NATIONAL LAW INSTITUTE UNIVERSITY,

BHOPAL

B.Sc. LL.B. (HONS.) [CYBER SECURITY]

Semester I

ACADEMIC SESSION 2023-24

Study Material
On
Introduction to Cyber Security and Law [IC-01]
[PART-I]

Course Teachers:
Dr. Atul Kumar Pandey
Dr. Astitwa Bhargava

(For Private Circulation and Academic Purpose Only)

 Table of Contents

UNIT I Introduction 9

1.1 History of Computer 10

1.2 Generations of Computer 12

1.3 Components of Computer System and Its Function 16

1.4 Classification of computers 17

1.5 Computer Architecture 20

1.6 Computer memory and its classification 23

1.7 Computer Input and Output Devices 24

1.8 Computer Interface 26

1.9 Computer Applications 27

1.10 Mobile Devices 28

1.11 Internet and WWW 29

1.12 Internet of Things 30

1.13 Registers 31

1.14 Types of Register 33

1.15 Cache Memory 38

1.16 Random Access Memory (RAM) 39

1.17 Read Only Memory (ROM) 40

1.18 Hard Drive 42

1.19 Solid State Drive 43

1.20 Optical Disc 44

1.21 Server 46

1.22 Cloud Server 51

Page 2 of 240
Unit II Operating System and Database Management System 52

2.1 Introduction to Operating System 52

2.2 Types of Operating System 52

2.3 Operation System Operations 55

2.4 Process Management in Operating System 57

2.5 Memory Management in Operating System 59

2.6 Storage Management in Operating System 67

2.7 Mobile Operating System 69

2.8 Open Source Operating System 70

2.9 Mac Operating System 72

2.10 Windows Operating System 73

2.11 Difference between the Windows, MAC and Linux Operating Systems. 75

2.12 Introduction to Database Management System (DBMS) 78

2.13 Characteristics of Database Management System 80

2.14 Purpose of Database System 81

2.15 Data Models 82

2.16 Database Architecture 84

2.17 Comparison between Traditional File System and Database Management System 87

2.18 Database Applications 92

2.19 Entity Relationship Diagram (ER-Diagram) 93

2.20 Introduction to Relational Database 95

2.21 Role of Database Administrator 98

Unit III 100

Computer Languages and Software 100

Page 3 of 240
3.1 Computer Languages 100

3.2 Machine Language 100

3.3 Assembly Language 101

3.4 High-Level Language 101

3.5 Software 102

3.6 Types of Software 103

3.6.1 System Software 103

3.6.2 Application Software 104

3.6.3 Open Source Software 106

3.6.4 Freeware 107

3.6.5 Shareware 107

3.7 Program Language Translators 107

3.7.1 Compiler 108

3.7.2 Interpreter 108

3.7.3 Assembler 108

File System 110

3.8 Introduction to File System 110

3.9 Organization of File System 111

3.10 File Types in an OS 112

3.10.1 Flash File System 113

3.10.2 Disk File System 114

3.10.3 Tape File System 114

3.10.4 Network File System 115

3.10.5 Minimal filesystem 116

Page 4 of 240
3.11 File Allocation Table (FAT) 118

3.12 New Technology File System (NTFS) 121

3.13 Difference between FAT 32 and NTFS 125

Unit IV The Internet 127

4.1 Evolution of Internet 127

4.2 ARPANET 127

4.3 WWW (World Wide Web) 128

4.4 Web Server 130

4.5 Web Browser 131

4.6 Web Application 132

4.7 Web Service 134

4.8 Website 135

4.9 Webpages 137

4.10 Hypertext Markup Language 140

4.11 XML (Extensible Markup Language) 147

4.12 Hypertext Transfer Protocol Secure (HTTPS) 148

4.13 Universal Resource Locator 150

4.14 IP Address 151

4.15 Domain Name System (DNS) 154

4.16 Search Engine 157

4.17 Electronic Mails 160

4.18 Web 2.0 164

Unit V Cyber Security KEY Terminologies 168

5.1 Pillars of Computer Security 168

Page 5 of 240
5.2 CIA Triad 168

5.3 Encryption 170

5.4 Hashing 173

5.5 Non-Repudiation 176

5.6 Identification 177

5.7 Authentication 179

5.8 Authorization 180

5.9 Principles of Cyber Security 181

5.10 Asset 183

5.11 Threat 184

5.12 Vulnerability 184

5.13 Risk 184

5.14 Exploit 185

5.15 Security Controls 185

UNIT- VI 187

CYBER SECURITY ATTACKS 187

6.1 Malware 187

6.2 Virus 187

6.3 Worm 190

6.4 Trojan Horse 193

6.5 Brute Force Attack 194

6.6 Dictionary Attack 195

6.7 Denial of Service Attack 196

6.7 Social Engineering 197

Page 6 of 240
6.8 Phishing 199

Unit IX Introduction to Cyber Space and Cyber Law 201

9.1 Cyber Space 201

9.2 Difference Between Cyberspace and Physical World 202

9.3 Characteristics of Cyber Space 202

9.4 Integration of Physical and Virtual Space 206

9.5 Introduction to Cyber Law 207

9.6 UNCITRAL Model Law 208

9.7 Jurisprudence of Indian Cyber Law 209

9.8 Challenges related to Cyber space 214

9.9 Code is Law Theory 216

9.10 A Declaration of the Independence of Cyberspace 216

9.11 UNITED NATIONS COMMISSION ON TRADE AND DEVELOPMENT 217

9.12 Council of Europe 217

9.13 World Trade Organisation 218

9.14 World Intellectual Property Organisation 219

Unit X Internet Governance 221

10.1 Cyberspace and Governance 221

10.2 Internet Governance 223

10.3 E-Governance 224

10.4 Governance and Legal Framework of Internet (India) 228

10.5 Protecting Information Infrastructure 230

10.6 Internet Corporation for Assigned Names and Numbers 233

10.7 Role of ICANN and Management of Domain Name System 234

Page 7 of 240
10.8 World Summits of the Information Society 235

10.9 Internet Governance Forum 236

10.10 European Dialogue on Internet Governance 236

10.11 Internet Sovereignty 237

Reading List 240

Page 8 of 240
 UNIT I
Introduction
A computer is a programmable device that stores, retrieves, and processes data. The term "computer"
was originally given to humans (human computers) who performed numerical calculations using
mechanical calculators, such as the abacus and slide rule. The term was later given to mechanical
devices as they began replacing human computers. Today's computers are electronic devices that
accept data (input), process that data, produce output, and store (storage) the results (IPOS). Below
is a picture of a computer with each of the main components. You can see the desktop computer, flat-
panel display, speakers, keyboard, and mouse in the picture below.1

Computer system2

1
Computer Hope<https://www.computerhope.com/jargon/c/computer.htm> accessed 13 July 2022
2
<https://www.computerhope.com/jargon/c/computer.htm> accessed 13 July 2022
Page 9 of 240
1.1 History of Computer
1. Abacus
The history of computer begins with the invention of abacus which is believed to be the first computer.
It is said that Chinese invented Abacus around 4,000 years ago. It was a wooden rack which has metal
rods with beads mounted on them. The beads were moved by the abacus operator according to some
rules to perform arithmetic calculations. Abacus is still used in some countries like China, Russia and
Japan. An image of this tool is shown below:

Abacus3
2. Napier’s Bones
It was a manually-operated calculating device which was invented by John Napier (1550-1617) of
Merchiston. In this calculating tool, he used 9 different ivory strips or bones marked with numbers to
multiply and divide. So, the tool became known as "Napier's Bones. It was also the first machine to
use the decimal point.

Napier’s Bones4

3
<https://www.maa.org/press/periodicals/convergence/mathematical-treasure-modern-chinese-abacus> accessed 21 July
2022
4
<https://www.youtube.com/watch?v=Ds21S3fCfYM> accessed 21 July 2022
Page 10 of 240
3. Pascaline
Pascaline is also known as Arithmetic Machine or Adding Machine. It was invented between 1642
and 1644 by a French mathematician-philosopher Blaise Pascal. It is believed that it was the first
mechanical and automatic calculator. Pascal invented this machine to help his father, a tax accountant.
It could only perform addition and subtraction. It was a wooden box with a series of gears and wheels.
When a wheel is rotated one revolution, it rotates the neighbouring wheel. A series of windows is
given on the top of the wheels to read the totals.

Pascaline Computer5

4. Stepped Reckoner or Leibnitz wheel

It was developed by a German mathematician-philosopher Gottfried Wilhelm Leibnitz in 1673. He
improved Pascal's invention to develop this machine. It was a digital mechanical calculator which
was known as stepped reckoner because instead of gears it was made of fluted drums.
5. Difference Engine
In the early 1820s, it was designed by Charles Babbage who is known as "Father of Modern
Computer". It was a mechanical computer which could perform simple calculations. It was a steam
driven calculating machine designed to solve tables of numbers like logarithm tables.
6. Analytical Engine
This calculating machine was also developed by Charles Babbage in 1830. It was a mechanical
computer that used punch-cards as input. It was capable of solving any mathematical problem and
storing information as a permanent memory.

5
<https://www.computerhope.com/jargon/p/pascalin.htm> accessed 21 July 2022
Page 11 of 240
7. Tabulating Machine
It was invented in 1890, by Herman Hollerith, an American statistician. It was a mechanical tabulator
based on punch cards. It could tabulate statistics and record or sort data or information. This machine
was used in the 1890 U.S. Census. Hollerith also started the Hollerith’s Tabulating Machine Company
which later became International Business Machine (IBM) in 1924.
8. Differential Analyzer
It was the first electronic computer introduced in the United States in 1930. It was an analog device
invented by Vannevar Bush. This machine has vacuum tubes to switch electrical signals to perform
calculations. It could do 25 calculations in few minutes.
9. Mark I
The next major changes in the history of computer began in 1937 when Howard Aiken planned to
develop a machine that could perform calculations involving large numbers. In 1944, Mark I
computer was built as a partnership between IBM and Harvard. It was the first programmable digital
computer.
1.2 Generations of Computer
It had been around 16th century when the evolution of the computer started. The initial computer
faced many changes, obviously for the betterment. It continuously improved itself in terms of speed,
accuracy, size, and price to urge the form of the fashionable day computer. This long period is often
conveniently divided into the subsequent phases called computer generations:
• First Generation Computers (1940-1956)
• Second Generation Computers (1956-1963)
• Third Generation Computers (1964-1971)
• Fourth Generation Computers (1971-Present)
• Fifth Generation Computers (Present and Beyond)
First Generation Computers: Vacuum Tubes (1940-1956)
The technology behind the primary generation computers was a fragile glass device, which was called
vacuum tubes. These computers were very heavy and really large in size. These weren’t very reliable
and programming on them was a really tedious task as they used high-level programming language
and used no OS. First-generation computers were used for calculation, storage, and control purpose.
They were too bulky and large that they needed a full room and consume rot of electricity.
Main first-generation computers are:
1. ENIAC: Electronic Numerical Integrator and Computer, built by J. Presper Eckert and John
V. Mauchly was a general-purpose computer. It had been very heavy, large, and contained
18,000 vacuum tubes.

Page 12 of 240
 2. EDVAC: Electronic Discrete Variable Automatic Computer was designed by von Neumann.
It could store data also as instruction and thus the speed was enhanced.
3. UNIVAC: Universal Automatic Computer was developed in 1952 by Eckert and Mauchly.
Main characteristics of first-generation computers are:

Main electronic component Vacuum tube

Programming language Machine language

Main memory Magnetic tapes and magnetic drums

Input/output devices Paper tape and punched cards

Speed and size Very slow and very large in size (often taking up
entire room)

Examples of the first generation IBM 650, IBM 701, ENIAC, UNIVAC1, etc.

Second Generation Computers: Transistors (1956-1963)

Second-generation computers used the technology of transistors rather than bulky vacuum tubes.
Another feature was the core storage. A transistor may be a device composed of semiconductor
material that amplifies a sign or opens or closes a circuit.
Transistors were invented in Bell Labs. The use of transistors made it possible to perform powerfully
and with due speed. It reduced the dimensions and price and thankfully the warmth too, which was
generated by vacuum tubes. Central Processing Unit (CPU), memory, programming language and
input, and output units also came into the force within the second generation.
Programming language was shifted from high level to programming language and made
programming comparatively a simple task for programmers. Languages used for programming during
this era were FORTRAN (1956), ALGOL (1958), and COBOL (1959).
Main characteristics of second-generation computers are:

Main electronic component Transistor

Programming language Machine language and assembly language.

Memory Magnetic core and magnetic tape/disk.

Input/output devices Magnetic tape and punched cards.

Smaller in size, low power consumption, and generated less heat (in
Power and size
comparison with the first-generation computers).

Page 13 of 240
Examples of second PDP-8, IBM1400 series, IBM 7090 and 7094, UNIVAC 1107, CDC
generation 3600 etc.

Third Generation Computers: Integrated Circuits. (1964-1971)

During the third generation, technology envisaged a shift from huge transistors to integrated circuits,
also referred to as IC. Here a variety of transistors were placed on silicon chips, called
semiconductors. The most feature of this era’s computer was the speed and reliability. IC was made
from silicon and also called silicon chips.
A single IC, has many transistors, registers, and capacitors built on one thin slice of silicon. The value
size was reduced and memory space and dealing efficiency were increased during this generation.
Programming was now wiped-out Higher-level languages like BASIC (Beginners All-purpose
Symbolic Instruction Code). Minicomputers find their shape during this era.

Main characteristics of third generation computers are:

Main electronic component Integrated circuits (ICs)

Programming language High-level language

Memory Large magnetic core, magnetic tape/disk

Input / output devices Magnetic tape, monitor, keyboard, printer, etc.

Examples of third generation IBM 360, IBM 370, PDP-11, NCR 395, B6500, UNIVAC
1108, etc.

Fourth Generation Computers: Micro-processors (1971-Present)

In 1971 First microprocessors were used, the large scale of integration LSI circuits built on one chip
called microprocessors. The most advantage of this technology is that one microprocessor can contain
all the circuits required to perform arithmetic, logic, and control functions on one chip.
The computers using microchips were called microcomputers. This generation provided the even
smaller size of computers, with larger capacities. That’s not enough, then Very Large Scale Integrated
(VLSI) circuits replaced LSI circuits. The Intel 4004chip, developed in 1971, located all the
components of the pc from the central processing unit and memory to input/ output controls on one
chip and allowed the dimensions to reduce drastically.

Page 14 of 240
Technologies like multiprocessing, multiprogramming, time-sharing, operating speed, and virtual
memory made it a more user-friendly and customary device. The concept of private computers and
computer networks came into being within the fourth generation.
Main characteristics of fourth generation computers are:

Main electronic component Very large-scale integration (VLSI) and the

microprocessor (VLSI has thousands of
transistors on a single microchip).

Memory semiconductor memory (such as RAM, ROM,

etc.)

Input/output devices pointing devices, optical scanning, keyboard,

monitor, printer, etc.

Examples of fourth generation IBM PC, STAR 1000, APPLE II, Apple
Macintosh, Alter 8800, etc.

Fifth Generation Computers

The technology behind the fifth generation of computers is AI. It allows computers to behave like
humans. It is often seen in programs like voice recognition, area of medicines, and entertainment.
Within the field of games playing also it’s shown remarkable performance where computers are
capable of beating human competitors.
The speed is highest, size is that the smallest and area of use has remarkably increased within the
fifth-generation computers. Though not a hundred percent AI has been achieved to date but keeping
in sight the present developments, it is often said that this dream also will become a reality very soon.
In order to summarize the features of varied generations of computers, it is often said that a big
improvement has been seen as far because the speed and accuracy of functioning care, but if we
mention the dimensions, it’s being small over the years. The value is additionally diminishing and
reliability is in fact increasing.

Page 15 of 240
Main characteristics of fifth generation computers are:

Main electronic component Based on artificial intelligence, uses the Ultra Large-Scale
Integration (ULSI) technology and parallel processing
method (ULSI has millions of transistors on a single
microchip and Parallel processing method use two or more
microprocessors to run tasks simultaneously).

Language Understand natural language (human language).

Size Portable and small in size.

Input / output device Trackpad (or touchpad), touchscreen, pen, speech input
(recognize voice/speech), light scanner, printer, keyboard,
monitor, mouse, etc.

Example of fifth generation Desktops, laptops, tablets, smartphones, etc.

1.3 Components of Computer System and Its Function

Here is a complete list of computer parts and their functions:
• Motherboard: The motherboard is the main board that is screwed into the computer case
directly. Its function is to connect all of the components so that they may communicate and
work together.
• Input Unit: The main function of the input unit is to send commands and transfer data into
computers. Later, the data gets processed by the computer’s CPU which generates output. For
example, a laptop’s keyboard is an input device.
• Output Unit: The computer’s response is relayed through output devices in the form of a
visual response (monitor), sound (speakers), or media devices (CD or DVD drives). The
function of these devices is to convert the machine’s response into a format that the computer
user can understand.
• Central Processing Unit (CPU): The CPU can be regarded as a computer’s brain. On a
computational level, it processes all of the data. It reads data from the RAM and processes it
in order for the computer to do the tasks it is programmed to do.
• Graphics Processing Unit (GPU): GPU is a specialized processor that is created to
accelerate graphics processing. It can render many pieces of data making them ideal for
machine learning, video editing and gaming.

Page 16 of 240
 • Random Access Memory (RAM): RAM is a form of data storage that allows for faster read
and write operations. RAM is also volatile, which means that if the power goes out, it loses
all of the data it has stored.
• Storage Unit: This device stores all the data and the instructions required for processing. It
keeps intermediate results of processing.6
1.4 Classification of computers
The computer systems can be classified on the following basis:
• On the basis of size.
• On the basis of functionality.
• On the basis of data handling.
Classification on the basis of size:
1. Super computers : The super computers are the most high performing system. A
supercomputer is a computer with a high level of performance compared to a general-purpose
computer. The actual Performance of a supercomputer is measured in FLOPS instead of
MIPS. All of the world’s fastest 500 supercomputers run Linux-based operating systems.
Additional research is being conducted in China, the US, the EU, Taiwan and Japan to build
even faster, more high performing and more technologically superior supercomputers.
Supercomputers actually play an important role in the field of computation, and are used for
intensive computation tasks in various fields, including quantum mechanics, weather
forecasting, climate research, oil and gas exploration, molecular modeling, and physical
simulations. and also, throughout the history, supercomputers have been essential in the field
of the cryptanalysis. E.g. PARAM, jaguar, roadrunner.
2. Mainframe computers : These are commonly called as big iron, they are usually used by big
organisations for bulk data processing such as statics, census data processing, transaction
processing and are widely used as the servers as these systems has a higher processing
capability as compared to the other classes of computers, most of these mainframe
architectures were established in 1960s, the research and development worked continuously
over the years and the mainframes of today are far more better than the earlier ones, in size,
capacity and efficiency. E.g.: IBM z Series, System z9 and System z10 servers.
3. Mini computers : These computers came into the market in mid 1960s and were sold at a
much cheaper price than the main frames, they were actually designed for control,
instrumentation, human interaction, and communication switching as distinct from calculation

6
“Components of Computer” <https://leverageedu.com/blog/components-of-computer/> accessed 13 July 2022
Page 17 of 240
 and record keeping, later they became very popular for personal use. In the 60s to describe
the smaller computers that became possible with the use of transistors and core memory
technologies, minimal instructions sets and less expensive peripherals such as the ubiquitous
Teletype Model 33 ASR. They usually took up one or a few inch rack cabinets, compared
with the large mainframes that could fill a room, there was a new term “MINICOMPUTERS”
coined. E.g.: Personal Laptop, PC etc.
4. Micro computers : A microcomputer is a small, relatively inexpensive computer with a
microprocessor as its CPU. It includes a microprocessor, memory, and minimal I/O circuitry
mounted on a single printed circuit board. The previous to these computers, mainframes and
minicomputers, were comparatively much larger, hard to maintain and more expensive. They
actually formed the foundation for present day microcomputers and smart gadgets that we use
in day-to-day life. Example: Tablets, smart watches.
Classification on the basis of functionality
1. Servers : Servers are nothing but dedicated computers which are set-up to offer some services to
the clients. They are named depending on the type of service they offered. Eg: security server,
database server.
2. Workstation : Those are the computers designed to primarily to be used by single user at a time.
They run multi-user operating systems. They are the ones which we use for our day to day
personal / commercial work.
3. Information Appliance: They are the portable devices which are designed to perform a limited
set of tasks like basic calculations, playing multimedia, browsing internet etc. They are generally
referred as the mobile devices. They have very limited memory and flexibility and generally run
on “as-is” basis.
4. Embedded Computers: They are the computing devices which are used in other machines to
serve limited set of requirements. They follow instructions from the non-volatile memory and
they are not required to execute reboot or reset. The processing units used in such device work to
those basic requirements only and are different from the ones that are used in personal computer
better known as workstations.

Page 18 of 240
Classification on the basis of data handling

Computer Memory 7

5. Analog: An analog computer is a form of computer that uses the continuously-changeable

aspects of physical fact such as electrical, mechanical, or hydraulic quantities to model the
problem being solved. Anything that is variable with respect to time and continuous can be
claimed as analog just like an analog clock measures time by means of the distance traveled for
the spokes of the clock around the circular dial.
6. Digital: A computer that performs calculations and logical operations with quantities represented
as digits, usually in the binary number system of “0” and “1”, “Computer capable of solving
problems by processing information expressed in discrete form. from manipulation of the
combinations of the binary digits, it can perform mathematical calculations, organize and analyze
data, control industrial and other processes, and simulate dynamic systems such as global weather
patterns.
7. Hybrid: A computer that processes both analog and digital data, Hybrid computer is a digital
computer that accepts analog signals, converts them to digital and processes them in digital
form.8

7
Paul Rubens,”Types of Computer Memory"<https://www.enterprisestorageforum.com/hardware/types-of-computer-
memory/> accessed 21 July 2022
8
“Classification of computers” <https://www.geeksforgeeks.org/classification-of-computers/> accessed 13 July 2022
Page 19 of 240
1.5 Computer Architecture
Computer architecture comprises rules, methods, and procedures that describe the execution and
functionality of the entire computer system. In general terms, computer architecture refers to how a
computer system is designed using compatible technologies.
Here are the various categories of architecture that exist in our computer systems.
• Von-Neumann Architecture
• Harvard Architecture
• Instruction Set Architecture
• Micro-architecture
• System Design

1. Von-Neumann Architecture
John von Neumann coined and developed this architecture. The computer we are using nowadays
is based on the von Neumann architecture. It has some concepts. It is also known as Princeton
architecture. It renders a unique design for the electronic digital systems having the following
components:
• A Central Processing Unit (CPU) with arithmetic and logic unit (ALU) and processors with attached
registers9.
• A memory that can store data and instructions.
• External mass storage or secondary storage.
• A Control Unit (CU) with the ability to hold instructions in the program counter (PC) or instruction
register (IR).
• Input and output mechanisms and peripherals.
The von Neumann design thus constitutes the foundation of modern computing. The Harvard
architecture, a similar model, had committed data addresses and buses for reading and writing to
memory. It wins because von Neumann's architecture was easier to execute in real hardware.

9
Registers: The Registers are very fast computer memory which are used to execute programs and operations efficiently.
This does by giving access to commonly used values, i.e., the values which are in the point of operation/execution at that
time.
Page 20 of 240
 Von Neumann Architecture10
2. Harvard Architecture
Harvard Architecture consists of code and data laid in distinct memory sections. It requires a separate
memory block for data and instruction. It has solely contained data storage within the Central
Processing Unit (CPU). A single collection of clock cycles is needed. Data accessibility in one
memory is done by a single memory location in the case of Harvard architecture. One typical example
is the Punch card. Moreover, modern computers may have the latest CPU processes for both methods
but disparate them in a hardware design.

Harvard Architecture11

10
Scoopskiller,”Block-Diagram of Computer”<https://scoopskiller.com/technical-materials/computer-learning/block-
diagram-computer/> accessed 21 July 2022
11
Devin Rathnayke,”Von neumann vs Harvard : Introduction to the computer architecture

Page 21 of 240
3. Instruction Set Architecture
Another notable digital computer architecture is the Instruction Set Architecture. The architecture
holds a collection of instructions that the processor renders and surmises. It consists of two
instruction sets: RISC (Reduced Instruction Set Computer) and CISC (Complex Instruction Set
Computer). It enables versatile implementations of an ISA; commonly differ in features such as
performance, physical size, and monetary price. It empowers the evolution of the micro-
architectures, implementing ISA as an exclusive, higher-performance system that can run software
on preceding generations of execution.

Instruction Set Architecture12

4. Micro-architecture
Micro-architecture is the structural design of a microprocessor. This computer organization leverages
a method where the instruction set architecture holds a built-in processor. Engineers and hardware
scientists implement instruction set architecture (ISA) with various micro-architectures that vary
because of changing technology. It includes the technologies used, resources, and methods. Using
this, the processors physically devised to administer a particular instruction set. Simply, it is a logical
form of all electronic elements and data pathways present in the microprocessor, designed in a
specific way. It allows for the optimal completion of instructions. In academe, it is called computer
organization.

“<https://deveenrath.medium.com/von-neumann-vs-harvard-architecture-introduction-to-the-computer-science-
3b66228ec461> accessed 21 July 2022
12
<https://www.embedded.com/a-quick-introduction-to-instruction-set-architecture-and-extensibility/> accessed 21
July 2022
Page 22 of 240
 Micro architecture in microprocessor13

5. System Design
System design itself defines a design that can serve user requirements like system architecture,
computer modules having various interfaces, and data management within a system. The term product
development is connective to the system design. It is the process by which we can take marketing
information to create a product design.14
1.6 Computer memory and its classification
Computer memory is a generic term for all of the different types of data storage technology that a
computer may use, including RAM, ROM, and flash memory. Some types of computer memory are
designed to be very fast, meaning that the central processing unit (CPU) can access data stored there
very quickly. Other types are designed to be very low cost, so that large amounts of data can be stored
there economically. Another way that computer memory can vary is that some types are non-volatile,
which means they can store data on a long-term basis even when there is no power. And some types
are volatile, which are often faster, but which lose all the data stored on them as soon as the power is
switched off. A computer system is built using a combination of these types of computer memory,

13
Architecture of 8085 microprocessor
<https://www.geeksforgeeks.org/architecture-of-8085-microprocessor/> accessed 21 July 2022
14
“Types of computer architecture”<https://www.w3schools.in/computer-fundamentals/types-of-computer-
architecture> accessed 13 July 2022
Page 23 of 240
and the exact configuration can be optimized to produce the maximum data processing speed or the
minimum cost, or some compromise between the two.
There are two most basic types of memory, primary memory, often called system memory, and
secondary memory, which is more commonly called storage.
The key difference between primary and secondary memory is speed of access.
• Primary memory includes ROM and RAM, and is located close to the CPU on the computer
motherboard, enabling the CPU to read data from primary memory very quickly indeed. It is
used to store data that the CPU needs imminently so that it does not have to wait for it to be
delivered.
• Secondary memory by contrast, is usually physically located within a separate storage
device, such as a hard disk drive or Solid-State Drive (SSD), which is connected to the
computer system either directly or over a network. The cost per gigabyte of secondary
memory is much lower, but the read and write speeds are significantly slower.15
1.7 Computer Input and Output Devices
An input device sends information to a computer system for processing, and an output device
reproduces or displays the results of that processing. Input devices only allow for input of data to a
computer and output devices only receive the output of data from another device. Most devices are
only input devices or output devices, as they can only accept data input from a user or output data
generated by a computer. However, some devices can accept input and display output, and they are
referred to as I/O devices (input/output devices). For example, a keyboard sends electrical signals,
which are received as input. Those signals are then interpreted by the computer and displayed, or
output, on the monitor as text or images. In the lower half of the image, the computer sends, or outputs,
data to a printer. Then, that data is printed onto a piece of paper, which is also considered output.
Input devices
An input device can send data to another device, but it cannot receive data from another device.
Examples of input devices include the following.
Keyboard and Mouse - Accepts input from a user and sends that data (input) to the computer. They
cannot accept or reproduce information (output) from the computer. Microphone - Receives sound
generated by an input source, and sends that sound to a computer.
Webcam - Receives images generated by whatever it is pointed at (input) and sends those images to
a computer.

15
Paul Rubens, ”Types of Computer Memory” <https://www.enterprisestorageforum.com/hardware/types-of-computer-
memory/> accessed 14 July 2022
Page 24 of 240
 Input Devices16

Output devices
An output device can receive data from another device and generate output with that data, but it
cannot send data to another device. Examples of output devices include the following.
Monitor - Receives data from a computer (output) and displays that information as text and images
for users to view. It cannot accept data from a user and send that data to another device.
Projector - Receives data from a computer (output) and displays, or projects, that information as text
and images onto a surface, like a wall or screen. It cannot accept data from a user and send that data
to another device.
Speakers - Receives sound data from a computer and plays the sounds for users to hear. It cannot
accept sound generated by users and send that sound to another device.

Output Devices17

16
10 Examples of Input Devices of Computer
<https://digitalworld839.com/what-are-input-devices-examples-computers/>accessed 21 Jill 2022
17
What are the Output Devices of Computer and 10 Examples<https://digitalworld839.com/what-are-output-devices-
examples-computer/> accessed 21 July 2022
Page 25 of 240
Input/output devices
An input/output device can receive data from users, or another device (input), and send data to another
device (output). Examples of input/output devices include the following. CD-RW drive and DVD-
RW drive - Receives data from a computer (input), to copy onto a writable CD or DVD. Also, the
drive sends data contained on a CD or DVD (output) to a computer.
USB flash drive - Receives, or saves, data from a computer (input). Also, the drive sends data to a
computer or another device (output)18.
1.8 Computer Interface
An interface may refer to any of the following:
1. When referring to software, an interface19 is a program that allows a user to interact computers in
person or over a network. An interface may also refer to controls used in a program that allow the
user to interact with the program. One of the best examples of an interface is a GUI (Graphical User
Interface). This type of interface is what you are using now to navigate your computer and how you
got to this page.
2. When referring to hardware, an interface is a physical device, port, or connection that interacts
with the computer or other hardware device. For example, IDE and SATA are disk drive interfaces
for computer hard drives and ATAPI is an early interface for CD-ROM drives.
Examples of drive interfaces
The following list is a list of different internal and external interfaces that connect a drive to a
computer.
• ATA
• ATAPI
• eSATA
• FireWire
• IDE
• Parallel port
• SATA
• SCSI
• USB

18
What is the difference between an input and output device? <https://www.computerhope.com/issues/ch001355.htm>
accessed 14 July 2022
19
<https://www.igi-global.com/dictionary/computer-interface/5045> accessed 14 July 2022
Page 26 of 240
 ATA Interface20 ATAPI Interface21

1.9 Computer Applications

The term Application refers to Software which is a set of instructions or code written in a program
for executing a task or an operation in a Computer. Applications play a vital role in a Computer as it
is an end-user program that enables the users to do many things in a system. The application programs
are designed and developed to run in a System Software which is an Operating system. An Operating
System is system software that enables all the applications programs to run and execute various tasks
in a Computer system. The GUI based applications carries out various tasks in a Computer like
creating documents, playing games, browsing and many more.
Application software’s are the end-user programs designed to enhance the productivity in various
fields of work. The applications are used for creating documents, spreadsheets, databases, and
publications, doing online research, sending email, designing graphics, running businesses, and also
playing games. Application software’s are designed to perform a specific task and can be as simple
as a calculator application or as complex as a word processing application. The applications are
designed with built-in functions and properties so to easily carry out all the operations. One of the
most popular and widely used applications is Microsoft word processor where you can do
calculations, copy, paste, delete, and add colors and pictures, change the appearance by using its built-
in properties.
Application Software can be divided into two broad categories are System Software and Applications
Software.
System Software is a program designed to manage all the hardware resources and also runs the
applications programs in a Computer. It is mainly of two types are the Operating system and utility

20
<https://www.computerhope.com/jargon/a/ata.htm> accessed 21 July 2022
21
<https://www.ioi.com.tw/products/proddetail.aspx?CatID=101&HostID=2032&DeviceID=3015&ProdID=1010111>
accessed 21 July 2022
Page 27 of 240
software that is installed with the Operating system. The Operating system and utility programs are
written in such a way to function independently because they are not user oriented. It always runs in
the background and executes all the operations in a Computer. But there are some system software’s
that are used by the end-users like a Device manager which is found on Control panel.
Application Software is a program or a group of programs designed for the end-user to perform a
specific task in a Computer. The user directly interacts with the application programs for performing
a task in a system. Some of the applications software’s are browsers, e-mail clients, word processors,
spreadsheet, database programs and many more that has various built-in functions to be used22.
1.10 Mobile Devices
A mobile device is a general term for any type of handheld computer. These devices are designed to
be extremely portable, and they can often fit in your hand. Some mobile devices like tablets, e-
readers, and smartphones are powerful enough to do many of the same things you can do with a
desktop or laptop computer.
Tablet computers
Like laptops, tablet computers are designed to be portable. However, they provide a different
computing experience. The most obvious difference is that tablet computers don't have keyboards or
touchpads. Instead, the entire screen is touch-sensitive, allowing you to type on a virtual keyboard and
use your finger as a mouse pointer. Tablet computers can't necessarily do everything traditional
computers can do. For many people, a traditional computer like a desktop or laptop is still needed in
order to use some programs. However, the convenience of a tablet computer means it may be ideal
as a second computer.
E-readers
E-book readers also called e-readers are similar to tablet computers, except they are mainly designed
for reading e-books (digital, downloadable books). Notable examples include the Amazon
Kindle, Barnes & Noble Nook, and Kobo. Most e-readers use an e-ink display, which is easier to read
than a traditional computer display.
Smartphones
A smartphone is a more powerful version of a traditional cell phone. In addition to the same basic
features phone calls, voicemail, text messaging smartphones can connect to the Internet over Wi-Fi
or a cellular network (which requires purchasing a monthly data plan). This means you can use a

22
Application and Types of Computer Applications <https://informationq.com/application-and-types-of-computer-
applications/> accessed 14 July 2022

Page 28 of 240
smartphone for the same things you would normally do on a computer, such as checking your email,
browsing the Web, or shopping online.23

1.11 Internet and WWW

Internet is the foremost important tool and the prominent resource that is used by almost people across
the globe. It connects millions of computers, webpages, websites, and servers. The Internet came in
the year 1960 with the creation of the first working model called ARPANET (Advanced Research
Projects Agency). It allowed multiple computers to work on a single network that was their biggest
achievement at that time. ARPANET use packet switching to communicate multiple computer
systems under a single network. In October 1969, using ARPANET first message was transferred
from one computer to another. After that technology continues to grow.
The internet is set up with the help of physical optical fiber data transmission cables or copper wires
and various other networking mediums like LAN, WAN, MAN, etc. For accessing the Internet even,
the 2G, 3G, 4G and 5G services and the Wi-Fi require these physical cable setups to access the
Internet. There is an authority named ICANN (Internet Corporation for Assigned Names and
Numbers) located in the USA which manages the Internet and protocols related to it like IP
addresses.24
World Wide Web(WWW)
The World Wide Web (WWW) is a collection of all the web pages, web documents that you can see
on the Internet by searching their URLs (Uniform Resource Locator) on the Internet. For
example, www.nliu.ac.in is a URL of a website and all the content of this site like webpages and all
the web documents are stored on the worldwide web. Or in other words, the World Wide Web is an
information retrieval service of the web. It provides users a huge array of documents that are

23
"What is a mobile device?” <https://edu.gcfglobal.org/en/computerbasics/mobile-devices/1/> accessed 14 July 2022
24
IP address stands for internet protocol address. Every PC/Local machine is having an IP address and that IP address is
provided by the Internet Service Providers (ISP’s). These are some sets of rules which govern the flow of data whenever
a device is connected to the Internet. It differentiates computers, websites, and routers. Just like human identification
cards like Aadhaar cards, Pan cards, or any other unique identification documents. Every laptop and desktop have its own
unique IP address for identification. It’s an important part of internet technology. An IP address is displayed as a set of
four-digit like 192.154.3.29. Here each number on the set ranges from 0 to 255. Hence, the total IP address range from
0.0.0.0 to 255.255.255.255.
You can check the IP address of your Laptop or desktop by clicking on the windows start menu ->then right click and go
to network ->in that go to status and then Properties their you can see the IP address. There are four different types of IP
addresses are available:
1. Static IP address
2. Dynamic IP address
3. Private IP address
4. Public IP address
Page 29 of 240
connected to each other by means of hypertext or hypermedia links. Here, hyperlinks are known as
electronic connections that link the related data so that users can easily access the related information
and hypertext allows the user to pick a word or phrase from text, and using this keyword or word or
phrase can access other documents that contain additional information related to that word or keyword
or phrase. World wide web is a project which is created by Timothy Berner’s Lee in 1989, for
researchers to work together effectively at CERN. It is an organization, named World Wide Web
Consortium (W3C), which was developed for further development in the web.
Difference between Worldwide Web and Internet
The difference between the world wide web and the internet are:
• All the web pages and web documents are stored there on the World wide web and to find all that
stuff you will have a specific URL for each website. Whereas the internet is a global network of
computers that is accessed by the World wide web.
• World wide web is a service whereas the internet is an infrastructure.
• World wide web is a subset of the internet whereas the internet is the superset of the world wide
web.
• World wide web is software-oriented whereas the internet is hardware-oriented.
• World wide web uses HTTP whereas the internet uses IP addresses.
• The Internet can be considered as a Library whereas all the kinds of stuff like books from different
topics present over there can be considered as World Wide Web.25
1.12 Internet of Things
The Internet of Things (IoT) describes the network of physical objects “things” that are embedded
with sensors, software, and other technologies for the purpose of connecting and exchanging data
with other devices and systems over the internet. These devices range from ordinary household
objects to sophisticated industrial tools. That includes an extraordinary number of objects of all shapes
and sizes – from smart microwaves, which automatically cook your food for the right length of time,
to self-driving cars, whose complex sensors detect objects in their path. There are even connected
footballs that can track how far and fast they are thrown and record those statistics via an app for
future training purposes. IoT works in the following way:
• Devices have hardware like sensors, for example, that collect data.

25
<https://www.geeksforgeeks.org/what-is-internet-definition-uses-working-advantages-and-disadvantages/> accessed
14 July 2022

Page 30 of 240
 • The data collected by the sensors is then shared via the cloud and integrated with software.
• The software then analyzes and transmits the data to users via an app or website. 26
Computer Memory

1.13 Registers
A register is a very small amount of very fast memory that is built into the CPU (central processing
unit) in order to speed up its operations by providing quick access to commonly used values. Registers
refers to semiconductor devices whose contents can be accessed (i.e., read and written to) at extremely
high speeds but which are held there only temporarily (i.e., while in use or only as long as the power
supply remains on).
Registers are the top of the memory hierarchy and are the fastest way for the system to manipulate
data. Registers are normally measured by the number of bits they can hold, for example, an 8-bit
register means it can store 8 bits of data or a 32-bit register means it can store 32 bit of data.
Registers are used to store data temporarily during the execution of a program. Some of the registers
are accessible to the user through instructions. Data and instructions must be put into the system, so
we need registers for this27.
There are different kinds of registers utilized for different reasons. Some of the commonly used
registers are:

• AC (Accumulator)
• DR (Data registers)
• AR (Address registers)
• PC (Program counter)
• MDR (Memory data registers)
• IR (Index registers)
• MBR (Memory buffer registers)

26
What is IoT? <https://builtin.com/internet-things> accessed 13 July 2022
27
<http://www.eazynotes.com/pages/computer-system-architecture/computer-registers.html> accessed 14 July 2022
Page 31 of 240
 Memory Management28

These registers are utilized for playing out the different operations. When we perform some
operations, the CPU utilizes these registers to perform the operations. When we provide input to the
system for a certain operation, the provided information or the input gets stored in the registers. Once
the ALU arithmetic and logical unit process the output, the processed data is again provided to us by
the registers.
The sole reason for having a register is the quick recovery of information that the CPU will later
process. The CPU can use RAM over the hard disk to retrieve the memory, which is comparatively a

28
<https://www.geeksforgeeks.org/memory-management-in-operating-system/> accessed 21 July 2022
Page 32 of 240
much faster option, but the speed retrieved from RAM is still not enough. Therefore, we have catch
memory, which is faster than registers. These registers work with CPU memory like catch and RAM
to complete the task quickly.
Operation Performed by Registers
Following major operations performed by registers, such as:
• Fetch: The fetch operation is utilized for taking the directions by the client. The instructions that
are stored away into the main memory for later processing are fetched by registers.
• Decode: This operation is utilized for deciphering the instructions implies the instructions are
decoded the CPU will discover which operation is to be performed on the instructions.
• Execute: The CPU performs this operation. Also, results delivered by the CPU are then stored in
the memory, and after that, they are shown on the client Screen.

1.14 Types of Register

Here are the following types of registers in computer organization:29

An accumulator is the most often

1 Accumulator AC utilized register, and it is used to store
information taken from memory.

29
Types of Register in Computer Organization<https://www.javatpoint.com/types-of-register-in-computer-

organization> accessed 14 July 2022

Page 33 of 240
 Address location of memory is stored
Memory address in this register to be accessed later. It is
2 MAR
registers called by both MAR and MDR
together

All the information that is supposed to

Memory data be written or the information that is
3 MDR
registers supposed to be read from a certain
memory address is stored here

Consist of a series of registers

generally starting from R0 and running
till Rn - 1. These registers tend to store
any form of temporary data that is sent
General-purpose
4 GPR to a register during any undertaking
register
process.
More GPR enables the register to
register addressing, which increases
processing speed.

Page 34 of 240
 These registers are utilized in keeping
the record of a program that is being
executed or under execution. These
registers consist of the memory
address of the next instruction to be
fetched.
PC points to the address of the next
instruction to be fetched from the main
5 Program counter PC memory when the previous instruction
has been completed successfully.
Program Counter (PC) also functions
to count the number of instructions.
The incrementation of PC depends on
the type of architecture being used. If
we use a 32-bit architecture, the PC
gets incremented by 4 every time to
fetch the next instruction.

Instruction registers hold the

information about to be executed. The
immediate instructions received from
the system are fetched and stored in
these registers.
6 Instructions registers IR
Once the instructions are stored in
registers, the processor starts executing
the set instructions, and the PC will
point to the next instructions to be
executed

Page 35 of 240
 These have different flags that depict
Condition code the status of operations. These registers
7
registers set the flags accordingly if the result of
operation caused zero or negative

8 Temporary registers TR Holds temporary data

9 Input registers INPR Carries input character

10 Output registers OUTR Carries output character

We use this register to store values and

numbers included in the address
information and transform them into
effective addresses. These are also
11 Index registers BX
called base registers.
These are used to change operand
address at the time of execution, also
stated as BX

MBR - Memory buffer registers are

used to store data content or memory
Memory buffer commands used to write on the disk.
12 MBR
register The basic functionality of these is to
save called data from memory.
MBR is very similar to MDR

Page 36 of 240
 Stack is a set of location memory
where data is stored and retrieved in a
certain order. Also called last in first
out ( LIFO ), we can only retrieve a
stack at the second position only after
retrieving out the first one, and stack
Stack control
13 SCR control registers are mainly used to
registers
manage the stacks in the computer.
SP - BP is stack control registers. Also,
we can use DI, SI, SP, and BP as 2 byte
or 4-byte registers.
EDI, ESI, ESP, and EBP are 4 - byte
registers

Flag registers are used to indicate a

particular condition. The size of the
registered flag is 1 - 2 bytes, and each
registered flag is furthermore
compounded into 8 bits. Each
registered flag defines a condition or a
flag.
14 Flag register FR The data that is stored is split into 8
separate bits.
Basic flag registers -
Zero flags
Carry flag
Parity flag
Sign flag
Overflow flag.

15 Segment register SR Hold address for memory

16 Data register DX Hold memory operand

Page 37 of 240
1.15 Cache Memory
Cache memory is a high-speed memory, which is small in size but faster than the main memory
(RAM). The CPU can access it more quickly than the primary memory. So, it is used to synchronize
with high-speed CPU and to improve its performance.
Cache memory can only be accessed by CPU. It can be a reserved part of the main memory or a
storage device outside the CPU. It holds the data and programs which are frequently used by the CPU.
So, it makes sure that the data is instantly available for CPU whenever the CPU needs this data. In
other words, if the CPU finds the required data or instructions in the cache memory, it doesn't need
to access the primary memory (RAM). Thus, by acting as a buffer between RAM and CPU, it speeds
up the system performance.
Types of Cache Memory:
L1: It is the first level of cache memory, which is called Level 1 cache or L1 cache. In this type of
cache memory, a small amount of memory is present inside the CPU itself. If a CPU has four cores
(quad core cpu), then each core will have its own level 1 cache. As this memory is present in the
CPU, it can work at the same speed as of the CPU. The size of this memory ranges from 2KB to 64
KB. The L1 cache further has two types of caches: Instruction cache, which stores instructions
required by the CPU, and the data cache that stores the data required by the CPU.
L2: This cache is known as Level 2 cache or L2 cache. This level 2 cache may be inside the CPU or
outside the CPU. All the cores of a CPU can have their own separate level 2 cache, or they can share
one L2 cache among themselves. In case it is outside the CPU, it is connected with the CPU with a
very high-speed bus. The memory size of this cache is in the range of 256 KB to the 512 KB. In terms
of speed, they are slower than the L1 cache.
L3: It is known as Level 3 cache or L3 cache. This cache is not present in all the processors; some
high-end processors may have this type of cache. This cache is used to enhance the performance of
Level 1 and Level 2 cache. It is located outside the CPU and is shared by all the cores of a CPU. Its
memory size ranges from 1 MB to 8 MB. Although it is slower than L1 and L2 cache, it is faster than
Random Access Memory (RAM).
How does cache memory work with CPU?
When CPU needs the data, first of all, it looks inside the L1 cache. If it does not find anything in L1,
it looks inside the L2 cache. If again, it does not find the data in L2 cache, it looks into the L3 cache.
If data is found in the cache memory, then it is known as a cache hit. On the contrary, if data is not
found inside the cache, it is called a cache miss.
If data is not available in any of the cache memories, it looks inside the Random Access Memory
(RAM). If RAM also does not have the data, then it will get that data from the Hard Disk Drive.

