Review

OS - Operating System
WWW - World wide web
Bits is the smallest unit
BIOS - Basic Input Output System
CPU - a core processing unit
RAM - random access memory
ROM - Read only Memory
HDD - Hard Disk Drive
SSD - Solid State Drives
-RAM (memory)
Size: 2GB - 32GB
Type: Temporary memory (primary)
Content: chips
Usage: When program is running
-HDD (storage)
Size: 128 GB - 2TB
Type: Permanent memory (secondary)
Content: Disk
Usage: Always on
-ROM
Memory Size: 4 MB - 8 MB
Type: Permanent
Content: Chips
Usage : Always on
Physical Size: Vary in size from less than an inch in length to multiple inches in
length and
width, depending on their use.
Function: Store the BIOS program on a computer motherboard.
-SSD
Memory Size: 100GB - 100TB or even more
Type: Permanent
Content: Disk
Usage: Always on
Physical Size: Most common SSD size is 2.5-inch – fits inside the drive bay of most
laptop or desktop computers.
Function: Permanently store files or data, such as photos, videos.

Computers Basic Knowledge

 1. Functionalities of Computers (input-storage-process-output)
taking input data →processing the data →returning the results →storing the
data

1. Hardware and Software (CPU, RAM, HDD, etc…, app, OS)

Two components of Computer
1. Hardware: Keyboard, mouse, monitor, touchpad, graphic cards, computer
data storage
2. Software: Google, Zoom, Safari, Firefox, Word
● Software - A set of instructions, data or programs used to operate
computers
and perform specific tasks.
types of hardware
a computer are the keyboard, the monitor, the mouse and the processing unit
types of software
● 1. System Software - Responsible for controlling and managing computers
→ Android, Windows, Chrome OS, IOS, Mac OS, Linux, Unix, DOS
● 2. Application Software - accomplish specific tasks other than just running
the computer system
A. App - Zoom, Edmodo, Chrome (browser), Instagram, Facebook,
WPS, MS office, Wechat
B. Web App - Google classroom, Google slides, Google sheets
2 parts of Hardware
● 1. Input: Mouse, scanner, keyboard, touch screen, webcams, microphone,
touchpad,
camera
● 2. Output: Printer, Monitor, speakers, headphones, projector, screen,
earphones, plotter

The software development lifecycle

The goal: to minimize project risks through forward planning

1. The 6 SDLC phases:

First phase:
1. Planning
Second phase:
2. Design (UI (User interface) / UX
(User experience))
Third phase:
3. Implement (coding part)
Fourth phase:
4. Test (QA developer → quality
assurance)
Fifth phase:
 5. Deploy
Sixth phase:
6. Maintain (server)

1. Measurement of unit (bit, byte, kilobyte, megabyte…)different

● 1 GB → 1024mb
● 1 KB → 1024 bytes
● 1 byte → 8 bits
● A bit can hold only one of two values: 0 or 1
● Bits → Binary digit

1. Binary-decimal

1. Classification on the basis of data handling

1. Analog
2. Digital
3. Hybrid

1. Classification on the basis of functionality

1. Server
2. Workstation
3. Information Appliances
4. Embedded computer

1. Classification of Computers
● Supercomputer
● Main frame (100 users)
● Mini computer (10-60 users)
● Micro computer - Laptop, desktop, mobile (pc)

1. 3 parts of CPU
1. ALU(Arithmetic Logic Unit): Executes all arithmetic and logical
operations.
2. CU (Control Unit): controls and coordinates computer components.
3. Registers: Stores the data that is to be executed next, "very fast
storage area".

1. 2 types of computer memories

1. Primary memory
a. RAM(Random Access Memory) - temporary type of memory
b. ROM(Read Only Memory)
2. Secondary memory - Stores data and programs permanently
a. HDD (Hard Disk Drive) - Permanent type of memory
SSD (Solid State Drive)
 b. Optical Disk
- CD (Up to 700 mb)
- Blue-ray(up to 8 gb)
c. Flash Disk

Data(raw)-information(processed)
1. ASCII (American Standard Code for information interchange)
*ASCII code is stored in OS
— 127 conversions — 8 bits
(total have 256 characters → 0-255)
● 212 → 11010100
● 8 bits → 128, 64, 32, 16, 8, 4, 2, 1
● 100 → 1100100
● 333: 256 128 64 32 16 8 4 2 1
1 0 1. 0 0 1 1 0 1
● 512 256 128 64 32 16 8 4 2 1→
1 1 0 1 1 1 1000
● 1011101 → 93
A-96-10010101010-CPU-A

