Basic Computer Engineering – BT 205

Assignment No. 4

SAGAR INSTITUTE OF RESEARCH AND TECHNOLOGY

Branch: CSIT Session: 2025
Semester: I Date:
Subject: Basic Computer Engineering Subject Code: BT 205
Assignment No. 4 Attempt all questions

Q. No. Questions
1. Explain OSI Model in details. What are the functions of each of its layers.
2. What is TCP/IP Model and why it is significant in computer networking?
3. Define internetworking. Explain various types of computer networks.
OR
Discuss technologies (such as routers, switches etc) used in computer networking with their
importance. What are the difficulties associated during joining numerous network?
4. Discuss good computer security habits. Explain the element required to prove internet fraud
under law.
OR
Describe fundamental of computer security. Explain common types of cyber threats (Malware,
phishing, Dos etc.) their properties, propagation mechanism and potential effects on
computers.
5. Explain Firewall and how it provides security to the computer system.
Basic Computer Engineering
BT 205

Unit-IV

Prof Suchita Sharma

CSIT, SIRT
 Computer Network
A network is a system of hardware and software, put together for the purpose of
communication and resource sharing. A network includes transmission hardware,
devices to interconnect transmission media and to control transmissions, and software
to decode and format data, as well as to detect and correct problems.
Computer Network means an interconnection of autonomous (standalone) computers
for information exchange. The connecting media could be a copper wire, optical fiber,
microwave or satellite.
Networking Elements – The computer network includes the following networking
elements:
• At least two computers
• Transmission medium either wired or wireless
• Protocols or rules that govern the communication
• Network software such as Network Operating System
Usually, the connections between computers in a network are made using physical
wires or cables. However, some connections are wireless, using radio waves or
infrared signals.
The generic term node or host refers to any device on a network
Data transfer rate The speed with which data is moved from one place on a network
to another. Data transfer rate is a key issue in computer networks
There are several types of networks in use today
• LAN - Local Area Network
• WAN - Wide Area Network
• VPN - Virtual Private Network
Computer networks have opened up an entire frontier in the world of computing
called the client/server model

Client/Server interaction
• File server A computer that stores and manages files for multiple users on a
network
• Web server A computer dedicated to responding to requests (from the browser
client) for web pages
Local-area network (LAN) A network that connects a relatively small number of
machines in a relatively close geographical area
The most widely deployed type of network, LANs were designed as an
alternative to the more expensive point-to-point connection. A LAN has high
throughput for relatively low cost. LANs often rely on shared media, usually a
cable, for connecting many computers. This reduces cost. The computers take
turns using the cable to send data.
• A LAN is a data communication system within a building, plant, or campus, or
between nearby buildings.
• Its depend on the need of an organization and the type of technology used, a LAN
can be simple as two PCs and a printer in someone’s office.
• It can be extend throughout a company and include audio and video peripherals.
• LAN size is limited to a few kilometers.
• LAN are designed to allow resources to be shared between personal computer or
workstation.
• The resource to be shared can include hardware, software or data.
An isolated LAN connecting 12 computers to a
hub in a closet
 Types of Topology
Various configurations, called topologies, have been used to administer LANs
⚫Ring topology A configuration that connects all nodes in a closed loop on
which messages travel in one direction
⚫Star topology A configuration that centers around one node to which all
others are connected and through which all messages are sent
⚫Bus topology All nodes are connected to a single communication line that
carries messages in both directions
A bus technology called Ethernet has become the industry standard for local-
area networks
 Metropolitan Area Network
• A MAN is a network with a size between a LAN and a
WAN.
• It is a data communication system covering an area
the size of a town or city.
• A MAN is larger than a LAN, which is typically limited
to a single building, campus or site.
• It is often used to connect several LANs together to
form a bigger network. When this type of network is
specifically designed for a college campus, it is
sometimes referred to as a Campus Area Network,
or CAN.
• It is designed for costumer who need a high speed
connectivity, normally to the internet, and have end
points spread over a city or a part of city.
 Wide area network
• A WAN provide long distance transmission of data,
image, audio and video information over large
geographic areas that may comprise a state, a country,
a continent, or even the whole world.
• A WAN is a data communication system spanning
states, countries, or the whole world.
• A WAN can be complex as the backbones that connect
the internet or as simple as a dial-up line that connect
a home computer to the internet.
• A WAN can contain multiple smaller networks, such as
LANs or MANs. The Internet is the best-known example
of a public WAN.
 Personal Area Network
• A personal area network, or PAN, is a computer
network organized around an individual person
within a single building. This could be inside a
small office or residence. A typical PAN would
include one or more computers, telephones,
peripheral devices, video game consoles and
other personal entertainment devices.
• If multiple individuals use the same network
within a residence, the network is sometimes
referred to as a home area network, or HAN. In a
very typical setup, a residence will have a single
wired Internet connection connected to a
modem. This modem then provides both wired
and wireless connections for multiple devices.
The network is typically managed from a single
computer but can be accessed from any device.
 Personal Area Network
• This type of network provides great flexibility. For example, it allows you
to:
• Send a document to the printer in the office upstairs while you are sitting on the
couch with your laptop.
• Upload the photo from your cell phone to your desktop computer.
• Watch movies from an online streaming service to your TV.
What is the difference between a LAN, a MAN,
and a WAN?
 Differences Between LAN, MAN, and WAN
Basis LAN MAN WAN
LAN stands for local area MAN stands for WAN stands for wide area
Full-Form
network. metropolitan area network. network.