Page 38 of 240
So, when a computer is started for the first time, or an application is opened for the first time, data is
not available in cache memory or in RAM. In this case, the CPU gets the data directly from the hard
disk drive. Thereafter, when you start your computer or open an application, CPU can get that data
from cache memory or RAM30.
1.16 Random Access Memory (RAM)
RAM (Random Access Memory) is the internal memory of the CPU for storing data, program, and
program result. It is a read/write memory which stores data until the machine is working. As soon as
the machine is switched off, data is erased.

Access time in RAM is independent of the address, that is, each storage location inside the memory
is as easy to reach as other locations and takes the same amount of time. Data in the RAM can be
accessed randomly but it is very expensive.
RAM is volatile, i.e. data stored in it is lost when we switch off the computer or if there is a power
failure. Hence, a backup Uninterruptible Power System (UPS) is often used with computers. RAM is
small, both in terms of its physical size and in the amount of data it can hold.
RAM is of two types −

• Static RAM (SRAM)

• Dynamic RAM (DRAM)
Static RAM (SRAM)
The word static indicates that the memory retains its contents as long as power is being supplied.
However, data is lost when the power gets down due to volatile nature. SRAM chips use a matrix of

30
Cache Memory<https://www.javatpoint.com/cache-memory> accessed 14 July 2022
Page 39 of 240
6-transistors and no capacitors. Transistors do not require power to prevent leakage, so SRAM need
not be refreshed on a regular basis.
There is extra space in the matrix, hence SRAM uses more chips than DRAM for the same amount
of storage space, making the manufacturing costs higher. SRAM is thus used as cache memory and
has very fast access.
Characteristic of Static RAM
• Long life
• No need to refresh
• Faster
• Used as cache memory
• Large size
• Expensive
• High power consumption
Dynamic RAM (DRAM)
DRAM, unlike SRAM, must be continually refreshed in order to maintain the data. This is done by
placing the memory on a refresh circuit that rewrites the data several hundred times per second.
DRAM is used for most system memory as it is cheap and small. All DRAMs are made up of memory
cells, which are composed of one capacitor and one transistor.
Characteristics of Dynamic RAM
• Short data lifetime
• Needs to be refreshed continuously
• Slower as compared to SRAM
• Used as RAM
• Smaller in size
• Less expensive
• Less power consumption
1.17 Read Only Memory (ROM)
ROM stands for Read Only Memory. The memory from which we can only read but cannot write
on it. This type of memory is non-volatile. The information is stored permanently in such memories
during manufacture. A ROM stores such instructions that are required to start a computer. This
operation is referred to as bootstrap. ROM chips are not only used in the computer but also in other
electronic items like washing machine and microwave oven.

Page 40 of 240
 ROM 31

Let us now discuss the various types of ROMs and their characteristics.
MROM (Masked ROM)
The very first ROMs were hard-wired devices that contained a pre-programmed set of data or
instructions. These kinds of ROMs are known as masked ROMs, which are inexpensive.
PROM (Programmable Read Only Memory)
PROM is read-only memory that can be modified only once by a user. The user buys a blank PROM
and enters the desired contents using a PROM program. Inside the PROM chip, there are small fuses
which are burnt open during programming. It can be programmed only once and is not erasable.
EPROM (Erasable and Programmable Read Only Memory)
EPROM can be erased by exposing it to ultra-violet light for a duration of up to 40 minutes. Usually,
an EPROM eraser achieves this function. During programming, an electrical charge is trapped in an
insulated gate region. The charge is retained for more than 10 years because the charge has no leakage
path. For erasing this charge, ultra-violet light is passed through a quartz crystal window (lid). This
exposure to ultra-violet light dissipates the charge. During normal use, the quartz lid is sealed with a
sticker.
EEPROM (Electrically Erasable and Programmable Read Only Memory)
EEPROM is programmed and erased electrically. It can be erased and reprogrammed about ten
thousand times. Both erasing and programming take about 4 to 10 ms (millisecond). In EEPROM,
any location can be selectively erased and programmed. EEPROMs can be erased one byte at a time,
rather than erasing the entire chip. Hence, the process of reprogramming is flexible but slow.

31
<https://www.tutorialspoint.com/computer_fundamentals/computer_rom.htm> accessed 21 July 2022
Page 41 of 240
Advantages of ROM
The advantages of ROM are as follows −
• Non-volatile in nature
• Cannot be accidentally changed
• Cheaper than RAMs
• Easy to test
• More reliable than RAMs
• Static and do not require refreshing
• Contents are always known and can be verified.32
1.18 Hard Drive
A computer hard drive (or a hard disk or HDD) is one kind of technology that stores the operating
system, applications, and data files such a documents, pictures and music that your computer uses.
The rest of the components in your computer work together to show you the applications and files
stored on your hard drive.
A hard disk drive (HDD) is composed of a platter that contains compartments to hold data. This data
is your operating system, applications, and any files you have created. There is also an accuator arm
that moves across the platter to read or write the information requested. To make this process faster,
the platter spins as the accuator arm moves across it.
The compartments that hold the data can be spread out all over the hard disk. That is, data is not
written sequentially. There is an indexing system to allow the accuator arm to find all of the pertinent
data.
The platter and the accuator arm are delicate, so they are covered by a steel case. This prevents
damage to the disk under normal circumstances.

32
Computer - Read Only Memory<https://www.tutorialspoint.com/computer_fundamentals/computer_rom.htm>
accessed 14 July 2022

Page 42 of 240
 Hard Drive33

HDDs are proven technology that can hold a large amount of data (this varies by the size of the drive)
and are relatively cheap. Under normal use, they are reasonably durable and function well.
There are drawbacks, however. Hard disk drives can be slow, especially to open large applications or
files. Because they do not write data sequentially, the data can become fragmented, with empty space
within each compartment. This empty space is too small to use for data, but when the empty space is
added together it can take up a large portion of the drive.
Hard drives use a lot of power and produce a lot of heat. This makes them less useful in smaller
computers like laptops and notebooks. Under normal circumstances HDDs are durable. But when
hard drives are in portable computers that can be dropped or bumped while the platter is spinning, the
drive can be damaged so that the data on them is not retrievable by end users.
External Hard Drive
An external storage drive is a separate device that attaches to a computer, generally through a USB
port. Though it does not replace the need for an internal drive, an external drive gives you more
storage space for backup files, pictures, music, and more.
External drives are also portable; you can move them between computers. This will allow to share
things like pictures more easily.
Differences between internal and external hard drives
The computer must have at least one storage drive to function. Usually, the storage drive is an internal
drive; located inside the computer case. Internal drives come in a variety of storage sizes and can be
replaced if you don't have enough storage space.
One can set up a computer with an external drive in addition to the internal drive. An external drive
attaches to the computer, generally through a USB port. An external drive gives you more storage
space for backup files, pictures, music, or particularly large files.
External drives are also portable; can be moved between computers. This will allow to share things
like pictures more easily.34
1.19 Solid State Drive
A solid-state drive (herein after SSD) is a new generation of storage device used in computers. SSDs
use flash-based memory, which is much faster than a traditional mechanical hard disk. Upgrading to
an SSD is one of the best ways to speed up the computer.

33
Hard Drive, <https://www.crucial.in/articles/pc-builders/what-is-a-hard-drive> accessed 21 July 2022
34
<https://www.crucial.in/articles/pc-builders/what-is-a-hard-drive> accessed 14 July 2002
Page 43 of 240
SSDs store data permanently on an integrated circuit, which is a collection of electronic circuits
embedded within a silicon semiconductor cell. Sometimes referred to as semiconductor storage
devices, SSDs are more commonly known as solid-state drives, because they don’t have the moving
parts found in hard-disk drives (HDD).
Because SSD flash memory can be written, transferred, and erased electronically, SSDs run much
faster and more quietly than HDDs. But they’re also more expensive and have more limited storage
capacity than HDDs. SSDs are often used on high-end machines or as secondary storage devices on
consumer PCs.
SSDs are used in the following areas:
• Business: Companies working with huge amounts of data (such as programming environments or
data analysis) often rely on SSDs, as access times and file-transfer speeds are critical.
• Gaming: Gaming computers have always pressed the limits of current computing technology,
justifying relatively expensive equipment for the benefit of gaming performance. That is
particularly true for storage, as modern blockbuster games constantly load and write files (e.g.
textures, maps, levels, characters).
• Mobility: SSDs have low power requirements, thus contributing to better battery life in laptops and
tablets. SSDs are also shock resistant, which reduces the chances of data loss when mobile devices
are dropped.
• Servers: Enterprise servers need SSDs to get fast reads and writes in order to properly serve their
client PCs.35
1.20 Optical Disc
An optical disc is an electronic data storage medium that is also referred to as an optical disk, optical
storage, optical media, Optical disc drive, disc drive, which reads and writes data by using optical
storage techniques and technology. An optical disc, which may be used as a portable and secondary
storage device, was first developed in the late 1960s. James T. Russell invented the first optical disc,
which could store data as micron-sized light and dark dots.
An optical disc can store more data and has a longer lifespan than the preceding generation of
magnetic storage medium. To read and write to CDs and DVDs, computers use a CD writer or DVD
writer drive, and to read and write to Blu-ray discs, they require a Blu-ray drive. MO drives, such as
CD-R and DVD-R drives, are used to read and write information to discs (magneto-optic). The CDs,
Blu-ray, and DVDs are the most common types of optical media, which are usually used to:
• They are used to transfer data to various devices or computers.

35
<https://www.avast.com/c-what-is-ssd> accessed 14 July 2022
Page 44 of 240
• These media are used to deliver the software to others.
• They help users to hold large amounts of data, like videos, photos, music, and more.
• Also, optical media are used to get back up from a local machine.
With the introduction of an all-new generation of optical media, the storage capacity to store data has
increased. CDs have the potential to store 700 MB of data, whereas DVDs allow you to store up to
8.4 GB of data. Blu-ray discs, the newest type of optical media, can hold up to 50 GB of data. This
storage capacity is the most convenient benefit as compared to the floppy disk storage media, which
can store up to 1.44 MB of data.
Optical discs are impervious to most environmental threats like magnetic disturbances or power
surges; however, these discs are not expensive to manufacture. It helps optical disc storage to make
well-suited for archival storage.
Different Kinds of Optical Drives
Optical drives are disk-based drives that were introduced to the market in the 1980s to allow for
increased storage capacity and faster read and write times. There are multiple
kinds of optical media, which are discussed below:
CD-ROM
CD-ROM, short for compact disk read-only memory, was the first disk on the basis of drives for the
latest PCs. CD-ROM devices populate Compact Disk Filing System discs with data encoded in ISO
9660. To reduce noise and increase stability, most CD-ROM drives in computers run at a slower
speed, and if the drive experiences read errors, it will only speed up for larger data files. However,
the newest CD-ROM drives have the potential to achieve read speeds of 60 revolutions in a second
(60x).

CD/DVD tracks36

36
The Windows Disk Management 1
<https://www.installsetupconfig.com/win32programming/windowsdiskapis2.html> accessed 21 July 2022

Page 45 of 240
DVD-ROM
DVD-ROM drives, which stand for Digital Versatile Disk Read Only Memory and are a direct
evolution from CD-ROM drives, have significantly more performance and capacity than their CD
counterparts while maintaining the same physical dimensions. The DVD Forum is a non-profit
organization that establishes several standards for DVD functionality and construction, as well as
overseeing DVD development.
Blu-Ray
In the commercial market, Blu-ray drives are the newest drives available as of 2011. During the early
2000s, Sony developed the Blu-ray technology that was one of the founding proponents.
RW Drives
The rewritable drive types are Blu-ray drives, DVD-ROMs, and CD-ROMs. All the functionalities
of read-only counterparts are available in RW drives. Write processes are particularly sensitive to
shock and can ruin the disc beyond repair if forcibly interrupted; write speeds are slower to preserve
stability than read speeds. Writable disks come in multiple-time write and one-time write variations;
however, RW drives can write multiple times.
Advantages of Optical Disk
Only plastics and aluminum foils are used in the production of an optical disk, which makes their
manufacturing cost less expensive. Therefore, users get the advantage to purchase optical disks in
bulk, and also, the optical disk drive is included with many computers by their manufacturers, and
users can be benefited from purchasing optical disk drives separately37.
1.21 Server
A server is a computer or system that provides resources, data, services, or programs to other
computers, known as clients, over a network. In theory, whenever computers share resources with
client machines they are considered servers. There are many types of servers, including web servers,
mail servers, and virtual servers.
An individual system can provide resources and use them from another system at the same time. This
means that a device could be both a server and a client at the same time.
Some of the first servers were mainframe computers or minicomputers. Minicomputers were much
smaller than mainframe computers, hence the name. However, as technology progressed, they ended
up becoming much larger than desktop computers, which made the term microcomputer somewhat

37
<https://www.javatpoint.com/what-is-an-optical-disc> accessed 14 July 2022
Page 46 of 240
farcical.

Initially, such servers were connected to clients known as terminals that did not do any actual
computing. These terminals, referred to as dumb terminals, existed simply to accept input via a
keyboard or card reader and to return the results of any computations to a display screen or printer.
The actual computing was done on the server.
Later, servers were often single, powerful computers connected over a network to a set of less-
powerful client computers. This network architecture is often referred to as the client-server model,
in which both the client computer and the server possess computing power, but certain tasks are
delegated to servers. In previous computing models, such as the mainframe-terminal model, the
mainframe did act as a server even though it wasn’t referred to by that name.
As technology has evolved, the definition of a server has evolved with it. These days, a server may
be nothing more than software running on one or more physical computing devices. Such servers are
often referred to as virtual servers. Originally, virtual servers were used to increase the number of
server functions a single hardware server could do. Today, virtual servers are often run by a third-
party on hardware across the Internet in an arrangement called cloud computing.
A server may be designed to do a single task, such as a mail server, which accepts and stores email
and then provides it to a requesting client. Servers may also perform several tasks, such as a file and
print server, which both stores files and accepts print jobs from clients and then sends them on to a
network-attached printer.
Functioning of a Server
To function as a server, a device must be configured to listen to requests from clients on a network
connection. This functionality can exist as part of the operating system as an installed application,
role, or a combination of the two.
For example, Microsoft’s Windows Server operating system provides the functionality to listen to
and respond to client requests. Additionally, installed roles or services increase which kinds of client
requests the server can respond to. In another example, an Apache web server responds to Internet
browser requests via an additional application, Apache, installed on top of an operating system.
When a client requires data or functionality from a server, it sends a request over the network. The
server receives this request and responds with the appropriate information. This is the request and
response model of client-server networking, also known as the call and response model.
A server will often perform numerous additional tasks as part of a single request and response,
including verifying the identity of the requestor, ensuring that the client has permission to access the
data or resources requested, and properly formatting or returning the required response in an expected
way.
Page 47 of 240
Types of servers
There are many types of servers that all perform different functions. Many networks contain one or
more of the common server types:
File servers
File servers store and distribute files. Multiple clients or users may share files stored on a server. In
addition, centrally storing files offers easier backup or fault tolerance solutions than attempting to
provide security and integrity for files on every device in an organization. File server hardware can
be designed to maximize read and write speeds to improve performance.
Print servers
Print servers allow for the management and distribution of printing functionality. Rather than
attaching a printer to every workstation, a single print server can respond to printing requests from
numerous clients. Today, some larger and higher-end printers come with their own built-in print
server, which removes the need for an additional computer-based print server. This internal print
server also functions by responding to print requests from a client.
Application servers
Application servers run applications in lieu of client computers running applications locally.
Application servers often run resource-intensive applications that are shared by a large number of
users. Doing so removes the need for each client to have sufficient resources to run the applications.
It also removes the need to install and maintain software on many machines as opposed to only one.
DNS servers
Domain Name System (DNS) servers are application servers that provide name resolution to client
computers by converting names easily understood by humans into machine-readable IP addresses.
The DNS system is a widely distributed database of names and other DNS servers, each of which can
be used to request an otherwise unknown computer name. When a client needs the address of a
system, it sends a DNS request with the name of the desired resource to a DNS server. The DNS
server responds with the necessary IP address from its table of names.
Mail servers
Mail servers are a very common type of application server. Mail servers receive emails sent to a user
and store them until requested by a client on behalf of said user. Having an email server allows for a
single machine to be properly configured and attached to the network at all times. It is then ready to
send and receive messages rather than requiring every client machine to have its own email subsystem
continuously running.
Web servers
Page 48 of 240
One of the most abundant types of servers in today’s market is a web server. A web server is a special
kind of application server that hosts programs and data requested by users across the Internet or an
intranet. Web servers respond to requests from browsers running on client computers for web pages,
or other web-based services. Common web servers include Apache web servers, Microsoft Internet
Information Services (IIS) servers and Nginx servers.
Database servers
The amount of data used by companies, users, and other services is staggering. Much of that data is
stored in databases. Databases need to be accessible to multiple clients at any given time and can
require extraordinary amounts of disk space. Both of these needs lend themselves well to locating
such databases on servers. Database servers run database applications and respond to numerous
requests from clients. Common database server applications include Oracle, Microsoft SQL Server,
DB2, and Informix.
Virtual servers
Virtual servers are taking the server world by storm. Unlike traditional servers that are installed as an
operating system on machine hardware, virtual servers exist only as defined within specialized
software called hypervisor. Each hypervisor can run hundreds, or even thousands, of virtual servers
all at once. The hypervisor presents virtual hardware to the server as if it were real physical hardware.
The virtual server uses the virtual hardware as usual, and the hypervisor passes the actual computation
and storage needs onto the real hardware beneath, which is shared among all the other virtual servers.
Proxy servers
A proxy server acts as an intermediary between a client and a server. Often used to isolate either the
clients or servers for security purposes, a proxy server takes the request from the client. Instead of
responding to the client, it passes the request on to another server or process. The proxy server
receives the response from the second server and then replies to the original client as if it were
replying on its own. In this way, neither the client nor the responding server needs to directly connect
to each other.
Monitoring and management servers
Some servers exist to monitor or manage other systems and clients. There are many types of
monitoring servers. Several of them listen to the network and receive every client request and server
response, but some do not request or respond to data themselves. In this way, the monitoring server
can keep track of all the traffic on the network, as well as the requests and replies of clients and
servers, without interfering with those operations. A monitoring server will respond to requests from
monitoring clients such as those run by network administrators watching the health of the network.
Server structures

Page 49 of 240
The concept of servers is nearly as old as networking itself. After all, the point of a network is to
allow one computer to talk to another computer and distribute either work or resources. Computing
has evolved since then, resulting in several types of server structures and hardware.
Mainframe or minicomputer (AS/400)
You could say that the original servers, mainframe computers, and later, minicomputers, handled
almost all computing tasks except the interaction with the user through a screen and keyboard, which
was left to the client system.
Computer hardware server
The next major wave of servers included computer-based servers. In many respects, these servers
were nothing more than larger, more powerful desktop computers. Such servers were generally more
expensive and held far more memory and disk space than most client computers. Each server was
still a self-contained unit with its own motherboard, processor, memory, disk drives, and power
supply. Servers like this were often warehoused in air-conditioned rooms called server rooms, and
were later bolted into racks for better storage and accessibility.
Blade servers
The original computer server hardware was large and stored in racks that could hold hundreds of
pounds. Over time, however, faster means of connecting hardware resulted in parts of the server being
extracted from a single self-contained device. By removing hard drives, eliminating internal cooling,
and the ongoing miniaturization of computing parts, servers were eventually reduced to a single thin
server known as a blade server. While still stored in racks in server rooms, blade servers are smaller
and can be replaced more easily.
Combining servers
Even before virtualization, servers were being extracted from the standard model of a single server
operating system installed on a hardware machine. Technology, such as network-attached storage,
removed the need for a server to have its own storage. Other technologies, such as mirroring and
clustering, enabled pieces of hardware to be combined into larger, more powerful servers. Such a
server might consist of several blades, several attached storage devices, and an external power supply,
and each piece could be swapped out for another while the server was still running.
Virtual servers
Virtual Servers still require hardware, but that hardware now runs a different process known as a
hypervisor. In some cases, such as Microsoft’s Hyper-V, a full operating system continues to run on
the hardware itself. In other cases, so-called bare-metal hypervisors can be installed directly onto
server hardware. In both instances, the hardware itself is often spread across an array of blade servers,

Page 50 of 240
networked storage, and power supply, resulting in an environment where it is impossible to tell where
any individual server ends and another begins.38
1.22 Cloud Server
Cloud computing is a general term for anything that involves delivering hosted services over the
internet. These services are divided into three main categories or types of cloud computing:
infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).A
cloud can be private or public. A public cloud sells services to anyone on the internet. A private cloud
is a proprietary network or a data center that supplies hosted services to a limited number of people,
with certain access and permissions settings. Private or public, the goal of cloud computing is to
provide easy, scalable access to computing resources and IT services. Cloud infrastructure involves
the hardware and software components required for proper implementation of a cloud computing
model.39The cloud is commonly used to refer to several servers connected to the internet that can be
leased as part of a software or application service. Cloud-based services can include web hosting,
data hosting and sharing, and software or application use.
‘The cloud ’can also refer to cloud computing, where several servers are linked together to share the
load. This means that instead of using one single powerful machine, complex processes can be
distributed across multiple smaller computers.
One of the advantages of cloud storage is that there are many distributed resources acting as one –
often called federated storage clouds. This makes the cloud very tolerant of faults, due to the
distribution of data. Use of the cloud tends to reduce the creation of different versions of files, due to
shared access to documents, files and data.
Benefits of cloud computing:
• Increased Server Uptime
• Cost Efficiency
• Increased Security
• Scalability of Resources
• Independence of Location
• Increased Group Collaboration
• Backup and Disaster Recovery. Cloud Server40

38
<https://www.paessler.com/it-explained/server> accessed 14 July 2022
39
Wesley Chai,”Cloud Computing<https://www.techtarget.com/searchcloudcomputing/definition/cloud-computing>
accessed 20 July 2022
40 <https://www.javatpoint.com/cloud-server> accessed 21 July 2022
Page 51 of 240
 Unit II
Operating System and Database Management System
2.1 Introduction to Operating System
A computer system has many resources (hardware and software), which may be required to complete
a task. The commonly required resources are input/output devices, memory, file storage space, CPU,
etc. The operating system acts as a manager of the above resources and allocates them to specific
programs and users, whenever necessary to perform a particular task. Therefore the operating system
is the resource manager i.e. it can manage the resource of a computer system internally. The resources
are processor, memory, files, and I/O devices. In simple terms, an operating system is an interface
between the computer user and the machine. The operating system mainly coordinates the use of the
hardware among the various system programs and application programs for various users.
OS is mainly designed in order to serve two basic purposes:
1. The operating system mainly controls the allocation and use of the computing System’s resources
among the various user and tasks.
2. It mainly provides an interface between the computer hardware and the programmer that
simplifies and makes feasible for coding, creation of application programs and debugging.
History of Operating Systems
• The first computer, Z1, was made in 1936 – 1938. Unfortunately, this computer ran without
an operating system.
• Twenty years later, the first-ever operating system was made in 1956.
• In the 1960s, bell labs started working on building UNIX, the first multitasking operating
system.
• In 1977 the apple series came into existence. Apple Dos 3.3 was the first disk operating
system.
• In 1981, Microsoft built the first operating system called DOS by purchasing 86 – DOS
software from a Seattle company.
• The most famous Microsoft windows came into existence in 1985 when MS-DOS was paired
with GUI, a graphics environment.
2.2 Types of Operating System
• Batch operating system
Page 52 of 240
The users of a batch operating system do not interact with the computer directly. Each user prepares
his job on an off-line device like punch cards and submits it to the computer operator. To speed up
processing, jobs with similar needs are batched together and run as a group. The programmers leave
their programs with the operator and the operator then sorts the programs with similar requirements
into batches.
The problems with Batch Systems are as follows −

• Lack of interaction between the user and the job.

• CPU is often idle, because the speed of the mechanical I/O devices is slower than the CPU.
• Difficult to provide the desired priority.
• Time-sharing operating systems
Time-sharing is a technique which enables many people, located at various terminals, to use a
particular computer system at the same time. Time-sharing or multitasking is a logical extension of
multiprogramming. Processor's time which is shared among multiple users simultaneously is termed
as time-sharing.
The main difference between Multiprogrammed Batch Systems and Time-Sharing Systems is that in
case of Multiprogrammed batch systems, the objective is to maximize processor use, whereas in
Time-Sharing Systems, the objective is to minimize response time.
Multiple jobs are executed by the CPU by switching between them, but the switches occur so
frequently. Thus, the user can receive an immediate response. For example, in a transaction
processing, the processor executes each user program in a short burst or quantum of computation.
That is, if n users are present, then each user can get a time quantum. When the user submits the
command, the response time is in few seconds at most.
The operating system uses CPU scheduling and multiprogramming to provide each user with a small
portion of a time. Computer systems that were designed primarily as batch systems have been
modified to time-sharing systems.
Advantages of Timesharing operating systems are as follows −

• Provides the advantage of quick response.

• Avoids duplication of software.
• Reduces CPU idle time.
• Disadvantages of Time-sharing operating systems are as follows −
• Problem of reliability.
• Question of security and integrity of user programs and data.

Page 53 of 240
 • Problem of data communication.
• Distributed operating System
Distributed systems use multiple central processors to serve multiple real-time applications and
multiple users. Data processing jobs are distributed among the processors accordingly.
The processors communicate with one another through various communication lines (such as high-
speed buses or telephone lines). These are referred as loosely coupled systems or distributed systems.
Processors in a distributed system may vary in size and function. These processors are referred as
sites, nodes, computers, and so on.
The advantages of distributed systems are as follows −

• With resource sharing facility, a user at one site may be able to use the resources available at
another.

• Speedup the exchange of data with one another via electronic mail.
• If one site fails in a distributed system, the remaining sites can potentially continue operating.
• Better service to the customers.
• Reduction of the load on the host computer.
• Reduction of delays in data processing.
• Network operating System
A Network Operating System runs on a server and provides the server the capability to manage data,
users, groups, security, applications, and other networking functions. The primary purpose of the
network operating system is to allow shared file and printer access among multiple computers in a
network, typically a local area network (LAN), a private network or to other networks.
Examples of network operating systems include Microsoft Windows Server 2003, Microsoft
Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.
The advantages of network operating systems are as follows −

• Centralized servers are highly stable.

• Security is server managed.
• Upgrades to new technologies and hardware can be easily integrated into the system.
• Remote access to servers is possible from different locations and types of systems.
The disadvantages of network operating systems are as follows −

• High cost of buying and running a server.

• Dependency on a central location for most operations.
Page 54 of 240
 • Regular maintenance and updates are required.
• Real Time Operating System
A real-time system is defined as a data processing system in which the time interval required to
process and respond to inputs is so small that it controls the environment. The time taken by the
system to respond to an input and display of required updated information is termed as the response
time. So, in this method, the response time is very less as compared to online processing.
Real-time systems are used when there are rigid time requirements on the operation of a processor or
the flow of data and real-time systems can be used as a control device in a dedicated application. A
real-time operating system must have well-defined, fixed time constraints, otherwise the system will
fail. For example, Scientific experiments, medical imaging systems, industrial control systems,
weapon systems, robots, air traffic control systems, etc.
There are two types of real-time operating systems.
Hard real-time systems
Hard real-time systems guarantee that critical tasks complete on time. In hard real-time systems,
secondary storage is limited or missing and the data is stored in ROM. In these systems, virtual
memory is almost never found.
Soft real-time systems
Soft real-time systems are less restrictive. A critical real-time task gets priority over other tasks and
retains the priority until it completes. Soft real-time systems have limited utility than hard real-time
systems. For example, multimedia, virtual reality, Advanced Scientific Projects like undersea
exploration and planetary rovers, etc.

2.3 Operation System Operations

Modern operating systems are interrupt driven. If there are no processes to execute, no I/O devices to
service, and no users to whom to respond, an operating system will sit quietly, waiting for something
to happen. Events are signaled by the occurrence of an interrupt or a trap.
A trap (or an exception) is a software-generated interrupt. For each type of interrupt, separate
segments of code in the operating system determine what action should be taken.
An interrupt service routine is provided that is responsible for dealing with the interrupt.
a) Dual-Mode Operation
Since the operating system and the user programs share the hardware and software resources of the
computer system, it has to be made sure that an error in a user program cannot cause problems to
other programs and the Operating System running in the system. The approach taken is to use a
hardware support that allows us to differentiate among various modes of execution.

Page 55 of 240
The system can be assumed to work in two separate modes of operation:
• user mode and
• kernel mode (supervisor mode, system mode, or privileged mode).
A hardware bit of the computer, called the mode bit, is used to indicate the current mode: kernel (0)
or user (1). With the mode bit, we are able to distinguish between a task that is executed by the
operating system and one that is executed by the user.
When the computer system is executing a user application, the system is in user mode. When a user
application requests a service from the operating system (via a system call), the transition from user
to kernel mode takes place.

At system boot time, the hardware starts in kernel mode. The operating system is then loaded and
starts user applications in user mode. Whenever a trap or interrupt occurs, the hardware switches from
user mode to kernel mode (that is, changes the mode bit from 1 to 0). Thus, whenever the operating
system gains control of the computer, it is in kernel mode.
The dual mode of operation provides us with the means for protecting the operating system from
errant users and errant users from one another. The hardware allows privileged instructions to be
executed only in kernel mode. If an attempt is made to execute a privileged instruction in user mode,
the hardware does not execute the instruction but rather treats it as illegal and traps it to the operating
system. The instruction to switch to user mode is an example of a privileged instruction.
Initial control is within the operating system, where instructions are executed in kernel mode. When
control is given to a user application, the mode is set to user mode. Eventually, control is switched
back to the operating system via an interrupt, a trap, or a system call.
b) Timer Operating system uses timer to control the CPU. A user program cannot hold CPU for a
long time, this is prevented with the help of timer. A timer can be set to interrupt the computer after
a specified period.
The period may be fixed (for example, 1/60 second) or variable (for example, from 1 millisecond to
1 second).
Fixed timer – After a fixed time, the process under execution is interrupted

Page 56 of 240
Variable timer – Interrupt occurs after varying interval. This is implemented using a fixed-rate clock
and a counter. The operating system sets the counter. Every time the clock ticks, the counter is
decremented. When the counter reaches 0, an interrupt occurs. Before changing to the user mode, the
operating system ensures that the timer is set to interrupt. If the timer interrupts, control transfers
automatically to the operating system, which may treat the interrupt as a fatal error or may give the
program more time.

2.4 Process Management in Operating System

Process is the execution of a program that performs the actions specified in that program. It can be
defined as an execution unit where a program runs. The OS helps you to create, schedule, and
terminates the processes which is used by CPU. A process created by the main process is called a
child process.
Process operations can be easily controlled with the help of PCB (Process Control Block). You can
consider it as the brain of the process, which contains all the crucial information related to processing
like process id, priority, state, CPU registers, etc.
Process management involves various tasks like creation, scheduling, termination of processes, and
a dead lock. Process is a program that is under execution, which is an important part of modern-day
operating systems. The OS must allocate resources that enable processes to share and exchange
information. It also protects the resources of each process from other methods and allows
synchronization among processes.
It is the job of OS to manage all the running processes of the system. It handles operations by
performing tasks like process scheduling and such as resource allocation.

Process architecture Image

Page 57 of 240
Here, is an Architecture diagram of the Process
• Stack: The Stack stores temporary data like function parameters, returns addresses, and local
variables.
• Heap Allocates memory, which may be processed during its run time.
• Data: It contains the variable.
• Text: Text Section includes the current activity, which is represented by the value of the
Program Counter.
Process Control Blocks
PCB stands for Process Control Block. It is a data structure that is maintained by the Operating System
for every process. The PCB should be identified by an integer Process ID (PID). It helps you to store
all the information required to keep track of all the running processes.
It is also accountable for storing the contents of processor registers. These are saved when the process
moves from the running state and then returns back to it. The information is quickly updated in the
PCB by the OS as soon as the process makes the state transition.
Process States

Process States Diagram41

41
<https://www.includehelp.com/operating-systems/process-state-diagram.aspx> acccessed 21July 2022
Page 58 of 240
A process state is a condition of the process at a specific instant of time. It also defines the current
position of the process.
There are mainly seven stages of a process which are:
• New: The new process is created when a specific program calls from secondary memory/ hard
disk to primary memory/ RAM
• Ready: In a ready state, the process should be loaded into the primary memory, which is ready
for execution.
• Waiting: The process is waiting for the allocation of CPU time and other resources for
execution.
• Executing: The process is an execution state.
• Blocked: It is a time interval when a process is waiting for an event like I/O operations to
complete.
• Suspended: Suspended state defines the time when a process is ready for execution but has
not been placed in the ready queue by OS.
• Terminated: Terminated state specifies the time when a process is terminated
After completing every step, all the resources are used by a process, and memory becomes free.
2.5 Memory Management in Operating System
The term Memory can be defined as a collection of data in a specific format. It is used to store
instructions and processed data. The memory comprises a large array or group of words or bytes, each
with its own location. The primary motive of a computer system is to execute programs. These
programs, along with the information they access, should be in the main memory during execution.
The CPU fetches instructions from memory according to the value of the program counter.

The main memory is central to the operation of a modern computer. Main Memory is a large array of
words or bytes, ranging in size from hundreds of thousands to billions. Main memory is a repository
of rapidly available information shared by the CPU and I/O devices. Main memory is the place where
programs and information are kept when the processor is effectively utilizing them. Main memory
is associated with the processor, so moving instructions and information into and out of the processor
is extremely fast. Main memory is also known as RAM (Random Access Memory). This memory is
a volatile memory. RAM lost its data when a power interruption occurs.
Memory Management :
In a multiprogramming computer, the operating system resides in a part of memory and the rest is
used by multiple processes. The task of subdividing the memory among different processes is called
memory management. Memory management is a method in the operating system to manage

Page 59 of 240
operations between main memory and disk during process execution. The main aim of memory
management is to achieve efficient utilization of memory.
Memory Management is required to :
• Allocate and de-allocate memory before and after process execution.
• To keep track of used memory space by processes.
• To minimize fragmentation issues.
• To proper utilization of main memory.
• To maintain data integrity while executing of process.

Now let’s discuss the concept of logical address space and Physical address space:
Logical and Physical Address Space:
Logical Address space: An address generated by the CPU is known as “Logical Address”. It is also
known as a Virtual address. Logical address space can be defined as the size of the process. A logical
address can be changed.
Physical Address space: An address seen by the memory unit (i.e the one loaded into the memory
address register of the memory) is commonly known as a “Physical Address”. A Physical address is
also known as a Real address. The set of all physical addresses corresponding to these logical
addresses is known as Physical address space. A physical address is computed by MMU. The run-
time mapping from virtual to physical addresses is done by a hardware device Memory Management
Unit (MMU). The physical address always remains constant.
Static and Dynamic Loading:
To load a process into the main memory is done by a loader. There are two different types of loading:
• Static loading: loading the entire program into a fixed address. It requires more memory
space.
• Dynamic loading: The entire program and all data of a process must be in physical
memory for the process to execute. So, the size of a process is limited to the size of physical
memory. To gain proper memory utilization, dynamic loading is used. In dynamic loading,
a routine is not loaded until it is called. All routines are residing on disk in a relocatable
load format. One of the advantages of dynamic loading is that unused routine is never
loaded. This loading is useful when a large amount of code is needed to handle it
efficiently.
Static and Dynamic linking:
To perform a linking task a linker is used. A linker is a program that takes one or more object files
generated by a compiler and combines them into a single executable file.

Page 60 of 240
 • Static linking: In static linking, the linker combines all necessary program modules into a
single executable program. So there is no runtime dependency. Some operating systems
support only static linking, in which system language libraries are treated like any other
object module.
• Dynamic linking: The basic concept of dynamic linking is similar to dynamic loading. In
dynamic linking, “Stub” is included for each appropriate library routine reference. A stub
is a small piece of code. When the stub is executed, it checks whether the needed routine
is already in memory or not. If not available then the program loads the routine into
memory.
Swapping:
When a process is executed it must have resided in memory. Swapping is a process of swap a process
temporarily into a secondary memory from the main memory, which is fast as compared to secondary
memory. A swapping allows more processes to be run and can be fit into memory at one time. The
main part of swapping is transferred time and the total time directly proportional to the amount of
memory swapped. Swapping is also known as roll-out, roll in, because if a higher priority process
arrives and wants service, the memory manager can swap out the lower priority process and then load
and execute the higher priority process. After finishing higher priority work, the lower priority
process swapped back in memory and continued to the execution process.

Page 61 of 240
Contiguous Memory Allocation :
The main memory should oblige both the operating system and the different client
processes. Therefore, the allocation of memory becomes an important task in the operating
system. The memory is usually divided into two partitions: one for the resident operating system and
one for the user processes. We normally need several user processes to reside in memory
simultaneously. Therefore, we need to consider how to allocate available memory to the processes
that are in the input queue waiting to be brought into memory. In adjacent memory allotment, each
process is contained in a single contiguous segment of memory.

Page 62 of 240
Memory allocation:
To gain proper memory utilization, memory allocation must be allocated efficient manner. One of the
simplest methods for allocating memory is to divide memory into several fixed-sized partitions and
each partition contains exactly one process. Thus, the degree of multiprogramming is obtained by the
number of partitions.
Multiple partition allocation : In this method, a process is selected from the input queue and loaded
into the free partition. When the process terminates, the partition becomes available for other
processes.
Fixed partition allocation: In this method, the operating system maintains a table that indicates
which parts of memory are available and which are occupied by processes. Initially, all memory is
Page 63 of 240
available for user processes and is considered one large block of available memory. This available
memory is known as “Hole”. When the process arrives and needs memory, we search for a hole that
is large enough to store this process. If the requirement fulfills then we allocate memory to process,
otherwise keeping the rest available to satisfy future requests. While allocating a memory sometimes
dynamic storage allocation problems occur, which concerns how to satisfy a request of size n from a
list of free holes. There are some solutions to this problem:
First fit:
In the first fit, the first available free hole fulfills the requirement of the process allocated.

Here, in this diagram 40 KB memory block is the first available free hole that can store process A
(size of 25 KB), because the first two blocks did not have sufficient memory space.
Best fit
In the best fit, allocate the smallest hole that is big enough to process requirements. For this, we search
the entire list, unless the list is ordered by size.

Page 64 of 240
Here in this example, first, we traverse the complete list and find the last hole 25KB is the best suitable
hole for Process A (size 25KB).
In this method memory utilization is maximum as compared to other memory allocation techniques.
Worst fit: In the worst fit, allocate the largest available hole to process. This method produces the
largest leftover hole.

Here in this example, Process A (Size 25 KB) is allocated to the largest available memory block
which is 60KB. Inefficient memory utilization is a major issue in the worst fit.
Fragmentation:
A Fragmentation is defined as when the process is loaded and removed after execution from memory,
it creates a small free hole. These holes can-not be assigned to new processes because holes are not
combined or do not fulfill the memory requirement of the process. To achieve a degree of

Page 65 of 240
multiprogramming, we must reduce the waste of memory or fragmentation problem. In operating
system two types of fragmentation:
Internal fragmentation :
Internal fragmentation occurs when memory blocks are allocated to the process more than their
requested size. Due to this some unused space is leftover and creates an internal fragmentation
problem.
Example: Suppose there is a fixed partitioning is used for memory allocation and the different size
of block 3MB, 6MB, and 7MB space in memory. Now a new process p4 of size 2MB comes and
demand for the block of memory. It gets a memory block of 3MB but 1MB block memory is a waste,
and it can-not be allocated to other processes too. This is called internal fragmentation.
External fragmentation:
In external fragmentation, we have a free memory block, but we can-not assign it to process because
blocks are not contiguous.
Example: Suppose (consider above example) three process p1, p2, p3 comes with size 2MB, 4MB,
and 7MB respectively. Now they get memory blocks of size 3MB, 6MB, and 7MB allocated
respectively. After allocating process p1 process and p2 process left 1MB and 2MB. Suppose a new
process p4 comes and demands a 3MB block of memory, which is available, but we can-not assign it
because free memory space is not contiguous. This is called external fragmentation.
Both the first fit and best-fit systems for memory allocation affected by external fragmentation. To
overcome the external fragmentation problem Compaction is used. In the compaction technique, all
free memory space combines and makes one large block. So, this space can be used by other processes
effectively.
Another possible solution to the external fragmentation is to allow the logical address space of the
processes to be noncontiguous, thus permit a process to be allocated physical memory where ever the
latter is available.
Paging:
Paging is a memory management scheme that eliminates the need for contiguous allocation of
physical memory. This scheme permits the physical address space of a process to be non-contiguous.

• Logical Address or Virtual Address (represented in bits): An address generated by the CPU
• Logical Address Space or Virtual Address Space (represented in words or bytes): The set of all
logical addresses generated by a program

• Physical Address (represented in bits): An address actually available on a memory unit

• Physical Address Space (represented in words or bytes): The set of all physical addresses
corresponding to the logical addresses
Page 66 of 240
The address generated by the CPU is divided into

• Page number(p): Number of bits required to represent the pages in Logical Address
Space or Page number

• Page offset(d): Number of bits required to represent a particular word in a page or page
size of Logical Address Space or word number of a page or page offset.
Physical Address is divided into

• Frame number(f): Number of bits required to represent the frame of Physical Address
Space or Frame number frame

• Frame offset(d): Number of bits required to represent a particular word in a frame or

frame size of Physical Address Space or word number of a frame or frame offset.

2.6 Storage Management in Operating System

Storage Management refers to the processes that help make data storage easier through software or
techniques. It tries to improve and maximize the efficiency of data storage resources. Storage
management processes can deal with local or external storage such as NAS, SAN, USBs, SDDs,
HDD, the Cloud, etc.,
Storage management techniques or software can be divided into the following four subsets:
1. Performance,
2. Availability,
3. Recoverability, and
4. Capacity.
There are a variety of technologies or systems that fall into one or multiple of these subsets, these can
be:

• Volume Migration
• Storage Virtualization
• Snapshot and Mirroring
• Auto-Provisioning
• Process Automation
• Disaster and Recovery
• And more…
Page 67 of 240
As mentioned before, the goal of storage management is to improve the performance of resources,
not to expand capacity.
These techniques and software will develop the ability to store data and secure it properly.

Storage Management Advantages

We already know what is storage management and what are its methodologies, but what are the
characteristics that storage management can improve?
What advantages can it bring to the business to the IT department?
• Reduce Capital and Operational Expenses: The most significant expenses when it comes to
storage is maintaining and operating the infrastructure. The CapEx can reduce because a business
will not have to expand storage capacity that often. OpEx can also be reduced as ongoing
operations on storage are decreased.
• Makes Management Easier: Storage management systems can help users save time through
automated tasks, centralized consoles, or by logging remotely. It can also reduce the number of
IT staff needed to run the storage infrastructure. Storage management can also make virtualized
or cloud environments more comfortable to manage from a single location.
• Enhance Performance: One of the main goals of storage management is to improve the
performance of the existing storage resources. For example, compressing data can dramatically
reduce the amount of storage and improve file transfer speeds. Automatic storage provisioning
can reduce the time it takes to provision storage resources.

Page 68 of 240
 • Speed and Flexibility: Storage management solutions should be able to work in real-time and
adapt to sudden changes in the storage resources. For example, storage replication is a managed
service that replicates stored data in real-time. Storage virtualization can also help improve
flexibility and reduce wasted storage. Virtualization can create a pool of physical storage from
multiple devices into a single logical storage device. Storage capacity can be easily relocated as
the business changes needs.
• Higher Availability: This is probably one of the biggest benefits of storage management. For
example, technologies such as Replication, Snapshot and Mirroring, Migration, and Disaster and
Recovery (DR) can help you have higher availability and reliability on data. All these storage
techniques can help backup and restore data fast, but some can also serve as primary storage.

2.7 Mobile Operating System

A mobile operating system is an operating system that helps to run other application software on
mobile devices. It is the same kind of software as the famous computer operating systems like Linux
and Windows, but now they are light and simple to some extent.
The operating systems found on smartphones include Symbian OS, iPhone OS, RIM's
BlackBerry, Windows Mobile, Palm WebOS, Android, and Maemo. Android, WebOS, and Maemo
are all derived from Linux. The iPhone OS originated from BSD and NeXTSTEP, which are related
to Unix.
It combines the beauty of computer and hand use devices. It typically contains a cellular built-in
modem and SIM tray for telephony and internet connections. If you buy a mobile, the manufacturer
company chooses the OS for that specific device.
Popular platforms of the Mobile OS
1. Android OS: The Android operating system is the most popular operating system today. It is a
mobile OS based on the Linux Kernel and open-source software. The android operating system was
developed by Google. The first Android device was launched in 2008.
2. Bada (Samsung Electronics): Bada is a Samsung mobile operating system that was launched in
2010. The Samsung wave was the first mobile to use the bada operating system. The bada operating
system offers many mobile features, such as 3-D graphics, application installation, and multipoint-
touch.
3. BlackBerry OS: The BlackBerry operating system is a mobile operating system developed
by Research In Motion (RIM). This operating system was designed specifically for BlackBerry
handheld devices. This operating system is beneficial for the corporate users because it provides
synchronization with Microsoft Exchange, Novell GroupWise email, Lotus Domino, and other
business software when used with the BlackBerry Enterprise Server.
Page 69 of 240
4. iPhone OS / iOS: The iOS was developed by the Apple inc for the use on its device. The iOS
operating system is the most popular operating system today. It is a very secure operating system.
The iOS operating system is not available for any other mobiles.
5. Symbian OS: Symbian operating system is a mobile operating system that provides a high-level
of integration with communication. The Symbian operating system is based on the java language. It
combines middleware of wireless communications and personal information management (PIM)
functionality. The Symbian operating system was developed by Symbian Ltd in 1998 for the use of
mobile phones. Nokia was the first company to release Symbian OS on its mobile phone at that time.
6. Windows Mobile OS: The window mobile OS is a mobile operating system that was developed
by Microsoft. It was designed for the pocket PCs and smart mobiles.
7. Harmony OS: The harmony operating system is the latest mobile operating system that was
developed by Huawei for the use of its devices. It is designed primarily for IoT devices.
8. Palm OS: The palm operating system is a mobile operating system that was developed by Palm
Ltd for use on personal digital assistants (PADs). It was introduced in 1996. Palm OS is also known
as the Garnet OS.
9. WebOS (Palm/HP): The WebOS is a mobile operating system that was developed by Palm. It
based on the Linux Kernel. The HP uses this operating system in its mobile and touchpads.

