Internet and World Wide Web (WWW)

Questions and Answers

What is the primary distinction between the Internet and the World Wide Web (WWW)?

• The Internet and WWW are interchangeable terms referring to the same concept.
• The Internet is a subset of the WWW, providing the physical infrastructure for it.
• The Internet is a tangible network of interconnected devices, while the WWW is a conceptual collection of interconnected networks.
• The Internet is a worldwide network, while the WWW is a way of accessing information on the Internet using web browsers. (correct)

Which component of a URL is responsible for specifying the rules for transferring data across the Internet?

• Domain name
• File name
• Path
• Protocol (correct)

Which of the following best describes the role of a web browser in accessing websites?

• It translates HTML code into a visual representation of a webpage for users. (correct)
• It regulates Internet traffic to ensure secure connections.
• It converts domain names into IP addresses to locate web servers.
• It physically stores all website content on a user's device.

What is the function of a Domain Name Server (DNS)?

To translate URLs into IP addresses. (A)

How do cookies enhance the user experience on websites?

By storing user preferences and browsing activity. (C)

What is the fundamental difference between session cookies and persistent cookies?

Session cookies expire when the browser is closed, while persistent cookies expire based on a set expiry date or deletion by the user. (D)

Why is blockchain technology considered secure for digital currency transactions?

It utilizes cryptography and decentralization, making transactions transparent and difficult to alter. (A)

How does proof-of-work contribute to the security of a blockchain?

By requiring significant computational effort to add new blocks, making it difficult for hackers to tamper with the blockchain. (B)

In the context of blockchain, what is the 'genesis block'?

The first block in the chain, not pointing to a previous block. (D)

Which statement accurately describes a brute force attack?

Attempting to guess passwords by systematically trying all possible combinations. (C)

What is the primary goal of data interception?

To steal data by tapping into a communication link. (A)

How does wardriving pose a threat to Wi-Fi network security?

By intercepting Wi-Fi signals using specialized equipment. (C)

Encryption can safeguard against wardriving, however, what is a drawback for relying solely on encryption?

Encryption makes data incomprehensible only if the hacker has the decryption key. (D)

What is the objective of a Denial of Service (DoS) attack?

To prevent users from accessing part of a network or server. (B)

Why is avoiding the use of complex passwords on wireless routers important for safeguarding against wardriving?

Complex passwords will safeguard the router against unauthorized access. (C)

Which of the following best describes a Distributed Denial of Service (DDoS) attack?

An attack where the spam traffic originates from many different computers. (C)

What is the primary distinction between hacking and ethical hacking?

Hacking is illegal and unauthorized, while ethical hacking is authorized and used to improve security. (B)

What is the key characteristic of a virus that distinguishes it from other types of malware?

It relies on needing to be attached to an active host program to cause harm. (B)

How does a worm typically spread from one computer to another?

By exploiting security failures within networks to permit them to spread unhindered. (B)

How does a Trojan horse deceive users?

By disguise as legitimate software with malicious instructions embedded within it. (A)

What is the main purpose of spyware?

To monitor activities and gather information. (D)

What is the defining characteristic of ransomware?

It encrypts data on a user's computer and demands a ransom for the decryption key. (A)

What is the key characteristic of phishing attacks?

They rely on the end user sending personal data to the sender of the email. (B)

How does pharming differ from phishing?

Pharming is initiated without the user needing to take any action, while phishing relies on the user to initiate some act. (A)

What is the primary objective of social engineering attacks?

To manipulate individuals into breaking normal security procedures. (D)

Within a computer system, what is achieved by implementing different access levels for different users?

It controls a user's rights, especially who has the right to read, write, and delete data. (A)

In the context of social networks, what does the 'custom' access level typically allow users to do?

Exclude certain content from selected people on the network. (D)

What is the role of anti-spyware software?

To detect and remove spyware programs installed illegally on a user's computer system. (D)

What is 'authentication' in the context of cybersecurity?