Operates in small areas Operates in larger areas

Geographic Operates in large areas such
such as the same building such as country or
Span as a city.
or campus. continent.

While WAN also might not

LAN’s ownership is MAN’s ownership can be
Ownership be owned by one
private. private or public.
organization.

Transmission The transmission speed of While the transmission Whereas the transmission
Speed a LAN is high. speed of a MAN is average. speed of a WAN is low.

Whereas WAN’s design and

While MAN’s design and
Design & LAN’s design and maintenance are also
maintenance are difficult
Maintenance maintenance are easy. difficult than LAN as well
than LAN.
MAN.
 Differences Between LAN, MAN, and WAN

Basis LAN MAN WAN

There is a Whereas, there is a long
Propagation The propagation delay is
moderate propagation propagation delay in a
delay short in a LAN.
delay in a MAN. WAN.

Whereas there is more

There is less congestion in While there is more
Congestion congestion than MAN in
LAN. congestion in MAN.
WAN.

Fault There is more fault While there is less fault In WAN, there is also less
tolerance tolerance in LAN. tolerance. fault tolerance.
A heterogeneous network made of WANs & LANs
 Network Criteria
The criteria that have to be met by a computer network are:
1. Performance:
• It is measured in terms of transit time and response time.
• Transit time is the time for a message to travel from one device to another
• Response time is the elapsed time between an inquiry and a response.
Performance is dependent on the following factors:
• The number of users
• Type of transmission medium
• Capability of connected network
• Efficiency of software
1. Reliability It is measured in terms of
• Frequency of failure
• Recovery from failures
2. Security
It means protecting data from unauthorized access.
 Goals of Computer Networks..
Network Goals
• Cost reduction by sharing hardware & software resources.
• High reliability by having multiple sources of supply.
• Greater flexibility because of possibility to connect devices.
• Increase productivity by making it easier to access data by the several users.
• Another goal is to increase the systems performance, as the work load increases, by just
adding more processors.
• Computer networks provide a powerful communication medium.
Resource Sharing
Many organization has a substantial number of computers in operations, which are located
apart. Ex. A group of office workers can share a common printer, fax, modem, scanner etc.
High-Reliability
If there are alternate sources of supply, all files could be replicated on two or, machines. If one
of them is not available, due to hardware failure, the other copies could be used.
 ..Goals of Computer Networks
Inter-process Communication
Network users, located geographically apart, may converse in an interactive session
through the network. In order to permit this, the network must provide almost error-
free communications.
Flexible access
Files can be accessed from any computer in the network. The project can be begun on
one computer and finished on another.
 Other Goals
• Other goals include Distribution of processing functions,
Centralized management, and allocation of network resources
• Compatibility of dissimilar equipment and software
• Good network performance
• Scalability
• Saving money
• Access to remote information
• Person to person communication etc.
 Functionality of Computer Network
Computer network has two type of functionality
 Functionality : Mandatory function
Some function is mandatory in computer network to perform operation in computer
network. Some mandatory functions are given below:
Error control:
The computer network has some responsibility like transmission of data from one device to
another device and end to end transfer of data from a transmitting application to a receiving
application involves many steps, each subject to error. By using the error control process, we can
be confident that the transmitted and received data are identical. Data can be corrupted during
transmission. The error must be detected and corrected for reliable communication.

Types of error
• Single bit error: The terms single bit error means that only one bit of the data unit was
changed from 1 to 0 and 0 to 1.
• Burst Error: The term burst error means that two or more bits in the data unit were changed. A
burst error is also called packet-level error, where errors like packet loss, duplication,
reordering.
 Functionality : Mandatory function
Flow control:
When a packet (Layer-2 data) is sent from one host to another over a single medium, it is
required that the sender and receiver should work at the same speed. That is, the sender sends
at a speed on which the receiver can process and accept the data. If the sender is sending too fast
the receiver may be overloaded, (swamped) and data may be lost.
Access control:
Network access control is a method of enhancing the security of a private organizational network
by restricting the availability of network resources to endpoint devices that comply with the
organization’s security policy. The network access control scheme comprises of two major
components such as Restricted Access and Network Boundary Protection.
Multiplexing and Demultiplexing :
A multiplexing is a technique by which different analog and digital streams of transmission can be
simultaneously processed over a shared link. Multiplexing divides the high capacity medium into
low capacity logical medium which is then shared by different streams.
 Functionality : Option function
Some function is optional in computer network and optional function do not need always
in computer network. Some optional functions are given below

Encryption and decryption :

Decryption and Encryption is a security method in which information is encoded in such a
way that only authorized user can read it. Some network uses encryption algorithm to
generate ciphertext that can only be read if decrypted.

