case. According to the FBI, up to 80 percent
(1999) of all security breaches reported are from internal sources.
Internal security threats range from a novice server administrator or user
who unknowingly installs software or opens an e-mail attachment to a
disgruntled employee who attempts to delete source code from a
development server.
To prepare for and defend against threats properly, you must first
understand the types of threats to your network security.
Four basic network security threats exist. 
1. Internal threats 
2. External threats 

6
3. Unstructured threats 
4. Structured threats
Internal Threats: The term “internal attack” is used to describe an
attack being implemented from a person or organization with some level
of authorized access on your network. Internal attacks are performed
from within the trusted area of the network. This type of threat can be
more difficult to defend against because employees already have access
to the network and private company data. To compound the internal
threat further, most companies only have firewalls at the edge of their
networks, and they rely strictly on access control lists (ACL) and server
permission to regulate internal security. Server permissions typically
protect resources located on the local servers, but provide little or no
protection for the network. Internal threats are typically executed by
disgruntled employee(s) who want to “get back” at the company. Many, if
not all, of the security measures are logically connected to the perimeter
of the network, protecting the inside networks from the external
connections, such as the Internet. While the perimeter of the network is
secured, the inside or trusted portion of the network tends to be soft.
Once an intruder has made it through the hard outer shell of the network,
compromising one system after another is usually simple. Wireless
networks introduce a new area of concern for Security Administrators.
Unlike cabled networks, wireless networks create a realm of coverage
that can be intercepted and used by anyone with the right software and a
wireless network adapter. Not only can all network data be viewed and
recorded, but network attacks can also be launched from inside the
network where the infrastructure is much more vulnerable. Because of
the severe security implications, strong encryption should always be used
with wireless networks.
External Threats: External threats are posed by any organization,
government, or individual that attempts to gain access from outside the
company’s network and includes anyone that doesn’t have authorized
access to the internal network. Typically, external attackers attempt to
gain access from dialup servers or Internet connections. External threats
are what companies spend the most time and money trying to prevent.
Need and types of IDS: An Intrusion Detection System is software or a
system that monitors network traffic and detects an intrusion or

7
unwanted activities in the network. IDS scan the networks to find out if
someone is trying to penetrate the network illegally. In other words, it
keeps an eye on the network’s traffic to identify intrusion in the network.
Intrusion Detection System if properly configured will help you to: 
 Monitor inbound and outbound network traffic. 
 Analyze the patterns in the network continuously.
Send an alarm immediately after detecting unwanted intrusion and
activities in the network. Organizations must properly install IDS into
their system. The IDS must analyze the normal traffic on the network.
However, if IDS does not analyze the normal traffic properly then it might
send a false alarm in case of intrusion.

Different types of Intrusion Detection Systems

Different types of Intrusion Detection systems are classified on the basis
of different techniques and methods.
Network Intrusion Detection System (NIDS) Network Intrusion
Detection System sets up across the network at a specific planned point.
NIDS monitors the traffic on the network from all devices. Similarly, it
examines the traffic passing on the entire subnet and verifies it with the
packet metadata and content. If NIDS detects any intrusion in the
network, a warning alert is sent to the admin of that network.
The best advantage of NIDS is that if it is installed in the same location
where the firewall is located, then it will detect if someone is trying to
attack the firewall. In other words, with the help of NIDS, the firewall will
also be protected from any policy breaching.
Host Intrusion Detection System (HIDS) Organizations install a Host
Intrusion Detection System (HIDS) on independent networked devices.
However, HIDS examines the incoming and outgoing traffic of the device
only. It detects suspicious activities on the device and alerts the
administrator. HIDS also checks whether system files are misplaced or
not, for that it takes the screen capture of the current file system and
verifies it with the screen capture of the previous file system. This file
system stores the analytical information of network traffic. For instance,
if the files are misplaced or changed it sends an alert to the
administrator.