2.8 Open Source Operating System

The first Open Source software is made available in 1997. Now there are Open Source alternatives
for every Software application irrespective of the industry. From the very beginning of the 21st-
century, technical advancements and innovations lead to the creation of many Open Source Operating
Systems. Open source refers to the computer software or applications where the owners or copyright
holders allow the users or third party to see, use and provide the right to modify the source code of
the product. An Open-source Operating System is the Operating System in which source code is
visible publicly and editable. The generally known Operating Systems like Microsoft’s
Windows, Apple’s iOS and Mac OS, are closed Operating system.
Closed Operating Systems are built with numerous codes and complex programming and that is
called source code. This source code is kept secret by the respective companies (owners) and
inaccessible to third parties. By doing so, they ensure the safety and secure the Operating System and
computer from any threats.
Open Source Operating System works the same as the closed ones; the only difference is that the
source code or the whole application is modifiable by the user. There is no difference in performance,
but there can be a difference in functioning.

Page 70 of 240
For example, in a proprietary (closed) Operating system, the information is packed and stored. The
same happens in the Open Source. But since the source code is visible to you (user) you can
understand the process and alter the way information is processed.
Types of Open Source Operating System
Most of the Open Source Operating Systems are Linux based.

▪ Linux Kernel is created by Linus Torvalds. It provides the core functions needed for an
Operating System like Parceling of data, processing of memory, and interactions with the
computer hardware. Linux is open-source many developers studied the source code and
created many supportive plug-ins and operating systems for their needs. Though Linux is the
heart of the operating systems, there are also some Open Source

▪ Operating Systems that are not based on Linux.

There are many types of Operating systems that differ between them based on their goal and purpose.
While some of them, like – Ubuntu, Linux Mint, and Elementary OS focus on simplicity, some
like Tails focus on security.
Pros and Cons of Open Source Operating Systems:
Pros:

▪ Cost-efficient – Most of the Open Source OS is free. And some of them are available at a very
cheap rate than the commercial closed products.

▪ Reliable and efficient – Most of them are monitored by thousands of eyes since the source
code is public. So, if there is any vulnerability or bugs, they are fixed by the best developers
around the world

▪ Flexibility- The great advantage is you can customize it as per your need. And there is creative
freedom.
Cons:

▪ Security risk – Though the bugs are identified, there is a risk of attacks as the source code is
available to the attackers.

▪ Complicated – It is not user-friendly as the closed ones. You need to have the minimum
technical knowledge to use this software

▪ No support – If you meet with the problem, then there is no customer support to help you out.

Page 71 of 240
2.9 Mac Operating System
The macOS is a better operating system as compared to others like Windows, Linux-based
derivatives, Debian Ubuntu & GNU, or Linux. The Unix-based OS which is developed by Apple Inc
has gained so much popularity because of its effective marketing & business strategies some
disadvantages make Mac Operating System not a competent alternative to Windows.

History of Mac OS
The desktop operating system like macOS is used in Apple products like iMacs & MacBooks. This
operating system was launched in 2001 and named it MacOS X. The history of MacOS is as follows.
macOS has been known for several years due to its simplicity, security, different accessibility
options, advanced technologies, and many more. This operating system has been used in different
Apple products so that every user can easily use and navigate.
OS X or macOS has turned into a brand for both Apple and Mac devices. After a few days, the Apple
operating system was launched, which is known as iOS. So, the growth of OS X from 2001 to current
versions in 2020 like macOS, there are different versions has been released.
Advantages of Mac OS
The advantages of Mac OS include the following.

• The user interface is Streamlined without compromising its functions

• Operating system & hardware integration is consistent
• Less security and malware issues
• Integration can be done through other Apple devices like iOS devices
• Multitasking feature
• Bundled through various free productivity applications
• Customer support is good
• Same graphical user interface for all the devices
• Long life
• Good performance
• Default apps
• Support FAT & NTFS
• Can run Windows
Page 72 of 240
Disadvantages of Mac OS
The disadvantages of Mac OS include the following.
▪ It is expensive
▪ It supports fewer games & software
▪ There is no customization for hardware
▪ macOS file system cannot be read by Window
▪ Less hardware used
▪ Mac-based products are very expensive
▪ Options are limited
▪ Hardware upgrading has the flexibility.42

2.10 Windows Operating System

Windows is a graphical operating system developed by Microsoft. It allows users to view and store
files, run the software, play games, watch videos, and provides a way to connect to the internet. It
was released for both home computing and professional works.
Microsoft introduced the first version as 1.0. It was released for both home computing and
professional functions of Windows on 10 November 1983. Later, it was released on many versions
of Windows as well as the current version, Windows 10.
In 1993, the first business-oriented version of Windows was released, which is known as Windows
NT 3.1. Then it introduced the next versions, Windows 3.5, 4/0, and Windows 2000. When the XP
Windows was released by Microsoft in 2001, the company designed its various versions for a personal
and business environment. It was designed based on standard x86 hardware, like Intel and AMD
processor. Accordingly, it can run on different brands of hardware, such as HP, Dell, and Sony
computers, including home-built PCs.
Editions of Windows
Microsoft has produced several editions of Windows, starting with Windows XP. These versions have
the same core operating system, but some versions included advance features with an additional cost.
There are two most common editions of Windows:

◦ Windows Home
◦ Windows Professional
Windows Home

42
<https://informationq.com/overview-mac-os/> accessed 14 July 2022
Page 73 of 240
Windows Home is basic edition of Windows. It offers all the fundamental functions of Windows,
such as browsing the web, connecting to the Internet, playing video games, using office software,
watching videos. Furthermore, it is less expensive and comes pre-installed with many new computers.
Windows Professional
Windows Professional is also known as Window Pro or win Pro. It is an enhanced edition of
Windows, which is beneficial for power users and small to medium-size businesses. It contains all
features of Windows Home as well as the following:

◦ Remote Desktop: Windows Professional editions allow users to create a remote desktop
connection. It provides users the option to connect with another computer remotely, including
share the control of its mouse, keyboard, and view display. It is mainly accessed with the help
of port 3389. Additionally, we can also use the TeamViewer or VNC application to create a
remote desktop connection.

◦ Trusted Boot: It provides security as encrypting to the boot loader and protects the computer
from rootkits (Collection of software tools that allow users to enter another computer through
an unauthorized way known as rootkits).

◦ Bitlocker: It allows users to encrypt a storage drive by using AES (Advanced Encryption
Standard) algorithm. This feature is present in Windows 7, and Windows Vista (Only ultimate
and Enterprise versions), including Windows Server 2008.
Business laptops or computers mainly use the Bitlocker feature to protect their data on the computer.
If computer has been stolen, it is very difficult to break the Bitlocker password. It can be unlocked
by entering the correct password only. Furthermore, if you forget your Bitlocker password, it cannot
be retrieved.

◦ Windows Sandbox: A sandbox is located on a computer, network, or an online service enables

users to experiment or test computer security without interrupting the system.

◦ Hyper-V: It stands for a hypervisor, and developed by Microsoft Corporation on 26 June

2008. It is also called Windows Server Virtualization. Hyper-V is used for virtualization of
x86-64 servers, running virtual machines and third-party software like VirtualBox.

◦ Group policy management: An admin can specify group policies in an organization to manage
different Windows users.

◦ It provides support for the systems that have more than 128 GB of RAM.
◦ Furthermore, it also offers more Windows update installation options as well as flexible
scheduling and postponement around 34 days.

Page 74 of 240
2.11 Difference between the Windows, MAC and Linux Operating Systems.

Parameters Windows MAC Linux

Basic difference Windows was first This operating It was initially

and history released in 1985. It system from Apple developed at Finnish
was supposed to be a stands older than University. It was
graphical user Windows. It was released in 1991 and
interface on top of first released in designed for GNU
MS-DOS. All 1984. It began as a developers. GNU
features of MS-DOS graphical user developers later
were later integrated interface right from integrated it into
with Windows 95 its inception. In Linux. It is open to
release. It was a huge 2005 the design and consumers, and
success in and led to structure of MAC everyone can use it as
the Windows OS were changed to per their specifications.
transition. Intel x86 based
architecture.

Page 75 of 240
File structure Windows follows a The file structure of Linux has a completely
directory structure to MAC is commonly different file structure
store the different known as MAC OS form Windows and
kinds of files of the X. If you go to dig MAC. It was
user. It has logical into your MAC’s developed with a
drives and cabinet hard disk through different code base. It
drawers. It also has the finder, you will stores data in the form
folders. Some see many of a tree. There is a
common folders like directories. The root single file tree, and all
documents, pictures, directory of MAC your drives are
music, videos, and may encounter mounted over this tree.
downloads. All these when they visit their
files can be stored in own MAC book.
these folders, and also You can explore the
new folders can be file system and
created. It also has directory structure
files which can be a by going to
spreadsheet or an directories like
application program. /Application,
It can have extensions /Developer, /sbin,
as .txt, .jpg etc. /tmp, etc.

In addition to this,
Windows also
provides a recycle bin
where all deleted files
can be stored.
Recycle bin can be
configured to
increase its size.

Page 76 of 240
Registry Windows registry is a MAC stores all Linux also does not
master database that application settings have a specific registry
is used to store all in a series of .plist of its own. All
settings on your files, which have application setting is
computer. It is the various stored on a program
responsible for preferences folder basis under the
storing all user in MAC. This .plist different users in the
information with its file contains all same hierarchy format
passwords, and properties in either of the files being
device relate plain text or binary stored. There is no
information. The format. These are centralized database
registry also has an stored at: for storing these
editor which allows details, and so periodic
you to view all keys /Library/Preference cleaning is also not
and values or even s folder required.
drivers if necessary.

Interchangeable Windows interface MAC has a facility Linux is easy to switch

Interfaces was not to bridge virtual interfaces. You can
interchangeable until network interfaces. switch the
Windows 8. This can be done by environment without
Windows XP had going to system having to carry all
some improvements preferences and installations. There are
but not par. Start managing the utilities like GNOME
menu, taskbar, interfaces. and KDE which help in
system tray, and catering to these needs.
Windows Explorer. They help in focusing
on different aspects.

Page 77 of 240
 Command A terminal or MAC provides a Linux also provides a
terminal command prompt is a console as a terminal. You can find
black box ideally terminal terminal at:
used to execute application. It has a Applications ->
commands. It is also console, command System or Application
called the Windows line, prompt and s -> Utilities. In
Command Processor. terminal. A addition to this, there is
It is used to execute Command-line is also a shell prompt.
commands and used to type your The most common
different batch files. commands. Prompt shell used in bash. It
It can also be used for will provide you defines how the
administrative with some terminal will behave
functions and information and and look when it is run.
troubleshoot and also enable you to
solve all windows run commands. A
issues. terminal is an actual
interface that will
provide the modern
graphical user
interface as well.
You can find the
terminal at
Applications ->
Utilities.

2.12 Introduction to Database Management System (DBMS)

The database is a collection of inter-related data which is used to retrieve, insert and delete the data
efficiently. It is also used to organize the data in the form of a table, schema, views, and reports, etc.
For example: The college Database organizes the data about the admin, staff, students and faculty
etc.
Using the database, you can easily retrieve, insert, and delete the information.

Page 78 of 240
 • Database management system is a software which is used to manage the database. For example:
MySQL, Oracle, etc. are a very popular commercial database which is used in different
applications.

• DBMS provides an interface to perform various operations like database creation, storing data
in it, updating data, creating a table in the database and a lot more.

• It provides protection and security to the database. In the case of multiple users, it also maintains
data consistency.
DBMS allows users the following tasks:

• Data Definition: It is used for creation, modification, and removal of definition that defines the
organization of data in the database.

• Data Updation: It is used for the insertion, modification, and deletion of the actual data in the
database.

• Data Retrieval: It is used to retrieve the data from the database which can be used by
applications for various purposes.

• User Administration: It is used for registering and monitoring users, maintain data integrity,
enforcing data security, dealing with concurrency control, monitoring performance and
recovering information corrupted by unexpected failure.
Advantages of DBMS

• Controls database redundancy: It can control data redundancy because it stores all the data in
one single database file and that recorded data is placed in the database.

• Data sharing: In DBMS, the authorized users of an organization can share the data among
multiple users.

• Easily Maintenance: It can be easily maintainable due to the centralized nature of the database
system.

• Reduce time: It reduces development time and maintenance need.

• Backup: It provides backup and recovery subsystems which create automatic backup of data
from hardware and software failures and restores the data if required.

• multiple user interface: It provides different types of user interfaces like graphical user
interfaces, application program interfaces.
Disadvantages of DBMS

Page 79 of 240
 • Cost of Hardware and Software: It requires a high speed of data processor and large memory size
to run DBMS software.
• Size: It occupies a large space of disks and large memory to run them efficiently.
• Complexity: Database system creates additional complexity and requirements.
• Higher impact of failure: Failure is highly impacted the database because in most of the
organization, all the data stored in a single database and if the database is damaged due to electric
failure or database corruption then the data may be lost forever.
2.13 Characteristics of Database Management System
A number of characteristics distinguish the database approach from the much older approach of
programming with files.
In traditional file processing, each user defines and implements the files needed for a specific software
application as part of programming the application.
The main characteristics of the database approach versus the file-processing approach are the
following:

• Self-describing nature of a database system.

• Insulation between programs and data, and data abstraction.
• Support of multiple views of the data.
• Sharing of data and multiuser transaction processing.
The database approach has some very characteristic features which are discussed in detail below:
Structured and Described Data:
• Fundamental feature of the database approach is that the database system does not only contain
the data but also the complete definition and description of these data.
• These descriptions are basically detailing about the extent, the structure, the type and the format
of all data and, additionally, the relationship between the data. This kind of stored data is called
metadata ("data about data").
Separation of Data and Applications:
• Application software does not need any knowledge about the physical data storage like
encoding, format, storage place, etc. It only communicates with the management system of a
database (DBMS) via a standardized interface with the help of a standardized language like
SQL.
Data Integrity:
• Data integrity is a byword for the quality and the reliability of the data of a database system.

Page 80 of 240
 • In a broader sense data integrity includes also the protection of the database from unauthorized
access (confidentiality) and unauthorized changes. Data reflect facts of the real world.
Transactions :
• A transaction is a bundle of actions which are done within a database to bring it from one
consistent state to a new consistent state. In between the data are inevitable inconsistent.
Data Persistence:
• Data persistence means that in a DBMS all data is maintained as long as it is not deleted
explicitly.
• The life span of data needs to be determined directly or indirectly be the user and must not be
dependent on system features.
• Additionally data once stored in a database must not be lost. Changes of a database which are
done by a transaction are persistent.
• When a transaction is finished even a system crash cannot put the data in danger.43

2.14 Purpose of Database System

The purpose of database systems is to make the database user-friendly and do easy operations. Users
can easily insert, update, and delete. Actually, the main purpose is to have more control of the data.
The purpose of database systems is to manage the following insecurities:

• data redundancy and inconsistency,

• difficulty in accessing data,
• data isolation,
• atomicity of updates,
• concurrent access,
• security problems, and
• supports multiple views of data.
Avoid data redundancy and inconsistency:
If there are multiple copies of the same data, it just avoids it. It just maintains data in a single
repository. Also, the purpose of database systems is to make the database consistent.
Difficulty in accessing data:

43
“Advantages of DBMS”<https://www.cseworldonline.com/dbms-tutorial/advantages-of-dbms.php> accessed 15 July
2022
Page 81 of 240
A database system can easily manage to access data. Through different queries, it can access data
from the database.
Data isolation:
Data are isolated in several fields in the same database.
Atomicity of updates:
In case of power failure, the database might lose data. So, this feature will automatically prevent data
loss.
Concurrent Access :
Users can have multiple access to the database at the same time.
Security problems:
Database systems will make the restricted access. So, the data will not be vulnerable.
Supports multiple views of data:
It can support multiple views of data to give the required view as their needs. Only database admins
can have a complete view of the database. We cannot allow the end-users to have a view of
developers.44

Database System45
2.15 Data Models
Data Model is the modeling of the data description, data semantics, and consistency constraints of
the data. It provides the conceptual tools for describing the design of a database at each level of data
abstraction. Therefore, there are following four data models used for understanding the structure of
the database:

44
Purpose of Database systems || Database Management System<https://bcisnotes.com/fourthsemester/purpose-of-
database-systems/> accessed 15 July 2022
45
<https://bcisnotes.com/fourthsemester/purpose-of-database-systems/> accessed 21 July 2022
Page 82 of 240
 Data Models46
1) Relational Data Model: This type of model designs the data in the form of rows and columns
within a table. Thus, a relational model uses tables for representing data and in-between relationships.
Tables are also called relations. This model was initially described by Edgar F. Codd, in 1969. The
relational data model is the widely used model which is primarily used by commercial data processing
applications.
2) Entity-Relationship Data Model: An ER model is the logical representation of data as objects
and relationships among them. These objects are known as entities, and relationship is an association
among these entities. This model was designed by Peter Chen and published in 1976 papers. It was
widely used in database designing. A set of attributes describe the entities. For example,
student_name, student_id describes the 'student' entity. A set of the same type of entities is known as
an 'Entity set', and the set of the same type of relationships is known as 'relationship set.’
3) Object-based Data Model: An extension of the ER model with notions of functions,
encapsulation, and object identity, as well. This model supports a rich type system that includes
structured and collection types. Thus, in 1980s, various database systems following the object-
oriented approach were developed. Here, the objects are nothing but the data carrying its properties.
4) Semi-structured Data Model: This type of data model is different from the other three data
models (explained above). The semi-structured data model allows the data specifications at places
where the individual data items of the same type may have different attributes sets. The Extensible
Markup Language, also known as XML, is widely used for representing the semi-structured data.
Although XML was initially designed for including the markup information to the text document, it
gains importance because of its application in the exchange of data.47

46
Data models <https://www.javatpoint.com/data-models> accessed 21 July 2022
47
Data Models<https://www.javatpoint.com/data-models> 15 July 2022
Page 83 of 240
2.16 Database Architecture
Database architecture uses programming languages to design a particular type of software for
businesses or organizations. Database architecture focuses on the design, development,
implementation and maintenance of computer programs that store and organize information for
businesses, agencies and institutions. A database architect develops and implements software to meet
the needs of users.
The design of a DBMS depends on its architecture. It can be centralized or decentralized or
hierarchical. The architecture of a DBMS can be seen as either single tier or multi-tier. The tiers are
classified as follows:

• 1-tier architecture
• 2-tier architecture
• 3-tier architecture
• n-tier architecture

1-tier architecture

1-tier architecture:
One-tier architecture involves putting all of the required components for a software application or
technology on a single server or platform.
Basically, a one-tier architecture keeps all of the elements of an application, including the interface,
Middleware and back-end data, in one place. Developers see these types of systems as the simplest
and most direct way.

Page 84 of 240
2-tier architecture:
The two-tier is based on Client Server architecture. The two-tier architecture is like client server
application. The direct communication takes place between client and server. There is no intermediate
between client and server.

2-tier architecture
3-tier architecture:
A 3-tier architecture separates its tiers from each other based on the complexity of the users and how
they use the data present in the database. It is the most widely used architecture to design a DBMS.

3-tier architecture

Page 85 of 240
This architecture has different usages with different applications. It can be used in web applications
and distributed applications. The strength in particular is when using this architecture over distributed
systems.
• Database (Data) Tier − At this tier, the database resides along with its query processing
languages. We also have the relations that define the data and their constraints at this level.
• Application (Middle) Tier − At this tier reside the application server and the programs that
access the database. For a user, this application tier presents an abstracted view of the
database. End-users are unaware of any existence of the database beyond the application. At
the other end, the database tier is not aware of any other user beyond the application tier.
Hence, the application layer sits in the middle and acts as a mediator between the end-user
and the database.
• User (Presentation) Tier − End-users operate on this tier and they know nothing about any
existence of the database beyond this layer. At this layer, multiple views of the database can
be provided by the application. All views are generated by applications that reside in the
application tier.
n-tier architecture:
N-tier architecture would involve dividing an application into three different tiers. These would be
the logic tier,the presentation tier, and the data tier.

n-tier architecture
It is the physical separation of the different parts of the application as opposed to the usually
conceptual or logical separation of the elements in the model-view-controller (MVC) framework.
Another difference from the MVC framework is that n-tier layers are connected linearly, meaning all

Page 86 of 240
communication must go through the middle layer, which is the logic tier. In MVC, there is no actual
middle layer because the interaction is triangular; the control layer has access to both the view and
model layers and the model also accesses the view; the controller also creates a model based on the
requirements and pushes this to the view. However, they are not mutually exclusive, as the MVC
framework can be used in conjunction with the n-tier architecture, with the n-tier being the overall
architecture used and MVC used as the framework for the presentation tier.
Normalization of Database:
Database Normalisation is a technique of organizing the data in the database. Normalization is a
systematic approach of decomposing tables to eliminate data redundancy and undesirable
characteristics like Insertion, Update and Deletion Anamolies. It is a multi-step process that puts data
into tabular form by removing duplicated data from the relation tables.
Normalization is used for mainly two purpose,

◦ Eliminating reduntant(useless) data.

◦ Ensuring data dependencies make sense i.e data is logically stored.
Problem Without Normalization: Without Normalization, it becomes difficult to handle and update
the database, without facing data loss. Insertion, Updation and Deletion Anomalies are very frequent
if Database is not Normalized.48

2.17 Comparison between Traditional File System and Database Management

System
File system
A file system is a technique of arranging the files in a storage medium like a hard disk, pen drive,
DVD, etc. It helps you to organizes the data and allows easy retrieval of files when they are required.
It mostly consists of different types of files like mp3, mp4, txt, doc, etc. that are grouped into
directories.
A file system enables you to handle the way of reading and writing data to the storage medium. It is
directly installed into the computer with the Operating systems such as Windows and Linux.
DBMS
Database Management System (DBMS) is a software for storing and retrieving user’s data while
considering appropriate security measures. It consists of a group of programs that manipulate the
database. The DBMS accepts the request for data from an application and instructs the DBMS engine

48
Faysal Ahmed,"DatabaseArchitecture”<https://medium.com/oceanize-geeks/concepts-of-database-architecture-
dfdc558a93e4> accessed 21 July 2022
Page 87 of 240
to provide the specific data. In large systems, a DBMS helps users and other third-party software to
store and retrieve data.

Key Differences:
• A file system is a software that manages and organizes the files in a storage medium, whereas
DBMS is a software application that is used for accessing, creating, and managing databases.
• The file system doesn’t have a crash recovery mechanism on the other hand, DBMS provides a
crash recovery mechanism.
• Data inconsistency is higher in the file system. On the contrary Data inconsistency is low in a
database management system.
• File system does not provide support for complicated transactions, while in the DBMS system, it is
easy to implement complicated transactions using SQL.
• File system does not offer concurrency, whereas DBMS provides a concurrency facility.

Features of a File system

Here are important elements of the file system:
• It helps you to store data in a group of files.
• Files data are dependent on each other.
• C/C++ and COBOL languages were used to design the files.
• Shared File System Support
• Fast File System Recovery.
Features of DBMS:
Here, are essential features of DBMS:
• A user-accessible catalog of data
• Transaction support
• Concurrency control with Recovery services
• Authorization services
• The value of data is the same at all places.
• Offers support for data communication
• Independent utility services
• Allows multiple users to share a file at the same time
Difference between Filesystem vs. DBMS
Here, are the difference between File System and DBMS

Page 88 of 240
File System DBMS

A file system is a software that manages and DBMS or Database Management System is a
organizes the files in a storage medium. It software application. It is used for accessing,
controls how data is stored and retrieved. creating, and managing databases.

The file system provides the details of data DBMS gives an abstract view of data that hides
representation and storage of data. the details

Storing and retrieving of data can’t be done DBMS is efficient to use as there are a wide
efficiently in a file system. variety of methods to store and retrieve data.

It does not offer data recovery processes. There is a backup recovery for data in DBMS.

The file system doesn’t have a crash recovery DBMS provides a crash recovery mechanism
mechanism.

Protecting a file system is very difficult. DBMS offers good protection mechanism.

In a file management system, the redundancy of The redundancy of data is low in the DBMS
data is greater. system.

Data inconsistency is higher in the file system. Data inconsistency is low in a database
management system.

The file system offers lesser security. Database Management System offers high
security.

File System allows you to stores the data as Database Management System stores data as
isolated data files and entities. well as defined constraints and interrelation.

Not provide support for complicated Easy to implement complicated transactions.

transactions.

The centralization process is hard in File Centralization is easy to achieve in the DBMS
Management System. system.

It doesn’t offer backup and recovery of data if it DBMS system provides backup and recovery of
is lost. data even if it is lost.

Advantages of File system

Here are pros/benefits of file system:

Page 89 of 240
 • Enforcement of development and maintenance standards.
• Helps you to reduce redundancy
• Avoid inconsistency across file maintenance to get the integrity of data independence.
• Firm theoretical foundation (for the relational model).
• It is more efficient and cost less than a DBMS in certain situations.
• The design of file processing is simpler than designing Database.
Advantages of DBMS system
Here, are pros/benefits of DBMS system:
• DBMS offers a variety of techniques to store & retrieve data
• Uniform administration procedures for data
• Application programmers never exposed to details of data representation and Storage.
• A DBMS uses various powerful functions to store and retrieve data efficiently.
• Offers Data Integrity and Security
• The DBMS implies integrity constraints to get a high level of protection against prohibited
access to data.
• Reduced Application Development Time
• Consume lesser space
• Reduction of redundancy

• Data Independence
Application of File system
Here, are an important application of the file system:
• Language-specific run-time libraries
• API programs using it to make requests of the file system
• It is used for data transfer and positioning.
• Helps you to update the metadata
• Managing directories.
Application of the DBMS system
Here, are important applications of the DBMS system:
• Admission System Examination System Library System
• Payroll & Personnel Management System
• Accounting System Hotel Reservation System Airline Reservation System

Page 90 of 240
• It is used in the Banking system for Customer information, account activités, Payments, déposits,
loans, etc.
• Use for Airlines for reservations and schedules
• DBMS system also used by universities to keep call records, monthly bills, maintaining balances,
etc.
• Finance for storing information about stock, sales, and purchases of financial instruments like
stocks and bonds.

Disadvantages of File system

Here, are cons/drawback of the file system:
• Each application has its data file so, the same data may have to be recorded and stored many times.
• Data dependence in the file processing system are data-dependent, but, the problem is incompatible
with file format.
• Limited data sharing.
• The problem with security.
• Time-consuming.
• It allows you to maintain the record of the big firm having a large number of items.
• Required lots of labor work to do.

Disadvantages of the DBMS system

Here, are some cons/drawbacks of the DBMS system:
• Cost of Hardware and Software of a DBMS is quite high, which increases the budget of your
organization.
• Most database management systems are often complex systems, so the training for users to use the
DBMS is required.
• The use of the same program at a time by many users sometimes lead to the loss of some data.
• DBMS can’t perform sophisticated calculations
• Data-sets begins to grow large as it provides a more predictable query response time.

• It required a processor with the high speed of data processing.

• The database can fail because or power failure or the whole system stops.

Page 91 of 240
• The cost of DBMS is depended on the environment, function, or recurrent annual maintenance
cost.49

2.18 Database Applications

• Telecom: There is a database to keeps track of the information regarding calls made, network usage,
customer details etc. Without the database systems it is hard to maintain that huge amount of data
that keeps updating every millisecond.
• Industry: Where it is a manufacturing unit, warehouse or distribution centre, each one needs a
database to keep the records of ins and outs. For example, distribution centre should keep a track
of the product units that supplied into the centre as well as the products that got delivered out from
the distribution centre on each day; this is where DBMS comes into picture.
• Banking System: For storing customer info, tracking day to day credit and debit transactions,
generating bank statements etc. All this work has been done with the help of Database management
systems.
• Sales: To store customer information, production information and invoice details.
• Airlines: To travel though airlines, we make early reservations, this reservation information along
with flight schedule is stored in database.
• Education sector: Database systems are frequently used in schools and colleges to store and
retrieve the data regarding student details, staff details, course details, exam details, payroll data,
attendance details, fees details etc. There is a hell lot amount of inter-related data that needs to be
stored and retrieved in an efficient manner.
• Online shopping: You must be aware of the online shopping websites such as Amazon, Flipkart
etc. These sites store the product information, your addresses and preferences, credit details and
provide you the relevant list of products based on your query. All this involves a Database
management system.50

49
Richard Peterson,”File System vs DBMS: Key Differences”<https://www.guru99.com/difference-between-file-
system-and-dbms.html> 15 July 2022
50
Chaitanya Singh,”Database Applications – DBMS”<https://beginnersbook.com/2015/04/database-applications/>
accessed 15 July 2022
Page 92 of 240
2.19 Entity Relationship Diagram (ER-Diagram)
ER-Diagram is a pictorial representation of data that describes how data is communicated and related
to each other. Any object, such as entities, attributes of an entity, sets of relationship, and other
attributes of relationship, can be characterized with the help of the ER diagram.
Entities: They are represented using the rectangle-shaped box. These rectangles are named with the
entity set they represent.

ER modeling is a top-down structure to database design that begins with identifying the important
data called entities and relationships in combination with the data that must be characterized in the
model. Then database model designers can add more details such as the information they want to hold
about the entities and relationships, which are the attributes and any constraints on the entities,
relationships, and attributes. ER modeling is an important technique for any database designer to
master and forms the basis of the methodology.
• Entity type: It is a group of objects with the same properties that are identified by the
enterprise as having an independent existence. The basic concept of the ER model is the entity
type that is used to represent a group of 'objects' in the 'real world' with the same properties.
An entity type has an independent existence within a database.
• Entity occurrence: A uniquely identifiable object of an entity type.
Diagrammatic Representation of Entity Types
Each entity type is shown as a rectangle labeled with the name of the entity, which is usually a singular
noun.

What is Relationship Type?

Page 93 of 240
A relationship type is a set of associations between one or more participating entity types. Each
relationship type is given a name that describes its function.
Here is a diagram showing how relationships are formed in a database.

What is a degree of Relationship?

The entities occupied in a particular relationship type are referred to as participants in that
relationship. The number of participants involved in a relationship type is termed as the degree of that
relationship.
In the above-figured example, "Branch has a staff", there is a relationship between two participating
entities. A relationship of degree two is called binary degree (relationship).
What are Attributes?
Attributes are the properties of entities that are represented using ellipse-shaped figures. Every
elliptical figure represents one attribute and is directly connected to its entity (which is represented
as a rectangle).

Page 94 of 240
It is to be noted that multi-valued attributes are represented using double ellipse like this:

Relationships
A diamond-shaped box represents relationships. All the entities (rectangle-shaped) participating in a
relationship get connected using a line.

There are four types of relationships. These are:

• One-to-one: When only a single instance of an entity is associated with the relationship, it is
termed as '1:1'.
• One-to-many: When more than one instance of an entity is related and linked with a relationship,
it is termed as '1:N'.
• Many-to-one: When more than one instance of an entity is linked with the relationship, it is termed
as 'N:1'.
• Many-to-many: When more than one instance of an entity on the left and more than one instance
of an entity on the right can be linked with the relationship, then it is termed as N:N relationship.51

2.20 Introduction to Relational Database

A relational database is a type of database that stores and provides access to data points that are related
to one another. Relational databases are based on the relational model, an intuitive, straightforward
way of representing data in tables. In a relational database, each row in the table is a record with a
unique ID called the key. The columns of the table hold attributes of the data, and each record usually
has a value for each attribute, making it easy to establish the relationships among data points.

A relational database example:

51
ER Model<https://www.w3schools.in/dbms/planning-design-administration> accessed 15 July 2i
Page 95 of 240
Here’s a simple example of two tables a small business might use to process orders for its products.
The first table is a customer info table, so each record includes a customer’s name, address, shipping
and billing information, phone number, and other contact information. Each bit of information (each
attribute) is in its own column, and the database assigns a unique ID (a key) to each row. In the second
table a customer order table each record includes the ID of the customer that placed the order, the
product ordered, the quantity, the selected size and color, and so on but not the customer’s name or
contact information.
These two tables have only one thing in common: the ID column (the key). But because of that
common column, the relational database can create a relationship between the two tables. Then, when
the company’s order processing application submits an order to the database, the database can go to
the customer order table, pull the correct information about the product order, and use the customer
ID from that table to look up the customer’s billing and shipping information in the customer info
table. The warehouse can then pull the correct product, the customer can receive timely delivery of
the order, and the company can get paid.
How relational databases are structured
The relational model means that the logical data structures the data tables, views, and indexes are
separate from the physical storage structures. This separation means that database administrators can
manage physical data storage without affecting access to that data as a logical structure. For example,
renaming a database file does not rename the tables stored within it.
The distinction between logical and physical also applies to database operations, which are clearly
defined actions that enable applications to manipulate the data and structures of the database. Logical
operations allow an application to specify the content it needs, and physical operations determine
how that data should be accessed and then carries out the task.
To ensure that data is always accurate and accessible, relational databases follow certain integrity
rules. For example, an integrity rule can specify that duplicate rows are not allowed in a table in order
to eliminate the potential for erroneous information entering the database.

The relational model

In the early years of databases, every application stored data in its own unique structure. When
developers wanted to build applications to use that data, they had to know a lot about the particular
data structure to find the data they needed. These data structures were inefficient, hard to maintain,
and hard to optimize for delivering good application performance. The relational database model was
designed to solve the problem of multiple arbitrary data structures.
The relational data model provided a standard way of representing and querying data that could be
used by any application. From the beginning, developers recognized that the chief strength of the
Page 96 of 240
relational database model was in its use of tables, which were an intuitive, efficient, and flexible way
to store and access structured information.
Over time, another strength of the relational model emerged as developers began to use structured
query language (SQL) to write and query data in a database. For many years, SQL has been widely
used as the language for database queries. Based on relational algebra, SQL provides an internally
consistent mathematical language that makes it easier to improve the performance of all database
queries. In comparison, other approaches must define individual queries.
Benefits of relational database management system
The simple yet powerful relational model is used by organizations of all types and sizes for a broad
variety of information needs. Relational databases are used to track inventories, process ecommerce
transactions, manage huge amounts of mission-critical customer information, and much more. A
relational database can be considered for any information need in which data points relate to each
other and must be managed in a secure, rules-based, consistent way.
Relational databases have been around since the 1970s. Today, the advantages of the relational model
continue to make it the most widely accepted model for databases.
Relational model and data consistency
The relational model is the best at maintaining data consistency across applications and database
copies (called instances). For example, when a customer deposits money at an ATM and then looks
at the account balance on a mobile phone, the customer expects to see that deposit reflected
immediately in an updated account balance. Relational databases excel at this kind of data
consistency, ensuring that multiple instances of a database have the same data all the time.
It’s difficult for other types of databases to maintain this level of timely consistency with large
amounts of data. Some recent databases, such as NoSQL, can supply only “eventual consistency.”
Under this principle, when the database is scaled or when multiple users access the same data at the
same time, the data needs some time to “catch up.” Eventual consistency is acceptable for some uses,
such as to maintain listings in a product catalog, but for critical business operations such as shopping
cart transactions, the relational database is still the gold standard.
Commitment and atomicity
Relational databases handle business rules and policies at a very granular level, with strict policies
about commitment (that is, making a change to the database permanent). For example, consider an
inventory database that tracks three parts that are always used together. When one part is pulled from
inventory, the other two must also be pulled. If one of the three parts isn’t available, none of the parts
should be pulled—all three parts must be available before the database makes any commitment. A
relational database won’t commit for one part until it knows it can commit for all three. This
multifaceted commitment capability is called atomicity. Atomicity is the key to keeping data accurate
Page 97 of 240
in the database and ensuring that it is compliant with the rules, regulations, and policies of the
business.
ACID properties and RDBMS
Four crucial properties define relational database transactions: atomicity, consistency, isolation, and
durability typically referred to as ACID.
• Atomicity defines all the elements that make up a complete database transaction.
• Consistency defines the rules for maintaining data points in a correct state after a transaction.
• Isolation keeps the effect of a transaction invisible to others until it is committed, to avoid
confusion.
• Durability ensures that data changes become permanent once the transaction is committed.52
2.21 Role of Database Administrator
Database administration involves every activity that is performed by an individual to ensure that a
database is available when needed. Maintaining the integrity of a database is the primary goal of
database administration.
A database administrator carries out several activities and operations to ensure the integrity, security,
and availability of the data stored in the database.
Need of a Database Administrator
1. A database administrator ensures the security of a database.
2. A database administrator ensures integrity in the database, that is, they make sure that all the data
stored in the database is not misplaced or mismatched.
3. A database administrator works to see if the database is always available and accessible.
4. A database administrator works with fellow colleagues to plan the future actions of the
organization.
Roles of a database administrator
1. Database backup:
A database administrator has the responsibility to back up every data in the database, recurrently.
This is necessary, so that operations can be restored in times of disaster or downtime.
2. Database availability:
A database administrator has the responsibility of ensuring database accessibility to users from
time to time.
3. Database restore:

52
RDBMS<https://www.oracle.com/in/database/what-is-a-relational-database/> accessed 15 July
Page 98 of 240
 A database administrator has the responsibility of restoring a file from a backup state, when there
is a need for it.
4. Database design:
A database administrator has the responsibility of designing a database that meets the demands
of users. Hence, having knowledge of database design is crucial for an administrator.
5. Data move:
A database administrator has the responsibility of moving a database set, say from a physical
base to a cloud base, or from an existing application to a new application.
6. Database upgrade:
A database administrator has the responsibility of upgrading database software files when there
is a new update for them, as this protects software from security breaches.

7. Database patch:
In times of new upgrades for database software, the database administrator has the responsibility
of ensuring that the database system functions perfectly and works to close up any gaps in the
new update.
8. Database security:
Datasets are assets, and one major responsibility of database administrators is to protect the data
and ensure adequate security in an organization’s database.
9. Capacity planning:
A database administrator has the responsibility of planning for increased capacity, in case of
sudden growth in database need.
10. Database monitoring:
A database administrator has the responsibility of monitoring the database and the movement of
data in the database. Administrators provide access for users who require access to the database.
11. Error log review:
A database administrator has the responsibility of interpreting the error messages sent by a
database when there is a fault or bridge.

Page 99 of 240
 Unit III
Computer Languages and Software
3.1 Computer Languages
The computer language is defined as code or syntax which is used to write programs or any specific
applications. It is used to communicate with computers. Broadly the computer language can be
classified into three categories: assembly language, machine language, and high-level language. The
machine language is considered as oldest computer language among all three. In machine language,
the input is directly given as binary input which is processed by the machine. Binary inputs mean one
and zero form. For computer language processing the system needs a compiler and interpreter to
convert the language into computer language so that it can be processed by a machine.

Different Types of Computer Language

Below are the types of computer language:
3.2 Machine Language
The machine language is sometimes referred to as machine code or object code which is a set of
binary digits 0 and 1. These binary digits are understood and read by a computer system and
interpreted easily. It is considered a native language as it can be directly understood by a central
processing unit (CPU). The machine language is not so easy to understand, as the language uses the
binary system in which the commands are written in 1 and 0 form which is not easy to interpret. There
is only one language that is understood by computer which is machine language. The operating
system of the computer system is used to identify the exact machine language used for that particular
system.
The operating system defines how the program should write so that it can be converted to machine
language and the system takes appropriate action. The computer programs and scripts can also be
written in other programming languages like C, C++, and JAVA. However, these languages cannot
be directly understood by a computer system so there is a need for a program that can convert these
computer programs to machine language. The compiler is used to convert the programs to machine
language which can be easily understood by computer systems. The compiler generates the binary
file and executable file.
Example of machine language for the text “Hello World”:
01001000 0110101 01101100 01101100 01101111 00100000 01010111 01101111 01110010
01101100 01100100

Page 100 of 240

3.3 Assembly Language
The assembly language is considered a low-level language for microprocessors and many other
programmable devices. The assembly language is also considered a second-generation language. The
first-generation language is machine language. The assembly language is mostly famous for writing
an operating system and also in writing different desktop applications. The operations carried out by
programmers using assembly language are memory management, registry access, and clock cycle
operations. The drawback of assembly language is the code cannot be reused and the language is not
so easy to understand. The assembly language is considered a group of other languages. It is used to
implement the symbolic representation of machine code which is used to program CPU architecture.
The other name of assembly language is assembly code. For any processor, the most used
programming language is assembly language.
In assembly language, the programmer does the operation which can be directly executed on a central
processing unit (CPU). The language has certain drawbacks as it does not contain any variables or
functions in programs and also the program is not portable on different processors. The assembly
language uses the same structure and commands which machine language does use but it uses names
in place of numbers. The operations performed using the assembly language are very fast. The
operations are much faster when it is compared to high-level language.
3.4 High-Level Language
The development of high-level language was done when the programmers face the issue of writing
programs as the older language has portability issues which means the code written in one machine
cannot be transferred to other machines. This led to the development of high-level language. The
high-level language is easy to understand and the code can be written easily as the programs written
are user-friendly in a high-level language. The other advantage of code written in a high-level
language is the code is independent of a computer system which means the code can be transferred
to other machines. The high-level of language uses the concept of abstraction and also focuses on
programming language rather than focusing on computer hardware components like register
utilization or memory utilization.
The development of higher-level language is done for a programmer to write a human-readable
program that can be easily understood by any user. The syntax used and the programming style can
be easily understood by humans if it is compared to low-level language. The only requirement in a
high-level language is the need for a compiler. As the program written in a high-level language is not
directly understood by the computer system. Before the execution of high-level programs, it needs to

Page 101 of 240

be converted to machine-level language. Examples of high-level languages are C++, C, JAVA,
FORTRAN, Pascal, Perl, Ruby, and Visual Basic53.
3.5 Software
Software is a set of instructions, data, or programs used to operate a computer and execute specific
tasks. In simpler terms, software tells a computer how to function. It is a generic term used to refer
to applications, scripts, and programs that run on devices such as PCs, mobile phones, tablets, and
other smart devices. Software contrasts with hardware, which is the physical aspects of a computer
that perform the work. Without software, most computers would be useless. For example, a web
browser is a software application that allows users to access the internet. An operating system (OS)
is a software program that serves as the interface between other applications and the hardware on a
computer or mobile device. TCP/IP is built into all major operating systems to allow computers to
communicate over long distance networks. Without the OS or the protocols built into it, it wouldn’t
be possible to access a web browser. The majority of software is written in high-level programming
languages due to the language being closer to natural human language as opposed to machine
language. The high-level language is then translated into low-level machine code using
a compiler or interpreter for the computer to understand. Software can also be written in a low-
level assembly language, but it is less common.

SOFTWARE VS. HARDWARE

Computer software and hardware require each other – neither can be used on its own. A book provides
a useful analogy. The pages and ink of a book are the hardware. The words, sentences, paragraphs,
and overall meaning are the software. A computer without software is like a book full of blank pages.
A computer needs software to make it useful just as words are needed to make a book meaningful.
Differences between the two are as follows:

• Hardware is a physical device, such as a motherboard, whereas software is a collection of code

needed to be installed into the system.

• Hardware cannot perform a task without software. Similarly, software cannot perform a task
without hardware.

• Hardware wears out with time, software does not.

53
<https://www.educba.com/types-of-computer-language/> accessed 15 July 2022

Page 102 of 240

• Hardware only understands machine level language. Software takes input in human-readable
languages and transforms it to machine level language.