Types of encryption
• Symmetric Key encryption
• Public Key encryption
 Advantage
• Sharing devices such as printers saves money.
• Files can easily be shared between users.
• Network users can communicate by email.
• Security is good - users cannot see other users' files unlike on stand-
alone machines.
• A file server is easy to back up as all the data is stored in one place.
 Disadvantage
• Managing a large network is complicated, requires training and a network manager
usually needs to be employed.
• If the file server breaks down the files on the file server become inaccessible. E-
mail might still work if it is on a separate server. The computers can still be used as
stand alones.
• Purchasing the network cabling and file servers can be expensive.
• Viruses can spread to other computers throughout a computer network.
• There is a danger of hacking particularly with wide area networks. Security
procedures are needed to prevent such abuse.
 Connection Oriented & Connectionless Services
• Connection Oriented services
• Connection Oriented services, the source first makes a connection with the
destination before sending a packet.
• When the connection is established, a sequence of packets from the same source
to the same destination can be sent one after another.
• There is a relationship between packets.
• They are sent on a same path in sequential order.
• When all packets of a message have been delivered, the connection is terminated.
• Requires a session connection to be established before any data can be sent. This
method is often called a "reliable" network service.
• The connection oriented services are used in TCP.
 Connection Oriented & Connectionless Services

Connectionless Services
• Connectionless Services, the network layer protocol treats each packet
independently, with each packet having no relationship to any other packet.
• The packet in the message may or may not travel the same path to their
destination.
• Does not require a session connection between sender and receiver. The
sender simply starts sending packets (called datagram) to the destination.
• Connectionless communication is just packet switching where no call
establishment and release occur. A message is broken into packets, and each
packet is transferred separately.
• Connectionless service is typically provided by the UDP (User Datagram
Protocol). The packets transferred using UDP are also called datagram.
 Difference between Connection Oriented & Connectionless Services

• In connectionless communication there is no need to establish connection

between source (sender) and destination (receiver) but in connection-
oriented communication connection must be established before data
transfer.
• Connection-oriented communication is more reliable than connectionless
communication.
• In connection-oriented communication information can be resend if there is
an error in receiver side (missing data, corrupt data etc. ) but in
connectionless communication it is not possible because the destination
does not inform the source about data is received or not.
ISO-OSI reference model
• The OSI (Open Systems Interconnection) Model is a set of rules that explains how
different computer systems communicate over a network. OSI Model was developed
by the International Organization for Standardization (ISO).

• OSI Model provides a clear structure for data transmission and managing network
issues. The OSI Model is widely used as a reference to understand how network
systems function.

• The OSI Model consists of 7 layers and each layer has specific functions and
responsibilities. This layered approach makes it easier for different devices and
technologies to work together.
Data Flow in the OSI Model
 Data Flow in the OSI Model
When we transfer information from one device to another, it travels through 7 layers of
OSI model.
First data travels down through 7 layers from the sender's end and then climbs back 7
layers on the receiver's end.

Data flows through the OSI model in a step-by-step process:

• Application Layer: Applications create the data.
• Presentation Layer: Data is formatted and encrypted.
• Session Layer: Connections are established and managed.
• Transport Layer: Data is broken into segments for reliable delivery.
• Network Layer: Segments are packaged into packets and routed.
• Data Link Layer: Packets are framed and sent to the next device.
• Physical Layer: Frames are converted into bits and transmitted physically.
 Application Layer
• It is the top most layer.
• These applications produce the data to be transferred over the network.
• It allows a user to access files in a remote host, retrieve files in a remote host, and
manage or control files from a remote computer.
• This layer also serves as a window for the application services to access the network
and for displaying the received information to the user.
• Protocols used in the Application layer are SMTP, FTP, DNS, etc.
 Presentation Layer
• The presentation layer is also called the Translation layer.
• The data from the application layer is extracted here and manipulated as per the
required format to transmit over the network.
• Protocols used in the Presentation Layer are TLS/SSL (Transport Layer Security / Secure
Sockets Layer).
• JPEG, MPEG, GIF, are standards or formats used for encoding data, which is part of the
presentation layer’s role.
• Reduces the number of bits that need to be transmitted on the network. (compression)
 Session Layer
• Session Layer in the OSI Model is responsible for the establishment of
connections, management of connections, terminations of sessions between
two devices.
• It also provides authentication and security.
• The session layer allows two systems to start communication with each other in
half-duplex or full duplex.
• Protocols used in the Session Layer are NetBIOS, PPTP.
 Transport Layer
• The transport layer provides services to the application layer and takes services from the network
layer.
• The data in the transport layer is referred to as Segments. It is responsible for the end-to-end
delivery of the complete message.
• The transport layer also provides the acknowledgment of the successful data transmission and
re-transmits the data if an error is found.
• Protocols used in Transport Layer are TCP, UDP NetBIOS, PPTP.

