> Chapter 5

The internet
and its uses

IN THIS CHAPTER YOU WILL:

learn what the difference is between the internet and the world wide web
understand what is meant by a URL and study the purpose of each of its component parts
discover the purpose and operation of the hypertext transfer protocol (HTTP) and the hypertext transfer
protocol secure (HTTPS)
learn about the different functions that a web browser performs, including the use of cookies
discover how web pages are requested, retrieved and displayed on your computer or device
understand what is meant by a digital currency and how blockchain is used to track digital currency
transactions
learn about a range of cyber security threats and how a range of different solutions can be used to
data safe from these threats.
 5 The internet and its uses

GETTING STARTED
Think about what you already know about keeping yourself safe on the
internet (e-safety). Create a poster for a younger audience to tell them how to
use the internet safely and what to do if they find something that upsets them.

Figure 5.1: A parent helping a child to safely access the internet

THE EFFECTS OF MALWARE

On average, there are approximately 2500 cyber security attacks that happen each day.
Malware is used in many of these attacks and over 90% of this malware is delivered using email.
WannaCry is the name of a large scale cyber
security attack that occurred in 2017. Malware was
used to take over computer servers in systems
across Britain, Spain, Russia, Ukraine and Taiwan.
The type of malware used in the WannaCry attack
is called ransomware. The malware blocked
users and organisations from accessing files and
accounts. It did this by encrypting the tiles. It
wanted the organisations to pay money to the
creators of the malware in order to be able to
gain access to their files and accounts again. The
payment demanded was in Bitcoin.
As organisations were not able to gain access
to their files and accounts until the ransom was Figure 5.2: Malware prevents users from accessing their
paid, mass disruption was often caused to the files and data
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

CONTINUED
daily processes in these organisations. One example of this was the National Health Service (NHS)
in Britain. British hospitals were forced to turn away some patients who could not be treated until
their personal information could be accessed again.
WannaCry malware was based on a set of malware code called EternalBlue. There have been
several malware attacks since WannaCry based on this same EternalBlue code.
Discussion questions
1 Do you think it is the organisation's fault that the malware infected their systems and caused issues?
2 Do you think it is completely the hacker's fault for being able to put the malware on the systems?
3 How would you feel if your files were encrypted and you couldn't access them?
Would you pay the ransom, or would you take a different action?

5.1 The internet and the world KEY WORDS

wide web internet: a very large

global network that
The internet and the world wide web: aren’t they the same thing? Although the terms allows users to access
are used interchangeably, they aren’t the same thing. Bonus points if you knew that the world wide web.
already! The internet is an infrastructure. This means it is all the components and cables
infrastructure: the
that are used to connect one device to another. Another way that the internet can be
physical structure,
described is that it is one huge network. More specifically, it is a type of network called
such as all the
a wide area network (WAN). This is a type of network that spans a large geographic
components and
area, in this case the whole world! The internet is an incredible structure if you think
cables, that are used
that homes and businesses all over the world are able to use it to connect to each other.
to connect devices,
Millions and millions of people use this huge infrastructure.
network: computers
and devices that are
joined together using
cables or wireless
technology.
world wide web:
the collection of all
the web pages and
websites that have
been made available,
website: a collection
of web pages,
normally about a
related topic or
purpose.
Figure 5.3: The internet connects millions of people web page: a single
page within a
The world wide web is the collective term for all the websites and web pages that are website.
available. The world wide web is accessed by using the internet.
 5 The internet and its uses

COMPUTER SCIENCE IN CONTEXT

The world wide web was invented by Tim Berners-Lee in 1989. He was
motivated to do so by a problem that he had. He is a Computer Scientist
and found that at the time he had several computers that all had different
information stored on them. He found that he would have to keep logging
onto the different computers to obtain the particular information that he
needed. He saw a way to solve this issue that he realised could be used
universally. Lots of computers were already being connected together
into networks and he realised that he could share information using an
emerging technology at the time called Hypertext. By October of 1990 he
had developed the three fundamental parts that create the world wide web:
HyperText Markup language (HTML), uniform resource locator (URL) and the
Hypertext Transfer Protocol (HTTP). By the end of 1990, the first web server
was set up and the first web page displaying information about the world
wide web project was created.

ACTIVITY 5.1

Have a look at what the first web page looked like. Type 'the world wide web
project' into your browser and look for the 'info.cern' link.

KEY WORDS

uniform resource
locater (URL):
another name for the
text-based address
tor a website.
web browser: a
Figure 5.4: HTML piece of software that
retrieves and displays
web pages.

5.2 Requesting and retrieving protocol: a set of

rules for transmitting
data.
web pages domain name: a
A URL is a fundamental component of the world wide web. Each website and web
specific part of a URL
page on the world wide web has a text based address. This address is called a URL.
that contains the
To access the web page, a user types the URL into the address bar of a web browser.
unique name for the
A URL has three main components: the protocol, the domain name and the web page web server.
or file name.
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

Figure 5.5 shows an example of a URL: https://www. cambridge.org /education

1 Y
KEY WORDS
There is a whole process involved in
requesting and retrieving web pages that protocol domain web page domain name server
you need to understand, the URL and its name name (DNS): a special
three components are fundamental to this Figure 5.5: The components of a URL server that contains a
process. So how is a web page requested database of domain
and retrieved by our computers? names and their
corresponding IP
To start the process, the user opens their web browser and types the URL into the
address.
address bar. The web browser then sends the URL for the website to the domain name
server (DNS). The DNS is a special kind of server that stores all the different domain web server: a
names (part of the URL shown in Figure 5.5) along with their equivalent IP address. network component
The DNS looks through its database of domain names to find the equivalent IP where the web pages
address. As you can imagine, there are billions of websites, so these are not all stored for a website are
on a single DNS. Therefore, the first DNS will search its database and if it doesn’t stored.
find the domain name, it sends it to the next DNS. This will happen until the domain
name is found, or if it is not found, a message is sent back to the web browser to say hypertext transfer
that the website is not found. When the DNS find the domain name, it sends the protocol (HTTP): a
equivalent IP address back to the web browser - the IP address of the web server that protocol that is used
stores the website. This process is summarised in Figure 5.6. for the transmission
of web pages and
DNS searches related data across
for domain the internet.
Web browser
name to find
sends URL to hypertext markup
URL its equivalent
DNS language (HTML):
IP address a scripting (web
authoring) language
that is used to create
web pages.
cascading style
sheet (CSS): a
scripting language
IP address that is used to create
a presentation
template for a web
Figure 5.6: A web browser requests an IP address from a DNS page. It includes
what kind of font
The web browser receives the IP address for the website from the DNS. It now knows and colour text
where to find the website. The web browser sends a request to the web server to ask will appear on the
for the web page from the website. It uses a protocol called the hypertext transfer webpage.
protocol (HTTP) to send the request to the web server. Each web page is created active script: this is
using hypertext markup language (HTML), cascading style sheets (CSS) and may the script that is used
include active script such as JavaScript. When the web server receives a request for a to produce any of the
web page, it sends the data for the website, including the HTML, CSS and any active interactive elements
script, back to the web browser using the HTTP The web browser then renders the of a web page.
HTML and CSS and runs any active script to display the web page. This process is
summarised in Figure 5.7.
 5 The internet and its uses