8
Protocol-based IDS (PIDS) Organizations set up a Protocol-based
Intrusion Detection System at the front end of the server. It interprets the
protocols between the server and the user. PIDS monitors the HTTPS
server regularly to secure the web. Similarly, it allows the HTTP server
which is related to the protocol.
Application Protocol-based IDS (APIDS) As we have seen that PIDS is
set up at the front end of the server. Similarly, APIDS is set up within a
group of servers. It interprets communication with the applications within
the server to detect the intrusion.
Hybrid Intrusion Detection System As the name says Hybrid Intrusion
Detection system is a mixture of two different IDS. Hybrid System
develops a network system by combining host agents with network
information. In conclusion, Hybrid System is more responsive and
effective as compared to other IDS.

Types of Intrusion Detection Systems Methods

There are 2 main Intrusion Detection methods to identify malicious
attacks or intrusion. However, both these methods serve a different
purpose and are not similar.
1. Signature-based Intrusion Detection Method The IDS developed
the Signature-based intrusion detection method to examine the
network traffic and to detect attack patterns. For instance, it verifies
the network traffic with the log data to identify the intrusion. If this
method detects any intrusion then the IDS solution creates a
signature of it and adds it to the list. The patterns which are detected
are known as sequences and these sequences are a specific number
of bytes or a set of 0’s and 1’s in the network. However, it is easy to
detect the attacks whose patterns are existed in the system in the
form of signatures. But to detect new attacks whose signature is not
yet created is difficult.
2. Anomaly-based Intrusion Detection Method As we have seen that
it is difficult to detect unknown or new malware attacks with the help
of the Signature-based Detection method. Therefore, organizations
use the anomaly-based intrusion detection method to identify those
new and unknown suspicious attacks and policy breaching which the
Signature-based detection method cannot identify easily. However,

9
 new intrusion techniques and malware are increasing rapidly. This
method uses Machine learning to create an activity model. If this
method detects any receiving patterns which are not found in the
model, then the method declares these patterns as malicious
patterns. In conclusion, the anomaly-based detection system is better
in comparison to the Signature-based method.
3. Hybrid Detection Method A Hybrid method uses both Signature
and Anomaly-based intrusion detection methods together. However,
the main reason behind the development of a hybrid detection system
is to identify more potential attacks with fewer errors.

Top Intrusion Detection System Tools:

Solar Winds Security Event Manager Solar Winds designed this tool with
the implementation of HIDS and NIDS systems. It collects real-time log
data from the network. Similarly, SEM is popular to build customizable
intrusion detection methods which can automatically disable accounts

10
and disconnect the devices attached to the network it detects any
intrusion
McAfee: McAfee designed its IDS to identify real-time malicious
activities. It uses both signature and anomaly methods to identify the
threats with emulation techniques. Therefore, McAfee is a scalable
application.
Suricata Suricata is a free intrusion detection tool. It is an open-source
tool based on a network intrusion detection system (NIDS). Therefore, we
use Suricata to detect identified threats and malicious activity in real-
time. It uses a Signature-based method to identify the known threats or
intrusion.
Blumira Developers designed: Blumira is to detect threats and
malicious activities across cloud services and on-premise devices. It can
monitor the IT infrastructure continuously to detect any intrusion.
Similarly, it is a SIEM platform that detects an in-progress attack and
stops the attack.
Cisco Stealth watch Cisco designed Stealth watch with NIDS and HIDS.
In addition, it is compatible with Windows, Linux, and Mac OS operating
systems. Cisco Stealth watch is an intrusion detection system that does
not require an agent enabling to grow business requirements. However,
it uses machine learning to create baselines of patterns which is
acceptable. One of the best features of this tool is that it can also detect
intrusion and suspicious activities in the encrypted network without
decrypting it.

Intrusion Prevention Systems:

An intrusion prevention system (IPS) is a form of network security that
works to detect and prevent identified threats. Intrusion prevention
systems continuously monitor your network, looking for possible
malicious incidents and capturing information about them. The IPS
reports these events to system administrators and takes preventative
action, such as closing access points and configuring firewalls to prevent
future attacks. IPS solutions can also be used to identify issues with
corporate security policies, deterring employees and network guests from
violating the rules these policies contain.
Functions of Intrusion Prevention Systems

11
Intrusion prevention systems work by scanning all network traffic. There
are a number of different threats that an IPS is designed to prevent,
including:
4. Denial of Service (DoS) attack
5. Distributed Denial of Service (DDoS) attack
6. Various types of exploits
7. Worms
8. Viruses
The IPS performs real-time packet inspection, deeply inspecting every
packet that travels across the network. If any malicious or suspicious
packets are detected, the IPS will carry out one of the following actions:
Action taken
a. Terminate the TCP session that has been exploited and block the
offending source IP address or user account from accessing any
application, target hosts or other network resources
unethically.
b. Reprogram or reconfigure the firewall to prevent a similar
attack occurring in the future.
c. Remove or replace any malicious content that remains on the
network following an attack. This is done by repackaging payloads,
removing header information and removing any infected attachments
from file or email servers.

