21 | P a g e
5 The internet and its uses Q) Explain the purpose and functions of a web
browser
5.1 The internet and world wide web
Ans) The main purpose of a web browser is to
Q) Describe the difference between the internet render hypertext markup language (HTML) and
and the world wide web. display web pages
• Functions include:
Ans ) The internet is the infrastructure. The world
– storing bookmarks and favourites
wide web is the collection of websites and web – recording user history
pages accessed using the internet. – allowing use of multiple tabs
– storing cookies
– providing navigation tools
Q) Describe the purpose of HTTML and HTTPS.
– providing an address bar
Ans) HTTP (Hyper Text Transfer Protocol), defines Q 8) Describe the steps to visit a website?
the rules for websites to format and transmit web Ans) Steps of visiting a website.
pages. 1. User types URL of a website in browser
HTTPS (Hyper Text Transfer Protocol Secure), address bar like inqilabpatel.com.
means communication is secure, data is 2. The web browser sends the request of URL
transferred defines the rules for websites to to DNS of ISP.
format and transmit web pages. 3. DNS searches the IP address of the URL.
4. URL is translated into machine friendly IP
Q 6) Describe the features of URL. address by DNS.
Ans) Uniform Resource Locator (URL): 5. The translated IP address is sent to browser.
URL means Uniform Resource Locator. It is the 6. Browser sends http get command to the
unique address of a web site. server of the IP address where website is
Components of URL: hosted.
An example of a URL is: 7. The web server sends HTML data to the
http://inqilabpatel.com/comsci.html. client web browser.
In this example 8. Web page is displayed on client’s browser.
a. “http” refers to protocols that enables
browser to know what protocol is being used
to access information in the domain
b. “inqilabpatel.com” is called the domain name
or web server name.
c. "compsci.html" refers to the specific page.
�22 | P a g e
Q) Explain what is meant by cookies and how 5.2 Digital Currency
they are used. Q) What is a digital currency?
Ans) Cookie is a text file that contains information Ans) A digital currency is one that only exists
stored by website about a user Electronically.
on the user’s hard disk; this Hash Key
of Block
enables the website to Q) Explain what
Previous
remember details about the is Block in Block Block
(Amount, Sender, Hash
user’s interest when they next visit the website. digital Receiver)
Cookies are stored with the permission of user. currency?
Legitimate Web sites will encrypt this personal Ans) Blocks are data structures within the
information stored in the cookie to prevent blockchain database, where transaction data in a
unauthorized usage by another party with access crypto currency are permanently recorded.
to your cookie folder. A block is created when a new transaction takes
Types of Cookies: place. It contains following data items:
1. Session cookies: These are temporary 1. Data (Amount of transaction, sender
cookies that are stored in the user's and receiver)
browser memory until they close their 2. Hash value of the block
browser. They are used to maintain user 3. Hash value of previous block
session information, such as:
1. login credentials Q) What is a block chain?
2. items in a shopping cart. Ans) Blockchain, in its basic form, is a digital ledger,
2. Persistent cookies: These cookies are that is a time-stamped series of records that
stored on the user's device even after they cannot be altered.
close their browser. They are used to save:
1. Personal details
2. Track user prefrecences
3. Storing login details
�23 | P a g e
5.3 Cyber Security crack passwords or encryption codes by trying
Important terminology in Cyber Security: every possible combination until the correct one
Perpetrator (per·pet·ra·tor): a person that carries is found. This method is time-consuming, but it
out an illegal, harmful, or immoral action. can be effective if the password or key is weak.
Bot: a computer that has had malware
downloaded onto it that will cause it to be used in 2. Data interception: Data interception refers to
a DDoS attack. the unauthorized access or monitoring of data
Botnet: a network of bots that are created to carry that is being transmitted between two parties.
out a DDoS attack. This can occur through various means such as
Zombie: a dormant or sleeping bot, currently not eavesdropping on a network, intercepting
used in DDoS attacks. wireless transmissions or through hacking into a
Port: an entry point into a computer or network. system. Pack Sniffer is a piece of software that is
Malware: a software, developed with intention to used to examine the contents in a data packet.
harm other computers.
Data Integrity and security 3. Distributed denial of service (DDoS) attack: A
Data integrity refers to maintaining and assuring DDoS attack is a cyber-attack that targets a server
the accuracy and consistency of data over its or website by flooding it with traffic from multiple
entire life-cycle, and is a critical aspect to the sources, overwhelming the server and causing it
design, implementation and usage of any system to crash or become unavailable.
which stores, processes, or retrieves data. 4. Hacking: Hacking is the unauthorized access of
Data security is about keeping data safe. Many computer systems or networks with the intent of
individuals, small businesses and major stealing, altering or destroying data. This can be
companies rely heavily on their computer done by exploiting vulnerabilities in software or
systems. by tricking users into providing sensitive
Cyber Security Threats information.