Web browser uses Web server sends

the IP address to the data, including
send a request to HTML, CSS and
the web server to active script to the
obtain the data for web browser
the web page
Request for web page

Web browser
renders the HTML Data for web page KEY WORDS
and CSS and runs
the active script to hypertext transfer
display the web protocol secure
page (HTTPS): a secure
Figure 5.7: The web browser requests a web page and renders the HTML and CSS version of the HTTP
that encrypts data for
transmission.
encryption: a
Questions method of securing
1 What is a URL? data for storage
2 What is an IP address? or transmission
3 What are the three main parts of a URL?
that scrambles
it and makes it
meaningless.
Another protocol can be used to request the data for the web pages that will require an
additional process to take place. This protocol is the hypertext transfer protocol secure digital certificate:
(HTTPS). This protocol has an additional layer of security that encrypts any data that a certificate that is
is transferred. It involves the use of digital certificates. This is a certificate that the awarded to a website
owners of the website need to apply for from a certificate authority. A certificate if they can prove
authority is an organisation that checks whether a website is authentic and trustworthy. that they are a real
If the certificate authority believe the website is authentic, they will issue them with a organisation and take
digital certificate. This is how the additional layer of security is created. measures to securely
transmit their data,
• Before the web browser sends a request to the web server to ask for the web pages,
it sends a request to the web server asking it to provide a digital certificate. certificate authority:
the awarding
• The web server sends a copy of the digital certificate to the web browser. organisation that
• The web browser checks if the digital certificate is authentic. checks if another
organisation is real
• If the certificate is authentic, the web browser will allow communication to continue
and secure before
with the web server and any data that is transmitted between the two is encrypted.
awarding them a
• If the certificate is not authentic, the web browser will report that the website is digital certificate.
not secure.
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

This process is summarised in Figure 5.8.

Web browser asks

Web server sends
the web server to
send its digital its digital certificate
Request for digital certificate to the web browser
certificate

Encrypted data transmission

Web browser
authenticates the Digital certificate sent
certificate. If
authentic, encrypted
data transmission
Figure 5.8: A web browser requests a digital certificate to allow encrypted data transmission

KEY WORDS
The HTTPS protocol is the standard HTTP protocol with a layer of security
combined, that is either the secure sockets layer (SSL) or transport layer security (TLS) secure sockets layer
protocol. TLS is a newer version of SSL. This is the protocol that is used to create the (SSL) protocol: a
encryption. You can check visually whether a website is secure by seeing if it uses the type of protocol
HTTPS protocol. If it does, you will see this at the start of the URL in the address bar that encrypts data
in the web browser. You will also see a small padlock before the start of the URL. for transmission. It
Most web browsers also have an option for you to view the digital certificate for the is the protocol, that
website. This is often found by right clicking your mouse on the padlock. is combined with
the HTTP to create
ACTIVITY 5.2 HTTPS.

Use the internet to research why the TLS protocol was developed to replace transport layer
the SSL protocol. security (TLS)
protocol: an updated
version of the SSL
protocol.
Questions render: the method
4 What is a digital certificate and how is it used in the HTTPS protocol? of processing all the
5 Does the web browser or the web server authenticate the digital certificate? web page data, such
as HTML, to display
the web page.

5.3 The purpose of a web browser

You may have noticed that the web browser has a key role in the requesting and retrieving
of web pages. The main purpose of a web browser is that it is a software application that
allows you to access information that is available on the world wide web. As you learnt
previously, it does this by requesting the HTML files and other data required to create the
web page, then renders this data so that you can view the web page.
One thing to note about a web browser is that some people confuse it with a
search engine. This is because some web browser software development companies also
 5 The internet and its uses

produce search engines too. One example of this is Google. Google produce a search
engine called google, that you can use to find information on the world wide web,
however this is not a browser. The browser that Google produce is Google Chrome.
This is the software that allows you to open web pages, such as the google search
engine. Why don’t you test your friends and see if they know the difference?

KEY WORDS

Google address bar: the

section of a web
browser where you
type the web page
address.
user history: a record
made on your web
browser of all the
Figure 5.9: Example of a search engine Figure 5.10: Examples of web browsers web pages that you
have visited.

ACTIVITY 5.3 bookmark: a link that

can be created to
Can you think of two more examples of a web browser? Use the internet to allow you to quickly
check if you are correct. find a web page
again.

Did you know that there are lots of other things that a web browser can do? tab: a website
This is a list of some of the main functions of a web browser, how many have you function that allows
used before? you to open multiple
web pages in the
• It provides an address bar that you can use to type in a URL. same window.
• It keeps a record of all the web pages that you have visited.
window: a viewing
This is called user history.
area that is created
• It allows you to bookmark web pages and set web pages as your favourites. in which a software
These can then be displayed on the toolbar of your web browser to allow you application or file can
to access them much more quickly. It means you can just click the bookmark or be opened.
favourite icon and it will take you straight to the web page.
navigate: move
• It allows you to open multiple tabs at a time. The browser itself opens around web pages, or
into a window on your computer. Without tabs, you would need to open move back or forward
multiple windows if you wanted to open more than one web page at a time. to previous web
Tabs allow you to open multiple web pages in the same browser window which pages.
makes it easier to navigate between the different web pages that you have open.
cookie: small text file
• It allows you to navigate between web pages. The buttons that are most
that is used to store
commonly available on a web browser are forward, back and reload the page. personal data, by a
• It stores cookies and manages the process of transmitting them. web browser.
You will learn more about cookies next!
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

The main features are shown in Figure 5.11.

Navigation buttons Tab Address bar

Main window: Settings: This is

This is where where you will
you will see the find your history
HTML rendered and bookmarks
and the web and favourites
page displayed (you may also
find these on a
toolbar below
the address bar)

Figure 5.11: The main features of a web browser

Cookies! Sadly, not the tasty kind, but a useful function of a web browser. So, what
exactly is a cookie? A very simple explanation is that it is a small text file that is used to
store data, normally about you.
They are very useful as they can store data that you may regularly use on the
internet. This means that you do not need to enter this data every time. Examples of
this are:
• Storing your username and password for accounts such
as your social media.
• Storing your bank card details for buying products and
services online.
• Storing products in a virtual shopping cart when
you are buying multiple products from an online
company. It can also save the items in your cart so that
you can buy them at a later date if you don’t want to
buy them now.
Cookies can be used to tailor your online experience with
websites. Some websites allow you to format the website
in the way that you want it to look, for example, changing
the colour of text and boxes that appear on the web page.
Cookies can also be used to track the different content that
you look at on the world wide web. For example, if you
look at web pages about your favourite hobby or interest,
you will find that advertisements appear on web pages that
are about your favourite hobby too. This is called targeted Figure 5.12: Many websites use cookies
advertising.
 5 The internet and its uses

Cookies are created when you visit a web page and then they are stored by
KEY WORDS
your web browser. There are two main types of cookie, session cookies and
persistent cookies. session cookie: a
Session cookies are temporary files that are created when you visit a web page. As type of cookie that
soon as you close your web browser, these cookies are deleted. If you open your web is deleted when
browser again and go back to the same web page, the web page will not recognise the web browser is
you. That means that it will not be sent any cookies by your web browser, about closed.
your personal details or preferences, as this type of cookie are not saved by the persistent cookie: a
browser once it is closed. You might have experienced this type of cookie when you
type of cookie that
are online shopping. You may have added several items that you wanted to buy
is stored by the web
to a shopping cart on a website, you then close your web browser. You then open
browser until it is
your web browser at a later date and go back to the web page, only to find that the
deleted by the user
items you put in the online shopping cart are no longer there. This is because it is a
or because it has
session cookie that is used to temporarily store them. This process is summarised in
expired.
Figure 5.13.