Segmentation and Reassembly:

• accepts the message from the (session) layer
and breaks the message into smaller units.
• each of the segments produced has a header
associated with it.
• at the destination station reassembles the
message.
 Network Layer
• The network layer works for the transmission of data from one host to the
other located in different networks.
• It also takes care of packet routing i.e. selection of the shortest path to
transmit the packet, from the number of routes available.
• The sender and receiver's IP address are placed in the header by the network
layer.
• Segment in the Network layer is referred to as Packet.
• Network layer is implemented by networking devices such as routers and
switches.
 Data Link Layer
• The data link layer is responsible for the node-to-node delivery of the message.
• The main function of this layer is to make sure data transfer is error-free from one
node to another, over the physical layer.
• When a packet arrives in a network, it is the responsibility of the DLL to transmit it
to the Host using its MAC address.
• Packet in the Data Link layer is referred to as Frame.
• Switches and Bridges are common Data Link Layer devices.
 Physical Layer
• The lowest layer of the OSI reference model is the Physical Layer.
• It is responsible for the actual physical connection between the devices.
• It contains information in the form of bits.
• It is responsible for transmitting individual bits from one node to the next.
• When receiving data, this layer will get the signal received and convert it into 0s
and 1s and send them to the Data Link layer, which will put the frame back
together.
• Common physical layer devices are Hub, Repeater,Modem, and Cables.
 Example : Person A sends an e-mail to his friend Person B

Step 1: Person A interacts with e-mail application like Gmail, outlook, etc. Writes his email to send.
(This happens at Application Layer).
Step 2: At Presentation Layer, Mail application prepares for data transmission like encrypting data and
formatting it for transmission.
Step 3: At Session Layer, there is a connection established between the sender and receiver on the
internet.
Step 4: At Transport Layer, Email data is broken into smaller segments. It adds sequence number and
error-checking information to maintain the reliability of the information.
Step 5: At Network Layer, addressing of packets is done in order to find the best route for transfer.
Step 6: At Data Link Layer, data packets are encapsulated into frames, then MAC address is added for
local devices and then it checks for error using error detection.
Step 7: At Physical Layer, Frames are transmitted in the form of electrical/ optical signals over a
physical network medium like ethernet cable or WiFi.
After the email reaches the receiver i.e. Person B, the process will reverse and decrypt the e-mail
content. At last, the email will be shown on Person B email client.
 Why OSI Model
it provides the user a clear structure of "how the data moves in the network?".
As the OSI Model consists of 7 layers, each layer has its specific role, and due to
which it helps in understanding, identifying and solving the complex network
problems easily by focusing on one of the layers not the entire network. It helps
people understanding network concepts very easily.
 OSI Model
Advantages
• Simplified understanding: Divides communication into 7 layers, making concepts
easier to grasp.
• Standardization: Each layer has defined functions and protocols, promoting
uniform communication.
• Easier troubleshooting: Problems can be isolated and resolved at specific layers.
• Improved flexibility: Individual layers can be updated independently with new
technologies.
Disadvantages
• Complex for beginners: Too many layers to grasp easily.
• Less practical: Real networks mostly use TCP/IP.
• Slower processing: Extra rules add overhead.
• Theoretical use: More concept-based than practical.
 Network devices
Unit IV
• Hubs Hubs are simple network devices, and
their simplicity is reflected in their low cost.
At the bottom of the networking food
chain, so to speak, are hubs. Hubs are used
in networks that use twisted-pair cabling to
connect devices. Hubs can also be joined
together to create larger networks. Hubs
are simple devices that direct data packets
to all devices connected to the hub,
regardless of whether the data package is
destined for the device. This makes them
inefficient devices and can create a
performance bottleneck on busy networks.
 Switch
Like hubs, switches are the connectivity points of an Ethernet network. Devices connect
to switches via twisted-pair cabling, one cable for each device. The difference between
hubs and switches is in how the devices deal with the data that they receive. Whereas a
hub forwards the data it receives to all of the ports on the device, a switch forwards it
only to the port that connects to the destination device. It does this by learning the
MAC address of the devices attached to it, and then by matching the destination MAC
address in the data it receives.
 Bridges
Bridges are used to divide larger networks into smaller sections. They do this by sitting
between two physical network segments and managing the flow of data between the two.
By looking at the MAC address of the devices connected to each segment, bridges can elect
to forward the data (if they believe that the destination address is on another interface), or
block it from crossing (if they can verify that it is on the interface from which it came).
 Routers
A router derives its name from the fact that it can
route data it receives from one network onto
another. When a router receives a packet of data, it
reads the header of the packet to determine the
destination address. Once it has determined the
address, it looks in its routing table to determine
whether it knows how to reach the destination and,
if it does, it forwards the packet to the next hop on
the route. The next hop might be the final
destination, or it might be another router
 Gateways
Any device that translates one data format
to another is called a gateway. Some
examples of gateways include a router
that translates data from one network
protocol to another, a bridge that converts
between two networking systems, and a
software application that converts
between two dissimilar formats. The key
point about a gateway is that only the data
format is translated, not the data itself. In
many cases, the gateway functionality is
incorporated into another device.
 Modem
Modem is a device which converts the computer-
generated digital signals of a computer into analog
signals to enable their travelling via phone lines. The
‘modulator-demodulator’ or modem can be used as a
dial up for LAN or to connect to an ISP. Modems can
be both external, as in the device which connects to
the USB or the serial port of a computer, or
proprietary devices for handheld gadgets and other
devices, as well as internal; in the form of add-in
expansion cards for computers and PCMCIA cards for
laptops.
 IP address
• An IP address is a unique address that identifies a device on the internet
or a local network. IP stands for "Internet Protocol," which is the set of
rules governing the format of data sent via the internet or local network.
• An IP address is a string of numbers separated by periods. IP addresses
are expressed as a set of four numbers — an example address might be
192.158.1.38. Each number in the set can range from 0 to 255. So, the
full IP addressing range goes from 0.0.0.0 to 255.255.255.255.
 IP address
The use of IP addresses typically happens behind the scenes. The process
works like this:

