5. The internet and its uses Flashcards
How do DOS attacks work?
Large number of requests sent to server at once
Useless traffic floods the server
Server will come to a stop trying to deal with the traffic
Prevents users gaining access to the web server
What do cookies do?
Saves log-in information
Provides customized page for user
Enables target advertisements
One-click purchasing
3 functions of browsers
− Allows user to view web pages
− Renders HTML
− Allows user to bookmark/favourite web pages
− Provides navigation features
− Allows (multiple) tabs
− Stores cookies
− Records history of pages visited
− Has a homepage
− Runs active script
− Allows files to be downloaded from website/internet
− Sends a request to the IP address/web server (to obtain the contents of a web page)
− Sends URL to DNS
− Manages HTTP/HTTPS protocol
Physical security
Data needs to be kept physically safe from intruders, in large companies by…
Issuing staff with ID
Having all visitors sign in on arrival and having escorts around the office
Keeping sensitive areas locked
Security cameras
Security guards
Physical Security and Biometrics
Locks on doors
Security Guards
Biometrics:
- Fingerprint recognition
- Retina scanner
- Iris recognition
- Voice recognition
Audit trails and logs
Audit trail maintains a record of all activity on a computer system
The time and date a user accesses the system will be logged as well as their activity
Assists in detecting security violations
Help system admin ensure the system has not been harmed by hackers, insiders or technical problems
Acceptable use policies (AUP)
Many businesses and educational facilities require employees or students to sign an AUP before being given a network ID
Secure passwords
Minimum of 8 characters
Mixture of numbers, lowercase and uppercase characters
Include symbols
Do not include name, DOB or personal details
Phishing
A phishing email is one that tricks you into handing over your personal or sensitive information
You receive an email leading you to a bogus site to enter your details from where they are captured by phishers
What to look out for:
Generalised impersonal greeting
Sender’s address, variation from original
Forged link, roll mouse over link to check
Request personal information, legit sites do not do this
Sense of urgency
Poor spelling and grammar
Pharming attacks
Similar to phishing but instead of using a fake link in email, pharming redirects victims to bogus sites despite entering the legit website
Detecting pharming attacks:
ISPs filter out bogus redirects as soon as an attack is detected
Check the URL once loaded has not changed
Before entering sensitive information check that http has changed to https
Trojan Horse Email
Offers something tempting to look at like an attachment or link eg. funny video
When you open the attachment or click the link it installs a virus on your computer which may:
- record your keystrokes and send them to the attacker
- Provide someone else with access to your files
- Use your computer to send spam to everyone in your
address book
Virus generated emails
Appear to be sent from a friend
Usually means your friend’s email has been infected and sent to their entire address book
Typically includes product or shop recommendation and asks for emergency cash
Encourages you to click a link to a sales website or transfer cash
Encryption
Encryption is the encoding of data so that it can no longer be easily understood to safeguard the data if intercepted.
Terminology:
Plaintext: original message
Ciphertext: encrypted message
Encryption: the process of converting plaintext into ciphertext
Key: a sequence of numbers used to encrypt or decrypt, often data using a mathematical formula.
Encryption algorithm: the formula for encrypting the plaintext
Encryption techniques:
Private key (symmetric encryption)
A single key used to encrypt and decrypt a message and must be given to the recipient of your message to decrypt the data
Public key (asymmetric encryption)
Two keys are used, one to encrypt and one to decrypt
This is more secure as you never have to send or reveal your decryption key
Caesar shift cipher
Earliest known substitution cipher invented by Julius Caesar
Each letter is replaced by n positions further in the alphabet
n is the key used to encrypt and decrypt the message - symmetric encryption
Cryptanalysis
The objective of cryptanalysis is to decode the ciphertext - typically by finding the secret key
Methods include:
Brute-force attack
every possible key is tried
Non-brute-force attack (cryptanalysis)
Key strength
5 bits would enable 2^5 key combinations so it could be said that you are using 5 bit encryption
Increasing the number of bits used for a key increases encryption strength.
Algorithmic security
Ciphers are based on computational security
keys determined using computer algorithm
given enough computer power and time any key can be cracked.
Strong and weak encryption
Encryption can be considered “strong” when the useful lifetime of the encrypted data is less than the time needed to crack it
Weak encryption means that the encryption can be cracked while the encrypted data is still in its lifetime
Other methods of data protection
Passwords
SSL (security protocol)
TSL (security protocol)
Firewalls
HTTPS
Proxy server
A proxy server is a computer that acts as an intermediary between a web browser and the internet.
It helps to improve web performance by storing a copy of frequently accessed web pages.
A proxy server may act as a firewall
can help to improve security by filtering out some web content like malware
responds to input packets by blocking and allowing some
gateway from one network to another
HTTPS
s in https stands for secure
this means a security protocol is used to ensure a trusted encrypted data connection
Secure Sockets Layer and Transport layer security
SSL is a protocol for transferring private documents via the internet
it uses asymmetric encryption to encrypt data before transmission
many websites use SSL to receive confidential information like credit card details
TSL is a more recent upgrade to SSL. Like SSL it uses public key to encrypt.
Process of getting web page from webserver
Web browser sends request to IP address or web server to identify itself by providing certificate
Web page sent from web server to browser
Browser renders HTML to display web pages
HTTPS used to secure data
Benefits of USB connection
Universal connection
High transmission speeds
No incorrect connections
Can be inserted both ways
Backwards compatible
Fast data transfer speed
Inexpensive to purchase
Protocols to transfer data safely
HTTPS
SSL
TSL - layers are handshake and record
What is the internet
A collection of interconnected networks, not the world wide web as that is a part of the internet
ISP
what do they supply
what they allow you to do
storage in an ISP
ISPs are companies supplying connectivity to the internet, email services, web hosting and VOIPs.
You connect to the Internet service provider that you are contracted with, when you connect to the ISP you become a part of their network. This ISP may connect to a larger network and become a part of that.
Every ISP has its own data storage facility.
Browser softwares
Examples
How to access
Internet explorer, google chrome and firefox are all browser softwares. One way to access a particular page is by typing its address into an address bar.
Cloud based services
Mini def
Examples
Servers host software or services that you can access.
Online storage:
Dropbox
OneDrive
Google Drive
Connecting to the internet
PC > Router > Modem > ISP > Internet
router provides access to local area network
modem connects to your internet service provider (ISP)
- modem no longer used in modern technology
ISP connects you to the internet
Modem
stands for modulator/demodulator
converts digital signal from computer and converts to analogue signal for phone lines
a second modem at the receiving end converts the signal back to digital
Router
A router is a hardware device that allows you to connect several devices to a single internet connection (home setting)
Many routers have a WAP (Wireless access point) allowing you to create a wireless access point
TCP/IP protocol
TCP (transmission control protocol)
breaks up messages sent over the internet into packets
reassembles packets at the other end
detects errors
resends lost messages
IP protocol
- routes the individual packets between sender and recipient
HTTP and HTTPS Protocol
HTTP (hyper text transfer protocol) used for accessing and receiving web pages in the form of HTML files on the internet
The protocol requests the web server to upload the requested web page to the users browser for viewing
HTTPS (secure protocol) encrypts the information so that it can not be hacked
Packet switching
files and packets micro def
packet header
Each file is broken up into packets
Each packet is given a header containing:
- IP address its going too (Internet protocol)
- IP address it came from
- Sequence number of the packet
- Number of packets in the whole communication
IP Addressing
Every device connected to the internet has an IP address
eg. 81. 101. 137. 12
Packets are labelled with the senders and the destinations IP address
Packets are sent across the internet along separate routes and reassembled at the end
Public vs Private IP addresses
A PC network has a public and private IP address
Public IP belongs to the router on your LAN
Private IP is accessible only through the LAN
ISPs are allocated blocks of IP addresses
Once a message arrives at the router of your LAN it will use the private IP address to identify which device requested information
MAC Addressing
in full and assigned by who
how many addresses and for what
what it looks like
similarity of and combinations
role
A media access control address is assigned to each Network interface card by the manufacturer.
Computers may have 2, one for ethernet and one for wireless or for a phone wireless and bluetooth
Hex value eg.
3B:14:E6:39:0A:2C
Every network device in the world has a unique MAC address
There are 2^48 possible MAC addresses
Role of a MAC address:
When you request a web page each router along the way uses the MAC address of the next router to send the data packet to the next leg of its journey.
URL
Uniform resource locator is a web page and all are unique
WWW.
Domains names (TDLs)
.uk , .nz etc
DNS
Domain Name system
DNs technology allows you to type a URL into your web browser and it translates the web address into an IP address.
