Chapter 5: The Intenet and Its Uses

Difference between internet and World Wide Web:

Internet World wide web (WWW)
It is worldwide collection of interconnected uses the internet to access information from web
networks and devices servers
Users can send and receive emails It is a collection of multimedia webpages and other
information
Allows online chatting Uniform resource locators (URLs) are used to
access websites

Http and Https:

Http (Hyper text transport protocol) is a set of rules that must be followed when transferring files across
the internet. When some security is used then this changes to https.

Web browsers:

These are the software that allow a user to access and display web pages on their device screens.
Browsers translate the HTML from websites and show the result.

Features:

= they have a home page

= they can store a user’s favourite websites

= keep history of websites

= make use of cookies etc

DNS (Domain Name System):

DNS is a system for finding IP addresses for a domain name given in a URL. URLs and domain name
servers eliminate the need for a user to memories IP addresses. It works like a mobile phone book. Every
website is linked with IP address on a web server at the time of hosting. When user types in URL to
access any website actually it is translated into IP and request is forwarded to that webserver and the site
is displayed.

DNS contains a database of URLs with the matching IP addresses.

Cookies:

Cookies are small files or code stored on a user’s computer. They are sent by web server to a browser on
user’s computer. Each cookie allows user tracking and maintains user’s preferences. These can be used to
customize the web page for each individual user.

Page 1 of 9
There are two types of cookie:

• Session cookie
• Persistent cookie

Session Cookie:

These are used when user establishes online connection to any web server e.g. for online shopping. This
type of cookie is stored in temporary memory on the computer and doesn’t collect any information from
the user’s computer. These are establish for one session and over when session is finish.

Persistent Cookie:

These cookies are stored on the HDD of the user’s computer until expiry date is reached or user deletes.
These cookies remember a user’s log in details. These cookies remain in operation on the user’s computer
even after the browser is closed or website session is terminated.

Uses of cookies:

• Allows the website to remember users’ passwords, email addresses and invoice details.
• Serve as a memory, enabling website to recognize user
• Save users’ items in a virtual shopping cart
• Track internet habits and users’ websites history

Digital Currency:

Digital currency exists in a digital format. It has no physical form unlike conventional currency. It can be
accepted form of payment to pay for goods or services. Digital currency can be transferred between
various accounts. Digital currency relies on central banking system and governments.

Cryptocurrency:

Cryptocurrency is not based on central banking and is free from government policies. It is not regulated
by the central banks and governments. All the rules are set by the crypto currency community itself.

Difference from digital currency:

• Not based on central banking and government

• Uses cryptography to track transactions.
• Cryptocurrency transactions are publically available therefore all transactions can be tracked and
the amount of money in the system is monitored.
• It works within block chain network which means it is much more secure.

Blockchaining:

Page 2 of 9
Blockchain is a decentralized database. All the transactions of networked members are stored on this
database. It consists of a number of interconnected computers but they are not connected to a central
server. All transaction data is stored on all computers in the blockchain network. Whenever a new
transaction takes place, all the networked computers get a copy of the transactions so it cannot be changed
without consent of all the network members. This effectively removes the risk of hacking.

Cyber security threats:

Brute force attacks:

In this technique hackers systematically try all the different combinations of letters, numbers and other
symbols until find password. To reduce the number of attempts to crack a password:

• First they check if the password is one of the most common ones used
• If its not the common password list, then next thing to do is to start with a strong word list

Data interception:

It is a form of stealing data by tapping into a wired or wireless communication links. Interception in a
wired network can be carried out using a packet sniffer, which examines data packets being sent over a
network, intercepted data is sent back to hackers.

Wireless data interception can be carried out using war-driving. Using this method data can be intercepted
using a laptop or smartphone, antenna and a GPS device.

DOS (Denial of service attack) or DDOS (Distributed Denial of Service attack):

In this technique hackers send too many requests to the web server that it becomes unable to respond to
its actual users. This is usually temporary but very damaging.

Symptoms:

• Slow network performance

• Inability to access certain websites
• Large amount of spam emails

Preventions:

• Using an up-to-date malware checker

• Setting up a firewall to restrict traffic to and from the web server
• Applying email filters

Hacking:

Hacking is generally the act of gaining illegal access to a computer system without the user’s permission.
This can lead to identity theft or gaining access to personal information.

Page 3 of 9
Malware:

Malware is one the biggest risks to the integrity and security of data. There are many forms of malware.
Some of them are as follows:

i. Viruses: these are programs or program code that replicate with intention of deleting or
corrupting files, or causing a computer to malfunction. Viruses need an active host program
on the target computer that has already been infected, before they can run and cause harm.

ii. Worms: these are type of standalone malware that can self-replicate and spread to other
computers in a network. They don’t need any active host program to be opened in order to do
any damage. They remain inside applications which allow them to move throughout
networks.

iii. Trojan horse: It’s a program which is often disguised as legitimate software but with
malicious instructions embedded within it. They need to be executed by the user and therefore
usually arrive as an email attachments or are downloaded from an infected websites.

iv. Spyware: these are the malware that gather information when user presses keys from the key
board. This information like passwords or PINs are sent back to the hackers. Different
companies allow drop down menus to enter pins or passwords to protect user from spyware.

v. Adware: It will attempt to flood user’s computer with unwanted advertising. It may redirect
user’s browser to a website that contains promotional advertising.

vi. Ransomware: these are programs that encrypt data on user’s computer then wait until the
ransom money is paid. It has caused considerable damage to some companies and individuals.

