Difference between the internet and the world wide web

The two definitions:

The internet: the interconnection of networks which makes use of TCP and IP protocols
World Wide Web - massive collection of web pages and is based on hypertext transfer protocols

Internet World wide web

Can send and receive emails Collection of multimedia web pages

Allows for online chatting HTTP protocols are written using HTML

Makes use of TCP and IP protocols URLs are used to specify the location

Web Browser- software that allows users to connect and display web pages on the screen.

Example
https://www.hoddereducation.com/ict

https= protocol
www= domain host
hoddereducation=Web address
com=domain type

HTTP and HTTPS

HTTP is a set of rules to transfer data over the internet, and HTTPS is a secure version
of HTTP that encrypts the data being transmitted, providing an additional layer of
security using ssl and tls protocols.

Features of a web browser

● Has a home page
● Can store user’s favorites (bookmarks)
● Keeps history of websites visited
● Many web pages can be opened at the same time
● Makes use of cookies
system
DNS- it is a for finding IP addresses for a domain name given in a URL
Steps on how a DNS is used to locate and retrieve a web page:
1. The user types in the URL and the browser asks a DNS server for an ip address
for the site
2. If it can't find the site in its database, it sends a request to the DNS server
3. DNS server finds a matching IP address for the site and puts the ip address and
the URL into its database
4. This IP is sent back to the computer
5. The computer communicates with the web-server and the required pages are
downloaded. The browser will then interpret and display the information on the
computer

Cookies
● A website stores small text files on a user's device called cookies. They are used
to remember user preferences and browsing history, as well as to track user
behavior on the website.
There are two types of cookies ;
1. Session Cookies
2. Persistent cookies
Session Cookies-Session cookies are temporary cookies that expire when the user
closes their web browser. An example of the use of session cookies would be when a
user adds products to his/her shopping cart.This is stored in the RAM

Persistent cookies- Persistent cookies are the cookies that are stored Permanently and
do not delete when the user closes the web browser. An example for the use of
Persistent cookies would be typing the user's login details.This is stored in the Hard
Drive of the user’s computer.

USES of Persistent cookies:

1. Serves as memory
2. Tracks internet habits
3. Targets users with advertisement that match their buying or surfing habits

💳
4. Used in financial transaction
Digital Currency
● The term digital currency refers to a form of currency that is stored and
exchanged electronically. It does not exist as a physical currency like cash or
coins, but rather as a digital one.

💹
● Central banks are responsible for digital currencies
Crypto Currency
● Transactions in cryptocurrency are tracked using cryptography
 ● Crypto currency has no state control but rather set by the cryptocurrency
community itself
● There is public access to cryptocurrency transactions, and all transactions can
be tracked and the amount of money in the system can be monitored
● Cryptocurrency system works by being within a blockchain network, which
means it is much more secure
Differences between digital and crypto currency :
1. Digital currency is a type of currency that exists solely in digital form, while
cryptocurrency is a specific type of digital currency that uses cryptography for
security and operates independently of a central bank.
2. Digital currency can be issued by a central authority, such as a government or
central bank, while cryptocurrency is created through a process called mining,
which involves solving complex mathematical problems.
3. Digital currency is subject to government regulations, while cryptocurrency is
decentralized and operates independently of government oversight. This means
that the use and trading of cryptocurrency may not be subject to the same laws
and regulations as traditional digital currency.
4. Digital currency transactions are often traceable and linked to individuals, while
many cryptocurrencies are anonymous and cannot be traced

Blockchain is a de-centralised database with a growing list of blocks

● Whenever a new transaction takes place, a new block is created
● Each block in the chain contains a number of transactions, and every
block is linked to the block before it, creating a chain of blocks
● The block contains a timestamp , also known as a hash. It is a unique
identifier generated by a cryptographic algorithm.
● The block also contains the hash value of the previous block in the chain
● The first block in a block chain is known as the genesis block
● The data storage used in blockchains are known as non destructive
● Whenever a new transaction takes place, all the networked computers get
a copy of the transaction,
● Blockchains are policed by network users , known as ‘Miners’
 A block chain contains the following;
1. Data-for eg: name of recipient and sender
2. Hash Value-a unique value generated by an algorithm
3. Previous hash value

Cyber Security
Brute force attacks -a trial and error method used by hackers to crack the password by finding
all the possible combinations to the password.
Word list - collection of words used in brute force attacks
Cybercriminals attempts to crack a password:
1. They check if password is the most common ones such as 123456
2. If they can't crack it , they will use the word list and try to crack the
password
DDOS attack - attempt to prevent users from accessing part of the network. For eg: hacker
prevents users from accessing emails.

How does DDoS attacks work?

● User enters URL, and then request is sent to web server that contains the website
● However, the server can only handle a limited number of requests
● During this time , the hacker will take advantage and force computers to send a lot of
viewing requests to the web server
● This would lead to the server becoming overloaded and won't be able to respond to
user’s legitimate request
Signs DDoS Attacks
● Slow network performance
● Inability to access certain websites
● Large amount of spam email
Data interception- a form of stealing data by tapping into a wired or wireless
communication link. The intent is to steal confidential data.

● Data interception can be carried out using a packet sniffer, which examines data
packets sent over a network. The intercepted data is sent back to the hacker.

