Ch.

Internet

• Users can send and receive emails

• allows online chatting (via text, audio and video)
• makes use of transmission protocols (TCP] and internet protocols (IP)
• It is a worldwide collection of interconnected networks and devices

World Wide Web (WWW)

• It is a collection of multimedia web pages and other information on websites
• Http protocols are written using HTML
• Uniform resource locators (URLs) are used to specify the location of web pages
• Web resources are accessed by web browsers
• uses the internet to access information from web servers

Web browsers

Software that allow users to access and display web pages on their device screens. Browsers interpret
HTML sent from websites and produce the results on the user's device.

Uniform resource locators (URLs) are text addresses used to access websites. A URL is typed into a
browser address bar using the following format:

Protocol: //website address/path/file name

The protocol is usually either http or https.

The website address is: > domain host (www),
Domain name (website name),
Domain type (.com, .org, .net, .gov, for example).
>> And sometimes country code (.uk, .de, .cy, for example),.

The path is the web page

HTTP and HTTPS

Hypertext transfer protocol (http) is a set of rules that must be obeyed when transferring files across the
internet. When some form of security (for example, SSL or TLS) is used, then this changes to https The 's'
stands for secure, and indicates a more secure way of sending and receiving data across a network (for
example, the internet).

Most browsers have the following features:

1 they have a home page
2 they can store a user's favourite websites/web pages (referred to as bookmarks)
3 they keep a history of websites visited by the user (user history)
4 they have the ability to allow the user to navigate forwards and backwards through websites/web pages
already opened
5 many web pages can be open at the same time by using multiple tabs

Retrieval and location of web pages

HTML is a language used to display content on browsers. All websites are written in HTML and hosted on
a web server that has its own IP address.
To retrieve pages from a website your browser needs to know this IP address and
The Domain Name Server

How DNS is used to locate and retrieve a web page

(1) The user opens their browser and types in the URL ([Link]) and the browser asks
the DNS server (1) for the IP address of the website.

(2) In this case, let's assume the DNS server can't find [Link] in its database or its
cache, so it sends out a request to a DNS server (2).

(3) The DNS server (2) finds the URL and can map it to [Link]; this IP address is sent back to the
DNS server (1) which now puts this IP address and associated URL into its cache/database.

(4) This IP address is then sent back to the user's computer.

(5) The computer now sets up a communication with the website server and the required pages are
downloaded. HTML files are sent from the website server to the computer. The browser interprets the
HTML, which is used to structure content, and then displays the information on the user's computer.

Cookies

Cookies are small files or code stored on a user's computer.

Session cookies

They keep a user's items in a virtual shopping basket. This type of cookie is stored in temporary memory on
the computer, doesn't actually collect any information from the user's computer and doesn't personally
identify a user.

Persistent (permanent) cookies

Persistent cookies remember a user's login details (

They are stored on the hard drive of a user. Computer until the date of expiry is reached or the user deletes
it.

Summary of the uses of (persistent) cookies:

1 allow the website to remember users' passwords, email addresses and invoice details, so they won't have
to insert all of this information every time they visit or every time they purchase something from that website

2 serve as a memory, enabling the website to recognise users every time they visit it

3 save users" items in a virtual shopping basket/cart

4 track internet habits and users' website histories or favourites/bookmarks

What is digital currency?

Digital currency exists purely in a digital format. It has no physical form unlike a conventional fiat currency

Crypto currency and decentralisation

- Crypto currency uses cryptography to track transactions; it was created to address the problems
associated with the centralisation of digital currency.

-Traditional digital currencies are regulated by central banks and governments (in much the same Way as
fiat currencies). This means all transactions and. Exchange rates are determined by these two bodies.
Crypto currency has no state control and all the rules are set by the crypto currency community itself.

-Unlike existing digital currencies, crypto currency transactions are publicly available and therefore all
transactions can be tracked and the amount of money in the system is monitored

- The crypto currency system works by being within a block-chain network which means it is much more
secure.

Block-chain

A decentralised database. All the transactions of networked members are stored on this database.
Essentially, the block-chain consists of a number of interconnected computers but they are not connected
to a central server.

Block chain is used in many areas, such as:

Crypto currency
Exchanges smart contracts research
Politics education.