User visits the web page that

is stored on the web server

Session cookies are

temporarily stored by
user's web browser
until the browser is
closed and the session
ends. The cookies are
then deleted.

Session cookies are sent from

web server to user's web browser
Figure 5.13: Session cookies

Persistent cookies are permanent files that are created when you visit a web page.
These are stored by your web browser onto the hard drive of your computer.
When you visit the same web page again, the cookie file is sent back to the web
server that stores the web pages to provide the data about your personal details
or preferences. This will allow your login details to be automatically entered, for
example. These cookies will remain stored on your hard drive until you manually
delete them, or your browser deletes them because they have expired. Each
persistent cookie file is sent with an expiration date. When this expiration date is
reached, the web browser will delete this cookie from your hard drive. This process
is summarised in Figure 5.14.
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

User visits the web page that

is stored on the web server

Persistent cookies
are permanently
stored by user's
web browser until
the user or the
web browser
deletes them.

Persistent cookies are sent from

web server to user's web browser
Figure 5.14: Persistent cookies

Internet users have mixed feelings about cookies.

This is because they can have a very useful role
but can also be used for improper activities.
Cookies do build up an online profile about
your details and preferences. Some people feel
this is an invasion of their privacy. Other people
also believe that this data can be gathered to
build a profile about you and add to the risk of
your identity being stolen. If you are worried
about this being a possibility, you can limit the
use of cookies in your online activity by
changing the settings for your web browser.

Questions
6 What is a cookie used for?
7 What is the difference between a session Figure 5.15: Cookies can be a privacy concern
cookie and a persistent cookie?
8 Why do some people have an issue with
cookies being used?

COMPUTER SCIENCE IN CONTEXT

Each company that creates a web browser will often have a slightly different
aim as its focus. Some web browser development companies focus on the
security of the transmission of data, whereas others focus on how quickly the
web pages are rendered and displayed.
 5 The internet and its uses

5.4 Digital currency KEY WORD

When you pay for products and services using the internet, you will normally use a
digital currency. A digital currency is one that exists electronically (see Figure 5.16). digital currency: a
It is a method of payment that is similar to paying with coins and bank notes. currency that exists
However, rather than exchanging physical bank notes and coins to make the payment, electronically rather
the currency is exchanged digitally using computers. There are several different forms than physically.
of digital currency, the most popular are payments using credit cards, mobile phones
and smart watches. The most common of these is using credit cards when making
payments using the internet.
When the data about the payment with the digital currency is sent from one computer
to another, it is encrypted to keep it secure. The method of encryption used is what
you learnt about previously, in Section 5.2, using the HTTPS protocol. The payment
details for the use of a digital currency can be stored in a persistent cookie. That means
that each time you visit the website to buy a product, your payment details will be
automatically entered so you don’t need to type them in each time.

Figure 5.16: Digital currency exists electronically and can be sent between computers

One type of digital currency that

you may have heard of is Bitcoin.
This type of digital currency is KEY WORDS
more specifically known as a
cryptocurrency. The banks that cryptocurrency:
we use to manage our money on a a type of digital
daily basis are called centralised currency that
systems. This means that there is uses encryption
an authority at the centre procedures.
managing the process in which
they are used. In this case, the blockchain: a
bank is the authority. A method that is
cryptocurrency is a decentralised used to track all the
Figure 5.17: A cryptocurrency is a digital currency transactions made
system, this means that there is
that is managed by a decentralised system with a cryptocurrency.
no central authority, like a bank,
managing the process of digital ledger: a
payments. Payments are also encrypted using this type of currency. As there is no database that is a list
central authority managing the system of payments with this type of digital currency, of all the transactions
a different system called blockchain is used to keep track of the payments. recorded by the use
In its most basic form, blockchain is a list of all the records made with the digital of blockchain.
currency. This is called a digital ledger (Figure 5.18). Each time a payment is made with
the digital currency, a record is added to the ledger that includes a digital signature
with the time and date that the payment is made. In blockchaining, once these records
are added to the digital ledger, they cannot be changed. Data that is stored in a digital
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

ledger is also encrypted. This prevents anyone being able to change the data.
However, anyone who wants to view the data in the digital ledger is able to do so.

Blockchain Digital Ledger

Payment 1

Payment 2
User sends payment The payment arrives
using a type of digital Payment 3 with the intended user
currency called a and only exists
cryptocurrency. The electronically.
data is encrypted
before it is sent.
The details of the payment are added
to digital ledger, including a digital
signature, time and date stamp. The
data is stored for the digital ledger is
encrypted and cannot be changed.
Figure 5.18: A blockchain keeps a digital ledger of transactions

COMPUTER SCIENCE IN CONTEXT

There are as many as 2000 different digital currencies that exist. Many of these
are different types of cryptocurrency. How many do you think you could name?

5.5 Cyber security

Whilst the internet and the world wide web can be a very fun and interesting place, it
does also have some issues and threats that you definitely need to be aware of.
You need to know how these cyber threats are created, what the motivation is behind
those who use them, and what kind of security solution you can put in place to try and
prevent them from happening. One thing to note is that each security solution may not KEY WORDS
be a complete prevention, sometimes it is better to have several solutions in place. Also,
perpetrators are always looking to develop ways to beat security solutions, so no perpetrator: a
solution will be 100% effective in preventing an attack. However, if you don’t have any person that carries
security solutions in place, you are putting your personal data at a far greater risk of out an illegal or
these cyber threats. So, what are the cyber threats that you need to know? immoral action,
brute-force attack:
Brute-force attack a type of cyber
threat that involves
You may have heard someone being described as a brute person. This normally means repeatedly inputting
people think they are strong and forceful. This is exactly what a brute-force attack is a password until the
on your computer, a strong and forceful attack. Imagine that someone is banging on correct one is found,
a locked door, pushing and shoving it in every way that they can, until the door gives to try and break into
way and opens. In a brute-force attack, a perpetrator tries to break into your computer an account or device
or account. They do this by repeatedly entering different password combinations until
they manage to enter the correct one. They may try to do this manually, by typing
in each password combination themselves. They could also do this by developing a
 5 The internet and its uses

