Introduction

to Internet &
cyber security
WWW-
"www" stands for World Wide Web, which is a system of interconnected documents and resources, linked by
hyperlinks and URLs (Uniform Resource Locators), that are accessible via the internet.
The World Wide Web was invented by Sir Tim Berners-Lee in 1989, and it has since become a fundamental part of how we
access and share information online.
The "www" prefix in a website URL is used to indicate that the website is part of the World Wide Web. For example,
the URL"https://www.google.com/" refers to the Google website, which is accessible via the World Wide Web.
While the terms "World Wide Web" and "Internet" are often used interchangeably, they are not the same thing. The Internet
is a global network of computers and devices that are connected to each other, while the World Wide Web is a collection of
websites and resources that are accessible via the internet.
The World Wide Web has revolutionized the way we communicate and share information, and it has opened up
countless opportunities for businesses, education, and social interaction. Today, billions of people around the world use the
World Wide Web every day to search for information, connect with others, and conduct business.
HTTP stands for Hypertext Transfer Protocol, which is a protocol used for transferring data over the World Wide
Web. It is the foundation of data communication on the web, and it defines the format and structure of the messages exchanged
between web servers and web clients, such as web browsers.
When a user enters a website URL in their web browser, the browser sends an HTTP request to the web server
hosting the website. The server responds with an HTTP response, which contains the requested data, such as HTML files,
images, or other resources.
HTTP is a client-server protocol, which means that it involves communication between two entities: the client, which
initiates the request, and the server, which responds to the request. The client and server exchange messages in the form of
HTTP requests and responses, which are composed of headers and a body.
Following are the some concepts and technologies that are the basis for the web-
1. Web Server: A web server is a computer program or software that processes and delivers web pages and other web-based
resources to clients or users. It listens for HTTP requests from web browsers and responds by delivering the requested content,
such as HTML files, images, videos, and other resources.
2.Web Browser: A web browser is a software application that allows users to access and view web pages on the World Wide
Web. Popular web browsers include Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Opera.
3.URL: A URL (Uniform Resource Locator) is a web address that identifies a particular web page or resource on the World
Wide Web. URLs consist of a protocol (such as http:// or https://), a domain name or IP address, and a path that specifies the
location of the resource on the server.
4.HTML: HTML (Hypertext Markup Language) is a markup language used to create web pages and other web-based
documents. It is used to structure content on the web page, including text, images, links, and other media.
5.HTTP: HTTP (Hypertext Transfer Protocol) is a protocol used for transferring data over the World Wide Web. It defines the
format and structure of the messages exchanged between web servers and web clients, such as web browsers.
6.Web Navigation and Search Services: Web navigation refers to the process of browsing and navigating the World Wide Web
using a web browser. Search services, on the other hand, are tools that allow users to search for and locate web pages and other
resources on the World Wide Web.
7.Gateways to Non-Web Resources: Gateways are software programs or devices that allow access to non-web resources, such
as databases, file servers, and other network resources, via the World Wide Web. Gateways can translate non-web data into
web-compatible formats, allowing users to access and interact with these resources using web browsers and other web-based
tools.
Web Browser-
A web browser is a software application used to access and view websites and other web-based resources on the World Wide
Web. Web browsers provide a graphical user interface (GUI) that allows users to interact with web content, including text,
images, videos, and other media.
The primary function of a web browser is to retrieve and display web pages, which are written in HTML and other web-based
languages. When a user enters a website URL or clicks on a link, the browser sends an HTTP request to the web server hosting
the website. The server responds with an HTTP response, which contains the requested web page or resource.
Web browsers provide many features and functionalities to enhance the web browsing experience, including tabbed browsing,
bookmarks, history, and extensions. They also support various multimedia formats, such as Adobe Flash, JavaScript, and
HTML5.
How to navigate through browser- There are two primary ways to navigate through a web browser: hyperlinks and the address
bar.
1.Hyperlinks: Hyperlinks are clickable links that direct you to other web pages, documents, or resources on the web. You can
navigate through a website by clicking on hyperlinks, which are usually highlighted in a different color or underlined to indicate
that they are clickable.
When you click on a hyperlink, the browser sends a request to the web server hosting the linked resource, and the server
responds with the requested content, which is then displayed in the browser window.
2.Address bar: The address bar is a text field located at the top of the browser window, where you can enter a web address or
URL to navigate directly to a specific web page or resource.
To navigate using the address bar, simply type the URL of the web page you want to visit, and press the "Enter" key. The
browser will then send a request to the web server hosting the requested resource, and the server will respond with the requested
content, which is then displayed in the browser window.
Types of web browser-
Following are the two basic types of browser-
Text-based browsers and graphical-based browsers are two types of web browsers.
Text-based browsers -Text-based browsers are designed to display web pages in plain text format, without any graphics,
images, or other multimedia content. They are popular among users who prefer a minimalist and lightweight browsing
experience, or who have slow internet connections or older devices.
Examples of text-based browsers include Lynx.
Lynx: Lynx is a text-based web browser that displays web pages in plain text format, without any graphics or multimedia
content. It is popular among users who prefer a minimalist and lightweight browsing experience.
Graphical-based browsers- Graphical-based browsers, on the other hand, are designed to display web pages in graphical format,
with images, videos, animations, and other multimedia content. They are more commonly used and offer a more visually rich
browsing experience.
Examples of graphical-based browsers include Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Opera.
These browsers provide a user-friendly graphical interface with menus, toolbars, and other features that allow users to navigate
web pages and access content easily.
1.Mozilla Firefox: Firefox is a free and open-source web browser developed by the Mozilla Foundation. It is known for its fast
browsing speed, customizable interface, and strong privacy features.
2.Google Chrome: Chrome is a popular web browser developed by Google. It is known for its fast browsing speed, clean and
modern interface, and integration with Google services like Gmail and Google Drive.
3.Microsoft Internet Explorer: Internet Explorer is a web browser developed by Microsoft. It was once the dominant browser in
the market but has since been largely replaced by newer browsers. It is still available on older versions of Windows.
4.Safari: Safari is a web browser developed by Apple. It is the default browser on Mac OS and iOS devices, and is known for its
fast browsing speed and integration with Apple's other products and services.