1. Your device indirectly connects to the internet by connecting at first

to a network connected to the internet, which then grants your
device access to the internet.
2. When you are at home, that network will probably be your Internet
Service Provider (ISP). At work, it will be your company network.
3. Your IP address is assigned to your device by your ISP.
4. Your internet activity goes through the ISP, and they route it back to
you, using your IP address. Since they are giving you access to the
internet, it is their role to assign an IP address to your device.
 IP address

1. However, your IP address can change. For example, turning your modem or router
on or off can change it. Or you can contact your ISP, and they can change it for you.
2. When you are out and about – for example, traveling – and you take your device
with you, your home IP address does not come with you. This is because you will be
using another network (Wi-Fi at a hotel, airport, or coffee shop, etc.) to access the
internet and will be using a different (and temporary) IP address, assigned to you by
the ISP of the hotel, airport or coffee shop.
 IP address
IPv4 addresses are categorized into five classes: A, B, C, D, and E. The order of bits in the first octet
determines the class of an IP address. IPv4 address is divided into two parts:
1. Network ID: Identifies the specific network to which a device belongs.

2. Host ID: Identifies the specific device (host) within a network.

 Range of IP Address
Class Start address End address
Class A 0.0.0.0 127.255.255.255

Class B 128.0.0.0 191.255.255.255

Class C 192.0.0.0 223.255.255.255

Class D (multicast) 224.0.0.0 239.255.255.255

Class E (reserved) 240.0.0.0 255.255.255.255

 Internet
• Internet is a global systems of interconnected computer networks.
• It uses internet protocol suite(TCP/IP)
• It is network of networks consisting billions of public, private, academic, business
and government networks.
• Internet carries an extensive range of resources and services, such as inter linked
hypertext documents and applications.
• One can surf over internet through a computer via a BROWSER.
• One need to know URL(Uniform resource locator) to visit a website.
• Although Internet is an independent infrastructure with no governing body, but
still there are some non profit organization recognized worldwide which sets
standards for internet, and maintenance of interoperability, like IETF(Internet
Engineering task force) , ICANN(Internet Corporation for Assigned names and
numbers) etc.
 WWW(World Wide Web)
• It is a system of interlinked hypertext documents that are accessed via Internet.
• With a Web browser one can view web pages that may contain text, images, video,
pictures and other multimedia and navigate between them via hyperlinks.
• HTTP is the standard ‘language’ used to communicate between web browsers and
website servers.
• WWW stands for World Wide Web, and it’s used mostly as a prefix. However, it does
indicate that a given website uses HTTP to communicate.
• The main difference between WWW and HTTP is that they refer to different concepts.
Simply put, HTTP is the protocol that enables communication online, transferring data
from one machine to another. WWW is the set of linked hypertext documents that can
be viewed on web browsers (such as Firefox, Google Chrome, and more).
• A major similarity, though, is that both HTTP and WWW are used in website URLs.
 HTTP vs. WWW in URLs

• Within a URL, it’s possible to remove HTTP or WWW. However, the situations in which
you would remove one of these elements depends on a few factors.
• WWW is a prefix used to indicate that a website is using HTTP to communicate. In
fact, you can mix and match prefixes, for example http://example.com or
www.example.com.
• Both of the above URLs have enough information to communicate between the
browser and server, so both will work without any interruptions.
• So, what if we do choose to use http://example.com as your URL, but users type in
WWW where it isn’t necessary? In the majority of cases, the user will be
automatically redirected to your non-WWW domain. This means you can set up a
non-WWW site .
 E-commerce
• Electronic commerce, commonly known as E-commerce or eCommerce, is trading in
products or services using computer networks, such as the Internet.
• Electronic commerce uses and operates on technologies such as
• mobile commerce,
• electronic funds transfer,
• supply chain management,
• Internet marketing,
• online transaction processing,
• electronic data interchange (EDI),
• inventory management systems, and
• automated data collection systems.
• Modern electronic commerce typically uses the World Wide Web for at least one part
of the transaction, although it may also use other technologies such as e-mail.
 What are the Different eCommerce Business Models?
eCommerce is typically classified into three different models based on the type of participants
involved in the transaction: B2B, B2C, and C2C. Broadly speaking these business models are:
Business to Business (B2B)
B2B is when businesses sell to other businesses. This is typical of stationery stores who sell office
equipment in bulk to businesses. Normally B2B companies provide a discounted rate per unit if
customers buy in bulk which it is great motivation for offices to avail of.
Business to Consumer (B2C)
B2C is the most commonly thought of business model where merchants sell to consumers who buy a
small amount of produce. A familiar example of the B2C model would be supermarkets where
consumers buy their shopping weekly but they wouldn’t normally bulk buy anything.
Consumer to Consumer (C2C)
C2C is a relatively new business model where consumers who previously bought something seek to
resell this item to another consumer. Through marketplaces like eBay and Craigslist, this can be easy
and quite lucrative for selling items that you no longer have a use for.
 TCP/IP(Transmission Control Protocol/Internet Protocol)
• The Internet protocol suite is the computer networking model and set of
communications protocols used on the Internet and similar computer networks.
• It is commonly known as TCP/IP, because its most important protocols, the
Transmission Control Protocol (TCP) and the Internet Protocol (IP), were the first
networking protocols defined in this standard.
• Also known as Internet protocol suite.
• TCP/IP provides end-to-end connectivity specifying how data should be
packetized, addressed, transmitted, routed and received at the destination.
• This functionality is organized into four abstraction layers.
 TCP/IP(Transmission Control Protocol/Internet Protocol)