software program that will automatically cycle through many different combinations
until the correct one is found.
The perpetrator usually does this to gain access to your computer or account in the hope
that they can either steal some personal data that they can use for criminal activity,
or they may try to use your account to purchase items online as though it was their
own account.
There are several cyber security solutions that you can put in place to help prevent
a brute-force attack on your computer or account. The first is to make sure that you
have a strong password to protect your data. A strong password is created by mixing
different uppercase and lowercase letters, numbers and symbols. Ideally mixing these
in a way that does not form any kind of word or phrase. A long string of a mixture of
all these characters is the best protection that you can give your data. This will make it
much more difficult for any perpetrator or software program to guess your password.
It can be easy to find out some simple information about you, for example, that you
have a rabbit called Mr Snuffles. Therefore, if your password is mrsnufflesO 1, this is not
going to be difficult for a perpetrator to guess. Make life a bit more difficult for them,
your data is precious! An example of a strong password is:
1 gH6dk@dnlwm!dosTsjlpa
Many web browsers now have a function that will suggest a strong password for you,
mixing a combination of characters like this. They will also save the password for you,
so you don’t need to keep remembering the string of characters.
Another security solution that can be used to help prevent a brute-force attack is
limiting the number of times a password can be entered before the account is locked.
You may have had this issue before. You type in what you think you had as a password
for the account, but it is rejected, so you try another and that gets rejected, then you try
a third one and that is rejected, and you now get a message saying you are locked out
of your account. How frustrating! However, be very thankful for this security solution,
however annoying it can be. It is likely that for a perpetrator to brute-force their way
into your account, it will take more than three guesses at your password. Therefore, if
the number of attempts is limited before the account is locked, this can prevent many KEY WORDS
guesses being made to try and find out the password.
biometric password:
A third security solution that can be used is a biometric password. A biometric device is a type of password
one that needs your biological data to be input. An example is a fingerprint scanner, that uses a person's
which requires your fingerprint to be input. Our biological data is unique to us, it is biological data, such
highly unlikely that you will find another person that has exactly the same fingerprint as their fingerprint.
as you. Therefore, if you secure your computer or account with a biological password,
such as your fingerprint, no amount of guessing your password would allow a biometric device: a
perpetrator to brute-force their way into your account. They would need to somehow device that allows a
obtain your fingerprint, which is a much more difficult task. user to record and
input a biometric
A fourth security solution that can be used is two-step verification (sometimes known password.
as two-factor authentication). This is a method that puts two tasks in place in order
to enter an account. The first task is entering the password, but then a second step is two-step
added that will require an additional input task to enter the account. The second piece verification:
of data is often a code or word that is sent to you that you will need to enter. This is a process that
normally sent to either your mobile phone number or your email address. This means involves inputting
that a perpetrator will not only need to guess the password for your account, but that two different kinds
they will also need to have access to your mobile phone or your email, this is an added of data to enter an
difficulty. Some banks also have a small card reading device that provide you with the account or device.
data for the second step. You put your bank card into the reader, enters a PIN code
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

or password and this generates the code for the second step for you to input. It is
advisable that you look at the privacy and security settings for your online accounts,
especially ones like your email and social media. Many companies have an option for
you to turn on the feature of two-step verification which helps keep your personal data
more secure.
In summary:

What happens? Multiple guesses are made at your password to try and
break into your computer or account.
What is the aim? To steal your precious personal data or to use your
account to buy products online.
What security solutions A strong password, a limited number of attempts
can be used? at entering a password, a biometric password and
two-step verification.

ACTIVITY 5.4

Think about one of your passwords that you use to access an account online.
How strong do you think that password is? Do you think that you could
improve that password?
Create a three-slide presentation that can be given to your peers to tell them
how to create a strong password and what the importance is of doing so.

Peer Assessment
Take a look at your partner's presentation. Do you think the information is
presented clearly? Have they made it clear how to create a strong password?
Do you think they have missed any information about doing this? Do you think
they have made it clear how important it is to set a strong password? Have
they included information about what might happen if a person does not set a
strong password?
Tell your partner your answer to these questions when you have looked at
their presentation.

Data interception KEY WORDS

Billions of pieces of data are sent across the large network that is the internet on a data packet: a unit
daily basis. A lot of this data is people sending their personal data to do things like buy of data that is used to
products and services, and log into their online accounts. Perpetrators would very transmit data across a
much like to get hold of their information so that they can use it in criminal activity, network.
such as identity theft and fraud. A way that they will try and do this is by intercepting
data packets as they are transmitted across the network from one device to another. packet sniffer: a
This is often done by using a piece of software called a packet sniffer, this is normally piece of software that
installed onto a piece of hardware that the packets will pass through, for example, a is used to examine
router. This software is used to examine packets of data that are sent across a network the contents in a
to see if they contain data that looks useful. If they do, the software will report the packet of data.
useful data packets it has found back to the perpetrator.
 5 The internet and its uses

The main security solution that you can use to keep data secure that is sent over a
network is encryption. Data is normally encrypted using the SSL protocol that you
learnt about earlier in Section 5.2. This security solution will not stop the data packets
from being intercepted, but it will mean that if the data packets are intercepted, the
data contained in the packets will be meaningless to anyone who tries to read them.
Remember, you can check to see if a website encrypts your data before transmission by
looking to see if the URL uses HTTPS. It is also often possible, in your web browser
settings, to set your web browser to only connect to websites that use encryption to
transmit data.

Figure 5.19: If your data is intercepted by someone, will it be encrypted?

Check if the URL uses HTTPS

Have you ever gone into a cafe or a store and thought, ‘Excellent, free Wi-Fi!’ and you
immediately connect to it? Perpetrators can also use this kind of incentive to get you to
connect to the network through a system of theirs. Any data that you send using this
connection can be intercepted by the perpetrator. It is advisable, if you see a free Wi-Fi
connection, to ask the cafe or store if it is their free Wi-Fi before you connect to it.
In summary:
KEY WORDS
What happens? Data packets are intercepted and examined through distributed denial
the use of software such as a packet sniffer. of service (DDoS)
attack: a type of
What is the aim? To steal your precious personal data for criminal cyber threat that
activity such as identity theft or fraud. targets a web server
to cause it to crash
What security solutions Encryption such as the SSL protocol and visually
and prevent access to
can be used? checking the URL of a website to see if it uses the
the web pages that it
HTTPS protocol.
stores.
botnet: a network of
ACTIVITY 5.5 bots that are created
Use the internet to find out how a virtual private network (VPN) can be used to to carry out a DDoS
help prevent data interception. attack.
malware: a type of
malicious software
that is downloaded
Distributed denial of service (DDoS) attack onto a user's
To carry out a DDoS attack, a perpetrator will first create a botnet (bot network, see computer or device.
Figure 5.20). This is done by sending malware to many computers to try and get you to
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