Internet-
The internet is a global network of interconnected computers and servers that communicate with each other using a standardized
set of protocols and technologies. It enables users to access and share information and resources from anywhere in the world,
and has become an essential part of modern life.
characteristics of internet-
1.Complex network: The internet is a complex network of interconnected devices, servers, and communication channels that can
be difficult to understand and manage.
2.Disorganized and decentralized: The internet is a decentralized and disorganized system, with no central authority or control
over the flow of information.
3.Collection of billions of files: The internet contains billions of files, including text, images, videos, and other types of data.
4.Extensive usage: The internet is used by billions of people every day for a wide range of activities, including communication,
entertainment, education, and business.
5.World wide scope: The internet is a global network that connects people and devices from all over the world, breaking down
geographical barriers and enabling global collaboration and communication.
6.Dynamic: The internet is a dynamic system that is constantly changing and evolving, with new technologies, applications, and
services being developed all the time.
7.Exponential growth: The internet has grown at an exponential rate since its inception, with more and more devices, servers,
and users being added to the network every day.
Component of internet-
1.Clients: Clients are the devices or software applications that users use to access the internet, such as computers, smartphones,
tablets, and web browsers. Clients make requests to servers for information or services, and receive responses in return.
2.Servers: Servers are the computers or devices that provide information or services to clients on the internet. There are many
types of servers, including web servers, email servers, file servers, and application servers.
3.Networks: Networks are the physical and logical connections that link clients and servers together on the internet. This
includes wired and wireless connections, routers, switches, and other networking equipment.
4.TCP/IP: TCP/IP is a set of protocols that are used to enable communication between devices on the internet. This includes the
Transmission Control Protocol (TCP) and the Internet Protocol (IP), which are used to transfer data between devices.
5.Bandwidth: Bandwidth refers to the amount of data that can be transmitted over a network connection in a given period of
time. Higher bandwidth connections can transfer more data in less time, which is important for activities like streaming video
or downloading large files.
6.World Wide Web: The World Wide Web (WWW or Web) is a collection of interconnected web pages and resources that are
accessible via the internet. The Web is accessed using web browsers, and it uses HTTP to transfer data between clients and
servers.
7.Web browser: A web browser is a software application used to access and view web pages on the internet. Popular web
browsers include Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari.
8.FTP: FTP (File Transfer Protocol) is a protocol used to transfer files between devices on the internet. It is commonly used for
downloading files from servers or uploading files to websites.
9.Chat: Chat applications enable users to communicate with each other in real-time over the internet. Popular chat applications
include WhatsApp, Facebook Messenger, and Slack.
10.Search engine: Search engines are web applications that enable users to search for information on the internet. Examples of
popular search engines include Google, Bing, and Yahoo.

Internet connectivity -Internet connectivity refers to the ability of devices to connect to the internet and access resources and
services over the internet. There are several ways in which devices can connect to the internet.
Different types of internet connectivity-
1.Dial-up connection: Dial-up is a type of internet connection that uses a telephone line and a modem to connect to the internet.
It is a slow and outdated technology that is not commonly used today.
2.ISDN connection: ISDN (Integrated Services Digital Network) is a type of digital telephone line that can provide faster
internet speeds than dial-up. However, it is also an outdated technology that is no longer widely used.
3.Direct connection: A direct connection is a type of internet connection that connects a computer or device directly to the
internet using an Ethernet cable or other wired connection. This is a fast and reliable type of connection that is commonly used
in businesses and homes.
4.Cable connection: Cable internet is a type of high-speed internet connection that uses the same coaxial cable network that is
used to deliver cable television. It is a fast and reliable type of connection that is commonly used in homes.
5.DSL connection: DSL (Digital Subscriber Line) is a type of internet connection that uses a telephone line to provide high-
speed internet access. It is a reliable and widely available type of connection that is commonly used in homes and businesses.

Internet service providers-Internet Service Providers (ISPs) are companies that provide internet access to users or organizations.
ISPs typically offer various types of internet connections, including wired and wireless connections, as well as various service
plans with different speeds and data limits.
Terms in ISP-
1.Dial-up modem: Dial-up modem is a technology that uses a telephone line and a modem to establish a connection to the
internet. Dial-up connections are slow and have been largely replaced by broadband connections, but are still used in some areas
where broadband is not available.
2.Serial Line Internet Protocol (SLIP): SLIP is a protocol that allows a computer to connect to the internet over a serial line, such
as a phone line or a cable. SLIP is an older technology that has been largely replaced by newer protocols such as PPP (Point-to-
Point Protocol).
3.Very Small Aperture Terminal (VSAT): VSAT is a type of satellite communication technology that uses small satellite dishes
to transmit and receive data over satellite networks. VSAT is commonly used in remote locations where other types of internet
connectivity are not available or feasible.

Factors during selection of ISP-

4.Email aliases: Email aliases are additional email addresses that can be created with your ISP. These aliases are useful for
organizing your email or for using a different email address for different purposes. Some ISPs offer a limited number of email
aliases, while others may offer unlimited aliases.
5.Stability and staying power: The stability and staying power of an ISP is an important consideration. You want to choose an
ISP that has been in business for a while and has a good track record of providing reliable and consistent service. Additionally,
you want an ISP that is financially stable and has a good reputation.
6.Bandwidth: Bandwidth is the amount of data that can be transmitted over an internet connection in a given period of time.
Bandwidth is important for users who need to transfer large files, stream video or audio, or participate in online gaming. Some
ISPs offer unlimited bandwidth, while others may have data caps or charge extra for exceeding data limits.
4. Availability: The first consideration when selecting an ISP is whether the provider is available in your area. Some ISPs only
provide service in certain regions, so it's important to check if the provider is available in your location.
5.Price: The cost of the internet service is another important consideration. ISPs offer different plans with different speeds and
data allowances, so it's important to choose a plan that meets your needs and fits your budget.
6.Reliability: Reliability is another key factor to consider. The ISP should provide a stable and consistent internet connection
without frequent outages or slowdowns.
7.Customer service: Good customer service is important in case you encounter any issues with your internet service. It's
important to choose an ISP that provides timely and effective customer support.