There are 13 DNS “root” servers worldwide that keep complete database of all names and IP addresses
Lower level DNS servers are owned by ISPs and hold parts of the database
When a DNS server receives a request not in its database it will pass it on until reaches one with the matching name and IP address
Cookies
A cookie is a small data file that a web server puts onto your computer when you visit a website
Cookies save any data entered such as registration details, passwords and relevant adverts for you as well as web preferences.
Role of a browser
how browser gets webpage/website on your computer
User types web address (URL) into browser
Browser forwards request to web server to access page
Web server acknowledges request and sends HTML source code for the web page to the computer
Source code is rendered (translated) into viewable web page
Malicious software
what it does
what it can/typically does
types x6
Malware is any software written with malicious intent.
Disrupt computers from their work
Corrupt files
Record key presses and gather information
Gain unauthorised access to a computer or files
Not all viruses cause harm, but the ones (most) that do:
limiting hard disk space and memory
destroying or damaging files and data
spamming your address book with contacts
consuming your internet bandwidth
Types of Malware:
Spyware,
gathers information, installs more spyware, sends information back to spyware author, sells to advertising companies or help with identity theft
Adware,
irritating pop ups, instals itself on a computer, rarely harms
Viruses,
small program that replicates by inserting itself in other computer programs
- attach them self to existing software programs and infect when you run that program
- self replicate
Worms,
a standalone file that does not need a host program to attach itself to
Trojans,
a non-self-replicating virus that masquerades as a harmless file that you might want to open
Ransomware,
malware used to lock your computer or access to your flies for which you are then asked to pay a fee to regain access
Botnets
A virus can compromise a computer and use the host’s storage and processing power to perform jobs
This computer can then become a part of a Botnet network ( a group of computers secretly cooperating to send spam or cause disruption on a much larger scale)
Computers in a botnet can:
send email spam to other users
store and distribute illegal material
perpetrate a Denial of Service attack
DOS attacks
Denial of service attack
Frequently aimed at company or web servers to overload them or make them crash by:
- flooding servers with millions of requests
- absorbing 100% of its processor time or memory
- using all available bandwidth
Attempts to make a network or website unavailable to legit users and the motive is often revenge, blackmail or terrorism
Reducing the risk of any cyber security issues
Use strong passwords, keep software up to date, and avoid clicking on suspicious links or downloading files of unknown sources.
Anti-virus softwares
what they do
how they do
detects viruses
deletes or quarantines infected files
commonly finds all malware including adware, spyware,
worms and Trojans
Works by:
holding a dictionary of snippets used in viruses
scans new files, downloads, external drives on your computer
looks for suspicious codes by comparison
keeps a dictionary of know viruses up to date
Firewall
acts as a filter or barrier between your own trusted
network and others
only allows certain data packets across that meets set
filtering rules
Hacking
Breaking security defined as unauthorised access to files or data
Exploiting weaknesses in websites or security systems
to access data
Guessing default or common passwords
Tricking people into downloading malware to gain
access to their computer
Logging in as someone else without their permission
In order too:
pure mischief or a challenge
steal money
steal or modify information
for political reasons, expose wrongdoing or revenge on opposing views
Black and white hats
Black hat hackers are illegally hacking with criminal intent
White hat hackers ethical hackers employed by companies to deliberately find holes in their own security
Grey hat hackers look for wholes in other systems and ask for a payment from those systems
Cracking
Not hacking
Illegally accessing program source code to change it or fool it to:
Bypass security or licensing control
prevent software from expiring
unlock features that otherwise would require a subscription
Hyper Text Markup Language
International standard language that all pages can read and all pages are written in.
Webpages, webpage code
HTML Code
In a text file containing the content of the website to be displayed by the browser
Uses to govern how to present sections of content
Stores locations of images that are to be displayed
Stores the location of other websites that are linked to using hyperlinks
HTML vs CSS
HTML controls content and function of a web page
Cascading Style Sheets control its style and appearance
Writing HTML code
open <> and close >
Websites are made of a head and body
<h1> , <h2>, <h3>, <h4> - different headings (main , sub)
<img></img></img>
<em> </em>:
emphasis
<a>
Click here for more info
</a>:
link placed in middle line, click to access</h4></h3></h2></h1>
Adding CSS to a webpage
Define the style at the top between tags
h1 {colour:blue; text-align: centre}
Everything that falls inside the style tag, that html will adopt that style
Sector ==> h1 or other
Declaration ==> property and value
Property ==> colour or other
Value ==> blue or other
h1 {colour: blue;}
To add a CSS style:
Define a style for a particular tag eg. h1
or
Define a general style and attribute it to a new name eg. #page
Attribute style to a <div> block:
Image file on desktop
</div>
Describe how the SSL works
− Browser / client sends request to webserver for identification
− Web server sends its digital / security certificate
− Browser authenticates certificate
− If authentic connection, is established any data sent is encrypted
− Using public and private key to do this
Describe how the TSL works
− Handshake and record protocols
− Client/Browser requests secure connection to web server
− Browser requests server to identify itself
− Web server then provides digital certificate after identification
− Browser validates certificate
− Browser sends signal to web server to begin transmission
− Session key generated
− Encryption method is agreed on
The handshake protocol is used to exchange all the information needed by both computers in order to establish a secure SSL/TLS connection
The record protocol handles the actual data and it’s encryption
Describe how a browser accesses a web page
Browser sends URL to DNS using HTTP
DNS find matching IP address for URL and sends it to the browser
Browser requests web server for web pages
Web pages are then sent from web server to the web
browser
Browser then renders the HTML to display web pages
Security certificates authenticated, SSL and TSL used to
encrypt data sent to and fro
Describe how a proxy server works
− Acts as mediator between the user’s computer and web server
− Allows internet traffic to be filtered
− Speed access to information on website using cache
Describe encryption
− Encryption key used
− Key uses algorithm to scramble data
− Data before encryption is plain text
− After encryption it is known as cypher text
− Same key used to decrypt data
Describe symmetric encryption
− Key is kept secret, only sender and receiver know
− Sender uses same key to encrypt and decrypt
− Key has to be sent over internet, can be intercepted
− Less safe but fast
Describe asymmetric encryption
− Public and private key mathematically linked
− Public key used to encrypt, anyone can see
− Private key not transmitted, used to decrypt
− Safer process but slower
Describe a Denial of Service attack
− Webserver is sent multiple requests, requests flood the webserver at the same time
− Webserver crashes / runs slow
− Designed to prevent access to e.g. a website // Stops legitimate requests being processed/serviced
Describe copyright, plagiarism
Copyright
− law/legislation that requires permission to use intellectual property / other people’s work
Plagiarism
− To claim other’s work as your own
− To use other people’s work without consent / acknowledgement
− Theft of intellectual property
Accidental loss of data and prevention
Lost from
Human error, accidentally deleting file
Hardware failure
Power failure or surge
Physical damage, fire or flood
Misplacing storage device
Prevention
Back up data regularly
Use surge protection and UPS
Keep data in protective case
Use verification method for deleting file
Follow and educate on correct procedure of ejecting files, saving, etc.
Internet risks
Phishing
Pharming
Spyware
Dos
Malware
Viruses
Worm
Rootkit
Backdoor
How to minimise risk of spyware
Anti-spyware
Scans computer for spyware
Removes/quarantines any spyware found
Prevent spyware from being installed
Onscreen keyboard
Key-logger can’t collect data of key press
Can’t relay useful info to 3rd party
2 Factor Authentication
Extra data sent to device
Harder for hacker to obtain data
Data has to be entered into same system if entered from remote location not accepted
Firewall
Can be software or hardware based
Monitors incoming and outgoing traffic
Allows criteria to be set
Blocks access to signal that do not meet criteria
Restricts access to specific applications
How to minimise risk of virus
Anti-virus
Scans computer for viruses daily
Has a record of known viruses
Removes/Quarantines any virus found
Warns user of virus
Checks data before downloaded
Prevents download of virus found
Firewall/Proxy server
Monitors incoming and outgoing traffic
Allows setting of criteria
Checks if traffic meets criteria
Blocks traffic that does not meet criteria
How to minimise risk of hacking
Firewall/Proxy server
Monitors incoming and outgoing traffic
Allows setting of criteria
Checks if traffic meets criteria
Blocks traffic that does not meet criteria
Passwords
Use long and more random passwords
Change it regularly
Lock after a set attempts
Biometrics
Data needed to enter is unique to individual
Hard to replicate
Lock after set attempts
2 Factor Authentication
Extra data sent to device
Hard for hacker to obtain
Data entered needs to be in the same system, if attempted from remote location it’s not accepted
Describe Phishing and Pharming
Phishing
− Legitimate looking email sent to user
− encourages user to click a link that directs user to a fake website
− User encouraged to enter personal details into a fake website // designed
to obtain personal details from a user
Pharming
− Malicious code/malware is downloaded without users’ knowledge
− That re-directs user to fake website (when legitimate URL entered)
− User encouraged to enter personal details into a fake website
− Designed to obtain personal and sensitive details from a user
Describe free software, freeware, shareware
Free software-
* Type of software licence
* Free of charge
* Normally distributed without the source code
* Can legally share / copy
* Cannot legally modify code
* Cannot resell
Freeware- Owner has copyright for software but can be given away for free
Shareware- Often a trial version of full software, fee required for full access
Copyright
Legal protection person can obtain to provide protection against their work stolen
Identify and describe risks to a device when accessing the internet
Hacking
− When a person tries to gain unauthorised access to a computer system
− Data can be deleted/corrupted by hacker
Malware
− A software program designed to damage data / disrupt the computer system
− Replicates itself and fills the hard disk
Virus
− A program that replicates itself to damage/delete files
Describe Cracking
-When someone alters a program source code usually for a backdoor (by disabling computer security software)
What is hacking?
