WWW

The World Wide Web (www) is a huge collection of documents called web
pages written in HTML ( Hyper Text Mark-up Language ). These pages are
linked to each other by hyperlink. When a hyperlink takes you to a picture or
video , it is known as hypermedia.

Network of Service which

Computers runs on the
network(internet)
World Wide Web or WWW or Web as defined in Wikipedia
It is a system of interlinked hypertext documents
accessed via the Internet

Who
proposed
it ? Tim

Tim Berners-Lee
Lets look in to the history…

• World’s first web server was

1990 developed

This is the NeXT

computer
Used by Berners-
Lee as web server
Web 1.0
Most of the pages were static
There wer only images(mostly animateGIFs..) and hyperlinks
Readers or Users were unable contribute to the site

ScreenShot of
msn.com from
the year
1995
Web 2.0
Web 3.0
Tim Berners-Lee described semantic web as the most important
component of web 3.0
Hence the web is required to be more meaningful
Eric Shmidt described Web 3.0 as the web should be able to run any
device and every thing will be on the cloud.
 Difference between Web1.0 , Web 2.0 and Web 3.0

Web 1.0

•It is the “readable” phrase of the World Wide Web with flat data.
• In Web 1.0, there is only limited interaction between sites and web users.
•Web 1.0 is simply an information portal where users passively receive information
without being given the opportunity to post reviews, comments, and feedback.
Web 2.0

•It is the “writable” phrase of the World Wide Web with interactive data. 
•Unlike Web 1.0, Web 2.0 facilitates interaction between web users and sites, so it
allows users to interact more freely with each other.
•Web 2.0 encourages participation, collaboration, and information sharing.
•Examples of Web 2.0 applications are Youtube, Wiki, Flickr, Facebook, and so on.
• Web 3.0
It is the “executable” phrase of Word Wide Web with dynamic applications,
interactive services, and “machine-to-machine” interaction. 

Web 3.0 is a semantic web which refers to the future.

In Web 3.0, computers can interpret information like humans and intelligently
generate and distribute useful content tailored to the needs of users.

One example of Web 3.0 is Tivo, a digital video recorder. Its recording program can
search the web and read what it finds to you based on your preferences.
How HTML5 helps to make a semantic
web
Make it more meaning full…

There are lot of other elements like <article>,<section>,<summary>… helps a webpage

to be more meaningful.
 Webpage, Website, Webserver and Search Engine

Webpage:
a document displayable in a web browser
Website:
a collection of webpages
web server:
a computer that hosts a website
search engine:
a website that helps you find webpages
 URL, uniform resource locator

http://som.csudh.edu/fac/lpress/shortbio.htm

request

page Server
Client
 Four parts of the URL

http://som.csudh.edu/fac/lpress/shortbio.htm
http://som.csudh.edu/fac/lpress/shortbio.htm
http://som.csudh.edu/fac/lpress/shortbio.htm
http://som.csudh.edu/fac/lpress/shortbio.htm
 http://

http://som.csudh.edu/fac/lpress/shortbio.htm
 The domain name

http://som.csudh.edu/fac/lpress/shortbio.htm
 The directory

http://som.csudh.edu/fac/lpress/shortbio.htm

root

staff fac admin

* lpress jsmith ... jdoe

 The file name

http://som.csudh.edu/fac/lpress/shortbio.htm

root

staff fac admin

lpress jsmith ... jdoe

shortbio.htm
 URLs may be shortened

http://www.csudh.edu/studentaffairs/financialaid/faq.
shtml#apply_for_scholarships

http://bit.ly/djeREW

(I shortened the URL using the service at http://bit.ly. There

are others that do the same thing.)
Know the source of a shortened URL

http://bit.ly/
https://goo.gl/
 You can delete the http://

som.csudh.edu/fac/lpress/shortbio.htm
What happens if you delete the file name?

http://bpastudio.csudh.edu/fac/lpress/

The Web server will look for a file with a default name, which
is specified by the server administrator.

Traditional default names are index.htm, Index.html,

default.htm, and default.html.
 URL summary

http://som.csudh.edu/fac/lpress/shortbio.htm

This request is for a Web (http) server

The server program is running on a computer with the
domain name som.csudh.edu
Look in a subdirectory called fac/lpress
If there is a file called shortbio.htm, send it back to the
client to be displayed; if not, send an error message back to
the client

Domain name = the unique name of a computer on the Internet

 Web Server
• Every Web site sits on a computer known as a Web server.
• This server is always connected to the internet. Every Web server that is
connected to the Internet is given a unique address made up of a series of four
numbers between 0 and 255 separated by periods.
• for example, 68.178.157.132 or 68.122.35.127.

• When you register a Web address, also known as a domain name, you have to
specify the IP address of the Web server that will host the site.
There are three leading web servers:
•Apache,
•IIS,
•lighttpd
 Apache HTTP Server

• This is the most popular web server in the world developed by the Apache
Software Foundation.
• Apache web server is an open source software and can be installed on almost all
operating systems including Linux, Unix, Windows, FreeBSD, Mac OS X and more.
About 60% of the web server machines run the Apache Web Server.

• You can have Apache with tomcat module to have JSP and J2EE related support.
 Internet Information Services

• The Internet Information Server (IIS) is a high performance Web Server from
Microsoft.
• This web server runs on Windows NT/2000 and 2003 platforms ( and may be on
upcoming new Windows version also).
• IIS comes bundled with Windows NT/2000 and 2003; Because IIS is tightly
integrated with the operating system so it is relatively easy to administer it.
 lighttpd

The lighttpd, pronounced lighty is also a free web server that is

distributed with the FreeBSD operating system.

This open source web server is fast, secure and consumes much
less CPU power.

