Chapter 5 - The Internet And Its Uses Flashcards
Internet
World-wide interconnection of networks. Makes use of transmission control protocols and internet protocols. Stems from INTERconnected NETwork and is more of a concept that relies on physical infrastructure that allows individual devices and networks to connect to others.
WWW
World Wide Web
Massive collection of webpages based on hypertext transfer protocols (HTTP/HTTPS). A part of the internet that can be accessed by users through web browser software and used to access information using the internet.
Differences between the internet (4) and WWW (5)
INTERNET:
allows for emails to be sent and recieved
Online messaging (text/audio/video)
Makes use of TCP and IP
World wide collection of interconnected networks and devices
WWW:
Web sources accessed by web browsers
Collection of multimedia and other information on websites
https is written using HTML (hypertext markup language)
URLs are used to specify the location of web pages
Uses the internet to access information from websources
Web browser
Software that connects to the Domain Name Server to locate IP addresses. Interperets HTML pages sent to a users computer so that they can read documents and access multi-media. Allows user to access and display web servers on their screen. Show the translations of HTML
URL
Uniform Resource Locators
Text based addresses for websites/used to access websites
Format of URL
Protocol://website address/path/file name
(Https://websitename.za/ict)
What is the parts of a website address in a URL (4)
Domain host (www)
Domain name(website name)
Domain type(.org.net etc)
Country code(.uk.za)
Http
Hyper text transfer protocol
Written with HTML
Set of rules that must be obeyed when transferring files across the internet
Https
Hypertext Tranfer protocol secure
Some form of security (SSL/TSL) is being used. Extra security applied meaning a more secure way of sending and receiving data over a network
Features of web browsers (10)
Make use of java script
Allow the user to navigate forwards and backwards through previously opened pages
Hyperlinks
Home page
Address bar
Multiple tabs can be open at once
Data stored as cache
Bookmarks (store favourites)
User history
Cookies
Hyperlink
Highlighted text or image activated by clicking that links to further text, photos or other webpages/websites
Very brief description of websites (2)
Written in HTML
Hosted on a web server with its own IP address
What do the DNS and URLs eliminate
The need for users to memorise IP addresses
DNS
Domain Name server
Finds IP addresses for domain names given in URL from its large data base in which the URLs have matching IP addresses
How is DNS used to locate and retrieve a webpage (5)
- The user opens their browser and types in a URL code, and the browser requests the DNS find the IP address of the website.
- DNS server 1 checks its data base and its cache, if it can’t find the URL it sends a request to DNS server 2
- DNS server 2 finds the file and can map it. So the IP address is sent back to DNS server 1 which puts the IP address and associated URL into its data base and cache
- IP address is sent to users computer
- The computer sets up communication with the website server and the required pages are downloaded. HTML files are sent from the website and are interpreted by the browser which displays the content on the users screen
Cookies
Small files of text/code sent by a web server to a browser and stored on the users computer. Small lookup tablets containing (key,data) pairs that are used to track data such as IP addresses and browsing activity to maintain user preferences based on their previous activity. Can also be used to customise the webpage for the user
Cookie without an expiry date associated with it
Session cookie
Types of cookies
Session cookies
Persistent/permanent cookie
User preferences
Setting/options stored in cookies that can remember customised webpages/indicate browsing history to target adverts
Session cookie
Cookie that is temporarily stored on users computer and is deleted when the browser is closed or the session ends. Used for online shopping to store things in the users virtual shopping basket. Stored in temporary memory and dont collect any information from users computer nor personally identifies users.
Virtual shopping basket
Area of memory on a website that temporarily stores item a user wishes to purchase until a payment is made or the session expires.
Advantage of persistent/permanent cookies
Remove the need for users to type in login details every time a certain website is visited
Why do persistant cookies remember a users login details
So that they can authenticate a users browser
Persistant/permanent cookies
Cookies stored an users hard drive that are only deleted when the expiry date is reached or the user deletes it (or deactivated after 6 months due to countries laws). Effective way of carring data between website sessions and eliminating the need for large amounts of data to be stored on the server itself as well as the typing in of login details each time the website is visited. May only store personal information and user preferences if given consent by the user and legitamate websites will encrypt the personal information stored in a cookie.