• Software can be easily created, changed or deleted, whereas switching out hardware takes greater
skill and is typically more expensive to do.54
3.6 Types of Software
3.6.1 System Software
A system software aids the user and the hardware to function and interact with each other.
Basically, it is a software to manage computer hardware behavior so as to provide basic
functionalities that are required by the user. In simple words, we can say that system software is
an intermediator or a middle layer between the user and the hardware. The computer software
sanctions a platform or environment for the other software to work in. This is the reason why
system software is very important in managing the entire computer system. When you first turn
on the computer, it is the system software that gets initialized and gets loaded in the memory of
the system. The system software runs in the background and is not used by the end-users. This is
the reason why system software is also known as ‘low-level software’.
Some common system software examples are:
• Operating System: It is the most prominent example of System Software. It is a collection of
software that handles resources and provides general services for the other applications that
run over them. Although each Operating System is different, most of them provide a Graphical
User Interface through which a user can manage the files and folders and perform other tasks.
Every device, whether a desktop, laptop or mobile phone requires an operating system to
provide the basic functionality to it. As an OS essentially determines how a user interacts with
the system, therefore many users prefer to use one specific OS for their device. There are
various types of operating system such as real-time, embedded, distributed, multiuser, single-
user, internet, mobile, and many more. It is important to consider the hardware specifications
before choosing an operating system. Some examples of Operating systems given below:
◦ Android
◦ CentOS
◦ iOS
◦ Linux
◦ Mac OS

54
Abby Braden,”Software”<https://www.webopedia.com/definitions/software/> accessed 16 July 2022
Page 103 of 240
 ◦ MS Windows
◦ Ubuntu
◦ Unix
• Device Drivers: It is a type of software that controls particular hardware which is attached to
the system. Hardware devices that need a driver to connect to a system include displays, sound
cards, printers, mice and hard disks. Further, there are two types of device drivers: Kernel
Device Drivers and User Device Driver. Some examples of device drivers are:
◦ BIOS Driver
◦ Display Drivers
◦ Motherboard Drivers
◦ Printer Drivers
◦ ROM Drivers
◦ Sound card Driver
◦ USB Drivers
◦ USB Drivers
◦ VGA Drivers
◦ VGA Drivers
◦ Virtual Device Drivers
3.6.2 Application Software
Application Software, also known as end-user programs or productivity programs are software that
helps the user in completing tasks such as doing online research, jotting down notes, setting an alarm,
designing graphics, keeping an account log, doing calculations or even playing games. They lie above
the system software. Unlike system software, they are used by the end-user and are specific in their
functionality or tasks and do the job that they are designed to do. For example, a browser is an
application designed specifically for browsing the internet or MS PowerPoint is an application used
specifically for making presentations. Application Software or simply apps can also be referred to as
non-essential software as their requirement is highly subjective and their absence does not affect the
functioning of the system. All the apps that we see on our mobile phones are also examples of
Application Software. There is certain software that is exclusively made for app development like
Meteor and Flutter. These are examples of Application software too.
There are various types of application software:
• Word Processors: These applications for documentation. Along with that it also helps I
storing, formatting and printing of these documents. Some examples of word processors are:
Page 104 of 240
 • Abiword
• Apple iWork- Pages
• Corel WordPerfect
• Google Docs
• MS Word
• Database Software: This software is used to create and manage a database. It is also known
as the Database Management System or DBMS. They help with the organization of data.
Some examples of DBMS are:
• Clipper
• dBase
• FileMaker
• FoxPro
• MS Access
• MySQL
• Multimedia Software: It is the software that is able to play, create or record images, audio or
video files. They are used for video editing, animation, graphics, and image editing, Some
examples of Multimedia Software are:
• Adobe Photoshop
• Inkscape
• Media Monkey
• Picasa
• VLC Media Player
• Windows Media Player
• Windows Movie Maker
• Education and Reference Software: These types of software are specifically designed to
facilitate learning on a particular subject. There are various kinds of tutorial software that fall
under this category. They are also termed as academic software. Some examples are:
• Delta Drawing
• GCompris
• Jumpstart titles
• KidPix
• MindPlay
Page 105 of 240
 • Tux Paint
• Graphics Software: As the name suggests, Graphics Software has been devised to work with
graphics as it helps the user to edit or make changes in visual data or images. It comprises of
picture editors and illustration software. Some examples are:
• Adobe Photoshop
• Autodesk Maya
• Blender
• Carrara
• CorelDRAW
• GIMP
• Modo
• PaintShop Pro
• Web Browsers: These applications are used to browse the internet. They help the user in
locating and retrieving data across the web. Some examples of web browsers are:
• Google Chrome
• Internet Explorer
• Microsoft Edge
• Mozilla Firefox
• Opera
• Safari
• UC Browser
3.6.3 Open Source Software
These kinds of software are available to users with the source code which means that a user can freely
distribute and modify the software and add additional features to the software. Open-Source software
can either be free or chargeable. Some examples of open-source software are:
• Apache Web Server
• GNU Compiler Collection
• Moodle
• Mozilla Firefox
• Thunderbird

Page 106 of 240

3.6.4 Freeware
Freeware software is available without any cost. Any user can download it from the internet and
use it without paying any fee. However, freeware does not provide any liberty for modifying the
software or charging a fee for its distribution. Examples are:
• Adobe Reader
• Audacity
• ImgBurn
• Recuva
• Skype
• Team Viewer
• Yahoo Messenger

3.6.5 Shareware
It is a software that is freely distributed to users on a trial basis. It usually comes with a time limit
and when the time limit expires, the user is asked to pay for the continued services. There are
various types of shareware like Adware, Donationware, Nagware, Freemium, and Demoware
(Cripplewareand Trialware). Some examples of shareware are:
• Adobe Acrobat
• Getright
• PHP Debugger
• Winzip55
3.7 Program Language Translators
A translator is a programming language processor that converts a computer program from one
language to another. It takes a program written in source code and converts it into machine code. It
discovers and identifies the error during translation. It translates a high-level language program into
a machine language program that the central processing unit (CPU) can understand. It also detects
errors in the program.

55
” Different types of softwares”<https://squareboat.com/blog/different-types-of-software-with-examples> accessed 16
July 2022
Page 107 of 240
Different Types of Translators
There are 3 different types of translators as follows:
3.7.1 Compiler
A compiler is a translator used to convert high-level programming language to low-level
programming language. It converts the whole program in one session and reports errors detected
after the conversion. The compiler takes time to do its work as it translates high-level code to lower-
level code all at once and then saves it to memory.
A compiler is processor-dependent and platform-dependent. But it has been addressed by a special
compiler, a cross-compiler and a source-to-source compiler. Before choosing a compiler, the user
has to identify first the Instruction Set Architecture (ISA), the operating system (OS), and the
programming language that will be used to ensure that it will be compatible.
3.7.2 Interpreter
Just like a compiler, is a translator used to convert high-level programming language to low-level
programming language. It converts the program one at a time and reports errors detected at once
while doing the conversion. With this, it is easier to detect errors than in a compiler. An interpreter
is faster than a compiler as it immediately executes the code upon reading the code.
It is often used as a debugging tool for software development as it can execute a single line of code
at a time. An interpreter is also more portable than a compiler as it is not processor-dependent, you
can work between hardware architectures.
3.7.3 Assembler
An assembler is is a translator used to translate assembly language to machine language. It is like a
compiler for the assembly language but interactive like an interpreter. Assembly language is difficult
to understand as it is a low-level programming language. An assembler translates a low-level
language, an assembly language to an even lower-level language, which is the machine code. The
machine code can be directly understood by the CPU.
Examples of Translators
Here are some examples of translators per type:

Translator Examples

Microsoft Visual Studio

Compiler GNU Compiler Collection (GCC)
Common Business Oriented Language (COBOL)

Page 108 of 240

 OCaml
Interpreter List Processing (LISP)
Python

Fortran Assembly Program (FAP)

Macro Assembly Program (MAP)
Assembler
Symbolic Optimal Assembly Program (SOAP)

Advantages and Disadvantages of Translators

Here are some advantages of the Compiler:
• The whole program is validated so there are no system errors.
• The executable file is enhanced by the compiler, so it runs faster.
• User do not have to run the program on the same machine it was created.
Here are some disadvantages of the Compiler:
• It is slow to execute as you have to finish the whole program.
• It is not easy to debug as errors are shown at the end of the execution.
• Hardware specific, it works on specific machine language and architecture.
Here are some advantages of the Interpreter:
• You discover errors before you complete the program, so you learn from your mistakes.
• Program can be run before it is completed so you get partial results immediately.
• You can work on small parts of the program and link them later into a whole program.
Here are some disadvantages of the Interpreter:
• There’s a possibility of syntax errors on unverified scripts.
• Program is not enhanced and may encounter data errors.
• It may be slow because of the interpretation in every execution.
Here are some advantages of the Assembler:
• The symbolic programming is easier to understand thus time-saving for the programmer.
• It is easier to fix errors and alter program instructions.
• Efficiency in execution just like machine level language.
Here are some disadvantages of the Assembler:
• It is machine dependent, cannot be used in other architecture.
• A small change in design can invalidate the whole program.
• It is difficult to maintain56.

56
“Translators” <https://teachcomputerscience.com/translators/> accessed 16 July 2022
Page 109 of 240
 File System
3.8 Introduction to File System
A file system in OS dictates how the contents of a storage medium are stored and organized. These
storage media (such as secondary memory, external drives, etc.) could be computer secondary
memory, flash memory, etc. The contents are either files or directories. Most of the time, a storage
device has a number of partitions. Each of these partitions is formatted with an empty filesystem for
that device. A filesystem helps in separating the data on the storage into comparatively smaller and
simpler segments. These chunks are files and directories. The filesystem also provides for storing
data related to files, such as their name, extension, permissions, etc.

File System57
Properties of a Filesystem
• Files are stored on a storage medium such as disk and do not vanish when a user logs out of the
computer system.
• With each file are associated access permissions, which permit controlled sharing of that file.
• Files may form arranged or complex structures according to the relationship among them.
• Several files can be grouped together under a directory.
• A directory also referred to as a folder also has attributes similar to those of a file, such as a name,
size, location, access permissions, etc.
• A file system also provides several features such as a crash recovery mechanism, data
loss/corruption prevention, etc.

57
<https://www.scaler.com/topics/file-systems-in-os/> accessed 21 July 2022
Page 110 of 240
3.9 Organization of File System
File organization refers to the way data is stored in a file. File organization is very important because
it determines the methods of access, efficiency, flexibility and storage devices to use. There are four
methods of organizing files on a storage media. This include:
• sequential,
• random,
• serial and
• indexed-sequential
Sequential file organization
Records are stored and accessed in a particular order sorted using a key field. Retrieval requires
searching sequentially through the entire file record by record to the end. Because the record in a file
are sorted in a particular order are sorted, it is possible to know in which half of the file a particular
record being searched is located. Hence, this method repeatedly divides the set of records in the file
into two halves and searches only the half on which the records is found.
For example, of the file has records with key fields 20, 30, 40, 50, 60 and the computer is searching
for a record with key field 50, it starts at 40 upwards in its search, ignoring the first half of the set.
Advantages of sequential file organization
The sorting makes it easy to access records.
, better file searching methods like the binary search technique can be used to reduce the time used
for searching a file.
Since the records
The binary chop technique can be used to reduce record search time by as much as half the time taken.
Disadvantages of sequential file organization
The sorting does not remove the need to access other records as the search looks for particular records.
Sequential records cannot support modern technologies that require fast access to stored records.
The requirement that all records be of the same size is sometimes difficult to enforce.
Random or direct file organization
Records are stored randomly but accessed directly.
To access a file stored randomly, a record key is used to determine where a record is stored on the
storage media.
Magnetic and optical disks allow data to be stored and accessed randomly.
Advantages of random file access
Quick retrieval of records.
The records can be of different sizes.

Page 111 of 240

Serial file organization
Records in a file are stored and accessed one after another.
The records are not stored in any way on the storage medium this type of organization is mainly used
on magnetic tapes.
Advantages of serial file organization
It is simple
It is cheap
Disadvantages of serial file organization
It is cumbersome to access because you have to access all proceeding records before retrieving the
one being searched.
Wastage of space on medium in form of inter-record gap.
It cannot support modern high-speed requirements for quick record access.
Indexed-sequential file organization method
Almost similar to sequential method only that, an index is used to enable the computer to locate
individual records on the storage media. For example, on a magnetic drum, records are stored
sequential on the tracks. However, each record is assigned an index that can be used to access it
directly58.
3.10 File Types in an OS
There are numerous file types that an operating system uses internally and are not generally used or
required by the system user. These files could be application software files, kernel files, configuration
files, metadata files, etc. Windows supports the following two file types:
1. Regular Files
Regular files consist of information related to the user. The files are usually either ASCII or binary.
ASCII files contain lines of text. The major benefit of an ASCII file is that it can be displayed or
printed as it is, and it can be edited using a text editor.
Binary files on printing may give some random junk content. Usually, a binary file would have some
sort of internal structure that is only known to the program that uses it. A binary file is a sequence of
bytes, which if is in the proper format, can be executed by the operating system. Regular files are
supported by both Windows as well as UNIX-based operating systems.

58
“ File System Organisation”<https://peda.net/kenya/css/subjects/computer-studies/form-three/driac2/data-
processing/fom> accessed 16 July 2022
Page 112 of 240
2. Directories
A directory in the filesystem is a structure that contains references to other files and possibly other
directories. Files could be arranged by storing related files in the same directory. Directories are
supported by both Windows as well as UNIX-based operating systems.
3. Character Special Files
A character special file provides access to an I/O device. Examples of character special files include
a terminal file, a system console file, a NULL file, a file descriptor file, etc.
Each character special file has a device major number and a device minor number. The device major
number associated with a character special file identifies the device type. The device minor number
associated with a character special file identifies a specific device of a given device type. Character
special files are supported by UNIX-based operating systems.
4. Block Special Files
Block special files enable buffered access to hardware devices They also provide some abstraction
from their specifics. Unlike character special files, block special files always allow the programmer
to read and write a block of any size or alignment. Block special files are supported by UNIX-based
operating systems.
Functions of a File
• They are used for storing data in a computer.
• They enable the separation of data according to some criteria.
• They enable efficient, simple, organized access to data.
• They help in isolating sensitive or important data from the rest of the data.
• They enable locating particular data items in the storage medium.
3.10.1 Flash File System
A flash file system is one that is comprised of a type of electronically erasable programmable read-
only memory (EEPROM) called flash memory. It is one of the most popular methods of storing data
and is non-volatile, meaning it retains information even when there is no power. Found in datacenter
servers as well as mobile phones and handheld computers, a flash file system is arranged in blocks of
data, each which have to be erased in full before being written to. The standard erase block holds
about 128 kilobytes of data, and some blocks can store as much as 2,048 kilobytes.
The memory in a flash file system cannot be stored for an infinite amount of time. After a certain
number of write and erase cycles, data become corrupted and sections of the memory can no longer
be used. Wear leveling is used to create a balance between parts of the flash that are frequently used
and others that are not. The process of dynamic wear leveling can lead to large blocks of a disk with

Page 113 of 240

data that is rarely altered, causing frequent changes to occur in other areas. A more static strategy
moves data to places that are used more to make the balance more efficient.
In a flash file system, data are found using a method for mapping data blocks and sectors. These data
structure maps are stored inside flash devices and update when changes to data are made by using
special assigned identities for each block. Sectors and blocks are automatically associated when a
rewrite cycle occurs in random access memory, but in a flash system, an indirect map helps link
sectors with blocks. Data can be found more quickly with a direct map which is stored in the flash
transaction layer, a sort of interface section that contains the information on data assigned to various
blocks and erase units. Data retention is often listed as a benefit for the flash file system. How long
data remains safe depends on operating temperature and how many write and erase cycles a memory
device can undergo before system performance degrades. Many flash systems are rated to last 20
years and to tolerate anywhere from 1,000 to 1,000,000 erase cycles. The more frequently data are
written and erased, and the higher the temperatures, the shorter the general life expectancy of the
retained data and memory system59.

3.10.2 Disk File System

A disk file system takes advantages of the ability of disk storage media to randomly address data in
a short amount of time. Additional considerations include the speed of accessing data following that
initially requested and the anticipation that the following data may also be requested. This permits
multiple users (or processes) access to various data on the disk without regard to the sequential
location of the data.
Examples include FAT (FAT12, FAT16, FAT32), exFAT, NTFS, HFS and HFS+ etc.

3.10.3 Tape File System

A tape file system is a file system and tape format designed to store files on tape. Magnetic tapes are
sequential storage media with significantly longer random data access times than disks, posing
challenges to the creation and efficient management of a general-purpose file system.
In a disk file system there is typically a master file directory, and a map of used and free data regions.
Any file additions, changes, or removals require updating the directory and the used/free maps.
Random access to data regions is measured in milliseconds so this system works well for disks.

59
Andrew Kirmayer, “what is the flash file system” <https://www.easytechjunkie.com/what-is-a-flash-file-system.htm>
accessed 16 July 2022
Page 114 of 240
Tape requires linear motion to wind and unwind potentially very long reels of media. This tape motion
may take several seconds to several minutes to move the read/write head from one end of the tape to
the other.
Consequently, a master file directory and usage map can be extremely slow and inefficient with tape.
Writing typically involves reading the block usage map to find free blocks for writing, updating the
usage map and directory to add the data, and then advancing the tape to write the data in the correct
spot. Each additional file write requires updating the map and directory and writing the data, which
may take several seconds to occur for each file.
Tape file systems instead typically allow for the file directory to be spread across the tape intermixed
with the data, referred to as streaming, so that time-consuming and repeated tape motions are not
required to write new data.
However, a side effect of this design is that reading the file directory of a tape usually requires
scanning the entire tape to read all the scattered directory entries. Most data archiving software that
works with tape storage will store a local copy of the tape catalog on a disk file system, so that adding
files to a tape can be done quickly without having to rescan the tape media. The local tape catalog
copy is usually discarded if not used for a specified period of time, at which point the tape must be
re-scanned if it is to be used in the future.
IBM has developed a file system for tape called the Linear Tape File System. The IBM
implementation of this file system has been released as the open-source. The Linear Tape File System
uses a separate partition on the tape to record the index meta-data, thereby avoiding the problems
associated with scattering directory entries across the entire tape.
3.10.4 Network File System
Network File System (NFS) is a networking protocol for distributed file sharing. A file
system defines the way data in the form of files is stored and retrieved from storage devices, such as
hard disk drives, solid-state drives and tape drives. NFS is a network file sharing protocol that defines
the way files are stored and retrieved from storage devices across networks.
The NFS protocol defines a network file system, originally developed for local file sharing
among Unix systems and released by Sun Microsystems in 1984. The NFS protocol specification was
first published by the Internet Engineering Task Force (IETF) as an internet protocol in RFC 1094 in
1989. The current version of the NFS protocol is documented in RFC 7530, which documents the
NFS version 4 (NFSv4) Protocol.
NFS enables system administrators to share all or a portion of a file system on a networked server to
make it accessible to remote computer users. Clients with authorization to access the shared file
system can mount NFS shares, also known as shared file systems. NFS uses Remote Procedure Calls
(RPCs) to route requests between clients and servers.
Page 115 of 240
NFS is one of the most widely used protocols for file servers. NFS implementations are available for
most modern operating systems (OSes), including the following:
• Hewlett Packard Enterprise HP-UX
• IBM AIX
• Microsoft Windows
• Linux
• Oracle Solaris
Cloud vendors also implement the NFS protocol for cloud storage, including Amazon Elastic File
System, NFS file shares in Microsoft Azure and Google Cloud File store.
Any device that can be attached to an NFS host file system can be shared through NFS. This includes
hard disks, solid state drives, tape drives, printers and other peripherals. Users with appropriate
permissions can access resources from their client machines as if those resources are mounted locally.
3.10.5 Minimal filesystem
An init application, which is the first user space application started by the kernel after mounting the
root filesystem
The kernel tries to run /sbin/init, /bin/init, /etc/init and /bin/sh.
In the case of an initramfs, it will only look for /init. Another path can be supplied by the rdinit kernel
argument.
If none of them are found, the kernel panics and the boot process is stopped.
The init application is responsible for starting all other user space applications and services
A shell, to implement scripts, automate tasks, and allow a user to interact with the system
Basic Unix applications, to copy files, move files, list files (commands like mv, cp, mkdir, cat, etc.)
These basic components have to be integrated into the root filesystem to make it usable

Page 116 of 240

 Overall booting process60
In order to work, a Linux system needs at least a few applications

Overall booting process with initramfs61

60
<https://hugh712.gitbooks.io/embeddedsystem/minimal_filesystem.html> accessed 21 July 2022
61
<https://hugh712.gitbooks.io/embeddedsystem/minimal_filesystem.html> accessed 21 July 2022
Page 117 of 240
3.11 File Allocation Table (FAT)
The File Allocation Table (FAT) file system is a simple file system originally designed for small
disks and simple folder structures.
The FAT file system is named for its method of organization, the file allocation table, which resides
at the beginning of the volume. To protect the volume, two copies of the table are kept, in case one
becomes damaged.
In addition, the file allocation tables and the root folder must be stored in a fixed location so that the
files needed to start the system can be correctly located.
A volume formatted with the FAT file system is allocated in clusters. The default cluster size is
determined by the size of the volume. For the FAT file system, the cluster number must fit in 16 bits
and must be a power of two.
A FAT file system has four different sections, each as a structure in the FAT partition. The four
sections are:
• Boot Sector: This is also known as the reserved sector; it is located on the first part of the disc. It
contains: the OS's necessary boot loader code to start a PC system, the partition table known as the
master boot record (MRB) that describes how the drive is organized, and the BIOS parameter block
(BPB) which describes the physical outline of the data storage volume.
• FAT Region: This region generally encompasses two copies of the File Allocation Table which is
for redundancy checking and specifies how the clusters are assigned.
• Data Region: This is where the directory data and existing files are stored. It uses up the majority
of the partition.
• Root Directory Region: This region is a directory table that contains the information about the
directories and files. It is used with FAT16 and FAT12 but not with other FAT file systems. It has
a fixed maximum size that is configured when created. FAT32 usually stores the root directory in
the data region so it can be expanded if needed.62
Structure of a FAT Volume
The figure below illustrates how the FAT file system organizes a volume.

FAT12 (12-bit File Allocation Table)

62
FAT<https://www.techopedia.com/definition/1369/file-allocation-table-
fat#:~:text=A%20file%20allocation%20table%20(FAT,drives%20and%20other%20computer%20systems.> accessed
16 July 2022
Page 118 of 240
 FAT System63
The first widely used version of the FAT file system, FAT12, was introduced in 1980, right along
with the first versions of DOS.
FAT12 was the primary file system for Microsoft operating systems up through MS-DOS 3.30 but
was also used in most systems up through MS-DOS 4.0. It's still the file system used on the occasional
floppy disk you'll find today.
This file system supports drive sizes and file sizes of up to 16 MB using 4 KB clusters or 32 MB
using 8 KB ones, with a maximum number of 4,084 files on a single volume (when using 8KB
clusters).File names under FAT12 cannot exceed the maximum character limit of 8 characters, plus
three for the extension. A number of file attributes were first introduced in FAT12,
including hidden, read-only, system, and volume label.FAT8, introduced in 1977, was the first true
version of the FAT file system but had limited use only on some terminal-style computer systems of
the time.
FAT16 (16-bit File Allocation Table)
The second implementation of FAT was FAT16, first introduced in 1984 in PC DOS 3.0 and MS-
DOS 3.0.A slightly more improved version of FAT16, called FAT16B, was the primary file system
for MS-DOS 4.0 up through MS-DOS 6.22. Beginning with MS-DOS 7.0 and Windows 95, a further
improved version, called FAT16X, was used instead. Depending on the operating system and the

63
The FAT File System
<http://www.c-jump.com/CIS24/Slides/FAT/lecture.html> 21 July 2022
Page 119 of 240
cluster size used, the maximum drive size a FAT16-formatted drive can be ranges from 2 GB up to
16 GB, the latter only in Windows NT 4 with 256 KB clusters. File sizes on FAT16 drives max out
at 4 GB with Large File Support enabled, or 2 GB without it. The maximum number of files that can
be held on a FAT16 volume is 65,536. Just like with FAT12, file names were limited to 8+3 characters
but was extended to 255 characters starting with Windows 95.The archive file attribute was
introduced in FAT16.
FAT32 (32-bit File Allocation Table)
FAT32 is the latest version of the FAT file system. It was introduced in 1996 for Windows 95 OSR2
/ MS-DOS 7.1 users and was the primary file system for consumer Windows versions through
Windows ME.
It supports basic drive sizes up to 2 TB or even as high as 16 TB with 64 KB clusters.
Like with FAT16, drive file sizes max out at 4 GB with Large File Support turned on or 2 GB without
it. A modified version of this file system, called FAT32+, supports files close to 256 GB in size!
Up to 268,173,300 files can be contained on a FAT32 volume, so long as it's using 32 KB clusters.

How to Format a USB Drive in FAT32 on Windows 10

exFAT (Extended File Allocation Table)
exFAT, first introduced in 2006, is yet another file system created by Microsoft, although it's not the
"next" FAT version after FAT32.
This one is primarily intended to be used on portable media devices like flash drives, SDHC and
SDXC cards, etc. exFAT officially supports portable media storage devices up to 512 TiB in size but
theoretically could support drives as large as 64 ZiB, which is considerably larger than any media
available as of this writing.
Built-in support for 255-character filenames and support for up to 2,796,202 files per directory are
two noteworthy features of the exFAT system.
The exFAT file system is supported by almost all versions of Windows (older ones with optional
updates), Mac OS X (10.6.5+), as well as on many TV, media, and other devices.
Moving Files from NTFS to FAT Systems.
File encryption, file compression, object permissions, disk quotas, and the indexed file attribute are
available on the NTFS file system only—not FAT. Other attributes, like the common ones mentioned
in the discussions above, are also available on NTFS.
Given their differences, if you place an encrypted file from an NTFS volume into a FAT-formatted
space, the file loses its encryption status, meaning the file can be used like a normal, non-encrypted
file. Decrypting a file in this way is only possible for the original user that encrypted the file, or any
other user that has been granted permission by the original owner.
Page 120 of 240
Similar to encrypted files, since FAT doesn't support compression, a compressed file is automatically
decompressed if it's copied out of an NTFS volume and onto a FAT volume. For example, if you
copy a compressed file from an NTFS hard drive to a FAT floppy disk, the file will automatically
decompress before it's saved to the floppy because the FAT file system on the destination media
doesn't have the capability to store compressed files.64

3.12 New Technology File System (NTFS)

NTFS, which stands for NT file system and the New Technology File System, is the file system that
the Windows NT operating system (OS) uses for storing and retrieving files on hard disk drives
(HDDs) and solid-state drives (SSDs). NTFS is the Windows NT equivalent of the Windows 95 file
allocation table (FAT) and the OS/2 High Performance File System (HPFS). However, NTFS offers
several improvements over FAT and HPFS in terms of performance, extendibility and security.
A computer's OS creates and maintains the file system on a storage drive or device. The file system
essentially organizes the data into files. It controls how data files are named, stored, retrieved and
updated and what other information can be associated with the files -- for example, data on file
ownership and user permissions.
NTFS is one type of file system. File systems are generally differentiated by the OS and the type of
drive they are being used with. Today, there is also a distributed file system (DFS) where files are
stored across multiple servers but is accessed and handled as if it were stored locally. A DFS enables
multiple users to easily share data and files on a network and provides redundancy.
How is NTFS used?
Microsoft Windows and some removable storage devices use NTFS to organize, name and store files.
NTFS is an option for formatting SSDs -- where its speed is particularly useful -- HDDs, USBs and
micro SD cards that are used with Windows.
Depending on the storage capacity of the device, the OS used and the type of drive, a different file
system may be preferable, such as FAT32 or Extended FAT (exFAT). Each file system has benefits
and drawbacks. For example, security and permissions are more advanced with NTFS than exFAT
and FAT32. On the other hand, FAT32 and exFAT work better with non-Windows OSes, such as
Mac and Linux.
All Microsoft OSes from Windows XP on use NTFS version 3.1 as their main file system. NTFS is
also used on external drives because it has the capacity those drives need, supporting large files
and partition sizes. NTFS can support up to 8 petabyte volumes and files on Windows Server 2019

64
<https://www.lifewire.com/what-is-file-allocation-table-fat-2625877> accessed 16 July 2022
Page 121 of 240
and Windows 10, according to Microsoft. The theoretical limit for the individual file size NTFS can
support is 16 exbibytes minus 1 kilobyte (KB).
How NTFS works?
When installing an OS, the user chooses a file system. When formatting an SSD or an HDD, users
choose the file system they'll use. The process of formatting each type of drive is slightly different,
but both are compatible with NTFS.
When an HDD is formatted or initialized, it is divided into partitions. Partitions are the major
divisions of the hard drive's physical space. Within each partition, the OS keeps track of all the files
it stores. Each file is stored on the HDD in one or more clusters or disk spaces of a predefined uniform
size.
Using NTFS, the sizes of the clusters range from 512 bytes to 64 KB. Windows NT provides a
recommended default cluster size for each drive size. For example, a 4 gigabyte (GB) drive has a
default cluster size of 4 KB. The clusters are indivisible, so even the smallest file takes up one cluster,
and a 4.1 KB file takes up two clusters, or 8 KB, on a 4 KB cluster system.
Cluster sizes are determined based on balancing a tradeoff between maximizing use of disk space and
minimizing the number of disk accesses required to get a file. With NTFS, generally, the larger the
drive, the larger the default cluster size, because it's assumed that a system user will prefer to have
fewer disk accesses and better performance at the expense of less efficient use of space.
When a file is created using NTFS, a record about the file is created in the Master File Table (MFT).
The record is used to locate a file's possibly scattered clusters. NTFS looks for a storage space that
will hold all the clusters of the file, but it isn't always able to find one space all together.
Along with its data content, each file contains its metadata, which is a description of its attributes.
NTFS features
One distinguishing characteristic of NTFS, compared with FAT, is that it allows for file permissions
and encryption. Notable features of NTFS include the following:
• Organizational efficiency. NTFS uses a b-tree directory scheme to keep track of file clusters.
This is significant because it allows for efficient sorting and organization of files.
• Accessible data. It stores data about a file's clusters and other data in the MFT, not just in an
overall governing table as with FAT.
• File size. NTFS supports very large files.
• User permissions. It has an access control list that lets a server administrator control who can
access specific files.
• Compression. Integrated file compression shrinks file sizes and provides more storage space.

Page 122 of 240

 • Unicode file naming. Because it supports file names based on Unicode, NTFS has a more
natural file-naming convention and allows for longer file names with a wider array of
characters. Non-Unicode naming conventions sometimes require translation.
• Secure. NTFS provides security for data on removable and nonremovable disks.
• Requires less storage. It has support for sparse files that replaces empty information long
strings of zeros -- with metadata that takes up a smaller volume of storage space.
• Easy volume access. NTFS uses mounted volumes, meaning disk volumes can be accessed
as normal folders in the file system.
Advantages and disadvantages of NTFS
There are several advantages and disadvantages to using NTFS, which are included below.
Advantages
• Control. One of the primary features of NTFS is the use of disk quotas, which gives
organizations more control over storage space. Administrators can use disk quotas to limit the
amount of storage space a given user can access.
• Performance. NTFS uses file compression, which shrinks file sizes, increasing file transfer
speeds and giving businesses more storage space to work with. It also supports very large
files.
• Security. The access control features of NTFS let administrators place permissions on
sensitive data, restricting access to certain users. It also supports encryption.
• Easy logging. The MFT logs and audits files on the drive, so administrators can track files
that have been deleted, added or changed in any way. NTFS is a journaling file system,
meaning it logs transactions in a file system journal.
• Reliability. Data and files can be quickly restored in the event of a system failure or error,
because NTFS maintains the consistency of the file system. It is a fault tolerant system and
has an MFT mirror file that the system can reference if the first MFT gets corrupted.
Disadvantages
• Limited OS compatibility. The main disadvantage of NTFS is limited OS compatibility; it
is read-only with non-Windows OSes.
• Limited device support. Many removable devices don't support NTFS, including Android
smartphones, DVD players and digital cameras. Some other devices don't support it either,
such as media players, smart TVs and printers.
• Mac OS X support. OS X devices have limited compatibility with NTFS drives; they can
read them but not write to them.
Differences between FAT12, FAT16, FAT32
• a FAT12 file system contains 1.5 bytes per cluster within the file allocation table.
Page 123 of 240
 • a FAT16 file system contains 2 bytes per cluster within the file allocation table.
• a FAT32 file system includes 4 bytes per cluster within the file allocation table.

System Cluster limit

FAT12 The amount of data clusters is less than 4087 clusters.

FAT16 The amount of data clusters is between 4087 and 65526 clusters, inclusive.

FAT32 The amount of data clusters is between 65526 and 268,435,456 clusters, inclusive.

How NTFS, FAT32 and exFAT differ?

Microsoft developed FAT32 before NTFS, making it the oldest of the three file systems. It is generally
considered less efficient than NTFS. It has a smaller 4 GB file size and 32 GB volumes in Windows.
FAT32 is easier to format than NTFS and simpler in other ways. Its file allocation table is a less
complex way to organize files than the MFT in NTFS. Because it's simpler to use, FAT 32 is more
compatible with non-Windows OSes and is used where NTFS generally isn't, such as smart TVs,
digital cameras and other digital devices. FAT32 works with every version of Mac, Linux and
Windows. As mentioned earlier, NTFS is read-only with Mac and Linux.
ExFAT was designed as an evolution of FAT32 and is the newest of the three file systems. It retains
the positive characteristics of FAT32 -- a lightweight, more flexible file allocation system -- while
overcoming some of its limitations. For example, FAT32 can only store files of up to 4 GB, while
exFAT can handle file sizes of 16 exabytes.
ExFAT does require additional software to work with Mac and Linux systems, but it is more
compatible with them than NTFS. It is ideal for when users need a larger file size than FAT32 but
has more compatibility than NTFS. The journaling file system in NTFS makes it possible to use the
journal to repair data corruption, something FAT cannot do. The MFT in NTFS holds more
information about the files being held than FAT's file allocation tables, making for better file indexing
and cluster organization.65

65
NT File system<https://www.techtarget.com/searchwindowsserver/definition/NTFS> accessed 16 July 2022
Page 124 of 240
3.13 Difference between FAT 32 and NTFS

Parameters FAT 32 NTFS

Full-Form The term FAT32 is an The term NTFS is an acronym for New
acronym for File Allocation Technology File System.
Table 32.

Structure FAT32 has a very simple NTFS comes with a very complex
structure. structure.

Maximum Size FAT32 has a maximum file NTFS has a maximum file size of 16 TB.
of Files size of 4 GB.

Maximum FAT32 supports a maximum NTFS supports a maximum of 255

Character of 83 characters. characters.
Support
provided in a
File Name

Security It comes with only network- It comes with both- network type and local
type security. securities.

Encryption It does not come encrypted. It comes encrypted with the EFS
(Encrypting File System).

Fault Tolerance The FAT32 does not provide NTFS comes with the system of automatic
fault tolerance. troubleshooting.

Compression It does not allow compression. It allows the compression of files.

User-level Disk It is not present in FAT32. It is present in NTFS.

Space

Page 125 of 240

Accessing FAT32 has a lower accessing NTFS has a comparatively higher accessing
Speed speed. speed than the other file systems.

Conversions FAT32 allows conversions. NTFS does not allow any conversions.

Compatibility It is compatible with Windows It is compatible with Windows NT,

with the OS 95, Windows 98, Windows Windows Vista, Windows XP,
2000, Windows 2003,
Windows XP, etc. Windows 7, Windows 2000, Windows 8,
Windows 10, Linux, macOS, etc.

Page 126 of 240

 Unit IV
The Internet
4.1 Evolution of Internet
The Internet is a short form for an interconnected network. It has become a vital part of our lives,
helping us connect with people worldwide. The Internet is made of a large number of independently
operated networks. It is fully distributed with no central control. Each independently-operated system
is motivated to ensure that there is end-to-end connectivity of every part of the network. The Internet
is simply a wire that runs underground and allows two computers to communicate with each other. A
server is a particular computer that is connected directly to the Internet. When we talk about specific
web pages, they are simply files that are stored on the server’s hard drive. Every server has a unique

protocol address or an IP address. IP addresses are essential for computers to find each other.

4.2 ARPANET
The U.S. Advanced Research Projects Agency Network (ARPANET) was the first public packet-
switched computer network. It was first used in 1969 and finally decommissioned in 1989.
ARPANET's main use was for academic and research purposes.Many of the protocols used by
computer networks today were developed for ARPANET, and it is considered the forerunner of the
modern internet.
History of ARPANET
ARPANET was introduced in the year 1969 by Advanced Research Projects Agency (ARPA) of US
Department of Defense. It was established using a bunch of PCs at various colleges and sharing of
information and messages was done. It was for playing as long separation diversions and individuals
were asked to share their perspectives. In the year 1980, ARPANET was handed over to different
military network, Defense Data Network.
Characteristics of ARPANET :

• It is basically a type of WAN.

• It used concept of Packet Switching Network.
• It used Interface Message Processors(IMPs) for sub-netting.
• ARPANETs software was split into two parts- a host and a subnet.
Advantages of ARPANET :
• ARPANET was designed to service even in a Nuclear Attack.
• It was used for collaborations through E-mails.
• It created an advancement in transfer of important files and data of defense.

Page 127 of 240

Limitations of ARPANET :
• Increased number of LAN connections resulted in difficulty handling.
• It was unable to cope-up with advancement in technology.

4.3 WWW (World Wide Web)

The World Wide Web is a network of online content that is formatted in HTML and accessed via
HTTP. The term refers to all the interlinked HTML pages that can be accessed over the internet. It is
technically all the web pages, videos, pictures and other online content that can be accessed via a web
browser. The world wide web, or WWW, was first created as a method to navigate the now extensive
system of connected computers. It was designed by Tim Berners-Lee through a rudimentary
hypertext program called Enquire.
The WWW is what most people think of as the internet. But as a matter of fact, the internet is the
underlying network connection that allows us to send an email and access the world wide web. Web
earlier was a collection of text-based sites hosted by organizations that were technically able enough
to set up a web server and learn HTML. Since then, it has only continued to evolve the original design,
and now includes many other useful elements like social media and user-generated content that
requires minimal technical skills to use.

Evolution of World Wide Web

World Wide Web (WWW) is a huge collection of hypertext pages on the Internet. The concept of
WWW was developed in Switzerland at the European Particle Research Centre (Known as CERN),
in the year 1989. The first text-based prototype was operational in 1991. in the month of December
1991, a public demonstration was given at Hypertext 91 conference in San Antonio, Texas (USA). In
the year 1993, the first graphical interface software package called Mosaic was released.
Hypertext enables you to read and navigate the text and visual information in a nonlinear way based
on what you want to know next, unlike a textbook where the subject is described continuously or
linearly. The Mosaic became so popular that a year later, the author of Mosaic namely, Marc
Andressen left the National Center for Supercomputing Applications, where Mosaic was developed
forming a company called Netscape Communications Corporation. This company developed the
clients, servers, and other Web software. In the year 1994, CERN and MIT of USA signed an
agreement setting up the World Wide Web Consortium, an organization devoted to further developing
the Web, standardizing protocols, and interoperability between sites. since this time, hundreds of
universities and companies have joined the Consortium.
Page 128 of 240
 Working of WWW66

In the first year after Mosaic was released the number of WWW servers grew from 100 to 7000. The
growth is expected to be exponential in the years to come and will probably be the force driving the
technology and use of the Internet into every walk of life of human beings.
All the Web servers on the Internet are collectively referred to as the World Wide Web. The @3
Consortium is the closest anyone gets to setting the standards for and enforcing rules about the
Worldwide Web. you can visit the Consortium's home page at http:/www.w3.org/. the second group
of organizations that influences the Web is the browser developers themselves, most notably Netscape
communications Corporation and Microsoft Corporation of USA.
To access the Web server, we use client software called a browser program. with a browser, we can
choose an element on the Web page, which can then cross-link us to computer animation, or play
sound, or show another Web page. The browser can even contact another Web server located across
the world.
Features of WWW:
• HyperText Information System
• Cross-Platform
• Distributed
• Open Standards and Open Source
• Uses Web Browsers to provide a single interface for many services
• Dynamic, Interactive and Evolving.
• “Web 2.0”

66
<https://www.youtube.com/watch?v=kyOyBE8qVw4> accessed 21 July 2022
Page 129 of 240
Components of the Web: There are 3 components of the web:
Uniform Resource Locator (URL): serves as a system for resources on the web.
1. HyperText Transfer Protocol (HTTP): specifies communication of browser and server.
2. Hyper Text Markup Language (HTML): defines the structure, organisation and content of a
webpage67.
4.4 Web Server
Web server is a computer where the web content is stored. Basically, web server is used to host the
web sites but there exists other web servers also such as gaming, storage, FTP, email etc.
Web site is collection of web pages while web server is a software that respond to the request for web
resources.
Web Server Working
Web server respond to the client request in either of the following two ways:
• Sending the file to the client associated with the requested URL.
• Generating response by invoking a script and communicating with database

Web Server 68

Key Points
• When client sends request for a web page, the web server search for the requested page if requested
page is found then it will send it to client with an HTTP response.

67
<https://www.geeksforgeeks.org/world-wide-web-www/> accessed 17 July 2022
68
<https://www.tutorialspoint.com/internet_technologies/web_servers.htm> accessed 21 July 2022
Page 130 of 240
• If the requested web page is not found, web server will the send an HTTP response: Error 404
Not found.
• If client has requested for some other resources then the web server will contact to the application
server and data store to construct the HTTP response.
Architecture
Web Server Architecture follows the following two approaches:
• Concurrent Approach
• Single-Process-Event-Driven Approach.
Concurrent Approach
Concurrent approach allows the web server to handle multiple client requests at the same time. It can
be achieved by following methods:
• Multi-process
• Multi-threaded
• Hybrid method.
* Multi-processing
In this a single process (parent process) initiates several single-threaded child processes and distribute
incoming requests to these child processes. Each of the child processes are responsible for handling
single request.
It is the responsibility of parent process to monitor the load and decide if processes should be killed
or forked.
* Multi-threaded
Unlike Multi-process, it creates multiple single-threaded process.
* Hybrid
It is combination of above two approaches. In this approach multiple process are created and each
process initiates multiple threads. Each of the threads handles one connection. Using multiple threads
in single process results in less load on system resources.69
4.5 Web Browser
The web browser is an application software to explore www (World Wide Web). It provides an
interface between the server and the client and requests to the server for web documents and services.
It works as a compiler to render HTML which is used to design a webpage. Whenever we search
anything on the internet, the browser loads a web page written in HTML, including text, links, images,

69
“Web Server”<https://www.tutorialspoint.com/internet_technologies/web_servers.htm> accessed 17 July 2022
Page 131 of 240
and other items such as style sheets and JavaScript functions. Google Chrome, Microsoft Edge,
Mozilla Firefox, Safari are examples of web browsers.
History of the web browser
The first web browser WorldWideWeb was invented in the year of 1990 by Tim Berners-Lee. Later,
it becomes Nexus. In the year of 1993, a new browser Mosaic was invented by Mark Andressen and
their team. It was the first browser to display text and images at a time on the device screen. He also
invents another browser Netscape in 1994. Next year Microsoft launched a web browser Internet
Explorer which was already installed in Windows operating system. After this many browsers were
invented with various features like Mozilla Firefox, Google Chrome, Safari, Opera, etc.
How does a web browser work?
A web browser helps to find information anywhere on the internet. It is installed on the client
computer and requests information from the webserver such a type of working model is called a
client-server model. Client-server model. The browser receives information through HTTP protocol.
In which transmission of data is defined. When the browser received data from the server, it is
rendered by HTML to user-readable form and, information displayed on the device screen.
Website Cookies: When we visited any website over the internet our web browser stores information
about us in small files called cookies. Cookies are designed to remember stateful information about
our browsing history. Some more cookies are used to remember about us like our interests, our
browsing patterns, etc. Websites show us ads based on our interests using cookies.
Some popular Web Browsers. There are some popular and most used web browsers like Google
Chrome, Mozilla Firefox, Microsoft Edge, Safari, etc.
Google Chrome - Google Chrome is the world’s most used web browser. In 77% of devices, Google
Chrome is used. This browser developed by Google in 2008 for Microsoft Windows. Later it used in
macOS, Linux, Android, iOS operating systems. It is a very reliable browser and available in 47
languages. The installation process of Google Chrome is very easy and free for everyone.
Mozilla Firefox - Mozilla Firefox also knows as the Firefox browser developed by the Mozilla
Foundation and the Mozilla Corporation in 2002. It is available on Linux, Microsoft Windows,
Android, and iOS operating systems. In the Linux system, the Mozilla Firefox is the default installed
browser.
4.6 Web Application
A web application is a computer program that utilizes web browsers and web technology to perform
tasks over the Internet. Millions of businesses use the Internet as a cost-effective communications
channel. It lets them exchange information with their target market and make fast, secure transactions.
However, effective engagement is only possible when the business is able to capture and store all the
necessary data, and have a means of processing this information and presenting the results to the user.
Page 132 of 240
Web applications use a combination of server-side scripts (PHP and ASP) to handle the storage and
retrieval of the information, and client-side scripts (JavaScript and HTML) to present information to
users. This allows users to interact with the company using online forms, content management
systems, shopping carts and more. In addition, the applications allow employees to create documents,
share information, collaborate on projects, and work on common documents regardless of location or
device.
The web application requires a web server to manage requests from the client, an application server
to perform the tasks requested, and, sometimes, a database to store the information. Application server
technology ranges from ASP.NET, ASP and ColdFusion, to PHP and JSP.
Flow of Web Application
1. User triggers a request to the web server over the Internet, either through a web browser or
the application’s user interface.
2. Web server forwards this request to the appropriate web application server.
3. Web application server performs the requested task – such as querying the database or
processing the data – then generates the results of the requested data.
4. Web application server sends results to the web server with the requested information or
processed data.
5. Web server responds back to the client with the requested information that then appears on
the user’s display.
Examples of a web application
Web applications include online forms, shopping carts, word processors, spreadsheets, video and
photo editing, file conversion, file scanning, and email programs such as Gmail, Yahoo and AOL.
Popular applications include Google Apps and Microsoft 365.
Google Apps for Work has Gmail, Google Docs, Google Sheets, Google Slides, online storage and
more. Other functionalities include online sharing of documents and calendars. This lets all team
members access the same version of a document simultaneously.
Benefits of a web application
• Web applications run on multiple platforms regardless of OS or device as long as the browser
is compatible
• All users access the same version, eliminating any compatibility issues
• They are not installed on the hard drive, thus eliminating space limitations
• They reduce software piracy in subscription-based web applications (i.e. SaaS)
• They reduce costs for both the business and end user as there is less support and maintenance
required by the business and lower requirements for the end user’s computer

Page 133 of 240

4.7 Web Service
A web service is any piece of software that makes itself available over the internet and uses a
standardized XML messaging system. XML is used to encode all communications to a web service.
For example, a client invokes a web service by sending an XML message, then waits for a
corresponding XML response. As all communication is in XML, web services are not tied to any one
operating system or programming language Java can talk with Perl; Windows applications can talk
with Unix applications.
Web services are self-contained, modular, distributed, dynamic applications that can be described,
published, located, or invoked over the network to create products, processes, and supply chains.
These applications can be local, distributed, or web-based. Web services are built on top of open
standards such as TCP/IP, HTTP, Java, HTML, and XML.
Web services are XML-based information exchange systems that use the Internet for direct
application-to-application interaction. These systems can include programs, objects, messages, or
documents.
A web service is a collection of open protocols and standards used for exchanging data between
applications or systems. Software applications written in various programming languages and running
on various platforms can use web services to exchange data over computer networks like the Internet
in a manner similar to inter-process communication on a single computer. This interoperability (e.g.,
between Java and Python, or Windows and Linux applications) is due to the use of open standards.
To summarize, a complete web service is, therefore, any service that
• Is available over the Internet or private (intranet) networks
• Uses a standardized XML messaging system
• Is not tied to any one operating system or programming language
• Is self-describing via a common XML grammar
• Is discoverable via a simple find mechanism

Components of Web Services

The basic web services platform is XML + HTTP. All the standard web services work using the
following components
• SOAP (Simple Object Access Protocol)
• UDDI (Universal Description, Discovery and Integration)
• WSDL (Web Services Description Language)
All these components have been discussed in the Web Services Architecture chapter.

