network threats refer to vulnerabilities and attacks that can compromise the confidentiality, integrity,

and availability of network resources. Some of the major threats include:

1. Malware Attacks
• Viruses, Worms, and Trojans: Malicious software that spreads and causes damage.
• Ransomware: Encrypts files and demands payment for decryption.
• Spyware & Adware: Secretly monitors user activity and collects information.
2. Phishing & Social Engineering
• Phishing Emails & Messages: Attackers trick users into revealing sensitive information.
• Spear Phishing: Targeted attacks against specific individuals or organizations.
• Pretexting & Impersonation: Attackers pretend to be legitimate entities.
3. Denial-of-Service (DoS) and Distributed DoS (DDoS) Attacks
• Flooding Attacks: Overwhelming a network or service with excessive traffic.
• Botnets: Networks of compromised computers used for large-scale attacks.
4. Man-in-the-Middle (MitM) Attacks
• Eavesdropping: Intercepting communication between two parties.
• Session Hijacking: Taking control of an active session.
5. Unauthorized Access
• Brute Force Attacks: Repeatedly guessing login credentials.
• Credential Stuffing: Using leaked passwords from data breaches.
• Privilege Escalation: Exploiting vulnerabilities to gain higher access rights.
6. Insider Threats
• Malicious Employees: Disgruntled workers stealing or corrupting data.
• Negligent Users: Employees unknowingly causing security breaches.
7. Zero-Day Exploits
• Unknown Vulnerabilities: Attacks that exploit security flaws before a fix is available.
8. DNS & Spoofing Attacks
• DNS Spoofing: Redirecting users to malicious websites.
• ARP Poisoning: Manipulating network traffic by altering address resolutions.
9. Wireless Network Attacks
• Evil Twin Attack: Creating fake Wi-Fi networks to steal user data.
• WPA Cracking: Exploiting weak Wi-Fi encryption.
10. IoT-Based Threats
• Botnet Infections: Compromising IoT devices for large-scale cyberattacks.
• Insecure Devices: Poorly secured smart devices serving as attack vectors.

Threat Analysis in Secured Computing

1. What is Threat Analysis?
Threat analysis is the process of identifying, evaluating, and mitigating potential threats that could
exploit vulnerabilities in a network or system. It involves assessing risks, understanding attack
vectors, and implementing security measures to prevent or reduce the impact of cyber threats.

2. Steps in Threat Analysis

Step 1: Identify Assets
• Determine what needs protection, such as:
o Hardware: Servers, routers, computers
o Software: Operating systems, applications
o Data: User information, credentials, intellectual property
o Network Infrastructure: Firewalls, VPNs, cloud resources
Step 2: Identify Threats
• Threats can be classified into various categories:
o Cyber Threats: Malware, hacking, DDoS attacks
o Insider Threats: Malicious employees, accidental breaches
o Physical Threats: Theft, natural disasters affecting data centers
o Human Errors: Weak passwords, misconfigurations
Step 3: Assess Vulnerabilities
• Analyze weaknesses that could be exploited, such as:
o Unpatched software vulnerabilities
o Weak authentication mechanisms
o Unsecured APIs or IoT devices
o Misconfigured cloud settings
Step 4: Evaluate Risks (Risk Assessment)
• Determine the likelihood and impact of each threat.
• Use risk assessment frameworks such as:
o CVSS (Common Vulnerability Scoring System)
o STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of
Service, Elevation of Privilege)
o NIST Cybersecurity Framework
Step 5: Prioritize and Mitigate Risks
• High-risk threats require immediate attention.
• Security measures may include:
o Firewalls and Intrusion Prevention Systems (IPS)
o Multi-Factor Authentication (MFA)
o Data encryption and secure backups
o Security awareness training for employees
Step 6: Continuous Monitoring and Incident Response
• Use SIEM (Security Information and Event Management) systems.
• Conduct penetration testing and vulnerability assessments regularly.
• Establish an Incident Response Plan (IRP) for quick threat mitigation.

3. Threat Intelligence in Threat Analysis

Threat intelligence involves gathering and analyzing real-world cyber threats to enhance security.
This includes:
• Indicators of Compromise (IoCs): Signs of an ongoing attack.
• Threat Actor Profiling: Understanding hacker motives and techniques.
• Threat Feeds & Reports: Using industry data to stay ahead of threats.