The ability of a user to prove who they are. (D)

Besides using strong passwords, what is an additional precaution when using an online company, if a user needs to reset their password?

The user should be sent an email which contains a link to a web page where they can reset their password. (B)

Which of the following is a characteristic of a good password?

It contains a mixture of upper and lowercase letters, numbers, and special characters. (B)

What is the purpose of using biometrics for security?

To identify a user by a unique characteristic of human beings. (C)

What is a drawback of fingerprint scanning?

If a person's fingers are damaged through an injury, this can have an effect on the scanning accuracy. (C)

What is the major benefit of retina scans?

They cannot be easily replicated. (D)

What is the purpose of Automatic Software Updates?

To protect against malware. (C)

When receiving emails, why should careful attention be paid to grammar and spelling?

Poor spelling is a sign that someone wants to create a type squatting URL. (C)

If something is wrong with your PayPal account, what should the email address end with for it to be legitimate?

PayPal only needs your user ID. (D)

What is two-step verification?

Providing two methods of authentication. (B)

Flashcards

Internet

Worldwide collection of interconnected networks.

World Wide Web (WWW)

Part of the Internet for accessing web pages using web browser software.

Uniform Resource Locator (URL)

Text address used to access websites.

Hypertext Transfer Protocol (HTTP)

Rules for transferring files across the internet.

HTTPS

Secure version of HTTP using encryption.

Web Browser

Software to access and display web pages.

Domain Name Server (DNS)

System for finding IP addresses for domain names.

Cookies

Small files stored on a user's computer by websites.

Session Cookies

Cookies without an expiry date, deleted when the browser closes.

Persistent Cookies

Cookies stored until expiry/deleted, remembering login details.

Digital Currency

Exists purely in digital format.

Blockchain

Decentralized database storing transactions across a network.

Hash Value

Unique value created for each block in a blockchain.

Genesis Block

The first block in a blockchain.

Proof-of-Work

Technique slowing block creation to protect blockchain integrity.

Brute Force Attack

Trying all combinations to find a password.

Common Password List

Standard passwords commonly tried first.

Word List

Text file containing many words used for brute force cracking.

Data Interception

Stealing data by tapping into a communication link.

Denial of Service (DoS)

Attack preventing users from accessing a network or server.

Distributed Denial of Service (DDoS)

DoS attack from many computers.

Hacking

Gaining illegal access to a computer system.

Malware

Malicious software posing integrity and security risks.

Viruses

Programs that self-replicate and corrupt files.

Worms

Stand-alone, self-replicating malware.

Trojan Horse

Malicious software disguised as legitimate software.

Spyware

Software monitoring user activities and gathering info.

Adware

Malware that floods the user with unwanted ads.

Ransomware

Malware that encrypts data and demands ransom.

Phishing

Legitimate looking emails tricking users to provide data.

Pharming

Malicious code redirecting to a fake website without user action.

Social Engineering

Social manipulation tricking victims to drop their guard.

Privacy Settings

Limiting personal profile access on social networks.

Secure Sockets Layer (SSL)

A protocol ensuring data sent and received is secure

SSL Certificate

Form of certificate used to authenticate websites.

Two-Step Verification

Requiring two authentication methods to verify a user.

Automatic Software Updates

Automatically downloading security and performance updates.

Firewall

Examining traffic between a computer and external network.

Proxy servers

A server that acts as an intermediary server through which internet requests are processed

Study Notes

• The Internet has changed how the world works and communicates.
• It is a source of good, but also a source of new types of crime.
• Focus is given to cyber security threats and how to stay safe.

Internet and the World Wide Web (WWW)

• The word Internet comes from INTERconnected NETwork; a global collection of interconnected networks.
• The Internet is a concept that relies on physical infrastructure that allows networks and devices to connect.
• The World Wide Web (WWW) is a part of the internet accessed via web browser software.
• The World Wide Web consists of web pages and is based on the hypertext transfer protocol.
• The World Wide Web is a way of accessing information using the internet.
• The Internet allows users to send/receive emails and chat online via text/audio/video.
• The Internet uses Transmission Control Protocol (TCP) and Internet Protocol (IP).
• The World Wide Web has multimedia web pages and other website information.
• The World Wide Web uses Hypertext Markup Language (HTML) and Uniform Resource Locators (URLs).
• Web resources are accessed using web browsers on the World Wide Web.
• The World Wide Web uses the Internet to access information from web servers.

