Unit – 5

Recent Trends in Computer and Applications

• What is Network Security?

Network security involves protecting a network and its data from unauthorized access, cyber threats,
and misuse. It encompasses hardware, software, policies, and practices to safeguard the
confidentiality, integrity, and availability of the network. It defends against threats like hacking,
malware, denial-of-service (DoS) attacks, and data breaches.

• Critical Elements of Network Security

1. Confidentiality
Confidentiality ensures that information is accessible only to those who have permission to view or use
it. Unauthorized users are blocked from accessing or stealing sensitive data.

Techniques:
i) Encryption
-Converts data into unreadable code using cryptographic algorithms like AES (Advanced Encryption
Standard) or RSA. Only those with the decryption key can view the data.

ii) Access Controls:

-Ensures only authorized users have specific access levels. Examples include passwords, biometrics,
and role-based access.

iii) Data Masking

-Obscures sensitive data like credit card numbers, showing only the necessary parts.

Real-World Examples:
- Online banking uses encryption to ensure that your transaction details are protected from cybercriminals.
- File sharing within a company might require employees to log in with unique credentials.
2. Integrity
Integrity means ensuring that data remains consistent, accurate, and trustworthy throughout its lifecycle. It
prevents unauthorized changes, corruption, or tampering.

Techniques:
i) Checksums
Algorithms generate a unique string of characters (hash) for a file. If the file changes, its checksum
also changes, alerting to tampering.

ii) Digital Signatures

Cryptographic tools that verify the sender and ensure the message hasn’t been altered during transmission.

iii) Version Control Systems

Track and manage changes to data or code, ensuring rollback if tampering occurs.

Real-World Examples:
-A hospital system ensures that patient records remain accurate during transmission between departments.
-Email services use digital signatures to confirm the authenticity of the sender.

3. Availability
Availability ensures that network resources are accessible when users need them, without interruptions from
attacks, hardware failures, or natural disasters.
Techniques:
i) Redundancy
Using backup systems, servers, or networks that can take over if the primary system fails.

ii) Load Balancers

Distribute traffic evenly across servers to prevent overload.

iii) DDoS Mitigation

-Protects against Distributed Denial of Service attacks by filtering malicious traffic.
-Regular Maintenance: Keeps systems updated to prevent failures or exploits due to outdated software.
 Real-World Examples:
- E-commerce platforms like Amazon use redundant servers to ensure 24/7 availability.
- Banks use backup power supplies to keep ATMs operational during power outages.

• Foundation Concepts of Security

1. Authentication
Authentication ensures that users or devices trying to access the network are who they claim to be.

Types of Authentication:
i) Single-Factor Authentication (SFA): Uses one method, like a password.

ii) Two-Factor Authentication (2FA): Adds a second layer, like a one-time code sent to a mobile phone.

iii) Multi-Factor Authentication (MFA): Combines multiple layers, such as biometrics (fingerprints,
facial recognition), passwords, and security tokens.

2. Authorization
Authorization comes after authentication. It controls what resources the authenticated user or device can
access.

Methods:
i) Role-Based Access Control (RBAC): Access depends on a user's role (e.g., admin, user, guest).
ii) Policy-Based Access Control: Access is granted based on security policies (e.g., location or device
used).

3. Encryption
Encryption ensures data is encoded so that unauthorized parties cannot understand it, even if intercepted.

Types of Encryption:
i) Symmetric Encryption: Uses the same key for both encryption and decryption (e.g., AES).
ii) Asymmetric Encryption: Uses a pair of keys: public (for encryption) and private (for decryption), as in RSA.
 Applications:
- Virtual Private Networks (VPNs) encrypt internet traffic.
- Secure Socket Layer (SSL) or its successor Transport Layer Security (TLS) encrypts web data.

4. Firewalls
Firewalls monitor and control incoming and outgoing network traffic based on security rules.

They can block or allow traffic based on:

- IP address
- Port number
- Protocols

Types of Firewalls:
i) Packet-Filtering Firewalls: Inspects packets and filters based on rules.
ii) Stateful Inspection Firewalls: Tracks active connections to filter packets dynamically.
iii) Next-Generation Firewalls (NGFW): Combines traditional firewalls with advanced features like
intrusion detection.

5. Intrusion Detection and Prevention Systems (IDPS)

i) Intrusion Detection Systems (IDS): Monitors traffic and alerts administrators of suspicious activities
but doesn’t block them.
ii) Intrusion Prevention Systems (IPS): Detects and actively blocks malicious activities.