Page 134 of 240

Working of a Web Service
A web service enables communication among various applications by using open standards such as
HTML, XML, WSDL, and SOAP. A web service takes the help of
• XML to tag the data
• SOAP to transfer a message
• WSDL to describe the availability of service.
You can build a Java-based web service on Solaris that is accessible from your Visual Basic program
that runs on Windows.
You can also use C# to build new web services on Windows that can be invoked from your web
application that is based on JavaServer Pages (JSP) and runs on Linux.
Example
Consider a simple account-management and order processing system. The accounting personnel use
a client application built with Visual Basic or JSP to create new accounts and enter new customer
orders.
The processing logic for this system is written in Java and resides on a Solaris machine, which also
interacts with a database to store information.
The steps to perform this operation are as follows
1. The client program bundles the account registration information into a SOAP message.
2. This SOAP message is sent to the web service as the body of an HTTP POST request.
3. The web service unpacks the SOAP request and converts it into a command that the
application can understand.
4. The application processes the information as required and responds with a new unique account
number for that customer.
5. Next, the web service packages the response into another SOAP message, which it sends back
to the client program in response to its HTTP request.
6. The client program unpacks the SOAP message to obtain the results of the account registration
process.70
4.8 Website
A website is a collection of publicly accessible, interlinked Web pages that share a single domain
name. Websites can be created and maintained by an individual, group, business or organization to
serve a variety of purposes.
Together, all publicly accessible websites constitute the World Wide Web.

70
Web service <https://www.tutorialspoint.com/webservices/what_are_web_services.htm> accessed 17 July 2022
Page 135 of 240
Although it is sometimes called “web page,” this definition is wrong, since a website consists of
several webpages. A website is also known as a “web presence” or simply “site”.
Websites come in a nearly endless variety, including educational sites, news sites, porn sites, forums,
social media sites, e-commerce sites, and so on. The pages within a website are usually a mix of text
and other media. That said, there are no rules dictating the form of a website.
A person could create a website of nothing but black and white photos of roses, or the word "cat"
linked to another Web page with the word "mouse." However, many sites follow a standard pattern
of a homepage that links off to other categories and content within the website.
The homepage (or simply "home”) represents the main page of the site itself. Frequently, the
homepage is a sort of “hub” from which all other pages can be accessed. An internal web page to
which several other pages are linked in a coherent structure (such as a specific category of topics) is
instead called a “parent page.”
Every page is a single HTML document, and all of them are connected through hyperlinks (or simply
“link”) which can be combined in a navigation bar for ease of use.
The navigation bar is displayed on every page rather than just the homepage, and allows the user to
quickly move across the main website’s structure.
Another important section of most websites is the footer, which is another recurring section that is
found at the bottom of every page. Usually the footer contains external links pointing to similar
websites and other external resources, together with other vital info such as disclaimers, links to the
terms of service, privacy policy and contact pages, as well as the physical address of the company
that owns the site.
Websites are hosted on servers, and require a web browser such as Chrome, Firefox, or Internet
Explorer to be visited (either on a computer or mobile device).
A website can be accessed directly by entering its URL address or by searching it on a search engine
such as Google or Bing.
Originally, websites were categorized by their top-level domains. Some examples include:
• Government agency websites = .gov
• Educational institutions websites = .edu
• Nonprofit organizations’websites = .org
• Commercial websites = .com
• Information sites = .info
Although these top-level domains extensions still exist, they say little about a website's actual content.
In modern days ’internet, the ".com" extension is by far the most popular domain, together with many
other country-specific extensions (.it, de.co.uk, .fr, etc.).

Page 136 of 240

The first website was created in 1990 by Tim Berners-Lee, a British physicist at CERN. 3 years later,
in 1993, CERN announced that everyone could access and use the World Wide Web for free71.
4.9 Webpages
Web page is a document available on world wide web. Web Pages are stored on web server and can
be viewed using a web browser.
A web page can contain huge information including text, graphics, audio, video and hyper-links.
These hyper-links are the link to other web pages.
Collection of linked web pages on a web server is known as website. There is unique Uniform
Resource Locator (URL) is associated with each web page.
Static Web page
Static web pages are also known as flat or stationary web page. They are loaded on the client’s
browser as exactly they are stored on the web server. Such web pages contain only static information.
User can only read the information but can’t do any modification or interact with the information.
Static web pages are created using only HTML. Static web pages are only used when the information
is no more required to be modified.

Static web page72

Dynamic Web page
Dynamic web page shows different information at different point of time. It is possible to change a
portion of a web page without loading the entire web page. It has been made possible using Ajax
technology.
Server-side dynamic web page
It is created by using server-side scripting. There are server-side scripting parameters that determine
how to assemble a new web page which also include setting up of more client-side processing.

71
Website<https://www.techopedia.com/definition/5411/website> accessed 17 July 2022
72
<https://www.tutorialspoint.com/internet_technologies/images/internet-static_web_page.jpg> accessed 21 July 2022
Page 137 of 240
Client-side dynamic web page
It is processed using client-side scripting such as JavaScript. And then passed in to Document Object
Model (DOM).

Dynamic web page73

Scripting Languages
Scripting languages are like programming languages that allow us to write programs in form of script.
These scripts are interpreted not compiled and executed line by line.
Scripting language is used to create dynamic web pages.
Client-side Scripting
Client-side scripting refers to the programs that are executed on client-side. Client-side scripts
contains the instruction for the browser to be executed in response to certain user’s action.
Client-side scripting programs can be embedded into HTML files or also can be kept as separate files.

73
<https://www.tutorialspoint.com/internet_technologies/web_pages.htm> accessen 21 July 2022
Page 138 of 240
Following table describes commonly used Client-Side scripting languages:

S.N. Scripting Language Description

JavaScript
1 It is a prototype based scripting language. It inherits its naming conventions from java. All
java script files are stored in file having .js extension.

ActionScript
2 It is an object oriented programming language used for the development of websites and
software targeting Adobe flash player.

Dart
3 It is an open source web programming language developed by Google. It relies on source-to-
source compiler to JavaScript.

VBScript
4 It is an open source web programming language developed by Microsoft. It is superset of
JavaScript and adds optional static typing class-based object oriented programming.

Server-side Scripting
Sever-side scripting acts as an interface for the client and also limit the user access the resources on
web server. It can also collects the user’s characteristics in order to customize response.

Page 139 of 240

 Following table describes commonly used Server-Side scripting languages74:

S.N. Scripting Language Description

ASP
Active Server Pages (ASP)is server-side script engine to create dynamic web pages. It
1
supports Component Object Model (COM) which enables ASP web sites to access
functionality of libraries such as DLL.

ActiveVFP
2 It is similar to PHP and also used for creating dynamic web pages. It uses native Visual
Foxpro language and database.

ASP.net
3
It is used to develop dynamic websites, web applications, and web services.

Java
4 Java Server Pages are used for creating dynamic web applications. The Java code is
compiled into byte code and run by Java Virtual Machine (JVM).

Python
It supports multiple programming paradigms such as object-oriented, and functional
5
programming. It can also be used as non-scripting language using third party tools such as
Py2exe or Pyinstaller.

WebDNA
6
It is also a server-side scripting language with an embedded database system.

4.10 Hypertext Markup Language

HTML (Hypertext Markup Language) is a text-based approach to describing how content contained
within an HTML file is structured. This markup tells a web browser how to display text, images and
other forms of multimedia on a webpage.
HTML is a formal recommendation by the World Wide Web Consortium (W3C) and is generally
adhered to by all major web browsers, including both desktop and mobile web browsers. HTML5 is
the latest version of the specification.

74
Web pages<https://www.tutorialspoint.com/internet_technologies/web_pages.htm> accessed 17 July 2022
Page 140 of 240
How HTML works?
HTML is a text file containing specific syntax, file and naming conventions that show the computer
and the web server that it is in HTML and should be read as such. By applying these HTML
conventions to a text file in virtually any text editor, a user can write and design a basic webpage, and
then upload it to the internet.
The most basic of HTML conventions is the inclusion of a document type declaration at the beginning
of the text file. This always comes first in the document, because it is the piece that affirmatively
informs a computer that this is an HTML file. The document header typically looks like this:
<!DOCTYPE html>. It should always be written that way, without any content inside it or breaking
it up. Any content that comes before this declaration will not be recognized as HTML by a computer.
Doctypes are not just used for HTML, they can apply to the creation of any document that uses
SGML (Standard Generalized Markup Language). SGML is a standard for specifying a specific
markup language being used. HTML is one of several markup languages that SGML and doctype
declarations apply to.
The other critical requirement for creating an HTML file is saving it with a .html file extension.
Whereas the doctype declaration signals HTML to the computer from the inside of the file, the file
extension signals HTML to the computer from the outside of the file. By having both, a computer can
tell that it's an HTML file whether it's reading the file or not. This becomes especially important when
uploading the files to the web, because the web server needs to know what to do with the files before
it can send them to a client computer for the inner contents to be read.
After writing the doctype and saving as an HTML file, a user can implement all the other syntactic
tools of HTML to customize a web page. Once finished, they will likely have several HTML files
corresponding to various pages of the website. It's important that the user uploads these files in the
same hierarchy that they saved them in, as each page references the specific file paths of the other
pages, enabling links between them. Uploading them in a different order will cause links to break and
pages to be lost, because the specified file paths will not match the pages.
Basic elements of HTML?
Using HTML, a text file is further marked up with additional text describing how the document should
be displayed. To keep the markup separate from the actual content of the HTML file, there is a special,
distinguishing HTML syntax that is used. These special components are known as HTML tags. The
tags can contain name-value pairs known as attributes, and a piece of content that is enclosed within
a tag is referred to as an HTML element.
HTML elements always have opening tags, content in the middle and closing tags. Attributes can
provide additional information about the element and are included in the opening tag. Elements can
be described in one of two ways:
Page 141 of 240
 • Block-level elements start on a new line in the document and take up their own space.
Examples of these elements include headings and paragraph tags.
• Inline elements do not start on a new line in the document and only take up necessary space.
These elements usually format the contents of block-level elements. Examples of inline
elements include hyperlinks and text format tags.
watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.
</div></div>
Pros and cons of HTML
Pros of using HTML include:
• Is widely adopted with a large amount of resources available.
• Is natively run on every browser.
• Is relatively easy to learn.
• Has a clean and consistent source code.
• Is open source and free to use.
• Can be integrated with other backend programming languages such as PHP.
A few cons to consider are:
• Does not have very dynamic functionality and is mainly used for static web pages.
• All components must be created separately even if they use similar elements.
• Browser behavior can be unpredictable. For example, older browsers may not be compatible
with newer features.
Commonly used HTML tags
HTML tags dictate the overall structure of a page and how the elements within them will be displayed
in the browser. Commonly used HTML tags include:
• <h1> which describes a top-level heading.
• <h2> which describes a second-level heading.
• <p> which describes a paragraph.
• <table> which describes tabular data.
• <ol> which describes an ordered list of information.
• <ul> which describes an unordered list of information.
As mentioned, there are opening and closing tags that surround the content they are augmenting. An
opening tag looks like this: <p>. A closing tag is the same but contains a backslash in it to indicate
that it's the end of the given HTML element. Closing tags look like this: </p>.

Page 142 of 240

How to use and implement HTML?
Because HTML is completely text-based, an HTML file can be edited simply by opening it up in a
program such as Notepad++, Vi or Emacs. Any text editor can be used to create or edit an HTML file
and, so long as it is named with an .html file extension, any web browser -- such as Chrome or Firefox
-- will be capable of displaying the file as a webpage.
For professional software developers, there are a variety of WYSIWYG editors to develop
webpages. NetBeans, IntelliJ, Eclipse and Microsoft's Visual Studio provide WYSIWYG editors as
either plugins or as standard components, making it incredibly easy to use and implement HTML.
These WYSIWYG editors also provide HTML troubleshooting facilities, although modern web
browsers often contain web developer plugins that will highlight problems with HTML pages, such
as a missing closing tag or syntax that does not create well-formed HTML.
Chrome and Firefox both include HTML developer tools that allow for the immediate viewing of a
webpage's complete HTML file, along with the ability to edit HTML on the fly and immediately
incorporate changes within the internet browser.
HTML, CSS and JavaScript
HTML is used to create webpages but does experience limitations when it comes to fully responsive
components. Therefore, HTML should only be used to add text elements and structure them within a
page. For more complex features, HTML can be combined with cascading style sheets (CSS) and
JavaScript (JS).
An HTML file can link to a cascading style sheet or JS file -- usually at the top of the document with
a specified file path -- which will contain information about which colors to use, which fonts to use
and other HTML element rendering information. JavaScript also allows developers to include more
dynamic functionality, such as pop-ups and photo sliders, in a webpage. Tags called class attributes
are used to match HTML elements to their corresponding CSS or JS elements.
For example, if a user wants the color of a certain amount of text to be red, they can write code in the
CSS file with an accompanying class attribute that turns text red. Then they can place the associated
class attribute on all the pieces of text they want to be red in the HTML sheet. The same basic method
applies to JS sheets, with different functions.
Separating information about how a page is structured, the role of HTML, from the information about
how a webpage looks when it is rendered in a browser is a software development pattern and best
practice known as separation of concerns.

Page 143 of 240

History and development
In the early days of the world wide web, marking up text-based documents using HTML syntax was
more than sufficient to facilitate the sharing of academic documents and technical memos. However,
as the internet expanded beyond the walls of academia and into the homes of the general population,
greater demand was placed on webpages in terms of formatting and interactivity.
HTML 4.01 was released in 1999, at a time when the internet was not yet a household name,
and HTML5 was not standardized until 2014. During this time, HTML markup drifted from the job
of simply describing the document structure of webpage content into the role of also describing how
content should look when a webpage displays it.
As a result, HTML4-based webpages often included information within a tag about what font to use
when displaying text, what color should be used for the background and how content should be
aligned. Describing within an HTML tag how an HTML element should be formatted when rendered
on a webpage is considered an HTML antipattern. HTML should generally describe how content is
structured, not how it will be styled and rendered within a browser. Other markup languages are better
suited to this task.
One major difference between HTML4 and HTML5 is that the separation of concerns pattern is more
rigorously enforced in HTML5 than it was in HTML4. With HTML5, the bold <b> and italicize <i>
tags have been deprecated. For the paragraph tag, the align attribute has been completely removed
from the HTML specification.
HTML versions
The following is a list of HTML versions and the years they were created. Several iterations of each
version have been released over time. This list aims to focus on significant iterations.
• HTML 1.0 -- released in 1992 -- had very limited capability and around 20 elements.
• HTML 2.0 -- released in 1995 -- began to incorporate elements relating to math functions.
• HTML 3.2 -- released in 1996 -- dropped the math function initiative altogether, and fixed
overlap between various proprietary extensions.
• HTML 4.0 -- released in 1997 -- offered three variations which differed in the number of
deprecated elements that were allowed.
• HTML 4.01 -- released in 1999 -- largely the same as 4.0.
• HTML 5 -- released in 2014 -- came after a long break in updates because the organization
that developed it -- W3C -- was focusing on another, parallel language called XHTML.
• HTML 5.1 -- released in 2016 -- aimed to more easily accommodate various types of media
embedding with new tags.
• HTML 5.2 -- released in 2017 -- aimed to be equally understandable by humans and
computers.
Page 144 of 240
 • HTML 5.3 -- yet to be released -- W3C is collaborating with WHATWG on a new version.
The collaboration began in 2019.

Features of HTML5
HTML5 introduces several elements to increase interactivity, multimedia capabilities and semantic
efficiency. Instead of using plugins, multimedia can be placed within the HTML code. These elements
include:

• Graphics elements:
• <canvas>, which creates a blank rectangular space in which web designers can draw using
JavaScript.

• <svg>, which is a container for scalable vector graphics (SVG).

• Semantic elements:
• <header>, which creates a header at the top of the page.
• <footer>, which creates a footer at the bottom of the page.
• <article>, which creates an area for independent content.
• <section>, which defines sections and subsections such as chapters, or headers and footers when
more than one are necessary.

• <nav>, which creates a navigation menu.

• Multimedia elements:
• <audio>, which describes MP3 files, WAV files and OGG files in HTML.
• <video>, which describes MP4, WebM and OGG video types.
• Attributes that apply to the <form> element, which creates an area for user input on the web page.
These include number, date, calendar and range.

• Other main features of HTML5 include:

• Elimination of outmoded or redundant attributes.
• Offline editing.
• The ability to drag and drop between HTML5 documents.
• Messaging enhancements.
• Detailed parsing

Page 145 of 240

• MIME and protocol handler registration.
• A common standard for storing data in SQL databases (Web SQL).
• Application program interfaces (API) for complex applications.
• Accommodations for mobile device app development.
• MathML for mathematical and scientific formulas.
While the addition of these features represents an effort to support multimedia embedding, changes
to the HTML specification demonstrate the desire of the community for HTML to return to its original
purpose of describing the structure of content. Basically, more structural features have been added,
while several format-centric features have been deprecated. For the purpose of backward-
compatibility, web browsers will continue to support deprecated HTML tags, but eventually HTML
will be mainly structure-based.
HTML syntax standards
In the following HTML example, there are two HTML elements. Both elements use the same
paragraph tag, designated with the letter p, and both use the directional attribute dir, although a
different attribute value is assigned to the HTML attribute's name-value pairing, namely rtl and ltr.
Notice that when this HTML snippet is rendered in a browser, the HTML tags impact how each
HTML element is displayed on the page, but none of the HTML tags or attributes are displayed.
HTML simply describes how to render the content. The HTML itself is never displayed to the end
user.
In order for a web browser to display an HTML page without error, it must be provided with well-
formed HTML. To be well-formed, each HTML element must be contained within an opening tag --
<p> -- and a closing tag -- </p>. Furthermore, any new tag opened within another tag must be closed
before the containing tag is closed. So, for example, <h1><p>well-formed HTML</p></h1> is well-
formed HTML, while <h1><p>well-formed HTML</h1></p> is not well-formed HTML.
Another syntax rule is that HTML attributes should be enclosed within single or double quotes. There
is often debate about which format is technically correct, but the World Wide Web Consortium asserts
that both approaches are acceptable.
The best advice for choosing between single and double quotes is to keep the usage consistent across
all the documents. HTML style-checkers can be used to enforce consistent use across pages. It should
be noted that sometimes using a single quote is required, such as in an instance where an attribute
value actually contains a double quote character. The reverse is true as well.
It's important to note as well that the language HTML works with is basic English. Non-English
characters -- or letters -- such as Chinese, or special symbols -- like letters with accent marks -- may

Page 146 of 240

not display correctly on a webpage by default. In order to accommodate special character sets, users
need to specify the character encoding with an element that looks like this: <meta charset="utf-8"/>.
In this case, utf-8 is the character set. Utf-8 is HTML's default English charset75.
4.11 XML (Extensible Markup Language)
XML stands for Extensible Markup Language. It is a text-based markup language derived from
Standard Generalized Markup Language (SGML).
XML tags identify the data and are used to store and organize the data, rather than specifying how to
display it like HTML tags, which are used to display the data. XML is not going to replace HTML in
the near future, but it introduces new possibilities by adopting many successful features of HTML.
There are three important characteristics of XML that make it useful in a variety of systems and
solutions −
• XML is extensible − XML allows you to create your own self-descriptive tags, or language,
that suits your application.
• XML carries the data, does not present it − XML allows you to store the data irrespective
of how it will be presented.
• XML is a public standard − XML was developed by an organization called the World Wide
Web Consortium (W3C) and is available as an open standard.
XML Usage
A short list of XML usage says it all −
• XML can work behind the scene to simplify the creation of HTML documents for large web
sites.
• XML can be used to exchange the information between organizations and systems.
• XML can be used for offloading and reloading of databases.
• XML can be used to store and arrange the data, which can customize your data handling needs.
• XML can easily be merged with style sheets to create almost any desired output.
• Virtually, any type of data can be expressed as an XML document.
What is Markup?
XML is a markup language that defines set of rules for encoding documents in a format that is both
human-readable and machine-readable. So, what exactly is a markup language? Markup is
information added to a document that enhances its meaning in certain ways, in that it identifies the
parts and how they relate to each other. More specifically, a markup language is a set of symbols that
can be placed in the text of a document to demarcate and label the parts of that document.

75
Ben Lutkevich,,”HTML”<https://www.theserverside.com/definition/HTML-Hypertext-Markup-Language> accessed
17 Jul 2022
Page 147 of 240
Following example shows how XML markup looks, when embedded in a piece of text −
<message>
<text>Hello, world!</text>
</message>
This snippet includes the markup symbols, or the tags such as <message>...</message> and <text>...
</text>. The tags <message> and </message> mark the start and the end of the XML code fragment.
The tags <text> and </text> surround the text Hello, world!.
Is XML a Programming Language?
A programming language consists of grammar rules and its own vocabulary which is used to create
computer programs. These programs instruct the computer to perform specific tasks. XML does not
qualify to be a programming language as it does not perform any computation or algorithms. It is
usually stored in a simple text file and is processed by special software that is capable of interpreting
XML.76
4.12 Hypertext Transfer Protocol Secure (HTTPS)
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary
protocol used to send data between a web browser and a website. HTTPS is encrypted in order to
increase security of data transfer. This is particularly important when users transmit sensitive data,
such as by logging into a bank account, email service, or health insurance provider.
Any website, especially those that require login credentials, should use HTTPS. In modern web
browsers such as Chrome, websites that do not use HTTPS are marked differently than those that are.
Look for a green padlock in the URL bar to signify the webpage is secure. Web browsers take HTTPS
seriously; Google Chrome and other browsers flag all non-HTTPS websites as not secure.

You can use the Cloudflare Diagnostic Center to check if a website is using HTTPS.

How does HTTPS work?

HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport
Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This protocol

76
XML<https://www.tutorialspoint.com/xml/xml_overview.htm> accessed 17 July 2022
Page 148 of 240
secures communications by using what’s known as an asymmetric public key infrastructure. This type
of security system uses two different keys to encrypt communications between two parties:
• The private key - this key is controlled by the owner of a website and it’s kept, as the reader
may have speculated, private. This key lives on a web server and is used to decrypt
information encrypted by the public key.
• The public key - this key is available to everyone who wants to interact with the server in a
way that’s secure. Information that’s encrypted by the public key can only be decrypted by the
private key.

Why is HTTPS important? What happens if a website doesn’t have HTTPS?

HTTPS prevents websites from having their information broadcast in a way that’s easily viewed by
anyone snooping on the network. When information is sent over regular HTTP, the information is
broken into packets of data that can be easily “sniffed” using free software. This makes
communication over the an unsecure medium, such as public Wi-Fi, highly vulnerable to interception.
In fact, all communications that occur over HTTP occur in plain text, making them highly accessible
to anyone with the correct tools, and vulnerable to on-path attacks.
With HTTPS, traffic is encrypted such that even if the packets are sniffed or otherwise intercepted,
they will come across as nonsensical characters. Let’s look at an example:
Before encryption:
This is a string of text that is completely readable
After encryption:
ITM0IRyiEhVpa6VnKyExMiEgNveroyWBPlgGyfkflYjDaaFf/Kn3bo3OfghBPDWo6AfSHlNtL8
N7ITEwIXc1gU5X73xMsJormzzXlwOyrCs+9XCPk63Y+z0=

If websites without HTTPS, it is possible for Internet service providers (ISPs) or other intermediaries
to inject content into webpages without the approval of the website owner. This commonly takes the
form of advertising, where an ISP looking to increase revenue injects paid advertising into the
webpages of their customers. Unsurprisingly, when this occurs, the profits for the advertisements and
the quality control of those advertisements are in no way shared with the website owner. HTTPS
eliminates the ability of unmoderated third parties to inject advertising into web content77.

77
“What is HTTPS?”<https://www.cloudflare.com/en-in/learning/ssl/what-is-https/> accessed 17 July 2022
Page 149 of 240
4.13 Universal Resource Locator
A Uniform Resource Locator (URL), otherwise known as a Universal Resource Locator, is the
address of a resource on the Internet and the protocol used to access it.
It indicates the location of a web resource like a street address indicates where a person lives
physically because of this, an URL is often referred to as: “web address”.
A URL contains the following information:
• The protocol used to access the resource.
• The location of the server (whether by IP address or domain name).
• The port number on the server (optional).
• The location of the resource in the directory structure of the server.
• A fragment identifier (Optional).
So, the format will look like this:
scheme://location:port/file-on-server.htm?querystring=1
This looks more complex than it actually is. The most common schemes (protocols) are HTTP and
HTTPS, which any www-user will recognize. The location of the server is generally a domain name,
such as Google.com.
Given this, the following URLs are much simpler to understand:
http://www.google.com/default.htm
https://www.google.com/default.htm
Both these URLs indicate that there is a file named default.htm on a server with the address of
"google.com". One uses regular HTTP, while the other uses a secure version of this scheme.
Two common elements of confusion about URLs:
The "www" isn’t always part of the technical protocol. Websites just started using this to indicate the
user is using the World Wide Web. This is why if you go to http://google.com, it redirects to
http://www.google.com. However, how the domain name is set up is based on how the web server
and network administrators set it up in the backend.
Most users access the internet via a web browser, which inserts port 80 on HTTP connections behind
the scenes. This is why if you go to http://www.google.com:80, you will see the same website as if
there were no port number. A different network port could still be specified to make the connection
to a particular destination. You can append user input, query parameters, or values to a URL
depending on the configuration of the web server where that particular resource is hosted on.
Finally, the following URL demonstrates a fragment identifier, more commonly known as a query
string:
<http://www.google.com/some-page?search=hello>

Page 150 of 240

This is saying that to use the HTTP protocol to send a request to the web resource (at google.com
over port 80) passing into the resource a list of required input parameters via a set of key/value pairs.
The key is the variable name (“hello”) and the value is the input ("some-page").
This is why you'll sometimes see an extremely long URL as many variables are being sent to the web
server in more interactive Web applications or dynamic pages like a search engine.
A broad range of other fragments is also used to specify the details of a destination, such as the #
(hashtag) that directs the user to a specific view of a page.
For example, the #Examples fragment in this URL redirect the user to the “Examples” section of the
Fragment Identifier page in the Wikipedia:
https://en.wikipedia.org/wiki/Fragment_identifier#Examples
URLs can be redirected or forwarded to a different URL in several ways, the most common of which
are 301 (permanent) and 302 (temporary). URL redirection is used to ensure that a visitor doesn’t end
up on a 404 page, or to substitute an old or obsolete page with a new one with a different URL.
URLs can also be shortened by activating a shortening service that uses a redirect on a short-named
domain. This is particularly useful in case of lengthy URLs containing many queries.
Tim Berners-Lee and the Internet Engineering Task Force working group is credited with developing
the URL in 1994. It is formally specified in RFC 1738.78
4.14 IP Address
IP addresses are one of the fundamental building blocks of the internet, but could pose a potential
security liability, if an attacker were to get ahold of yours.
An IP address is a long string of numbers assigned to every device connected to a network that uses
Internet Protocol as the medium for communication; it’s the digital world’s equivalent of the mailing
address associated with your home or workplace.
The way Internet Protocol works is that information is transmitted over the network in discrete chunks
called packets; each packet is mostly made up of whatever data the sender is trying to communicate,
but also includes a header, consisting of metadata about that packet.
Among other pieces of data stored in the packet header are the IP address of the device that sent the
packet and the IP address of device where the packet is heading. Routers and other network
infrastructure use this information to make sure the packets get to where they’re supposed to go.

78
Anju Tai,”Uniform Resource Locator”<https://www.techopedia.com/definition/1352/uniform-resource-locator-url>
accessed 17 July 2022
Page 151 of 240
How does DNS match domain names to IP addresses?
Nobody types IP addresses into a browser search field; we use domain names like Network World,
CNN or Twitter. The Domain Name System, or DNS, another part of the Internet protocol suite,
makes sure that requests made using domain names reach the correct IP address.
You can think of DNS as representing a more user-friendly layer on top of the IP-address
infrastructure. However, the IP address remains the fundamental way that internet-connected devices
are found, and in some circumstances a domain name can correspond to multiple servers with
different IP addresses.

What is the difference between IPv4 and IPv6 addresses?

There are two versions of IP addresses: IPv4 and IPv6, and they have different formats, the major
difference between them being that it’s possible to create vastly more unique IPv6 addresses (2128)
than IPv4 addresses (232).
IPv4 addresses are written in four parts separated by dots like this: 45.48.241.198. Each part written
in conventional Base 10 numerals represents an eight-bit binary number from 0 to 255.
Each of these four numbers separated by dots is written in standard decimal notation. But computers
fundamentally deal with numbers in binary (using zeroes and ones, and each of the numbers in an
IPv4 address represents an 8-bit binary number, which means that none of them can be higher than
255 (111111 in binary).
How is an IP address assigned?
As the International Assigned Numbers Authority (IANA) puts it, “Both IPv4 and IPv6 addresses are
generally assigned in a hierarchical manner,” and IANA is at the top of the hierarchy. IANA assigns
blocks of IP addresses to regional internet registries (you can see which address ranges go with which
regions here).
The regional registries in turn assign smaller blocks to national registries, and so on down the line,
with blocks eventually being assigned to individual internet service providers (ISP), which in this
context include mobile phone companies. It’s the ISPs that assign specific IP addresses to individual
devices, and there are a couple of ways they can do this.
What’s the difference between static vs. dynamic IP addresses?
A static IP address is one that’s been assigned by an ISP to a device and is guaranteed to remain
constant. If your computer’s address is 45.48.241.198, it will stay that way as long as you want it to.
Static IP addresses are important for devices that need to be easily found on the internet, like web
servers or gaming servers. Generally speaking, an ISP will charge a customer extra for an assigned
static IP address.

Page 152 of 240

From the perspective of the ISP, which has a limited number of IPv4 addresses to hand out, one
downside of leasing a static address is that the address is unavailable to anyone else. But the huge
majority of end users only need an address when they’re actually accessing the internet. For those
users, ISPs assign dynamic IP addresses, basically handing out a new address to a device every time
it connects to the network, and putting that address back into a pool of available addresses when the
device disconnects. This technique helps conserve IP addresses. If an ISP has a million customers but
only half are online at given time, the ISP doesn’t need a million addresses in its pool.
For IPv4 networks, the process of assigning IP addresses dynamically is governed by the Dynamic
Host Configuration Protocol, (DHCP), which, among other things, automates most of the process and
ensures that no two devices are assigned the same address at the same time.

IPv6 was designed to support stateless IP address autoconfiguration (SLAAC), in which a device
itself essentially grabs an address from the available pool when it connects to the network. However,
there’s also DHCPv6, an updated version of the DHCP protocol that keeps more control in the hands
of network providers.
What are public vs. private IP addresses?
So far, we have been talking about IP addresses and potentially running out of them as if there were
one set of addresses for the entire planet, with no repeats. But that’s not strictly true. In fact, it’s
probably not true for most devices you use in a day-to-day basis and not all of the 4.3 billion IPv4
addresses are available to publicly connected devices.
A typical home or corporate network connects to the public internet via a router, and it’s this router
that’s assigned an IP address by the ISP. From the perspective of the outside world, all traffic from
devices on that local network are coming from that public IP address; but inside the network, each
device (including the router) has a local private IP address, usually assigned by the router via DHCP.
These addresses are considered private because they’re only used for directing packets within the
local, private network, and can’t be seen by anyone outside the network. As result, the same IP address
can be used on an infinite number of private networks without causing confusion. In fact, there are
blocks of IP addresses specifically set aside for use on these private networks. (For small home
networks, addresses starting with 192.168 are quite common.)
The job of the router is to alter the origin and destination IP addresses in each packet’s headers as
needed as it passes between the private network and the public internet, a process known as network
address translation, or NAT.
There are several methods for doing this. One common way is to associate each device on the internal
network with a network port that is listed in the packet header. That port information determines the

Page 153 of 240

final destinations of incoming packets that have all been addressed to the public-facing IP address
assigned to the router.
This discussion is specific to IPv4 addresses, and the boom in local networks has been in a big factor
in staving off a total IPv4 address drought even as network-connected devices multiply in every home.
IPv6 addresses, on the other hand, are so plentiful that it’s assumed that these kinds of private
networks will be unnecessary after universal IPv6 adoption. However, if you want to set up a private
internal IPv6 network that connects to the internet via IPv4, there are also private IPv6 address
ranges you can use.

4.15 Domain Name System (DNS)

DNS is a directory service that provides a mapping between the name of a host on the network and
its numerical address. DNS is required for the functioning of the internet. Each node in a tree has a
domain name, and a full domain name is a sequence of symbols specified by dots.
DNS is a service that translates the domain name into IP addresses. This allows the users of networks
to utilize user-friendly names when looking for other hosts instead of remembering the IP addresses.
For example, suppose the FTP site at EduSoft had an IP address of 132.147.165.50, most people
would reach this site by specifying ftp.EduSoft.com. Therefore, the domain name is more reliable
than IP address.
DNS is a TCP/IP protocol used on different platforms. The domain name space is divided into three
different sections: generic domains, country domains, and inverse domain.

Generic Domains79

• It defines the registered hosts according to their generic behavior.

• Each node in a tree defines the domain name, which is an index to the DNS database.

79
<https://www.javatpoint.com/computer-network-dns> accessed 21 July 2022
Page 154 of 240
• It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and Aerospace Companies

biz Businesses or Firms

com Commercial Organizations

coop Cooperative Business Organizations

edu Educational Institutions

gov Government Institutions

info Information Service Providers

int International Organizations

mil Military groups

museum Museum & other Nonprofit Organizations

name Personal Names

net Network Support centers

org Nonprofit Organizations

pro Professional Individual Organizations

Page 155 of 240

 Country Domain80
The format of country domain is same as a generic domain, but it uses two-character country
abbreviations (e.g., us for the United States) in place of three character organizational abbreviations.
Inverse Domain
The inverse domain is used for mapping an address to a name. When the server has received a request
from the client, and the server contains the files of only authorized clients. To determine whether the
client is on the authorized list or not, it sends a query to the DNS server and ask for mapping an
address to the name.
Working of DNS
• DNS is a client/server network communication protocol. DNS clients send requests to the. server
while DNS servers send responses to the client.
• Client requests contain a name which is converted into an IP address known as a forward DNS
lookups while requests containing an IP address which is converted into a name known as reverse
DNS lookups.
• DNS implements a distributed database to store the name of all the hosts available on the internet.
• If a client like a web browser sends a request containing a hostname, then a piece of software such
as DNS resolver sends a request to the DNS server to obtain the IP address of a hostname. If DNS

80
<https://www.tutorialride.com/images/computer-network/country-domain.jpeg> accessed 21 July 2022
Page 156 of 240
 server does not contain the IP address associated with a hostname, then it forwards the request to
another DNS server. If IP address has arrived at the resolver, which in turn completes the request
over the internet protocol.81
4.16 Search Engine
Search Engine refers to a huge database of internet resources such as web pages, newsgroups,
programs, images etc. It helps to locate information on World Wide Web.
User can search for any information by passing query in form of keywords or phrase. It then searches
for relevant information in its database and return to the user.

Search Engine

Search Engine Components

Generally there are three basic components of a search engine as listed below:
1. Web Crawler
2. Database
3. Search Interfaces
Web crawler
It is also known as spider or bots. It is a software component that traverses the web to gather
information.
Database
All the information on the web is stored in database. It consists of huge web resources.

81
“DNS”<https://www.javatpoint.com/computer-network-dns> accessed on 17 July 2022
Page 157 of 240
Search Interfaces
This component is an interface between user and the database. It helps the user to search through the
database.
Search Engine Working
Web crawler, database and the search interface are the major component of a search engine that
actually makes search engine to work. Search engines make use of Boolean expression AND, OR,
NOT to restrict and widen the results of a search. Following are the steps that are performed by the
search engine:
• The search engine looks for the keyword in the index for predefined database instead of going
directly to the web to search for the keyword.
• It then uses software to search for the information in the database. This software component
is known as web crawler.
• Once web crawler finds the pages, the search engine then shows the relevant web pages as a
result. These retrieved web pages generally include title of page, size of text portion, first
several sentences etc.
• User can click on any of the search results to open it.

These search criteria may vary from one search engine to the other. The retrieved information is
ranked according to various factors such as frequency of keywords, relevancy of information, links
etc.
Architecture
The search engine architecture comprises of the three basic layers listed below:
• Content collection and refinement.
• Search core
• User and application interfaces

Page 158 of 240

 Search Engine Processing82

Indexing Process
Indexing process comprises of the following three tasks:
• Text acquisition
• Text transformation
• Index creation
Text acquisition
It identifies and stores documents for indexing.
Text Transformation
It transforms document into index terms or features.
Index Creation
It takes index terms created by text transformations and create data structures to suport
fast searching.
Query Process
Query process comprises of the following three tasks:
• User interaction

82
<https://www.tutorialspoint.com/internet_technologies/search_engines.htm> accessed 21 July 2022
Page 159 of 240
 • Ranking
• Evaluation
User interaction
It supports creation and refinement of user query and displays the results.
Ranking
It uses query and indexes to create ranked list of documents.
Evaluation
It monitors and measures the effectiveness and efficiency. It is done offline.
Examples
Google, Alta Vista, ASK etc.83
4.17 Electronic Mails
Electronic mail, commonly shortened to “email,” is a communication method that uses electronic
devices to deliver messages across computer networks. "Email" refers to both the delivery system
and individual messages that are sent and received.
Email has existed in some form since the 1970s, when programmer Ray Tomlinson created a way to
transmit messages between computer systems on the Advanced Research Projects Agency Network
(ARPANET). Modern forms of email became available for widespread public use with the
development of email client software (e.g. Outlook) and web browsers, the latter of which enables
users to send and receive messages over the Internet using web-based email clients (e.g. Gmail).
Today, email is one of the most popular methods of digital communication. Its prevalence and
security vulnerabilities also make it an appealing vehicle for cyber-attacks like phishing, domain
spoofing, and business email compromise (BEC).

How does email work?

Email messages are sent from software programs and web browsers, collectively referred to as email
‘clients. ’Individual messages are routed through multiple servers before they reach the recipient’s
email server, similar to the way a traditional letter might travel through several post offices before it
reaches its recipient’s mailbox.
Once an email message has been sent, it follows several steps to its final destination:
• The sender’s mail server, also called a Mail Transfer Agent (MTA), initiates a Simple Mail
Transfer Protocol (SMTP) connection.

83
<https://www.tutorialspoint.com/internet_technologies/search_engines.htm> accessed 17 July 2022
Page 160 of 240
• The SMTP checks the email envelope data — the text that tells the server where to send a message
— for the recipient’s email address, then uses the Domain Name System (DNS) to translate the
domain name into an IP address.
• The SMTP looks for a mail exchange (MX) server associated with the recipient’s domain name. If
one exists, the email is forwarded to the recipient’s mail server.
• The email is stored on the recipient’s mail server and may be accessed via the Post Office Protocol
(POP)* or Internet Message Access Protocol (IMAP). These two protocols function slightly
differently: POP downloads the email to the recipient’s device and deletes it from the mail server,
while IMAP stores the email within the email client, allowing the recipient to access it from any
connected device.
• To continue the postal system analogy, imagine Alice writes a thank-you note to Bob. She hands
the letter to the mail carrier (MTA), who brings it to the post office to be sorted. At the post office,
a processing clerk (SMTP) verifies the address written on the envelope. If the address appears to
be written correctly and corresponds to a location that can receive mail (MX server), another mail
carrier delivers the letter to Bob’s mailbox. After picking up the mail, Bob might keep the note in
his desk drawer, where he can only access it at that location (POP) or put it in his pocket to read at
any location (IMAP).
*The current version of the POP protocol is named POP3.

What are the parts of an email?

An individual email is made up of three primary components: the SMTP envelope, the header, and
the body.
SMTP envelope
The SMTP “envelope” is the data communicated between servers during the email delivery process.
It consists of the sender’s email address and the recipient’s email address. This envelope data tells
the mail server where to send the message, just as a mail carrier references the address on an
envelope in order to deliver a letter to the correct location. During the email delivery process, this
envelope is discarded and replaced every time the email is transferred to a different server.
Header
Like the SMTP envelope, the email header provides critical information about the sender and
recipient. Most of the time, the header matches the information provided in the SMTP envelope,
but this may not always be the case. For instance, a scammer may disguise the source of a message
by using a legitimate email address in the header of an email. Because the recipient only sees the
header and body of an email — not the envelope data — they may not know the message is

Page 161 of 240

 malicious.
The header may also contain a number of optional fields that allow the recipient to reply to, forward,
categorize, archive, or delete the email. Other header fields include the following:

• The ‘Date’ field contains the date the email is sent. This is a mandatory header field.
• The ‘From’ field contains the email address of the sender. If the email address is associated with
a display name, that may be shown in this field as well. This is also a mandatory header field.

• The ‘To’ field contains the email address of the recipient. If the email address is associated with
a display name, that may be shown in this field as well.

• The ‘Subject’ field contains any contextual information about the message the sender wants to
include. It is displayed as a separate line above the body of an email.

• The ‘Cc ’(carbon copy) field allows the sender to send a copy of the email to additional
recipients. The recipients marked in the ‘To ’field can see the email address(es) listed in the ‘Cc ’
field.

• The ‘Bcc ’(blind carbon copy) field allows the sender to send a copy of the email to additional
recipients. The recipients marked in the ‘To ’field cannot see the email address(es) listed in the
‘Bcc ’field.
Body
The body of an email contains any information the sender wishes to send: text, images, links, videos,
and/or other file attachments, provided that they do not exceed the email client’s size restrictions.
Alternatively, an email can be sent without any information in the body field.
Depending on the options provided by the email client, the body of an email can be formatted in plain
text or HTML. Plain text emails do not contain any special formatting (like non-black font colors) or
multimedia (like images). They are compatible with all devices and email clients. HTML emails do
allow formatting and multimedia within the body field, though some HTML elements may get flagged
as spam by email filtering systems or may not display properly on incompatible devices or clients.
What is an email client?
An email client is a software program or web application* that enables users to send, receive, and
store emails. Popular email clients include Outlook, Gmail, and Apple Mail.
Software- and web-based email clients each have advantages and disadvantages. Desktop email
clients often come with more robust security capabilities, streamline email management across
multiple accounts, provide offline access, and allow users to back up emails to their computers. By
contrast, web-based clients are usually cheaper and easier to access — since users can log in to their

Page 162 of 240

account from any web browser — but are reliant on an Internet connection and can be more
susceptible to cyberattacks.

*Originally, ‘email ’referred to desktop email clients and ‘webmail ’referred to web-based email
clients. Today, the term ‘email ’encompasses both systems.

What is an email address?

An email address is a unique string of characters that identifies an email account, or ‘mailbox, ’where
messages can be sent and received. Email addresses are formatted in three distinct parts: a local-part,
an “@” symbol, and a domain.
For example, in the email address [email protected],
“employee” denotes the local-part and “example.com” denotes the domain.
Imagine addressing a letter: the domain signifies the city where the recipient lives, while the local-
part specifies the street and house number at which the letter can be received.
Local-part
The local-part tells the server the final location of an email message. It may include a combination of
letters, numbers, and certain punctuation marks (like underscores). The maximum number of
characters for an email address (including both the local-part and domain) is 320, though the
recommended length is capped at 254 characters.

Domain
The domain may be a domain name, like example.com, or an IP address, like 192.0.2.0. In the former
case, the SMTP protocol uses DNS to translate a domain name into its IP address before delivering
the message to the next server.
Like the local-part, the domain also has to adhere to certain formatting requirements established by
the Internet Engineering Task Force (IETF). Approved domain names may include a combination of
uppercase and lowercase letters, numbers, and hyphens. An email address can also be formatted with
an IP address in brackets instead of a domain name, although this is rare. The character limit for a
domain name is 63.

Is email secure?
Although email is often used to exchange confidential information, it is not a secure system by design.
This makes it an attractive target for attackers, who may intercept an unencrypted message, spread
malware, or impersonate legitimate organizations. Other email security threats include social
engineering, domain spoofing, ransomware, spam, and more.
Page 163 of 240
One of email’s most significant vulnerabilities is its lack of built-in encryption, leaving the contents
of an email visible to any unauthorized party that might intercept or otherwise gain access to the
message.
In an attempt to make email more secure, many email clients offer one of two basic encryption
capabilities: Transport Layer Security encryption (or ‘TLS encryption’) and end-to-end encryption (or
'E2EE'). During TLS encryption, messages are encrypted during transit (from user to server or server
to user), and the email service provider retains possession of the private key used to set up this
encryption. The email service provider can therefore see the unencrypted contents of the email.
During end-to-end encryption (from user to user), messages can only be decrypted by the sender and
recipient of the email.
4.18 Web 2.0

Web 2.0, or participative/participatory and social web, “refers to websites that emphasize user-
generated content, ease of use, participatory culture, and interoperability for end users.” Web 2.0 is a
relatively new term, having only come into popular use about twenty years ago, in 1999. It was first
coined by Darcy DiNucci and then became popularized by Tim O’Reilly and Dale Doughtery at a
conference in 2004. It is important to note that Web 2.0 frameworks only deal with the design and
use of websites, without placing technical demands on designers.
This article will not get into the history of Web 2.0, but instead discuss how Web 2.0 works and the
roles/potential roles it can play in your business.