4. Example: Threat Analysis in a Corporate Network

Risk
Threat Vulnerability Mitigation Strategy
Level
Phishing Untrained employees clicking Security awareness training, email
High
Attack malicious links filtering
Unpatched software, weak Regular updates, offline backups,
Ransomware Critical
backups endpoint protection
Load balancing, DDoS mitigation
DDoS Attack Unprotected web server Medium
services
 Risk
Threat Vulnerability Mitigation Strategy
Level
Role-based access control, behavior
Insider Threat Disgruntled employee with access High
monitoring

Encryption and Virtual Private Networks (VPNs) in Secured Computing

1. Encryption
Encryption is the process of converting readable data (plaintext) into an unreadable format
(ciphertext) to protect it from unauthorized access. Only authorized users with the correct
decryption key can convert the data back into its original form.
Types of Encryption
1. Symmetric Encryption (Same key for encryption and decryption)
o Example Algorithms: AES (Advanced Encryption Standard), DES (Data Encryption
Standard), Blowfish
o Use Cases: File encryption, database encryption
2. Asymmetric Encryption (Public and private keys for encryption and decryption)
o Example Algorithms: RSA, ECC (Elliptic Curve Cryptography)
o Use Cases: Secure email (PGP), digital signatures, SSL/TLS
3. Hashing (One-way encryption, no decryption possible)
o Example Algorithms: SHA-256, MD5 (not recommended for security)
o Use Cases: Password storage, data integrity verification
Importance of Encryption
• Data Confidentiality: Prevents unauthorized access.
• Data Integrity: Ensures that data is not altered during transmission.
• Authentication: Validates the identity of users and devices.
• Compliance: Required by regulations like GDPR, HIPAA, and PCI-DSS.

2. Virtual Private Networks (VPNs)

A VPN (Virtual Private Network) is a secure tunnel that encrypts internet traffic between a user's
device and a remote server, ensuring privacy and security.
Types of VPNs
1. Remote Access VPN
o Allows users to securely connect to a private network over the internet.
o Used for remote work and secure browsing.
o Example Protocols: OpenVPN, WireGuard, L2TP/IPsec
2. Site-to-Site VPN
o Connects entire networks across different locations securely.
o Used by businesses to link branch offices.
o Example Protocols: IPsec, MPLS
How VPNs Work
1. The user connects to a VPN server.
2. The VPN encrypts the user's data before sending it over the internet.
3. The data reaches the destination securely.
4. The server decrypts the data before delivering it to the intended website or service.
Benefits of Using a VPN
 Privacy Protection: Hides IP addresses and prevents tracking.
Secure Data Transmission: Encrypts traffic to prevent interception.
Bypasses Geo-Restrictions: Access content that may be blocked in certain locations.
Prevents Man-in-the-Middle (MitM) Attacks: Protects against eavesdropping on public Wi-Fi.
Potential Risks of VPNs
• Slower Internet Speeds: Due to encryption and rerouting.
• Reliance on VPN Provider: Some providers may log user data.
• Blocked by Some Websites: Streaming services may detect and block VPN use.

PKI, SSH, SSL, and IPsec in Secured Computing

These technologies play a crucial role in ensuring secure communication, authentication, and data
encryption over networks.

1. Public Key Infrastructure (PKI)

PKI (Public Key Infrastructure) is a framework for managing digital keys and certificates used in
encryption and authentication. It supports secure communications through cryptographic
techniques.
Key Components of PKI
1. Certificate Authority (CA) – Issues and verifies digital certificates.
2. Registration Authority (RA) – Validates certificate requests before forwarding them to the
CA.
3. Digital Certificates – Bind a public key to an entity (e.g., SSL/TLS certificates).
4. Public and Private Keys – Used for encryption, digital signatures, and authentication.
5. Certificate Revocation List (CRL) – Lists revoked certificates.
Use Cases of PKI
Securing Websites (SSL/TLS certificates)
Digital Signatures & Email Security (S/MIME)
Authentication in Networks (Smart cards, VPNs)
Document Security (E-signatures for legal documents)

2. Secure Shell (SSH)

SSH (Secure Shell) is a cryptographic protocol that provides a secure method for remote login and
command execution over unsecured networks.
How SSH Works
• Uses asymmetric encryption (public-private key pair) for authentication.
• Uses symmetric encryption (AES, ChaCha20, etc.) for secure communication.
• Prevents password interception and man-in-the-middle (MitM) attacks.
Common SSH Uses
Secure Remote Server Access (ssh user@server)
File Transfers via SFTP/SCP (scp file user@server:/path)
Tunneling and Port Forwarding
Automated Server Management (SSH keys for authentication)