How block chain works

Whenever a new transaction takes place, a new black is created:

A new hash value is created each time a new block is created. This hash value is unique to each block and
includes a timestamp, which identifies when an event actually takes place. We will now consider what
happens when a chain of blocks is created.

Cyber threats

1 Brute force attacks

2 Data interception
3 Distributed denial of service Attacks
4 Hacking
5 Malware
6 Phishing
7 Pharming
8 Social engineering

1 Brute force attacks if a hacker wants to 'crack' your password, they can systematically try all the
different combinations of letters, numbers and other symbols until eventually they find your password.
1 Check if the password is one of the most common ones

2 If it isn't in the common password list, the next thing to do is to start with a strong word list, some
programs will generate a word list containing a million words. Nonetheless this is still a faster way of
cracking a password than just total trial and error.

2 Data interception is a form of stealing data by tapping into a wired or wireless communication link. The
intent is to compromise privacy or to obtain confidential information.

3 Distributed Denial of Service attacks

A denial of service attack is an attempt at preventing users from accessing part of a network, notably an
internet server.
An individual user or a website can guard against these attacks to some degree by:

Using an up-to-date malware checker

Setting up a firewall to restrict traffic to and from the web server or user's computer
‣ Applying email filters to filter out unwanted traffic (for example, spam).

There are certain signs a user can look out for to see if they have become a victim of an attack:

Slow network performance (opening files or accessing certain websites)

‣ Inability to access certain websites
Large amounts of spam email reaching the user's email account.

Hacking

Is generally the act of gaining illegal access to a computer system without the user's permission. This can
lead to identity theft or the gaining of personal information;

Malware
Malware is one of the biggest risks to the integrity and security of data on a computer system. There are
many forms of malware

Viruses
-programs that can replicate/copy themselves with the intention of deleting or corrupting files, or causing
the computer to malfunction. They need an active host program on the target computer or an operating
system that has already been infected before they can run

Worms - these are types of standalone viruses that can replicate them with the intention of spreading to
other computers; they often networks to search out computers with weak security that are prone to such
attacks

Trojan horses - these are malicious programs often disguised as legitimate software; they replace all or part
of the legitimate software with the intent of carrying out some harm to the user's computer system

Spyware - software that gathers information by monitoring, for example, all the activity on a user's
computer; the gathered information is then sent back to the person who sent the software (sometimes
spyware monitors key presses and is then referred to as key logging software)
Adware - software that floods a user's computer with unwanted advertising; usually in the form of pop-ups
but can frequently appear in the browser address window redirecting the browser to a fake website which
contains the promotional adverts

Ransom ware - programs that encrypt the data on a user's computer; a decryption key is sent back to the
user once they pay a sum of money (a ransom); they are often sent via Trojan horse or by social
engineering.

Phishing
Occurs when a cybercriminal sends out legitimate-looking emails to users. The emails may contain links or
attachments that, when initiated, take the user to a fake website; or they may trick the user into responding
with personal data

There are numerous ways to help prevent phishing attacks:

Users need to be aware of new phishing scams; those people in industry or commerce should undergo
frequent security awareness training to become aware of how to identify phishing (and pharming) scams

It is important not to click on any emails links unless totally certain that it is safe to do so; fake emails can
often be identified by 'Dear Customer ......or 'Dear email person@[Link] and so on

It is important to run anti-phishing toolbars on browsers (this includes tablets and mobile phones) since
these will alert the user to malicious websites contained in an email

Pharming
Is a malicious code installed on a user's computer or on an infected website. The code redirects the user's
browser to a fake website without the user's knowledge. Unlike phishing, the user doesn't actually need to
take any action for it to be initiated. The creator of the malicious code can gain personal data, such as bank
details, from the user.

It is possible to mitigate against the risk of pharming:

Use of anti-virus software can detect unauthorised alterations to website address and warn the user of the
potential risks.

However, if the DNS server itself has been infected (rather than the user's computer) it is much more
difficult to mitigate the risk.