What are security models?

Information security models are systems that specify which people should
have access to data, and the operation of the operating system, which
enables management to organize access control.

What is the objective of a security model?

The core aim of any security model is to maintain the goals of

Confidentiality, Integrity, and Availability of data. It can achieve these
goals by:

 Allowing admins to choose the resources to that users are allowed

access.

12
  Verifying user identities with authentication mechanisms that
incorporate password strength and other variables.
 Allowing users who have been permitted to access resources
provisioned and defined by authorization systems.
 Regulating which functions and rights are given to accounts and
users.
 Giving admins access to a user’s list of activities on a request or
assignment basis.
 Safeguarding private data, such as account characteristics or user
lists.

Types of security model

.These models are used for maintaining goals of security, i.e.

Confidentiality, Integrity, and Availability.
In simple words, it deals with CIA Triad maintenance.

There are 3 main types of Classic Security Models which serve as the
foundation of many other models. The three main models include:

1. Bell-LaPadula
David Bell and Leonard LaPadula, pioneers in computer security, created
the Bell-LaPadula model, a lattice-based security concept, in the 1970s.
The Bell-LaPadula model is a multilevel security system. It establishes a
set of access rules and security levels (such as Top Secret, Secret, and
Confidential) that specify how individuals may access objects at various
security levels.

Bell-LaPadula only allows users at or above their own security level to

create content. However, users are limited to seeing anything that is at or
below their own security level.

When sensitive information has to be shielded from unwanted access,

military and government institutions commonly employ the Bell-LaPadula
model. It is sometimes employed in civil organizations, such as banks and
hospitals, where a robust cyber security architecture and data protection
are vital.

13
Rules of the Bell-LaPadula model:

SIMPLE Confidentiality Rule: Simple Confidentiality Rule specifies that

the Subject may only read documents protected by the same layer of
secrecy and the lower layer of secrecy, but not the upper layer of secrecy.
For this reason, we refer to this rule as NO READ-UP.
 STAR Confidentiality Rule: According to the Star Confidentiality
Rule, the Subject may only write files on the same layer of secrecy
and the upper layer of secrecy, but not the lower layer of secrecy.
For this reason, the rule is known as NO WRITE-DOWN.
 STRONG STAR Confidentiality Rule: The Strong Star
Confidentiality Rule is the strongest and most secure, stating that
the Subject may only read and write files on the same layer of
secrecy and not on an upper or lower layer of secrecy. Because of
this, the rule is known as NO READ WRITE-UP OR DOWN.
Significance of the Bell-LaPadula Security Model

Being among the earliest modern security models to be created, the Bell-
LaPadula model is important. This model has influenced the creation of
many security models. The lattice-based security model structure of the
Bell-LaPadula model has additional relevance because it was unique
when it was first developed.

The Bell-LaPadula model is a key security tool that fulfills several

functions. The concept initially sets several security layers to protect
information from unauthorized access. The model gives a technique for
controlling access to information at multiple security levels by offering a
set of access rules that govern how subjects can access objects at
different degrees of security. The methodology may also be used to audit
information access and ensure that no unauthorized access occurs.

2. Biba model
The Bell-LaPadula Model’s shortcomings inspired the development of the
Biba Model. Data integrity is not addressed by the Bell-LaPadula
paradigm; only data confidentiality is.

14
The Biba Model, which articulates a set of access control rules for
maintaining data integrity, is a formal state transition system for data
security regulations. Data and subjects are organized or categorized
according to how reliable they are. Biba aims to prevent data corruption
at levels rated higher than the topic and minimize data corruption at
levels rated lower than the subject.

