1|Page

The Internet & the World Wide Web

What is the Internet?

 The Internet is a global network of networks

 The Internet is the most well-known Wide Area Network (WAN)

 The Internet is the infrastructure used to provide connec vity to the World Wide Web

What is the World Wide Web?

 The world wide web, or simply the web, is a collec on of websites and web pages that are accessed using
the internet

 It was created in 1989 by Tim Berners-Lee, who envisioned it as a way to share and access informa on on a
global scale

 The web consists of interconnected documents and mul media files that are stored on web servers around
the world

 Web pages are accessed using a web browser, which communicates with web servers to retrieve and display
the content

HTTP & HTTPS

What is HTTP & HTTPS?

 Hypertext Transfer Protocol (HTTP) allows communication between clients and servers
for website viewing
 HTTP & HTTPS are protocols, a set of rules governing communication between devices
on a network
 HTTP allows clients to receive data from the sever (fetching a webpage) and send data to
the server (submitting a form, uploading a file)
 HTTPS works in the same way as HTTP but with an added layer of security
 All data sent and received using HTTPS is encrypted
 HTTPS is used to protect sensitive information such as passwords, financial information
and personal data
2|Page

Web Browser
What is a web browser?

 A web browser is a piece of software used to access and display information on the
internet
 A web browser displays web pages by rendering hypertext markup language (HTML)
 Web browsers interpret the code in HTML documents and translate it into a visual
display for the user

Functions of a web browser

Function
Render HTML
Provide navigation tools
Storing bookmarks & favourites
Storing cookies
Record user history
Provide address bar
Multiple tabs
Description
Display the web page
E.g. back/forward buttons and home button, to help users move between
pages
Allow users to save links to frequently visited websites and access them
easily
Cookies
Allow users to quickly revisit recently viewed web pages
A place for user to type in the URL (link to URL page) of a web page to
visit
Allow multiple web pages to be open at once so users can quickly
switch between them

Loading a Web Page

How is a web page loaded?

 Web pages are held on web servers (1), known as 'hosting'

 To access a web page on a web server, a web browser is used
 In the browser, a user enters a web page URL (2)
 The browser sends the domain name to a DNS (3)
 The browser connects to the web server and requests to access the page
 HTML (4) is transferred and rendered by the browser, displaying the web page

Web Servers (1)

What is a web server?

 A web server is a remote computer that stores the files needed to display a web
page on the Internet
 Web servers are generally available 24/7 and security is managed by the owner of the
hardware
 Web servers provide access to multiple users at the same time
3|Page

Uniform Resource
Locator (URL) (2)
What is a URL?

 A Uniform Resource Locator (URL) is a unique identifier for a web page, known as
the website address
 It is text based to make it easier to remember
 A user enters a URL into a web browser to view a web page
 An example of a URL is:

https://www.savemyexams.com/igcse/computer-science/cie/23/revision-notes/

 A URL can typically be split into three parts:

o Protocol
o Domain name
o Web page/file name
 Using the example about the URL would be split as follows:

Communication method to transfer data between c

Protocol https
server
Domain name www.savemyexams.com Name of the server where the resource is located
Web page/file /igcse/computer-science/cie/23/revision-
Location of the file or resources on the server
name notes/
Domain Name System (DNS) (3)
What is a DNS?

 The Domain Name System (DNS) can be thought of as the Internet's equivalent to a phone
book
 It is essentially a directory of domain names and is used to translate human-readable
domain names to the numeric IP addresses that computers use
 When you type a URL into your browser, the DNS translates the domain name into its
associated IP address so your computer can connect to the server hosting the website
 Without DNS, we would have to remember the IP address of every site we want to visit

HTML (4)
What is HTML?

