The Internet, The Web, and Cyber Security
The Internet & The Web
- The terms "internet" and "World Wide Web" are often used interchangeably, but they refer to different things.
The Internet
- The internet is a vast network of computers and other electronic devices linked together through a system of routers and servers.
- Serves as the backbone for various forms of communication (email, instant messaging, data transfers).
- Enables services like online gaming, video streaming, and cloud-based applications.
The World Wide Web
- The World Wide Web, or simply the web, is a collection of websites and web pages accessed via the internet.
- The web comprises interconnected documents and multimedia files stored on servers worldwide.
- Users access web pages through web browsers, which communicate with servers to retrieve and display content.
What Is A URL?
- A URL, or Uniform Resource Locator, functions as a text-based identifier for locating resources on the internet.
- It serves as the address for web pages, images, videos, and other online resources.
Components of a URL
A URL typically includes three primary components:
- Protocol:
- Specifies the communication protocol used for data transfer between the client and server.
- Examples include HTTP, HTTPS, FTP, among others.
- Domain Name:
- Identifies the server where the resource is hosted.
- Can be either a domain name (like "example.com") or an IP address.
- Path:
- Denotes the location of the specific resource on the server.
- May specify a file name (e.g., "index.html") or a directory path.
- For example, the URL "https://www.samplewebsite.com/homepage" consists of the HTTPS protocol, the domain name "www.samplewebsite.com", and the path "/homepage", which indicates the specific resource on the server.
Protocols
- The internet primarily utilizes two main protocols for data transfer between clients and servers: Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS).
Hypertext Transfer Protocol (HTTP)
- HTTP facilitates the exchange of data between a client and a server on the internet.
- It operates in a stateless manner, meaning it does not retain information about previous interactions.
- By default, HTTP uses port 80 and transmits data in plain text, making it susceptible to interception and alteration.
Hypertext Transfer Protocol Secure (HTTPS)
- HTTPS is the secure iteration of HTTP, employing encryption to safeguard data exchanged between clients and servers.
- Operating on port 443 by default, HTTPS employs protocols like Transport Layer Security (TLS) or Secure Socket Layer (SSL) to encrypt data.
- This encryption ensures that data integrity and confidentiality are maintained, thwarting unauthorized access or tampering.
SSL & TLS
- SSL, initially developed by Netscape in the 1990s, aimed to secure internet communications.
- TLS subsequently emerged as its successor, enhancing security protocols for secure internet communications.
- Both SSL and TLS utilize a blend of symmetric and asymmetric encryption techniques.
- TLS operates across two primary layers:
- Handshake Layer: This phase establishes a secure connection between two endpoints (client and server).
- Record Layer: Responsible for securely transmitting data between the client and server, ensuring confidentiality and integrity.
- The process of establishing a secure connection typically involves the following steps:
- The client or browser requests a secure connection to the server.
- The server presents its digital certificate to the client for identification.
- The client validates the server's certificate.
- Upon successful validation, the client signals the server to initiate data transmission.
- Both client and server agree on an encryption method and generate a session key to secure ongoing communications.
Web Browser
- A web browser is a software application designed for accessing and presenting information from the internet.
Purpose of a Web Browser
- The primary function of a web browser is to interpret Hypertext Markup Language (HTML) and display web pages.
- It converts HTML code into a visual format that users can interact with.
Functions of a Web Browser
- Bookmarking and Favorites:
- Web browsers enable users to save links to frequently visited websites for quick access via bookmarks or favorites.
- Browsing History:
- They maintain a record of websites visited by the user, allowing easy navigation back to previously viewed pages.
- Tabbed Browsing:
- Web browsers support opening multiple tabs within a single window, facilitating efficient multitasking and navigation between different web pages.
- Cookie Management:
- They store cookies, which are small files containing user preferences and login information, to enhance browsing convenience on websites.
- Navigation Tools:
- Web browsers provide tools such as back and forward buttons, a home button, and a reload button to aid in navigating through web pages.
- Address Bar:
- They include an address bar where users can enter URLs or search terms to navigate directly to websites or search for information using a search engine.
- Homepage:
- The homepage is the initial page displayed when the browser starts, often customizable to show frequently visited sites or specific content.