• Threat Models

1. External Threats
Attacks by individuals or groups outside the network.
Examples:
Phishing: Tricking users into revealing sensitive data through fake emails or websites.
Malware: Malicious software like viruses, worms, or ransomware designed to harm systems.

2. Internal Threats
Threats from employees, contractors, or other trusted individuals within the organization.
Examples:
 - Deliberate data theft by a disgruntled employee.
- Accidental misconfigurations exposing systems to risks.

3. Human Error
Examples:
- Employees falling for phishing attacks.
- Forgetting to apply security updates to critical software.

4. Advanced Persistent Threats (APTs)

Highly sophisticated, targeted attacks, often state-sponsored.
Stages:
1. Reconnaissance: Attackers gather information about the target.
2. Exploitation: Vulnerabilities are exploited to gain access.
3. Persistence: Attackers establish long-term access, often undetected.

• Web Applications

A web application is a software program that runs on a web server and is accessed through a web browser
over the internet. Unlike traditional software, it doesn’t require installation on a user’s device, making it
versatile and easy to access.

• Motivation for Web Applications

Web applications have become popular for several reasons:

1. Ease of Access
o Web applications are accessible from anywhere with an internet connection, using any device with a
browser.
o There’s no need to install software, making them ideal for users who frequently switch devices.
2. Cross-Platform Compatibility
o They work on various operating systems like Windows, macOS, and Linux since they rely on browsers.
3. Cost-Effectiveness
o Users often don’t need expensive hardware or high-end devices to run web applications.
o Organizations save on distribution and maintenance costs.
4. Centralized Management
o Updates and maintenance are handled on the server, ensuring all users always access the latest version
without manual updates.
5. Scalability
o Web applications can easily scale to handle increased user traffic or new features with minimal
downtime.
6. Real-Time Collaboration
o Many web applications, such as Google Docs, support simultaneous collaboration among users in
different locations.

• Categories of Web Applications

Web applications can be broadly categorized based on functionality and usage:

1. Static Web Applications

o Contain fixed content that doesn’t change dynamically.
o Built with HTML and CSS.
o Example: Portfolio websites or company information pages.
2. Dynamic Web Applications
o Content changes dynamically based on user interaction or input.
o Often include a backend with databases and scripting languages like PHP or Python.
o Example: Social media platforms like Facebook.
3. Single-Page Applications (SPA)
o Load a single HTML page that dynamically updates as the user interacts with it.
o Commonly use frameworks like Angular, React, or Vue.js.
o Example: Gmail or Google Maps.
4. Multi-Page Applications (MPA)
o Consist of multiple pages where each action or navigation requires loading a new page from the server.
o Example: E-commerce websites like Amazon.
5. E-Commerce Web Applications
o Designed for online shopping and transactions.
o Feature catalogs, payment gateways, and user accounts.
o Example: Shopify, Flipkart.
6. Content Management Systems (CMS)
o Enable users to create, edit, and manage content without needing programming knowledge.
o Example: WordPress, Drupal.
7. Progressive Web Applications (PWA)
o Combine web and native app features.
o Can be installed on a device and work offline using cached data.
o Example: Twitter Lite, Starbucks PWA.
8. Enterprise Web Applications
o Built for business operations like resource management, payroll, or customer relations.
o Example: Salesforce, Microsoft Dynamics.
9. Portal Web Applications
o Provide personalized access to various services and data.
o Example: University student portals or government service portals.

• Characteristics of Web Applications

Web applications have several defining features:
1. Browser-Based Access
o Operate through web browsers like Chrome, Firefox, or Safari, requiring no installation.
2. Platform Independence
o Work on any device or operating system as long as a compatible browser is available.
3. User Interactivity
o Enable user inputs through forms, interactive dashboards, or chat interfaces.
4. Dynamic Content Delivery
o Content changes based on user preferences, inputs, or location.
5. Network Dependency
o Require an active internet connection for full functionality (except for PWAs with offline support).
6. Centralized Data Storage
o Data is stored on a server or cloud, making it accessible from multiple devices.
7. Scalability
o Can handle increasing numbers of users or data with appropriate backend infrastructure.
8. Security Features
 o Utilize measures like HTTPS, authentication, and encryption to protect user data.
9. Continuous Updates
o Updates are seamless and do not require user intervention, as they occur on the server side.
10. Real-Time Functionality
o Features like live chats, notifications, or real-time collaboration enhance user experience.
11. Responsive Design
o Automatically adjust to fit screens of different sizes, from desktops to mobile devices.