 Hypertext Markup Language (HTML), is the foundational language used to structure and
present content on the web
 HTML consists of a series of elements, often referred to as "tags"
 Most tags are opened and closed e.g. <html> and </html>, whereas some tags are only
opened e.g. <img> and <link>
4|Page

Structure

 HTML is used to define the basic structure of a webpage by organising content

into sections such as headers, paragraphs, and footers
 The <html> tag is the root element of an HTML page and includes all other HTML elements
used to create a page structure

<!DOCTYPE html>
<html>
<head>
<title>My Web Page</title>
</head>
<body>
<header>
<h1>Welcome to My Website</h1>
</header>
<main>
<section>
<h2>About Me</h2>
<p>This is a paragraph about me.</p>
</section>
<section>
<h2>My Projects</h2>
<p>This is a paragraph about my projects.</p>
</section>
</main>
<footer>
<p>Contact: [email protected]</p>
</footer>
</body>
</html>
 In this example, HTML is used to create a structure with a header, two sections in the main
body, and a footer
 Other examples of HTML being used for structure include:
o Creating lists to structure information
o Positioning of text on the screen
o Embedding media and interactive elements

Present

 HTML is also used to present and display information in a visually meaningful way
 The content layer of a web page is made up of HTML elements such as headings (<h1>,
<h2>, etc.), paragraphs (<p>), links (<a>), images (<img>), and more
 This layer is mainly handled by CSS (Cascading Style Sheets)

<!DOCTYPE html>
<html>
<body>
<h1>Welcome to My Website</h1>
<p>This is a paragraph introducing the content of the website.</p>

<h2>Subheading 1</h2>
<p>Here is some detailed information under the first subheading.</p>

<h2>Subheading 2</h2>
<p>Another section with more information.</p>

<p><strong>Bold text</strong> and <em>italic text</em> can emphasise important points.</p>

</body>
</html>
5|Page

 In this example, headings (<h1>, <h2>) and text formatting tags (<strong>, <em>) are used
to present the content clearly and with emphasis
 Other examples of HTML being used to present information include:
o Presenting data in a table
o Displaying images with captions

Worked Example

A company sells products over the Internet.

Explain how the information stored on the company’s website is requested by the customer, sent
to the customer’s computer and displayed on the screen.

[7]

Answer

Seven from:

Requested

 a web browser is used

 user enters the URL / web address (into the address bar) // clicks a link containing
the web address // clicks an element of the webpage
 the URL / web address specifies the protocol
 protocols used are Hyper Text Transfer Protocol (HTTP) / Hyper Text Transfer
Protocol Secure (HTTPS)

Sent

 the URL / web address contains the domain name

 the domain name is used to look up the IP address of the company
 the domain name server (DNS) stores an index of domain names and IP addresses
 web browser sends a request to the web server / IP address

Received

 Data for the website is stored on the company’s web server

 webserver sends the data for the website back to the web browser
 web server uses the customer’s IP address to return the data
 the data is transferred into Hyper Text Mark-up Language (HTML)
 HTML is interpreted/rendered by the web browser (to display the website)
6|Page

Cookies
What is a cookie?

 A cookie is a tiny data file stored on a computer by browser software that holds
information relating to your browsing activity
 Typically a cookie will contain:
o Browsing history - what websites you have visited
o Login information - usernames & passwords
o Preferences - language/font size/themes
 The two types of cookie are:
o Session - Created and replaced every time a user visits a website
o Persistent - Created and saved the first time a user visits a website, retained until
they expire

What is the Privacy and Electronic Communications Regulations (2003)?

 The Privacy and Electronic Communications Regulations (2003) is a law that governs the
use of cookies
 Any website that wants to store a cookie must:
o Tell users the cookies are there
o Explain what the cookies are doing
o Obtain users consent to store the cookie

Digital Currency
What is digital currency?

 Digital currency is one that only exists in digital form

 Currency is stored in digital wallets or accounts, there is no physical bank
notes or coins
 It can be exchanged online to pay for goods and services or for transferring money
internationally
 Unlike traditional currencies, digital currency is not controlled or monitored by central
banks or government (decentralised)
 This can make digital currencies highly volatile, their value can fluctuate rapidly in a short
period of time
 Digital currency investment can be risky due the volatility
 Digital currency can also be known as crypto currency
 All transactions made using crypto currency are publicly available and tracked
using cryptography
 Examples include
o Bitcoin
o Ethereum

Examiner Tips and Tricks

In the IGCSE exam digital currency and crypto currency are the same thing, although in real life
they are not strictly the same thing.
7|Page

Blockchain
What is a blockchain?