illegally gaining access to a computer system
illegally gaining access to a computer system in known as
hacking
Why do people hack (5)
Curiosity
Financial Gain
Malicious
Hacktivism
Military
Curiosity,Financial Gain,Malicious,Hacktivism,Military are all reasons to___?
Hack
Cracking is
Changing a program’s source code to be used for another use (illegal)
Changing a program’s source code to be used for another use illegally is known as
Cracking
What is spyware
Software which tracks keylogs and through this can find out passwords.
Software which tracks keylogs and through this can find out passwords. Is known as
Spyware
How is Spyware prevented
Antispyware
Antispyware prevents___?
Spyware
Spyware (5)
User clicks on a link from an email or website
When clicked spyware is downloaded
Monitors users activity and relays it back to author
Keypresses can be analysed to find passwords
Common key logs allow password to be found
Viruses (3)
Program that replicates itself
Deletes or corrupts files
Ransomware a new form of virus
Phishing (5)
Fake email sent that looks legitimate
User clicks on link in the email
User redirected to fake website
Often used to try and steal financial details
How to avoid – Don’t click on links from unknown emails
Pharming (3)
Malicious code stored on a computer
Redirects user to fake website to steal users data
How to avoid – check the URL is as expected
Cookies (4)
Message given to browser by webserver
Stored in a text file
Stores detail about users preferences on a website
Message sent back to server each time that page is requested
Cookies uses (5)
Enable logon information to be kept
Provide customized pages for the user
Enable target adverts
Enable one-click purchasing with shopping carts
Be able to distinguish between new and repeat visitors
Causes of data loss (5)
Accidental Deletion
Malicious – virus
Hardware failure
Software failure
Natural disaster
Data loss prevention (4)
Set data to read only
Use correct shut down procedures
Use correct procedures when removing portable storage devices
Backup
Firewalls(5)
Prevents unauthorized access
Acts as a filter for incoming/outgoing data
Checks data meets criteria
Logs incoming and outgoing traffic
Blocks access to specified IP addresses
Antivirus (2)
Compares virus signature against a database of known virus signatures
Removes any viruses
Proxy servers (3)
Keeps user IP address secret
Prevents direct access to a web server
Filters traffic
Biometrics examples (3)
Voice recognition
Facial Recognition
Thumbprint
Text v Biometric (2)
Text passwords easier to hack than biometrics
- Biometric passwords are unique and can’t be shared
Security methods (2)
Encryption
- SSL
SSL (5)
Uses encryption
Uses SSL
Uses digital certificates – contains public key
Makes use of public and private keys
Data is meaningless without the key
How can we tell a website is using SSL(3)
Protocol end in s e.g. https
Padlock on some browsers
Colour of address bar changes
SSL process (5)
Web browser connects to the website
Web browser requests web server to identify itself
Web server sends browser a copy of its SSL certificate
Browser checks the certificate is trustworthy and sends message back to server
Server acknowledges message and SSL session begins
TLS layers (2)
Record
- Handshake
Record layer (2)
Contains the data being transferred
- Can be used with or without encryption
Handshake layer (2)
Website and client authenticate each other
- Encryption algorithms used to establish secure session
Differences between TLS and SSL (3)
Possible to extend TLS using new authentication methods
TLS can make use of session caching
TLS separates handshake and record protocol
How does encryption work on text (6)
Before encryption it is plain text
Text encrypted using an algorithm
Text encrypted using a key
Encrypted text called cypher text
Key transmitted separately from text
Key used to decrypt the cypher text
Assymetric(5)
Private key and Public key needed
Public key given to everyone
Private key only known by the computer user
Encryption keys generated using a hashing algorithm
Different keys
Plain text & Cyper text
Text encrypted using encryption algorithm
Text encrypted using a key
Key transmitted separately from the text
Key used to decrypt the text
Authentication (1)
-Used to verify that data comes from trusted source
Symmetric Encryption (1)
-Uses the same key to encrypt and decrypt data
Hashing algorithm (4)
Takes message or key and translates it into string of characters
Usually shown in hex notation
Length depends on algorithm used
Same hashing algorithm needed to decrypt
DoS Attacks (4)
Large number of requests sent to server at once
Designed to flood a server with useless traffic
Server will come to a stop trying to deal with the traffic
Prevents users gaining access to the web server
Types of softaware(3)
Free software
Freeware
Shareware
Free software (4)
Can use for any legal purpose you wish
Can study and change the source code
Can pass on to other people
Must not be used to infringe copyright laws by copying existing software
Freeware(2)
Can download and use free of charge
- Cannot view or modify the source code e.g. Skype
Shareware (5)
Can use for a trial free of charge
Need to pay once the trial is over
Often trial version missing key features
Protected fully by copyright laws
Cannot modify code or distribute the software
What is hacking?
the act of gaining illegal access to a computer system
What is cracking?
the editing of program source code so it can be exploited/changed for a specific purpose
What are viruses?
program code that can replicate/copy itself with the intention of deleting/corrupting data/files or causing the computer to malfunction
What is phishing?
sending legitimate lookng emails to encourage uses to give out personal data
What is pharming?
malicious code installed to redirect uses to a fake website
What is spyware/key logging software?
gathers data by monitoring keypresses on user’s keyboards
What are cookies?
pieces of data that allow detection of web pages viewed by a user and store their preferences
What is accidental or malicious loss of data?
this could be due to accidentally deleting a file or to a malicious attack from viruses or hacking
What are firewalls?
examines traffic between user’s computer and a public network - can help prevent viruses or hackers entering a user’s computer
What is secure sockets layer (SSL)?
allows data to be sent and received securely across a network
What is transport layer security (TLS)?
a protocol that is designed to ensure that no third party may eavesdrop or tamper with any message
What is symmetric encryption?
a secret key which makes a message unreadable unless the recipient also has the decryption key
What is asymmetric encryption?
a form of encryption requiring both a public and private key
What is authentication?
used to verify that data comes from a trusted source
What is a denial of service attack?
an attempt at preventing users from accessing part of a network
What is free software?
users have the freedom to run, copy, change or adopt free software
What is freeware?
software which users can download free of charge
What is shareware?
users are allowed to try out shareware for a trial period
What can hacking lead to?
lead to identity theft and loss or corruption of data
How can you minimise the risk of hacking?
using strong passwords
using firewalls
Why is cracking done?
for malicious purposes (such as modifying legitimate software to do something like redirect a user to a fake website)
How can you minimise the risk of cracking?
it is hard to do
software engineers need to make the act of breaking into the software nearly impossible (make it difficult to identify back doors)
What do viruses cause computers to do?
run slow
crash
cause some software to run abnormally
How to reduce the risk of viruses?
running anti-virus software
don’t open emails/software from unknown sources
What are the main signs that an email is a phishing email?
messages containing poor spelling/grammar
asks for personal information
unrealistic threats/promises made
How can you reduce the risk of pharming?
anti-spyware software can identify and remove pharming code on the hard drive
What is wardriving?
the act of locating and using wireless internet connections illegally
can lead to stealing of internet time/bandwith
How can you prevent the risk of wardriving?
use of WEP (wired equivalent privacy) encryption
complex passwords
firewalls
What are Networks?
Networks are connections between nodes (devices) to share resources. Being connected to a network can be dangerous because there are more access points.
What are the types of Networks?
Personal Area Network (PAN)
Local Area Network (LAN)
Wide Area Network (WAN)
What is PAN?
A personal area network is within the range of an individual, +- 10m. Examples are:
Bluetooth
What is LAN?
It is a network that connects devices close to one another, like in the same house; school; office.
What is WAN?
A wide area network is a network over a broader, geographic area. For example, an internet connection is given by an ISP. The internet is a WAN made up of individual LANs.