From lowest to highest, the layers are

the
• Link Layer, containing communication
technologies for a single network
segment (link).
• Internet Layer, connecting hosts
across independent networks, thus
establishing internetworking.
• Transport Layer handling host-to-host
communication.
• Application Layer, which provides
process-to-process application data
exchange.
Network and computer Security
 Network and computer Security

• Network security consists of the provisions and policies adopted by a network

administrator to prevent and monitor unauthorized access, misuse, modification, or
denial of a computer network and network-accessible resources.
• Network security involves the authorization of access to data in a network, which is
controlled by the network administrator.
 Threats to Network Security
• A threat is potential violation of security.
• When threat is actually executed, it becomes ATTACK.
• Those who perform such actions are known as ATTACKERS.
• Some common threats are:
• Virus
• Worms
• Trojans
• Spyware
• Spam
• Phishing etc.
 VIRUS

• Virus is a malicious code/programs that cause damage to data and

files on a system.
• Virus can attack any part of system, such as boot block, operating
system area, files etc.
• Virus after execution replicate and make its another copy.
 Worms
• A worm is self replicating program which occupies entire disk space or memory.
• A worm is keep on creating its copies until disk space is full.
• Worms can be transmitted via software vulnerabilities. Or computer worms
could arrive as attachments in spam emails or instant messages (IMs). Once
opened, these files could provide a link to a malicious website or automatically
download the computer worm. Once it’s installed, the worm silently goes to
work and infects the machine without the user’s knowledge.
• Worms can modify and delete files, and they can even inject additional
malicious software onto a computer. Sometimes a computer worm’s purpose is
only to make copies of itself over and over — depleting system resources, such
as hard drive space or bandwidth, by overloading a shared network. worms can
also steal data, install a backdoor, and allow a hacker to gain control over a
computer and its system settings.
 How Detect Worm

• Keep an eye on your hard drive space. When worms repeatedly

replicate themselves, they start to use up the free space on your
computer.
• Monitor speed and performance. Has your computer seemed a little
sluggish lately? Are some of your programs crashing or not running
properly? That could be a red flag that a worm is eating up your
processing power.
• Be on the lookout for missing or new files. One function of a computer
worm is to delete and replace files on a computer.
 Trojan Horse
• A trojan horse program is a program that appear harmless, such as a text
editor file, but it actually performs malicious functions like deletion or
damaging files.
• A Trojan horse, or Trojan, is a type of malicious code or software that looks
legitimate but can take control of your computer. A Trojan is designed to
damage, disrupt, steal, or in general inflict some other harmful action on your
data or network.
• A Trojan acts like a bona fide application or file to trick you. It seeks to
deceive you into loading and executing the malware on your device. Once
installed, a Trojan can perform the action it was designed for.
• A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that’s a
misnomer. Viruses can execute and replicate themselves. A Trojan cannot. A
user has to execute Trojans. Even so, Trojan malware and Trojan virus are
often used interchangeably.
 Backdoor Trojan

This Trojan can create a “backdoor” on your computer. It lets an attacker access
your computer and control it. Your data can be downloaded by a third party and
stolen. Or more malware can be uploaded to your device.
Distributed Denial of Service (DDoS) attack Trojan
This Trojan performs DDoS attacks. The idea is to take down a network by flooding
it with traffic. That traffic comes from your infected computer and others.
Downloader Trojan
This Trojan targets your already-infected computer. It downloads and installs new
versions of malicious programs. These can include Trojans and adware.
Fake AV Trojan
This Trojan behaves like antivirus software, but demands money from you to
detect and remove threats, whether they’re real or fake.
Game-thief Trojan
The losers here may be online gamers. This Trojan seeks to steal their account
information.
Infostealer Trojan
As it sounds, this Trojan is after data on your infected computer.
Mailfinder Trojan
This Trojan seeks to steal the email addresses you’ve accumulated on your device.
Ransom Trojan
This Trojan seeks a ransom to undo damage it has done to your computer. This can
include blocking your data or impairing your computer’s performance.
Remote Access Trojan
This Trojan can give an attacker full control over your computer via a remote network
connection. Its uses include stealing your information or spying on you.
 Spyware