- Script Execution:
- Web browsers execute active scripts embedded in web pages, enabling interactive content like animations, videos, and pop-up windows.
- File Downloads:
- They allow users to download files from the internet, including documents, images, and software applications.
- Requesting Web Pages:
- When a user enters a web address into the address bar, the browser sends a request to the corresponding web server. The server responds by sending the requested web page content back to the browser for display.
- Overall, web browsers serve as essential tools for accessing, navigating, and interacting with the vast array of information available on the internet.
- The web browser sends the URL to the DNS (Domain Name System), which translates the URL into an IP address. This IP address is then used to locate the web server hosting the requested resource.
Protocol Management
- Web browsers handle two primary protocols: HTTP and HTTPS.
- These protocols facilitate the transfer of data between web servers and browsers.
- HTTP is typically used for standard web pages, while HTTPS is employed for secure pages that necessitate encryption, such as those found on online banking or e-commerce sites.
- When a user types in a URL or clicks on a link, the web browser initiates the following sequence of actions:
- The browser sends the URL to the DNS (Domain Name System) using HTTP.
- The DNS translates the URL into the corresponding IP address and sends it back to the web browser.
- The web browser then sends a request to the web server identified by the IP address for the requested web pages.
- The web server responds by sending the requested web pages to the web browser.
- The browser processes the HTML code received from the server and renders it to display the web pages on the screen.
- If the web pages require secure transmission, SSL (Secure Sockets Layer) or HTTPS (Hypertext Transfer Protocol Secure) is used.
- During the SSL/HTTPS handshake, security certificates are exchanged between the browser and the server to establish a secure connection.
- Once the secure connection is established, any data transmitted between the browser and the server is encrypted to ensure confidentiality and integrity.
- This process ensures that users can securely access and view web pages while protecting sensitive information transmitted over the internet.
Web Pages
What Are Cookies?
- A cookie is a small text file that a web browser stores on a user's computer when they visit a website.
- Cookies serve various purposes related to user interaction and data management on the web.
Types of Cookies
- Session cookies:
- These cookies are temporary and are deleted when the user closes their web browser.
- They store session-specific information such as login details and items in a shopping cart.
- Persistent cookies:
- These cookies remain on the user's computer even after the browser is closed.
- They store information across sessions, like login credentials and user preferences such as language and theme settings.
- Third-party cookies:
- These cookies are set by domains other than the one the user is currently visiting.
- They are commonly used for advertising and tracking user behavior across different websites.
Purpose of Cookies
- Authentication:
- Cookies authenticate users by remembering their login credentials, allowing users to access websites without entering their username and password repeatedly.
- Personalization:
- Cookies store user preferences such as language and theme settings, providing a customized browsing experience tailored to individual preferences.
- Tracking:
- Cookies track user behavior and browsing history.
- This data is used for targeted advertising, analytics, and improving website functionality.
- Session Management:
- Cookies manage user sessions by maintaining information such as items in a shopping cart and the user's progress in interactive forms.
Digital Currency
- Digital currency refers to currency that exists solely in electronic or digital form, without any physical counterpart.
Types of Digital Currency
- Cryptocurrencies:
- These are decentralized digital currencies secured by cryptographic techniques and operating on blockchain technology.
- Examples include Bitcoin, Ethereum, and Litecoin.
- Central Bank Digital Currencies (CBDCs):
- These are digital versions of fiat currencies issued and regulated by central banks.
- They aim to provide a digital representation of a country's official currency.
- Virtual Currencies:
- Not issued by a central authority, these digital currencies are often specific to online communities or platforms, such as virtual currencies used in gaming or social media.
Characteristics of Digital Currency
- Decentralization:
- Many digital currencies operate on decentralized peer-to-peer networks, eliminating the need for a central authority.
- Encryption:
- Digital currencies use cryptographic techniques to secure transactions and control the creation of new units.
- Transparency:
- Transactions are often recorded on a public ledger like a blockchain, enabling anyone to view transaction history.
- Anonymity:
- Digital currencies can provide varying degrees of anonymity, as transactions typically do not require personal information disclosure.
Advantages of Digital Currency
- Accessibility:
- Accessible to anyone with an internet connection, regardless of geographical location.
- Faster Transactions:
- Transactions can be processed quickly, often within minutes, compared to traditional banking methods.