accidentally download it. Once you have downloaded the malware, the computer can
then be used as a bot by the perpetrator. Whilst the bot is not being used it is often KEY WORDS
called a zombie. Once the perpetrator wants to carry out the attack, they ‘wake up’ all bot: the name given
the zombies to be used as bots. Each bot will begin sending multiple requests to access to a computer that
a web server. They are all set to send requests to the same web server all at the same has had malware
time. This floods the web server with too many requests and it begins to struggle to downloaded onto it
deal with each request. The web server can only deal with a certain number of requests that will cause it to
at a time and if it is sent too many it will begin to slow down and eventually crash. be used in a DDoS
This will mean that users can no longer access the website. This causes a denial of attack.
service to any normal requests to access the web server. This type of attack is normally
carried out on a web server, but it could be used to target other types of server and zombie: the name
network hardware. given to a bot that has
malware downloaded
There are several reasons a perpetrator may carry out a DDoS attack. They may
onto it to allow it to
make a demand for money to the company to get them to pay to stop the attack from
be used in a DDoS
happening. They may want to punish the company for something that they perpetrator
attack, but it currently
thinks they have done wrong, such as an unethical issue. This would be in an act of
isn't being used in this
revenge or activism.
way. It is effectively a
The main security solution that a company can use to stop a DDoS attack occurring dormant or sleepingdormant
on their web server is to use a proxy server. A proxy server can be used as a barrier to bot. ; ;
a web server by getting all the requests for the web server to pass through the proxy
server first. The proxy server can examine each request and forward it on to the web proxy server: a
server to allow access. If the proxy server begins to receive many requests, it can begin method of cyber
to allow them to pass at a slower rate to avoid the web server being flooded with all security that examines
the requests at the same time. This may mean access to the website is slower, but still requests sent by
possible by users that want to legitimately access it. A proxy server can also use a devices to access the
feature called caching. This feature can help prevent a DDoS from being successful as web pages stored on
once the proxy server has received a request the access the website from a certain IP a web server.
address, it will stop any repeated requests for a short period of time from the same IP anti-malware: a type
address. Therefore, if a bot is sending multiple requests, not all of them will be passed of software that scans
onto the web server as some will be stopped by the proxy server. This makes it more a computer or device
difficult for a perpetrator to flood the web server. with the purpose of
As a user, you can try and prevent your computer ever being used as a bot in a DDoS finding and removing
attack by regularly scanning your computer with anti-malware software. This is a type malware.
of software that scans all of the files in your computer to see if any of them are known
to be malware. It does this by comparing each file against a known list of malware to
see if any of the files on your computer match. If it finds a file that matches, it will put
it in a special area called a quarantine area. It will then inform you that it has found
what it thinks is malware and will ask you if you want to delete the file. By scanning
your computer with anti-malware software on a regular basis, you can help make sure
that your computer is free from any malware that might be used to turn it into a bot in
a DDoS attack.
 5 The internet and its uses

Botnet

Bot

Figure 5.20: A botnet can cause a DDoS attack

In summary:

What happens? Malware is sent to lots of computers to turn them into

bots to create a botnet. The perpetrator then uses
the botnet to send many requests to a web server, all
at the same time.
What is the aim? The aim is to cause the web server to crash. The
perpetrator may be doing this to demand money for
it to stop, or as an act of revenge or activism.
What security solutions The company can use a proxy server to act as a
can be used? barrier that filters requests to the web server. You can
scan your computer with anti-malware on a regular
basis to try and prevent it being used as a bot.

ACTIVITY 5.6

Use the internet to find out about a huge DDoS attack that was carried out on
21 st October 2016, and which companies it affected.

in y
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

Hacking KEY WORDS

Hacking is the act of trying to gain unauthorised access to data. A perpetrator that
hacking: the act of
does this is known as a hacker. They can do this by using a range of technical skills
gaining unauthorised
that allow them to break into a computer or a network. This can be done by going
access to data. This
through methods such as a brute-force attack (this is sometimes known as cracking) or
is normally done to
by exploiting vulnerabilities in a computer or a network, which are areas that the
steal or corrupt the
hacker can identify that lack the protection of security solutions.
data.
Hackers will gain access to a system for several reasons. This could be to steal your
hacker: the
data to try and steal your identity, as an act of revenge, to corrupt your data or to leak
confidential data about a company or project, or an act of activism. name given to a
perpetrator that
The main way that you can stop your computer being hacked is to have as many security carries out an act of
solutions in place as possible. One of the main security solutions that can be used is hacking.
a firewall. A firewall is a barrier that can be used between your data and the rest of a
network. It can be software based or hardware based. Any data that is sent into and out firewall: a cyber
of your computer is examined by the firewall. Rules can be set for this data by giving your security method
firewall a set of criteria to examine the data against. The data that is sent through the that is used to
firewall is compared to the criteria. The firewall can be set to accept the data and allow examine incoming
it to pass through the firewall, or reject the data and stop it from passing through the and outgoing traffic
firewall, depending on whether it does or does not meet the criteria. This added security from a computer or
solution may help identify data that a hacker has sent that looks malicious and reject this network.
data to stop the hacker getting into the computer or network. A firewall can also be used port: an entry point
to close certain ports to a network. A hacker may look to find a vulnerability, such as an into a computer or
open port, to get into a network. A firewall can be set to close as many ports as it can that network.
are not being used, to try and prevent a hacker exploiting an open port to gain access.
One kind of vulnerability that hackers may try to exploit is out of date software.
Sometimes, a software company may find that they have an issue
with their software that could allow a hacker to gain unauthorised
access. If you have downloaded this software, you have also created
this vulnerability on your computer. As software companies become
aware of these issues, they develop their software and issue updates
to protect against hackers. It is therefore vital that you update your
software on a regular basis when software updates are released. This
helps limit any vulnerabilities you have on your computer that a
hacker can exploit. A way to make sure that your software is always
up to date is to set your software to automatically update. This
means that as soon as a software update is released, your computer
will automatically download the update and you don’t need to
remember to do this.
You can also password protect all your data with strong or biometric
passwords to help stop a hacker gaining unauthorised access to your Figure 5.21: Good security will protect
data. And you can add two-step verification to all your accounts.
computers against hackers
In summary:

What happens? A hacker gains unauthorised access to your data by exploiting a vulnerability
in your computer or network.
What is the aim? The aim is to steal, corrupt or leak your data for criminal activity.
What security solutions can A firewall, automatic software updates, strong or biometric passwords and
be used? two-step verification.
 5 The internet and its uses

Questions KEY WORDS

9 What is a hacker? virus: a software
10 How can you prevent a hacker gaining access to your data? based cyber threat
that replicates
itself with the aim
Malware of corrupting data
Malware is a term used to describe any malicious software that is designed to disrupt or filling up the
your computer or data. There are several types of malicious software that you need to available memory
know about: virus, worm, trojan horse, spyware, adware and ransomware. See Table 5.1. space in a computer,
causing it to crash,
Malware Description worm: a software
Virus This is a computer program that is downloaded onto your hard based cyber threat
drive. Once it has downloaded it replicates itself and corrupts that replicates itself
your stored data or uses up all the available memory in your across a network
computer, causing it to slow down and crash. using vulnerabilities
Worm This is a computer program that also replicates itself. It has that it finds, with the
a different aim to a virus though. It looks to find vulnerability aim of clogging up
holes in a network to use to replicate itself. In doing this it will the bandwidth.
clog up the bandwidth of a network and slow the trojan horse: a
network down. software based cyber
Spyware This is a computer program that is downloaded onto your hard threat that is used
drive and is designed to record your actions on your computer. to disguise other
A common form of spyware is a keylogger. This records all malware to try and
the key presses that a you carry out on your keyboard. This smuggle it into a
data is then sent to the perpetrator where it can be analysed computer or network,
to identify patterns in your data. Patterns in your data could
reveal personal data such as your passwords. This can allow spyware: a software
access to your online accounts for fraud and identity theft. based cyber threat
that spies on a user's
Trojan horse This is a computer program that is used to disguise other action whilst using
malware. It is designed to look like a harmless piece of a computer, such
software, such as an application or game, but it contains other as logging their key
malware such as a virus or spyware. Once the trojan horse presses.
is downloaded onto your hard drive, it releases the other
malware that it contains. adware: a software
Adware This is a computer program that is designed to automatically based cyber issue
created pop up and banner adverts when you are online. that automatically
These adverts are often unwanted and can be irritating and creates popup
frustrating. The adware creators are given money by the advertisements.
companies that appear in the advertisements when you click ransomware: a
on them. software based cyber
Ransomware This is a computer program that is downloaded onto your hard threat that encrypts
drive or other hardware. It is designed to encrypt your data a user's data to stop
and stop you from gaining access to it. The creators of the them gaining access
ransomware will demand a ransom (a set amount of money) for to it until a ransom
the data to be decrypted. They will often threaten to release (money) is paid.
and leak all your stored data if the ransom is not paid.
Table 5.1: Different types of malware
)> CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