Uniform Resource Locators (URLs)

• Web browsers are software that allows users to access and display web pages.
• Web browsers interpret HTML and produce results on the user's device.
• Uniform Resource Locators (URLs) are text addresses used to access websites.
• URLs are typed into a browser address bar.
• format: protocol://website address/path/file name
• The protocol is usually HTTP or HTTPS.
• The website address includes domain host (www), domain name, domain type (.com, .org, etc.) and sometimes country code (.uk, .de, etc.).
• The path is the web page and can be omitted to become the website's root directory.
• The filename is the item on the web page.

HTTP and HTTPS

• Hypertext Transfer Protocol (HTTP) follows a set of rules for transferring files across the internet.
• HTTPS is used when a form of security, like SSL or TLS, is used and the 's' stands for secure.
• HTTPS is a more secure way to send and receive data across a network.

Web Browsers

• Web browsers are software that allows access/display of web pages.
• Web browsers translate HTML from websites and show the result (videos, images/text, audio).
• Most Web browsers have a home page
• Web browsers can store favorite websites/web pages (bookmarks).
• Web browsers keep a history of websites visited (user history).
• Web browsers allow navigation forward/backward through websites/webpages opened.
• Web browsers allow for web pages to be open at the same time using multiple tabs.
• Web browsers make use of cookies.
• Web browsers utilize hyperlinks that allow navigation between web pages/websites; links can be opened in a new or the same tab.
• Web browsers store data as a cache
• Web browsers make use of Javascript
• Web browsers use an address bar.

Retrieval and Location of Web Pages

• HyperText Markup Language (HTML) displays content on browsers.
• Websites are written in HTML and hosted on a web server with an IP address.
• Browsers need the IP address to retrieve pages.
• Domain Name Server (DNS) finds IP addresses for a domain name in a URL (also known as a domain name system).
• URLs and domain name servers eliminate the need to memorize IP addresses.
• The DNS process converts a URL into an IP address, which the computer can understand.
• The DNS process involves multiple servers.
• DNS servers contain a database of URLs with matching IP addresses.
• The DNS plays a role in web page location and retrieval.
• User types in the URL, then the browser asks the DNS server for the IP address.
• The browser sets up communication with the website server and downloads required pages.

Cookies

• Cookies are small files/code stored on a user's computer, sent by a web server to a browser.
• Each cookie has a small lookup table of (key, data) values.
• When a user visits a site, it checks for previously set cookies to read the user's preferences (language, currency, browsing activity).
• Cookies allow user tracking and maintain user preferences.
• Collected data customizes web pages for users.
• Two types of cookies exist: session cookies and persistent/permanent cookies.
• If no expiry date is associated with a cookie, it is considered to be a session cookie.

Session Cookies

• Session cookies are used when making online purchases.
• This keeps a user's items in a virtual shopping basket.
• Session Cookies are stored in temporary memory so they don't actually collect any information from the user's computer.
• Session cookies cease to exist on a user's computer once the browser is closed or the website session is terminated.

Persistent cookies

• Persistent cookies remember log-in details so they authenticate the user's browser.
• This info is stored on the hard drive of the user’s computer until the expiry date is reached or is deleted by the user.
• Persistent cookies remain in operation after the browser has been closed.
• They remove the need to type in details every time the website is visited.
• Websites use cookies to store more personal info or preferences, but it can only be done with the user's agreement.
• Cookie information is encrypted to prevent unauthorised use.
• Laws have been introduced to protect users, which deactivate cookies after six months.
• Persistent cookies carry data between website sessions, removing the need to store large data amounts on the web server.
• It is very difficult to retrieve user data without cookies, along with requiring users to log in every time they visit the website.