Uses of persistant cookies (10)
Target users with adverts based on their previous activities
Save items in virtual shopping basket
Save things such as passwords and emails so that the user doesnt have to re enter them whenever they use a certain website
Serve as a memory allowing websites to recognise users
Track internet habits and histories for favourites/bookmarks
Stores user preferences
Online financial transactions
Stores Progress in games/quizzes
Automatically allows different languages on the webpages when the user logs on
Social networking sites can recognise certain preferences + browsing historiy
What happens the first time a user logs onto a website
Users browser requests webpage from website
Web server replies and sends cookies to the users browser
Persistent cookies are stored on the users hard drive, session cookies stored in temporary memory
When the web browser/session is closed, persistent cookies remains stored and session cookies are deleted from memory
What happens when a user logs into a website again
User logs in
Web server checks and identifies cookies stored on the users computer
User preferences, history and other details are recognised.
Types of currency
Digital
Conventional Fiat-latin word meaning let it be done. Backed by government and banks instead of gold+silver reserves
Digital currency
Currency that exists only in electronic form, no physical form, It essentially data on a data base.
Has made it possible for online banking. Relies on a central banking system.
Problem and solution to centralisation
Problems maintaining confidentiality and security
Cryptocurrency (introduces decentrilisation)
Features of crypto currency (4)
Uses cryptography to track transactions
Not regulated by government or banks, all rules are set by the cryptocurrency community
Transactions are publically availible thus allowing them to be tracked and for the money in the system to be monitored
Works by being within a blockchain network meaning it is much more secure
Blockchains/blockchaining
Blockchaimn is a decentralised database where all transactions of networked members are stored. It consists of a number of interconnected computers that are not connected to a central server. All the transaction data is stored on all the computers meaning it cannot be altered without the consent from all the network members and each networked computer gets a copy of the transaction. It results in reduced security issues such as hacking
Uses of blockchaining (5)
Politics
eductation
Cryptocurrency transactions
Smart contracts
Pharmaceutical research
What does a blockchain block consist of
Data
Hash value (includes a time stamp)
Previous hash value
What is the first block in a blockchain called
Genesis block
Time stamp
Digital record of the time and date a block was created in a blockchain, proving that the event actually took place
Why it is so hard to hack/tamper blockchain
It would be neccessary to attack every single block at once. When a new block is created it is sent to every computer in the network to check for correctness.
Proof-of-work makes sure it takes 10 minutes for the proof of work to be checked on each block befotre it can be added to the chain. This process is monitored by miners who get a commision for each new block created.
How blockchain works
When a transaction takes place a new block with a hash value is created
When a chain of blocks is created and one is altered, the hash value of the block is changed and invalidates the rest of the chain (breaks it)
Cyber security threats (8)
Brute force attacks
Phishing
Pharming
DDoS attacks
Malware
Social engineering
Data interception
Hacking
Brute force attack
Hacker systematically trying all the combinations of letters, symbols and numbers until your password is found
Word list
List of millions of words that could be used in a brute force attack
Data interception
Form of stealing data by tapping into a wired/wireless connection communication link to comprimise privacy and obtain confidential data
Packet sniffer
Form of data interception that examines data over a wired network and sends it back to the hacker
Wardiving (def+alternative name)
Access point mapping
Form of data interception using a laptop or smart phone, GPS, antenna and other software outside a building or someones house to intercept wifi signals to illegally obtain data. The intercepted wifi signal reveals personal information to the hacker without the user knowing its happening
Ways to prevent data interception (3)
Dont use wireless connectivity in public - there is no encryption
Protect the use if wireless connectivity with complex passwords
WEP- Wired Equivalency Privacy encryption protocol and a firewall to protect and encrypt your data
DDoS
Distributed denial of services
Prevents users from accessing their emails, certain websites and online services by flooding the network with spam traffic from multiple computers to make it hard to block. This over floods the server so that it cannot service the users legitimate request thus denying them service.