Advantages and Disadvantages of Internet-

Advantages of the internet:
1.Information and knowledge: The internet is a vast source of information and knowledge that can be accessed from anywhere
in the world. This information can be used for education, research, and personal growth.
2.Communication: The internet has revolutionized communication, making it easier and faster to connect with people around
the world. It allows people to communicate through email, chat, video conferencing, and social media.
3.E-commerce: The internet has made it easier to buy and sell products and services online. It has created new opportunities for
businesses to reach customers and for consumers to access a wider range of products.
4.Entertainment: The internet offers a variety of entertainment options, including movies, music, games, and social media. It has
made it possible for people to access entertainment from anywhere in the world.
5.Convenience: The internet has made it easier to do many tasks from the comfort of one's own home, such as banking,
shopping, and paying bills.
Disadvantages of the internet:
1.Cybercrime: The internet has created new opportunities for cybercriminals to commit fraud, identity theft, and other crimes.
2.Addiction: The internet can be addictive, leading to excessive use and neglect of other responsibilities.
3.Privacy concerns: The internet can be a threat to privacy, as personal information can be easily accessed and misused.
4.Spread of misinformation: The internet can be a breeding ground for fake news and misinformation, which can be harmful to
individuals and society as a whole.
5.Online harassment: The internet has made it easier for people to harass and bully others anonymously, leading to
psychological harm and emotional distress.

Applications of internet-
6.Communication: The internet has revolutionized communication, allowing people to send emails, instant messages, and make
video calls from anywhere in the world.
7.Information and research: The internet is a vast source of information, making it easier for people to access research, news,
and other information on any topic.
8.E-commerce: The internet has made it easier to buy and sell products and services online, providing new opportunities for
businesses and consumers.
9.Social media: Social media platforms allow people to connect and interact with others, share information, and form online
communities.
10.Education: The internet has transformed education, making it possible for people to access online courses, tutorials, and
other educational resources from anywhere in the world.
5.Entertainment: The internet offers a variety of entertainment options, including movies, music, games, and social media.
6.Online banking and financial services: The internet has made it easier to access banking and financial services online,
allowing people to manage their finances from anywhere in the world.
7.Healthcare: The internet has created new opportunities for healthcare, such as telemedicine, which allows doctors to consult
with patients remotely.
8.Government services: Many governments offer online services, such as tax filing and passport applications, making it easier
for citizens to access these services.
9.Research and development: The internet has facilitated collaboration and communication among researchers, leading to
advances in science and technology.

Services provided by Internet-

1.1. Communication services-Email: Email is a popular communication service that allows users to send and receive messages
over the internet. It is fast, convenient, and widely used for personal and business communication.
2.Usenet: Usenet is a network of online discussion forums where users can post messages and participate in discussions on a
wide range of topics.
3.E-chatting: E-chatting or online chat services allow users to have real-time text conversations with other users over the
internet. Examples of popular chat services include WhatsApp, Facebook Messenger, and Skype.
4.Telnet: Telnet is a protocol that allows users to connect to remote computers over the internet and access their resources.
5.Internet telephony: Internet telephony, also known as Voice over Internet Protocol (VoIP), allows users to make phone calls
over the internet using software like Skype, Viber, and Google Voice.
6.Video conferencing: Video conferencing services like Zoom, Microsoft Teams, and Google Meet allow users to have face-to-
face meetings and conferences over the internet, with the added ability to share files and screens.
2.Information retrieval services-
1.FTP (File Transfer Protocol) allows users to transfer files between computers over the internet. It is commonly used for
downloading software, media files, and other content.
2.Archie was an early search engine that indexed FTP archives on the internet. Users could search for files and directories using
keywords and browse through the search results.
3.Gopher was a menu-based information retrieval system that allowed users to browse and search through hierarchical menus of
text documents, files, and other resources. It was popular in the early days of the internet but was eventually overtaken by the
World Wide Web.
4.Veronica was a search engine for the Gopher network that allowed users to search for content by keyword. It was similar to
Archie but focused specifically on Gopher resources.

3. Web Services-
5.e-Government: e-Government services provide citizens with online access to government services and information. This can
include things like paying taxes, applying for permits or licenses, and accessing public records.
6.e-Commerce: e-Commerce services allow businesses to buy and sell goods and services online. This includes online
marketplaces like Amazon and eBay, as well as online storefronts for individual businesses.
7.e-News: e-News services provide online access to news and information from a variety of sources. This can include websites
for traditional news outlets, as well as blogs and other online media.
8.e-Recruitment: e-Recruitment services allow companies to post job openings online and accept applications through their
websites or online job boards. This can include services like LinkedIn and job search engines like Indeed.
9.e-Education: e-Education services provide online access to educational resources and courses. This can include online courses,
educational videos, and digital textbooks.
Search Engine- A search engine is a software system that allows users to search for information on the internet by entering
keywords or phrases. The search engine then scans its index of web pages and returns a list of results ranked by relevance to the
user's query. Some common features of search engines include:
1.Crawling and Indexing: Search engines use software programs called spiders or crawlers to explore the web and collect
information about web pages. They then use this information to build an index of web pages that can be searched.
2.Query Processing: When a user enters a query into a search engine, the system uses complex algorithms to process the query
and retrieve relevant results from its index.
3.Relevance Ranking: Search engines use a variety of factors to determine the relevance of a web page to a user's query,
including keywords, page titles, links, and user behavior.
4.User Interface: Search engines typically provide a simple and user-friendly interface that allows users to enter queries and
browse through search results.
5.Advanced Search: Many search engines offer advanced search options that allow users to refine their queries by specifying
additional criteria such as date range, file type, and language.
6.Personalization: Some search engines personalize search results based on a user's search history, location, and other factors.

Catagories of search engine-

There are several categories of search engines:
7.Natural Language Search Engine: These search engines allow users to enter their queries in natural language, such as "What is
the capital of France?" They use sophisticated algorithms to understand the meaning of the query and retrieve relevant results.
8.Subject Directories/Search Engine: These search engines organize web pages into categories and subcategories, making it
easier for users to find information on specific topics. Users can browse the directory or enter keywords to search within a
particular category.
3.Subject Guide: These are similar to subject directories but are typically created and maintained by human experts rather than
automated systems. They provide curated lists of resources on specific topics.
4.Meta Search Engine: These search engines combine results from multiple search engines and present them to the user in a
single list. This can save users time and effort by eliminating the need to search multiple sites separately.