1. Unicode (extended ASCII)

superset of ASCII – 16 bits or 32 bits – 4 bytes

1. RGB (0-255, 0-255, 0-255) pixels

Computer Networks
1. OSI Model (7 Layers)
● Software layers
7. Application Layer - closest to the users → human-computer interaction
layer, where
application can access the network services (Zoom)
6. Presentation Layer → ensure data is in a usable format and is where data
encryption
occurs (images/videos (mp4), sounds (mp4), texts(txt))
5. Session Layer - Communicates with Transport and presentation layer →
maintain
connections and is responsible for controlling ports and sessions
● Heart of OSI
4. Transport Layer - Manages the reliable transfer of data from the host to host
→
 transmits data using transmission protocols including TCP and UDP
● Hardware layers
3. Network Layer - Router devices operate → decide which physical path the
data will
take (IP address will be assigned) (ex.something might be wrong in our IP
address)
(where TCP/IP works)
2. Data Link Layer - Switches operate → defines the format of data on the
network
1. Physical Layer (all the hardware) - closest to the computer → transmits raw
bit
stream over the physical medium
- (layer 2) ARP address resolution protocol
- (layer 3) IP internet protocol
- (layer 4) Windowing
- (layer 5) bank’s website
OSI model invented in 1984
ISO international organization of standardization published the OSI model

1. Network types (LAN VPN WAN)

VPN - Virtual Private Network → encrypt data that we sent out - Building the
path to send datas
● TCP (Transmission control protocol) - operates at the Transport Layer

Information Security (Cyber Security)

*Info/Cyber Security
is the practice of protecting information by mitigating information risks. It is part of
information risk management.
prevent your info be stolen

1. CIA Triad ( Confidentiality, Integrity, Availability)

A. Confidentiality: is the process of keeping an organization or individual’s
data
private and ensuring only authorized people can access it.

e.g.）

- Encryption - scrambling data so only authorized parties can read it

- Access controls - limiting access to information to only authorized users
- Virtual Private Networks (VPNs) - creating secure, encrypted
connections for

remote users
B. Integrity: integrity refers to data that hasn’t been changed.

e.g.）

- Digital signatures - providing a way to verify the authenticity of a message

or
document
- Hashing - generating a unique code to verify the integrity of a file or
message
- Version control - tracking changes to a file or document to ensure its
integrity
C. Availability: ensures that the certain users can get timely and reliable access
to
the required resources whenever they need to.

e.g.）

- Redundancy - having backup systems in place to ensure continuity of

service
- Load balancing - distributing network traffic to prevent overload and
maintain
availability
- Disaster recovery planning - preparing for and minimizing downtime in
the
event of a
disaster or outage.
*Confidentiality/Integrity/Availability Be Breached: violate data confidentiality
through direct attacks

1. MFA(Multi-factor Authentication)
an authentication method that requires the user to provide two or more
verification factors to gain access to a resource.

1. Web attacks (DDos(botnet), MITM, Malware, SQL injection)

Malware 恶意软件

Malware is a term used to describe malicious software, including spyware,

ransomware, viruses, and worms. Malware breaches a network through a
vulnerability, typically when a user clicks a dangerous link or email attachment
that then installs risky software. Once inside the system, malware can do the
following:
 Blocks access to key components of the network (ransomware)
 Installs malware or additional harmful software
 Covertly obtains information by transmitting data from the hard drive
(spyware)
 Disrupts certain components and renders the system inoperable
Phishing 网络钓鱼

Phishing is the practice of sending fraudulent communications that

appear to come from a reputable source, usually through email. The goal
is to steal sensitive data like credit card and login information or to install
malware on the victim’s machine. Phishing is an increasingly common
cyberthreat.
Man-in-the-middle attack
Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur
when attackers insert themselves into a two-party transaction. Once the
attackers interrupt the traffic, they can filter and steal data.
Two common points of entry for MitM attacks:
1. On unsecure public Wi-Fi, attackers can insert themselves between a
visitor’s device and the network. Without knowing, the visitor passes all
information through the attacker.
2. Once malware has breached a device, an attacker can install software to
process all of the victim’s information.
Denial-of-service attack
A denial-of-service attack floods systems, servers, or networks with traffic to
exhaust resources and bandwidth. As a result, the system is unable to fulfill
legitimate requests. Attackers can also use multiple compromised devices to
launch this attack. This is known as a distributed-denial-of-service (DDoS)
attack.
SQL injection
A Structured Query Language (SQL) injection occurs when an attacker inserts
malicious code into a server that uses SQL and forces the server to reveal
information it normally would not. An attacker could carry out a SQL injection
simply by submitting malicious code into a vulnerable website search box.
Zero-day exploit
A zero-day exploit hits after a network vulnerability is announced but before a
patch or solution is implemented. Attackers target the disclosed vulnerability
during this window of time. Zero-day vulnerability threat detection requires
constant awareness
DNS Tunneling
DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over
port 53. It sends HTTP and other protocol traffic over DNS. There are various,
legitimate reasons to utilize DNS tunneling. However, there are also malicious
reasons to use DNS Tunneling VPN services. They can be used to disguise
outbound traffic as DNS, concealing data that is typically shared through an
internet connection. For malicious use, DNS requests are manipulated to
exfiltrate data from a compromised system to the attacker’s infrastructure. It
can also be used for command and control callbacks from the attacker’s
infrastructure to a compromised system.