There are several security solutions that you can use to protect against the threat of the
different types of malware. KEY WORD
An anti-virus software can be used to scan your computer for viruses. This is a type of anti-virus: a type of
software that scans all of the files in your computer to see if any of them are known to software that scans a
be a virus. It does this by comparing each file against a known list of viruses to see if computer for viruses
any of the files on your computer match. If it finds a file that matches, it will put it in a with the purpose of
special area called a quarantine area. It will then inform you that it has found what it finding and removing
thinks is a virus and will ask you if you want to delete the file. By scanning your them.
computer with anti-virus software on a regular basis, you
can help make sure that your computer is free from any
viruses. It is also important to update your anti-virus 1100010100110100101010101001001001000101
software. Perpetrators are constantly developing new 110111010010001010101011101010010010110
viruses. The anti-virus software developers are constantly 010001001111010100, ! nnpl0100111010
finding these and update their database used in the scan. 11101010001110001 J 1U1UUU 9010001010
You need to make sure that you are updating your loiioiiioioiuc ni nni nrnioioioo
anti-virus to make sure that the database is up to date 00101001001110 01001010
1110110111010K V I K I IS 00101010
and all the viruses are found.
10100011100011( - ’ <01010101
Anti-malware software can be installed and used to scan 101110101110101 ' 1011 lull 010100100
your computer and network for other types of malware, nooiwu 10101r ’ nnm nMooioiono
such as worms, spyware, adware and ransomware. This nn' OOHlUUlUiiioiooiOOOl
operates in a similar way to the anti-virus software by 01110101001010001001111010
scanning, quarantining and deleting any malware found. 11101010010100100100101001
The anti-malware that looks specifically for spyware is 00110101110111010010001010
called anti-spyware. Figure 5.22: Anti-virus software should be kept up to date to
find any and all viruses
A firewall can be used to help prevent malware being
downloaded onto your computer. The data coming into
and out of your computer can be examined against the criteria set for the firewall. If
the data looks malicious, the firewall will reject it and stop it from being downloaded
onto your computer. It is useful that a firewall examines both the data incoming
and outgoing data from your computer, especially in the prevention of spyware. As
the firewall is examining the data leaving your computer as well, it may recognise a
malicious program that is trying to leave your computer that contains all the keypresses
that you have made on your keyboard. If the firewall rejects this data, it will not be able
to leave your computer, preventing it being sent to the perpetrator to be analysed.

Figure 5.23: Malware can be sent to a computer via email

 5 The internet and its uses

• • • •• • .
• • internet
• • • . • •

User

Figure 5.24: A firewall protects a user's computer from security threats on internet

You can make sure that you are very cautious when clicking any links and downloading
any software online. Malware is often hidden in what looks like an innocent piece
of software or link, for example, a game that looks enticing to play. There could
be malware hidden inside a trojan horse in the game that may not be detected by a
firewall. If you download the game, it will download the trojan horse, allowing other
malware to be released onto your computer. You should only ever download software
from companies and sources that you know can be trusted, no matter how fun or
enticing it may look. KEY WORD

You can also store a backup of your data that is not attached to your computer or data backup: a copy
network on a constant basis. This means that if your data is damaged by malware, or of data that is stored
encrypted using ransomware, you still have access to a copy of your data. This can separate from the
prevent you needing to pay a ransom to gain access to your data again, but it will not computer.
stop the perpetrator from leaking your data. Therefore, it is advised not to keep any
personal data on your computer that could be accessed and leaked by a perpetrator of
ransomware. If you do keep personal data stored on your computer, you should
encrypt the data yourself, so if the perpetrator did gain access to the data, it would be
meaningless to them and they wouldn’t be able to leak it.
To avoid the risk of personal data, such as passwords, being sent to a perpetrator,
you could use an onscreen virtual keyboard rather than a physical one to enter
passwords. This means that you don’t need to make any key presses, so these are
not recorded for your password, so any data that was sent to a perpetrator would
not contain your passwords. Some companies also add drop down boxes for you to
select characters from to input your password. They may also ask you for random
characters from your password, and not your whole password. This is to prevent you
needing to enter your full password and to stop your full password being sent to the
perpetrator.

115 y
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

Figure 5.25: An onscreen virtual keyboard

In summary:

What happens? Malicious software is downloaded onto your

computer or network.
What is the aim? Malicious software is used to corrupt your data, gain
access to your data or damage your hardware.
What security solutions Anti-malware software, including anti-virus and
can be used? anti-spyware, a firewall, exercising caution when
downloading software and creating a backup of data.

Pharming KEY WORDS

Pharming is used by perpetrators to try and get your personal data, such as your pharming: a type
username and password for your online accounts. They can then log into the account, of cyber threat that
pretending to be you, and use your account to buy products online with your money. involves downloading
It can also be used to get more personal details from you, such as your address, that malicious software
can be used by the perpetrator for identity theft and fraud. onto a user's hard
drive, that redirects
The perpetrator will try and entice you into clicking a link or icon to start a download.
a request aimed at a
This could be done in various ways including sending an email, creating a pop up advert
genuine website to a
or just having a link available on a web page. When you click the link, a download will
fake website instead.
begin and as part of that download, malicious software will be downloaded onto your
The fake website will
hard drive. This malicious software is designed to redirect certain website requests you
encourage the user to
have to go to a fake website instead (see Figure 5.26). The perpetrator will set up a fake
input their personal
website to look very similar to a genuine website, such as PayPal or your social media
data, allowing it to be
page. When you next type in the URL to request the web page, the malicious code that
stolen.
has been downloaded on your hard drive will redirect the request to the fake website
instead. The perpetrator will hope that you think you have opened the genuine website hard drive: a storage
and when you type in your login details, these will be sent to the perpetrator instead. device that stores
If you notice that the website is fake after typing in your login detail, it is very data permanently,
important that you change your password for that website immediately. This can help until it is deleted by
stop the perpetrator being able to log into your account. the user.