Many modern browsers can alert users to pharming and phishing attacks

Social engineering

Social engineering occurs when a cybercriminal creates a social situation that can lead to a potential victim
dropping their guard. It involves the manipulation of people into breaking their normal security procedures
and not following best practice. There are five types of threat that commonly exist:

Instant messaging--Malicious links are embedded into instant messages, for example an important
software upgrade
Scare ware-- This is often done using a pop-up message that claims that the user’s computer is infected
with a virus; the user is told they need to download the fake antivirus immediately

Emails scams-- the user is tricked by the apparent genuineness of an email and opens link in the email; this
redirects their browser to a fake website

Baiting-- The cybercriminal leaves a malware-infected memory stick somewhere where it can be found; the
finder picks up the memory stick and plugs it into their computer)and unwittingly downloads malicious
malware

Phone calls-- For example, a so-called IT professional calls the user on their mobile claiming their device
has been compromised in some way; the user is advised to download some special software that allows
the cybercriminal to take over the user’s device giving them access to personal information

The three most common ones to exploit are:

Fear
Curiosity
Empathy and trust.

Course of action taken by a cybercriminal in targeting their victim

Stage 1- The victims are identified; information about victim gathered and method of attack decided

Stage 2 - At this stage the victim is being targeted (either through email phone call, Trojan horse and so on;
it all depends on who the victim is)

Stage 3 - The attack on the victim is now executed allowing the cybercriminal to obtain the information or to
cause the disruption decided on at Stage 1

Stage 4 - When the cybercriminal has decided they have what they wanted they try to remove all traces of
the malware to cover their tracks

Keeping data safe from security threats

Access levels
In many computer systems, user accounts control a user's rights. This often involves having different levels
of access for different people.
Another area where access levels are very important is in social networks (such as Facebook); with this
type of application, there are usually four access levels:

1 public access (this refers to the data anyone from the general public can access)
2 friends (only people identified as 'friends' by the owner of the data can see certain data)
3 custom (this allows the user to further refine what data can be seen by 'friends' allowing them to exclude
certain content from selected people)
4 data owner (this is data only the owner of the data can see).

Anti-malware
The two most common types of anti-malware are anti-virus and anti-spyware
Anti-spyware
Anti-spyware
Software detects and removes spyware programs installed illegally on a user's computer system.
The software is based on one of the following methods:

Rules - in this case, the software looks for typical features which are usually associated with spyware thus
identifying any potential security issues ‣

File structures - in this case, there are certain file structures associated with potential spyware which
allows them to be identified by the software.

Tre generate features of anti-spyware are

: detect and remove spyware already installed on a device

Prevent a user from downloading spyware
Encrypt files to make the data more secure in case it is spied' on
Encryption of keyboard strokes to help remove the risk posed by the key logging aspects of some spyware

Authentication refers to the ability of a user to prove who they are.

There are three common factors used in authentication:
Something you know (for example, a password or PIN code),
Something you have (for example, a mobile phone or tablet),
Something which is unique to you (for example, biometrics).

Passwords and usernames

Passwords are used to restrict access to data or systems, They should be hard to crack and changed
frequently to retain any real level of security Passwords Can also take the form of biometrics, In addition to
protecting access levels to computer systems, passwords are frequently used when accessing the internet.
For example:
‣> when accessing email accounts
‣> when carrying out online banking or shopping
‣> accessing social networking sites.

Biometrics

Biometrics can be used in much the same way as passwords as a way of identifying a user. Biometrics
relies on certain unique characteristics of human beings;
Examples include:

Fingerprint scans
It is one of the most developed biometric techniques
Very easy to use
Relatively small storage requirements for
The biometric data created
For some people it is very intrusive, since it is still related to criminal identification
It can make mistakes if the skin is dirty or damaged [E.g. cuts)

Retina scans
It is very intrusive
It can be relatively slow to verify retina scan with stored scans
Very expensive to install and set up
Very high accuracy
There is no known way to replicate a person’s retina

Face recognition
It can be affected by changes in lighting, the person's hair, change in age, and if the person is wearing
glasses
Non-intrusive method
Relatively inexpensive technology

Voice recognition
A person's voice can be easily recorded and used for unauthorised access
Low accuracy
An illness such as a cold can change a person's voice, making absolute identification difficult or impossible
Non-intrusive method
Verification takes less than 5 seconds
Relatively inexpensive technology

Two-step verification
Two-step verification requires two methods of authentication to verify who a user is. It is used
predominantly when a user makes an online purchase using a credit/debit card as payment method.

