Sei sulla pagina 1di 26

Online Certificate Course on

Cyber Law
PAPER 1: INTRODUCTION TO THE CYBER WORLD AND CYBER LAW PART A : CYBER WORLD - AN OVERVIEW

Prepared by

Mr. Kapil Soni


Asst. Manager (Engineering) OM Nanotech Pvt. Ltd. Delhi.

FOR

THE INDIAN LAW INSTITUTE


(Deemed University) Bhagwandas Road New Delhi - 110001

Table of contents
Cyber World: An Overview - Understanding the scope of computers in our daily life - Basic /Fundamental Principle of computer - The E Zone - Where did the computer come from? What is a Computer Network? Pre-Requisites of Internet Connection Basic Working of ISP Dialup Connection Provided by ISP Broad-band Connections What can we do with Internet Security of Information: Types of Threats Prevent yourself from the Threats Digital Signatures

3 3 3 3 4 4 13 16 17 18 20 21 23 24 25

Cyber World: An Overview


This paper provides an overview of cyber world with reference to The Internet and online resources Security of Information Digital Signature

Understanding the scope of computers in our daily life There is no doubt, that in todays world, computer are used everywhere, when we mean everywhere, it could be your local shopping center, computer center, be it your railway reservations, airlines reservation, micro-wave ovens, even your phones. Institutions like banks, not only ease the use of banks, but also give us flexibility to bank from virtually anywhere. With a swipe from your plastic money (Debit/Credit Cards), it fetches balance information from your banks account and there you go, you just purchased the commodity without even bothering, how many gadgets, complex security codes went through and did helped you to purchase. Basic /Fundamental Principle of computer When they (electronic gadgets) receive an input, they definitely give an output after some calculations, whether we realize or not. Eg: Our Caller Id Telephone in Fixed Line, not only tells the number but it is also able to tell the name of the person. It stores and recalls, whenever the bell rings, it knows what to be displayed on screen of your telephone. The E Zone There could be numerous such examples where our life has been attached with e. Be it mail that got converted to e-mail, your banking

became e-banking, commerce became e-commerce, and so on. This e- stands for Electronics. Now that makes better sense, Electronic mail called as E-Mail. Electronic Banking called as E-Banking etc. Similarly, when we speak of Cyber, it is a prefix, derived from cybernetics (a Greek word meaning "the art of steering"), used to describe the entire range of things made available through the use of a computer. Earlier
3

it was used in fiction stories, but now its commonly used. For example: cyber-phobia is an irrational fear of computers, cyberspace is the virtual (nonphysical) space created by computer systems. But when we talk about some terms like cyber-space in terms of our scope, we combine not only the humans, computers (hardware and/or software), but also to the extent that one (computer) is almost capable to do that. Mostly, this term is associated with science fiction, as simply as a

computer is not capable of thinking. Where did the computer come from? As we say, necessity is the mother of invention and un-fortunately, the computers are invention of Cold Wars. In beginning, they are humongous, very large in size, would cover a size of a football ground, and may be bigger. But as computers can be trusted more than humans if we give a repeated task, it definitely supersedes humans in certain area. As a matter of fact, they instate discipline in work. One has to follow certain guidelines to attain a job done from computers. Let us take a small example, when banking was done manually, Customers could have a personal touch on the banker, but since computers are in place, it would work at same speed even if its a new customer, or his relative. Im sure, flight bookings and their management couldnt have been better as we have the facility to book, tickets, get best fares. This facility is not only extended to our computers at home, but also extended to our mobile phones which is always in network. Moreover, the art of communication, which helps in transfer of information / data from any place to any place. Gone are the days when one had to make a school projects, business presentations, now-a-days, one can search projects, themes and then continue to add wings to ones concept. What is a Computer Network? Computer Network: To be able to communicate and share resources (knowledge or information, hardware equipments, software etc) between two or more computers. One just has to share the equipment/information, and it becomes available to others. Telephones were the one of the first electronic gadgets,
4

which helped humans to interact with each other. However, it could only send voices across. You can just dial the desired phone number and you can access anyone else who is connected to the same network and is available. There was one more invention Radio. But it could communicate only one-way. We may not put radio and television in category of Television. And Cyber Space one of the best and economic way to bridge gap between each other, it is irrespective of physical boundaries and distances. Have you ever imagined, that if a person in country A makes a call to another country B, the call has to go through various networks of telephone exchanges, however when you speak from here, the other person (if both use same language to communicate) is also able to hear and respond accordingly. This is irrespective of the path that it took. This happens because even if they use different machines / gadgets, they have to follow same set of rules, just like on road, one has to follow traffic rules to avoid chaos, and it does not depend on which vehicle you are driving. Similarly, in computer networking, there are a few standard sets of rules which both (or more than two) have to follow if they want to network with each other. These set of rules are also called as Protocol.