As pharming uses malicious code that is installed on your hard drive, you can use anti­
malware software to remove it. The anti-malware software will scan the files stored on
 5 The internet and its uses

your computer and will help to find the file that is redirecting you to the fake website. The
anti-malware software will quarantine this file and let you delete it. When you type in the
URL now the redirection should stop and you should be taken to the genuine website.
One thing that you can do to help prevent pharming is to only download software or
click links that you know are from a trusted source. You should also thoroughly check
any website before you enter your personal details. You can look to see:
• If the URL at the top of the screen is the correct one.
• If the site is secured using HTTPS.
• If the website looks like it normally does. Are all the usual colours, images and
text there in the same places?
If you are in any doubt at all whether the website is genuine, close the website
without entering any of your details and scan your computer immediately with anti­
malware software.

Any personal data

Perpetrator

Figure 5.26: Pharming is a cyber threat where fake websites are used to steal data

In summary:

What happens? Malicious software is downloaded onto your hard drive

that will redirect you to a fake web page when you
input the genuine URL.
What is the aim? KEY WORD
To get your personal data to commit criminal activity
such as stealing your money, identity theft or fraud. phishing: a type of
What security solutions Anti-malware software, visually checking the web page cyber threat that
can be used? and only downloading data from trusted sources. involves sending a
user a fake email
that is designed
Question to look genuine. It
will encourage the
11 What can you do to prevent a perpetrator getting your personal data user to provide their
through pharming? personal data either
by clicking a link to
a fake website, or by
Phishing responding to the
Phishing is also used by perpetrators to try and get your personal data, such as your email.
username and password for your online accounts. They can then log into the account,
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

pretending to be you and use your account to buy products online with your money. It
can also be used to get more personal details from you, such as your address, that can
be used by the perpetrator for identity theft and fraud.
The perpetrator will again try and entice you into clicking a link. In phishing, this is
done by sending you an email. The perpetrator will create an email that looks like it is
from a genuine company, such as your bank. The email will try and get you to click a
link that will take you to a website. The email will try and get you to click the link by
telling you things like:
It looks like there has been unusual activity on your account, please click the link
and log in to check.
You have won a prize, please click the link and enter your details to claim the prize.
Confirmation is needed that you have made this purchase, please click the link and
log into your account to confirm whether or not you have made this purchase.
You are being paid a refund on your taxes, please click the link and enter your
credit card details so that you can claim the refund.
The link will take you to website that will not be the genuine website, it will be a
fake website that has been made to look like the genuine one. If you then input your
personal details these will be sent to the perpetrator and they will be able to access your
account or try and build a profile to steal your identity.
You can help prevent yourself getting fooled by any phishing scams by checking:
• The spelling and tone of the text in the email. Is everything spelt correctly? Is the
email written in a professional tone? Most genuine companies will spend a lot of
time making sure their emails are professionally written.
Whether the email has been personalised or if it is addressed in a generic way, e.g.
Dear customer. Many phishing emails are sent out in bulk and this often means
they are not individually addressed.
• The URL that is attached to the link. If you hover your mouse pointer over the
link, you should be able to see the URL that the link is connected to. Check if this
is the correct URL for this company.
• If the URL at the top of the screen is
the correct one.
• If the site is secured using HTTPS.
• If the website looks like it normally
does. Are all the usual colours, images
and text there in the same places?
Most companies will not ask you to provide
your personal details over the internet in this
way. If you are in any doubt at all whether
the website is genuine, close the website
without entering any of your details. If you
have entered any of your details and realise
after that you think it is a phishing scam,
make sure that you change the password to
your account and any other accounts that
Figure 5.27: In a phishing scam perpetrators will try to get your password
use that password immediately.
 5 The internet and its uses

Question
12 What are three things that you can look for to identify if an email is a phishing scam?

Social engineering KEY WORD

Social engineering relies on manipulating and deceiving people into providing social engineering:
confidential or personal data that can be used in criminal activity such as identity theft a cyber threat that
and fraud, and hacking into computers systems or networks. Social engineering can involves manipulating
take many different forms. Phishing is also one form of social engineering, in that it or deceiving people
manipulates you into providing your personal data. into providing
confidential or
Have you ever seen one of those quizzes on social media that ask you to provide lots of
personal data.
fun details about you, like your favourite colour, the name of your pet and your favourite
food? These quizzes are often created by perpetrators trying to find out key information
about you. Many people base their passwords around this type of information, so a
perpetrator can gather lot of information like this about you every time you fill in one of
these quizzes on your social media. They can then use this data along with a brute-force
password program to try and get into your online accounts. Advice for the future, do
not fill out these quizzes! This is another form of social engineering, it manipulates and
deceives you into thinking you are filling out a fun quiz to learn more about your friends,
but you are actually providing key information that a perpetrator can use against you.
One way that you can limit a perpetrator’s access to your data on social media is to have
your privacy settings set to the highest level of privacy. This will normally mean that only
people that you are connected to will be allowed to see your data.
Social engineering can be used to target companies for their data too. A perpetrator
could make contact with the company and try and manipulate and deceive employees
into providing key information that can be used to hack the company systems. Here are
two examples of how this could be done:

Example 1
Large companies often have quite a large IT department that are often not too well
known by all the employees. It is a common occurrence that an employee may have an
IT issue with their computer in a morning. They will normally report this issue to the IT
department in their company and will be told
someone will contact them from the department,
shortly. Therefore, a perpetrator can try and
use this situation. They get hold of a list of all
the telephone numbers of the employees in the
company and begin to call them. They will say
that they are from the IT department in the
company and say that they are aware of the IT
issue that they have reported. Most employees
will probably just say they haven’t reported an
issue, but if they happen to call an employee
that has, that employee will think it is the IT
department calling to sort their problem. The
perpetrator will then say that they just need the
employees login details to access their system
to see what is wrong with it. The employee may Figure 5.28: Employees of large companies can be contacted by
be tricked into providing their login details and perpetrators claiming to be from the IT department
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

now the perpetrator can get into the computer systems of the business and steal any data
that they think could be useful to them, or look to introduce malware.

ACTIVITY 5.7

Discuss with a partner what you think the employee could do to stop
themselves being the target of a social engineering scam like this one.

Example 2
Employees often go for dinner together or out for a relaxing coffee after work on a Friday.
A perpetrator finds out where employees do this for the company that they want to target.
The perpetrator places themselves close to where the employees will normally sit. They
will start a conversation with the employees and become friendly with them. They will
start to ask lots of questions about the company an employee works for. The employee
may mistake this as the person taking an interest in their life. Over a few what seem like
accidental meetings with the employee the perpetrator has asked lots of questions that has
allowed them to build up a profile about the company, such as information about where
they store their data and what kind of security systems they have. The perpetrator can use
this information to hack into the company systems and network.