Firewalls
A firewall can be either software or hardware. It sits between the user's computer and an external network
(for example, the internet) and filters information in and out of the computer

The main tasks carried out by a firewall include:

To examine the 'traffic' between user's computer (or internal network) and a public network (for example,
the internet)
‣ checks whether incoming or outgoing data meets a given set of criteria
If the data fails the criteria, the firewall will block the 'traffic' and give the user (or network manager) a
warning that there may be a security

: It cannot prevent individuals, on internal networks, using their own hardware devices (e.g. modems,
smartphones) to bypass the firewall
Employee misconduct or carelessness cannot be controlled by firewalls (for example, control of passwords
or user accounts)
Users on stand-alone computers can choose to disable the firewall, leaving their computer open to harmful
'traffic' from the internet.

Proxy servers

Proxy servers act as an intermediate between the user and a web server:

Features of proxy servers:

>> allows internet traffic to be filtered; it is possible to block access to a website if necessary ‣> keeps
users' IP addresses secret which improves security
‣> if the internet traffic is valid, access to the web server is allowed
‣> if the internet traffic is invalid, access to the web server is denied
‣> it is possible to block requests from certain IP addresses
Privacy settings
Privacy settings are the controls available on web browsers, social networks and other websites that are
designed to limit who can access and see a user's personal profile. They were discussed earlier in the
section on access rights.

Privacy settings can refer to:

A 'do not track' setting; the intention here is to stop websites collecting and using browsing data which
leads to improved security
A check to see if payment methods have been saved on websites; this is a useful safety feature which
prevents the need to type in payment details again (every time you have type in financial details, there will
be a risk of data interception)
Safer browsing; an alert is given when the browser encounters a potentially dangerous website (the
undesirable website will be in a 'blacklist stored on the user's computer)

SSL
An SSL certificate is a form of digital certificate which is used to authenticate a website.

Examples of where SSL would be used:

◦> online banking and all online financial transactions
Online shopping/commerce
When sending software out to a restricted list of users
Sending and receiving emails