 A blockchain is a digital ledger that records every transaction made with a particular digital
currency
 Transactions are time-stamped and added to the blockchain in
a permanent and unalterable way
 A blockchain is a decentralised technology, meaning that it is not controlled by a single
entity or authority
o Instead, every participant in the network has a copy of the ledger and can verify
the transactions independently
 The blockchain is made up of "blocks" of transactions that are linked together in a "chain"
using cryptographic algorithms
o This creates a secure and tamper-proof record of every transaction made with the
digital currency
 Each transaction in the blockchain must be verified by multiple participants in the
network
o This verification process ensures that the transaction is legitimate and prevents
any fraudulent activity

Forms of cyber security threat

 Computers face a variety of forms of attack and they can cause a large number of issues
for a network and computers
 The main threats posed are:
o Brute-force attacks
o Data interception & theft
o DDos attack
o Hacking
o Malware
o Pharming
o Phishing
o Social engineering

Brute Force Attack

What is a brute-force attack?

 A brute force attack works by an attacker repeatedly trying multiple combinations of a

user's password to try and gain unauthorised access to their accounts or devices
 An example of this attack would be an attacker finding out the length of a PIN code, for
example, 4-digits
 They would then try each possible combination until the pin was cracked, for example
o 0000
o 0001
o 0002
 A second form of this attack, commonly used for passwords is a dictionary attack
 This method tries popular words or phrases for passwords to guess the password as
quickly as possible
 Popular words and phrases such as 'password', '1234' and 'qwerty' will be checked
extremely quickly.
8|Page

Data interception
What is data interception & theft?

 Data interception and theft is when thieves or hackers

can compromise usernames and passwords as well as other sensitive data
 This is done by using devices such as a packet sniffer
 A packet sniffer will be able to collect the data that is being transferred on a network
 A thief can use this data to gain unauthorised access to websites, companies and more

DDoS Attack
What is a DDoS attack?

 A Distributed Denial of Service Attack (DDoS attack) is a large

scale, coordinated attack designed to slow down a server to the point of it
becoming unusable
 A server is continually flooded with requests from multiple distributed
devices preventing genuine users from accessing or using a service
 A DDoS attack uses computers as 'bots', the bots act as automated tools under the
attackers control, making it difficult to trace back to the original source
 A DDoS attack can result in companies losing money and not being able to carry out their
daily duties
 A DDoS attack can cause damage to a company's reputation

Hacking
What is hacking?

 Hacking is the process of identifying and exploiting weaknesses in a computer system

or network to gain unauthorised access
 Access can be for various malicious purposes, such as stealing data, installing malware,
or disrupting operations
 Hackers seek out opportunities that make this possible, this includes:
o Unpatched software
o Out-of-date anti-malware

Malware
What is malware?

 Malware (malicious software) is the term used for any software that has been created with
malicious intent to cause harm to a computer system
 Examples of issues caused by malware include
o Files being deleted, corrupted or encrypted
o Internet connection becoming slow or unusable
o Computer crashing or shutting down
 There are various types of malware and each has slightly different issues which they cause

Malware What it Does

Virus  Contains code that will replicate and cause unwanted and unexpected events to occur
9|Page

 Examples of issues a user may experience are

o Corrupt files
o Delete data
o Prevent applications from running correctly

 Very similar to viruses, main difference being that they spread to other drives and computer
network
 Worms can infect other computers from
o Infected websites
Worms
o Instant message services
o Email
o Network connection

 Sometimes called a Trojan Horse

Trojan  Trojans disguise themselves as legitimate software but contain malicious code in the backgro

 Allow a person to spy on the users' activities on their devices

 Embedded into other software such as games or programs that have been downloaded
Spyware from illegitimate sources
 Can record your screen, log your keystrokes to gain access to passwords and more

 Displays adverts to the user

 Users have little or no control over the frequency or type of ads
Adware
 Can redirect clicks to unsafe sites that contain spyware

 Locks your computer or device and encrypts your documents and other important files
 A demand is made for money to receive the password that will allow the user to decrypt the
Ransomware
 No guarantee paying the ransom will result in the user getting their data back

Pharming
What is pharming?