12. APIs and Integration

o Can integrate with third-party services via APIs for enhanced functionality, like payment gateways or
map services.

• Data Protection and Intellectual Property Rights (IPR)

Data protection refers to safeguarding data from unauthorized access, misuse, or breaches, ensuring
confidentiality, integrity, and legal compliance. A significant aspect of this is protecting intellectual property
rights (IPR), which safeguard creators' and inventors' rights over their intellectual work.

• Intellectual Property Rights (IPR)

IPR are legal rights granted to individuals or organizations for creations of the mind. These rights ensure
creators can benefit from their innovations, art, or brand identity.

✓ Key Types of IPR

1. Copyright

o Protects original literary, artistic, musical, and dramatic works.

o Examples: Books, songs, software, movies.

o Duration: Usually lasts the creator's lifetime + 50-70 years (depending on jurisdiction).

o Purpose: Prevents unauthorized copying, distribution, or adaptation of work.

2. Patent

o Protects new inventions or processes that offer a novel solution or improvement.

o Examples: A new drug formula, a unique machine design.

o Duration: Typically, 20 years from the filing date.

o Purpose: Grants the inventor exclusive rights to produce and commercialize the invention.

3. Trademark

o Protects logos, symbols, brand names, or slogans that distinguish a product or service.

o Examples: Nike's swoosh logo, Coca-Cola's brand name.

o Duration: Renewable every 10 years.

o Purpose: Prevents others from using similar branding that could confuse consumers.

• Violation of IPR

Violating intellectual property rights involves unauthorized use, copying, or distribution of protected works.
Common types of IPR violations include:

1. Plagiarism

• Definition: Presenting someone else’s work, ideas, or words as your own without proper attribution.

• Examples:

o Copying a paragraph from a research paper without citing the source.

o Submitting someone else’s design or code as part of your project.

• Implications: Although not always illegal, plagiarism is unethical and violates academic or professional
integrity.

2. Copyright Infringement

• Definition: Unauthorized use, reproduction, or distribution of copyrighted material.

• Examples:

o Sharing movies or music without the copyright holder's permission.

o Using images or text from a website without permission or attribution.

• Legal Consequences: Fines, lawsuits, or removal of the content.

3. Trademark Infringement
• Definition: Unauthorized use of a trademarked name, logo, or slogan that may confuse customers.

• Examples:

o Selling counterfeit goods using a famous brand’s logo.

o Using a similar name for a product that leads customers to think it’s associated with the original brand.

• Legal Consequences: Lawsuits demanding compensation and cessation of the infringing activity.

• Indian Information Technology Act (IT Act, 2000)

The Indian Information Technology Act, 2000, was enacted to provide a legal framework for electronic
governance, combat cybercrimes, and promote secure electronic transactions. It is India's primary legislation
addressing cyber laws and electronic commerce.

• Key Objectives of the IT Act

1. Legal Recognition of Electronic Transactions

o Ensures contracts, signatures, and records in electronic form are legally valid and enforceable.

2. Prevent Cybercrime

o Establishes legal provisions to deal with hacking, identity theft, data breaches, and other digital offenses.

3. Encourage E-Governance

o Supports electronic filing of documents, digital communication, and online services offered by government
agencies.

4. Secure Electronic Data

o Promotes secure methods of data communication and handling to protect sensitive information from
unauthorized access.

• Key Features of the IT Act, 2000

1. Digital Signatures and E-Signatures

o Provides legal recognition to digital signatures, ensuring the authenticity of electronic documents.
o Digital signatures are verified through certifying authorities (CAs).

2. E-Governance Provisions

o Enables government agencies to adopt electronic means for document submission, approvals, and
communication.

3. Certifying Authorities

o Certifying authorities (CAs) are responsible for issuing digital certificates, verifying digital identities, and
ensuring secure communication.

4. Admissibility of Electronic Evidence

o Electronic records and digital documents are admissible in Indian courts as evidence.

5. Cyber Offenses and Penalties

o Defines cybercrimes and prescribes penalties for offenses like hacking, phishing, identity theft, and
cyberstalking.

6. Data Protection

o Mandates reasonable security practices to safeguard sensitive personal data from breaches and misuse.