EMAIL-
Email, short for "electronic mail," is a method of exchanging digital messages over the internet or other computer networks. It
allows users to send and receive messages, documents, images, and other files quickly and easily.
To use email, a user needs an email address, which consists of a username and a domain name, separated by the "@" symbol.
For example, "username@example.com". Email addresses can be obtained from various email service providers such as Gmail,
Yahoo, Outlook, etc.
Email works by sending messages between servers on the internet. When a user sends an email, the message is sent to their
email service provider's server. The server then sends the message to the recipient's email service provider's server, which in
turn delivers the message to the recipient's inbox.
Email messages can be formatted using HTML, plain text, or a combination of both. They can also include attachments, such as
documents, images, and videos. In addition, email software often includes features such as spam filtering, email sorting, and the
ability to organize messages into folders.

Email Protocols-SMTP (Simple Mail Transfer Protocol) and POP (Post Office Protocol) are two common email protocols used
to send and receive email messages.
SMPT-SMTP is a protocol used to send email messages from a sender's email client or server to the recipient's email server. It is
responsible for transferring the message from one server to another, and ensuring that the message is delivered to the correct
email address. SMTP is also used for handling email bounces, which occur when a message cannot be delivered.

POP-POP, on the other hand, is a protocol used by email clients to retrieve email messages from a mail server. It allows users to
download their email messages to their local computer or device, and then read and manage them offline. When a user opens
their email client, it connects to the POP server and downloads any new messages that have arrived since the last time the client
was open.

Format of internet email address-

The format of an internet email address typically follows the pattern:

username@domain.extension
•username: This is the unique identifier for the user. It can include letters, numbers, and special characters such as periods,
underscores, and hyphens.
•@: This is the separator between the username and the domain name.
•domain: This is the name of the email provider or organization that hosts the user's email account.
•.extension: This is the top-level domain (TLD) that identifies the type of organization associated with the domain. For
example, .com for commercial organizations, .edu for educational institutions, and .org for non-profit organizations.
For example, an internet email address for John Smith at Gmail would look like this:
john.smith@gmail.com
Sending and Receiving E-Mails-
ending and receiving emails typically involves the following steps:
Sending an email:
1.Log in to your email account.
2.Click on the "Compose" or "New Message" button.
3.Enter the recipient's email address in the "To" field.
4.Add a subject line that summarizes the content of your email.
5.Write your message in the body of the email.
6.Click on the "Send" button.
Receiving an email:
7.Log in to your email account.
8.Click on the inbox folder to view your received emails.
9.Click on the email message you want to read to open it.
10.Read the message and any attachments included with it.
11.Reply to the email if desired, by clicking on the "Reply" button and typing your response.
12.Click on the "Send" button to send your reply.
It's important to keep your email account secure and avoid clicking on suspicious links or downloading attachments from
unknown senders to prevent malware infections or phishing attacks.
 Sender ISP Recipient ISP

Sender’s Recipient’s
Mail Server of
computer computer
Recipient ISP

Advantages of email:
1.Speed: Email is a fast and efficient means of communication. Messages can be sent and received instantly, regardless of the
distance between the sender and receiver.
2.Cost-effective: Email is relatively inexpensive, and there are usually no charges for sending or receiving messages. This
makes it an affordable means of communication, particularly for businesses and individuals who need to communicate
frequently.
3.Convenience: Emails can be sent and received from anywhere, as long as there is an internet connection. This makes it a
convenient means of communication for people who travel frequently or work remotely.
4.Record-keeping: Emails provide a record of the communication, which can be referred to later if needed. This is useful for
businesses and individuals who need to keep track of important conversations and agreements.
5.Global reach: Email allows people to communicate with others around the world, regardless of the time zone differences.
This makes it a valuable tool for businesses and individuals who operate on a global scale.
Disadvantages of email:
1.Lack of personal touch: Email lacks the personal touch of face-to-face or phone conversations, which can lead to
misunderstandings and misinterpretations.
2.Spam: Email can be a target for spam messages, which can be annoying and time-consuming to filter through.
3.Security risks: Email can be vulnerable to security risks, such as phishing attacks and malware infections, which can
compromise personal and sensitive information.
4.Overwhelming: Email overload can be overwhelming, particularly for people who receive a high volume of messages every
day.
5.Misuse: Email can be misused for purposes such as spamming, phishing, and spreading false information, which can damage
reputations and cause harm.

Information security overview – Background and current scenario-

Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption,
modification, or destruction. It has become increasingly important in recent years due to the growing reliance on technology and
the increasing frequency and sophistication of cyber attacks.
Background: Information security has been a concern since the early days of computing, but it became more prominent in the
1980s with the rise of personal computers and the internet. The first computer viruses appeared in the 1980s, and hackers began
to target computer networks for malicious purposes.
As technology has advanced, so have the threats to information security. Today, cyber attacks are a major threat to businesses,
governments, and individuals. These attacks can take many forms, including phishing, malware, ransomware, and social
engineering.
Current scenario: The current information security landscape is constantly evolving, with new threats and vulnerabilities
emerging all the time. Some of the current trends in information security include:
1.Ransomware: Ransomware is a type of malware that encrypts a victim's files and demands payment in exchange for the
decryption key. It has become increasingly common in recent years, with high-profile attacks on businesses and organizations.
2.Social engineering: Social engineering is the practice of using psychological manipulation to trick people into divulging
sensitive information or taking actions that are not in their best interests. This can include phishing emails, phone scams, and
impersonation attacks.
3.Cloud security: As more businesses and individuals rely on cloud services for storing and accessing data, the security of these
services has become a major concern. Cloud security risks include data breaches, data loss, and unauthorized access.
4.Internet of Things (IoT) security: The proliferation of IoT devices, such as smart home devices and medical devices, has
created new security challenges. These devices often have weak security controls and are vulnerable to attacks that can
compromise the privacy and safety of users.
To address these and other information security threats, organizations and individuals need to implement robust security
measures, including strong passwords, regular software updates, and employee training programs. The field of information
security is constantly evolving, and staying up to date with the latest threats and best practices is essential for protecting
sensitive information.