What is a Client-Server Network
In a Client-Server Network, every device is either Client or Server. A client will request resources from the server.
When a resource is wanted, the client establishes a connection with the server over the network
Servers backup and store data centrally, although expensive and difficult to run.
It is centralized
What is a Peer-to-Peer Network
A P2P network is decentralized. Each node is equal in responsibility and can work as both client and server.
What are the factors that affect Network Performance?
Latency
The Delay, Speed of Signals
Bandwidth
Max rate of Data Transfer (bps)
Error Rate
How often data is corrupted
How often data must be resent
What are the differences between wired connections and wireless connections?
Wired connections are generally faster
Though Bandwidths must be taken into account, but is shared across a network
Wireless range signals degrade quickly and can be blocked
Signals at the same frequency can interfere, leading to dara collisions
Bus topology have higher error rates
What are network protocols?
They are rules that must be accepted to devices can be compatible and reliably communicate.
How are protocols developed?
They are developed in layers, each responsible for a different part of the process of communication. Layers break the process down into managable self-contained parts.
Easier to develop because it is focused on one aspect
easier to develop standards
changing one layer won’t affect another
What us the TCP/IP Protocol Stac?
It has 4 layers:
Application Layer
HTTP/S; FTP; SMTP; IMAP & POP; DNS
Transport Layer
TCP; UDP
Network Layer
IP
Link Layer
Ethernet; Wifi
What is the Application Layer?
The application layer is where network applications can operate, e.g:
Web Browsers, Email Clients
What is the Transport Layer?
This layer sets up communication between the two hosts, and includes the agreed rules.
What is the Network Layer?
This layer addresses and packages data, and routes it.
What is the Link Layer?
This is where the hardware and drivers operate.
What is the Ethernet?
It is a standardised family of protocols.
Ethernet works at the link layer
it describes how devices on the same netwoek degment format data and transmit it
What is Wi-Fi (WLAN)?
It is a form of wireless transmission, radio waves
EM waves are categorised on frequency
A channel represents a small frequency range, designated by number
Frequency overlap can cause interference.
Data is encrypted using WAP
What is the TCP?
TCP is the transmission control protocol, which runs in the transport layer. It deals with the connection between devices, it:
receives data from the application layer
receives the packets from the network layer
splits data into packets
reassembles them
sends an acknowledgment
What is the IP?
It is the internet protocol, it addresses packets with the source and destination’s IP address, and works at the network layer. The IP removes the IP addresses when the packets are no longer needed.
What is HTTP?
It is the hypertext transfer protocol, a hypertext is a type of text with links. HTTPS is HTTP with encryption through certificates. HTTP is used to access a webpage from a web server, the process goes as:
The client requests a message
the webserver gives a response
What is FTP?
The file transfer protocol is of the application layer, which handles file uploads and downloads. HTTP transfers viewable content whilst FTP transfers data.
What are the email protocols?
SMTP
POP3
IMAP
What are the outbound email protocols?
SMTP
What are the Inbound email protocols?
POP3
IMAP
What is SMTP?
The simple mail transfer protocol is of the application layer.. it handles outbound. It sends the email to a mail server, and then to the internet. SMTP servers have user databases.
What is POP?
it is post office protocol, this is from the internet, mail server to the client. It doesn’t keep client and server in sync. When the mail is downloaded, it is deleted from the server.
What is IMAP?
It is internet message access protocol, where it keeps both client and server synced in which the mail is copied instead of downloaded. For the mail to be deleted from the server, you must contact the client.
What are the network topologies?
Topologies are the arrangement of the nodes and connections in a network.
Bus
Star
Mesh
Ring
What is the Bus Topology?
All clients, serbers and resrouces are connected to one medium, the bus.
When a node communicates, the data is transmitted down the bus.
All drivers receive it but only the intended recipient accepts and processes the message.
There are terminators on both ends, which are resistors. They prevent data from reverberating
What are the advantages and disadvantages of the bus topology?
Advantages:
Cheaper, because less wires
Disadvantages:
If the main bus fails, all fails
Prone to data collisions in high traffic, which slows the data down.
What is the ring topology?
In this topology, each device is connected to two other devices, forming a ring for messages to travel around. The nodes take turns sending data, data is sent one direction through each device until the intended recipient receives it.
What are the advantages and disadvantages of the ring topology?
Advantages:
Simple, less wires, cheaper.
Disadvantages:
All nodes must be one for the data to be sent.
What is the star topology?
Most home networks uses this topology, as each node is connected to the central connection point.
What are the advantages and disadvantages of the star topology?
Advantages:
Data goes immediately to recipient
Disadvantages:
If the central connection point fails, network stops.
What is the mesh topology?
In a full mesh, every node is connected to every other node. In a partial mesh, there are simply many connections between nodes. A mesh could be used as a backup mechanism, called the redundancy as it is needed but used as an alternative route.
What are the advantages and disadvantages the mesh topology?
Advantages:
Provides backup should one route fails
Direct links to recipient.
Disadvantages:
Expensive, many wires
Complicated
Can’t add one device without connecting to every other device.
What is Network Security?
It is the processes, practices, and technologies designed to protect networks from attacks, damages, or unauthorized access.
Where do attacks originate from?
It can happen internally and externally.
What are the kinds of security do you need to watch out for?
Physical Security
CCTVs, Case Locks, Disabling USB Ports
Cloud Security
Ensure the cloud servers you use are safe
What should be done when checking security?
Validation
Ensuring that data is correct and secure before processing
Authentication
Ensuring that an entity is genuine, like users, product authentications.
What are some security threats?
Unpatched Software
Misconfigured Access Controls
Social Engineering
Phishing
Shoulder Surfing
USB devices
Portable Digital Devices
Eavesdropping
Malicious Code, malware basically
Commercial Analysis tools
What is Unpatched Software?
It is basically just un-updated software, which may have some protection holes.
It is basically just un-updated software, which may have some protection holes.
It is when an entity has permission to access something that they’re not supposed to.
What is Phishing/Pharming?
It is the usage of sending emails from a ‘verified’ entity that contains malicious links that can lead to websites that download malware.
What is shoulder surfing?
Someone staring at you when you type in important information.
What is Malicious Code?
It is malware like:
viruses
spyware
things like that
How can you identify vulnerabilities?
Penetration Testing
Ethical Hacking
What is penetration testing?
It is basically stimulating an attack to find any weaknesses. For example, entering a random username and password just to see if it can access the site. It is normally done by an external entity.
What are the kinds of penetration testing?
White-box pen test
Inside attack, where attacker has some knowledge of the system
Black-box pen test
Outside attack, hacking
What is ethical hacking?
Hacking is finding and exploiting vulnerabilities, it is only ethical when done in a testing context. There are kinds identified by white/black/gray hat hackers. For it to be ethical, it must:
Have permission
Be worked on securely
notify admins when weaknesses are found
What are Firewalls?
They monitor network traffic and filter data packets based on agreed rules. Routers and dedicated hardware contain firewalls, they can:
Block Packets
Connections from certain regions
What is the structure of a data packet?
Header
Data
Trailer
How do firewalls work?
Packet filtering is done by looking at the addresses on the packet header. (first generation)
Stateful Inspection is done by looking at the data context. (second generation)
What are some security measures (2)?
Design Stage Planning
Audit Trails
Securing Operating Systems
Good Programming Practices
What is Design Stage Planning?
It is threat modeling, basically just analysing vulnerabilities from a theoretical attacker’s view.
What are Audit Trails?
These are system records kept, which can trace security issues.
What is Securing Operating Systems?
Limit User Accounts
Directory Permissions
Strong Passwords
Limit automatic softwares
Install patches and update new versions
What is the internet?
It is the worldwide collection of networks that use the internet protocol suite, TCP/IP.
What is the World Wide Web?
It is the collection of web pages hosted on web servers.
What is the difference between the WWW and the Internet?
The WWW is the resources on the internet, whilst the internet is the hardware.
What are URLs?
They are addressers to specific web resources.
What is the structure of a URL?
Network Protocol → Domain Name → File Names
What is an IP address?
It is an address that uniquely identifies devices on a network. IP addresses are denary, but also uses 8 bit binary, it is:
assigned by the ip
temporary, like in ram
defines geographic locations
How does the internet work?
Data transverses throughout international servers.
How does data get to a certain device?
The international routers uses the destination IP address of the packet to identify where to send the packet. Routing algorithms will determine the best route to get there.
What is the method of data transmission?
Packet Switching
What is Packet Switching?