 Pharming is typing a website address into a browser and it being redirected to a 'fake'
website in order to trick a user into typing in sensitive information such as passwords
 An attacker attempts to alter DNS settings, the directory of websites and their matching IP
addresses that is used to access websites on the internet or change a users browser
settings
 A user clicks a link which downloads malware
 The user types in a web address which is then redirected to the fake website
10 | P a g e

How can you protect against it?

 To protect against the threat of pharming:

o Keep anti-malware software up to date
o Check URLs regularly
o Make sure the padlock icon is visible

Phishing
What is phishing?

 Phishing is the process of sending fraudulent emails/SMS to a large number of people,

claiming to be from a reputable company or trusted source
 Phishing is an attempt to try and gain access to your details, often by coaxing the user to
click on a login button/link

Social Engineering
What is social engineering?

 Social engineering is exploiting weaknesses in a computer system by targeting the

people that use or have access to them
 There are many forms of social engineering, some examples include
o Fraudulent phone calls: pretending to be someone else to gain access to their
account or their details
o Pretexting: A scammer will send a fake text message, pretending to be from the
government or human resources of a company, this scam is used to trick an
individual into giving out confidential data
 People are seen as the weak point in a system because human errors can lead to
significant issues, some of which include:
o Not locking doors to computer/server rooms
o Not logging their device when they're not using it
o Sharing passwords
o Not encrypting data
o Not keeping operating systems or anti-malware software up to date

Worked Example

A company is concerned about a distributed denial of service (DDoS) attack.

11 | P a g e

(i) Describe what is meant by a DDoS attack.

[4]

(ii) Suggest one security device that can be used to help prevent a DDoS attack.[1]

Answers

(i) Any four from:

 multiple computers are used as bots

 designed to deny people access to a website
 a large number / numerous requests are sent (to a server) …
 … all at the same time
 the server is unable to respond / struggles to respond to all the requests
 the server fails / times out as a result.

(ii)

 firewall OR proxy server

Access Levels
What are access levels?

 Access levels ensure users of a network can access what they need to access and do
not have access to information/resources they shouldn't
 Users can have designated roles on a network
 Access levels can be set based on a user's role, responsibility, or clearance level
o Full access - this allows the user to open, create, edit & delete files
o Read-only access - this only allows the user to open files without editing or deleting
o No access - this hides the file from the user
 Some examples of different levels of access to a school network could include:
o Administrators: Unrestricted - Can access all areas of the network
o Teaching Staff: Partially restricted - Can access all student data but cannot access
other staff members' data
o Students: Restricted - Can only access their own data and files
 Users and groups of users can be given specific file permissions

Anti Malware
What is anti-malware software?

 Anti-malware software is a term used to describe a combination of different software to

prevent computers from being susceptible to viruses and other malicious software
 The different software anti-malware includes are
o Anti-virus
o Anti-spam
o Anti-spyware

How does anti-malware work?

12 | P a g e

 Anti-malware scans through email attachments, websites and downloaded files to search
for issues
 Anti-malware software has a list of known malware signatures to block immediately if they
try to access your device in any way
 Anti-malware will also perform checks for updates to ensure the database of known
issues is up to date

Authentication
What is authentication?

 Authentication is the process of ensuring that a system is secure by asking the user
to complete tasks to prove they are an authorised user of the system
 Authentication is done because bots can submit data in online forms
 Authentication can be done in several ways, these include
o Usernames and passwords
o Multi-factor authentication
o CAPTCHA - see example below
13 | P a g e

Biometrics

 Biometrics use biological data for authentication by identifying unique physical

characteristics of a human such as fingerprints, facial recognition, or iris scans
 Biometric authentication is more secure than using passwords as:
o A biometric password cannot be guessed
o It is very difficult to fake a biometric password
o A biometric password cannot be recorded by spyware
14 | P a g e

o A perpetrator cannot shoulder surf to see a biometric password

Automating Software Updates

What are automatic software updates?