• It is a software which is installed on your computer to spy on your activities and

report this data to other peoples on network.
• It tracks the user behavior and reports information back to a central source.
• Spyware gets installed on your system without your consent.
• Definition: Spyware is the term given to a category of software which aims to
steal personal or organisational information. It is done by performing a set of
operations without appropriate user permissions, sometimes even covertly.
General actions a spyware performs include advertising, collection of personal
information and changing user configuration settings of the computer.
Description: A Spyware is generally classified into adware, tracking cookies, system
monitors and Trojans. The most common way for a spyware to get into the
computer is through freeware and shareware as a bundled hidden component.
Once a spyware gets successfully installed, it starts sending the data from that
computer in the background to some other place.
These days spywares are usually used to give popup advertisements based on user
habits and search history. But when a spyware is used maliciously, it is hidden in
the system files of the computer and difficult to differentiate.
One of the simplest and most popular, yet dangerous are Key loggers. It is used to
record the keystrokes which could be fatal as it can record passwords, credit card
information etc. In some shared networks and corporate computers, it is also
intentionally installed to track user activities.
 Anti Spyware
Antispyware software helps protect your computer against pop-ups,
slow performance, and security threats caused by spyware and other
unwanted software. To keep up with the latest forms of spyware, you
must keep your antispyware software updated.
 Spam
Spamming refers to sending bulk mails by an unidentified source.
• Non malicious form- Bulk advertising mail sent to many accounts.
• Malicious form- E-mail bombing, where attacker keeps on sending bulk mails
until mail server runs out of disk space.
 Hacking
Unauthorized access or control over computer systems, networks, or data. 3
Types of hacking includes:
• White Hat (ethical hackers): Find vulnerabilities to improve security.
• Black Hat: Malicious hackers aiming to steal, destroy, or manipulate data.
• Grey Hat: Operate between ethical and unethical boundaries.
Common Hacking Techniques are:
• Phishing
• Malware attacks
• Brute force attacks
• SQL injection
 Malware
• Malware, short form of malicious software, is any software used to disrupt
computer operation, gather sensitive information, or gain access to private
computer systems.
• It can appear in the form of executable code, scripts, active content, and
other software.
• 'Malware' is a general term used to refer to a variety of forms of hostile or
intrusive software.
• The term badware is sometimes used, and applied to both true (malicious)
malware and unintentionally harmful software
Anti Malware Software
Antimalware (anti-malware) is a type of software program designed to
prevent, detect and remediate malicious programming on individual
computing devices and IT systems.
 Adware

• These are the programs that deliver unwanted advertisements

(generally in pop-up form) which unnecessarily consumes network
bandwidth.
• Adware are installed on your system with your consent, so it is
needed to read terms and condition thoroughly before any
downloading or installation.
 Cyber Crime
• Cyber crime is understood as “unlawful act where in computer is
either a tool or target or both.”
• Cyber crimes are committed by using electronic media.
Cyber attacks
• Money Laundering
• It is a way to conceal illegally obtained funds. It is accomplished by making
electronic transactions by misleading someone.
• Information theft(Identity theft)
• This type of attacks happen when someone uses another person’s identity to
commit fraud or crime over electronic media.
 Email Spoofing
• Email spoofing is the creation of email messages with a forged sender
address - something which is simple to do because the core protocols
do no authentication.
• Spam and phishing emails typically use such spoofing to mislead the
recipient about the origin of the message.

Cyber Pornography
• Cyber Pornography refers to the act of producing, distributing, or
accessing sexually explicit material using digital technologies, primarily
the internet.
• This can include photos, videos, and other multimedia content shared
through websites, chatrooms, messaging apps, or social media.
 Intrusion
Every PC connected to Internet is a potential target for hackers. Intrusion to
PC can occur in any form:
• Sweeper attack: A malicious program which sweeps out all data from
the system.
• Denial of Services(DoS): This type of attack use all the resources of a
system and deny any further requests, so system comes to halt.
• This is an attack meant to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by
flooding the target with traffic, or sending it information that triggers a
crash.
• There are two general methods of DoS attacks: flooding services or
crashing services.
Flood attacks occur when the system receives too much traffic for the server
to buffer, causing them to slow down and eventually stop. Popular flood
attacks include:
Buffer overflow attacks – the most common DoS attack. The concept is to
send more traffic to a network address than the programmers have built the
system to handle.
ICMP flood – leverages misconfigured network devices by sending spoofed
packets that ping every computer on the targeted network, instead of just one
specific machine. The network is then triggered to amplify the traffic. This
attack is also known as the smurf attack or ping of death.
SYN flood – sends a request to connect to a server, but never completes the
handshake. Continues until all open ports are saturated with requests and
none are available for legitimate users to connect to.
 Cyber Stalking

• Cyberstalking is the use of the Internet or other electronic means to

stalk or harass an individual, a group, or an organization.
• It may include false accusations, defamation. It may also include
monitoring, identity theft, threats, vandalism, solicitation , or
gathering information that may be used to threaten or harass.
 Logic Bombs