3. Secure Sockets Layer (SSL) & Transport Layer Security (TLS)

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic
protocols that secure internet communications.
How SSL/TLS Works
1. Handshake Process: Client and server exchange encryption keys.
2. Certificate Authentication: The server's SSL certificate is verified.
3. Secure Communication: A secure session is established with encryption.
Key Features of SSL/TLS
• Encryption: Protects data from eavesdropping.
• Authentication: Uses digital certificates to verify website identity.
• Data Integrity: Ensures that data is not altered in transit.
Common SSL/TLS Use Cases
HTTPS (Securing Websites) – Used in web browsers (https://)
Email Security (SMTP, IMAP, POP3 over TLS)
VoIP and Instant Messaging Encryption
Note: TLS 1.2 and TLS 1.3 are the recommended versions, as older SSL versions (SSL 2.0, SSL 3.0,
and TLS 1.0) are insecure.

4. IPsec (Internet Protocol Security)

IPsec (Internet Protocol Security) is a suite of protocols used to encrypt and authenticate data at the
network layer (Layer 3 of the OSI model).
How IPsec Works
• Uses Encryption (ESP - Encapsulating Security Payload) for confidentiality.
• Uses Authentication (AH - Authentication Header) to verify data integrity.
• Supports VPNs (Virtual Private Networks) for secure remote access.
Modes of Operation
1. Transport Mode: Encrypts only the data (payload) of IP packets.
2. Tunnel Mode: Encrypts the entire IP packet (used for VPNs).
Common IPsec Use Cases
Secure VPN Connections (Site-to-Site and Remote Access VPNs)
Secure Data Transmission Between Networks
Protecting IPv4 and IPv6 Traffic

Comparison Table: PKI, SSH, SSL/TLS, and IPsec

Technology Purpose Encryption Type Common Use Cases
Key management & Public Key Cryptography (RSA, Digital certificates,
PKI
authentication ECC) authentication, encryption
Public & Symmetric Key Secure server access, SFTP,
SSH Secure remote access
Encryption tunneling
Secure web Asymmetric & Symmetric HTTPS, secure email, VoIP
SSL/TLS
communication Encryption encryption
Secure network AES, 3DES, HMAC (Hash-based VPNs, network-level
IPsec
communication Authentication) encryption

Content Integrity & Access Controls in Secured Computing

Both content integrity and access control are crucial for ensuring the security, authenticity, and
confidentiality of digital assets.
1. Content Integrity
Content integrity refers to the assurance that data has not been altered, corrupted, or tampered
with, whether in storage or during transmission.
How Content Integrity is Maintained
Cryptographic Hashing
• Uses algorithms like SHA-256, SHA-3, and MD5 (not recommended) to create unique
fingerprints (hashes) of data.
• If a file or message is modified, its hash value changes, detecting unauthorized alterations.
• Example: Verifying file integrity after download using a hash checksum (sha256sum file.txt).
Digital Signatures
• Uses asymmetric encryption (PKI) to sign and verify data authenticity.
• Ensures that data comes from a trusted source and has not been altered.
• Example: Signing emails with PGP/GPG to verify sender authenticity.
Message Authentication Code (MAC) & HMAC
• A MAC (Message Authentication Code) is used to ensure both integrity and authenticity
using a secret key.
• HMAC (Hash-based MAC) adds an additional layer of security by using hashing and secret
keys.
• Example: Ensuring data integrity in API requests using HMAC tokens.
Data Backups & Version Control
• Regular Backups: Maintains integrity by restoring unaltered versions in case of corruption.
• Version Control Systems (Git, SVN): Track file changes and allow reverting to previous
versions if needed.
Blockchain Technology
• Decentralized, immutable ledgers that store transactions securely.
• Used in supply chain security, cryptocurrency transactions, and tamper-proof records.