Rules of the Biba Model:

No Write-Up (Integrity Axiom): According to this rule, no one is

permitted to add to or change data that has a lower integrity level. This
guards against low-quality sources, tainting information of high quality.

No Read Down (Simple Security Property): A user cannot read an

item with a higher integrity level, as per this rule. This suggests that the
data you are allowed to access is not more important than the data you
are not allowed to see or read. For example, in a school, a student would
never need access to the principal’s file.

Importance of the BIBA model: The Biba Model is a collection of rules

for a computer system that aids in maintaining valid and secure data. The
name comes from Kenneth J. Biba’s proposal in 1977. The Biba Model’s
main goal is to prevent people without the necessary authorization from
tampering with data.

The model implements stringent integrity-based access restrictions.

While users are prevented from downgrading data integrity, they are also
prevented from accessing data from higher integrity levels. This ensures
data isolation and confidentiality.

3. Clark-Wilson model
The Clark-Wilson security model is built upon protecting information
integrity from hostile data-altering attempts. The security model states
that the system should maintain consistency between internal and
external data and that only authorized users should be able to generate
and alter data—unauthorized users should not be able to do so at all.

15
The primary goal of this model is to formalize the idea of information
integrity by preventing data corruption in a system due to errors or
malicious intent. An integrity policy specifies how the system’s data items
should behave to maintain their validity when they change from one
system state to another. The model outlines certification and enforcement
procedures as well as the capabilities of the principals deployed inside
the system.

The Clark-Wilson security concept prohibits direct access to constrained

data objects. You can use these two processes to access constrained data
objects:

1. Transformation process

Constrained data items can be requested by the user and managed by the
transformation process. This process is intended to ensure that data
changes maintain data integrity and follow the prescribed certification
standards. It is transformed into authorization by the procedure before
being sent to the integration verification procedure.

2. Integration verification process

It carries out authentication and permission. The user is granted access

to the restricted data items if this verification is successful.

Benefits of a security model

Implementing an extensive security model has several advantages. Let’s

look into the top six advantages that a security model can provide you:

1. Accurate infrastructure inventory

A security model demands administrators to understand which people,
devices, data, apps, and services are part of the business infrastructure
and where they are located. In addition to assisting with security-related
issues, a precise infrastructure inventory is useful for long-term
performance planning.

2. Better alerts and monitoring

16
When security concerns arise, a robust security model’s features, like
SIEM (Types of SIEM Tools) , security orchestration, automation, and
network detection and response, employ a mix of log and event analysis
to identify them and then offer recommendations for how to fix them. This
enables security operations center administrators to notice and respond
to cyber security attacks more quickly.

3. Easier security policy creation

Modern security models ease the development of security policies since
they allow for the creation of a single, universal policy that can be applied
throughout the organization end to end. SSO is an excellent example of
this, as it controls authentication for all network resources. The
possibility for security vulnerabilities or gaps in some sections of the
infrastructure also becomes much less likely, making the deployment and
administration of security policies from the administrator’s perspective
straightforward.

4. Flexibility when transferring applications, data, and services

The requirements for the technology needed to support business shift
along with the business objectives. As a result, applications, data, and
information technology services are frequently relocated inside the
corporate infrastructure. A modern security model is advantageous in
this regard as it creates a central rule system for the management of app
and data security. It also necessitates the use of automation tools to move
these security and micro-segmentation policies to the necessary
locations.

Cryptography and steganography

Cryptography is the practice and study of techniques for secure
communication in the presence of third parties called adversaries.
Cryptography is generally about constructing and analyzing
protocols that prevent third parties or the public from reading
private messages.

Uses of Cryptography

17
Ensuring that data transmitted across networks is secure from
eavesdropping or interception, enabling confidential communication
over the internet, including emails, messaging, and voice calls.
Protecting sensitive information stored on devices or transmitted
digitally so that it remains confidential and is accessible only to
authorized parties.
Verifying the identity of users and devices, and ensuring the
integrity and origin of data through digital signatures, which
confirm that a message or document has not been altered and
authenticate the sender.