Protocol: A protocol is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints.

Few Protocol Examples: # 1. Name IP Short Description Internet Protocol Uses The Internet Protocol (IP) is a dataoriented protocol used for communicating data across a packet-switched internet work. User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one
5

2.

UDP

User Datagram Protocol

3.

TCP

4.

DHCP

5.

HTTP

6.

FTP

7.

Telnet

8.

SSH

another. UDP is sometimes called the Universal Datagram Protocol. Transmission The Transmission Control Protocol Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like file transfer and e-mail. It is sometimes referred to as "the TCP/IP protocol suite." Dynamic Host Dynamic Host Configuration Configuration Protocol (DHCP) is a protocol used Protocol by networked devices (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask, and IP addresses of DNS servers from a DHCP server. The DHCP server ensures that all IP addresses are unique. IP address pool management is done by the server and not by a network administrator. Hypertext Transfer HTTP is a request/response Protocol protocol between a client and a server. The client making an HTTP request - such as a web browser, spider, or other end-user tool. The responding server - which stores or creates resources such as HTML files and images - is called the origin server. File Transfer Protocol FTP or File Transfer Protocol is used to transfer data from one computer to another over the Internet, or through a network. Telnet Remote TELNET (TELecommunication Protocol NETwork) is a network protocol used on the Internet or local area network (LAN) connections. Secure Shell Remote Secure Shell or SSH is a network Protocol protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key
6

9.

POP3

Post Office Protocol3

10.

SMTP

Simple Mail Transfer Protocol

cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, In computing, local e-mail clients use the Post Office Protocol version 3 (POP3), an application-layer Internet standard protocol, to retrieve e-mail from a remote server over a TCP/IP connection. Eg: Outlook Express retrieves emails from Email Server with help of POP3 Protocol Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet.

There are different types of networks classified by scale/scope: 1. PAN (Personal Area Network): A personal area network (PAN) is a

computer network used for communication among computer devices close to one person. Some examples of devices that may be used in a PAN are: printers, fax machines, telephones, PDAs, or scanners. The reach of a PAN is typically within about 20-30 feet (approximately 4-6 Meters). PANs can be used for communication among the individual devices (intrapersonal communication). 2. LAN (Local Area Network): A network covering a small geographic area, like a home, office, or building. Current LANs are most likely to be based on Ethernet technology. For example, a library will have a LAN for users to connect to the internet. 3. CAN (Campus Area Network): A network that connects two or more LANs but that is limited to a specific and contiguous geographical area such as a college campus, industrial complex, or a military base. A CAN, may be considered a type of MAN (metropolitan area network), but is generally limited to an area that is smaller than a typical MAN. 4. MAN (Metropolitan Area Network): A Metropolitan Area Network is a network that connects two or more Local Area Networks or Campus Area Networks together but does not extend beyond the boundaries of the
7

immediate town, city, or metropolitan area. Multiple routers, switches & hubs are connected to create a MAN. 5. WAN (Wide Area Network): A WAN is a data communications network that covers a relatively broad geographic area (i.e. one city to another and one country to another country) and that often uses transmission facilities provided by common carriers, such as telephone companies. WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.

Different combinations of above types, broadly can be done as: 1. Intranet: It uses simple protocols (like Internet Protocol) and IP Based tools (like web browsers), which is controlled by a single administrative entity. Eg: A typical Office Network, where all users can share common resources like printer, but only limited users are allowed to access Internet. 2. Extranet: An Intranet which has a limited connections to other Network. Eg: A company may give some access to its intranet, but at the same time, this connection may not be considered as trusted from security point of view. 3. Internet: Internet is a worldwide, publicly accessible series of

interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP). It is a "network of networks" that consists of millions of smaller domestic, academic, business, and government networks, which together carry various information and services, such as electronic mail, online chat, file transfer, and the interlinked web pages and other resources of the World Wide Web.