2. Access Controls
Access control is a security technique that regulates who can access what resources and what
actions they can perform.
Types of Access Controls
Discretionary Access Control (DAC)
• Users control access to their own data.
• Example: A file owner sets permissions (chmod 700 myfile.txt in Linux).
Mandatory Access Control (MAC)
• Access is strictly controlled by system policies, typically used in military and government
systems.
• Example: Classified information (Top Secret, Secret, Confidential) with strict clearance levels.
Role-Based Access Control (RBAC)
• Access is assigned based on roles (e.g., Admin, Manager, Employee).
• Used in corporate environments and enterprise applications.
• Example: Database admins have full access, while regular users can only read data.
Attribute-Based Access Control (ABAC)
• Access is determined based on multiple attributes (e.g., user role, location, device, time of
access).
 • Example: A user may access a company network only during work hours from an authorized
device.
Rule-Based Access Control
• Uses pre-defined rules (firewall rules, access control lists).
• Example: A firewall blocking access to a network based on IP address rules.

Access Control Mechanisms

Multi-Factor Authentication (MFA)
• Uses multiple authentication factors:
Something You Know (Password, PIN)
Something You Have (Smart card, OTP, Authentication App)
Something You Are (Biometrics - fingerprint, retina scan)
Identity and Access Management (IAM)
• Manages user identities, roles, and permissions centrally.
• Example: AWS IAM, Microsoft Active Directory for enterprise security.
Access Control Lists (ACLs)
• Specifies which users or systems can access specific resources.
• Example: A network ACL defining which IP addresses can connect to a server.
Zero Trust Security Model
• "Never trust, always verify" approach to security.
• Requires continuous authentication, least privilege access, and micro-segmentation.

Comparison: Content Integrity vs. Access Control

Feature Content Integrity Access Control
Purpose Ensures data is unchanged and authentic Controls who can access and modify data
Techniques Hashing, Digital Signatures, MAC, Blockchain DAC, MAC, RBAC, MFA, ACLs
File integrity, secure communication, System security, user authentication,
Use Cases
transaction verification network protection
Git version control, Blockchain records, Role-based access in corporate systems,
Examples
SSL/TLS certificates IAM solutions

Wireless Security & Honeypots in Cybersecurity

Both wireless security and honeypots are crucial in protecting networks from cyber threats. Wireless
security focuses on securing Wi-Fi networks, while honeypots act as decoys to detect and study
attackers.

1. Wireless Security
Wireless networks are vulnerable to attacks due to their broadcast nature. Without proper security,
attackers can intercept, modify, or inject malicious traffic into a network.
Common Wireless Security Threats
 Eavesdropping (Packet Sniffing) – Attackers capture Wi-Fi packets using tools like Wireshark.
Man-in-the-Middle (MitM) Attacks – Hackers intercept communication between devices.
Rogue Access Points (Evil Twin Attack) – Attackers set up fake Wi-Fi networks to steal credentials.
Brute-Force Attacks on Wi-Fi Passwords – Weak passwords can be cracked using tools like
Aircrack-ng.
Denial of Service (DoS) Attacks – Attackers flood the network with traffic, causing disruptions.
Best Practices for Wireless Security
Use Strong Encryption (WPA3 is Recommended)
• WPA3 (Wi-Fi Protected Access 3) offers improved encryption over WPA2.
• Avoid outdated security protocols like WEP (easily hackable).
Enable MAC Address Filtering
• Restrict network access to specific MAC addresses.
Disable SSID Broadcasting
• Hides your Wi-Fi network from casual attackers.
Use a Strong Wi-Fi Password (Passphrase)
• Use at least 12+ characters with symbols and numbers.
• Change default router credentials immediately.
Implement 802.1X Authentication
• Uses RADIUS (Remote Authentication Dial-In User Service) for authentication.
Deploy a Separate Guest Network
• Prevents guest devices from accessing the main corporate network.
Regularly Monitor Wireless Traffic
• Use Intrusion Detection Systems (IDS) to detect unusual activity.
Use a VPN Over Public Wi-Fi
• Encrypts data traffic, preventing sniffing and interception.