Lighttpd can also run on Windows, Mac OS X, Linux and Solaris

operating systems.
Security Issues in Web
 Security vs access
• It is always a trade-off (a balance between
two competing forces)
 More security means less access
 More access means less security
 Nothing is perfect!
 Issues in Web
• False or Malicious Website
– Stealing visitors ID and Password
– Stealing visitors credit card information
• Theft of customer data from selling agents
and ISP
• Privacy and the use of cookies
SQL Injection
•SQL injection is a type of attack often used
against data driven applications.
•It is a technique that exploits an applications
security weaknesses.
•Used to steal databases full of credit card
information, passwords, or personal details.
 Denial of service
• Prevent network from working normally
• Used to make a machine or network resource
inaccessible to users.
• Flood a server with ‘invalid’ inputs
• Use a network of compromised machines to generate
an overwhelming number of requests (Conficker?)
• Such zombie machines can form a botnet, which then
attack a particular server
Botnets is a network of private computers infected with malicious software
and controlled as a group without the owners' knowledge, e.g. to send
spam.
Social Engineering
•Social engineering is the art of manipulating
people into revealing personal and confidential
information.
•Requires very little technical skill.
•Relies heavily on human interaction to get
results.
 Malware’s
•Malicious Software.
•Used by an attacker to steal data, disrupt
operations or access a private network.
•Used to describe many different types of
software including viruses, worms, Trojans,
keyloggers, spyware and others.
Computer Virus
•Any computer program that can replicate itself
and spread from one computer to another
without input from its creator.
•Needs to attach itself to an existing program in
order for it to work.
•They are used to deliver many different
payloads.
Computer Worm
•A program similar to a virus; it can replicate
itself and spread from one computer to another.
•Unlike a virus a worm does not need to be
attached to an existing program in order to
function.
•Always cause harm to the network, even if it is
just increased bandwidth consumption, whereas
a virus will always corrupt and/or modify files on
a computer.
Trojan Horse
•A program that pretends to do one thing, but in
reality does something else.
•Used to record keystrokes input by a user
•Can be used to steal usernames, passwords,
credit card information, personal details and so
on.
•Usually employ a form of social engineering.
•A Trojan horse is a program that either pretends to have, or is described as
having, a set of useful or desirable features but actually contains damaging code.
Spyware

Spyware is software that aims to gather

information about a person or organization
without their knowledge, that may send such
information to another entity without the
consumer's consent, or that asserts control over
a device without the consumer's knowledge.
 Tricking the user
• Users are often the weakest link in security
• Email attachments containing trojan horses
• ‘Phishing’ - the fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal information, such as

passwords and credit card numbers .

• Malicious web pages
• Malicious documents (macros in spreadsheets)
• Account stealing (via key logging)
• Scams (‘I have $10 million to import’, ‘You have just
won the lottery’, …)
 The Least Wanted List

Weatherbug (GAIN or Claria) Begin2Search

Hotbar 180Solutions
180 Search Assistant Zango
MyWebSearch CoolWebSearch
Popular Screensavers DyFuCA
Comet Cursors BonzaiBuddy
A Better Internet (Aurora) BargainBuddy
Kazaa / Morpheus Dashbar
GameSpy Arcade Gator
WhenUSave WeatherScope
New.Net Best Offers Network
Starware Toolbar Precision Time
MySearch FunWeb
 Phishing
• Most commonly an Email stating your account
Information needs updating
• Watch for URL’s that are numeric or different
from the link you clicked on
• Best thing to do is to type in the URL and
check your account directly without following
any links in the Email
• Many legitimate emails no longer contain a
link (Paypal)
Phishing Examples
Phishing Examples
Phishing Examples
Phishing Examples
Phishing Examples
Phishing Examples
HOW TO SECURE INTERNET AND DATA
Antivirus Software
•Used to prevent access to computer systems by
unwanted programs.
•Utilises many different methods to protect the
computer.
•Often search for signs of viruses on every
website that is visited and do regular scans of
the computer to check for infections.
 Firewalls
• Device which limits internet connections
 Limit network uses to only approved ones
 Prevent malicious software reporting information
 Prevent outside attacks
 May need to have ports opened to allow applications to
work
• Program used to monitor network traffic.
• Have a set of rules that they use to filter packets trying to
enter the network.
• Usually placed between a trusted network and one that is
less trusted.
 Proxy servers
 All internet traffic routed via proxy server
 Acts as an internet gateway
 Once proxy is secure, so is network
 Can filter content
 Can cache content
 Often used with a firewall in a corporate environment
 Passwords
• Should be:
 Long (8 characters or more)
 Not obvious or from a dictionary
 Contain capitals, numerals and non-alphanumeric
characters (!&^*$@.,’[]{}? …)
 Recorded securely somewhere
 Transmitted in encrypted form only
• Older programs such as FTP, Telnet transmit this in
plaintext …
 Statistics
• Attacks on the increase
• In 2010 431 million adults worldwide were
victims of cyber crime
• Costs 114 billion pounds worldwide
• Costs U.K 27 billion pounds a year
• 10.5% of the worlds hackers are from the U.K
 Statistics
• In Brazil 83% of the population have suffered
from internet crime.

• America 73% falling victim to internet crime.

• Cyber crime can be down to anyone from

professional criminals to teenagers
Annual Damage Costs
Yearly amount of internet fraud
Protecting your system
• Keep up to date with patches (Windows update, Software update)
• Use a firewall
• Use anti-virus software and keep it up to date
• Use anti-spyware tools
• Filter email for spam and suspicious messages
• Be aware of ‘fake alerts’
• Spam blocker
• Encryption software
• Caution in providing personal information
• Secure Shopping
• Monitoring of your child’s computer activities