Depending upon number of computers and kind of complexities involved, it is broadly divided in two kinds. There are two basic reference models: Internet Protocol Suite (IPS) OSI Model / 7-Layer OSI Model a. Internet Protocol Suite (IPS) The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined. Today's IP networking represents a synthesis of two developments that began to evolve in the 1960s and 1970s, namely LANs (Local Area Networks) and the Internet, which, together with the invention of the World Wide Web by Tim Berners-Lee in 1989, have revolutionized computing. The Internet Protocol suitelike many protocol suitescan be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers.
9

Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. HTTP TCP IP Ethernet RJ 45 / CAT5 b. Open System Interconnection (OSI) The Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model for short) is a layered, abstract description for communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative and is sometimes known as the OSI seven layer model. From top to bottom, the OSI Model consists of the Application, Presentation, Session, Transport, Network, Data Link, and Physical layers. A layer is a collection of related functions that provides services to the layer above it and receives service from the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. USER (Transmit) Layer 7 USER (Receive) Application Layer Application Transport Network Link Physical

Layer 6

Presentation Layer

Layer 5

Session Layer

Layer 4

Transport Layer

10

Layer 3

Network Layer

Layer 2

Data link Layer

Layer 1

Physical Layer

The 7 Layers of OSI Model

In short, when user wants to connect to a web-server (eg:


www.google.com),

he need an application (Internet Explorer / Godzilla

Browser etc), common protocol, and a physical link (or secured link) between two computers. Short definitions/functions are given in the table below: Layer Layer 7 Name Application Description This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer. This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer. This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.

Layer 6

Presentation

Layer 5

Session

11

Layer 4

Transport

Layer 3

Network

Layer 2

Data Link

Layer 1

Physical

This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sublayers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sublayer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking. This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

The above technology comprises a basic network where two or more computers interact.

12

The Internet: A complex representation of Internet. Inset: A magnified portion that shows a Network System of a small Organization.

Pre-Requisites of Internet Connection 1. You need to have a computer with Network Card or Telephonic modem depending upon type of connection that you plan to take from your ISP. Network Cards are usually built into your computer these days, however, you have to specifically ask for Telephone Modem from your Computer Hardware Vendor. 2. You also need a Internet Service Provider, and means to connect to your Internet Service Provider (ISP). 3. You need a User Name (Provided by your ISP).

13

4. To avoid someone else use your Internet Plans User Name, you need to protect it with a password. 5. You need to have a modem: i. Telephonic Modem ii. DSL Modem iii. Cable Modem 6. You need an application where you can view a website or download information / data. This is called a Web-browser. Most popular webbrowsers: i.Internet Explorer: It is a tool, which is provided along with Microsoft Windows. You can click / double click on the icon for application and type the website address in the address bar. As it downloads the website information, it starts displaying the website information in Web-Page Information

ii. Mozilla Firefox:

Mozilla Firefox is a tool which also helps in

viewing Website information, however, it is created by a an organization which is global community and public benefit organization dedicated to improve Internet experience for people everywhere. It has its own unique interface. However the concept remains the same.
14

Once you fulfill the above criteria, you are ready to get connected to hundreds, thousands of computers and servers available worldwide. In cyber terms, we also call it as online. Online When our computer (or any other gadget) is connected to World Wide Web (WWW) and can view websites, download information/data, we say it as online. associated when we are connected to Internet. Usually term online is

Let us discuss the above pre-requisites. ISP: ISP or we also call it as Internet Service Provider or also called as IAP (Internet Access Provider). It is an organization, which provides the end-user (consumer or business access) an access to World Wide Web the Internet. Earlier ISPs were run and maintained by Telephone providers. There were mainly two reasons they could only provide the telephonic network which was required by any Service Provider, the other reason was that they were also able to control / monitor to a greater extent. However, now as cost of infrastructure has gone down considerably, there are more private venturous who came up with their own ISP. These days you would lot kind of ISP which are broadly categorized as: a) Dialup
15

b) Broadband i. DSL Broadband ii. Cable Broadband The major criteria for differentiating different type of Internet connections are speed.

These Service providers give you an Access System in which the ISP gives you a unique identity. This way, ISP is able to log and maintain your usage, and thus able to charge as per your plan/usage. It usually comprises of a unique User Name accompanied by a password, which prevents others to use your unique User Name. Some ISP even maintains your Network Cards Hardware Code apart from user name and password. In such cases, if you have that connection in your desktop computer, you cannot connect the same on your Laptop. You will have to request your ISP to given you another connection which enables you to connect to other computer (in this case a Laptop).

Basic Working of ISP To get Internet access, End user first has to establish a connection with ISP Server. This server then validates you as a user by first checking if your unique user name matches with the list that server has; and then the password. If both your user name and password matches, then it checks your account validity and if you have enough balance to use Internet Services (Browsing, downloading etc), you are given access. This enables you to make use of Internet Services.