Cyber security is the application of technologies, 5. Malware (virus, worm, Trojan horse, spyware,
processes, and controls to protect systems, adware, ransomware): Malware is software
networks, programs, devices and data from designed to cause harm to computer systems or
cyber-attacks. networks. This includes viruses, which replicate
It aims to reduce the risk of cyber-attacks and themselves and infect other systems, worms,
protect against the unauthorised exploitation of which spread rapidly through networks, Trojan
systems, networks, and technologies. horses, which appear to be harmless but contain
1. Brute-force attack: A brute-force attack is a malicious code, spyware, which collects personal
trial and error method used by cybercriminals to information from a user's computer and adware,
�24 | P a g e
which displays unwanted advertisements. to it, such as a label presenting it as the
Ransomware is a type of malware that encrypts a company’s payroll list. Victims pick up the
user's files and demands payment in exchange for bait out of curiosity and insert it into a
the decryption key. work or home computer, resulting in
6. Social engineering: Social engineering is a automatic malware installation on the
technique used by cybercriminals to manipulate system.
people into divulging sensitive information or Solutions to keep data secure
performing actions that are against their best There are various solutions available to keep data
interests. This can include tactics such as safe from security threats, which include:
phishing, pretexting, and baiting. 1. Access Levels: Access levels help restrict
a. Pharming: Pharming is a type of cyber- access to data by assigning different levels of
attack that redirects users to fake websites permissions to users. This ensures that only
in order to steal their personal authorized personnel can access sensitive
information or install malware on their information, reducing the risk of data
computer. breaches.
2. Anti-malware: Anti-malware software, such
b. Phishing: Phishing is a type of social as anti-virus and anti-spyware, are used to
engineering attack where cybercriminals detect and remove malicious software that
trick users into revealing their personal can damage or steal data.
information by posing as a trustworthy 3. Authentication: Authentication methods,
entity, such as a bank or email provider. such as usernames and passwords,
c. Baiting: As its name implies, baiting attacks biometrics, and two-step verification, help
use a false promise to pique a victim’s verify the identity of users accessing the
greed or curiosity. They lure users into a system, preventing unauthorized access.
trap that steals their personal information 4. Automating Software Updates: Automating
or inflicts their systems with malware. The software updates ensures that the system is
most reviled form of baiting uses physical up to date with the latest security patches
media to disperse malware. For example, and fixes, reducing the risk of vulnerabilities
attackers leave the bait—typically being exploited by attackers.
malware-infected flash drives—in 5. Checking Spelling and Tone: Checking the
conspicuous areas where potential victims spelling and tone of communications, such as
are certain to see them (e.g., bathrooms, emails, can help identify phishing scams and
elevators, the parking lot of a targeted other fraudulent activities.
company). The bait has an authentic look
�25 | P a g e
6. Checking URL Attached to a Link: Checking Magnetic stripe: Magnetic stripe cards are a form
the URL attached to a link before clicking on it of card that stores the user's data on a magnetic
helps prevent users from being directed to strip usually on the reverse side. The user scans the
malicious websites. card through a reader where the details stored on
7. Firewalls: Firewalls are used to monitor and the card are compared to the details stored within
control network traffic, blocking unauthorized the system. If the data from the card matches the
access to the system. data that is stored on the system, the user is
8. Privacy Settings: Privacy settings can be used authenticated and granted access .
to restrict access to personal information, Smart card: Smart cards are cards that contain a
reducing the risk of identity theft and other chip and can be used as contactless cards. They are
privacy breaches. used for authentication purposes and can store a
9. Proxy-Servers: Proxy servers can be used to variety of information such as personal
mask the IP address of the user, preventing identification, medical records, and financial
attackers from tracking their online activity. information.
10. Secure Socket Layer (SSL) Security Protocol: Physical token: A physical token is a device that
SSL is a security protocol that encrypts data generates a unique code that is used for
transmitted over the internet, ensuring that authentication purposes. The user enters the code
sensitive information cannot be intercepted into the system to authenticate their identity.
by unauthorized parties. Electronic token: An electronic token is a device
that generates a unique code that is used for
Authentication
authentication purposes. The user enters the code
Here are some methods of authentication:
into the system to authenticate their identity.
Zero login: This is a type of authentication that
Electronic tokens can be used for a variety of
aims to remove or reduce the need for the user to
purposes such as online banking, accessing secure
manually input their details and instead rely on the
networks, and making online purchases.
system to verify the user's credentials
automatically. Newer methods of zero login types
of authentication include the use of networks,
location, device data, and human behavioral
patterns to recognize users automatically.
Biometric: Biometric authentication is a type of
authentication that uses the user's unique
biological characteristics such as fingerprints or
facial features to authenticate the user's details.