Web 2.084

84
Community, S. D. (2019, February 25). Web 2.0: An Introduction. Medium. <
https://medium.com/@SoftwareDevelopmentCommunity/web-2-0-an-introduction-8230eb8fa6ce> accessed 22 July
2022
Page 164 of 240
Characteristics Of Web 2.0
One of the main characteristics of a Web 2.0 site is that users are encouraged and invited to contribute
content, instead of simply reading what’s already there. An example of a Web 2.0 site is Medium, a
blogging platform where users contribute articles that they have written, as well as interact with
content that other users have shared. Social networking sites, such as Facebook and Instagram, are
also great examples of Web 2.0.
However, this open contribution forum can lead to internet trolls who leave spam comments or leave
nasty comments on the work contributed by others. When people say “don’t read the comments,” it’s
often best to heed that advice. The comment sections, particularly on news forums like The New York
Times or The Washington Post, can get especially nasty and the trolls are often out in full force. These
trolls prevent important discussion from happening because people who have something to contribute
to the conversation are often afraid to post for fear of being trolled or spammed.
Other key features of Web 2.0 include:
Folksonomy: a way to classify information, such as through tagging photos, websites, or links;
tagging enables users to find information in an organized fashion
Rich user experience: dynamic, interactive content (for example, a user can click on an image of a
plant to get more information about that plant i.e. growth conditions, nutrient requirements, and more)
User participation: helps with the flow of information between the user and the owner of a certain
website (for example, Wikipedia allows users to create new pages and edit existing pages to keep
information up to date)
Software as a Service (Saas): Sites classified as Web 2.0 use APIs for automated usage
Mass participation: we have nearly universal web access that leads to differentiation of concerns,
from a traditional internet user to a wider variety of users
Concepts Of Web 2.0
Web 2.0 might sound complex and overwhelming, but it is easily broken down into three
technologies: Rich internet application, web-oriented architecture, and social web. Because of these
technologies, Web 2.0 combines client and server-side software to “provide users with information
storage, creation, and dissemination capabilities. None of these things were available in Web 1.0.
First, rich internet application is defined as the user experience from desktop (or laptop) to browser,
from both a graphics standpoint and an interactivity point of view.
Second, web-oriented architecture relates to the functionality of Web 2.0 applications to leverage a
much richer set of applications. An example of web-oriented architecture is RSS feeds, which is a
method of aggregating information, such as a blog or podcast feed.
Third, social web works to make the end user feel like they are a part of the community. This sense
of community can be accomplished via social networking sites like Facebook and Instagram, where
Page 165 of 240
users interact with each other, or via the comment sections on news sites, where users can respond to
articles that have been posted, creating discussion among all users of the site.
Web 2.0 has a few other features and techniques, known as SLATES, a term that was coined by
Andrew McAfee. SLATES stands for Search, Links to other websites, Authoring, Tags, Extensions,
and Signals. Search refers to finding content via keyword search, while Links to other websites refers
to connecting information sources together via the Web model. Authoring refers to the collaborative
nature of people bringing their work together, as well as comment systems that allow people to share
their viewpoints. Tags refers to the categorization of information, via one or two word phrases, that
aids in searching for specific keywords to find information. Extensions are used to make the Web an
application platform and document server all in one. Examples of extensions include Adobe Reader,
QuickTime, and Windows Media. Finally, Signals refers to the use of extension technology, such as
an RSS feed.
Web As Platform
Using the web as a platform goes back to rich user experiences, which we talked about briefly earlier
in this article. The best example of using the web as a platform is Google, for myriad reasons. The
first reason is that Google can be accessed on multiple devices, whether you use a PC or a Mac. You
can also access Google via a mobile device, such as a cell phone or tablet. Not only that, Google is a
free and readily available service; all you need is a strong wifi connection to access it. Google is also
a seamless product — its search engine and database work in conjunction with one another; this
essentially means you can’t have one with the other.
The web uses applications, sometimes called applets, to make the experience of using the internet
that much more enjoyable. Take Twitter, for example. On the surface, the concept is simple: you use
the interface to send a message via a tweet to your followers, but an Application Programming
Interface (API) allows you to go even deeper and use apps that have been created by third party
developers, such as Twitterific, which allows users to tweet directly from their desktops rather than
using the internet site.
Web 2.0 And Collective Intelligence
When a new website is added to the internet, it is “bound into the structure of the web by other users
discovering the content and linking to it.” Because of this linking and use of content, the web grows
organically and becomes stronger with each website that is added.
Another strong example of collective intelligence is Amazon. Amazon sells much more than just
books and they often sell products that can be found on other websites. Since the products are the
same, the content about those products (i.e. product descriptions, product images, and more) is the
same as what other vendors receive. What makes Amazon stand out from the crowd is that they’ve
nailed the science of engagement. On Amazon, user activity creates better search results. When you
Page 166 of 240
visit Amazon at any given point during the day, you’ll see the most popular products on the home
page; those decisions are made based on real-time sales and interactions from other users. This
particular mechanism is called “flow” by Amazon insiders.85

85
<https://medium.com/@SoftwareDevelopmentCommunity/web-2-0-an-introduction-8230eb8fa6ce> accessed 17 July
2022
Page 167 of 240
 Unit V
Cyber Security KEY Terminologies

5.1 Pillars of Computer Security

The Internet has transformed our lives in many good ways. Unfortunately, this vast network and its
associated technologies also have brought in their wake, the increasing number of security threats.
The most effective way to protect yourself from these threats and attacks is to be aware of standard
cybersecurity practices.
5.1.1 Computer Security
Computer security basically is the protection of computer systems and information from harm, theft,
and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer
system.
There are various types of computer security which is widely used to protect the valuable information
of an organization. Computer security can be defined as controls that are put in place to provide
confidentiality, integrity, and availability for all components of computer systems. Let’s elaborate the
definition.
5.2 CIA Triad
Information security is a group of practices designed to maintain personal data secure from
unauthorized access and alteration during saving or broadcasting from one area to another. There are
three pillars of information security such as confidentiality, integrity and availability that are essential
to guaranteeing the effective safety of data are as follows –
a. Confidentiality − The first pillar is confidentiality, is associated with guaranteeing that
information of a specific classification is not disseminated to persons external the group for
which it is defined. It makes clear that only those individuals who have access permissions
will be able to examine specific information. The group for which the information is defined
could be a specific organization, department or a definite individual.
Confidentiality defines that sensitive information should be prohibited from being disclosed
to illegal parties. There are generally two methods, or an amalgamation of these during
confidentiality can be provided. One approach is to limit access to the information that should
be kept undisclosed. The other approach is to encrypt the secret data.
b. Integrity − The second pillar is called the integrity of the information. This is associated to
the eminence and dependability of information such as management can be secured that the
information on which decisions are relied has not been tailored maliciously or else when the
data is moved, captured and accumulated.
Page 168 of 240
 One approach of offering integrity is to connect a specific indicator or message digest at the
end of the message that is going to be sent. If this digest remains unharmed during transit then
the integrity has been conserved. Integrity defines that an asset or information can only be
tailored by authorized parties or only in authorized manners.
c. Availability − The third pillar is called the availability of the information. When systems or
data are unavailable, opportunities can be disappeared, deadlines missed or commitments
neglected. Work progress can be weakened if the data is not accessible when it is needed.
Even if the information is accurately what is needed to fulfill business requirements, if it is
not accessible when required to accomplish a service, it turns out to be useless.
Example of CIA Triad
Consider an ATM that allows users to access bank balances and other information. An ATM
incorporates measures to cover the principles of the triad:
• The two-factor authentication (debit card with the PIN code provides confidentiality before
authorizing access to sensitive data.
• The ATM and bank software ensure data integrity by maintaining all transfer and withdrawal
records made via the ATM in the user’s bank accounting.
• The ATM provides availability as it is for public use and is accessible at all times.86
Confidentiality, integrity and availability are usually accepted as the three vital pillars of
information security. Without adequate safety in place to avert illegal events, an organization’s most
essential asset, especially its information, is at risk. Therefore, it is important that this asset be hidden
and secured by means of these three pillars. There are more support structures of information security
that can be used in sequence with the three main pillars to balance them, such as identification and
authentication, access control and non-denial.
CIA triad addresses security controls broadly:
Confidentiality: Security controls protect sensitive information and secrets from being accessed.
An example in data protection would be the non-trivial task of preventing certain employees from
accessing certain types of sensitive information in databases. We wrote about these challenges here
and here.
Integrity: Security controls ensure that data is consistent, trustworthy and accurate. This allows them
to prevent attempts to interfere with the integrity of data, such as Man In the Middle (MITM ) attacks
that tamper with data in transit by placing encryption security controls over network communications.
Version controls are an excellent example of a security control that helps ensure accountability for
all changes to data.

86
“CIA Triad”<https://intellipaat.com/blog/the-cia-triad/#2> accessed 20 July 2022
Page 169 of 240
Availability: Security controls ensure that assets or data are available to those who need it. Therefore,
effective security controls should prevent attacks that attempt to obstruct access, such as Denial of
Service attacks (DoS).
Combining Security Controls
In many cases, it is best to deploy security controls in a layered approach as they are insufficient when
deployed individually. Consider the effectiveness of a fence built around a perimeter as a preventative
measure against unauthorized access. Although effective against many types of penetration, it cannot
prevent an adversary from digging under it or destroying it to access the asset you mean to protect. A
combination of several controls, set up according to strategic specifications, is required to actually
secure the perimeter. This may require adding a CCTV to detect risks and deploying a security team
to counteract breaches.
Information security works along similar lines. In most cases, placing a single security control cannot
address all of the risks enterprises face, especially when the protected assets in question are also
dynamic in nature (given that data is usually subject to constant change). This means that
organizations must (1) prevent unauthorized access to data, (2) monitor authorized access against
anomalies (i.e: fraud) and (3) counteract breaches (meaning install processes for incident response).
Common Security Controls in Cybersecurity
The cybersecurity industry is full of different kinds of cybersecurity controls and is producing new
ones regularly. The most common found among enterprises are the following:
• Firewalls: Whether a network or application layer, these security controls inspect traffic to
or from assets and block attacks or suspicious activity.
• Endpoint security: This involves software deployed on endpoints (laptops, workstations,
servers and mobile devices), to either prevent attacks or detect suspicious activities.
• Data Protection security controls: These security controls prevent attacks against databases
(Such as a DB Firewall), audit database activities (usually for compliance), enable data
access controls and detect suspicious behavior.
5.3 Encryption
Encryption is the method by which information is converted into secret code that hides the
information's true meaning. The science of encrypting and decrypting information is called
cryptography.
In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
The formulas used to encode and decode messages are called encryption algorithms, or ciphers.
To be effective, a cipher includes a variable as part of the algorithm. The variable, which is called a
key, is what makes a cipher's output unique. When an encrypted message is intercepted by an
unauthorized entity, the intruder has to guess which cipher the sender used to encrypt the message,
Page 170 of 240
as well as what keys were used as variables. The time and difficulty of guessing this information is
what makes encryption such a valuable security tool.
Encryption has been a longstanding way for sensitive information to be protected. Historically, it
was used by militaries and governments. In modern times, encryption is used to protect data stored
on computers and storage devices, as well as data in transit over networks.
Encryption is commonly used to protect data in transit and data at rest. Every time someone uses an
ATM or buys something online with a smartphone, encryption is used to protect the information being
relayed. Businesses are increasingly relying on encryption to protect applications and sensitive
information from reputational damage when there is a data breach.
There are three major components to any encryption system: the data, the encryption engine and the
key management. In laptop encryption, all three components are running or stored in the same place:
on the laptop.
In application architectures, however, the three components usually run or are stored in separate
places to reduce the chance that compromise of any single component could result in compromise of
the entire system.

How does encryption work?

At the beginning of the encryption process, the sender must decide what cipher will best disguise the
meaning of the message and what variable to use as a key to make the encoded message unique. The
most widely used types of ciphers fall into two categories: symmetric and asymmetric.
Symmetric ciphers, also referred to as secret key encryption, use a single key. The key is sometimes
referred to as a shared secret because the sender or computing system doing the encryption must
share the secret key with all entities authorized to decrypt the message. Symmetric key encryption is
usually much faster than asymmetric encryption. The most widely used symmetric key cipher is the
Advanced Encryption Standard (AES), which was designed to protect government-classified
information.
Asymmetric ciphers, also known as public key encryption, use two different -- but logically linked --
keys. This type of cryptography often uses prime numbers to create keys since it is computationally
difficult to factor large prime numbers and reverse-engineer the encryption. The Rivest-Shamir-
Adleman (RSA) encryption algorithm is currently the most widely used public key algorithm. With
RSA, the public or the private key can be used to encrypt a message; whichever key is not used for
encryption becomes the decryption key.
Today, many cryptographic processes use a symmetric algorithm to encrypt data and an asymmetric
algorithm to securely exchange the secret key.

Page 171 of 240

 Encryption87

What are the benefits of encryption?

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer
systems or transmitted over the internet or any other computer network.
In addition to security, the adoption of encryption is often driven by the need to meet compliance
regulations. A number of organizations and standards bodies either recommend or require sensitive
data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the
data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants
to encrypt customers' payment card data when it is both stored at rest and transmitted across public
networks.
What are the disadvantages of encryption?
While encryption is designed to keep unauthorized entities from being able to understand the data
they have acquired, in some situations, encryption can keep the data's owner from being able to access
the data as well.
Key management is one of the biggest challenges of building an enterprise encryption strategy
because the keys to decrypt the cipher text have to be living somewhere in the environment, and
attackers often have a pretty good idea of where to look.
There are plenty of best practices for encryption key management. It's just that key management adds
extra layers of complexity to the backup and restoration process. If a major disaster should strike, the
process of retrieving the keys and adding them to a new backup server could increase the time that it
takes to get started with the recovery operation.

87
Encryption<https://www.techtarget.com/searchsecurity/definition/encryption> accessed 23 July 2022
Page 172 of 240
Having a key management system in place isn't enough. Administrators must come up with a
comprehensive plan for protecting the key management system. Typically, this means backing it up
separately from everything else and storing those backups in a way that makes it easy to retrieve the
keys in the event of a large-scale disaster.

5.4 Hashing
Hashing is the procedure of translating a given key into a code. A hash function can be used to
substitute the data with a newly generated hash code. Hash algorithms are generally used to offer a
digital fingerprint of a file’s contents often used to provide that the file has not been changed by an
intruder or virus. Hash functions are also employed by some operating systems to encrypt passwords.
Hash functions support a measure of the integrity of a file.
Hashing creates use of algorithms that convert blocks of information from a file in a much shorter
value or key of a constant length that define those strings. The resulting hash value is a sort of
concentrated summary of each string inside a given file, and must be able to change even when an
individual byte of data in that file is transformed (avalanche effect).
This supports massive advantage in hashing in terms of data compression. While hashing is not
compression, it can work very much like file compression in that it takes a higher data set and shrinks
it into a more feasible form.
A good hash function for security goals should be a unidirectional process that need a one-way
hashing algorithm. Therefore, hackers can simply reverse engineer the hash to transform it back to
the original data, defeating the goals of the encryption in the first place.
It can increase the uniqueness of encrypted outputs, random information can be added to the input of
a hash function. This technique is called a “salting” and guarantees unique output even in the method
of identical inputs.
A cryptographic hash function should behave as much as applicable like a random function while still
being deterministic and efficiently computable. A cryptographic hash function is treated insecure if
either of the following is computationally feasible −
• It can be finding a (previously unseen) message that matches a given digest.
• It can be finding “collisions”, wherein two different messages have the same message digest.
An attacker who can do either of these things might, for instance, it can use them to substitute an
unauthorized message for an authorized one. Conceptually, it must not even be feasible to discover
two messages whose digests are substantially same; nor would one want an attacker to be able to
understand anything beneficial about a message given only its digest. The attacker learns minimum
one piece of information, the digest itself, which for instance provides the attacker the ability to
identify the same message should it appear again.

Page 173 of 240

Key traits of Hashing
• Each hash value or output must be unique.
• Hashing speed is also a factor. A hash function should be reasonably quick to produce a hash
value.
• A hash function needs to be secure. Even a slight change to the input file should produce a
vastly different hash value.
• It is immutable in the sense that the same input must produce the exact same hash.
• It is irreversible, i.e., it’s not possible to arrive at the original input file from its hash value.
Some Common Hashing Algorithms
The following are some of the most common hashing algorithms in use today:
• MD4 and MD5 — MD4 was created in 1990 by Ronal Rivest. However, using this algorithm
gives rise to a series of security concerns. MD5 was created as its successor; while its security
is slightly improved, MD5 is also known to suffer from vulnerabilities. Salts are added
typically to protect password hashes (as a preventive measure against brute force attacks).
While using weak hashing functions such as MD5, salting is a must and so is ensuring the salt
remains uncompromised.
• SHA (Security Hashing Algorithm) — There are three different SHA algorithms: SHA-0,
SHA-1, and SHA-2. With SHA-1 being deprecated, SHA-2 is used in most SSL/TLS cipher
suites. SHA-256 or above is the recommendation for security critical applications.
• Tiger — This is a faster and improved 192-bit hashing function that was developed by Ross
Anderson and Eli Biham in 1996. Tiger doesn’t suffer from the known vulnerabilities of MD5
and SHA-0/SHA-1. In the Tiger2 variant, the message is padded with a hexadecimal value of
0x80 instead of 0x01 as in Tiger. The two variants are otherwise identical.

Page 174 of 240

Hashing vs Encryption
The table below lists the differences between hashing and encryption88:

Encryption Hashing

Encryption is a two-way function

Hashing is a one-way function where a unique
where information is scrambled using
message digest is generated from an input file or a
an encryption key and unscrambled
string of text. No keys are used.
later using a decryption key.

The message is encoded in a way that Hashing is the process of using hash functions on
only authorized parties can access it. data to map it to a fixed size output. It’s similar to
It’s used to prevent unauthorized a checksum and is used for verifying file integrity.
users from reading data Hashing is useful where you want to compare an
from a file by rendering it into an entered value with a stored value without needing
unreadable form. to read the original content of the file.

The resultant encrypted string is of a

The resultant hashed string is of a fixed length.
variable length.

Output can’t be reverted to the original message.

The original message can always be
The best hashing algorithms are designed in a way
retrieved by using the appropriate
that makes it virtually impossible to retrieve the
decryption key.
original string from the hash value.

There are two primary types of

encryption: Symmetric key
encryption (or private key
Examples of hashing algorithms: SHA-1, SHA-2,
encryption) and Asymmetric key
MD5, Tiger, etc.
encryption (or public key encryption)
Examples of encryption algorithms:
RSA, AES, DES, etc.

Purpose of encryption is to transmit

The objective of using hashing is to verify data
data securely (i.e., protect data
(i.e., protect data integrity)
confidentiality)

88
Lumena Mukherjee,”Hashing”<https://sectigostore.com/blog/hashing-vs-encryption-the-big-players-of-the-cyber-
security-world/> accessed 17 July 2022
Page 175 of 240
5.5 Non-Repudiation
The certainty that someone cannot dispute the legitimacy of anything is known as non-repudiation.
Non-repudiation is a regulatory notion commonly used in cybersecurity and refers to the service that
confirms the origin and integrity of data. It assures that no party can deny sending or receiving a
communication using encryption and digital signatures. It cannot also contest the legitimacy of its
digital signature on a document. Non-repudiation provides evidence of data's origin, authenticity, and
integrity. It verifies the sender that the information is sent and the recipient's identity to the receiver.
Neither side can dispute that communication happened or was processed in this manner.
How Does Non-Repudiation Help in Cyber Security?
Non-repudiation uses cryptography, similar to digital signatures, and comprises authentication,
auditing, and logging services. Non-repudiation can be accomplished in a variety of methods, such
as the digital signing of log data as a checksum during collection or using secured storage media.
In Data Audit Logs
Typically, a digital signature supplied in a hash algorithm is computed against the log file at the time
of collection. The output of this computation is a checksum that is used to verify that the files have
not been manipulated. If the file is updated in any manner, the hash generates a different value, and
the log file fails the integrity check. If the checksum is correct, the log is confirmed to be in its original
state.
In Online Transactions
In online transactions, Digital signatures guarantee that a party cannot subsequently dispute delivering
information or question the legitimacy of its signature in online transactions. A digital signature is
formed by pairing an encrypted key and a public key. Only the holder of the encrypted key has access
to this key and can generate this signature, confirming that that holder electronically signed a
document, which assures that a person cannot subsequently dispute supplying the signature, hence
ensuring non-repudiation.
In Cryptography
Message authentication code (MAC), also called a tag in cryptography, is used for authentication of
messages or to certify that the message originated from the specified sender and was not altered along
the route. MAC values, unlike digital signatures, are created and confirmed using the same private
key, on which the sender and receiver must agree before commencing interactions.
A MAC can prevent message forging by anybody who does not have access to the shared secret key,
ensuring both integrity and authenticity. Non-repudiation cannot be provided by MAC methods such
as block cipher-based MAC (CMAC) and hash-based MAC (HMAC).

Page 176 of 240

In Digital Contracts and Email
A signatory of an email on one side of communication cannot deny sending the message, and the
receiver cannot deny receiving it. Email non-repudiation entails techniques such as email monitoring.
In E-commerce
To aid in conflict resolutions of any kind, Non-repudiation is implemented. It gives confirmation that
a message was received and recognised by the receiver. E-Commerce site security is crucial for a
variety of reasons, including protecting consumers' privacy and sensitive data on a website, securing
an online business's funds, and avoiding fraud and financial scams.
In Business-to-Business Transactions
Non-repudiation is also used in B2B transactions. Non-repudiation allows your business to verify that
it received or sent a message from or to a trade partner if a trading partner repudiates the transmission
or receiving of messages or receipts. Non-repudiation entails two degrees of security, which are as
follows −
• Non-repudiation of received or sent communications - Both the transmitting and receiving
parties keep the message exchanged (the business document and any attachments) in its
original format. The transmitting message service handler (MSH) saves a message before
sending it, and the receiving MSH saves a message before processing it.
• Non-repudiation of receipts issued after a message is received - A receipt is sent by the
receiver of a message to acknowledge receipt of a message. You can exchange a signed
receipt, which adds another layer of protection. Signed receipts allow you to confirm the
legitimacy of the replying company or individual as well as the content integrity.
A Non-Repudiation-Information element is included in the receipt when signed communications are
exchanged with a trade partner. The non-repudiation element includes the message digest transmitted
to the trade partner. The sender compares the digest to the original message to verify that the message
content was not altered during transmission by an attacker89.
5.6 Identification
When a user (or other individual) claims an identity, it’s called identification. A username, process
ID, smart card, or anything else that may uniquely identify a subject or person can be used for
identification. Security systems use this method of identification to determine whether or not an
individual has permission to access an object.
Identification entails knowing who someone is even if they refuse to cooperate.

89
<https://www.tutorialspoint.com/how-does-non-repudiation-help-in-cyber-security> accessed 17 July 2022
Page 177 of 240
Surveillance systems, fingerprints, and DNA samples are some of the resources that can be used to
identify an individual. On the other hand, the digital world uses device fingerprinting or other
biometrics for the same purpose. Individuals can also be identified online by their writing style,
keystrokes, or how they play computer games.
All in all, the act of specifying someone’s identity is known as identification.
Why Is User Identification Important?
Personal identification refers to the process of associating a specific person with a specific identity.
It is considered an important process because it addresses certain concerns about an individual, such
as “Is the person who he/she claims to be?”, “Has this person been here before?”, or “Should this
individual be allowed access to our system?”
Identification is beneficial for organizations since it:
• Can be easily integrated into various systems
• Is inexpensive
• Serves as a deterrent to imposters
Types of Identification
To identify a person, an identification document such as an identity card (a.k.a. IC, ID card, citizen
card), or passport card (if issued in a small, conventional credit card size format) can be used. Some
countries also issue formal identity documents such as national identification cards, which may be
required or optional, while others may rely upon regional identification or informal documents to
confirm an identity.
Some other acceptable forms of identification include:
1. Something a Person Knows: A password, PIN, mother’s maiden name, or lock combination.
Authenticating a person using something they already know is probably the simplest option,
but one of the least secure.
2. Something a Person Has: A key, swipe card, access card, or badge are all examples of items
that a person may own. This method is commonly used to gain access to facilities like banks
and offices, but it might also be used to gain access to sensitive locations or verify system
credentials. This is also a simple option, but these items are easy to steal.
3. Something a Person Is: An individual’s biometrics are uniquely theirs, and cannot be lost or
stolen. Using biometrics to identify someone is the most accurate and secure option.

Page 178 of 240

5.7 Authentication
Authentication is the process of verifying one’s identity, and it takes place when subjects present
suitable credentials to do so. When a user enters the right password with a username, for example,
the password verifies that the user is the owner of the username. In a nutshell, authentication
establishes the validity of a claimed identity.
In a username-password secured system, the user must submit valid credentials to gain access to the
system. It not only helps keep the system safe from unknown third-party attacks, but also helps
preserve user privacy, which if breached can lead to legal issues.

Based on the number of identification or authentication elements the user gives, the authentication
procedure can classified into the following tiers:
• Single-Factor Authentication
• Two-Factor Authentication
• Multi-Factor Authentication
Why is User Authentication Important?
Authentication assists organizations in securing their networks by allowing only authenticated users
(or processes) to access protected resources, such as computer systems, networks, databases,
websites, and other network-based applications or services.
User Authentication provides several benefits:
• Theft Prevention: The basic goal of an access control system is to limit access to protect user
identities from being stolen or changed. Many websites that require personal information for
their services, particularly those that require credit card information or a person’s Social
Security number, are required by law or regulations to have an access control mechanism in
place.
• Levels of Security: Modern control systems have evolved in conjunction with technological
advancements. A person who wishes to keep information secure has more options than just a
four-digit PIN and password. Locks with biometric scanning, for example, can now be fitted
to home and office points of entry.
Methods of Authentication
Cybercriminals are constantly refining their system attacks. As a result, security teams are dealing
with a slew of ever-changing authentication issues. This is why businesses are beginning to deploy
more sophisticated plans that include authentication. Some of the most frequent authentication
methods used to protect modern systems include:

Page 179 of 240

Password Authentication: The most frequent authentication method is usernames and passwords.
A mix of letters, numbers, and special characters make for a strong password, but these can still be
hacked or stolen.
Two-Factor Authentication (2FA): 2FA requires a user to be identified in two or more different
ways. Codes generated by the user’s smartphone, Captcha tests, or other second factor beyond
username and password, provides an additional layer of security. But a stolen mobile phone or laptop
may be all that is needed to circumvent this approach.
Biometric Multi Factor Authentication (MFA): Biometric authentication relies on an individual’s
unique biological traits and is the most secure method of authenticating an individual. With biometric
MFA technologies, authorized features maintained in a database can be quickly compared to
biological traits. When installed on gates and doors, biometric authentication can be used to regulate
physical access.
Some common types of biometric authentication are:
• Voice recognition
• Face recognition
• Fingerprint
• Palm print
5.8 Authorization
Authorization is a security technique for determining a user’s privileges or eligibility to execute
specific tasks in a system. The authorization procedure specifies the role-based powers a user can
have in the system after they have been authenticated as an eligible candidate.
It’s vital to note that authorization is impossible without identification and authentication. Because if
everyone logs in with the same account, they will either be provided or denied access to resources.
If everyone uses the same account, you can’t distinguish between users. However, once you have
identified and authenticated them with specific credentials, you can provide them access to distinct
resources based on their roles or access levels.
Why is Authorization Important?
Authorization governs what a user may do and see on your premises, networks, or systems. So, how
does an authorization benefit you?
• Ensures users do not access an account that isn’t theirs
• Prevents visitors and employees from accessing secure areas
• Ensures all features are not available to free accounts
• Ensures internal accounts only have access to the information they require

Page 180 of 240

Methods of Authorization
Authorization can be done in a variety of ways, including:
Application Programming Interface (API) Keys: In order to utilize most of the APIs, you must
first sign up for an API key, which is a lengthy string, typically included in the request URL or header.
and mostly used to identify the person performing the API call (authenticating you to use the API).
The API key could potentially be linked to a specific app an individual has registered for.
Basic Auth: Basic Auth is another type of authorization, where the sender needs to enter a username
and password in the request header. Base64 is an encoding technique that turns the login and password
into a set of 64 characters to ensure secure delivery.
HMAC: HMAC stands for Hash-based message authorization code, and is a more secure form of
authentication commonly seen in financial APIs. Both the sender and the receiver have access to a
secret key that no one else has. The sender constructs a message using system attributes (for example,
the request timestamp plus account ID). The secret key is used to encrypt the message, which is then
sent through a secure hashing process.
When the API server receives the request, it uses the identical system properties and generates the
identical string using the secret key and secure hash algorithm (SHA). It accepts the request if the
string matches the signature in the request header. If the strings do not match, the request is refused.90
5.9 Principles of Cyber Security
1. Risk Management Regime
A risk management regime should be set up which mainly consists of applicable policies and practices
that must be established, streamlined and should effectively be communicated to all the employees,
contractors and suppliers to assure that everyone is aware of the approach, e.g., how decisions are
made, about risk boundaries, etc.
The risk management regime should be supported by governance structure which should be strong
enough and should constitute a board of members and senior members with expertise in a given area.
2. Secure Configuration
Establish policies that would secure the organization’s security perimeter, a secure baseline and
processes should be developed for ensuring configuration management. One must also disable or
remove unnecessary functionality from the system which always lies at the high end of security
breaching. All the software and systems should be regularly patched to fix loopholes that lead to a
security breach. Failing to any of the mentioned strategies might lead to an increased risk of
compromise of systems and information.

90
Identification, Authentication, Authorization – What’s The Difference
<https://imageware.io/identification-authentication-authorization-difference/> accessed 22 July 2022
Page 181 of 240
3. Network Security
connecting to an unsecured network, for an instance – HTTP, over the internet, poses a big risk of
getting your systems to be attacked or infected by bugs that lie at the other end. So policies and
appropriate architectural and technical responses must be established which will serve as a baseline
for networking. It will ensure the inbound and outbound networking rules that must be implemented
to secure your network perimeter. E.g., the inbound connections (outside to inside) should first face
the network firewall and should be filtered for threats and then finally should be passed to the
destination system. By implementing these policies, any organization can reduce the chances of
becoming a victim of cyber-attack. Furthermore, SIEM (security information and event management)
solution should further be implemented; SOC centers should be established to use the technologies
to effectively monitor your network.
4. Managing User Privileges
All the users should be provided with reasonable (and minimal) access privileges that would allow
them to just go fine with their work. If users are granted more access than they need, it will be misuse
and a much bigger risk to information security. Also, the granting of highly elevated privileges should
be very carefully controlled and managed.
5. User Education and Awareness
End users and organization’s people play a vital role in keeping an organization safe and secure. If
end-users are not aware of the policies, risk management regime that has been set and defined by the
organization, these policies will fail its purpose. End-users must be provided with security awareness
training and regular training should be conducted to ensure the users are aware of the organization’s
policies and threats that may lead to security breaches. On the other hand, the cybersecurity
professionals of the organization should be highly trained and should be ready to combat mode at any
point in time if any breaches happen.
6. Incident Management
A SIEM solution will always create security-related incidents to you. An organization should
establish effective incident management policies to support the business and ensure security
throughout the organization and at all the endpoints, endpoints at rest (Like desktop) as well as
endpoints in motion (Like laptops, Mobile Phones, etc.).
7. Malware Prevention
It requires the establishment of policies that directly address the business processes that are at the
forefront of getting infected by malware such as email, web, personal devices, USB. E.g., a policy
should be established which will restrict USB access to computers, similarly, other policy may restrict
outbound internet request, etc., all depending upon situations and needs. Separate expertise solutions
should be implemented to protect each forefront from malware such as email threat protection for
Page 182 of 240
emails, network analyzer like IDS, IPS and firewalls for networking and any web requests, managing
profiles to monitor organization data at the end user’s mobile, etc. The endpoints should be very
effectively protected by implementing anti-virus solutions that can detect, prevent and remediate
malware from endpoints.
8. Monitoring
A monitoring strategy and solution should be created in order with the help of which an organization
will have complete visibility of the security posture. It is also be used to create another layer of
security when security breaches are passed by our detection and prevention system but the monitoring
solution detects it and creates a security incident. E.g. you endpoint solution was able to detect the
malware but it was unable to block or delete that malware, in that case, the monitoring solution will
create a security incident. The solution will monitor all the inbound and outbound traffic and will
integrate with logs from the firewall, endpoints, NIPS, NIDS, HIPS, HIDS, and other solutions.
9. Removable Media Controls
Every organization must define its removable media policies and should restrict the use of removable
media as much as possible. If there are cases where their use is unavoidable, the policy should limit
the types of media that can be used and the types of information that can be shared.
10. Home and Mobile Networking
When users are at home or mobile, they are no longer connecting to the company’s LAN or WAN.
This poses a network risk where organizations do not have control over the internet. So risk-based
policies that support mobile and home working should be established. The company can also choose
to manage the user’s profile on mobile and have control of their data that is stored on mobile or Home
computer.91
5.10 Asset
An asset is any data, device or other component of an organisation’s systems that is valuable – often
because it contains sensitive data or can be used to access such information.
For example, an employee’s desktop computer, laptop or company phone would be considered an
asset, as would applications on those devices. Likewise, critical infrastructure, such as servers and
support systems, are assets.
An organisation’s most common assets are information assets. These are things such as databases and
physical files – i.e. the sensitive data that you store.
A related concept is the ‘information asset container’, which is where that information is kept. In the
case of databases, this would be the application that was used to create the database. For physical
files, it would be the filing cabinet where the information resides.

91
“Cyber security principles”<https://www.educba.com/cyber-security-principles/> accessed 20 July 2022
Page 183 of 240
5.11 Threat
A threat is any incident that could negatively affect an asset – for example, if it’s lost, knocked offline
or accessed by an unauthorised party.
Threats can be categorised as circumstances that compromise the confidentiality, integrity or
availability of an asset, and can either be intentional or accidental.
Intentional threats include things such as criminal hacking or a malicious insider stealing information,
whereas accidental threats generally involve employee error, a technical malfunction or an event that
causes physical damage, such as a fire or natural disaster.
5.12 Vulnerability
A vulnerability is an organisational flaw that can be exploited by a threat to destroy, damage or
compromise an asset.
You are most likely to encounter a vulnerability in your software, due to their complexity and the
frequency with which they are updated. These weaknesses, known as bugs, can be used by criminal
hackers to access to sensitive information.
Vulnerabilities don’t only refer to technological flaws, though. They can be physical weaknesses,
such as a broken lock that lets unauthorised parties into a restricted part of your premises, or poorly
written (or non-existent) processes that could lead to employees exposing information.
Other vulnerabilities include inherent human weaknesses, such as our susceptibility to phishing
emails; structural flaws in the premises, such as a leaky pipe near a power outlet; and communication
errors, such as employees ’sending information to the wrong person.92
5.13 Risk
Cybersecurity risk is the probability of exposure, loss of critical assets and sensitive information, or
reputational harm as a result of a cyber attack or breach within an organization’s network. Across
industries, cybersecurity must remain top of mind and organizations should work to implement a
cybersecurity risk management strategy to protect against constantly advancing and evolving cyber
threats.
Cybersecurity risk has become a leading priority for organizations as they embrace digital
transformation and leverage advanced technology solutions to drive business growth and optimize
efficiencies. Additionally, many organizations are increasingly reliant on third-party and fourth-
party vendors or programs. While these resources can unlock and drive business success, they also
introduce new threats and expand your digital attack surface.

92
<https://www.vigilantsoftware.co.uk/blog/risk-terminology-understanding-assets-threats-and-vulnerabilities>
accessed 17 July 2022
Page 184 of 240
One of the most common mistakes that organizations make is not having a comprehensive
understanding of the inherent risk that they take on when working with these additional resources.
When everyone involved knows what to look out for and what to do should an issue arise,
organizations can more proactively manage and mitigate risks before they become bigger problems.
5.14 Exploit
An exploit (in its noun form) is a segment of code or a program that maliciously takes advantage of
vulnerabilities or security flaws in hardware to infiltrate and initiate denial of service attack or install
malware such as spyware, ransomware,trojan horses, worms or viruses. So, the exploit is not the
malware itself but is used to deliver the malware.
5.15 Security Controls
Security controls exist to reduce or mitigate the risk(s) to those assets. They include any type of
policy, procedure, technique, method, solution, plan, action, or device designed to help accomplish
that goal. Recognizable examples include firewalls, surveillance systems, and antivirus software.
Control Objectives
Security controls are not chosen or implemented arbitrarily. They typically flow out of an
organization’s risk management process, which begins with defining the overall IT security strategy,
then goals. This is followed by defining specific control objectives statements about how the
organization plans to effectively manage risk. For example, “Our controls provide reasonable
assurance that physical and logical access to databases and data records is restricted to authorized
users” is a control objective. “Our controls provide reasonable assurance that critical systems and
infrastructure are available and fully functional as scheduled” is another example.
Security Controls
Once an organization defines control objectives, it can assess the risk to individual assets and then
choose the most appropriate security controls to put in place. One of the easiest and most
straightforward models for classifying controls is by type: physical, technical, or administrative, and
by function: preventative, detective, and corrective.
Control Types
Physical controls describe anything tangible that’s used to prevent or detect unauthorized access to
physical areas, systems, or assets. This includes things like fences, gates, guards, security badges and
access cards, biometric access controls, security lighting, CCTVs, surveillance cameras, motion
sensors, fire suppression, as well as environmental controls like HVAC and humidity controls.
Technical controls (also known as logical controls) include hardware or software mechanisms used
to protect assets. Some common examples are authentication solutions, firewalls, antivirus software,
intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, as
well as access control lists (ACLs) and encryption measures.
Page 185 of 240
Administrative controls refer to policies, procedures, or guidelines that define personnel or business
practices in accordance with the organization's security goals. These can apply to employee hiring
and termination, equipment and Internet usage, physical access to facilities, separation of duties, data
classification, and auditing. Security awareness training for employees also falls under the umbrella
of administrative controls.
Control Functions
Preventative controls describe any security measure that’s designed to stop unwanted or
unauthorized activity from occurring. Examples include physical controls such as fences, locks, and
alarm systems; technical controls such as antivirus software, firewalls, and IPSs; and administrative
controls like separation of duties, data classification, and auditing.
Detective controls describe any security measure taken or solution that’s implemented to detect and
alert to unwanted or unauthorized activity in progress or after it has occurred. Physical examples
include alarms or notifications from physical sensor (door alarms, fire alarms) that alert guards,
police, or system administrators. Honeypots and IDSs are examples of technical detective controls.
Corrective controls include any measures taken to repair damage or restore resources and
capabilities to their prior state following an unauthorized or unwanted activity. Examples of technical
corrective controls include patching a system, quarantining a virus, terminating a process, or
rebooting a system. Putting an incident response plan into action is an example of an administrative
corrective control.93

93
<https://www.f5.com/labs/articles/education/what-are-security-controls> accessed 17 July 2022
Page 186 of 240
 UNIT- VI
CYBER SECURITY ATTACKS

6.1 Malware
Malware, or “malicious software,” is an umbrella term that describes any malicious program or code
that is harmful to systems.
Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers,
computer systems, networks, tablets, and mobile devices, often by taking partial control over a
device’s operations. Like the human flu, it interferes with normal functioning.
The motives behind malware vary. Malware can be about making money off you, sabotaging your
ability to get work done, making a political statement, or just bragging rights. Although malware
cannot damage the physical hardware of systems or network equipment (with one known exception—
see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core
computer functions, and spy on your computer activity without your knowledge or permission.94
6.2 Virus
A computer virus is a type of malicious software, or malware, that spreads between computers and
causes damage to data and software.
Computer viruses aim to disrupt systems, cause major operational issues, and result in data loss and
leakage. A key thing to know about computer viruses is that they are designed to spread across
programs and systems. Computer viruses typically attach to an executable host file, which results in
their viral codes executing when a file is opened. The code then spreads from the document or
software it is attached to via networks, drives, file-sharing programs, or infected email attachments.
Common Signs of Computer Viruses
A computer virus will more than likely have an adverse effect on the device it resides on and may be
discoverable through common signs of performance loss, including:
Speed of System
A computer system running slower than usual is one of the most common signs that the device has a
virus. This includes the system itself running slowly, as well as applications and internet speed

94
<https://www.malwarebytes.com/malware> accessed 17 July 2022
Page 187 of 240
suffering. If a computer does not have powerful applications or programs installed and is running
slowly, then it may be a sign it is infected with a virus.
Pop-up Windows
Unwanted pop-up windows appearing on a computer or in a web browser are a telltale sign of a
computer virus. Unwanted pop-ups are a sign of malware, viruses, or spyware affecting a device.
Programs Self-executing
If computer programs unexpectedly close by themselves, then it is highly likely that the software has
been infected with some form of virus or malware. Another indicator of a virus is when applications
fail to load when selected from the Start menu or their desktop icon.
Accounts Being Logged Out
Some viruses are designed to affect specific applications, which will either cause them to crash or
force the user to automatically log out of the service.
Crashing of the Device
System crashes and the computer itself unexpectedly closing down are common indicators of a virus.
Computer viruses cause computers to act in a variety of strange ways, which may include opening
files by themselves, displaying unusual error messages, or clicking keys at random.
Mass Emails Being Sent from Your Email Account
Computer viruses are commonly spread via email. Hackers can use other people's email accounts to
spread malware and carry out wider cyberattacks. Therefore, if an email account has sent emails in
the outbox that a user did not send, then this could be a sign of a computer virus.
Changes to Your Homepage
Any unexpected changes to a computer—such as your system’s homepage being amended or any
browser settings being updated—are signs that a computer virus may be present on the device.
How Do Computer Viruses Attack and Spread?
In the early days of computers, viruses were spread between devices using floppy disks. Nowadays,
viruses can still be spread via hard disks and Universal Serial Bus (USB) devices, but they are more
likely to be passed between devices through the internet.
Computer viruses can be spread via email, with some even capable of hijacking email software to
spread themselves. Others may attach to legitimate software, within software packs, or infect code,
and other viruses can be downloaded from compromised application stores and infected code
repositories. A key feature of any computer virus is it requires a victim to execute its code or payload,
which means the host application should be running.
Types of Computer Viruses
There are several types of computer viruses that can infect devices. This section will cover computer
virus protections and how to get rid of computer viruses.
Page 188 of 240
Resident Virus
Viruses propagate themselves by infecting applications on a host computer. A resident virus achieves
this by infecting applications as they are opened by a user. A non-resident virus is capable of infecting
executable files when programs are not running.
Multipartite Virus
A multipartite virus uses multiple methods to infect and spread across computers. It will typically
remain in the computer’s memory to infect the hard disk, then spread through and infect more drives
by altering the content of applications. This results in performance lag and application memory
running low.
Multipartite viruses can be avoided by not opening attachments from untrusted sources and by
installing trusted antivirus software. It can also be prevented by cleaning the boot sector and the
computer’s entire disk.
Direct Action
A direct action virus accesses a computer’s main memory and infects all programs, files, and folders
located in the autoexec.bat path, before deleting itself. This virus typically alters the performance of
a system but is capable of destroying all data on the computer’s hard disk and any USB device attached
to it. Direct action viruses can be avoided through the use of antivirus scanners. They are easy to
detect, as is restoring infected files.
Browser Hijacker
A browser hijacker manually changes the settings of web browsers, such as replacing the homepage,
editing the new tab page, and changing the default search engine. Technically, it is not a virus because
it cannot infect files but can be hugely damaging to computer users, who often will not be able to
restore their homepage or search engine. It can also contain adware that causes unwanted pop-ups
and advertisements.
Browser hijackers typically attach to free software and malicious applications from unverified
websites or app stores, so only use trusted software and reliable antivirus software.
Overwrite Virus
Overwrite viruses are extremely dangerous. They can delete data and replace it with their own file
content or code. Once files get infected, they cannot be replaced, and the virus can affect Windows,
DOS, Linux, and Apple systems. The only way this virus can be removed is by deleting all of the
files it has infected, which could be devastating. The best way to protect against the overwrite virus
is to use a trusted antivirus solution and keep it updated.
Web Scripting Virus
A web scripting virus attacks web browser security, enabling a hacker to inject web-pages with
malicious code, or client-side scripting. This allows cyber criminals to attack major websites, such as
Page 189 of 240
social networking sites, email providers, and any site that enables user input or reviews. Attackers
can use the virus to send spam, commit fraudulent activity, and damage server files.
Protecting against web scripting is reliant on deploying real-time web browser protection software,
using cookie security, disabling scripts, and using malicious software removal tools.
File Infector
A file infector is one of the most common computer viruses. It overwrites files when they are opened
and can quickly spread across systems and networks. It largely affects files with .exe or .com
extensions. The best way to avoid file infector viruses is to only download official software and
deploy an antivirus solution.
Network Virus
Network viruses are extremely dangerous because they can completely cripple entire computer
networks. They are often difficult to discover, as the virus could be hidden within any computer on
an infected network. These viruses can easily replicate and spread by using the internet to transfer to
devices connected to the network. Trusted, robust antivirus solutions and advanced firewalls are
crucial to protecting against network viruses.
Boot Sector Virus
A boot sector virus targets a computer’s master boot record (MBR). The virus injects its code into a
hard disk’s partition table, then moves into the main memory when a computer restarts. The presence
of the virus is signified by boot-up problems, poor system performance, and the hard disk becoming
unable to locate. Most modern computers come with boot sector safeguards that restrict the potential
of this type of virus.
Steps to protecting against a boot sector virus include ensuring disks are write-protected and not
starting up a computer with untrusted external drives connected.95
6.3 Worm
A computer worm is a subset of the Trojan horse malware that can propagate or self-replicate from
one computer to another without human activation after breaching a system. Typically, a worm
spreads across a network through your Internet or LAN (Local Area Network) connection. Naturally,
you must be wondering what is a Trojan and how does it relate to computer worms?
To keep it brief, a Trojan uses trickery and social engineering to deceive people into running it. For
example, a Trojan may pretend to be legitimate software. A worm is a type of Trojan because it
normally relies on social engineering to attack systems.