Summary of cookies purposes

• Websites remember user passwords, email addresses, and invoice details.
• Websites recognize users every time they visit.
• Lets users saves items in a cart.
• Tracks Internet habits, website history, or favorites.
• Targets users with relevant advertising.
• Stores individualized user preferences

Digital Currency

• It only exists in digital format.
• It does not exist physically like fiat currencies.
• Digital currency is an accepted method of payment for items and services.
• Digital currency can be transferred between different accounts while completing transactions.
• Digital currency has made online banking possible using systems such as PayPal or phone apps.
• Digital currency relies on a central banking system.
• Maintaining confidentiality and security are ongoing issues in digital currency systems.

Cryptocurrency

• Cryptocurrency as a type of digital currency which avoids these issues.
• Cryptocurrency uses cryptography, addressing issues that concern centralization.
• Traditional digital currencies are regulated by governments, meaning all transactions and rates are determined by these bodies.
• Cryptocurrency has all rules and states set by its community.
• Transactions are publicly available and can be tracked to monitor balances.
• Cryptocurrency systems work by being within a blockchain network to ensure security.

Blockchaining

• Blockchain is a decentralized database that contains all transaction data from users in the network.
• Blockchain consists of several interconnected computers with no central server.
• All data is stored on all computers in the blockchain network.
• Once a new transaction takes place, all computers get a copy.
• Transactions can't be changed without permission of all members, which protects against hacking.
• Blockchains are used in cryptocurrency, smart contracts, research, politics, and education.

How blockchain works

• Whenever a new transaction occurs, a new block is created, containing data, a unique hash value, and the previous block's hash value.
• A new hash value is created each time a new block is created and includes a timestamp, which identifies when the event actually took place.
• Any changes to the data will affect the hash.
• Block '1' doesn't point to any previous block, so it's the genesis block.
• Block ‘3’ and beyond is changed since the chain was broken between block '2' and '3.
• Tampering is prevented by the hacker, but the computer quickly creates a new chain.
• Proof-of-work requires taking 10 minutes to determine the proof-of-work.
• Miners are network users that get a commission for the new blocks.
• New blocks are checked for correctness before being added to the blockchain.
• Hackers would need to attack every item to break the chain.
• A new network user gets an existing copy of the blockchain system.

Cyber Security Threats

• Data should be kept safe and secure.
• Personal and commercial data is at risk of being corrupted/deleted through accidental damage or malicious acts.
• Data can be intercepted leading to cyber security threats.
• Brute force attacks are used when a hacker wants to crack a password and tries different combinations.
• One way to make cracking a password take less attempts is to 1) check the most common passwords, 2) start with a strong word list.
• The longer the password and the greater range of characters the harder to crack.

Data Interception

• Data Interception is a way of stealing data by tapping into wired/wireless communication. Intention is to take privacy/confidential data.
• Interception involves examining data packets (packet sniffer). This is common in wired networks.
• Wi-Fi (wireless) data interception can be preformed using equipment such as a laptop or smartphone with an antenna and GPS outside of a building or house.
• The use of Wired Equivalency Privacy (WEP), encryption protocol, and a firewall is recommended to safeguard against wardriving.
• Do not use WIFI in public places (airports).

Distributed Denial of Service (DDoS) attacks

• Denial of service is an attempt to avoid users from accessing parts of an internet server.
• It may be a large breach of security.
• DDoS attacks effect an individual or network that affects access to their emails, websites/web pages, and online services.
• An attack can flood the network with spam traffic.
• Web servers have limitations to hand requests, so attacks are sent to overload, which then leads to a denial of service.
• The attack comes from different computers (distributed denial of service, DDoS), which makes it harder to block the attack.
• An ISP should only allow a specific amount of given data for each user.
• Over flooding of emails clogs up an email account quickly.