Phishing:
In this techniques cybercriminal sends out legitimate looking emails to users. The emails may contain
links or attachments that take user to a fake website to get their personal information.

Preventions:

• Users need to be aware of new phishing scams and should get security awareness
• It is important not to click on any emails links unless totally certain
• It is important to run anti-phishing toolbars on browsers
• Always look out for https or the green padlock symbol in the address bar
• Popups should be blocked on web browsers Pharming:

Page 4 of 9
In this technique malicious code is installed on user’s computer. This code redirects the user’s browser to
fake website to get user’s personal information such as bank details.

Preventions:

• Use of anti-virus software

• Many modern browsers can alert users to pharming and phishing attacks.
• It is important to check spelling of websites

Social engineering:

Social engineering is the act of exploiting human weaknesses to gain access to personal information
and protected systems. Social engineering relies on manipulating individuals rather than hacking
computer systems to penetrate a target's account.

Examples of social engineering range from phishing attacks where victims are tricked into providing
confidential information

It can be done by following:

• Fear: the user is panicked into believing their computer is in immediate danger and is not given
time to logically decide if the danger is genuine or not

• Curiosity: the user can be tricked into believing they have won a car and user can send credit card
detail to pay for delivery etc.

• Empathy and trust: a real belief that all genuine-sounding companies can be trusted. Cyber
criminals can exploit it.

Page 5 of 9
Keeping data safe from security threats:

Access levels:
User accounts can have different levels of access for different people. For example in hospital it wont be
appropriate for a cleaner to have access to medical data about patient. There are usually four access
levels:

• Public access , this involves the data anyone can access

• Friends: certain access can given to the friends
• Custom: someone can read data only and someone can both read and write
• data owner: it means only owner of the data can get access to it

Anti-malware:

Anti-malware and anti-spyware can be used.

Page 6 of 9
Authentication Techniques:
Username / User-Id:

Username or User-Id is created by network administrator to authenticate any user. It’s a unique
name that is allotted to users so that they can access the resources available on the network
within any domain. Access rights are defined for different users that provide a limited/restricted
access to the network.

Password: Every user has to enter his password after giving user-id for successful login. It’s a
unique string with combination of letters, numbers punctuations etc. It appears in such a form
which can’t be understood by anyone who is looking. It provides more security to the user.

Rules:

• Password should be complex so that any other person can’t guess it.

• Commonly used names or words e.g. country name, personal name should not be used
because these can easily be guessed.

• Frequently change your password It provides more security Biometric Testing

Techniques:

In this technique unique physical human body marks are entered in computer and authenticated.
These can be finger prints, retina eye scanners etc.

Biometric features are recorded into a database first. All the biometric features are compared
with already stored images in database; if they match then the user is correctly recognized.

Some benefits and drawbacks can be learned from book.

Two-step verification:

Two-step verification is a process that involves two authentication methods performed one after the
other to verify that someone or something requesting access is who or what they are declared to be.
For example transferring amount from one’s account to another after certain verification one time
password/ OTP is sent to user’s email or mobile for further verifications.

• User enters website user name and password

• One-time authentication code is sent to user
• User takes note of OTP code
• User enters the one-time code/pin
• User is authenticated and allowed to access website to order items.
Firewalls:

Page 7 of 9
A firewall can be either software or hardware. It sits between the user’s computer and an external
network. It stops unknown network traffic.

Features:

• Examine network terrific between the user’s computer and public network
• Check whether incoming and outgoing data meet certain standard of security
• Undesirable IPs can be listed to stop unknown network terrific
• Produces warning if some software is trying to get access to external sources

Firewalls can’t do the followings:

• Firewalls can’t prevent individuals, on internal network, using their own modems to
bypass firewall
• Employees’ misconduct or carelessness can’t be controlled by firewalls • Users can
disable firewalls

A proxy server
It can work with firewalls and allow networked computers to connect with internet. It provides
restricted access to internet.

Proxy Servers

• Allow internet terrific to be filtered; these can block certain websites

• By using cache memory they can speed up access to information from websites
• These can keep IP addresses secret
• Can act as a firewalls

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted links
between a server and a client—typically a web server (website) and a browser; or a mail server and a mail
client (e.g., Outlook).

• SSL allows sensitive information such as credit card numbers, social security numbers,
and login credentials to be transmitted securely.

Page 8 of 9
9 of 9