Goals of security-
The following are the key security goals:
5.Confidentiality: This goal refers to the protection of sensitive information from unauthorized access or disclosure. For
example, a company might use encryption to protect confidential customer data during transmission over the internet.
6.Integrity: This goal refers to the protection of data from unauthorized modification, deletion, or corruption. For example, a
bank might use access controls and audit trails to ensure that financial transactions are not tampered with.
3.Availability: This goal refers to the ability to access information and systems when needed. For example, a hospital might
implement redundant systems to ensure that critical patient data is always available in case of a system failure.
4.Authentication: This goal refers to the ability to verify the identity of users and systems. For example, a website might require
users to enter a username and password to authenticate themselves before accessing sensitive information.
5.Non-repudiation: This goal refers to the ability to prove that a message or transaction was sent or received by a specific party
and cannot be denied later. For example, a digital signature can provide non-repudiation by using encryption to verify the
authenticity of a message and the identity of the sender.

Security Attacks-
Attack is a assault on system security that drives from an intelligent threat. There are different types of network attacks:
1. Passive Attacks-Passive attacks are security threats that attempt to intercept or monitor data without altering it. These attacks
are often difficult to detect because they do not change the content of the data being transmitted. Passive attacks are focused on
capturing sensitive information, such as passwords or financial data, and can be carried out using various techniques. Here are
some common types of passive attacks:
1.Eavesdropping: This attack involves intercepting and monitoring data as it is transmitted over a network. An attacker can use
packet sniffing tools to capture data packets and read the information they contain.
2.Traffic analysis: This attack involves analyzing network traffic to infer sensitive information. For example, an attacker can
observe the frequency and volume of data transmissions to deduce the type of application being used or the content of the data.
3.Password attacks: Password attacks can also be considered passive attacks if they do not alter the password or gain access to a
system. For example, an attacker may capture passwords as they are transmitted over an unsecured network.
4.Shoulder surfing: This attack involves observing someone as they enter their password or other sensitive information on a
device
 Alice(Telne Bob(Telnet
t client) server)

Eve(passive
eavesdropper

2.Active attacks-
Active attacks are security threats that involve changing or manipulating data, systems, or networks. Unlike passive attacks,
active attacks are more visible and can cause significant damage to information systems and data. Here are some common types
of active attacks:
1.Malware: Malware is a type of software that can be used to carry out a range of active attacks, including stealing data,
modifying files, and disrupting system operations. Malware can be spread through infected emails, websites, or software
downloads.
2.Man-in-the-middle (MitM) attacks: MitM attacks are active attacks that involve intercepting and altering data as it is
transmitted between two parties. An attacker can use this technique to steal sensitive information, such as usernames and
passwords, or to modify the content of the communication.
3.Denial of Service (DoS) attacks: DoS attacks are active attacks designed to disrupt the normal functioning of a computer
system or network. They work by flooding the system with traffic or requests, causing it to crash or become unavailable.
Distributed Denial of Service (DDoS) attacks use multiple systems to launch an attack.
4.Spoofing: Spoofing attacks involve impersonating a legitimate user or system to gain access to sensitive data or systems. For
example, an attacker can use a fake email address or website to trick users into entering their login credentials or financial
information.
5.Password attacks: Password attacks are active attacks that attempt to crack passwords or gain unauthorized access to systems
or data. They can include brute-force attacks, dictionary attacks, and social engineering attacks aimed at obtaining passwords
from users.
6.Rogue software: Rogue software refers to unauthorized software that is installed on a computer system without the user's
knowledge or consent. This can include malware, spyware, or adware that can compromise the security of the system.

Alice(Telne Bob(Telnet
t client) server)

Mallet(Active
intruder)

Security Threat-A security threat refers to any activity, event, or situation that has the potential to compromise the
confidentiality, integrity, or availability of information or information systems. Security threats can be intentional or
unintentional, and can come from a variety of sources, including internal and external actors. There are different categories of
threats-
Accidents and malfunctions are types of security threats that can compromise the availability, integrity, and/or
confidentiality of information or information systems. While these types of threats are often unintentional, they can still have
significant consequences for an organization's security and operations.
Malfunctions refer to incidents that occur due to technical issues or failures. For example, a server crashing, a network
connection being disrupted, or a software bug causing system errors. Malfunctions can also occur due to hardware failures or
cyber attacks.

Accidents and Malfunctions-

1.Operator error: This can occur when an employee accidentally or negligently takes an action that results in security threats,
such as deleting important files, sharing confidential information with unauthorized parties, or falling victim to a phishing scam.
2.Hardware malfunction: This can occur when computer hardware fails or malfunctions, such as a hard drive crashing or a
network router failing, causing the system to be unavailable or losing data.
3.Software bugs: This can occur when software has coding errors, resulting in unintended behavior or system failure.
4.Data errors: This can occur when data is corrupted, incomplete, or otherwise incorrect, leading to incorrect processing,
analysis, or decision-making.
5.Accidental disclosure of information: This can occur when confidential information is accidentally shared or made public,
such as sending an email to the wrong recipient or leaving sensitive documents unsecured.
6.Damage to physical facilities: This can occur due to natural disasters such as floods, fires, or earthquakes, causing physical
damage to data centers or other facilities.
7.Inadequate system performance: This can occur when systems are overloaded or underpowered, causing slow response times,
timeouts, or system crashes.
8.Liability for system failure: This can occur when an organization is held responsible for damages caused by system failures,
such as data breaches or service disruptions.
2.Computer Crime-Computer crime refers to illegal activities that are carried out using computer systems or networks.
Computer crime is a serious threat to individuals and organizations, and can result in significant financial losses, reputational
damage, and legal consequences. To prevent computer crime, organizations need to implement strong security measures such as
access controls, encryption, intrusion detection systems, and employee training programs. Regular security assessments and
audits can also help identify and mitigate potential vulnerabilities and risks. Finally, individuals can protect themselves from
computer crime by using strong passwords, being cautious of suspicious emails or messages, and keeping their software and
security tools up to date. Computer crime can take many forms, including:
1. Hacking-Hacking is one form of computer crime where an unauthorized individual gains access to a computer system or
network for malicious purposes. The main purpose of hackers is to alter computer hardware and software to achieve a goal
which is different from that the owners actual objects. some examples of hacking techniques:
1.Denial of Service (DoS) attacks: This involves overwhelming a computer system or network with traffic or requests, causing
it to crash or become unavailable. Hackers can use botnets or other techniques to generate a large volume of traffic to a website
or network.
2.Trojan horse: This is a type of malware that disguises itself as a legitimate program but has hidden malicious functionality.
For example, a Trojan horse might appear to be a harmless email attachment, but when opened, it installs malware on the user's
computer.
3.Malicious applets: These are small programs that are embedded in websites or other applications and can execute malicious
code on a user's computer when triggered. For example, a malicious applet might be designed to steal personal information or
install malware on the user's computer.
4.Password crackers: These are tools or programs that use various techniques to crack or guess passwords, allowing hackers to
gain unauthorized access to computer systems or networks.
5.War dialing: This involves using automated tools to call a large number of phone numbers, looking for computers or modems
that are connected to the phone network. Hackers can use this technique to identify vulnerable systems and gain unauthorized
access.