Defenses against attacks

• using an up-to-date malware checker
• use a firewall to restrict traffic
• apply email filters
• Potential signs of a DDoS attack: slow network performance, inability to access certain websites, and large amounts of spam.

Hacking

• Hacking is the illegal action of gaining illegal access to a computer system w/o the user's permission.
• It leads to identify theft to gain personal information.
• Hacking can be prevented by the firewalls, changing the passwords, and anti-hacking software.
• Malacious hacking is the above, universities run courses in ethical hacking.
• Ethical Hacking is when hacking authorized by the system to see how robust the attacks are.

Malware

• Malware is a big risk to a computer system.
• Various forms of malware: viruses, worms, Trojan horse, spyware, adware and ransomware.
• Viruses are programs or program code with intention of deleting or corrupting files, or cause computer to have a malfunction.
• Viruses need and active program host to effect a system and need a trigger to start the damage.
• Viruses are sent as email attachments/infected website/infected software.

Worms

• Worms are malware that are self-replicating.
• Worms are intended to spread and corrupt other computers.
• Worms do not need a program to open to be effective.
• Worms target security failures of the network to spread.
• Worms arrive as a message attachment.
• The "I love you" worm affected many computers.

Trojan Horse

• Trojan horses are programs that appear legitimate but have malicious instructions.
• The Trojans replace all the software with intent of doing some harm.
• Trojans need the end user to execute and often on an infected website/email attachment.
• The Trojan horse enables cyber criminals gain access to data on a computer.
• Spyware is often installed with a Trojan horse.

Spyware

• Spyware gathers data by monitoring user’s activities on the computer.
• The information is then sent to the sender of spyware.
• Designed to monitor and capture web and personal data.
• Spyware can be taken away by anti Spyware software.
• If spyware is found there is a alarm since other sources of weakness may be taken.

Adware

• It will attempt to flood an end user with advertising. For example, it could redirect a user'sbrowser to a website that contains promotional advertising
• Some issues are that they it can show weaknesses in the system in security.
• Can be hard to remove.
• Hijacks a browser to create on default searches.

Ransomware

• Encryption files that a user's computer used in the hostrage and is essentially ransomware.
• Is often executed a either encrypts the files or waits till the victim is in debt affordable. Can be avoided by avoiding a phshing.

Phishing

• Phishing occurs when they sends out email of legitimate but there is a file within the link.
• The keypoint is when a phishing scam, they can't do any harm unless a user opens the scam.
• There are numerous ways to prevent these attacks like user, and they can't do anything until they intitate.

Malware Table

• Viruses - programs (or program code) that can replicate/copy themselves with the intention of deleting or corrupting files, or causing the computer to malfunction.
• Worms - these are types of standalone viruses that can replicate themselves with the intention of spreading to other computers.
• Trojan horses - these are malicious programs often disguised as legitimate software
• Spyware - software that gathers information by monitoring, for example, all the activity on a user's computer.
• Adware - software that floods a user's computer with unwanted advertising.
• Ransomware - programs that encrypt the data on a user's computer; a decryption key is sent back to the user once they pay a sum of money

Ways to help prevent Phishing Attacks

• Become aware of new phishing scams, they frequently perform security training to identity phishing.
• A very important thing, if you are certain email seems safe to do so not click an emails, and fake email can show Dear customer and so on.
• Important toolbars on browsers, can alert users to websites contained on the email
• Always check to see a green padlock symbol, indicates in the address bar.

Additional terms connected to phishing

• A term is connected, is spear phishing a criminal company specific to sensitive information to gain assess to criminal company.

Pharming:

• Malware code intalled on either computers that is on of infected website. And the Pharming can pose as a threat.
• The reason they poses so much they redirected interent to a Fake site and use DNS Caches Poisoning..
• Everytime user goes to a URL, they browse it with DNS Serve with, However caches the poison real website, the users computer uses what to connect on a Fake website.
• One enters and browsers there can be mitigation used against PHARMING.
• Anti virus's software use to detect unauthorized alteration to a website. More modern browsers can alert for Phishing attacks. There must very important of spelling on the website correct!.