Steganography
Steganography is the practice of concealing messages or
information within other non-secret text or data. Unlike
cryptography, which focuses on encrypting data, steganography
hides the message's existence, so it goes unnoticed. The goal of
steganography is to communicate in a completely invisible manner,
ensuring that only the sender and intended recipient know of the
message's existence.
Uses of Steganography
Steganography is primarily used to keep the existence of a message
secret. It allows sensitive information to be transmitted without
drawing attention, unlike encryption, which, while secure, makes it
clear that a message is being hidden.
Steganography can be used to embed digital watermarks into
images, videos, or software. This helps in tracking copyright
infringement and proving ownership, as the watermark remains
invisible under normal use but can be detected with the right tools.
In environments where communication is monitored or restricted,
steganography can be used to bypass censorship. It allows
individuals to hide messages in innocuous content, ensuring the free
flow of information without detection by censors.
Thus, both techniques can be used complementarily for enhanced
security, where steganography hides the message, and
cryptography ensures its unreadability, providing a strong defence
against unauthorized access and detection.

Differences Between Cryptography and Steganography

Below is a table differentiating between cryptography and
steganography.
Aspect Cryptography Steganography

18
Definition Cryptography is the Steganography is the
science of using practice of hiding
mathematical messages or
techniques to secure information within
information by other non-secret text
converting it into a or data, making the
format that can only message invisible to
be decoded by those the observer.
who possess a
specific key.
Objective The primary The primary
objective is to objective is to
protect the content conceal the existence
of the message by of the message so
making it unreadable that if someone is
to unauthorized unaware of the fact
users. that information is
hidden.
Technique Involves encryption Involves embedding
and decryption information within
processes. Data is other files, such as
transformed into a images, videos, audio
secure format that files, or other text, in
appears to be such a way that it is
random or not apparent to the
nonsensical to those casual observer.
without the
decryption key.
Detection Encrypted data is Involves embedding
noticeable and information within
known to be altered other files, such as
or encoded but images, videos, audio
requires a key to files, or other text, in
decrypt and such a way that it is
understand the not apparent to the
message casual observer.
Tools/Methods Uses algorithms and Uses techniques like
keys for encryption LSB (Least
and decryption. Significant Bit),
Common algorithms masking, and
include AES, RSA, embedding, or tools
DES, etc. designed to hide
information within
digital mediums.
Use Cases Widely used in Often used for covert

19
 securing online communication,
communications, copyright protection,
financial and preventing data
transactions, and from being detected
storing sensitive during
information.
Security Approach Security through Security through
obscurity; the inconspicuousness;
message's content is the message's
hidden through presence is
complex encryption. concealed within
another file or
medium.

Network and Distributed System Security

Network and distributed system security is the protection of

devices, applications, and users from unauthorized access, misuse,
or theft. It also involves creating a secure infrastructure for devices
and applications to work together.

Some security issues in distributed systems include:

1. Attacks
2. Malicious node detection
3. Access control
4. Authentication
5. Intrusion detection
6. Privacy and anonymity
7. Security architectures and protocols
8. Security theory and tools
9. Secrecy and integrity
10. Trust models
Denial of service (DoS) attacks and other cyber attacks

1. Worms
Can establish backdoor access to infected systems, allowing
attackers to gain control and launch further attacks. Worms can
also coordinate to flood target servers with malicious traffic,
which is called a distributed denial-of-service (DDoS) attack.
2. DDoS attacks

20
Involve multiple systems working together to overwhelm a target's
resources or bandwidth. DDoS attacks can use botnets, which are
groups of hijacked devices that attackers control using command
and control software.

3. Volumetric attacks
Involve flooding a target with an overwhelming amount of traffic,
such as SYN floods, UDP floods, and ICMP floods.
4. Protocol attacks
Exploit vulnerabilities in network protocols to cause a service
disruption. These attacks can include Ping of Death and Smurf
attacks.
5. Application layer attacks
Target specific applications or services, such as HTTP floods and
Slowloris attacks.
6. Ransomware
A type of malware that encrypts a victim's files or locks them out
of their system. Victims are forced to pay a ransom to regain
access.
Other common cyber attacks include:

Phishing attacks, SQL injection attacks, Brute force attacks, Trojan

horses, and XSS attacks.