- Lower Transaction Fees:
- Transaction fees are generally lower, especially for international transfers, compared to traditional banking fees.
- Financial Inclusion:
- Provides access to financial services for individuals without access to traditional banking systems.
- Security:
- Uses encryption and decentralized networks to enhance transaction security, reducing vulnerability to fraud and hacking.
- Innovation:
- Enables new financial products and services like smart contracts and decentralized finance (DeFi).
Disadvantages of Digital Currency
- Volatility:
- Prices of digital currencies can fluctuate significantly, leading to potential financial losses.
- Lack of Regulation:
- Not regulated by a central authority, which can result in issues like fraud, market manipulation, and limited consumer protection.
- Security Risks:
- Despite encryption, digital currencies are susceptible to cyber attacks such as hacking and phishing.
- Limited Acceptance:
- Not widely accepted as a form of payment, limiting their utility for everyday transactions.
- Environmental Impact:
- The energy-intensive mining process for cryptocurrencies can have adverse environmental effects.
Cyber Security Threats
- Cyber security threats encompass malicious activities aimed at compromising computer systems, networks, and data for harmful purposes.
Types of Cyber Security Threats
- Malware:
- Malware refers to malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.
- Examples include viruses, worms, trojans, ransomware, and spyware.
- Phishing:
- Phishing is a type of social engineering attack where attackers send deceptive emails or messages to trick users into revealing sensitive information like passwords, credit card numbers, or personal details.
- Denial of Service (DoS) Attack:
- A DoS attack aims to make a computer system or network unavailable to its legitimate users by flooding it with excessive traffic, overwhelming its capacity to respond to requests.
- Man-in-the-Middle (MitM) Attack:
- In a MitM attack, an attacker intercepts and potentially alters communication between two parties without their knowledge, allowing them to eavesdrop on sensitive information exchanges.
- SQL Injection:
- SQL injection is a technique where attackers insert malicious SQL code into a web application's input fields to gain unauthorized access to the application's database, potentially extracting or modifying data.
- Cross-Site Scripting (XSS):
- XSS is a vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users.
- This allows them to steal sensitive data or hijack user sessions.
- Password Attacks:
- Password attacks involve various methods to obtain or guess a user's password illicitly.
- Techniques include brute force attacks, dictionary attacks, and the use of password cracking tools to gain unauthorized access.
- These cyber security threats pose significant risks to individuals, organizations, and governments worldwide, necessitating robust security measures and vigilance to mitigate potential harm.
Safety Against Cyber Security Threats
- Protecting data from cyber security threats involves employing various methods and practices:
Methods of Protecting Data
- Encryption:
- Encryption converts data into a coded format that can only be deciphered with the correct decryption key.
- It is crucial for securing data both in transit (during transmission) and at rest (stored data).
- Firewalls:
- Firewalls are security systems that monitor and control incoming and outgoing network traffic based on established security rules.
- They help prevent unauthorized access to or from private networks by filtering traffic.
- Anti-Malware Software:
- Anti-malware software includes tools like antivirus, anti-spyware, and anti-ransomware programs.
- These are used to detect, prevent, and remove malicious software (malware) from computer systems.
- Multi-Factor Authentication (MFA):
- MFA enhances security by requiring users to provide two or more verification factors to access a resource.
- This typically includes something the user knows (password) and something the user has (like a smartphone for a verification code).
- Regular Software Updates:
- Keeping software up to date with the latest security patches and updates is essential.
- Updates often fix vulnerabilities and weaknesses that could be exploited by attackers.
- Strong Passwords:
- Using strong, complex passwords for accounts helps prevent unauthorized access.
- Strong passwords typically include a mix of letters, numbers, and special characters, and are unique for each account.
- Backup and Recovery:
- Regularly backing up data and having a recovery plan in place is crucial.
- This practice ensures that data can be restored in case of accidental deletion, hardware failure, or ransomware attacks.
- Security Awareness Training:
- Educating employees and users about cyber security best practices is essential.
- Training helps individuals recognize phishing attempts, understand the importance of security measures, and know how to respond to potential threats.
- Implementing these methods and practices can significantly enhance the security posture of individuals, organizations, and systems against cyber security threats.