Web Technologies and Cybersecurity University Study Guide

Introduction to Web Technologies & Security

  • Source Material Context: These comprehensive notes are derived from a 175-page PDF covering the fundamental and advanced aspects of Internet architecture and security principles.
  • Scope of Content: The material encompasses Internet basics, Web services, Security threats, Digital currency, and Blockchain technology.

Internet vs. World Wide Web (WWW)

  • Internet Characterization:     * Definition: A global network of interconnected networks.     * Nature: It is a conceptual entity supported by physical hardware components including computers, servers, and cables (e.g., fiber optic, copper).     * Purpose: Facilitates worldwide communication and the transmission of data packets.
  • World Wide Web (WWW) Characterization:     * Definition: A service that runs on top of the Internet infrastructure.     * Functionality: Provides access to a massive collection of web pages via web browsers.
  • Interconnectivity: Digital tools such as browsers, email, and cloud services orbit the globe, relying on the Internet and the WWW to function correctly.

URL Structure & Components

  • Uniform Resource Locator (URL): A text-based address used to locate specific resources on the web. It serves as a human-readable alias for an IP address.
  • Component Breakdown:     * Protocol: (e.g., https://) Indicates the communication protocol used (Hypertext Transfer Protocol or its secure version).     * Domain: (e.g., www.example.com) The human-readable name mapping to an IP address via the Domain Name System (DNS).     * Domain Type (TLD): (e.g., .com, .org, .edu) Identifies the Top-Level Domain category.     * Path: (e.g., /folder/page.html) Specifies the exact location of a file or resource on the web server.     * File Name: (e.g., page.html) The specific document being requested by the client.
  • Real-World Example: For the URL instagram.com/havilinternationalschool, instagram.com is the domain and /havilinternationalschool is the path.

Hypertext Transfer Protocol (HTTP & HTTPS)

  • HTTP: The protocol governing the transfer of web pages, defining how messages are formatted and transmitted across the network.
  • HTTPS: The secure version of HTTP utilizing SSL/TLS protocols.     * Mechanism: Creates a secure tunnel for data; packets are encrypted before travel and decrypted only at the intended destination.     * Core Benefits: Ensures the confidentiality and integrity of all transmitted information.

Web Browsers and HTML

  • Web Browser Definition: Software designed to retrieve, interpret, and display HTML content from web servers.
  • Core Features (Mnemonic: BANCAR):     * B - Bookmarks / Favourites: Allows users to save frequently visited URLs for rapid access.     * A - Allow multiple tabs: Enables the viewing of several web pages simultaneously within a single window.     * N - Navigation tools: Buttons for Back, Forward, and Home to move through browsing history.     * C - Cookies: Stores user preferences, session data, and login info.     * A - Address bar: The input field where users enter URLs.     * R - Record user history: Logs previously visited pages for future reference.
  • HTML (HyperText Markup Language): The standard markup language used to structure and organize content so it can be interpreted by web browsers.

Domain Name System (DNS) and Page Retrieval Flow

  • DNS Definition: A system that translates human-readable domain names into numerical IP addresses.
  • The Page Retrieval Step-by-Step Process:     1. The user inputs a URL into the browser's address bar.     2. The browser queries a DNS server to find the domain's corresponding IP address.     3. The DNS returns the IP; the browser opens a connection to that IP using HTTP or HTTPS.     4. The server receives the request and sends the relative HTML file.     5. The browser parses the HTML and renders the page for the user.

Cookies Management

  • Definition: Small pieces of data stored on a user's device by a web server to maintain stateful information.
  • Types of Cookies:     * Session Cookies: Temporary files deleted when the browser is closed; used for maintaining login status during a single visit.     * Persistent Cookies: Remain on the device until a specific expiration date; enable "remember me" functionality and persistent shopping carts.
  • Cookie Exchange Flow:     1. The server sends a Set-Cookie header along with the response.     2. The browser stores the cookie (encrypted if the connection is HTTPS).     3. On subsequent requests to the same domain, the browser includes the cookie in the Cookie header.     4. The server reads the cookie to provide a personalized user experience.