There is no fixed paths, but each packet can take different routes, packet heads contain packet numbers, MAC and IP addresses as well as the protocol. The trailer has a validation checks.
what are ISPs
internet service protocol are companies that provide users with access to the internet
what are IP addresses
IP address is used to identify a device (on the Internet / network)
32-bits
changes as you move because static or dynamic
ipv4 and ipv6
assigned by ISP
address is unique for given Internet session
256.342.34.235
what are MAC addresses
hardware/physical address
unique number that identifies a device (connected to the Internet)
address is made up of manufacturer id + serial number of device
address is allocated by the manufacturer
48 - bits
1st half is manufacturing
2nd half is serial number
does not change/ static only
part on Number identification card
what is hypertext transfer protocol
a set of rules obeyed when transferring files across the internet
parts of URL
access protocol
domain name
file name
What is the Internet?
A global infrastructure of interconnected networks
What is the World Wide Web?
All of the web pages that are accessible via the Internet.
What is a URL and what does it stand for?
Uniform Resource Locator
Each web page has its own unique text-based address
What is the https part of a URL called?
Protocol
What is the www part of a URL called?
Host
What is the disney.co.uk part of a URL called?
Domain Name
What is the index.html part of a URL called?
Web page / file name
What is a protocol?
A set of rules for communication between devices. It allows equipment from different suppliers to work together
What does HTTP stand for?
HyperText Transfer Protocol
What is HTTP?
The standard transmission protocol of the Web
What is HTTP?
The standard transmission protocol of the Web
What is the problem with HTTP?
Any data you enter into the site is sent in plaintext and is susceptible to hacking
What does HTTPS stand for?
HyperText Transfer Protocol Secure
What is HTTPS?
A secure protocol that encrypts any data sent between the website and your browser so that it can’t be understood if intercepted.
What are the functions of a browser?
Storing bookmarks and favourites
Recording user history
Storing cookies
Providing navigation tools
Allowing use of multiple tabs
Providing an address bar
What does HTML stand for and what is it?
Hypertext Markup Language
The standard markup language for creating web pages
What is an IP address?
A public address that is unique to each device. Every networked computer has an IP address
What does a Domain Name Server do?
It converts a URL address into an IP address
This means that a browser on a client machine can make a request to the correct web server hosting that web page
What does a Domain Name Server do?
It converts a URL address into an IP address
This means that a browser on a client machine can make a request to the correct web server hosting that web page
What happens if the DNS server doesn’t have an entry for the domain name?
It passes the request to a more authoritative DNS server. An error is sent back if no match is found.
What are cookies?
Text files with small pieces of data
What do cookies do?
They are used to track user preferences, hold items in a shopping cart, store login details and other personal details
What are session cookies?
They are created and replaced each time a user visits a website
What are persistent cookies?
They are created and saved on the first visit and retained until they expire
What advantages come from using cookies for a retailer on an online shopping site?
The retailer can send personalised email advertisements to customers
The retailer can analyse quantity and value of sales/advertising
The retailer can implement one-click purchasing
What are the advantages for the user when visiting an online shopping site that uses cookies?
They will not need to remember login details
They can use one-click purchasing
Websites will remember their personal customisations
What is digital currency?
Any money-like asset that only exists in digital form. It is exchanged digitally with no physical banknotes or coins in circulation
Why are digital currencies gaining in popularity?
Can transfer funds without the intervention of private banks
Reduced transfer fees and sped-up transaction completion time
Improves security and anonymity
What is a blockchain?
A digital ledger –> a time-stamped series of transaction records sequentially linked in a chain, tracking the movement of a digital currency
How does blockchain work?
Each new transaction is added onto a chain of transaction blocks
Each block will carry the user’s ID number and a reference to the previous block. This is known as a hash total and is calculated with a hashing algorithm
A change of data in one block will create a ripple effect of incorrect hash totals
The blockchain will be stored on multiple different servers, and if one chain doesn’t match all others, it will be rejected
What is digital currency
currency (a system of money) that exists in electronic form only;
What is cryptocurrency
a form of digital currency that uses a chain of decentralised computers to control and monitor transactions
What is cryptography
the protection of data/information by use of coding; it usually involves encryption and decryption
What is a blockchain
is a digital ledger, that is a time-stamped series of records that cannot be altered
What is a timestamp
a digital record of the date and time that a data block is created in blockchain networks
4 things a block contains
Data
Hash value
Previous hash value
time stamp
Why is tampering prevented
Because altering one block will change its hash value and break the link to the following blocks - invalidating the whole chain.
What is hacking?
Automated or manual attempts to gain unauthorised access to programs or data
How to protect against hacking?
Firewall to block access by unauthorised devices
What is a brute force attack?
Automated or manual attempts to gain unauthorised access to secure areas by trying all possible password/key combinations
How to protect against brute force attacks?
Strong passwords
Limited attempts allowed
What is data interception and theft?
Data may be intercepted during transmission, but physical theft can occur where storage devices or data files are left insecurely
How to protect against data interception and theft?
Encryption
Passwords
Physical locks
What is spyware?
Software that hides on your computer and records your activities to send back to a third-party for analysis
How to protect against spyware?
Anti-malware
Anti-spyware software
What is phishing?
Phishing emails redirect a user to a fake website where they trick the reader into divulging confidential information such as passwords that can be used fraudulently
How to protect against phishing?
Network policy
Firewall
User awareness of phishing ‘clues’
What is pharming?
Sends the user to a fake website that looks like the real thing. The user types in a legitimate address and is redirected to a fake website
How to protect against pharming?
Checking the URL
Making sure the site says HTTPS, not HTTP
What is malware?
Checking the URL
Making sure the site says HTTPS, not HTTP
What is malware?
Malicious software written to cause inconvenience or damage to programs or data
What is a virus?
A program that is installed on a computer without the user’s knowledge or permission with the intent of doing harm.
It includes instructions to replicate automatically on a computer
What is a worm?
A program that is similar to a virus, except it cannot self-replicate
What does anti-virus software do?
Software that runs on a computer checking all files for known viruses
It must be updated regularly
What is a Trojan horse?
A program that masquerades as having one legitimate purpose, but it actually has another
How does a Trojan horse work?
A link is spread by email
The user is invited to click on a link for an everyday purpose
This link then executes a program which gives the controller unauthorised access to the computer
What is ransomware?
A form of malware that encrypts a victim’s files.
How does ransomware work?
A ransom is demanded from the attacker in return for instructions on how to decrypt the files
What is adware?
A malware that displays onscreen advertisements. It is not always dangerous, but could redirect the browser to an unsafe site
What does DDoS stand for?
Distributed Denial of Service
What is a DDoS attack?
A malicious attempt to disrupt the normal traffic of a targeted server with a flood of Internet requests
How does a DDoS attack work?
Multiple interconnected devices in different locations establish a botnet
The attacker is then able to direct the attack by sending remote instructions to the bots to send requests to the target’s IP address
The server becomes overwhelmed, and genuine requests cannot be handled
The server fails or times out
How can you protect against DDoS attacks?
A firewall can filter through requests to separate the genuine and fradulent requests
What are biometrics?
Pre-recorded characteristics to authenticate authorised users of a system/device
What are some examples of biometric authentication?
Facial recognition
Iris and retina scanners
Fingerprint recognition
Voice recognition
What is two-step verification?
Two authentication methods performed one after the other to prove someone’s identity
What are automatic software updates?
These updates will keep applications and the OS up-to-date. This enables bugs and security flaws in the software to be fixed with a patch
What does SSL stand for?
Secure Socket Layer
What does SSL stand for?
Provides a secure channel between two computers or device operating over the internet
What is SSL used for?
SSL is used to secure communication between a web browser and a web server.
It will then use an HTTPS address for the website
Similar to asymmetric encryption
What can privacy settings allow a person to do?
Control what information about them is shared on a social media platform. A user can control who has access to what they post, and who can see their full profile
What could be counted as a proxy server?
Any machine that checks and forwards traffic between networks or protocols.
What does a proxy server do?
It’s an intermediary server that separates end-user clients from their destination site. It can provide varying levels of functionality, security and privacy.
Why does data need to be kept safe?
Accidental damage could occur, such as file corruption and human errors
Malicious actions may be taken by other people to view, delete, copy and/or corrupt data without authorisation
What is SSL?
Secure Socket Layer
Provides secure connection between internet browser and websites
Allows transmission of private data
Indicated by padlock sign on the web browser (sometimes the address bar is green)
Uses two keys to encrypt the data: a public key known to everyone and a private key only known to the recipient
URLs that require an SSL connection start with ‘https’
e.g. e-commerce shops use SSL to keep credit card details secret
What is symmetric encryption?
A type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric (or public-key) encryption, which uses one key to encrypt a message and another to decrypt the message.
Increasing the length of the key increases the strength of the encryption.