How to protect against DDos (3)
Use up-to-date malware checker
Set up a firewall to restrict traffict to and from web servers/computer
Apply email filters
How to identify that you were a victim of a DDoS attack (3)
Slow network processing
Cant access certain websites
Large amount of spam emails
Hacking
Malicious hacking is the act of gaining illegal access to a computer system without the owners permission
Leads to identity theft etc. And can be prevented through complex passwords, firewalls, anit hacking and intrusion detecting software.
Ethical hacking also exhists where companies authorise paid hackers to check their websites security
Phishing
The sending out of legitimate looking emails that try to trick users into giving up personal data
How to prevent against phishing attacks (7)
Check for green padlock
Dont click on strange links
Be aware of phishing scams
Run anti-phishing toolbars on browsers
Be aware of popups, click the “x”, not “cancel”
Run an up to date browser with a combination of desktop firewall (software) and network firewall(hardware)
Regularly check your online accounts and maintain your passwords
Spear phishing
Targeted phishing of specific individuals or organisations
Difference between phishing and pharming
Phishing requires the user to take an action for it to be initiated.
Pharming
Malicious code installed on a users computer or an infected website. Redirects user to a fake website without their knowledge where they give away personal data
Threats of pharming to data security
DNS cache poisoning - the changing of a websites real IP address to the fake one, meaning the users URL will redirect them to the fake website. This makes it much harder to mitigate risks.
How to prevent phishing (4)
Check for https or green padlock in address bar
Use a modern browser-they alert
Anti-virus software
Check spelling of web addresses
Viruses
Type of malware
Programs installed on a users computer that replicate and spread with the intent of deleting or corrupting files by causing the computer system to malfunction
Malware
Programs installed on a users computer with the aim to delete, corrupt or manipulate data illegally.
Examples of malware (6)
Viruses
Worms
Trojan horse
Spyware
Adware
Ransom ware
Where viruses are found and how to prevent them
On email attachments, infected software or websites.
Dont download unoriginal software, click on unknown links and run up-to-date virus checkers.
Difference between worms and viruses
Viruses require active hosts and for each end user to initiate the virus, worms dont
Worms
Type of stand-alone viruses that self replicate and dont require an active host. Remain inside applications allowing them to travel through networks. Rely on security failures within networks to spread and if one person open the infected message the whole network is infected.
How to prevent worms (1)
Run up-to-date anti-virus programs.
Trojan horse
Malicious code disguised as legitimate software that requires requires user interaction to activate and cause harm to the computer system. Come from emails attachments or downloaded from infected websites.
How to prevent trojan horse
Very hard as it involves user tricking, so even firewalls and anti virus software can be useless
Spyware
Malware that gathers information by monitoring users activities carried out on their computer and sends it back to the cybercriminal that sent it. Can be prevented with anti-spyware software
Adware
Type of malware that attempts to flood the user with unwanted adverts. It can highlight the users security defense weaknesses, hijack the browser and create its own default search requests and is very hard to remove.
Ransomware
Programs installed via trojan horse or social engineering that encrypt the users data until a ransom is paid.