2. Cyber theft- Cyber theft, also known as cybercrime or online theft, refers to any illegal activity that involves the theft of data
or money using computers, networks, or other digital devices. Cyber theft can take many forms, including:
1.Identity theft: This involves stealing personal information such as social security numbers, credit card numbers, or bank
account details to commit fraud or other illegal activities.
2.Credit card fraud: This involves using stolen credit card information to make unauthorized purchases or transactions.
3.Phishing: This involves tricking individuals into giving away personal information or login credentials by sending fraudulent
emails or other forms of electronic communication.
4.Ransomware: This involves encrypting a victim's files or data and demanding payment in exchange for the decryption key.
5.Cryptocurrency theft: This involves stealing or hacking into cryptocurrency wallets or exchanges to steal digital currencies
such as Bitcoin.

3. Unauthorized use at work-nauthorized use at work refers to the use of an employer's computer or network resources for
personal activities or activities that violate company policies or laws. This can include activities such as:
6.Personal email or social media use during work hours.
7.Accessing inappropriate or illegal websites or content.
8.Using company resources for personal financial gain, such as cryptocurrency mining or online gambling.
9.Using company resources to harass or bully others, such as sending harassing emails or messages.
10.Media downloading.
11.Unauthorized Blogging.
4.Piracy-Piracy is the unauthorized use, copying, distribution, or sale of copyrighted works, such as music, movies, TV shows,
books, and software. It is a form of intellectual property theft and is illegal in most countries.. Types of computer based piracy:
1.software privacy- software piracy, refers to the unauthorized use, reproduction, or distribution of copyrighted software. Some
examples of software privacy include:
1.Creating a copy and/or selling it: This involves making unauthorized copies of software and selling it for profit, which is a
violation of copyright laws.
2.Creating a copy and giving it to someone else: This involves making unauthorized copies of software and distributing it to
others, which is also a violation of copyright laws.
3.Creating a copy to serve as a backup: This is generally allowed as long as it is for personal use only and does not involve
distributing the copy to others.
4.Renting the original software: This is generally allowed as long as the rental agreement includes restrictions on the number of
copies that can be made and the software is used only by the person who rented it.
5.Buying original software: This is the legal and ethical way to obtain and use software.
6.OEM unbundling: This refers to the practice of separating the software from the hardware it is bundled with, which is
generally not allowed unless specifically authorized by the software vendor.
7.Softlifting: This refers to the unauthorized use of software that has been legally licensed to someone else, such as borrowing a
friend's software CD or using a coworker's software license key.
8.Unrestricted client access infringement: This refers to the use of software on more computers than the license allows, which is
a violation of copyright laws.
2.Piracy of Intellectual property -Intellectual property (IP) piracy is the unauthorized use, copying, or distribution of a creator's
protected work, such as music, movies, software, and other forms of intellectual property. It is a form of theft that infringes on
the rights of the creators and can result in significant financial losses for them.
IP piracy takes many forms, including:
1.Counterfeiting: This refers to the production and distribution of fake or imitation products that infringe on a creator's
trademark or patent rights.
2.Copyright infringement: This refers to the unauthorized use, reproduction, or distribution of a creator's protected work, such as
music, movies, and software.
3.Trade secret misappropriation: This refers to the theft or unauthorized use of confidential business information, such as
formulas, processes, and customer lists.
4.Patent infringement: This refers to the unauthorized use, manufacture, or sale of an invention that is protected by a patent.
IP piracy is a significant problem for creators and the industries that rely on their works. It can result in lost sales, reduced
revenue, and damaged reputation. It also undermines innovation and discourages creators from investing time and resources into
the development of new ideas and products.

5.Computer viruses- A computer virus is a type of malicious software (malware) that can replicate itself and spread to other
computers. Viruses can cause harm to computer systems by corrupting files, stealing data, or even rendering the system
unusable.
Here are some common types of computer viruses:
5.File infecting viruses - these viruses attach themselves to executable files and spread when the file is executed.
6.Boot sector viruses - these viruses infect the boot sector of a computer's hard drive or other storage device, and can spread
when the computer is booted up.
1.Macro viruses - these viruses infect documents that use macros, such as Microsoft Word documents, and can spread when the
infected document is opened.
2.Script viruses - these viruses use scripts, such as JavaScript, to infect web pages and can spread when the infected web page
is visited.
3.Polymorphic viruses - these viruses can change their code to avoid detection by antivirus software.
4.Encrypted viruses - these viruses use encryption to hide their code and avoid detection.
5.Stealth viruses - these viruses try to hide themselves from antivirus software by altering their code or behavior.
6.Tunneling viruses - these viruses create a tunnel between the infected computer and the attacker's computer, allowing the
attacker to remotely control the infected computer.
7.Multipartite viruses - these viruses infect both files and the boot sector of a computer's hard drive.
8.Armored viruses - these viruses use various techniques to make it difficult to analyze and remove them, such as encrypting
their code and using anti-debugging techniques.