Define
network
A computer network is a number of computers linked together and able to communicate using certain protocols. Networked computers can share resources including hardware, software and data.
Most computer networks have at least one server.
List some advantages of using networks
Advantages:
Easy, efficient communication by emails, instant messaging, telephony, video conferencing, chat rooms, etc.
Ability to share files, data and information (beneficial for large organizations to organise data and allow certain people access to data)
Saves costs by sharing hardware (e.g. printer) and software (site licences are likely to be cheaper than buying several standalone licences)
Sensitive files and programs on a network can be password protected.
Rapid sharing and transferring of files, saves time while maintaining the integrity of files
List some disadvantages of using networks
Disadvantages:
Possibility of breakdowns and loss of resources
Expensive to build
Managing a large network is complicated, requires training and a network manager usually needs to be employed
Viruses can spread to other computers in the network
Danger of hacking, particularly with wide area networks. Security procedures are needed to prevent such abuse, e.g. a firewall.
Define
protocol
Pre-agreed signals, codes and rules that are used between two or more computer systems to exchange data and information
Define
internet
The internet is a global computer network providing a variety of information and communication facilities, consisting of interconnected networks using standardized communication protocols.
It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies.
The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support email.
Define
web browser
A piece of software used to view and download web pages and various types of files such as text, graphics, sound and video.
List the typical functions offered by web browsers
Displaying web pages
Browsing back and forward between web pages
Customisation of basic options such as your homepage, content censorship and security preferences
Bookmarking
History
Offline browsing
Downloading
Search engines
E-mail
Define
server
A combination of computer and software that provides a service to other client computers or application programs.
What is an Internet server?
This is a computer with specific web server software that provides clients with access to web pages
Define
client
Client devices send requests for services, e.g. printing or retrieval of data to specific server devices that perform the requested processing
What is an Internet Service Provider (ISP)?
A company that provides you with access to the Internet, usually for a fee. The most common ways to connect to an ISP are by using a phone line (dial-up) or broadband connection (cable or DSL).
Examples : STC, Mobily, Zain, etc.
What is http?
Hypertext transfer protocol (http) is the underlying protocol used by the World Wide Web which defines (1) how messages are formatted and transmitted, and (2) what actions Web servers and browsers should take in response to various commands.
For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.
What is https?
Hypertext transfer protocol over secure (https) is a secure method of accessing or sending information across a web page. All data is encrypted before it is sent, preventing anyone from understanding that information if intercepted.
Because data is encrypted over https, it is slower than http, which is why https is only used when requiring login information or with pages that contain sensitive information such as an online bank web page.
What is HTML?
HyperText Markup Language (HTML) is the markup language used in creating web pages on the World Wide Web.
A document Markup Language is a modern system for annotating a document in a way that is clearly distinguishable from the text.
Distinguish between HTML structure and presentation
Structure consists of the mandatory parts of an HTML document plus the semantic and structured markup of its contents.
Presentation is the style you give the content. In most cases presentation is about the way a document looks, but it can also affect how a document sounds – not everybody uses a graphical web browser.
Separate structure from presentation as much as possible. Ideally you should end up with an HTML document which contains the structure and content, and a separate CSS file which contains everything that controls presentation.
What is TCP/IP?
IP: internet protocol
TCP: transmission control protocol, it performs handshakes, packet sequencing, flow control and error handling
Extremely popular protocol on which the internet is based
Data is broken up into independent small packets
Size of the packet is up to the network designer (typically they start from 512 bits upwards)
What is an IP address and why is it used?
An Internet Protocol (IP) address is a unique identifier for computers on the internet
Each device that is part of a network using TCP/IP (normally internet) has to have an address to be able to identify itself and be allowed to use the network.
Static IP addresses are fixed, dynamic addresses change frequently.
What are the two forms of IP address and how do they differ?
IPv4:
Uses 32-bit addresses
There are not enough addresses for all computers on the internet, as some addresses are reserved for certain purposes or for certain companies
IPv6:
Uses 128-bit addresses
Solution to the problem of not having enough addresses
What is the format of an IPv4 address?
Four numbers separated by periods (in the form w.x.y.z.)
Each number is an 8-bit binary number between 0 and 255, making up a 32-bit address
Each number group in the address sub-divides the network to which the computer is connected with the final number being the actual computer.
11000000.10101000.00000000.11001011
192.168.0.203
Network address
Host address
What is a MAC address?
Stands for Media Access Control
Also known as a hardware address or physical address
Uniquely identifies each node of a network (A node is a processing location – a network adapter or any device with built-in network capability)
While an IP address can potentially be assigned to any device, a MAC address is ‘burned into’ a given device from the factory – it is hard-coded into the network interface card (NIC) by the manufacturer
How are MAC addresses used?
Uniquely identifies an adapter on a LAN
Allow communication between devices on a local network by making it possible to reliably distinguish one computer from another
Increase security as cannot be impersonated
If you set up a WiFi one of the things you can do to improve security is to only allow devices with certain MAC addresses to connect to the network.
When a data packet is being sent out to a station that is on the same network LAN segment, only the MAC address is needed.
What is the format of a MAC address?
Six pairs of hexadecimal digits (48 bits in length), usually separated by colons or dashes
01:1F:33:68:BC:14
OR
01-1F-33-68-BC-14
Organisational Unique Identifier
(OUI)
*Identifies the company that manufactured or sold the product
Universallv Administrated
Address (UAA)
*Specific to the device, like a serial number
What is the format of a MAC address?
Six pairs of hexadecimal digits (48 bits in length), usually separated by colons or dashes
What are cookies and why are they used?
A message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
They are used:
to enable logon information to be kept on the computer
to provide customised pages the next time the user logs on, e.g. customised adverts
to implement shopping carts and one-click purchasing
to be able to distinguish between new and repeat visitors to the website
Standalone computer
A computer that is not connected to a network
Network
An arrangement of two or more computers that are connected together for the purpose of sharing resources and data
Internet of Things (loT)
A network of physical objects that use sensors, actuators, embedded systems and wireless technology such as WiFi and bluetooth to collect and exchange data with no human interacion
VoIP
Voice internet protocol
LAN
Local Area Network
WAN
Wide Area Network
-Bank / hotel chain network
WLAN
Wireless Local Area Netwrok
- Hand held scanners
Wireless Local Area Netwrok
- Hand held scanners
A computer connceted to a network used to coordinate (store and share) huge amounts of data
Latency
The time it takes for a message to transfer (ms). AkA ping
Internet
An interconnected network or network of networks.
Most networks are part of the internet.
Consists of multiple cables or links that connect countries together, and can be though of as the backbone.
Packet switching
Breaking down a large amount of data into small packets, each packet is independent from one another
Each packet is tagged with:
Source address
Destination address
Sequence number of the packet
total number of packets being sent
Router
Manages communication on the network. Can have a built-in wireless access point (WAP)
TCP
Transmission Control Protocol
Responsible for delivering data to a given address
Modem
Modulator / Demodulator
HTTP
Hyper Text Transfer Protocol
SMTP
Simple Mail Transfer Protocol
Network topology
A Network topology is the arrangement with which computer systems or network deveices are connected to each other
Bus topology
In a bus topology, all nodes in the network are connected directly to a central cable that runs up and down the network
Ring topology
Each node is connected with two other deveices
Star typology
All nodes indirectly connect to each other through 1 or more switches. The switch acts as a central point through which all communications are passed.
Mesh topology
There is no central connection point. Instead each node is connected to at least one other node
Avantages of bus topology
Easy to install
-Cheap to install
Disadvantages of bus topology
-If the central cable fails the whole networks fails and stops working
Advantages of Ring topology
No data collisions, as the data only flows in one directions
Disadvantages of ring topology
If the main cable fails, the network fails
Advantages of star topolgy
If a cable fails, the whole network will not fail and other computers can still work
High performance as there are no data collisions
Disadvantages of star topology
It is expensive to build as it requires more hardware such as switches and wires
Advantages of mesh topology
Manages a large amount of data as computers can trasnmit data simultaneously
If a cable fails, the network still works
Disadvantages of mesh topology
-It is expensive to build
- It requires much more time to repair or build
IP
Internet protocol
Responsible for obtaining the address to which data is sent.
A set of rules that govern data transfer in the internet
TCP/IP
Layered protocol stack
Collection of protocols
It sets how data should be formatted and transmitted across networks
Web Server
Holds and shares web pages
File server
Holds and maintains user files
Mail server
Handles emails between users
Network speed
File size / time
Standalone computer
A computer that is not connected to a network
Network
An arrangement(or group or setup) of two or more computers that are connected together for the purpose of sharing resources and/or data.