TRANSFER OF FUNDS/VALUE ACROSS NETWORKS

Popular transfer methods for moving money between banks

include: wire transfers, ACH transfer, P2P platforms, online money
transfer services, and traditional or mobile banking.

The key factors to consider when transferring money between

banks include: transfer fees, exchange rates, speed, security,
transfer limits, and customer support.

The best way to transfer money from one bank account to another
depends on your specific needs, but online money transfer services
like Xe often provide the best mix of speed, affordability, and
security for a variety of money moving needs.
Whether you're managing personal finances, supporting family,
or investing in property abroad, transferring money across borders
is a key part of the expat experience. With so many options out
there, it can feel a bit daunting to choose the right transfer method
—until discovering Xe.

21
With Xe in your corner, money transfers are made easy. In this
guide, we’ll explore the most effective ways to move your funds and
give you the insight to make confident, informed choices. From
security to efficiency, you’ll learn the best ways to ensure your
money moves across borders as smoothly as you do.
The basics: Internal vs. external transfers
Let's get started by breaking down the differences between
internal and external transfers.
Internal transfers: Internal transfers involve moving money
between different accounts within the same bank. Think of it like
passing cash from your left pocket to your right pocket. You can
most likely do this from your phone using your bank’s mobile app.
External transfers: External transfers involve moving money
between banks. Think of it like sending a package across the
country versus dropping it off at your neighbor’s doorstep. Sending
external transfers is easy, especially with Xe, but there are some
additional things to consider when choosing the best method to
safely and securely transfer your funds.
Different methods to transfer money between banks
Mobile banking
If you’re doing basic transfers, like moving money between your
accounts or sending money using member-to-member services,
mobile banking is often your best option. However, transferring
money to out-of-network banks or foreign financial institutions is
often more expensive and time consuming than alternative money
transfer platforms like Xe.

What to think about

1. Fees: While basic mobile transfers are often free, moving
money outside of your bank or outside of the country often
comes with higher fees and more expensive exchange rates.
2. Limits: Banks typically set caps on the amount of money
you can transfer through online/mobile banking in a single
transaction. There may also be daily or monthly limits on how
much money you can send.
3. Time frame: Most online or mobile transfers are
completed within 1-3 business days. If you need money to
transfer instantly, it’s best to look for a faster method.

How to start a mobile banking transfer

1. Log into your bank's app or website
2.Navigate to the transfer section
3. Select "External Transfer" or similar option
4. Enter the recipient's bank details
5. Input the amount and confirm the transfer

22
Online money transfer services
Online services have transformed the landscape of international
money transfers, providing a combination of speed, affordability,
and convenience. Industry leading platforms like Xe feature easy-
to-use interfaces and typically offer lower fees compared to
traditional banks. These services are especially advantageous for
those who frequently send money abroad or need to transfer larger
amounts, making them a practical choice for modern financial
transactions.
ACH transfers.

ACH stands for Automated Clearing House, a U.S. financial

network used for automatic payments and money transfers. ACH
transactions offer a method to transfer money between bank
accounts electronically, without using checks, cards, wires, or cash.
These transactions are processed by the National Automated
Clearing House Association (NACHA) in batches and cleared
multiple times daily. Unlike instant transfers, ACH transactions
may not always involve immediate fund movement; sometimes, they
only send payment information.
Sending money through ACH transfer is a secure and often free
option for moving your money, but it is one of the slower options
for transferring funds and only available for domestic U.S.
transfers. An ACH transfer will typically process between 2-5
business days.
Merits: Typically free or low-cost
Good for recurring transfers
Safe and secure
Demerits:
Slow processing time
Limited to domestic transfers

Wire transfers
Need to get money from your bank to another bank ASAP? Wire
transfers are a great option for those extremely urgent transfers.
Merits:

23
Fast; usually processed same-day
No transfer limits; great for large money transfers
Demerits:
Expensive; transfer fees that often range between $25-$50 per
transaction
Non-reversible; wire transfers are essentially final

Card Payments (Debit/Credit)