6. Computer worms-
A computer worm is a type of malware that spreads through a network by exploiting vulnerabilities in software or by using
social engineering techniques to trick users into running the worm. Unlike viruses, worms do not need to attach themselves to a
host file in order to spread.
Here are some common types of computer worms:
9.Email worms - these worms spread through email attachments and can infect a user's computer when the attachment is
opened.
10.Instant messaging worms - these worms spread through instant messaging services by sending messages with links to
infected websites or files.
3.Internet worms - these worms spread through the internet by exploiting vulnerabilities in software or by using social
engineering techniques to trick users into visiting infected websites.
4.IRC worms - these worms spread through internet relay chat (IRC) channels by sending infected messages to other users in
the channel.
5.File sharing network worms - these worms spread through peer-to-peer (P2P) file sharing networks, such as BitTorrent, by
infecting shared files and spreading to other users who download the infected files.
Worm Activation-
Worm activation refers to the method by which a worm starts to execute its malicious payload. Here are some common types of
worm activation:
1.Human activated - these worms require human interaction, such as opening an infected file or clicking on a malicious link, to
activate and start spreading.
2.Activated based on human activity - these worms are designed to activate based on specific human activity, such as when a
user logs into a computer or connects to a network.
3.Activated by scheduled processes - these worms are programmed to activate at a specific time or when a specific event
occurs, such as when a computer is restarted.
4.Self-activated - these worms are designed to activate automatically when they are installed on a system or when they detect
certain conditions, such as the presence of specific software or hardware.
Authorization- Authorization is the process of granting or denying access to a resource or service based on an individual's or
entity's identity, role, and permissions. Authorization is a critical component of security systems and is used to ensure that only
authorized users or entities are allowed access to sensitive resources and data.
The process of authorization typically involves the following steps:
1.Authentication: The process of verifying the identity of an individual or entity requesting access to a resource or service.
2.Authorization: The process of determining whether the authenticated user or entity has the appropriate permissions to access
the requested resource or service.
3.Access Control: The process of enforcing authorization decisions by controlling access to the resource or service.
There are several methods of authorizations-
Password-A password is a secret combination of characters, numbers, and symbols that is used to authenticate a user's identity
and grant access to a computer system or online service. Passwords are an essential aspect of security and are used to protect
sensitive data, accounts, and resources.
A weak password is one that is easy to guess or crack, and can be easily compromised by an attacker. Some common
characteristics of weak passwords include:
4.Short length (less than 8 characters)
5.Common words or phrases
6.Simple patterns (such as "123456" or "qwerty")
7.Personal information (such as a birthdate or name)
A strong password, on the other hand, is one that is difficult to guess or crack, and provides a higher level of security. Some
characteristics of strong passwords include:
1.Length (12 or more characters)
2.Random combinations of uppercase and lowercase letters, numbers, and symbols
3.Unrelated to personal information or common words and phrases
4.Unique for each account or service.
Overall, strong passwords are essential to maintain the security and integrity of sensitive data and resources, and to
protect against unauthorized access and cyber attacks.

Password cracking-Password cracking is the process of attempting to guess or discover a password by using automated tools or
manual techniques. Password cracking is commonly used by hackers and cybercriminals to gain unauthorized access to
computer systems or online accounts. To protect against password cracking, it is important to use strong and complex passwords
that are difficult to guess or crack. This includes using a combination of uppercase and lowercase letters, numbers, and special
characters, and avoiding common words or phrases. Additionally, it is recommended to use multi-factor authentication (MFA)
whenever possible, as this adds an extra layer of security to the authentication process.
Password cracking can be done using various methods, including:
5.Keylogger: A keylogger is a type of malware that records every keystroke made by the user, including passwords. The attacker
can then retrieve the recorded data to obtain the user's password.
6.Social engineering: Social engineering involves manipulating people into divulging their passwords or other sensitive
information. Attackers may use techniques such as phishing, pretexting, or baiting to trick users into revealing their passwords.
7.Password resetting: An attacker can use the password reset feature to gain access to an account. By knowing personal
information about the user, such as their email address or date of birth, the attacker can request a password reset and gain access
to the account.
8.Online guessing: An attacker can use automated tools to guess a user's password by trying common passwords or variations of
the user's name or other personal information.
5.Offline cracking: Offline cracking involves obtaining a copy of the password file, which contains encrypted passwords, and
using specialized tools to crack the encryption and obtain the passwords.