Ways to prevent data interception:

● Encryption of data using WEP
● Do not use data in public places

Hacking-An act of hacking is gaining illegal access to a computer system without the
user's permission. Data can be changed , passed on or even corrupted.
● Encryption does not stop hacking, it just makes data meaningless

Ways to prevent hacking:

● Using firewalls
● Using strong passwords

Malware- a malicious code with the intention of causing damage and stealing data

Types of malware-
1. Virus
2. Trojan horse
3. Worms
4. Spyware
 5. Adware
6. Ransomware

Virus- programs or program codes that self replicate with the intention of deleting or
corrupting files. Viruses require an active host to the target computer in order to actually
run.
● Viruses are usually sent in email attachments

Trojan horse- malware hidden away from the code of the software and which appears to
be harmless but isn't. However, the file has to be executed by the user in order to run.
Once installed, trojan horses will give cyber criminals the personal information of the
user , such as passwords.
Worms- A type of standalone malware that can self-replicate. However unlike viruses,
worms do not need an active host program to be opened in order to do any damage.

● Worms replicate themselves until it has taken the maximum capacity and no
further processing can take place
● They have the ability to spread through a network

Spyware- software that gathers information by monitoring a user’s activities carried out
on their computer
● Spyware can be removed from a software known as anti spyware
Adware- software that will attempt to flood users with unwanted advertising.

Ransomware- programs that encrypt data on a user’s computer and hold data hostage
until payment is received and sometimes the decryption key may, and may not be sent .

Phishing- sending out legitimate looking emails which are designed to trick the user in
giving their personal information. These links are considered as fake websites created
by the cyber criminal.

Ways to prevent phishing:

● Be aware of fake emails
● Look out for https in the address bar
● Be aware of popups

Pharming- Redirects users from a genuine website to a fake website, with the hope that
this change goes unnoticed.
 ● The change from the genuine site to the fake site is known as DNS cache
poisoning (altering IP addresses on a domain name server with the intention of
redirecting user to a fake website)
● User would then be prompted to provide login details and thus be stolen from the
cybercriminal
Pharming could be prevented :
● Use of antivirus
● Check spelling of website
● Check for the ‘s’ in the https protocol

Social engineering- users are manipulated into behaving in a way that they would not
normally do.
The threats:
1. Instant messaging- malicious links embedded into instant messages, for eg:
important software upgrade( based on user’s curiousity)
2. Scareware- pop up message that claims that the computer is infected with a
virus ( based on fear)
3. Emails- user is tricked by the apparent genuineness of an email and opens a link
that is not safe (based on trust)
4. Baiting- the cybercriminal leave a usb stick somewhere the user can find it, once
it is inserted into the pc it infects pc with virus (based on curiosity)
5. Phone calls- cybercriminal calls the user claiming that their device is
compromised in some way and user is advised to download special software
that would allow cybercriminal take over the user’s device (relies on fear)

Solutions and prevention:

Access levels- users in companies will be assigned different levels of access depending
on the role they have .
The different levels of access-
1. Public access
2. Friends
3. Custom
4. Data owner

Anti malware-
The two most common anti malware softwares are:
 1. Antivirus
2. Antispyware

Antivirus- a software that constantly scans documents, files and incoming data from the
internet .
● If a file is detected as harmful, the anti-virus will quarantine the file away from the
network, this will preventing it from multiplying and land on other parts of
network or hard drive
Anti Spyware- software that detects and removes spyware programs stored in the PC

Features of an Anti spyware -

● detects and removes spyware already installed on device
● Prevents user from downloading spyware
● Encryption of keyboard strokes
● Blocks access to user’s webcam and microphone
● Warns user if user’s information is stolen

Authentication- ability of users to prove who they are.

Types of authentication:
1. Usernames and passwords
2. Biometrics
3. Two step verification

Usernames and passwords- used to restrict access to data or systems

● Passwords should be strong enough for criminals to stop guessing them
● Run anti spyware to make sure that your passwords are being stolen
● Change passwords on a regular basis

Biometrics- a type of authentication that relies mainly on unique human characteristics.

● Fingerprint scans-
1. they are unique and there can improve security
2. Cannot be lost or stolen
3. Impossible to sign in since it will only match 1 person in database
However;
1. Relatively expensive to set up
2. Accuracy may be affected if finger is damaged
● Retina scans -use infrared light to scan unique pattern of blood vessels in a
person’s retina
1. Very high accuracy
 2. No way to replicate a person’s retina
However;
1. Can be very slow to verify retina scan
2. Very expensive
Two-step verification - requires two methods of authentication to confirm the identity of
a user. For example ; after logging in , a verification code would be sent to user’s device

Automatic software update-This ensures that applications such as ; the operating

system, antivirus and other pieces of software are up to date .
● These updates are important as it may contain patches that may update
software security
● However , these updates may disrupt a user’s device.

Checking Spelling and tone of communication and URL links-

● Check if there are spelling errors in emails
● Check the tone used in the wordings of the email
● Suspicious links

Firewalls-Can be either a software or a hardware.It sits between the user's computer

and an external network.
● In order to protect any computer from malware, hacking, phishing, and pharming,
these programs are the primary defense
● Main tasks carried out by a firewall;
1. Examines traffic between user’s computer and public network
2. Checks whether incoming or outgoing data meets given set of criterias, if data
fails to meet the criteria, the firewall will block the ‘traffic’
3. Criteria can be set so that firewall will block undesirable sites

Privacy settings-controls available on web browsers,social networks and other websites

That is designed to limit who can access them. Eg: do not track prompt in iphone

Proxy server- acts as an intermediate between a user and a web server

● Allows internet traffic to be filtered
● Keeps user’s ip address secret which improves security
● Prevents direct access to a web server
SSL- protocol which is often found on website where financial transactions take place

Steps taken when user wants to access a secure website and receive and send
data to it:
1. User’s browser sends a message so that it can connect with the required
website which is secured by SSL.
2. The browser requests that the web server identifies itself
3. The web server responds by sending a copy of its ssl certificate to the
user’s browser
4. If browser can authenticate this certificate , it send message back to web
server to allow communication to begin
5. Once the message is received the web server acknowledges the web
browser and the ssl encrypted 2 way data transfer begins.