95
What are computer virus<https://www.fortinet.com/resources/cyberglossary/computer-virus> accessed 17 July 2022
Page 190 of 240
How does a computer worm spread?
• Phishing: Fraudulent emails that look authentic can carry worms in corrupt attachments. Such
emails may also invite users to click malicious links or visit websites designed to infect users with
worms.
• Spear-Phishing: Targeted phishing attempts can carry dangerous malware like ransomware
cryptoworms.
• Networks: Worms can self-replicate across networks via shared access.
• Security holes: Some worm variants can infiltrate a system by exploiting software vulnerabilities.
• File sharing: P2P file networks can carry malware like worms.
• Social networks: Social platforms like MySpace have been affected by certain types of worms.
• Instant messengers (IMs): All types of malware, including worms, can spread through text
messages and IM platforms such as Internet Relay Chat (IRC).
• External devices: Worms can infect USB sticks and external hard drives.
What does a computer worm do?
Once a computer worm has breached your computer’s defenses it can perform several malicious
actions:
• Drop other malware like spyware or ransomware
• Consume bandwidth
• Delete files
• Overload networks
• Steal data
• Open a backdoor
• Deplete hard drive space
Computer worm vs. virus
Some people think that a computer worm and computer virus are the same things because the two
behave similarly. They may even use the terms like "worm computer virus" or "worm virus malware."
The truth is that the two are comparable but different threats.
The defining difference between a virus and a worm is that viruses rely on human action for activation
and need a host system to replicate. In other words, a virus won’t harm your system unless you run it.
For example, a virus on a flash drive connected to your computer won’t damage your system unless
you activate it. And as mentioned above, a worm doesn’t need a host system or user action to spread.

Page 191 of 240

Computer worm examples
Over the years, there have been some particularly devastating worms. Some worms have caused
billions in damage. Here is a brief list of some infamous ones:
• Morris Worm: Also known as the Internet worm, this was one of the first computer worms
to spread via the Internet and earn notoriety in the media.
• Bagle: Also known as Beagle, Mitglieder, and Lodeight, this mass-mailing worm had many
variants.
• Blaster: Also known as MSBlast, Lovesan, and Lovsan, this worm attacked computers
running Windows XP and Windows 2000.
• Conficker: Also known as Downup, Downadup, and Kido, this worm exploited flaws in
Windows to infect millions of computers in over a hundred countries.
• ILOVEYOU: The ILOVEYOU worm infected tens of millions of computers globally,
resulting in billions of dollars in damage.
• Mydoom: This became the fastest-spreading email worm in 2004, sending junk email across
computers.
• Ryuk: Although Ryuk wasn't always a worm, it's now worm-like ransomware.
• SQL Slammer: The SQL Slammer worm gained infamy for slowing down Internet traffic
with denial-of-service attacks on some Internet hosts.
• Storm Worm: This worm utilized social engineering with fake news of a disastrous storm
to drop botnets on compromised machines.
• Stuxnet: Some experts believe this sophisticated worm was developed for years to launch
a cyberattack.
Symptoms of a computer worm
Many of the symptoms of a computer worm are like that of a computer virus. For example, you may
have a computer worm if your computer slows down, freezes, crashes or throws up error messages.
You may also notice that files are missing or corrupted or that the hard drive's space is rapidly
depleting inexplicably. Additionally, you may see alerts from your firewall about a breach.
How to stop computer worms
Like other forms of malware — computer worms can be stopped with the right antivirus and anti-
malware software and safe computing practices. Do not entertain suspicious links, emails, texts,
messages, websites, P2P file networks, and drives. Also, update essential software regularly to shield
your computer from vulnerabilities like the wormable Windows flaw and the like.

Page 192 of 240

6.4 Trojan Horse
A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The
malicious code can be injected on benign applications, masqueraded in e-mail links, or sometimes
hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

The 7 Main Types of Trojan Horse

1. Remote Access Trojan (RAT): Designed to provide the attacker full control of the infected
machine. Trojan horse usually masqueraded as a utility.
2. Data Sending Trojan: Trojan horse that uses keylogger technology to capture sensitive data
like passwords, credit card and banking information, and IM messages, and sends them back
to the attacker.
3. Destructive Trojan: Trojan horse designed to destroy data stored on the victim’s computer.
4. Proxy Trojan: Trojan horse that uses the victim’s computer as a proxy server, providing the
attacker an opportunity to execute illicit acts from the infected computer, like banking fraud,
and even malicious attacks over the internet.
5. FTP Trojan: This type of Trojan horse uses the port 21 to enable the attackers to connect to
the victim’s computer using File Transfer Protocol.
6. Security software disabler Trojan: This Trojan horse is designed to disable security
software like firewall and antivirus, enabling the attacker to use many invasion techniques to
invade the victim’s computer, and even to infect more than the computer.
7. Denial-of-Service attack Trojan: Trojan horse designed to give the attacker opportunity to
realize Denial-of-Service attacks from victim’s computer.
Symptoms
Some common symptoms:
✓ Wallpaper and other background settings auto-changing
✓ Mouse pointer disappears
✓ Programs auto-loading and unloading
✓ Strange window warnings, messages and question boxes, and options being displayed
constantly
✓ e-mail client auto sending messages to all on the user’s contacts list
✓ Windows auto closing
✓ System auto rebooting
✓ Internet account information changing
✓ High internet bandwidth being used without user action
✓ Computer’s high resources consumption (computer slows down)
Page 193 of 240
 ✓ Ctrl + Alt + Del stops working

Risk Factors
High: A Trojan horse can break through all security polices in a network, because an attacker can get
access to a WorkStation with stored network credentials. With these credentials, an attacker can
compromise the whole network96.

6.5 Brute Force Attack

A brute force attack is a trial-and-error method used to decode sensitive data. The most common
applications for brute force attacks are cracking passwords and cracking encryption keys (keep
reading to learn more about encryption keys). Other common targets for brute force attacks are API
keys and SSH logins. Brute force password attacks are often carried out by scripts or bots that target
a website's login page.
What differentiates brute force attacks from other cracking methods is that brute force attacks don’t
employ an intellectual strategy; they simply try using different combinations of characters until the
correct combination is found. This is kind of like a thief trying to break into a combo safe by
attempting every possible combination of numbers until the safe opens.
Strengths and Weaknesses of brute force attacks
The biggest advantages of brute force attacks is that they are relatively simple to perform and, given
enough time and the lack of a mitigation strategy for the target, they always work. Every password-
based system and encryption key out there can be cracked using a brute force attack. In fact, the
amount of time it takes to brute force into a system is a useful metric for gauging that system’s level
of security.
On the other hand, brute force attacks are very slow, as they may have to run through every possible
combination of characters before achieving their goal. This sluggishness is compounded as the
number of characters in the target string increases (a string is just a combination of characters). For
example, a four-character password takes significantly longer to brute force than a three-character
password, and a five-character password takes significantly longer than a four-character password.
Once character count is beyond a certain point, brute forcing a properly randomized password
becomes unrealistic97.

96
Trojan Horse<https://owasp.org/www-community/attacks/Trojan_Horse> accessed 17 July 2022
97
Brute Force Attack<https://www.cloudflare.com/en-in/learning/bots/brute-force-attack/> accessed 21 July 2022
Page 194 of 240
6.6 Dictionary Attack
A dictionary attack is a method of breaking into a password-protected computer, network or other IT
resource by systematically entering every word in a dictionary as a password. A dictionary attack can
also be used in an attempt to find the key necessary to decrypt an encrypted message or document.
Dictionary attacks work because many computer users and businesses insist on using ordinary words
as passwords. These attacks are usually unsuccessful against systems using multiple-word passwords
and are also often unsuccessful against passwords made up of uppercase and lowercase letters and
numbers in random combinations.
In systems with strong password requirements, the brute-force method of attack, in which every
possible combination of characters and spaces is tested up to a certain maximum length, can
sometimes be effective. However, a brute-force attack can take a long time to produce results.
Strong, randomized passwords cannot be easily predicted, and they are highly unlikely to be included
in the predetermined password library. Because a dictionary attack's guess attempts are limited to a
preselected list, it is essentially impossible to crack nonpredictable passwords.

How do dictionary attacks work?

A dictionary attack uses a preselected library of words and phrases to guess possible passwords. It
operates under the assumption that users tend to pull from a basic list of passwords, such as
"password," "123abc" and "123456."
These lists include predictable patterns that can vary by region. For example, hackers looking to
launch a dictionary attack on a New York-based group of targets might look to test phrases like
"knicksfan2020" or "newyorkknicks1234." Attackers incorporate words related to sports teams,
monuments, cities, addresses and other regionally specific items when building their attack library
dictionaries.
These lists aren't as extensive as those of other brute-force attacks, but they can become quite large.
Processing and testing all these passwords manually is not a practical approach. Therefore, additional
technology is typically required to speed up the process. Attackers use supporting programs, such as
password dictionaries or other brute-force attack tools.
How dictionary attacks are conducted depends on whether the account, network or device the attacker
is logging into is online or offline. In an online attack, the attacker must be mindful of the number of
attempts they can use to guess the correct password. Past a certain number of tries, a site administrator,
account manager, user or intrusion detection system may detect the attack, or a password attempt
limit may come into play. If any of those scenarios happen, the system can lock the attacker out.
Dictionary attacks with a shorter prioritized list of likely passwords can be more successful.
Sophisticated hackers may also be able to disable the detection features or password attempt limits.
Page 195 of 240
For offline attacks, a hacker has few restrictions when it comes to the number of passwords they can
try. However, executing an offline attack requires access to the password storage file from the system.
Only then can a dictionary attack be launched in an offline setting.
Brute-force attack vs. dictionary attack
The main difference between a brute-force attack and a dictionary attack is the number of password
permutations that are attempted.
Brute-force attacks
A brute-force attack will typically use a systematic approach to try all possible passwords. This can
take a significant amount of time to complete.
A five-digit combination lock provides a familiar, nontech example of the difference. Using a brute-
force approach, an attacker would attempt every possible permutation available for the five-digit lock.
A five-digit lock with individual values from zero to nine has exactly 100,000 possible permutations.

Dictionary attacks
A dictionary attack will use a list of likely passwords in its attempts to break into system. These
attacks are more focused than brute-force attacks. Rather than trying to input every possible
permutation, an attacker using a dictionary approach would attempt all the permutations in its
predetermined library.
Sequential passcodes, like "12345," and static passcodes, like "00000," would be tested. If the five-
digit permutation is particularly unique, the dictionary attack likely would not guess it. Like phishing
attacks, dictionary attacks assume that a reasonable percentage of the users or accounts they target
will be vulnerable and will have an easily identifiable five-digit passcode.

6.7 Denial of Service Attack

Denial of service (DoS) is a type of cyber-attack designed to disable, shut down or disrupt a network,
website or service. Typically, a malware is used to interrupt or inhibit the normal flow of data into
and out of a system to render the target useless or inaccessible for a certain period. An example of a
DoS attack: when a website is accessed massively and repeatedly from different locations, preventing
legitimate visitors from accessing the website.
When a DoS attack is launched from different locations in a coordinated fashion, it is often referred
to as a distributed denial of service attack (DDoS).98

98
<https://www.trendmicro.com/vinfo/us/security/definition/denial-of-service-dos> accessed 17 July 2022
Page 196 of 240
6.7 Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The
types of information these criminals are seeking can vary, but when individuals are targeted the
criminals are usually trying to trick you into giving them your passwords or bank information, or
access your computer to secretly install malicious software–that will give them access to your
passwords and bank information as well as giving them control over your computer.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination
to trust than it is to discover ways to hack your software. For example, it is much easier to fool
someone into giving you their password than it is for you to try hacking their password (unless the
password is really weak).
Security is all about knowing who and what to trust. It is important to know when and when not to
take a person at their word and when the person you are communicating with is who they say they
are. The same is true of online interactions and website usage: when do you trust that the website you
are using is legitimate or is safe to provide your information?
Ask any security professional and they will tell you that the weakest link in the security chain is the
human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts
are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed
wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery
guy and you let him in without first checking to see if he is legitimate you are completely exposed to
whatever risk he represents.
Example: Email from a friend
If a criminal manages to hack or socially engineer one person’s email password they have access to
that person’s contact list–and because most people use one password everywhere, they probably have
access to that person’s social networking contacts as well.
Once the criminal has that email account under their control, they send emails to all the person’s
contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s
friend’s friends.
Taking advantage of your trust and curiosity, these messages will:
• Contain a link that you just have to check out–and because the link comes from a friend and
you’re curious, you’ll trust the link and click–and be infected with malware so the criminal
can take over your machine and collect your contacts info and deceive them just like you were
deceived
• Contain a download of pictures, music, movie, document, etc., that has malicious software
embedded. If you download–which you are likely to do since you think it is from your friend–

Page 197 of 240

 you become infected. Now, the criminal has access to your machine, email account, social
network accounts and contacts, and the attack spreads to everyone you know. And on, and on.
Email from another trusted source
Phishing attacks are a subset of social engineering strategy that imitate a trusted source and concoct
a seemingly logical scenario for handing over login credentials or other sensitive personal data.
According to Webroot data, financial institutions represent the vast majority of impersonated
companies and, according to Verizon's annual Data Breach Investigations Report, social engineering
attacks including phishing and pretexting (see below) are responsible for 93% of successful data
breaches.
Using a compelling story or pretext, these messages may:
• Urgently ask for your help. Your ’friend ’is stuck in country X, has been robbed, beaten, and
is in the hospital. They need you to send money so they can get home and they tell you how
to send the money to the criminal.
• Use phishing attempts with a legitimate-seeming background. Typically, a phisher sends
an e-mail, IM, comment, or text message that appears to come from a legitimate, popular
company, bank, school, or institution.
• Ask you to donate to their charitable fundraiser, or some other cause. Likely with
instructions on how to send the money to the criminal. Preying on kindness and generosity,
these phishers ask for aid or support for whatever disaster, political campaign, or charity is
momentarily top-of-mind.
• Present a problem that requires you to "verify" your information by clicking on the
displayed link and providing information in their form. The link location may look very
legitimate with all the right logos, and content (in fact, the criminals may have copied the
exact format and content of the legitimate site). Because everything looks legitimate, you trust
the email and the phony site and provide whatever information the crook is asking for. These
types of phishing scams often include a warning of what will happen if you fail to act soon
because criminals know that if they can get you to act before you think, you’re more likely to
fall for their phishing attempt.
• Notify you that you’re a ’winner.’ Maybe the email claims to be from a lottery, or a dead
relative, or the millionth person to click on their site, etc. In order to give you your ’winnings ’
you have to provide information about your bank routing so they know how to send it to you
or give your address and phone number so they can send the prize, and you may also be asked
to prove who you are often including your social security number. These are the ’greed
phishes ’where even if the story pretext is thin, people want what is offered and fall for it by
giving away their information, then having their bank account emptied, and identity stolen.
Page 198 of 240
 • Pose as a boss or coworker. It may ask for an update on an important, proprietary project
your company is currently working on, for payment information pertaining to a company
credit card, or some other inquiry masquerading as day-to-day business.99
6.8 Phishing
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message
by someone posing as a legitimate institution to lure individuals into providing sensitive data such as
personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial
loss.
The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation
of the website “America Online”. With this fake website, he was able to gain sensitive information
from users and access the credit card details to withdraw money from their accounts. Other than email
and website phishing, there’s also 'vishing' (voice phishing), 'smishing' (SMS Phishing) and several
other phishing techniques cybercriminals are constantly coming up with.

Common Features of Phishing Emails

1. Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are
designed to attract people’s attention immediately. For instance, many claim that you have won
an iPhone, a lottery, or some other lavish prize. Just don't click on any suspicious emails.
Remember that if it seems to good to be true, it probably is!
2. Sense of Urgency - A favorite tactic amongst cybercriminals is to ask you to act fast because the
super deals are only for a limited time. Some of them will even tell you that you have only a few
minutes to respond. When you come across these kinds of emails, it's best to just ignore them.
Sometimes, they will tell you that your account will be suspended unless you update your
personal details immediately. Most reliable organizations give ample time before they terminate
an account and they never ask patrons to update personal details over the Internet. When in doubt,
visit the source directly rather than clicking a link in an email.
3. Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual
URL where you will be directed upon clicking on it. It could be completely different or it could
be a popular website with a misspelling, for instance www.bankofarnerica.com - the 'm' is
actually an 'r' and an 'n', so look carefully.

99
<https://www.webroot.com/in/en/resources/tips-articles/what-is-social-engineering> accessed17 July 2022
Page 199 of 240
4. Attachments - If you see an attachment in an email you weren't expecting or that doesn't make
sense, don't open it! They often contain payloads like ransomware or other viruses. The only file
type that is always safe to click on is a .txt file.
5. Unusual Sender - Whether it looks like it's from someone you don't know or someone you do
know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in
general don't click on it!100

100
Phishing<https://www.phishing.org/what-is-phishing> accessed 17 July 2022
Page 200 of 240
 Unit IX
Introduction to Cyber Space and Cyber Law
9.1 Cyber Space
William Gibson first used the phrase 'cyber space,' which he later defined as "an evocative and
essentially meaningless" buzzword that could act as a code for all of his thoughts of cybernetic
(transforming a text to hide its meaning). Now it's used to explain anything related to computers, IT,
the internet and the complex culture of the internet. Also referred to as 'Cyber Space' is the cyber
environment in which all information technology Driven contact and actions take place. Cyberspace
cannot be placed spatially. It's made of intangible objects like the website, forum, social networks,
personal information, reputation and email addresses. Cyber space can be called an online global
community with quick connectivity and no territorial barriers.Cyber space is the interactive system
of computer networks where online communication takes place between the people and where people
can communicate, exchange ideas, transfer knowledge, provide social support, perform business,
create artistic media, direct actions, participate in political dialogue, etc. Cyberspace, the modern
frontier, is mankind's shared heritage, but sadly certain people exploit the common heritage and thus
cyberspace is indeed a new frontier with various forms of crime. Now it's used to explain anything
related to computers, IT, the internet and the complex culture of the internet.The people participating
in cyberspace are recognized as Netizens by the fusion of two terms 'Net' and 'citizen.' Whereas
Netizens implies any person affiliated with the use of Internet, computers, IT Webster's Dictionary
explain the Cyberspace, it is the electronic structure of computer, bulletin board, interlinked networks
that is considered to be a boundless world providing access to information, digital networking, and a
type of virtual reality in science fiction. Cyberspace means that “the notional environment in which
electronic communication occurs or virtual reality” F. Randall Farmer and Chip Morningstar defined
cyberspace, by the involving social interactions than by its implementation of technology.101

101
Harsh Gopalia*, Arvind Rathore,,”Journal of Advances and Scholarly Researches in Allied Education |
Multidisciplinary Academic Research”<http://ignited.in/I/a/305051> accessed 17 July 2022
Page 201 of 240
9.2 Difference Between Cyberspace and Physical World
CYBERSPACE PHYSICAL WORLD

Cyberspace is dynamic and undefined structure, it Physical world is static and well defined structure.
can be changed any time. It cannot be changed.
It has an execution time. It has a physical time

It has no fix shape so it can be as vast as human Physical world has fixed boundaries
imagination.
It is based on program execution. It is based on laws of physics

9.3 Characteristics of Cyber Space

The characteristic of cyberspace is defined using a model with four layers. From the top down, the
important layers are:
• The people who participate in the cyber-experience—who communicate, work with information,
make decisions and carry out plans, and who themselves transform the nature of cyberspace by
working with its component services and capabilities.
• The information that is stored, transmitted, and transformed in cyberspace.
• The logical building blocks that make up the services and support the platform
nature of cyberspace.
• The physical foundations that support the logical elements.
It is not the computer that creates the phenomenon we call cyberspace. It is the interconnection that
makes cyberspace—an interconnection that affects all the layers in our model. Today, we associate
the phenomenon with the Internet, with its particular approach to interconnection, but there could be
many alternative cyberspaces, defined (and created) by different approaches to interconnection.
The term was coined by a science fiction writer, William Gibson, and popularized in his book
Neuromancer (1984). The Victorian Internet Berkley Trade (October 15, 1999) telegraph was as
transformative in its time as the Internet is today. But the structure (and the structural implications)
of the telegraph and the Internet could not be more different.
The seven layers are discussed below:
The Physical Layer
The physical layer of cyberspace is the foundation of cyberspace the physical devices out of which it
is built. Cyberspace is a space of interconnected computing devices, so its foundations are PCs and
servers, supercomputers and grids, sensors and transducers, and the Internet and other sorts of
networks and communications channels. Communications may occur over wires or fibers, via radio
transmission, or by the physical transport of the computing and storage devices from place to place.
The physical layer is perhaps the easiest to grasp; since it is tangible, its physicality gives it a grounded
Page 202 of 240
sense of location. Physical devices such as routers or data centers exist in a place and thus sit within
a jurisdiction. Some physical components, such as residential access networks, are capital- intensive,
and the industries that produce them are as much construction companies as telecommunications
companies. These firms are the traditional targets of telecommunications regulation, since their
physical assets make them “easy to find”.
The Logical Layer
The physical foundations of cyberspace are important—cyberspace is a real artifact build out of real
elements, not a fantastical conception with no grounding. But the nature of cyberspace—its strengths
and its limitations, derive more from the decisions made at the logical level than the physical level.
The Internet, for example, provides a set of capabilities that are intentionally divorced to a great extent
from the details of the technology that underpins it. If one wants to understand why some of the
Internet vulnerabilities exist—why it allows phishing or denial of service attacks, for example, it is
correct but not very useful to point out that computers and communications are subject to the laws of
physics. It would have been possible to build a very different Internet within the constraints of the
same physics. The decisions that shape the Internet arise at the higher layer—the logical layer where
the platform nature of the Internet is defined and created. So that layer is going to be central to many
of the considerations that arise when we analyze cyberspace, as will the layers that deal with
information and with people.
The design of the Internet leads to a cyberspace that is build out of components that provide services,
and these services are designed so that they can be composed and combined to form more complex
services. Low level services include program execution environments, mechanisms for data transport,
and standards for data formats. Out of this are build applications, such as a word processor, a database
or the Web. By combining these, more complex services emerge. For example, by combining a
database with the Web, we get dynamic content generation and active Web objects. On top of the
Web, we now see service such as Facebook that are themselves platforms for further application
development. The nature of cyberspace is the continuous and rapid evolution of new capabilities and
services, based on the creation and combination of new logical constructs, all running on top of the
physical foundations. Cyberspace, at the logical level, is thus a series of platforms, on each of which
new capabilities are constructed, which in turn become a platform for the next innovation. Cyberspace
is very plastic, and it can be described as recursive; platforms upon platforms upon platforms. The
platforms may differ in detail, but they share the common feature that they are the foundation for the
next platform above them.
One could build a very different system by taking a different approach to the logic of interconnection.
Using the same sorts of physical elements, one could design a closed, essentially fixed function
system such as an air traffic control system. Earlier examples of interconnected systems tended to
Page 203 of 240
have this character—fixed function and closed; the telegraph and the early telephone system had this
character. Both these systems predate the computer, and indeed predate essentially all of what we call
electronics—not just the transistor but the vacuum tube and the relay. It is the interconnection that
makes cyberspace, but it is the programmability and generality of the computer that makes possible
the flexible logical structure I am associating with cyberspace.
The drive for increased productivity and comparative competitive advantage shapes many aspects of
cyberspace as we see it, but most particularly it drives toward a characteristic that allows for rapid
innovation, new patterns of exploitation and so on. The logical layer—the “platform/plasticity”
component of cyberspace—enhances this capability, and this fact in turn fuels the emphasis and
attention given to this layer by the market and by developers of cyberspace. But we must not restrict
our attention there, because another aspect of this drive is the expectations this rapid change implies
for the “people” layer— rapid change will bring forward and advance people who can recognize new
opportunities to exploit ICT, who value rather than fear change and new ways of doing things, and
so on.
The Information Layer
As noted above, there are many aspects to cyberspace, including the technology-mediated
interconnection of people. But clearly the creation, capture, storage and processing of information is
central to the experience. Information in cyberspace takes many forms—it is the music and videos
we share, the stored records of businesses, and all of the pages in the world wide web. It is online
books and photographs. It is information about information (meta-data). It is information created and
retrieved as we search for other information (as is returned by Google).
The character of information in cyberspace (or “on the net”) has changed greatly since computers first
started working with data sets. Data has been processed by isolated computers well before we had
capabilities for interconnection. Data lived in card decks, on tapes, and later on disks. Initially, data
was normally thought of as static, stored and retrieved as needed. Books are static products of authors,
images are static, and so on. Massive archives of static information still exist, such as corporate
transaction records that are now stored in “data warehouses” and “mined” for further information. But
more and more, information is created dynamically on demand, blurring the boundaries between
storage and computation. Web pages are now often made on demand, tailored to each user, based on
component information stored in data bases. Information is now becoming more a personal
experience, not a communal one. Issues of ownership, authenticity, and dependability are all critical
as more and more information moves online.

Page 204 of 240

The Top Layer—People
People are not just the passive users of cyberspace, they define and shape its character by the ways
they choose to use it. The people and their character, which may vary from region to region, is an
important part of the character of cyberspace. If people contribute to Wikipedia, then Wikipedia
exists. If people tweet, then Twitter exists.
Alfred Thayer Mahan, in The Influence of Sea Power Upon History, wrote:
“The history of the seaboard nations has been less determined by the shrewdness and
foresight of governments than by conditions of position, extent, configuration, number and character
of their people, by what are called, in a word, natural conditions.” As we contemplate the nature of
cyberspace, and the position of different countries with respect to their place and power in cyberspace,
this same observation will certainly apply. So, we must recognize people as an important component
of cyberspace, just as we must recognize wires and protocols.
One of the reasons why the U.S. has led in the cyber-revolution is our enthusiasm for innovation and
experiment, our willingness to risk failure to find gain, and our respect for risk-takers. This national
trait should serve us well if advantage can be gained from “out- innovating” the enemy. The military
has recognized in general the need for innovative thinking, rapid reaction, and delegation of
responsibility along the chain of command. But this mode of thinking may not be as deeply associated
in the military with cyberspace and IT, where the evolution of cyberspace may be seen as a
procurement problem.
Changes overseas may shift this balance in significant ways. For example, the $100 laptop project
(OLPC), if it could be successful in meeting a need for children in the developing world, would create,
within 10 years, millions of military-age young adults that are fully conversant with the power of
cyberspace tools. The current argument for the $100 laptop is centered in peacetime, and on social as
well as economic motivations, but it can have implications as well for state confrontation. The $100
laptop, because it reveals more of the “platform/plasticity” dimension of cyberspace than (say) current
cell- phones, may have more of an impact than if the cell-phone is the successful technology for the
developing world.
All of these layers are important. As a specific example, if one wants to understand the security of
cyberspace, one cannot focus on just one of these layers. Attacks can come at all layers, from
destruction of physical components to compromise of logical elements to corruption of information

Page 205 of 240

to corruption of the people. So, defense must similarly be based on an understanding of all these
layers.102
9.4 Integration of Physical and Virtual Space
In the beginning, computer technology was not integrated in our physical environment. With the
emergence of digital media in the 1980-90’s an explosion of development has led to a completely
different situation. Concepts from information technology, such as the Internet and computer
graphics, are closely related to television, film, and radio. In entertainment areas, like computer
games, the two worlds are completely unified. Today there are no important distinctions between
digital media and computer technology. More and more physical objects and spaces become digital,
computers are becoming ubiquitous, embedded in our everyday objects and environments and
embodied in the way we experience them in our everyday life. In human-computer interaction the
concept of embodied interaction is a way to resolve this physical-digital divide. The concepts of
‘physical space ’and ‘digital space ’have been developed further into the Four Space Model, including
also ‘interaction space ’and ‘social space. In our everyday life, in our homes and workplaces, we are
not always present only in a physical environment. We also experience virtual environments,
mediated through different devices. In certain situations, both professional and otherwise, the
relations between physical and virtual spaces become essential for the experience and understanding
of the spaces.
Using Deleuze’s terminology, the virtual is a surface effect produced by actual causal interactions at
the material (physical) level. When one uses a computer, the screen displays an image that depends
on physical interactions happening between the actor (user) and the computer (at the level of
hardware). The virtual space is nowhere in actuality of the outside world but is nonetheless real and
can be interacted with as it is present in our cognition. Simultaneously, the actor is present in a
physical space, where the screen works as a window into the virtual world. An actor who interacts
with both a physical and a virtual space simultaneously, can be said to be present in a physical-virtual
space.
In order to investigate the relations between physical and virtual space, addressing RQ1 on different
levels, I focus on the experience of space in the phenomenological sense and the structure of space in

102
David Clark,”Characterizing cyberspace: past, present and future
“<https://ecir.mit.edu/sites/default/files/documents/%5BClark%5D%20Characterizing%20Cyberspace-
%20Past%2C%20Present%20and%20Future.pdf> accessed 17 July 2022

Page 206 of 240

the architectural sense. In the holistic approach presented here, virtual space is the intersection
between image space and digital space. Virtual space is seen as separate from physical space in an
architectural (structural) sense, but the two worlds co-exist in an interdependent relation. An
actor/user/observer can experience presence in both physical and virtual space simultaneously,
through an interaction space that involves both physical and virtual space, meaning that this actor
interacts in physical-virtual space through an embodied interaction103 .
9.5 Introduction to Cyber Law
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers,
networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites,
emails and even electronic devices such as cell phones, ATM machines etc.
Law encompasses the rules of conduct:
1. that have been approved by the government, and
2. which are in force over a certain territory, and
3. which must be obeyed by all persons on that territory.
Violation of these rules could lead to government action such as imprisonment or fine or an order to
pay compensation.
Cyber law encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy
Cyber crimes are unlawful acts where the computer is used either as a tool or a target or both. The
enormous growth in electronic commerce (e-commerce) and online share trading has led to a
phenomenal spurt in incidents of cyber crime. These crimes are discussed in detail further in this
chapter. A comprehensive discussion on the Indian law relating to cyber crimes and digital evidence
is provided in the ASCL publication titled
“Cyber Crimes & Digital Evidence – Indian Perspective”.
Electronic signatures are used to authenticate electronic records. Digital signatures are one type of
electronic signature. Digital signatures satisfy three major legal requirements – signer authentication,
message authentication and message integrity. The technology and efficiency of digital signatures
makes them more trustworthy than hand written signatures. These issues are discussed in detail in the
ASCL publication titled “Ecommerce – Legal Issues”.

103
<https://research.chalmers.se/publication/516761/file/516761_Fulltext.pdf> accessed 17b July 2022
Page 207 of 240
Intellectual property is refers to creations of the human mind e.g. a story, a song, a painting, a design
etc. The facets of intellectual property that relate to cyber space are covered by cyber law.
These include:
• copyright law in relation to computer software, computer source code, websites, cell phone
content etc,
• software and source code licences
• trademark law with relation to domain names, meta tags,
• mirroring, framing, linking etc
• semiconductor law which relates to the protection of semiconductor integrated circuits design
and layouts,
• patent law in relation to computer hardware and software. These issues are discussed in detail
in the ASCL publication titled “IPR & Cyberspace - the Indian Perspective”.
Data protection and privacy laws aim to achieve a fair balance between the privacy rights of the
individual and the interests of data controllers such as banks, hospitals, email service providers etc.
These laws seek to address the challenges to privacy caused by collecting, storing and transmitting
data using new technologies.
9.6 UNCITRAL Model Law
UNCITRAL Model Law on Electronic Commerce (1996) with additional article 5 bis as
adopted in 1998
Date of adoption: 12 June 1996 (additional article 5 bis adopted in 1998)
Purpose
The Model Law on Electronic Commerce (MLEC) purports to enable and facilitate commerce
conducted using electronic means by providing national legislators with a set of internationally
acceptable rules aimed at removing legal obstacles and increasing legal predictability for electronic
commerce. In particular, it is intended to overcome obstacles arising from statutory provisions that
may not be varied contractually by providing equal treatment to paper-based and electronic
information. Such equal treatment is essential for enabling the use of paperless communication, thus
fostering efficiency in international trade.
Why is it relevant?
The MLEC was the first legislative text to adopt the fundamental principles of non-discrimination,
technological neutrality and functional equivalence that are widely regarded as the founding elements
of modern electronic commerce law. The principle of non-discrimination ensures that a document
would not be denied legal effect, validity or enforceability solely on the grounds that it is in electronic
form. The principle of technological neutrality mandates the adoption of provisions that are neutral

Page 208 of 240

with respect to technology used. In light of the rapid technological advances, neutral rules aim at
accommodating any future development without further legislative work. The functional equivalence
principle lays out criteria under which electronic communications may be considered equivalent to
paper-based communications. In particular, it sets out the specific requirements that electronic
communications need to meet in order to fulfil the same purposes and functions that certain notions
in the traditional paper-based system - for example, "writing," "original," "signed," and "record"- seek
to achieve.
Key provisions
Besides formulating the legal notions of non-discrimination, technological neutrality and functional
equivalence, the MLEC establishes rules for the formation and validity of contracts concluded by
electronic means, for the attribution of data messages, for the acknowledgement of receipt and for
determining the time and place of dispatch and receipt of data messages.
It should be noted that certain provisions of the MLEC were amended by the Electronic
Communications Convention in light of recent electronic commerce practice. Moreover, part II of the
MLEC, dealing with electronic commerce in connection with carriage of goods, has been
complemented by other legislative texts, including the United Nations Convention on Contracts for
the International Carriage of Goods Wholly or Partly by Sea (the "Rotterdam Rules") and may be the
object of additional work of UNCITRAL in the future.
9.7 Jurisprudence of Indian Cyber Law
Jurisprudence studies the concepts of law and the effect of social norms and regulations on the
development of law.
Jurisprudence refers to two different things.
1. The philosophy of law, or legal theory
2. Case Law
Legal theory does not study the characteristics of law in a particular country (e.g. India or Canada)
but studies law in general i.e. those attributes common to all legal systems.
Legal theory studies questions such as:
1. What is law and legal system?
2. What is the relationship between law and power?
3. What is the relationship between law and justice or
morality?
4. Does every society have a legal system?
5. How should we understand concepts like legal
rights and legal obligations or duties?
6. What is the proper function of law?
Page 209 of 240
7. What sort of acts should be subject to punishment,
and what sort of punishments should be
permitted?
8. What is justice?
9. What rights do we have?
10. Is there a duty to obey the law?
11. What value does the rule of law have?
Case law is the law that is established through the decisions of the courts and other officials.Case
law assumes even greater significance when the wordings of a particular law are ambiguous. The
interpretation of the Courts helps clarify the real objectives and meaning of such law
Jurisprudence of Indian Cyber Law
The primary source of cyber law in India is the Information Technology Act, 2000 (herein after IT
Act) which came into force on 17 October 2000.
The primary purpose of the Act is to provide legal recognition to electronic commerce and to facilitate
filing of electronic records with the Government.
The IT Act also penalizes various cyber crimes and provides strict punishments (imprisonment terms
upto 10 years and compensation up to Rs 1 crore).
An Executive Order dated 12 September 2002 contained instructions relating provisions of the Act
with regard to protected systems and application for the issue of a Digital Signature Certificate.
Minor errors in the Act were rectified by the Information Technology (Removal of Difficulties)
Order, 2002 which was passed on 19 September 2002.
The IT Act was amended by the Negotiable Instruments (Amendments and Miscellaneous Provisions)
Act, 2002. This introduced the concept of electronic cheques and truncated cheques.
Information Technology (Use of Electronic Records and Digital Signatures) Rules, 2004 has provided
the necessary legal framework for filing of documents with the Government as well as issue of
licenses by the Government.
It also provides for payment and receipt of fees in relation to the Government bodies.
On the same day, the Information Technology (Certifying Authorities) Rules, 2000 also came into
force.
These rules prescribe the eligibility, appointment and working of Certifying Authorities (CA). These
rules also lay down the technical standards, procedures and security methods to be used by a CA.
These rules were amended in 2003, 2004 and 2006.
Information Technology (Certifying Authority) Regulations, 2001 came into force on 9 July 2001.
They provide further technical standards and procedures to be used by a CA.

Page 210 of 240

Two important guidelines relating to CAs were issued. The first are the Guidelines for submission of
application for license to operate as a Certifying Authority under the IT Act. These guidelines were
issued on 9th July 2001.
Next were the Guidelines for submission of certificates and certification revocation lists to the
Controller of Certifying Authorities for publishing in National Repository of Digital Certificates.
These were issued on 16th December 2002.
The Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 also came into force on 17th
October 2000.
These rules prescribe the appointment and working of the Cyber Regulations Appellate Tribunal
(CRAT) whose primary role is to hear appeals against orders of the Adjudicating Officers.
The Cyber Regulations Appellate Tribunal (Salary, Allowances and other terms and conditions of
service of Presiding Officer) Rules, 2003 prescribe the salary, allowances and other terms for the
Presiding Officer of the CRAT.
Information Technology (Other powers of Civil Court vested in Cyber Appellate Tribunal) Rules
2003 provided some additional powers to the CRAT.
On 17th March 2003, the Information Technology (Qualification and Experience of Adjudicating
Officers and Manner of Holding Enquiry) Rules, 2003 were passed.
These rules prescribe the qualifications required for Adjudicating Officers. Their chief responsibility
under the IT Act is to adjudicate on cases such as unauthorized access, unauthorized copying of data,
spread of viruses, denial of service attacks, disruption of computers, computer manipulation etc.
These rules also prescribe the manner and mode of inquiry and adjudication by these officers.
The appointment of adjudicating officers to decide the fate of multi-crore cyber crime cases in India
was the result of the public interest litigation filed by students of Asian School of Cyber Laws
(ASCL).
The Government had not appointed the Adjudicating Officers or the Cyber Regulations Appellate
Tribunal for almost 2 years after the passage of the IT Act. This prompted ASCL students to file a
Public Interest Litigation (PIL) in the Bombay High Court asking for a speedy appointment of
Adjudicating officers.
The Bombay High Court, in its order dated 9th October 2002, directed the Central Government to
announce the appointment of adjudicating officers in the public media to make people aware of the
appointments. The division bench of the Mumbai High Court consisting of Hon’ble Justice A.P. Shah
and Hon’ble Justice Ranjana Desai also ordered that the Cyber Regulations Appellate Tribunal be
constituted within a reasonable time frame.

Page 211 of 240

Following this the Central Government passed an order dated 23rd March 2003 appointing the
“Secretary of Department of Information Technology of each of the States or of Union Territories”
of India as the adjudicating officers.
The Information Technology (Security Procedure) Rules, 2004 came into force on 29th October 2004.
They prescribe provisions relating to secure digital signatures and secure electronic records.
Also relevant are the Information Technology (Other Standards) Rules, 2003.
An important order relating to blocking of websites was passed on 27th February, 2003.
Computer Emergency Response Team (CERT-IND) can instruct Department of Telecommunications
(DOT) to block a website.
The Indian Penal Code (as amended by the IT Act) penalizes several cyber crimes. These include
forgery of electronic records, cyber frauds, destroying electronic evidence etc.
Digital Evidence is to be collected and proven in court as per the provisions of the Indian Evidence
Act (as amended by the IT Act).
In case of bank records, the provisions of the Bankers ’Book Evidence Act (as amended by the IT
Act) are relevant.
Investigation and adjudication of cyber crimes is done in accordance with the provisions of the Code
of Criminal Procedure and the IT Act.
The Reserve Bank of India Act was also amended by the IT Act.
Scope of Cyber Law
Cyber law is associated with all the areas of business which have a technological bend. In this article,
we will look at six areas of concern for a cyber law namely, e-commerce, online contracts, business
software patenting, e-taxation, e-governance, and cyber crimes.
Cyber Law – e-commerce
In simple words, e-commerce is the commercial transaction of services in the electronic format.
By definition, e-commerce is:
‘Any transaction conducted over the Internet or through Internet access, comprising the sale, lease,
license, offer or delivery of property, goods, services or information, whether or not for consideration,
and includes the provision of Internet access.‘
Further, in order to measure e-commerce, the US Census Bureau looks at the value of the services
and/or goods sold online. They look at transaction over open networks like the internet and also
proprietary networks running Electronic Data Interchange systems.
Cyber Law – Online Contracts
According to the Indian Contract Act, 1872, a contract needs a proposal and an acceptance of the
proposal which transforms into a promise.

Page 212 of 240

Further, a consideration supports the promise and becomes an agreement. Also, an agreement
enforceable by law is a contract. In the online environment, a series of contractual obligations form
online contracts
Legally speaking, an online contract has the same pre-requisites as a physical contract. At its most
basic level, an online contract needs an online proposal and its online acceptance by the other party.
Further, online contracts are naturally dynamic and multi-layered and the agreement might not occur
at a single point in time. Usually, there is a chain of successive events which lead to the formation of
a contract.
Cyber Law – Business Software Patenting
A patent protects a process. Copyright, on the other hand, protects an expression. Therefore, patents
confer stronger rights than copyrights. Typically, a computer program has thousands of instructions.
Also, every program is unique since it is a combination of logically arranged algorithms. The
copyright law covers programs, while the algorithms and techniques qualify for patenting.
For a very long time, programmers could not patent their software since it was believed that it is
simply a string of logical instructions.
Further, they were required to store the software in the public domain as the basic tools of scientific
and technological work.
However, subsequently, it was granted patent rights for industrial purposes. As the internet and e-
commerce industry matured, business software patents evolved too.
Cyber Law – e-taxation
As e-commerce grew, commercial transactions across country borders increased too. This led to
debates over the issue of taxation.
Many national tax administrations consider e-commerce as having the potential to create new revenue
streams while presenting challenges to the national tax systems. This is because new technologies are
creating possibilities for tax avoidance and evasion.
For accurate tax computation, the tax authorities need a system which provides information regarding
the transacting parties, the volume of transaction and the date, time, and place of the transaction.
While many experts believe that the existing regulations (domestic and international) are enough for
e-commerce transactions, there is a need for modifying and adjusting the existing laws due to the
inherently global nature of e-commerce.
Cyber Law – e-governance
According to the World Bank, e-governance is the efficient use of information and technology by
government agencies.
It helps them transform their relations with citizens, businesses, and other government agencies. Also,
e-governance involves the use of technology-enabled initiatives for improving –
Page 213 of 240
 • The interaction between the government and citizens or businesses: e-services
• The government’s internal operations: e-administration
• The external interactions: e-society
Cyber laws support e-governance practices. They promote initiatives like electronic filing of
documents with Government agencies, use of digital signatures, etc.104
9.8 Challenges related to Cyber space
1. RANSOMWARE
Ransomware attacks have become popular in the last few years and pose one of India’s most
prominent Cyber Security challenges in 2020. According to the Cyber Security firm Sophos, about
82% of Indian organizations were hit by ransomware in the last six months. Ransomware attacks
involve hacking into a user’s data and preventing them from accessing it until a ransom amount is
paid. Ransomware attacks are critical for individual users but more so for businesses who can’t access
the data for running their daily operations. However, with most ransomware attacks, the attackers
don’t release the data even after the payment is made and instead try to extort more money.
2. IoT ATTACKS
According to IoT Analytics, there will be about 11.6 billion IoT devices by 2021. IoT devices are
computing, digital, and mechanical devices that can autonomously transmit data over a network.
Examples of IoT devices include desktops, laptops, mobile phones, smart security devices, etc. As
the adoption of IoT devices is increasing at an unprecedented rate, so are the challenges of Cyber
Security. Attacking IoT devices can result in the compromise of sensitive user data. Safeguarding IoT
devices is one of the biggest challenges in Cyber Security, as gaining access to these devices can open
the doors for other malicious attacks.
3. CLOUD ATTACKS
Most of us today use cloud services for personal and professional needs. Also, hacking cloud
platforms to steal user data is one of the challenges in Cyber Security for businesses. We are all aware
of the infamous iCloud hack, which exposed private photos of celebrities. If such an attack is carried
out on enterprise data, it could pose a massive threat to the organization and maybe even lead to its
collapse.
4. PHISHING ATTACKS
Phishing is a type of social engineering attack often used to steal user data, including login credentials
and credit card numbers. Unlike ransomware attacks, the hacker, upon gaining access to confidential
user data, doesn’t block it. Instead, they use it for their own advantages, such as online shopping and
illegal money transfer. Phishing attacks are prevalent among hackers as they can exploit the user’s

104
<http://osou.ac.in/eresources/introduction-to-indian-cyber-law.pdf> accessed 22 July 2022
Page 214 of 240
data until the user finds out about it. Phishing attacks remain one of the major challenges of Cyber
Security in India, as the demographic here isn’t well-versed with handling confidential data.
5. BLOCKCHAIN AND CRYPTOCURRENCY ATTACKS
While blockchain and cryptocurrency might not mean much to the average internet user, these
technologies are a huge deal for businesses. Thus, attacks on these frameworks pose considerable
challenges in Cyber Security for businesses as it can compromise customer data and business
operations. These technologies have surpassed their infancy stage but have yet not reached an
advanced secure stage. Thus, several attacks have been attacks, such as DDOS, Sybil, and Eclipse, to
name a few. Organizations need to be aware of the security challenges that accompany these
technologies and ensure that no gap is left open for intruders to invade and exploit.
6. SOFTWARE VULNERABILITIES
Even the most advanced software has some vulnerabilities that might pose significant challenges to
Cyber Security in 2020, given that the adoption of digital devices now is more than ever before.
Individuals and enterprises don’t usually update the software on these devices as they find it
unnecessary. However, updating your device’s software with the latest version should be a top
priority. An older software version might contain patches for security vulnerabilities that are fixed by
the developers in the newer version. Attacks on unpatched software versions are one of the major
challenges of Cyber Security. These attacks are usually carried out on a large number of individuals,
like the Windows zero-day attacks.
7. MACHINE LEARNING AND AI ATTACKS
While Machine Learning and Artificial Intelligence technologies have proven highly beneficial for
massive development in various sectors, it has its vulnerabilities as well. These technologies can be
exploited by unlawful individuals to carry out cyberattacks and pose threats to businesses. These
technologies can be used to identify high-value targets among a large dataset. Machine Learning and
AI attacks are another big concern in India. A sophisticated attack might prove to be too difficult to
handle due to the lack of Cyber Security expertise in our country.
8. BYOD POLICIES
Most organizations have a Bring-Your-Own-Device policy for their employees. Having such systems
poses multiple challenges in Cyber Security. Firstly, if the device is running an outdated or pirated
version of the software, it is already an excellent medium for hackers to access. Since the method is
being used for personal and professional reasons, hackers can easily access confidential business data.
Secondly, these devices make it easier to access your private network if their security is compromised.
Thus, organizations should let go of BYOD policies and provide secure devices to the employees, as
such systems possess enormous challenges of Computer Security and network compromise.