KEY WORD

access level: the

amount of direct
access a user is
given to data and
resources. This could
Figure 5.29: Employees can be contacted by perpetrators pretending to be colleagues
be set to be only
certain sections of a
whole collection of
ACTIVITY 5.8
data and resources.
Discuss with a partner what you think the employee could do to stop
themselves being the target of a social engineering scam like this one.
REFLECTION

One way that companies can help protect against the threat of social engineering is to How did you come
use access level for their data. This is where employees are given different levels of to a decision about
access to the data in the company. What this normally means is that an employee will what the employees
only have access to the data that they directly use on a daily basis. It also often means could have done in
that the only people that have access to more confidential data are the more senior Activities 5.7 and 5.8?
employees in the company. Levels of access are linked to an employee username.
 5 The internet and its uses

The username will have data connected to it that will show the computer system which
KEY WORD
data the employee is allowed access to. This means that if an employee is targeted by a
social engineering scam and fooled by it, the data that the perpetrator can gain access username: a text­
to may be limited. A company can also train employees to recognise social engineering based identification
to make them more aware of when it might be happening to them. that is given to a user
In summary: that identifies the
level of access that
What happens? A perpetrator will try and manipulate and deceive you they have to stored
into providing them with personal or confidential data. data and resources.
What is the aim? To get data to commit criminal activity, such as stealing
your money, hacking into a computer network and
identity theft or fraud.
What security solutions Access level and awareness of how social engineering
can be used? is conducted.

SUMMARY

The internet is the infrastructure that is used to access the world wide web.
The world wide web is the collection of all the web pages that are available.
A URL is a text based address for a web page that contains the protocol, the domain name and the web page
name or file name.
The HTTP protocol is used to transmit data between a computer and a web server.
This data is not encrypted when sent using this protocol.
The HTTPS protocol is the encrypted version of the HTTP protocol. It uses the SSL protocol to encrypt the data.
The main purpose of a web browser is to render HTML to allow a user to view web pages. It also has other
functions such as recording a user’s history and storing bookmarks, favourites and cookies.
Cookies are used to save your personal data and track your online preferences. They can be session or
persistent based.
Web pages are located, retrieved and displayed using a web browser, a DNS and a web server.
A digital currency is a currency that only exists electronically. An example can be cryptocurrency
and this kind of digital currency is tracked using blockchaining. This is a type of digital ledger that
records all payments made using the currency.
There are several cyber security threats that exist such as brute-force attacks, data interception,
DDoS, hacking, malware, pharming, phishing and social engineering.
The aim of most of the cyber security threats is to steal your personal data to commit identity theft
and fraud, or as an act of revenge or activism.
There are a range of cyber security solutions that can be used to help keep your data safe from security
threats such as anti-malware software, firewalls, proxy servers, encryption, authentication (including biometric
passwords and two-step verification), privacy settings, automated software updates, access levels and visual
checks such as checking the URL that is connected to a link or download.
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

EXAM-STYLE QUESTIONS COMMAND WORDS

1 State the name given to the infrastructure that allows a user to access state: express in
the world wide web. [1] clear terms.
2 A URL is the name given to the text based address for a web page.
identify: name I
The web page name is one part that is used to create the URL.
select / recognise
a Identify the name for one other part of a URL. [1 ]
b State the name of the hardware that finds the corresponding
IP address for a URL. [1 ]
[Total: 2]
3 The given paragraph describes how a web page is located and
retrieved to be displayed on a user’s device. Complete the missing
words in the paragraph. [5]
The user types the URL into the address bar in the
This is sent to the where the corresponding
IP address is found. The IP address is sent to the web browser. The web
browser uses the IP address to send a request to the
where the web pages are stored using the
protocol. The web pages are sent to the web browser. The web browser
renders the to display the web page.
4 One function of a web browser is to store cookies.
a Identify two other functions of a web browser. [2]
b State the name of the type of cookie that is stored in a
computer until it is deleted by the user or by the web browser
when it expires. [1 ]
COMMAND WORDS
[Total: 3]
5 Give one benefit of using blockchain to track a digital currency. [1 ] give: produce an
6 A website company is worried about a distributed denial of service answer from a given
(DDoS) attack being carried out on their web server. source or recall I
memory.
a State the name of a security solution that can be used to help
prevent a DDoS attack taking place. [1 ] describe: state the
b Ina DDoS attack, a perpetrator creates a botnet. points of a topic /
Describe how the botnet is created by the perpetrator. [3] give characteristics
and main features.
[Total: 4]
7 Draw a diagram to show how data interception is carried out. [3]
 5 The internet and its uses

CONTINUED

8 Draw a line to connect the security solution to the correct description. [3]
Security solution Description
This is a protocol that encrypts data that is sent
across the internet.

This is software that can be used to scan a

computer for malicious files.

This can be hardware or software based and it

examines traffic incoming and outgoing from a COMMAND WORD
computer system or network.
explain: set out
purposes or
This is connected to a user's username and reasons / make
provides information about what data the user is the relationships
allowed to access on a system. between things
evident / provide
9 A student finds that a perpetrator has managed to hack into their social why and/or how and
media account. support with relevant
Explain two ways the perpetrator could have managed to do this. [4] evidence.

SELF-EVALUATION CHECKLIST

After studying this chapter, think about how confident you are with the different topics.
This will help you to see any gaps in your knowledge and help you to learn more effectively.
You might find it helpful to rate how confident you are for each of these statements when you are revising.
You should revisit any topics that you rated ‘Needs more work’ or ‘Getting there’.

See Needs Getting Confident

1 can...
topic more work there to move on
explain the difference between the internet and the
5.1
world wide web.
explain what is meant by a URL and what the different
5.2
parts of it are.
describe how data is sent using both the HTTP and
5.2
HTTPS protocols.
describe how web pages are located, retrieved and
5.2
displayed using a web browser, DNS and a web server.
explain the main purpose of a web browser and I can
5.2
identify other functions that they often have.
explain how cookies are used and what the difference is
5.3
between a session cookie and a persistent cookie.
y CAMBRIDGE IGCSE™ & O LEVEL COMPUTER SCIENCE: COURSEBOOK

CONTINUED
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■Mi 1■
1 can... See Needs Getting Confident
topic more work there to move on
explain what is meant by a digital currency. 5.4
explain how blockchaining is used to track certain
5.4
digital currencies.
describe how a brute-force attack is carried out, what
the aim of it is and what security solutions can be used 5.5
to help prevent it happening.
describe how data can be intercepted, what the aim of
5.5
it is and how to help prevent it happening.
describe how a DDoS is carried out, what the aim of
it is and what security solutions can be used to help 5.5
prevent it happening.
describe what is meant by hacking, what the aim of
it is and what security solutions can be used to help 5.5
prevent it happening.
describe what is meant by a virus, what the aim of it is
and what security solutions can be used to help prevent 5.5
it being downloaded.
describe what is meant by a worm, what the aim of it is
and what security solutions can be used to help prevent 5.5
it being downloaded.
describe what is meant by a trojan horse, what the aim
of it is and what security solutions can be used to help 5.5
prevent it being downloaded.
describe what is meant by spyware, what the aim of
it is and what security solutions can be used to help 5.5
prevent it being downloaded.
describe what is meant by adware, what the aim of it is
and what security solutions can be used to help prevent 5.5
it being effective.
describe what is meant by pharming, what the aim of
it is and what security solutions can be used to help 5.5
prevent it happening.
describe what is meant by phishing, what the aim of
it is and what security solutions can be used to help 5.5
prevent it happening.
describe what is meant by social engineering, what the
aim of it is and what security solutions can be used to 5.5
help prevent it happening.