Social engineering
The manipulating of people into breaking normal security procedures in order to gain illegal acces to computers/place malicious software on the computers. Its based on the expoitation of fear, curiosity, trust and empathy
Common types of social engineering (5)
Instant messaging
Baiting - leaving a malware infected stick somewhere that a poor curious soul plugs into their computer
Phising/emails
Phonecalls
Scareware - done using a pop up message claiming a computer is infected
Stages in social engineering scam (4)
- Identifying and research of victiom done, method of attack decided
- Victim is targeted
- Attack is excecuted and cybercrimminal obtains the information or causes the interuption
- Cybercrimminal removes all traces of malware to cover their tracks
Access levels in social media
- Public access
- Friends
- Custom
- Data owner
Privacy settings are used to determine these
Types of anti-malware (2)
Anti-virus -
Anti-malware - detects + removes spyware programs installed on a system, based on rules or known file structures
Methods of anti malware (2)
Rules: software looks for typical features associated with spyware
File structures: certain file structures are associated with spyware which allows the software to identify them
General features of anti-spyware (7)
Detect and remove already istalled spyware
Block access to users camera and microphone
Scans for signs of stolen personal information and warns the user
Prevent user from downloading spyware
Encrypt files to secure data even if spied on
Encrypt keystrokes to prevent key logging
OSK
On Screen Keyboard
Authentication
Process of proving users identity by using something they know, have or is unique to them
How can authentication be done (3)
Passwords and user names
Biometrics - retina,fingerprints,face recognition,voice recognition
Two step verification
When are passwords used (3)
When accessing email accounts
Social networking sites
Banking/shopping
How to protect passwords (3)
Use strong passwords that arent easy to crack
Regularly change passwords
Run anti spyware to ensure your passwords arent being relayed back to someone spying on your computer
Advantages of fingerprints (5)
Most developed
Cant be misplaced or stolen
Unique
Easy to use
Relatively small storage requirements for biometric data created
Disadvantages of fingerprints(2)
Intrusive - used for criminal identification
Doesnt work is skin is dirtu or damaged
Advantages of retina scans (2)
Very high accuracy, 1 in 10 million
No known way of replicating the little blood vessels at the back of your eye
Disadvantages of retina scans (3)
Very intrusive - sit still for 15 seconds with an infra-red light in your eye
Expensive to install and set up
Slow to verify with stored data
Advantages and disadvantages of face recognition (2,1)
Non intrusive
Relatively inexpensive technology
Can be affected by changes in hair, age, clothes, lighting and wearing glasses
Advantages and disadvantages of voice recognition (6)
Non intrusive
Verification takes less than 5 seconds
Relatively inexpensive technology
Voice can easily be recorded
Low accuracy
Illness can change your voice
Most common security systems used on mobile phones
Capacitance fingerprint reader
Two step verification
Process of authentication requiring 2 steps of verification to prove the users identity
1. Username and password
2. One Time Pin
Automatic software updates
Way of keeping data safe from security threats as it means software will stay up to date. Vital since it contains patches which improve security and software performance. Only downside is they may disrupt your device following intsallation meaning you’ll have to wait for new patches or reverse the clock time on your device.
How to keep your data safe from security threats (8)
Check URL and communication tones and spelling
Anti malware
Anti spyware
Authentication
Automatic software updates
Firewalls
Proxy servers
Privacy settings
Secure Socket Layers (SSL/TSL)
What to check URL or communication for (security threats)
Tone and spelling
Spelling, .com. Https
Suspicious links
@gmail.com
Typo squatting - close but different to fool you
Firewall
Type of hardware or software that stands between the user and external networks. It filters and monitors incoming and outgoing traffic.
Main uses of firewalls (7)
Examine traffic between user and public network
Alert user if their software is trying to access external data source and give them an option to allow it (updates)
Checks whether incoming and outgoing data meet set criteria
Alert the user and block it if it doesnt
Allow criteria to be changed to stop access to certain websites/deny IP addresses
Help prevent hackers/viruses infecting the computer/internal network
Logs traffic for later interrogation
What can’t firewalls do (3)
Stop users on standalone networks from disabling their firewall
Stop employee misconduct or carelessness
Stop people on internalk network from using their own software to try and disable the firewall
Privacy settings
Availible controls on webbrowsers, social networking etc. that limit who can access and see a users personal profile.
What privacy settings refer to (6)
Dont track
Ad opt outs
Saved payment methods
App settings (location)
Safer browsing - alert for potentially dangerous website
Web browser privacy options (cookies, browsing history)
Proxy servers
Server that acts as an intermediary server between the user and the web server through which internet requests are processed and makes use of cache memory to speed up web page access
SSL
Secure Socket Layer
We use TLS now
Security protocol used to securely send data over a network
What happens when a user wants to access a secure website and recieve and send data to it (5)
- Users browser sends a message to connect with the website which is secured by SSL
- The browser then requests that the web server identifies itself
- The web server responds by sending a copy of its SSL certificate
- If the browser can authenticate this certificate it sends a message to allow 2 way communication to begin
- The web server acknowledges the browser and the SSL secured 2 - way data transfer begins
SSL certificate
Form of digital certificate which is used to authenticate a website
Where would SSL be used
Online Banking
Online shopping
Sending + receiving emails
Using cloud storage facilities
VoIP voice over internet protocols
Etc pg 210