Using a debit or credit card for international transfers is a quick
and convenient option. Many online platforms allow you to pay with
a card, making it easy to initiate a transfer without needing to log
into a bank account or set up direct ACH debits. This option is
particularly useful for smaller transfers or when you need to send
money instantly. However, it often comes with higher fees, as card
issuers may add processing charges, and it’s typically not cost-
effective for large transactions.
Merits: Fast and convenient, often processed instantly
Ideal for small transfer amounts
No need for bank account setup
Demerits:
Higher fees due to processing costs
Often limited to lower send amounts
Potential foreign transaction fees if not managed by the transfer
service

P2P payment services

Peer-to-Peer (P2P) payment services like Venmo, PayPal, or Zelle
provide a quick and convenient way to send funds to friends,
family, or businesses without the need for cash or checks. These
apps are typically user-friendly, allowing for instant transfers with
just a few taps on your smartphone. Many P2P services are free for
basic transactions, especially when linked to a bank account.
However, there are a few drawbacks to consider when using these
convenient options.
Security: These platforms may be vulnerable to scams or
unauthorized access if proper precautions aren't taken.
Fees: Certain types of transactions, such as using a credit card or
requesting an instant transfer to a bank account are often more
expensive than other options.
Customer service: A lack of formal dispute processes can make it
difficult to recover funds that are sent in error or to the wrong
recipient.
Merit: Convenient for splitting bills or paying friends
Often free for basic transfers

Demerits:May have fees for instant transfers or credit card use

Transfer limits may apply
Concerns over personal account security
Lack of formal disputes for errors or issues

24
How to use P2P services
Download and create an account on your preferred app
Link your bank account
Enter the recipient's details (usually an email or phone number)
Input the amount and tap send

Factors to consider when choosing a transfer method

Now that you're familiar with the options, how do you determine
the best choice? We suggest weighing the following factors:
Fees: Compare the costs across the various methods. It’s important
to look at any additional fees or the differences in exchange rates
between each method.
Speed: How fast do you need the money to arrive? The fastest
method to transfer money between banks will often cost more, but
with Xe, transfers are often instant or occur in just a few minutes.
Security: Ensure you’re using transfer methods with strong
encryption and fraud protection. At Xe, our security team
continuously monitors accounts for any anomalies to help make
sure your money stays protected.
Transfer Limits: Be aware of daily or monthly transfer
limits.Don’t let caps or limits cramp your style.

Using Xe: International money transfers made easy

Count on Xe as your one-stop solution for all of your money transfer
needs. With more than 30 years of experience, Xe is trusted as one
of the world’s foremost currency experts and money transfer
platforms. Our robust partnership network gives you the power to
transfer your funds from bank-to-bank almost anywhere in the
world and at the best possible rates.
Why choose Xe?

Competitive exchange rates: We're talking bank-beating rates
that'll make your wallet smile.
Low fees: Say goodbye to those eye-watering traditional bank wire
fees.
Large money transfers: We facilitate large money transfers for
big investments and foreign property purchases.
Speed and convenience: Fast transfer times and online access
24/7.
Global reach: Use Xe to transfer money to over 200 countries
worldwide.
Security: We’re committed to safeguarding your personal
information, money transfers, and accounts.

What is e-voting?
Electronic voting systems include using e-voting machines or
kiosks in polling stations.

25
These register votes immediately and print out receipts, but aren’t
connected to the internet.
Voting online from our homes or other locations – including another
country – or voting by email or text message, are also forms of e-
voting.

History of electronic voting

Voting technologies over time have included mechanical lever
machines first used in the 1890s, paper ballot scanning first used in
the 1960s and electronic vote recording machines first used in the
1970s, according to election data specialist, MIT Election Data +
Science Lab.
Electronic voting was being trialled by the 1980s, but it wasn’t
until the early 2000s – when the internet was taking off – that
countries started using remote online voting on a bigger scale,
according to electoral knowledge network ACE.
Electronic voting helps voters who live in remote areas or abroad,
or who can’t get to polling stations because of a health condition
and other reasons, the European Commission says.
For governments, the benefits of e-voting include more efficient
elections and a faster count.
Drawbacks of e-voting can include risks of cyber-attacks or
software errors. Identifying and verifying online votes can also be
difficult.
Today, algorithms help to encrypt and authenticate votes,
Euronews says.

26