Internet of Things (IoT)
A network of physical objects that use sensors, actuators, embedded systems and wireless technology such as WiFi, Bluetooth and Zigbee, to collect and exchange data, with minimal or no human interaction.
VoIP
Voice of Internet Protocol
LAN
Local Area Network
Example:
- School network
WAN
Wide Area Network
Example:
- Bank network
WLAN
Wireless Local Area Network
Example:
- Hand held scanners
Server
A computer connected to a network used to coordinate(store and share) vast amounts of data.
Latency
The time it takes for a message to transfer (ms). Also known as ping.
Internet
An interconnected network or network of networks.
Most networks are part of the internet.
Consists of multiple cables or links that connect countries together, and can be though of as the backbone.
Packet switching
Breaking down a large amount of data into small packets, each packet is independent of one another.
Each packet is tagged (has a header) with the recipient and source IP, checksum and a sequence number for the packets to be put back in order at the destination and checksum
Server
A computer connected to a network used to coordinate(store and share) vast amounts of data.
Network topology
A Network Topology is the arrangement with which computer systems or network devices are connected to each other.
Bus topology
In a bus topology, all nodes in the network are connected directly to a central cable that runs up and down the network.
Advantages:
- Cheap since little cabling needed
- It still works if a node fails
- Easy to add extra devices
Disadvantages:
- If the central cable is damaged the network stops working
- More devices, slower since more collisions
- All nodes can access all traffic can be security risk
Ring topology
In a ring topology network, each node is connected to two other devices.
Star topology
In a star topology, all nodes indirectly connect to each other through one or more switches. The switch acts as a central point through which all communications are passed.
Advantages:
- Still works if a node fails
- Damaged cable doesn’t stop the network from working
- Data traffic only sent to intended recipient, secure
- Easy to add extra nodes
Disadvantages:
- If central node fails, network stops working
- Network capacity depends on central node’s capacity
- Many cables, expensive and difficult to set up
Mesh topology
In a mesh topology, there is no central connection point. Instead, each node is connected to at least one other node.
Advantages:
- Very fault tolerant, if a connection fails, message is re-routed
- Nodes can be added/removed without having take network offline
- Very scalable
- Very high performance, each node is connected to many other nodes
Disadvantages:
- Many cables, difficult and expensive to set up
Router
Manages communication on the network. Can have a built-in wireless access point (WAP).
TCP
Transmission Control Protocol
Responsible for delivering data to a given address (packet switching)
Transport layer
Modem
Modulator/Demodulator
HTTP
Hyper Text Transfer Protocol
Application layer
SMTP
Simple Mail Transfer Protocol
Application layer
IP
Internet protocol
Responsible for obtaining the address to which data is sent.
Internet layer
TCP/IP
Layered protocol stack (Application layer, Transport layer, Internet layer, Link layer)
Collection of protocols
It sets how data should be formatted and transmitted across networks
Web server
Holds and shares web pages
File server
Holds and maintains user files
Mail server
Handles emails between users
Methods to protect networks
Access control: Ensures that only authorised users can access the network and its resources
Authentication (User management) : Ensures that users can only access data relevant to them
File permissions: Prevents misuse: deleting/copying data, installing software
Physical security: Prevents damage to hardware
Firewall: Acts as a barrier between an organisation’s internal network and the internet. Inspects incoming and outgoing data traffic and decides what data to allow through
Importance of network security
Business success: data on the network is vital for running an organisation, it might fail if comprimised
Privacy: data on the network might be sensitive
Financial: the data might be financially valuable
Vulnerabilities of the cloud
Cloud data centres attract many attacks due to the vast amount of information stored, sensitive data is best stored locally.
Ethical hacking
Looks for weaknesses in software and systems by trying to penetrate into them so that they can be addressed.
Penetration testing
Used to test a computer system or network in order to find vulnerabilities
Social engineering
Exploiting human behavior. The attacker will ‘engineer’ a situation where the target individuals give away confidential information
Unpatched software
Someone can exploit a vulnerability in an unpatched (unfixed) software that still has that vulnerability
Anti-malware software
Prevents infection by malware by searching for it and destroying it
Encryption
Scambles data for anyone who doesn’t have the key to unscramble it.
Asymmetric encryption
Uses two different keys
Every user has two keys (public and private)
A message encrypted with a public key can only be decrypted with its private key
Symmetric encryption
Uses one key
Encrypts and decrypts data using the same key
Both ends of the transmission must know the exact shared key
Link layer
Ethernet
Wi-Fi
Internet layer
IP
Transport layer
TCP
Application layer
FTP
HTTP
HTTPS
SMTP
POP
IMAP
POP
Post Office Protocol
Used by a client to retrieve emails from a mail server, message deleted on download, it will be stored on the device it was read/downloaded from
IMAP
Internet Message Access Protocol
Similar to POP but messages can be read and stored on the message server. The message left on the server on read. Hence accesible from any device
Package switching verification
Checksum for package computed before leaving the computer
Checksum added to the header
At recipient, checksum is re-computed
If don’t match, re-send request is sent back
What do computer networks enable? Give at least 2 examples of possible uses. HINT: ANSWER GIVES 5.
Computer networks allow computers and devices to share data. This includes:
1. computer-to-computer communication
2. mobile phone networks
3. computers communicating with devices such as printers, mice and keyboards
4. smart televisions
5. tablets and media players downloading videos and music and playing them through external devices such as speakers and digital projectors.
What does LAN stand for?
Local Area Network
When are LANs used?
Computers in a site such as an office building use an LAN to connect with each other.
What is a LAN?
An LAN is a computer network for data transmission within a small geographical area such as a home, office or school or a group of buildings on a site.
What does WAN stand for?
Wide Area Network
When are WANs used?
WANs are used for connecting LANs over a large geographical area.
What is a WAN?
A WAN is a network that connects separate LANs over a large geographical area. This ensures that computers in one location can communicate with computers and users in other locations.
True or false: The internet is a huge WAN.
True.
What are the two network types?
Client-server networks and peer-to-peer networks
When are peer-to-peer networks used?
Peer-to-peer networks are used to connect a small number of devices, for example in a home or office where there are just a few users.
Give two advantages of peer-to-peer networks:
easier to set up and maintain
cheaper
Give two disadvantages of client-server networks:
more expensive to set up and maintain as a more powerful computer is required to act as the server and network software is required
specialist knowledge is needed to administer the network
In client-server networks, what are the servers?
The computers that control access to the network
In client-server networks, what are the clients?
The computers on which the users work - computers that act as a desktop for the users and which relies on a server for its operations.
Explain how a client-server network works.
In a client-server network there are two types of computers: the computers that control access to the network (servers) and the computers on which the users work (clients).
From the client machines, the users log into the network servers in order to be able to access programs and peripherals to save data on the servers.
The server is therefore responsible for the security of the network, expecting users to log in with a username and password. As all files are stored on the server the data can be backed up centrally.
True or false: In a peer-to-peer network, all computers are equal.
True. The computers are simply connected together without any one computer having superiority over the others.
Explain how a peer-to-peer network works.
In a peer-to-peer network, the computers are simply connected together without any one computer having superiority over the others. All of the computers on a peer-to-peer network are equal.
Through sharing rights granted by the users any computer can share thee programs of another, save data onto their hard disk and use printed connected to them.
Each computer acts as both a client and a server and can communicate directly with all of the others.
Security is distributed and the users of each computer have to be able to grant access rights to its resources and allot passwords.
As data is stored on all f
Explain how a peer-to-peer network works.
In a peer-to-peer network, the computers are simply connected together without any one computer having superiority over the others. All of the computers on a peer-to-peer network are equal.
Through sharing rights granted by the users any computer can share thee programs of another, save data onto their hard disk and use printed connected to them.
Each computer acts as both a client and a server and can communicate directly with all of the others.
Security is distributed and the users of each computer have to be able to grant access rights to its resources and allot passwords.
As data is stored on all of the computers and is not held centrally, all the users are responsible for backing up procedures.
What does a computer need to connect to a network?
A computer needs some hardware and also some software that allows it to communicate with the other computers.
What are the most commonly used cables to connect devices?
Twisted pair cables
What are twisted pair cables?
Cables in which pairs of copper wires are twisted together and carry electrical signals.
What are optical fibre cables made of?
Glass
What are microwaves in computer science?
Electromagnetic waves that can be used to carry data between computers.
What are protocols?
Agreed rules for requesting and sending data across networks.
What is the motherboard?
The main printed circuit board of the computer; it has connectors that other circuit boards can be slotted into.
What are optical fibre cables?
Cables which are made of glass and transmit information encoded in beams of light. They are much faster than twisted pair cables at transmitting data.
What does NIC stand for?
Network Interface Card
What is the NIC (Network Interface Card) also known as?