 Automatic software updates take away the need for a user to remember to keep software
updated and reduce the risk of software flaws/vulnerabilities being targeted in out of
date software
 Automatic updates ensure fast deployment of updates as they release

Communication
What is communication?

 One way of protecting data is by monitoring digital communication to check for errors in
the spelling and grammar or tone of the communication
 Phishing scams often involve communication with users, monitoring it can be effective as:
o Rushed - emails and texts pretending to be from a reputable company are focused
on quantity rather than quality and often contain basic spelling and grammar errors
o Urgency - emails using a tone that creates panic or makes a user feel rushed is
often a sign that something is suspicious
o Professionalism - emails from reputable companies should have flawless spelling
and grammar

URL
How to check a URL?

 Checking the URL attached to a link is another way to prevent phishing attacks
 Hackers often use fake URLs to trick users into visiting fraudulent websites
o e.g. http://amaz.on.co.uk/ rather than http://amazon.co.uk/
 If you are unsure, always check the website URL before clicking any links contained in
an email

Firewalls
What is a firewall?

 A firewall monitors incoming and outgoing network traffic and uses a set of rules to
determine which traffic to allow
 A firewall prevents unwanted traffic from entering a network by filtering requests to ensure
they are legitimate
 It can be both hardware and software and they are often used together to provide stronger
security to a network
o Hardware firewalls will protect the whole network and prevent unauthorised traffic
o Software firewalls will protect the individual devices on the network, monitoring the
data going to and from each computer

What form of attack would this prevent?

15 | P a g e

 Hackers
 Malware
 Unauthorised access to a network

Privacy Settings
What are privacy settings?

 Privacy settings are used to control the amount of personal information that is shared
online
 They are an important measure to prevent identity theft and other forms of online fraud
 Users should regularly review their privacy settings and adjust them as needed

Proxy Servers
What is a proxy server?

 A proxy-server is used to hide a user's IP address and location, making it more difficult
for hackers to track them
 They act as a firewall and can also be used to filter web traffic by setting criteria for
traffic
 Malicious content is blocked and a warning message can be sent to the user
 Proxy-servers are a useful security measure for protecting against external security threats
as it can direct traffic away from the server

SSL
What is SSL?

 Secure Socket Layer (SSL) is a security protocol which is used to encrypt

data transmitted over the internet
 This helps to prevent eavesdropping and other forms of interception
 SSL is widely used to protect online transactions, such as those involving credit card
information or other sensitive data
 It works by sending a digital certificate to the user’s browser
 This contains the public key which can be used for authentication
 Once the certificate is authenticated, the transaction will begin

Worked Example

(i) ) Identify a security solution that could be used to protect a computer from a computer virus,
hacking and spyware.

Each security solution must be different

Threat Security solution

Phishing
DDoS attack
Hacking
[3]
16 | P a g e

(ii) Describe how each security solution you identified in (i) will help protect the computer.

[6]

Answers

(i)

Threat Security solution

Phishing Monitoring communication
Brute force attack Authentication
Hacking Firewall/Biometrics
(ii) Two marks for each description

 Monitoring communication
o Checking for spelling & grammar errors
o Reading tone, is the user being rushed? // is the user made to panic?
 Authentication
o Checks the user is they say they are
o Captcha proves they are not a bot
o Passwords lock out after a set number of attempts
 Firewall
o Monitors traffic coming into and out of the computer system
o Checks that the traffic meets any criteria/rules set
o Blocks any traffic that does not meet the criteria/rules set // set
blacklist/whitelist
 Biometrics
o Data needed to enter is unique to individual
o … therefore it is very difficult to replicate
o Lock out after set number of attempts