Key terms used throughout this chapter

Internet -the world-wide interconnection of networks; the internet makes use of TCP and IP protocols
World Wide Web - a massive collection of web pages and is based on hypertext transfer protocols (http
and https)
(Web] browser - software that connects to a domain name server (DNS) to locate IP addresses; a browser
interprets HTML web pages sent to a user's computer so that the user can read documents and watch
multimedia
Hypertext mark-up language (HTML) - the language used to design, display and format web pages, and
to write https] protocols
Uniform resource locator (URL) - a text-based address for a web page hypertext transfer protocol secure
(https] - http with extra security ([such as SSL] applied
hyperlink - highlighted text or an image that is activated by clicking and links to further text, images, a web
page or a website
Domain name server (DNS) - a server that looks up domain names for websites (for example,
[Link] com] in order to find the IP addresses that a computer needs to locate the web
servers (for example, [Link])
Cookie - a text file sent from a website to a user's browser; it is used to remember user preferences each
time they visit the website
User preferences - settings or options stored in cookies that can remember customised web pages or
indicate browsing history to target adverts
Session cookie - a cookie that is stored temporarily on a computer; it is deleted when the browser is
closed or the website session ends
Persistent cookies - a cookie that is stored on the User's hard drive and only deleted when the expiry date
is reached or the cookie is deleted by the user
virtual shopping basket -an area of memory in a Website where items a user wishes to purchase are
temporarily stored; items remain in the basket until payment is made Or the session has ended
 Digital currency - currency la system of money) that exists in electronic form only: it has no physical form
and is essentially data on a database
Crypto currency - a form of digital currency that uses a chain of decentralised computers to control and
monitor transactions
Cryptography -the protection of data/information by use of coding; it usually involves encryption and
decryption
Block chain - a decentralised database where all transactions are stored; it consists of a number of
interconnected computers but not a central server
Timestamp - a digital record of the date and time that a data block is created in block chain networks
Proof-of-work - the algorithm used in block chain networks to confirm a transaction and to produce new
blocks to add to the chain; special users called miners complete and monitor transactions on the network
for a reward
brute force attack - a 'trial and error' method used by cybercriminals to crack passwords by finding all
possible combinations of letters, numbers and symbols until the password is found a text file containing a
collection of words used
data interception - an attempt to eavesdrop on a wired or wireless network transmission; cybercriminal
often use packet sniffing or access point mapping / war driving to intercept data packet sniffing - a method
used by a cybercriminal to examine data packets being sent over a network and to find the contents of a
data packet, which are sent back to the cybercriminal
War driving - using a laptop, antenna, GPS device and software to intercept Wi-Fi signals and illegally
obtain data; sometimes called Access Point Mapping
Wired equivalency privacy (WEP encryption protocol security - an algorithm for wireless networks to
protect them against data interception
denial of service (Do’s) attack - a cyber-attack in which cybercriminals seek to disrupt the normal
operation of a website by flooding it with requests; also used to clog up a user's mailbox by sending out
thousands of spam emails
Distributed denial of service (DDo5) attack - a denial of service (Do’s) attack in which the fake requests
come from many different computers, which makes it harder to stop
Spam - unsolicited emails sent to a user's mailbox
Hacking - the act of gaining illegal access to a computer system without the owner's permission
Malware - programs (such as viruses, worms and Trojan horses] installed on a user's computer with the
aim of deleting, corrupting or manipulating data illegally
Virus - a program or program code that replicates itself with the intention of deleting or corrupting files or by
causing the computer system to malfunction
Active host - functioning software that a virus can affect by attaching itself to the code or by altering the
code to allow the virus to carry out its attack
Worm - a stand-alone type of malware that can self- replicate; unlike viruses, worms don't need an active
host; they can spread throughout a network without the need for any action by an end-user
Trojan horse - a type of malware that is designed to look ice legitimate software but contains malicious
code that can cause damage to a computer system
Spyware -a type of malware that gathers information by monitoring a user's activities on a computer and
sends the gathered information back to the cybercriminal who sent out the spyware
adware - a type of malware that attempts to flood the end- user with unwanted advertising ransom ware -
a type of malware that encrypts data or a user's computer and holds the data hostage' until a ransom is
paid
Phishing -sending out legitimate-looking emails designed lo trick the recipients into giving their personal
details to the sender of the email
Spear phishing - similar to phishing but targeting specific people or organisations rather than carrying out
a blanket attack
Pharming - redirecting a user to a fake website in order to illegally obtain personal data about the user
without their knowledge; unlike phishing, pharming is initiated without needing any action by the user
DNS cache poisoning - altering IP addresses on a domain name server (DNS) with the intention of
redirecting a user’s browser to a fake website; carried out by a pharmed (see pharming) or hacker (see
hacking)
social engineering - manipulating people into breaking normal security procedures (such as giving away
their password) in order to gain illegal access to computer systems or to place malware on their computer
Access levels - different levels of access in a computer system allowing a hierarchy of access levels
depending on user’s level of security
Anti-spyware - software that detects and removes spyware programs installed on a system; the software
is based on typical spyware rules or known file structures
Authentication - the process of proving a user's identity by using something they know, something they
have or something unique to them
Biometrics - type of authentication that uses a unique human characteristic, such as fingerprints, voice or
retina blood vessel pattern
Two-step verification - a type of authentication that requires two methods of verification to prove the
identity of a user
Patch - an update for software that is developed to improve the software and/or to remove any bugs
Typo-squatting - the use by cybercriminals of subtle spelling errors in website addresses used to trick
users into visiting their fake websites
Firewall - software or hardware that sits between computer and an external network (for example, the
internet); the firewall monitors and filters all incoming and outgoing traffic
proxy server - a server that acts as an intermediary server through which internet requests are processed;
it often makes use of cache memory to speed up web page access
Privacy settings - controls available on social networking and other websites which allow users to limit
who can access their profile or what they are allowed to see
Secure sockets layer (SSL) - a security protocol used when sending data over a network (such as the
internet)
SSL certificate - a form of digital certificate which is used to authenticate a website; providing the SSL
certificate can be authenticated, any communication or data exchange between browser and website is
secure