Network adapter
What does the NIC/Network adapter do?
It is a component that connects a computer to a network. It formats the data sent from the computer into a required format according to the protocols (rules) of the network.
Where is the NIC built into?
The motherboard
True or false: NICs support both wireless and wired connections.
True
What does MAC stand for?
Media Access Control
Every NIC is created with a hardware number permanently burned into it. What is this called?
The MAC (Media Access Control) address.
What is the purpose of a MAC address?
Every MAC address is unique so that all data on a network can be sent to the correct component . MAC addresses are 48 bits in length, usually displayed as a 12-digit hexadecimal number.
What do network switches allow?
Network switches allow individual devices to connect to a network using cables.
How do network switches work? HINT: 5 POINTS
all of the computers on a network plug into a port on the switch using a cable.
switches read the messages passing through them.
they can read the destination addresses and send them to only the intended computers.
they can do this because they build up a table of MAC addresses on the network to cut down on unnecessary network traffic.
switches can send and receive information at the same time.
What is network traffic?
The overall network usage caused by all of the data that is being transmitted at a given time.
What do computers need an NIC or network adapter for?
To connect to a network.
What are switches used for?
To allow messages to be transmitted between computers in a single network.
What are routers used for?
To transmit messages between computers on different networks.
Give two ways to carry data across a network:
cables
radio waves
Why are routers similar to switches?
Routers and switches both read the address information and forward the messages to the correct network. A switch does this within a single network, but a router does this across several networks.
What are routers commonly used for in the home?
Routers are commonly used in the home to allow many computers to access one internet connection. The router links the home network to the Internet. The router will transmit the incoming web pages, streamed audio, etc. to the correct computer on the network.
What does WAP stand for?
Wireless Access Point
What do wireless access points allow?
Wireless access points allow wireless devices to connect to a wired network.
How do wireless access points work?
Wireless access points convert data they receive through cables into a wireless signal (and vice versa) to allow wireless devices to connect to a wired network.
True or False: Wireless access points can direct messages to particular devices
False. Unlike switches, they CANNOT direct messages to particular devices.
What is a web server?
A computer that can serve world wide web pages to other computers that request them.
What is the Ethernet?
A set of technical standards for connecting computers.
What is frequency?
The number of waves per second.
What is Wi-Fi?
A set of technical standards or protocols for short-range connection of digital devices using radio waves.
What is bluetooth?
A set of technical standards or protocols for short-range connection of digital devices using radio waves.
What is bandwidth?
Bandwidth is the amount of data that can pass through a transmission medium per second.
What is bandwidth measured in?
Bits per second (bps) or megabits per second (Mbps) - bandwidth is a measure of how many bits can get through a particular point in a second.
How does a copper wire carry data?
Copper wires carry the data as electric currents.
How does a fibre optic cable carry data?
Fibre optic cables transmit data as pulses of light generated by a LED or laser.
What does LED stand for?
Light Emitting Diode
Name 3 advantages of fibre optic cables over copper wire cables:
Far greater bandwidth
Can carry signals much faster
Can travel over greater distances without needing to be boosted
True or False: Radio waves are a type of microwave.
True.
What do microwaves consist of?
Electromagnetic radiation travelling in waves with a frequency higher than 1 GHz.
Radio waves can transmit data across networks in what range of frequencies?
Radio waves are used to transmit data across networks in frequencies of between 2.4 and 5 GHz.
What is The Internet?
The Internet is a global system of interconnected computer networks which serves billions of users worldwide - this makes it a wide area network.
Name 2 services The Internet provides:
Email
World Wide Web (www)
Who first proposed the World Wide Web?
British scientist, Tim Berners-Lee
When was the World Wide Web proposed by Tim Berners-Lee?
1989
When was the first website launched?
Time Berners-Lee launched the first website in 1990.
What is a host?
A host is a computer which can be accessed by users working at remote locations using networks, including the internet.
What do web hosting companies do?
Web hosting companies rent space on their servers where people can develop their own websites that can be accessed by users all over the world using the World Wide Web.
How many host computer systems were there in 1969?
4 - today there are 10s of millions.
When was The Internet Society established?
1992
Why was The Internet Society established?
It was established to oversee the policies and protocols that define how we use and interact with the Internet.
How does a DNS work?
A DNS (Domain Name Server) is used to translate the URL to an IP Address. It does this by sending the domain name to the DNS, then, the DNS finds the corresponding IP Address of the domain name sent. This IP address is sent back to the browser. Finally, the browser uses the IP address to access the web page.
What is HTTP?
HTTP is a set of rules that is used to send data across the internet.
What is HTTPS?
This is a protocol that ensures a secure connection is made between the devices before engaging in the transfer of data. The data packets are encrypted before they are sent across the internet and decrypted once they reach their destination. HTTPS uses SSL and TLS
How does SSL encryption work?
The web server sends a copy of its SSL certificate to the web browser
The web browser confirms the legitimacy of the certificate
If legit, the web browser sends a signal back to let the web server know
Connection begins
What are some important data security measures?
1) never save passwords for quick access
2) never give out credientials
3) use a strong password
4) frequently change password
What are the four different folder access levels?
1) Read
2) Write
3) Execute
4) None
What can a user do when he has the “read” folder access level?
Can access files or directories, user can only read and not make any changes
What can a user do when he has the “write” folder access level?
Ability to also modify the file
What can a user do when he has the “execute” folder access level?
Ability to execute a file. (executable programs need this permission to allow the OS to run them)
What can a user do when he has the “none” folder access level?
Total access for all users
What do humans access information through?
Domain names
What do all web browsers interact through?
Internet Protocol addresses (IP)
What does the domain name system do?
Translates domain names to IP addresses so browers can load internet resources
What does each device that is connected to the internet have?
A unique IP address
The URL/website is input by the user, and the website is outputted as an _____ address
IP(v4)
What are network speeds measured in?
mbps
How many ways are there to set up a LAN?
three! (bus, star and ring)
What stops signals from reflecting back down the bus?
A terminator at the end of a cable
What is specific about a ring network?
Each device is connected in a ring
so each is connected to two other devices
How does a ring network work?
Each data packet on the network travels in one direction. Each device receives each packet in turn until the destination receives it.
What is specific about a star network?
Each device on the network has its own cable which directly connects to a swtich or hub.
Which method is the most popular for setting up your LAN?
Star network
What do computers need to make a wireless connection?
a wireless NIC
What does a wireless router do?
A wireless router is connected to a physical network (ethernet) and uses radio signals
What does a wireless adapter (in a wireless router) do?
Converts data into a radio signal and also decodes it so that the computer can understand it
What does Firewall do?
It examines the traffic coming in and out of the network
And ensures the traffic meets a certain criteria
If traffic does not meet the criteria, it will block the traffic and warns the user of a possible security issue
Firewall also can add undesirable IP addresses onto a blacklist so it cannot be accessed
What does Proxy server do?
A proxy acts as an intermediary between the user’s computer and a web server so it prevents direct access to the webserver. It filters traffic and will block requests to certain websites if needed. It can prevent hacking and DDOS of the web server.
What is HTML?
Hypertext Markup Language, a standardized system for tagging text files to achieve font, colour, graphic, and hyperlink effects on World Wide Web pages.
How old is HTML?
It was first developed by Tim Berners-Lee in 1990
What does an .html file need to contain, in order to be valid?
It needs to contain and
Name 5 different html elements:
Image, heading, table, link
What does <a> do?</a>
Anchor - used in to make a hyperlink
What attribute does <a> need to have?</a>
<a> needs to have a link associated with it</a>
What elements can a contain?
It allows authors to arrange data – text, preformatted text, images, links, forms, form fields, other tables, etc. – into rows and columns of cells.
How do you tell an image how wide and high it should be?
Using width=’’ ” and height=’’ ”
How can you give an element a class?
Eg. img src=”example.png” width=”400” height=”400” class=”onetwothree”
What is CSS?
Cascading Style Sheets is a style sheet language used for describing the presentation of a document written in a markup language like HTML.
How do you include a .css file inside your .html file?
In the same folder as the .html file, put the style.css file, and in the .html file, say:
How can you tell an element to have a color for it’s background?
In style.css,
.example{
background-color: rgb(200,300,200);
}
How do you select an element based on it’s class?
Put “.” + “name of class”
What would the css selectors for all images look like?
.img{
//something
}
What would the css selectors for anchors with a class of “special” look like?
.special{
//something
}
What would the css selectors for all anchors inside paragraphs that have a class of ‘special’ look like?
p::special{
//something
}
What would the css selectors for all button with a class of ‘special’, while you’re hovering over them look like?
b::special::hover{
//something
}
How would you center an element vertically and horizontally?
Use margin:auto