Cyber Security:

• Has phising one can use either the protocol, SSL on the address.

Social engineering

• Occurs, when cybercriminial created a social situation. Its the action with leads a person in breaking security protocol,

Some Types Of Threats.

• Fear: user panic, can easily be exploited by criminals.
• Curisosity: users tricked into believe won car.
• Empathy and Trust all belief in trust can be exploittions

Access Levels

• User account controls the right that use access.
• The most system have a Hieracrchy depending on the level of Security and it achieved when the password is very secured/long,

Acesses levels in social network,

1. Has public Acsess anyone from the general and accessed user
2. Friend the people indentifer those acess.
3. Customs with allow user,to refine who acess certain people.4. Data Owner just accessed by the owner. And users are allowd using privacy.

Antimalware.

• Common of two types: anti_virus and ant spy ware.
• Antivirus: has described in chapter 4 with.
• Spaware: Antspyware has to use, which can be allow on what base

Is the Feature of: -Spyware.

• Detect and remove software. +Prevent Users +ecnrypt files
• keyboard stoke
• blcoks acess and remove the data +sace s that the user information has been stlen and warn

###Authentication

• Auuthication: referer to ahbility to prove how they are. Three comomon and they you knows.

There ways athucition can be done.

• user names and password: Is used in the acceses for security
• can be take some format of biometrics. and in addtion to the internet one that a person is looking such as bank, and shop

Important to keep data protected when having passwords.

• passwords should not easies to hack with have example and all, when the password is typed, It often show.
• When, in some passwords they need to be certain of tries because the lock system will be online unitly the have reset the password
• online compny there is also used very unauthrorized they for name and password name and to acess banksite

Bimetrics

• to be used passwords.

Examples.

• Fingertips Scane and it related by the skin such damges such as cuts and all, if they finger +Retrinas there know replicated by persons but it's very intrusive .
• Face Regonitiion but affective by changes on light which for the if you use any glasses
• Vovice regonitions A person's Vioce can't also be unauthrorized very low and hard, and an Illness it hard such as a cold because it's very difficult or impossible

Actuators.

• Actuarts for examle compay that can enter the security on labour
• there stand scan data goign with signal to ad/analog for microprocessor, compared the data save with databse
• that matchs a light sent tunred on it's that they enter and all. Then if doesnt match can go in

To prevent you will software what it needs you it.

• Is the the best for online or has has been what is know how to prevent but checking commuication.

Two stop the verfifications in.

• two methods to verifying for is and on and and crdeis card
• and an on and the mobile has register and now acess has.
• Software and all automatic keeps and that has on mobile and computer because done the tablet the time one to.
• and
• and these and date of clock

Two Checikn of.

• there can of you. You to or action you beed to and to you will or to and some .

Additional notes on email safely

• Check email address by matching up the company names to that of legitimate companies
• Avoid bad spellings/grammar within an email as legit compabnies would not include this in their emails
• Do not click on suspicious links/use incorrect versions of website addresses that are sent to you as a form of typo squatting

Firewalls:

• Can software hardware, it filters the and it come into puter so it ,it allows the user to whether allow comunication to puter. the hackiing,

Notes: main tasks.

• Is to what called monitor
• checks also that go data
• if Data and to for all is to sites if one from. sites hackers

Proxty servees.

• and is what known to the middle with wenser
• allow the can with traffic it and can access where
• Keeps and is with of of address traffic and invalids . or and what invalid is or invalid for with, give is and and.
• to traffic where now from .

Privacy setting

• Web browsers can allow users to set private and limit who can access personal profiles These can include: to 'do not track', checks for save payment methods, and to provide 'safer browsing''
• These can inclide web browser povacy options, website advertisimg opt outs and app/ location sharing.

Secure sockets layer (SSL)

• is the what rules allows the be interent interent
• when user website ss it and the user . the padlock
• there and the where diffret

The browser then you with is with can begins.

• and that certifacte, you, for

+SSL a is for that of