2. Honeypots
A honeypot is a decoy system designed to attract cyber attackers, monitor their behavior, and collect
intelligence on attack techniques.
Types of Honeypots
Low-Interaction Honeypots
• Simulate real systems but with limited interaction.
• Easy to deploy and mainly used for early warning and detection.
• Example: A fake SSH login page that logs login attempts.
High-Interaction Honeypots
• Fully functional systems that allow real attacks.
• Provide deeper insights into attack tactics and malware behavior.
• Example: A fake banking website that logs how attackers try to exploit it.
Research vs. Production Honeypots
• Research Honeypots: Used to analyze new threats and cybercriminal behavior.
• Production Honeypots: Deployed in real networks to distract and detect attackers.
Honeypot Deployment Strategies
Place Honeypots in a DMZ (Demilitarized Zone)
• Separates the honeypot from the main network to prevent compromise.
Deploy Multiple Honeypots (Honeynet)
• A network of honeypots designed to trap and analyze various attack methods.
 Monitor Logs & Alerts from the Honeypot
• Use SIEM (Security Information and Event Management) to analyze attacker activity.
Use Deception Techniques
• Deploy fake databases, credentials, or SSH servers to lure attackers.
Examples of Honeypot Tools
• Kippo / Cowrie – Fake SSH server to track brute-force attacks.
• Honeyd – Simulates multiple virtual hosts to attract attackers.
• Dionaea – Captures malware samples for analysis.

Comparison: Wireless Security vs. Honeypots

Feature Wireless Security Honeypots
Attracts attackers to study their
Purpose Protects Wi-Fi networks from attacks
methods
Encryption, authentication, and Deception, logging, and intelligence
Main Focus
access control gathering
Common Threats
Eavesdropping, MitM, Rogue APs Hackers, malware, botnets
Addressed
Deployment Routers, firewalls, VPNs Virtual machines, isolated networks
Tools Used WPA3, RADIUS, VPNs Cowrie, Honeyd, Dionaea

Traffic Flow Security & Firewalls in Cybersecurity

1. Traffic Flow Security
Traffic flow security refers to techniques used to protect network traffic from analysis, interception,
and manipulation. It ensures that data moving across a network remains confidential, unaltered,
and resistant to attack.
Threats to Traffic Flow Security
Traffic Analysis – Attackers monitor network traffic to infer patterns.
Man-in-the-Middle (MitM) Attacks – Intercepting and altering communications.
Data Injection Attacks – Injecting malicious packets into traffic.
Denial of Service (DoS) & Distributed DoS (DDoS) – Overloading network bandwidth.
Techniques to Secure Traffic Flow
Encryption (TLS, IPsec, VPNs)
• Encrypts data in transit to prevent eavesdropping and tampering.
• Example: HTTPS, SSL/TLS, IPsec VPNs for secure communication.
Traffic Obfuscation (Tor, VPNs, Obfsproxy)
• Hides real traffic patterns from attackers.
• Example: Tor (The Onion Router) anonymizes traffic to prevent surveillance.
Network Segmentation
• Divides a network into smaller, isolated segments to prevent unauthorized lateral movement.
• Example: VLANs (Virtual LANs) separate internal from guest traffic.
Intrusion Detection & Prevention Systems (IDS/IPS)
• Detects and blocks suspicious traffic patterns.
• Example: Snort (IDS/IPS) monitors network packets for anomalies.
 Load Balancers & DDoS Protection
• Distributes traffic to prevent overload attacks.
• Example: Cloudflare, AWS Shield for DDoS mitigation.

2. Firewalls
A firewall is a security device or software that monitors, filters, and controls incoming and outgoing
network traffic based on security rules.
Types of Firewalls
Packet Filtering Firewall (Layer 3)
• Examines IP headers and allows or blocks packets based on rules.
• Example: Configuring rules in Linux iptables.
Stateful Inspection Firewall (Layer 4)
• Tracks active connections and blocks unauthorized traffic.
• Example: Cisco ASA (Adaptive Security Appliance).
Proxy Firewall (Application Layer) (Layer 7)
• Inspects HTTP, FTP, and other application protocols.
• Example: Squid Proxy Firewall.
Next-Generation Firewall (NGFW)
• Combines traditional firewalls + intrusion prevention + deep packet inspection.
• Example: Palo Alto Networks NGFW, Fortinet.
Best Practices for Firewall Security
Follow the Principle of Least Privilege (PoLP) – Only allow necessary traffic.
Regularly Update Firewall Rules – Prevent outdated vulnerabilities.
Use Geo-IP Filtering – Block traffic from suspicious locations.
Enable Logging & Alerts – Monitor firewall activity for potential attacks.
Combine Firewalls with IDS/IPS – Improves detection and response to threats.