Page 215 of 240

9. INSIDER ATTACKS
While most challenges of Cyber Security are external for businesses, there can be instances of an
inside job. Employees with malicious intent can leak or export confidential data to competitors or
other individuals. This can lead to huge financial and reputational losses for the business. These
challenges of Computer Security can be negated by monitoring the data and the inbound and outbound
network traffic. Installing firewall devices for routing data through a centralized server or limiting
access to files based on job roles can help minimize the risk of insider attacks.
10. OUTDATED HARDWARE
Well, don’t be surprised. Not all challenges of Cyber Security come in the form of software attacks.
With software developers realizing the risk of software vulnerabilities, they offer a periodic updates.
However, these new updates might not be compatible with the hardware of the device. This is what
leads to outdated hardware, wherein the hardware isn’t advanced enough to run the latest software
versions. This leaves such devices on an older version of the software, making them highly
susceptible to cyberattacks.
9.9 Code is Law Theory
Cyberspace has an architecture; its code — the software and hardware that defines how cyberspace
is — is its architecture. That architecture embeds certain principles; its sets the terms on which one
uses the space; it defines what’s possible in the space. And these terms and possibilities affect
innovation in the space. Some architectures invite innovation; others chill it.
9.10 A Declaration of the Independence of Cyberspace
John Perry Barlow stands by his Declaration of Independence of Cyberspace, the libertarian idea that
lit up the Internet on this day in 1996.
"A Declaration of the Independence of Cyberspace" is a widely distributed early paper on the
applicability (or lack thereof) of government on the rapidly growing Internet. Commissioned for the
pioneering Internet project 24 Hours in Cyberspace, it was written by John Perry Barlow, a founder
of the Electronic Frontier Foundation, and published online on February 8, 1996, from Davos,
Switzerland.[1] It was written primarily in response to the passing into law of the Telecommunications
Act of 1996 in the United States. In 2014, the Department of Records recorded and released audio
and video content of Barlow reading the Declaration
“On this day in 1996, Barlow sat down in front of a clunky Apple laptop and typed out one very
controversial email, now known as the “Declaration of Independence of Cyberspace,” a manifesto
with a simple message: Governments don’t---and can't---govern the Internet.
"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace,
the new home of Mind," read the document's first words. "On behalf of the future, I ask you of the
past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
Page 216 of 240
In the modern era of global NSA surveillance, China's Great Firewall, and FBI agents trawling the
dark Web, it's easy to write off Barlow's declaration as early dotcom-era hubris. But on his document's
20th anniversary, Barlow himself wants to be clear: He stands by his words just as much today as he
did when he clicked "send" in 1996. "The main thing I was declaring was that cyberspace is naturally
immune to sovereignty and always would be," Barlow, now 68, said in an interview over the weekend
with WIRED. “I believed that was true then, and I believe it’s true now.”105
9.11 UNITED NATIONS COMMISSION ON TRADE AND DEVELOPMENT
United Nations Commission on Trade and Development (UNCTAD) is the United Nations General
Assembly’s main agency responsible for trade and development. Since 1998 when the General
Assembly gave UNCTAD a special grant to pursue and develop electronic commerce initiatives, this
agency has been active in its advocacy of the role and importance of information and communication
technologies in development.
UNCTAD carries out policy-oriented analytical work on the information economy and its
implications for developing countries. Its analytical work is published in the annual Information
Economy Report (former E-commerce and Development Report). It also assists governments,
businesses and civil society groups that are considering adopting free and open source software
policies.
UNCTAD has also published the Digital Divide: ICT Development Indices 2004, which benchmarks
ICT diffusion for over 150 countries using indices of connectivity and access. It also monitors trends
in ICT development to raise awareness and helps formulate policies aimed at narrowing the digital
divide.
9.12 Council of Europe
Council of Europe is an international organization of 46 member states in the European region. The
Council is most prominent for the European Convention on Human Rights 1950, which serves as the
basis for the European Court of Human Rights. The Council of Europe is not to be confused with the
Council of the European Union or the European Council, as it is a separate organization and not part
of the European Union.
The Council was set up to:
• Defend human rights, parliamentary democracy and the rule of law
• Develop continent-wide agreements to standardise member countries ’social and legal practices,

105
<https://www.wired.com/2016/02/its-been-20-years-since-this-man-declared-cyberspace-independence/> accessed
17 July 2022
Page 217 of 240
The Council of Europe came out with a Convention on Cyber crime (2001) and its additional Protocol
concerning the acts of a racist and xenophobic nature committed through computer systems (2003).
The Convention aims principally at: (1) harmonising the domestic criminal substantive law elements
of offences and connected provisions in the area of cyber-crime (2) providing for domestic criminal
procedural law powers necessary for the investigation and prosecution of such offences as well as
other offences committed by means of a computer system or evidence in relation to which is in
electronic form and (3) setting up a fast and effective regime of international co-operation.
The Convention contains four chapters: (I) Use of terms; (II) Measures to be taken at domestic level
– substantive law and procedural law; (III) International co-operation; (IV) Final clauses
9.13 World Trade Organisation
The growing importance of electronic commerce in global trade led World Trade Organization
(WTO) members to adopt a declaration on global electronic commerce on 20 May 1998 at their
Second Ministerial Conference in Geneva, Switzerland. The Declaration directed the WTO General
Council to establish a comprehensive work programme to examine all trade-related issues arising
from electronic commerce, and to present a progress report to the WTO’s Third Ministerial
Conference.
The 1998 declaration also included a so-called moratorium stating that “members will continue their
current practice of not imposing customs duties on electronic transmission”.
The work programme was adopted by the WTO General Council on 25 September 1998. It continued
after the Third Ministerial Conference in Seattle in November 1999.
At the Fourth Ministerial Conference in Doha in 2001, ministers agreed to 50 continue the work
programme as well as to extend the moratorium on customs
duties. They instructed the General Council, in paragraph 34 of the Doha Declaration, to report on
further progress to the Fifth Ministerial conference at Cancún, in 2003.
Under the work programme, issues related to electronic commerce have been examined by the
Council for Trade in Services, the Council for Trade in Goods, the Council for TRIPS and the
Committee on Trade and Development. During the course of the work programme a number of
background notes on the issues have been produced by the WTO Secretariat and many member
governments have submitted documents outlining their own thoughts.
After the Doha Ministerial Declaration, the General Council agreed to hold “dedicated” discussions
on cross-cutting issues, i.e. issues whose potential relevance may “cut across” different agreements
of the multilateral system. So far, there have been five discussions dedicated to electronic commerce,
held under the General Council’s auspices.
The issues discussed included: classification of the content of certain electronic transmissions;
development-related issues; fiscal implications of e-commerce; relationship (and possible
Page 218 of 240
substitution effects) between e-commerce and traditional forms of commerce; imposition of customs
duties on electronic transmissions; competition; jurisdiction and applicable law/other legal issues.106
9.14 World Intellectual Property Organisation
WIPO, the Geneva based World Intellectual Property Organization has a world- wide coverage
with179 member states. The purpose of WIPO is to “to promote the protection of intellectual property
throughout the world through cooperation among states”. (Art. 3 WIPO Convention). WIPO is the
forum for international IP policy making, development and administration of the 23 international
treaties of which it is the custodian.
Migration of intellectual property to the digital world, IP being ideally suited to digitization, is the
order of the day. IP on the net is vulnerable because infinite number of perfect copies can be made
and easily distributed through digital networks worldwide. There is therefore understandably a need
to protect internet content including information, music, software, films, business methods, databases,
etc.
Among the IP Issues on the Internet, the problem of the abusive registration of trademarks as domain
names known in other words as cyber squatting is one of the areas that the WIPO addresses. The
WIPO works through Uniform Domain Name Dispute Resolution Policy adopted by ICANN, and
provides the services of a Domain name registrar. It also provides for alternative dispute resolution
services through its Arbitration and Mediation center.
Significant issues in the field of copyright have been examined for a number of years through various
public and private processes, at WIPO and other international organizations, and at national and
regional levels. Significant progress has been made, with international consensus having already
emerged on some of these issues. In 1996, two treaties were adopted by consensus by more than 100
countries at WIPO: the WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonograms
Treaty (WPPT) (commonly referred to as the “Internet Treaties”). The treaties, each having reached
their 30th ratification or accession, both have entered into force: the WCT on March 6, 2002, and the
WPPT on May 20, 2002.
The WIPO Internet Treaties are designed to update and supplement the existing international treaties
on copyright and related rights, namely, the Berne Convention and the Rome Convention. They
respond to the challenges posed by the digital technologies and, in particular, the dissemination of
protected material over the global networks that make up the Internet. The contents of the Internet
Treaties can be divided into three parts: (1) incorporation of certain provisions of the TRIPS
Agreement not previously included explicitly in WIPO treaties (e.g. protection of computer programs

106 World Trade Organization <https://www.wto.org/english/tratop_e/ecom_e/ecom_briefnote_e.htm> accessed 21 July

2022
Page 219 of 240
and original databases as literary works under copyright law); (2) updates not specific to digital
technologies (e.g., the generalized right of communication to the public); and (3) provisions that
specifically address the impact of digital technologies.
Although the Internet Treaties have now entered into force, in order that they are truly effective in
the digital environment, they must become widely adopted in countries around the world, and their
provisions must be incorporated in national legislation.

Page 220 of 240

 Unit X
Internet Governance
10.1 Cyberspace and Governance
The challenge of discouraging undesirable conduct in cyberspace is, in many respects, similar to the
management of misconduct ‘on the ground’. In terrestrial space, most social control is informal.
Cultures whether they are cultures of indigenous peoples or of the modern university have their social
norms, to which most of their members adhere. Minor transgressions tend to elicit expressions of
disapproval, while more serious misconduct may be met with ridicule, ostracism, some form of
‘payback ’or expulsion from the group or organisation.
With the rise of the modern state, formal institutions of social control have evolved to provide rules
of behaviour, forums for the resolution of disputes between citizens and institutions for policing,
prosecution, adjudication and punishment of the most serious transgressions. However, it is now
generally accepted that governmental agencies of social control are neither omnipresent nor
omnipotent, thus creating a demand for supplementary policing and security services. These state
institutions are accompanied by a variety of non-state bodies that ‘coproduce ’security. Such entities
vary widely in size and role, from large private security agencies and the manufacturers and
distributors of technologies such as closed-circuit television (CCTV), to the good friend who keeps
an eye on her neighbour’s house at vacation time.
Regulations
This wider notion of policing terrestrial space has been nicely articulated by scholars such as Bayley
and Shearing (1996) and Dupont (2006) (see also Brewer, Chapter 26, this volume).
Cyberspace differs only slightly from terrestrial space in its response to antisocial behaviour. Most of
us who use digital technology do the right thing not because we fear the long arm of the law in
response to misconduct, but, rather, because we have internalised the norms that prevail in our culture
(on compliance generally, see Parker and Nielsen, Chapter 13, this volume). Most of us take
reasonable precautions to safeguard things of value that might exist in digital form. Nevertheless,
because there are deviant subcultures whose members do not comply with wider social norms, and
nonchalant citizens who are careless with their digital possessions, there is a need for formal
institutions of social control in cyberspace. So, too, is there a need for the coproduction of
cybersecurity.
One characteristic of cyber-deviance that differs significantly from terrestrial misconduct is that
cross-national activity is much more common. Very early on in the digital age it was said that
‘cyberspace knows no borders’. The nature of digital technology is such that one may target a device
or system physically located on the other side of the world just as easily as one in one’s own
Page 221 of 240
hometown. A successful response to transnational cybercrime thus requires a degree of cooperation
between states—cooperation that may not be automatically forthcoming.
The governance of cyberspace is no less a pluralistic endeavour than is the governance of physical
territory. This chapter will provide an overview of regulatory and quasi-regulatory institutions that
currently exist to help secure cyberspace. In addition to state agencies, we will discuss a constellation
of other actors and institutions, some of which cooperate closely with state authorities and others that
function quite independently. These range from large commercial multinationals such as Microsoft,
Google and Symantec; other non-governmental entities such as computer emergency response teams
(CERTs); groups like Spamhaus and the Anti-Phishing Working Group; and hybrid entities such as
the Virtual Global Task Force and End Child Prostitution, Child Pornography and Trafficking of
Children for Sexual Purposes (ECPAT), both of which target online child sexual abuse. In addition,
there are independent, ‘freelance ’groups such as Cyber Angels, which exist to promote cybersafety,
and ad hoc, transitory collectives that engage in independent patrolling and investigation of
cyberspace.

Other groups, such as Anonymous, and whistleblowers such as Edward Snowden, challenge apparent
cyberspace illegality with sometimes questionable methods of their own. Anonymous attacked sites
related to child pornography in 2011 (Operation Darknet) and Edward Snowden’s disclosures
revealed questionable practices by the US National Security Agency.
The next section of this chapter will briefly review some of the more important published works on
the social regulation of digital technology. We will then discuss, in order, state, private and hybrid
regulatory orderings. The chapter will conclude with some observations on regulatory orderings in
cyberspace, through the lens of regulatory pluralism.
2. Literature on the regulation of cyberspace
Current literature on the regulation of cyberspace is no longer focused on whether cyberspace can be
regulated. Instead, discussion focuses on how cyberspace is regulated and who are the regulators. It
is generally conceded that the state cannot adequately control cyberspace via laws and regulations.
Even when laws and regulations are kept up to date with developments in technology, the functions
and effectiveness of laws and regulations will be limited; the transnational dimensions of much cyber
illegality and the architectures of digital technology all but guarantee this (Grabosky et al. 2001;
Katyal 2003). Other regulatory methods such as code and system design, self-regulation by the private
sector and co-regulation via public and private cooperation have been proposed as alternatives with
which to govern cyberspace.

Page 222 of 240

Code and architecture
As pointed out by Professor Lawrence Lessig (1999), the internet was built for research and not
commerce. Its founding protocols are inherently unsecure and are designed for the sharing, rather
than the concealment, of data. The subsequent devolution of access to the computer network from
government and research bodies to individual private users has provided a gateway for cybercriminals
and cyber-deviant entrepreneurs.

Lessig (2006) argued that cyberspace is substantially regulated by code— computer programming
and system architecture. In this book, Code: Version 2.0, he notes that the internet is built on simple
protocols based on the Transmission Control Protocol and Internet Protocol (TCP/ IP) suite.
Cyberspace is simply a product of architecture, not of ‘God’s will’. Lessig argued that the internet is
the most regulable space that we know, since, through its architecture, it can reveal who someone is,
where they are and what they are doing. When the machine is connected to the internet, all interactions
can be monitored and identified. Thus, anonymous speech is extremely difficult to achieve.
Lessig (2006) described the code embedded in the software or hardware as ‘West Coast Code’, as it
is usually ‘enacted ’by code writers on the West Coast of the United States such as in Silicon Valley
and Redmond, Washington, the headquarters of Microsoft. It is different from the ‘East Coast
Code’—the laws enacted by the US Congress in Washington, DC, complemented by state legislation.
Although each code can work well alone, Lessig pointed out that the power of East Coast Code over
West Coast Code has increased, especially when the West Coast Code becomes commercial. A classic
example was seen in 1994 when the US Government enacted the Communications Assistance for
Law Enforcement Act (CALEA). Under this Act, telephone companies are required to create a
network architecture that serves well the interests of government, making wire-tapping and data
retrieval easier.
10.2 Internet Governance
Internet governance is the development and application by Governments, the private sector and civil
society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and
programmes that shape the evolution and use of the Internet.
The definition was made by the Working Group on Internet Governance (WGIG) in 2003. During the
first phase of the World Summit on the Information Society (WSIS) the UN Secretary General
commissioned the multi-stakeholder working group, WGIG, to identify and define the public policy
issues that are relevant to Internet governance. The WGIG report proposed recommendations on the
process to follow on Internet governance policies including the creation of an Internet Governance
Forum (IGF).

Page 223 of 240

Internet Governance Forum
The Internet Governance Forum (IGF) was established by WSIS in 2005; with the first global IGF
held in Athens in 2006. The IGF has no decision-making powers and is intended to serve as a
discussion space that gives developing countries the same opportunity as wealthier nations to engage
in the debate on Internet governance. Its purpose is to provide a platform where new and ongoing
issues of Internet governance can be frankly debated by stakeholders from civil society, the business
and technical sectors, governments, and academia. Participation in the IGF is open to all interested
participants and accreditation is free. Ultimately, the involvement of all stakeholders, from developed
as well as developing countries, is necessary for the future development of the Internet. It brings about
1500-2200 participants from various stakeholder groups to discuss policy issues relating to the
Internet such as understanding how to maximize Internet opportunities, identify emerging trends and
address risks and challenges that arise. The IGF works closely with the Dynamic Coalition on Public
Access in Libraries.
The global IGF is held annually, usually in the final quarter of the year. In 2015 the IGF took place
in João Pessoa, Brazil. The 2016 IGF will take place in Guadalajara, Mexico, December 6-9.
10.3 E-Governance
A new paradigm shift has been developed in the field of governance by the application of ICT in the
processes of governing called Electronic-Governance or E-Governance.
E-governance raises the transparency, accountability, efficiency, and effectiveness and inclusiveness
in the governing process in terms of reliable access to the information within government, between
government, national, state, municipal, and local level governments, citizens, and businesses and
empowers business through access and use of information.
The main focus of the E-Governance or electronic governance is to provide transparent, equitable,
and accountable service delivery to the citizens. The aim of the e-governance facilitates and improves
the quality of governance and ensures people’s participation in the governing process through
electronic means like e-mail, websites, SMS connectivity, and others.
E-governance is not just about government websites or e-mail or financial transactions. “It will change
how citizens relate to government as much as it changes how citizens relate to each other” (Katyal:
2002). It also refers to the utilization of IT in the country’s democratic processes itself such as the
election.
E-governance is about the use of ICT for steering the citizens and promoting the public service. It
includes a pragmatic application and usage of ICT for delivering efficient and cost-effective services
and information and knowledge to the citizens being governed, thereby realizing the vast potential of
the government to serve the citizens (Prabhu: 2015). It made correlations between state and society,
government and people, people to people, governance and society.
Page 224 of 240
Objectives of E-Governance
The objectives of e governance are as follows-
1. One of the basic objectives of e-governance is to make every information of the
government available to all in the public interest.
2. One of its goals is to create a cooperative structure between the government and the people
and to seek help and advice from the people, to make the government aware of the problems
of the people.
3. To increase and encourage people’s participation in the governance process.
4. e-Governance improves the country’s information and communication technology and
electronic media, with the aim of strengthening the country’s economy by keeping
governments, people and businesses in tune with the modern world.
5. One of its main objectives is to establish transparency and accountability in the governance
process.
6. To reduce government spending on information and services.
Features of E-Governance
It has been proven from the concept of e-governance that it is a powerful means of public service in
the present era. Some of its features can be found by observing the functioning of e-governance.
1. De bureaucratization: Due to e-governance, the gap between the people and the government
in all the services of the government is narrowing and the dependence of the people on the
bureaucracy is also greatly reduced.
2. E-Services: Its main feature is the provision of services through the Internet. As a result, we
get G2C, G2B, G2E, etc. services. This is already discussed in the section of ‘types of
governance’.
3. International Services: through e-governance, all the essential services can be delivered to
the citizens who are living outside of their country for job purposes or any other reasons.
4. It enhances the right to express to the citizens. Using the means of e-governance anyone can
share their views with the government on any bill or act or decision taken by the government.
5. Economic Development: With the introduction of e-governance, various information like
import-export, registration of companies, investment situations, etc. are available through the
internet. As a result, time is saved, procrastination decreases, and economic dynamism
increases.
6. Reduce inequality: using e-governance tools everyone can gather information and empower
themselves. In this globalized world, knowledge is power, and means of e-governance
empower us by providing relevant information at minimal cost, effort, and time.
Page 225 of 240
Types of E-Governance
E-Governance can be considered as the social inclusive policy for development of transparency and
accountability of both people in society and administration. This policy involves providing the
services to the people with collection of information through the institutional and communicational
development.

E-Governance107
It provides quality services in several ways. Those ways are also called as types of e-
governance. These are mentioned below-
1. G2C (Government to Citizen)
2. G2G (Government to Government)
3. G2B (Government to Business)
4. G2E (Government to Employee)

107
<https://schoolofpoliticalscience.com/what-is-e-governance/> accessed 21 Jully 2022
Page 226 of 240
1. G2C (Government to Citizen)
As people are the key concept of politics and government as well as governance, the government is
compelled to connect with citizens through the transparent and accountable order. In this connection
the government is responsible for promoting the social opportunities and public services in the field
of-
• Transportation (Registration of motor vehicles, Issue of driving licenses, Issue of plying
permissions, Tax and fee collection through cash and bank challans and control of pollution
etc.),
• hospitals (linking of various hospitals in different parts of the country to ensures better
medical services to citizens),
• education (availability of the e-learning modules to the citizens, right to education),
• online job portal and various customer services.
It also ensures services such as issue of certificates, job cards, passport, ration cards, payments of
bills and filing the taxes from the door step through e-governance platform. The main objectives of
the G2C services are to ensure equitable distribution of information for all, acceptance of citizen’s
feedback, and improving welfare services.
2. G2G (Government to Government)
G2G has been referring to raising the quality of the government process by cost cutting, managing
performance, and making strategic connections within government.
It enables government institutions to be more efficient and more effective by the use of IT tools such
as-
• Live fingerprints scanning and verification,
• Electronic entry of reports and paperwork etc.
The major key areas in this type of e-governance are
• E-Secretariat (all the valuable information regarding the function of the government are
interlinking throughout the various departments),
• E-Police (police personnel records, criminal records etc), and
• E-Court (creating a database of all the previous cases, pending and ongoing cases) and
Statewide Networks (Kumar: 2011).
3. G2B (Government to Business)
G2B is mainly concerned with these things-
• E-taxation,
• Getting a license from the government etc.
• Secure Electronics Transactions.

Page 227 of 240

It has included the policy of government with business. According to S.P Kumar, ‘the essentials for
achievement of G2B services for secure and authentic transactions include: Standards for electronic
transactions, a secure payment mechanism and Public key infrastructure ’(Kumar: 2011).
4. G2E (Government to Employee)
The G2E model refers to providing information and services from government to employee and
employee to government as well. It involves training through-
• e-learning methods;
• Consolidating the employee and
• Share of knowledge among the employees108
10.4 Governance and Legal Framework of Internet (India)
The new regulations instituted by the Indian government to manage social media platforms expand
its powers over the internet, rendering it the final arbiter over digital content. While the move syncs
with the impulse to rein in big technology companies, India’s regulations offer limited means to hold
the government accountable which could undermine the citizens ’rights.
That the Indian government was going to intervene to manage social media platforms was a certainty
after the recent feud with Twitter over the platform’s handling of certain critical tweets. Yet, few
expected the overhaul that arrived last week. New Delhi has erected a new framework under an
existing statute (Information Technology [IT] Act, 2000) to govern the internet, specifically digital
news, social media and video streaming. New regulations formed under the IT (Intermediary
Guidelines and Digital Ethics Code) Rules, 2021 expands government powers over the internet,
rendering it the final arbiter over digital content.
On 25 February 2021, Union Ministers Ravi Shankar Prasad and Prakash Javadekar
unveiled new rules for India’s internet intermediaries and digital media platforms to better
manage the effects such platforms are having on Indian citizens and society writ large.
Before considering new provisions, much has been said about the government’s intent to
regulate internet intermediaries and content through the IT Act 2000 and not through a
new law. Such a big policy shift could have been undertaken through parliamentary
deliberation and consultations. Instead, what we have now are a set of conditions that
technology companies must abide by in return for immunity for content published on their
platforms. Several big changes are evident through new rules.

108
<https://schoolofpoliticalscience.com/what-is-e-governance/> accessed 17 July 2022
Page 228 of 240
First, social media platforms have to abide by new rules that place accountability to manage their
platforms. Rules also distinguish between large platforms which are termed as ‘significant social
media intermediaries ’and smaller platforms called ‘social media intermediaries’. New provisions, for
instance, require users to be given adequate notice before removing content. One big change pertains
to identification or traceability. The government now requires messages or content sent through
various social media and instant messaging platforms to be identifiable or tied to a user, which will
affect how encrypted those services will be in India. Entities like WhatsApp that offer end-to-end
encryption might have to change how it operates. Citizens fearing the loss of privacy might refrain
from using such mediums leading to self-censorship among users. Compromising security vis-à-vis
communications could result in litigation now that India has a constitutional right to privacy.
Undoubtedly, traceability requirements undermine privacy and the need to have private
conversations. Going ahead, social media firms will also be expected to regularly work with the
government to monitor content. They will have to provide information within 72 hours upon receipt
of a government order, appoint compliance architecture and officers to coordinate with law
enforcement and provide compliance reports based on platform activities. These new rules require
platforms to preserve user data for six months, providing the government another opportunity to
gather and store data.

Second, on digital media, new rules set up a three tier self-regulatory structure. The first layer focuses
on self-regulation, developed by the media entity itself or ‘in-house’. The new rules require companies
to address grievances with their content in a time-bound fashion. The second layer will be a body
headed by a retired Supreme Court or High Court judge or an independent eminent person. The third
and top most tier of the structure will consist of an inter-departmental committee appointed by the
central government. Penalties have been added for platforms and firms that fail to comply, resulting
in prosecution under the IT Act. Unquestionably, digital and streaming platforms will face additional
regulatory burdens that require compliance. Relying on bureaucrats to vet, approve and police content
will only increase the discretionary powers of the government when it comes to censoring what and
how these digital media outlets operate. Again, this move is being done without parliamentary
backing or a new legislation. Opacity reigns. Yet, big technology firms might have no choice but to
abide, given India’s booming young internet market marked by millions of young citizens rapidly
coming online.

Alarmingly, these new guidelines and rules are being implemented without a data protection law and
framework, a cyber environment littered with various threats and risks and no surveillance oversight.
Moreover, while new rules emphasise grievance redress, privacy and harm prevention, they could
Page 229 of 240
open avenues to stifle or inhibit speech online. More fundamentally, what protection do citizens have
to ensure that the government is held accountable while regulating speech on various online platforms
and messaging services? What obligation does the government have and, importantly, restrictions
when managing these digital platforms? Questions also exist around the constitutionality of these new
rules, especially the expansion of the IT Act to include news media and video streaming platforms
through executive fiat. All these questions merit answers. Until then, internet oversight in India has
arrived through greater political control of the mediums where citizens interact and communicate109.
10.5 Protecting Information Infrastructure
The recent increase in the frequency and impact of cyber-attacks have kept Critical Infrastructure
companies on their toes, fearing the worst for their organizations if an attack occurs on their critical
infrastructure. A recent news article published by the New York Times states that cyber attacks are
on the rise against corporations in the United States, with a particular focus on Energy companies.
Reports of an attack similar to the Shamoon – Saudi Aramco attack are expected but the impact of
such an attack in the United States would be of a magnitude much greater than Shamoon. These
threats have made governments across the world wake up and take notice of Critical Infrastructure
Protection as one of their highest priorities.
Why is Infrastructure Critical?
An infrastructure becomes critical when a disruption to this infrastructure results in irreversible and
enormous loss (e.g. loss of life, environment etc.). The growing threat of international terrorism led
policy makers to reconsider the definition of “infrastructure” in the context of specific non-functional
requirements (NFR) of the business. These NFRs included Security, Performance, Availability,
Integrity and Confidentiality (SPAIC). Each business has its own definition of SPAIC based on the
regulatory requirements and country specific policies.
Critical Infrastructure is always associated with regulatory requirements and key resources who are
directly handling the critical infrastructure. As such, any intentional or unintentional disruption to
these will have a significant impact on the environment and life.
The following areas are considered to be a part of Critical Infrastructure:
• Agriculture
• Food
• Utilities - Drinking water and sewage management system
• Government

109
Kathy Nacchiapan<https://www.isas.nus.edu.sg/papers/indias-new-internet-governance-framework/> accessed 17
July 2022
Page 230 of 240
• Defense
• Oil and Gas infrastructure
• Nuclear Power Plants and the facilities that produce, use, store, and dispose off nuclear material
• Energy - production, transmission, and distribution services and critical facilities
• Special events of national significance
• Healthcare - drug discovery and development, patient information
• Banking and Finance
• Process industries
• Transportation - including railways, highways, shipping ports and airports & civilian aircrafts
• Livestock, agriculture, and systems for the provision of water
• Communication links
• Public and privately owned information systems with critical business data (e.g., information about
oil reserves, information within Stock Exchanges, information about nuclear programs, drug
research data, privacy information, financial data etc.)
There is an impending need for countries to develop a national critical infrastructure strategy which
will provide a comprehensive and collaborative approach to enhance the resiliency of critical
infrastructure. This common approach will enable partners to respond collectively to risks and target
resources to the most vulnerable areas of critical infrastructure.
Guidelines to Defining a Successful Critical Infrastructure Protection (CIP) Strategy
Industry leaders suggest that the government and the private sector should collaborate to protect a
nation’s critical infrastructure. This collaboration calls for the development of trusted partnerships to
build regulatory requirements, governance processes, and resilience options jointly based on the
existing mandates and responsibilities. The strategy should outline mechanisms to:

• Create a government owned CIP Forum to share information about potential threats and disruptions
through a highly confidential government owned body. Discussions in this forum should:

• Feed into the regulatory enhancements as a continuous improvement program

• Create awareness in both urban and rural areas
• Create guidelines to protect critical assets and information
• Build country specific risk frameworks for each critical infrastructure with guidelines to define
asset criticality

• Build a RACI (responsibility, accountability, consulted, informed) matrix

Page 231 of 240

The Strategy should:
1. Put the onus on Critical Infrastructure companies to give high priority to the protection of
their critical infrastructure
2. Should be defined considering Central Governments, States, Districts, and City Corporations
responsible for protecting their own critical infrastructure and for supporting owners and
operators in addressing this challenge
3. Enhance the resiliency of critical infrastructure through an appropriate combination of
security measures to address human induced intentional threats, business continuity practices
to deal with disruptions and ensure the continuation of essential services, and emergency
planning to ensure adequate response procedures are in place to deal with unforeseen
disruptions to critical infrastructure.
Actionizing the Strategy for a Safer Future
Level 1: Define Critical Infrastructure and Assets
1. Define guidelines to identity and categorize a critical infrastructure component
2. Define the life of each critical asset
Level 2: Build Partnerships
1. Develop sector networks
2. Establish the national Cross-Sector forum
3. Conduct Research and Development
4. Develop joint intiatives
Level 3: Risk Management
1. Create a risk committee at each governance level along with an emergency response team
2. Undertake risk assessments of sector wise critical infrastructure
3. Develop emergency programs and plans
4. Define assessment programs
5. Define vulnerability metrics and threat map
Level 4: Regulate and Standardize the CIP Security
1. Review existing Risk and Resilience processes (Sector wise)
2. Standardize it based on the new definition of critical infrastructure and assets
Cyber Security and Critical Infrastructure
Cyber security for critical infrastructure depends a lot on the sector to which the critical infrastructure
belongs. Its objectives are:
1. Integrated security operations platform – This should provide a single platform where logs
are collected, correlated, analyzed. This platform should collect logs from both IP and non IP
devices, should be intelligent to dynamically build rules to eliminate False Positives
Page 232 of 240
2. Unified Security view – The platform should be built on regulatory requirements, country
specific rules, risk framework, criticality of assets and information. It should be based on
Security Analytics framework which will score incidents, identify patterns and provide
security and risk posture of the critical infrastructure at any point of time. An extension to this
is predictive analysis which should help predict threat patterns and help sectors to plan
mitigation
3. Resilience strategy – It is the quickness with which the critical infrastructure can bounce back
after disruption. This should primarily be the Disaster Recovery and Business Continuity Plan
for Critical Infrastructure. This is more of a policy and process which should be reviewed at
pre-defined schedules for readiness
4. Broadly, cyber security can be classified into the following components for all Sectors:
1. Cyber Security Governance
2. Security Convergence Platform
3. Integrated security operations
4. Security Analytics
5. Risk and Threat Intelligence110
10.6 Internet Corporation for Assigned Names and Numbers
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-based not-for-profit
public-benefit corporation whose role is to coordinate, at the overall level, the global Internet’s
systems of unique identifiers, and to ensure the stable and secure operation of these systems.
ICANN’s main responsibiliy is to coordinate the allocation and assignment of the three sets of unique
identifiers for the Internet (also known as ‘critical Internet resources’: domain names, Internet
protocol (IP) addresses and autonomous system numbers, and protocol port and parameter numbers),
as well as to facilitate the coordination of the operation and evolution of the Domain Name System
(DNS) root name server system.
Until September 2016, ICANN was mandated by the United States Department of Commerce
(DoC) to perform the IANA (Internet Assigned Numbers Authority) functions, including globally
alocating the IP addresses and other numbering resources to the Regional Internet Registers (RIRs),
introducing changes to the main DNS root zone file (the global Internet ‘address book’), and managing
the .INT top-level domain. Starting October 2016, these functions are performed by ICANN’s
affiliate Public Technical Identifiers (PTI), following the transition of the IANA functions
stewardship from the US government to the global multistakeholder community.

110
<https://www.wipro.com/cybersecurity/resilience-against-cyber-attacks1/> accessed 17 July 2022
Page 233 of 240
ICANN also has a policy-making function, in that it defines policies for how the ‘names and
numbers’ of the Internet should run. The work moves forward in a style described as the ‘bottom-up,
consensus-driven, multistakeholder model’, through the various supporting organisations and
advisory committee that are part of ICANN’s structure.111
10.7 Role of ICANN and Management of Domain Name System
Internet Assigned Numbers Authority (IANA) is a non-profit organization responsible for
coordinating the activities for the smooth functioning of the Internet. Since the internet is a global
network, IANA undertakes the responsibility to allocate and maintain unique codes and numbering
systems that are used in Internet protocols. IANA liaisons with Internet Engineering Task Force
(IETF) and Request for Comments (RFC) teams for working on Internet-connected systems. It is
responsible for maintaining a collection of registries for coordination of IP addressing and Domain
Name Service (DNS) root zones. IANA performs the three main functions:
Domain Name Services
DNS is a hierarchical database that links domain names with IP addresses. IANA administers the top-
level hierarchy, the DNS root zone, for efficient transfer of data between computers. It operates '.int'
top-level domain for international organizations and '.arpa' zone for Internal Protocols and root
servers.
Number Resources
It coordinates the Internet Protocol addressing systems (IP), commonly known as IP Addresses, which
are used for routing internet traffic. Another function is to allocate the Autonomous System (AS)
numbers to Regional Internet Registries according to their needs and document the protocol
assignments made by the IETF.
Protocol Assignments
The Protocol management function involves maintaining the codes and numbers used in Internet
protocols. These services are done in collaboration with IETF.
Since 1997, this role has been performed by Internet Corporation for Assigned Names and Numbers
(ICANN).
Role of ICANN
Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized
non-profit corporation whose major role is to keep the Internet stable, secure and interoperable. It
includes participants from different parts of the world who designs policies on the Internet's unique

111
<https://dig.watch/actors/internet-corporation-assigned-names-and-numbers> accessed 17 July 2022
Page 234 of 240
identifiers and its naming system. As a public-private partnership, ICANN now performs IANA
functions under a contract from the United States' Department of Commerce.
Major activities performed by ICANN are:
• To preserve the operational stability of the Internet.
• To promote competition and develop policies for Internet's unique identifier and naming.
• To achieve greater participation from global internet communities.
• To develop policies and procedures and follow a consensus-driven approach.
• To contract with registries and registrars (companies that sell domain names) for improving
domain name system.
10.8 World Summits of the Information Society
The UN General Assembly (21 December 2001) endorsed the holding of the World Summit on the
Information Society (WSIS) in two phases. The first phase took place in Geneva from 10 to 12
December 2003 and the second phase took place in Tunis, from 16 to 18 November 2005. Outcomes
were reviewed by Member States at UN Headquarters in New York at the WSIS tenth anniversary
(WSIS+10). The forthcoming review process, WSIS+20, will be held in 2025.
New York WSIS+10 Outcome Document: 15-16 December 2015
UNESCO themes and approaches figure prominently in the WSIS+10 High-Level Review outcome
document adopted on 16 December 2015 at the United Nations General Assembly.
The outcome document recognizes that “the same rights that people have offline must also be
protected online”; “call[s] on States to take all appropriate measures necessary to ensure the right to
freedom of opinion”; affirms the “commitment to bridging digital and knowledge divides”; and the
ambition“ to move beyond ‘information societies ’to ‘knowledge societies’, in which information is
not only created and disseminated, but put to the benefit of human development.” Many other
UNESCO facilitated themes are also addressed, including: the protection of journalists; ICT and
education; cultural diversity; sciences; access to information and knowledge; people with disabilities;
multilingualism; indigenous peoples; local content; media and information literacy; capacity
building; and ethics.
Tunis Phase: 16-18 November 2005
The objective of the second phase was to put Geneva's Plan of Action into motion as well as to find
solutions and reach agreements in the fields of Internet governance, financing mechanisms, and
follow-up and implementation of the Geneva and Tunis documents.
Nearly 50 Heads of state/government and Vice-Presidents and 197 Ministers, Vice Ministers and
Deputy Ministers from 174 countries as well as high-level representatives from international
organizations, private sector, and civil society attended the Tunis Phase of WSIS and gave political

Page 235 of 240

support to the Tunis Commitment and that were adopted on 18 November 2005. More than 19,000
participants from 174 countries attended the Summit and related events.

Geneva Phase: 10-12 December 2003

The objective of the first phase was to develop and foster a clear statement of political will and take
concrete steps to establish the foundations for an Information Society for all, reflecting all the
different interests at stake.
Nearly 50 Heads of state/government and Vice-Presidents, 82 Ministers, and 26 Vice-Ministers from
175 countries as well as high-level representatives from international organizations, private sector,
and civil society attended the Geneva Phase of WSIS and gave political support to the Geneva
Declaration of Principles and Geneva Plan of Action.
10.9 Internet Governance Forum
The Internet Governance Forum (IGF) is a multistakeholder governance group for policy dialogue
on issues of Internet governance. It brings together all stakeholders in the Internet governance debate,
whether they represent governments, the private sector or civil society, including the technical and
academic community, on an equal basis and through an open and inclusive process.[1] The
establishment of the IGF was formally announced by the United Nations Secretary-General in July
2006. It was first convened in October–November 2006 and has held an annual meeting since then.
10.10 European Dialogue on Internet Governance
European Dialogue on Internet Governance (EuroDIG) is a Pan-European multi-stakeholder
forum focused on Internet Governance. It is a regional sub-forum of the global Internet Governance
Forum (IGF). It is an annual meeting with open participation and changing locations across European
countries.Participants come from the private sector, governments, civil society, academia, and the
technical community. Notable participating institutions are the European Commission and the
Council of Europe.
EuroDIG held its first meeting on 20–21 October 2008 and was initiated by Internet enthusiasts from
all stakeholder groups who shared the same vision of a space where all stakeholders from all across
Europe could meet and discuss Internet governance issues. The Council of Europe was among the
institutions which supported this idea from the beginning and offered to host the first meeting in the
Palais de l'Europe in Strasbourg, the headquarters of the Council of Europe.
One goal of EuroDIG is to feed in European views into the global IGF, but even more it aims to reach
out to all concerned groups and faciliated an inclusive debate about the governance of the internet by
encouraging cooperation to solve problems and find best practices.
Administration and planning

Page 236 of 240

The central administration of EuroDIG is its secretariat, which is responsible for coordinating the
organization. The secretariat is composed of 3-4 individuals working part time as of 2022. Long-term
and financial planning as well administrative oversight lies with the Multi-stakeholder Board, whose
seven members are elected by the General Assembly, except the Secretary General, who is always
part of the board. Members of the Board have to be so-called Core Members and are elected for up
to three years. The Members should come from different stakeholder groups so that each group is
represented and no group dominates the board. The General Assembly is composed of the members
of the organization, though only Core Members can vote. Core Members are Founding and Full
Members. All Full Members have to be accepted by the Core Members.
The annual meetings are planned in an open process in which everyone can suggest topics and
participate. The program is made based on submitted topics and publicly discussed in a planning
meeting, usually at the beginning of the year. The details for each session are assigned an Org Team,
which organizes the session. The planning process is facilitated by the secretariat in assisting Org
Teams.
Funding and institutional partners
EuroDIG is financed through donations, for the most part by corporations and institutions, but also
individuals have an opportunity to support via fundraising tool. Another form of support EuroDIG
receives is in the form of hosting the in-person events and providings of equipment and resources
needed for those, which is usually done by a partnering institution or city.
The institutional partners of EuroDIG are:
• Council of Europe
• European Commission
• European Regional At-Large Organization (EURALO)
• European Broadcasting Union (EBU)
• European Telecommunications Network Operators ’Association (ETNO)
• Geneva Internet Platform
• Internet Corporation for Assigned Names and Numbers (ICANN)
• Internet Society (ISOC)
• Federal Office of Communications of Switzerland (OFCOM)
• Réseaux IP Européens Network Coordination Centre (RIPE NCC)
10.11 Internet Sovereignty
When it comes to internet freedom, or lack thereof, a term that is increasingly being used to describe
the state of the internet around the world is a move towards “internet sovereignty.” While the term

Page 237 of 240

isn’t new, as the internet continues to change and evolve the phenomenon is taking shape in an
increasing number of areas around the world. Internet sovereignty refers to the splintering or
breaking up of the internet into a system that’s governed by each country individually, rather than as
a single and uniform experience for all around the world. Also referred to as “cyber sovereignty,”
according to the Globe Post the term was first used by Chinese authorities in a white paper entitled
The Internet in China. The white paper stated the principle as follows: “Within Chinese territory, the
internet is under the jurisdiction of Chinese sovereignty. The internet sovereignty of China should be
respected and protected.” The underlying concept being illustrated is that China had a right to govern
the internet – and by extension content and the dissemination of this content on the internet – to
comply with the country’s distinct laws.
The concept has since expanded beyond those borders and is broadly applied to any country around
the world trying to take a similar approach to internet governance. As put by CSIS, the concept refers
to “not many separate internets but a fragmentation of governance, where the underlying protocols
would still support global connectivity, but connectivity overlaid with many uncoordinated and often
dissonant rules for data, privacy, and security.”
In plain terms, internet sovereignty means that each country is responsible for the internet experience
and rules within their own borders.
Who is Responsible for Internet Sovereignty?
Internet sovereignty is most often enacted by a government, and especially by those in oppressive
nations. It does not have to be restricted to this realm, however. There is also talk of internet
sovereignty being enacted by major tech players: “rather than a small set of elites in each country
setting the ground rules for the internet for their respective societies, a single centralized set of elites
in Silicon Valley set the rules of all countries.”(Forbes).
What Does Internet Sovereignty Look Like?
Cyber sovereignty manifests itself in several different ways, but is often used as a justification or
means to impart censorship and restrictions on internet usage. It is often manifested as follows.
• Censorship of content
• Restrictions on internet
• Regulations and laws related to the internet
• Content takedowns, blocking, removals
• Data localization and storage
It’s important to note, however, that some forms of internet sovereignty are not nefarious in nature.
More recently, westernized nations that do not generally censor their internet have sought sovereignty
in the following ways:
• Control or prevent cybersecurity threats
Page 238 of 240
 • Protect user data
• In relation to the flow of data (Across borders and for business purposes)
• To protect people (removal of child pornography, terrorist materials)
Some nations have succumbed to pressure to comply with restrictive rules of other nations, however,
by complying with mandates for app takedowns or content removal requests.

Is Internet Sovereignty a Good Thing?

Internet sovereignty is not inherently negative, but the result of the increasing cyber sovereignty is
generally not good since it leads to a splintering or dividing of the internet – and a move away from
the universal freedom and openness the internet was created to promote. Additionally, as the concept
is closely more often than not associated with censorship.112

112
Internet Sovereignty <https://www.vyprvpn.com/blog/internet-sovereignty> accessed 21 July 2022
Page 239 of 240
 Reading List

Essential Readings
1. D Kim, M G Solomon, Fundamentals of Information Security (3rd edn, Jones & Bartlett
Learning 2018).
2. Vakul Sharma, Information Technology Law and Practice – Cyber Laws and Laws Relating
to E-Commerce (7th edn, Lexis Nexis 2021).
Recommended Readings
1. B Forouzan, Data Communication and Networking, (4th edn, Tata McGraw-Hill 2006).
2. William Stallings, Computer Networking with Internet Protocols and Technology (7th edn,
Pearson Education 2012).
3. Andrew S Tanenbaum, Computer Networks (4th edn, Pearson Education 2009).
4. Janine Kremling and Amanda M Sharp Parker, Cyberspace, Cybersecurity, and Cybercrime
(1st edn, SAGE Publications 2017).

Page 240 of 240