• A logic bomb is a piece of code intentionally inserted into

a software system that will set off a malicious function when specified
conditions are met.
• For example, a programmer may hide a piece of code that starts
deleting files.
 Phishing
• It is a fraudulent activity of retrieving passwords and sensitive
information from any system.
• In phishing, victim receives fake pages of website which when used by
victim to enter sensitive information.
• That information is sent to attacker without user’s consent and he is
redirected to actual webpage.
 Cyber Defamation

• Defamation is basically causing injury to the reputation of a person or a

company using false statements or actions.
• It can be also described as an attack on good faith name and reputation
of a person or company by someone who is not in favor that person or
company and thus want to float some negative message in the society or
market.
• Defamation is considered to be a crime in almost all the countries of the
world including India.
 Firewall
• In computing, a firewall is a network security system that controls the
incoming and outgoing network traffic based on applied rule set.
• A firewall establishes a barrier between a trusted, secure internal
network and another network (e.g., the Internet) that is assumed not to
be secure and trusted.
• Firewalls exist both as a software solution and as a hardware appliance.
Firewall
Firewall
 Firewall

Packet-filtering gateways

• Packet-filtering firewalls use routers with packet-filtering rules to

grant or deny access based on source address, destination
address, and port. They offer minimum security, but at a very low
cost, and can be an appropriate choice for a low-risk environment.
• They are fast, flexible, and transparent. Filtering rules are not
often easily maintained on a router, but there are tools to simplify
the tasks of creating and maintaining the rules
 Firewall
Filtering gateways do have inherent risks, including the following:
• The source and destination addresses and ports contained in the IP packet
header are the only information that is available to the router when deciding
on whether to permit traffic access to an internal network.
• They don't protect against IP or Domain Name Server/Service (DNS) address
spoofing.
• An attacker will have direct access to any host on the internal network once
access has been granted by the firewall.
• Strong user authentication isn't supported with some packet filtering
gateways.
• They provide little or no useful logging.
 Firewall

• Application gateways
An application gateway uses server programs (called proxies) that run on
the firewall. These proxies take external requests, examine them, and
forward legitimate requests to the internal host, which provides the
appropriate service. Application gateways can support functions such as
user authentication and logging.
 Firewall
• The firewall can be configured as the only host address that is visible to
the outside network, requiring all connections to and from the internal
network to go through the firewall.
• The use of proxies for different services prevents direct access to
services on the internal network, protecting the enterprise against
unsecured or misconfigured internal hosts.
• Strong user authentication can be enforced with application gateways.
• Proxies can provide detailed logging at the application level.
Firewall
 IP spoofing
IP spoofing is when an attacker masquerades his or her machine as
a host on the target's network (fooling a target machine that
packets are coming from a trusted machine on the target's internal
network). Policy regarding packet routing has to be clearly written
so that they will be handled accordingly if there is a security
problem. It is necessary that authentication based on source
address be combined with other security schemes to protect
against IP spoofing attacks.
IP spoofing
 IP spoofing
• IP spoofing is the creation of Internet Protocol (IP) packets which have a
modified source address in order to either hide the identity of the sender, to
impersonate another computer system, or both. It is a technique often used by
bad actors to invoke DDoS attacks against a target device or the surrounding
infrastructure.
• Sending and receiving IP packets is a primary way in which networked
computers and other devices communicate, and constitutes the basis of the
modern internet. All IP packets contain a header which precedes the body of
the packet and contains important routing information, including the source
address. In a normal packet, the source IP address is the address of the sender
of the packet. If the packet has been spoofed, the source address will be
forged.
 Computer Ethics & Good Practices
Computer Ethics is a part of practical philosophy which deals with how
computing professionals should make decisions regarding professional
and social conduct.
 Ten Commandments of Computer Ethics
• Do not use computer to harm other peoples.
• Do not interfere with other people's computer work.
• Do not snoop around in other people's computer files.
• Do not use a computer to steal.
• Do not use a computer to bear false witness.
• Do not copy or use proprietary software for which you have not paid.
• Do not use other people's computer resources without authorization or proper
compensation.
• Do not use other people's intellectual output.
• Do think about the social consequences of the program you are writing or the system
you are designing.
• Do always use a computer in ways that ensure consideration and respect for your fellow
humans.
 Cyber Law
• Cyber law or Internet law is a term that encapsulates the legal issues
related to use of the Internet.
• It is a less distinct field of law than intellectual property or contract
law, as it is a domain covering many areas of law and regulation
related to computer and cyber space.
• Some leading topics include internet access and usage, privacy,
freedom of expression, and jurisdiction.
 Internet Fraud
• The use of Internet services or software with Internet access to
defraud victims or to otherwise take advantage of them; for
example, by stealing personal information, which can even lead to
identity theft.
• A very common form of Internet fraud is the distribution of
compromised security software.
• Internet services can be used to present fraudulent solicitations to
victims, to conduct fraudulent transactions.
 Good Computer Security habits

• Lock your computer when you are not using it.

• Disconnect from the Internet when you are not using it.
• Adjust your security settings by keeping Firewall, Anti virus in active
state.
• Check for security patches and software updates.
• Change your passwords.
• Protect against power surges and outages
• Back up your data.