Insecure Network connections-

Insecure network connections refer to connections that do not provide adequate security measures to protect against
unauthorized access, interception, or data breaches. These insecure connections can be exploited by attackers to gain access to
sensitive information, such as login credentials, financial data, or personal information. It is important to be aware of the risks
associated with insecure network connections and to take appropriate measures to protect against them.
Disadvantages of insecure network connections-
Insecure network connections pose several risks and disadvantages, including:
1.Unauthorized access: Insecure network connections can allow attackers to gain unauthorized access to sensitive information,
such as login credentials, financial data, or personal information.
2.Data breaches: Insecure network connections can result in data breaches, where sensitive information is accessed or stolen by
attackers.
3.Malware infections: Insecure network connections can be used to deliver malware to systems or networks, which can lead to
data loss, system crashes, or unauthorized access.
4.Loss of productivity: Insecure network connections can result in system downtime or slowdowns, which can reduce
productivity and cause financial losses.
5.Reputation damage: Insecure network connections can damage the reputation of an organization, leading to loss of customers
or revenue.
6.Legal and regulatory penalties: Insecure network connections can result in legal and regulatory penalties for organizations,
such as fines or lawsuits, if sensitive data is compromised.
Network Security Methods-There are various network security methods that organizations can implement to protect their
systems and networks against cyber threats, including:
1.Access control: Access control methods, such as authentication and authorization, can be used to ensure that only authorized
users can access the network or specific resources within the network.
2.Anti-malware: Anti-malware software can detect and remove malware, such as viruses, Trojans, and ransomware, from
systems and networks.
3.Application security: Application security measures can be implemented to protect against vulnerabilities in software
applications, such as SQL injection attacks or cross-site scripting (XSS) attacks.
4.Behavioral analytics: Behavioral analytics can be used to detect anomalous behavior or patterns in user activity, which can
indicate a security threat.
5.Data loss prevention: Data loss prevention (DLP) measures can be used to prevent unauthorized access or transmission of
sensitive data, such as credit card numbers or social security numbers.
6.Email security: Email security measures can be used to protect against email-based threats, such as spam, phishing, or
malware-laden attachments.
7.Firewalls: Firewalls can be used to monitor and control network traffic, blocking unauthorized access and preventing
malware from entering the network.
8.Intrusion prevention system: An intrusion prevention system (IPS) can be used to detect and block attacks on the network,
such as denial-of-service (DoS) attacks or buffer overflow attacks.
9.Virtual private network: A virtual private network (VPN) can be used to encrypt network traffic and provide secure remote
access to the network.
10.Web security: Web security measures can be used to protect against web-based threats, such as cross-site scripting (XSS)
attacks or SQL injection attacks.
Digital signature and working of digital signature-
A digital signature is a mathematical technique used to verify the authenticity and integrity of a digital document or message. It
provides a way to verify that a digital document has not been tampered with or altered in any way since it was signed. Digital
signatures use a combination of cryptographic techniques, including public key encryption and hashing, to ensure the
authenticity and integrity of the digital document.
The working of a digital signature can be explained in the following steps:
1.The sender of the digital document creates a digital signature by applying a cryptographic algorithm to the document or
message. This creates a unique digital fingerprint of the document, known as a hash.
2.The sender then uses their private key to encrypt the hash. This creates a digital signature that is unique to both the document
and the sender.
3.The encrypted digital signature is then attached to the document or message and sent to the recipient.
4.The recipient of the digital document uses the sender's public key to decrypt the digital signature. This provides them with the
original hash that was created by the sender.
5.The recipient then creates a new hash of the digital document using the same cryptographic algorithm that was used by the
sender.
6.The recipient compares the original hash provided by the sender with the new hash that they have created. If the two hashes
match, then the digital signature is valid and the document has not been tampered with or altered since it was signed. If the
hashes do not match, then the digital signature is not valid, and the document may have been tampered with or altered.
Advantages of digital signature-
Digital signatures offer several advantages, including:
1.Impostor prevention: Digital signatures help prevent impersonation or identity fraud by providing a way to verify the
authenticity of the digital document or message. The use of cryptographic algorithms ensures that the digital signature can only
be generated by the owner of the private key, which makes it difficult for impostors to create fake signatures.
2.Message integrity: Digital signatures provide a way to ensure that the digital document or message has not been tampered with
or altered since it was signed. The use of hashing algorithms ensures that even minor changes to the document will result in a
different hash value, making it easy to detect any changes.
3.Legal requirements: Many countries have laws and regulations that require certain types of documents to be signed and
verified using digital signatures. Digital signatures offer a way to meet these legal requirements while providing a more secure
and efficient way to sign and transmit documents.
4.Security and confidentiality: Digital signatures provide a way to ensure the security and confidentiality of digital documents
by using public key cryptography. The use of encryption ensures that only the intended recipient can read the message, while the
use of digital signatures ensures that the message has not been tampered with or altered.
5.Efficiency and convenience: Digital signatures offer a faster and more convenient way to sign and transmit documents
compared to traditional paper-based signatures. Digital signatures can be created and verified electronically, eliminating the
need for physical signatures and reducing the time and costs associated with signing and transmitting documents.
Disadvantages of digital signature-
1.Association with trusted time-stamping: For a digital signature to be valid, it needs to be associated with a trusted time-
stamping service that verifies the time and date of the signature. This can add complexity and cost to the process of creating and
verifying digital signatures.
2.Non-repudiation: While non-repudiation is often seen as an advantage of digital signatures, it can also be a disadvantage in
certain situations. Non-repudiation means that the signer cannot deny signing the document, which can be problematic if the
signer is coerced or forced to sign against their will.
3.Reliance on technology: Digital signatures rely on technology, including encryption and hashing algorithms, which can be
vulnerable to attacks or technical failures. This can make digital signatures less reliable than traditional paper-based signatures in
certain situations.
4.Legal recognition: While digital signatures are legally recognized in many countries, there are still some jurisdictions that do
not recognize them as legally binding. This can limit the usefulness of digital signatures in certain situations, particularly for
international transactions.
5.Adoption and implementation: Digital signatures require the adoption and implementation of specific standards and
technologies, which can be challenging for organizations or individuals who are not familiar with these technologies. This can
limit the widespread adoption and use of digital signatures.
Application of digital signature-
1.Electronic mail system: Digital signatures are commonly used in email systems to verify the authenticity and integrity of
electronic messages. Digital signatures help prevent email spoofing and ensure that messages have not been tampered with
during transmission.
2.Legal systems: Digital signatures are widely used in legal systems for electronic contracts, agreements, and other legal
documents. Digital signatures provide a secure and reliable way to sign and verify electronic documents, which can save time
and reduce costs associated with traditional paper-based signatures.
3.Electronic funds transfer (EFT) system: Digital signatures are used in EFT systems to provide a secure and reliable way to
authorize electronic payments and transactions. Digital signatures help prevent fraud and ensure that only authorized individuals
can initiate or approve transactions.
4.Electronic data interchange (EDI): Digital signatures are used in EDI systems to ensure the authenticity and integrity of
electronic transactions and documents exchanged between trading partners. Digital signatures help prevent fraud and provide a
secure way to exchange sensitive business information.
5.Electronic bidding: Digital signatures are used in electronic bidding systems to provide a secure and reliable way for bidders
to submit their bids and for organizations to verify the authenticity of bids. Digital signatures help prevent fraud and ensure that
the bidding process is fair and transparent.
6.Distribution of software: Digital signatures are used to verify the authenticity and integrity of software applications during
distribution. Digital signatures help prevent the distribution of malware and other malicious software, and ensure that software
has not been tampered with during distribution.
7.Database applications: Digital signatures are used in database applications to ensure the authenticity and integrity of
electronic records and transactions. Digital signatures help prevent fraud and provide a secure way to store and retrieve sensitive
information.