Digital Currency & Blockchain Fundamentals

  • Definitions:     * Digital Currency: Money existing solely in electronic form with no physical counterpart.     * Cryptocurrency: A decentralized digital currency operating on a blockchain, independent of central banks (e.g., Bitcoin, Ethereum, Tether, Litecoin).
  • Comparison: Traditional Digital Currency vs. Cryptocurrency:     * Control: Central banks/governments vs. Distributed networks of participants.     * Security: Managed by financial institutions vs. Cryptographic validation (hashes and proof-of-work).     * Examples: Bank transfers and e-wallets vs. Various crypto coins.
  • Mining Basics: Miners utilize computational power to validate transactions and add new blocks to the ledger. Rewards include transaction fees and newly minted coins.
  • Blockchain Structure:     * Hash: A unique identifier generated by a cryptographic algorithm.     * Previous Hash: The cryptographic link to the predecessor block, forming a chain.     * Timestamp: Records the exact creation time of the block.     * Data: Contains transaction details such as sender, receiver, and amount.
  • Why Tampering is Impractical:     * Previous-hash Linkage: Changing any block alters its hash, which breaks the subsequent chain links.     * Proof-of-Work: Requires massive computational effort (e.g., approximately 10minutes\sim 10\,\text{minutes} per block).     * Distributed Copies: Every node maintains a full copy; consensus requires over >50\% of nodes to agree on the valid chain.

Cybersecurity Threats

  • Brute-Force Attack: Exhaustive guessing of passwords. Mitigation: Complex passwords and account lockout policies.
  • Malware: Malicious software (Virus, Trojan, Worm, Spyware, Adware, Ransomware) designed to damage or extort. Mitigation: Anti-malware tools and regular updates.
  • Phishing & Pharming: Deceptive messages/sites used to harvest credentials. Pharming specifically involves tampering with DNS records or servers to redirect users invisibly even when the URL is correct. Mitigation: 2FA and email filtering.
  • Data Interception: Sniffing network traffic to steal data. Mitigation: VPNs, encryption (WEP/WPA), and avoiding public Wi-Fi.
  • Hacking: Unauthorized access to systems. Mitigation: Firewalls and Intrusion Detection Systems (IDS).
  • DDoS (Distributed Denial of Service): Overwhelming a server with traffic. Mitigation: Rate limiting, Traffic filtering, and Content Delivery Networks (CDNs).
  • Social Engineering: Manipulating people into revealing info through fear, curiosity, or trust. Mitigation: Security awareness training.

Malware Types and Delivery

  • Virus vs. Worm:     * Virus: Requires an active host (file or program) to replicate; spread via infected attachments or software.     * Worm: Self-propagating; does not need a host; spreads via network scanning and exploiting vulnerable services.
  • Common Families:     * Trojan Horse: Disguised as legitimate software to provide remote access to attackers.     * Ransomware: Encrypts data and demands payment for the decryption key.     * Spyware: Secretly monitors activity and transmits personal data.     * Adware: Displays unwanted ads, often bundled with free software.
  • Infection Vectors: Email attachments, drive-by downloads from malicious ads, compromised software, and removable media (baiting).

Cybersecurity Solutions & Prevention

  • Firewalls: Hardware or software barrier that filters traffic based on rules. Can act as a proxy to shield internal assets.
  • Anti-Malware: Includes Antivirus (scans for signatures) and Antispyware. Involves Quarantine (isolation) and Removal (deletion).
  • Authentication & Access Control:     * Access Levels: Permission tiers (read, write, delete) based on user roles.     * Methods: Passwords (Something you know), Biometrics (Something you are), and Two-step verification (Password + OTP/Something you have).     * Password Guidelines: Mix upper/lowercase, numbers, and symbols (e.g., Hp3oe7Ls*(!kajmc); avoid patterns like 123456.
  • Software Updates: Crucial for patching vulnerabilities as threat actors evolve.
  • Privacy Settings: Controls to limit data exposure, such as "Do not track" or location sharing.
  • Proxy Servers: Intermediaries that mask the client's IP address, provide content filtering, and act as a first line of defense.
  • SSL/TLS Handshake Overview:     1. Browser requests a secure connection.     2. Server sends its SSL/TLS certificate.     3. Browser validates the certificate and establishes encrypted session keys.     4. Encrypted two-way communication begins (indicated by https:// and the padlock icon).

Questions & Discussion

  • How can users identify a secure website? Users should look for the https:// protocol and the padlock icon in the browser's address bar, indicating that SSL/TLS is active.
  • What makes blockchain resilient to hacking? The combination of the cryptographic linkage (previous hash), the computational requirement of Proof-of-Work, and the consensus model where over 50%50\% of distributed nodes must agree on the ledger's state.