Comparison: Traffic Flow Security vs. Firewalls

Feature Traffic Flow Security Firewalls
Purpose Protects the movement of data Filters and blocks unwanted traffic
Encryption, obfuscation, Packet inspection, access control, rule
Main Focus
segmentation enforcement
Threats Unauthorized access, malware, network
Traffic analysis, MitM, DoS
Addressed breaches
Deployment VPNs, Tor, Load balancers Network firewalls, host-based firewalls
Examples IPsec, TLS, Tor, Snort Cisco ASA, Palo Alto NGFW, FortiGate

Intrusion Detection Systems (IDS), Secure Email, and Mobile Security

1. Intrusion Detection Systems (IDS)
An Intrusion Detection System (IDS) monitors network or system activity to detect suspicious
behavior or potential cyberattacks.
Types of IDS
Network-Based IDS (NIDS)
 • Monitors network traffic and analyzes packets for anomalies.
• Example: Snort, Suricata
Host-Based IDS (HIDS)
• Runs on individual devices to monitor file integrity, logs, and system changes.
• Example: OSSEC, Tripwire
Signature-Based IDS
• Detects attacks based on known attack patterns (signatures).
• Fast but ineffective against new threats.
Anomaly-Based IDS
• Uses AI/machine learning to detect unusual behavior.
• Useful for identifying zero-day attacks.
Best Practices for IDS Deployment
Regularly Update IDS Signatures – To detect the latest threats.
Combine IDS with IPS (Intrusion Prevention System) – IDS alerts; IPS blocks malicious traffic.
Enable Logging & Alerts – Monitor logs for suspicious activity.
Use AI for Adaptive Detection – Helps identify evolving threats.

2. Secure Email
Secure email protects confidentiality, integrity, and authenticity in email communication.
Threats to Email Security
Phishing Attacks – Fake emails tricking users into revealing sensitive data.
Man-in-the-Middle (MitM) Attacks – Attackers intercept email traffic.
Email Spoofing – Fake sender addresses used to impersonate trusted contacts.
Business Email Compromise (BEC) – Cybercriminals impersonate executives to manipulate
employees.
Techniques for Secure Email Communication
Use End-to-End Encryption (E2EE)
• Ensures only sender & recipient can read emails.
• Example: PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail
Extensions)
Enable SPF, DKIM, and DMARC
• SPF (Sender Policy Framework) prevents spoofing.
• DKIM (DomainKeys Identified Mail) ensures email authenticity.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) stops
phishing.
Use Secure Email Providers
• ProtonMail, Tutanota, or enterprise solutions like Microsoft 365 with E2EE.
Deploy Anti-Phishing Tools
• Use AI-based filters to detect phishing emails.
• Example: Google Workspace, Mimecast.
Enable Two-Factor Authentication (2FA)
• Adds an extra layer of security to email accounts.

3. Mobile Security
Mobile security focuses on protecting smartphones, tablets, and mobile applications from cyber
threats.
Common Mobile Security Threats
Malware & Spyware – Apps that steal data or track user activity.
App-Based Attacks – Malicious apps disguised as legitimate ones.
Public Wi-Fi Risks – Attackers intercept unencrypted data.
SIM Swapping – Hackers take control of a phone number for fraud.
Lost/Stolen Devices – Unauthorized access to sensitive data.
Best Practices for Mobile Security
Keep Your OS & Apps Updated
• Patch vulnerabilities by regularly updating Android/iOS.
Use Trusted App Stores (Google Play, Apple App Store)
• Avoid downloading apps from unknown sources.
Enable Device Encryption
• Protects stored data in case of theft.
• Example: Full-disk encryption on Android & iOS.
Use Strong Authentication
• Biometric authentication (fingerprint, Face ID) + 2FA for better security.
Avoid Public Wi-Fi & Use VPNs
• Encrypts internet traffic to prevent snooping.
Install Mobile Security Apps
• Example: Norton Mobile Security, Lookout, or Google Play Protect.
Remote Wipe & Find My Device Features
• Example: Apple Find My iPhone, Android Find My Device to erase lost/stolen phones.

Comparison Table
Security Area Purpose Techniques & Tools
Intrusion Detection Detects cyberattacks on networks & Snort, Suricata, OSSEC, AI-based
Systems (IDS) systems anomaly detection
Protects email privacy, authenticity, PGP, S/MIME, SPF, DKIM, DMARC,
Secure Email
and security Anti-phishing filters
Secures smartphones & mobile apps Encryption, 2FA, VPN, Mobile
Mobile Security
from cyber threats security apps, Remote wipe