ISPs mainly provide two kinds of accounts: a) Hourly Plan: In case of hourly plan, it does not matter on how much you download or surf. What matters is the number of hours. This kind of plan is more suitable, if you have regular task of download. b) Usage / Download & Upload Plan or also called as MB (Mega Bytes) Plan: In these plans, you purchase few Mega Bytes of Information download ie, you are not paying for hour usage, one pays for Bytes. It can be an information
16

download or a website content that gets downloaded. In case of usage / download plans, it does not matter how long you open the site, but even if you refresh (fetching same information again) same site several times, you would be paying for each refresh you do. One would prefer this plan if you are searching and you have to gather most of information by reading. c) Un-limited: These connections are expensive than the above two, but one has no limits on usage or downloads from Internet. In some cases, un-limited connections are limited with speed factors, eg: you can get an internet connection which would be un-limited but will not be able to exceed speed of 64kbps. Now lets us discuss something about dialup and broadband setups:

Dialup Connection Provided by ISP

To connect to a Dialup Internet connection, of course, ensure that your computer is on and ready. Your computer should have a dialup modem and necessary software for modem installed in your computer.

You will be given a phone number from your ISP. This phone number directly connects your computer to ISP Login Server. This is done with help of a special instrument Modem. It translates computer language (also

known as digital language) to Analog Language (the signal that travels through Telephone lines) and vice-versa. Once initiated, the server gives our
17

computer a fax tone. The server then prompts us to input User Name and password. After that the server knows that you are a valid user, it proceeds further and gives you access to Internet. However meanwhile you are

connected to Internet, you are at the same time being billed for phone talk time. In other words, making Internet connection gets charged in two ways: a) Talk Time (As Modem dials the ISP number and gets connected) b) ISP Charges. Apart from Telephone Talk time, we also have to pay for the Internet services, which is the other cost than the Talk Time.

Once we are done with our Internet, we can then logout / disconnect. The phone line now gets free for our normal usage.

Advantage: It requires lesser investment in terms of hardware. In earlier times, it was the cheap and best way to get connected.

Disadvantage: Firstly, we have to pay for both, telephone usage and Internet usage. Secondly, it is very slow. Thirdly, one can use it for either one

purpose phone or Internet purpose. Even if there is a minor disturbance in phone line, you may never get connected or sometimes it makes Internet connection very slow. If you are not able to get connected, the second time you try is basically a second call that you have made. In other words, each time when you get a Fax Tone, you have called up the server those many times, this is regardless if you were able to get connected to Internet or not. Broad-band Connections

Splitter

18

Broadband Internet or Broadband is almost similar in working as a dialup setup. However, in most of ISPs, you have an option to key-in the user name and password every time, in other words, just turn on computer and modem, and you are connected. No hustles of typing your user name

password as it is remembered by your DSL-modem (DSL Digital Subscriber Line). It is much faster A conventional dialup modem may give you speeds up to 54kbps (kilo bits per second), whereas minimum speed provided by broadband is 64kbps, and can go up to 2Mbps. These days the most common speeds are 128kbps and 256kbps. Small office / home office (SOHO) usually uses 512kbps, which is sufficient enough to share Internet connection for up to 10~15 computers. Moreover, we can use our phone line as well as Internet at the same time. They both use same connection (wires and cables), but with help of splitter and new modem design, both are treated separately. Both have

different accounting, thus your talk-time and Internet Usage can be charged as per usage. Advantages: Better speed, more stable connection. Easy to use as compared to telephonic modem ISP. Minimum speed is 64kbps which is faster than Dialup Modem ISP. One can use phone line and Internet on the same connection and same ISP. In-case of Cable Modem, one can have TV and Internet working on same setup. Disadvantage: The modem cost is slightly higher than a dialup modem. It also requires a separate power adaptor. As in some cases it is always on, one may un-intentionally download files (Eg: Updates etc that may not be necessary). These factors accounts for billing factors un-knowingly. There are several other ways as well: ISDN: Integrated Service Digital Network Rural Internet Satellite Internet Cellular Broadband

19

What can we do with Internet The basic purpose of Internet: 1. Information / Knowledge: a. Share Information / data and Access to infinite knowledge: Search Options eg: www.google.com, www.yahoo.com, www.amazon.com etc. b. Forums: These are special sites, which are dedicated for

discussions. You may put your query on these websites, and once some one has a solution, he/she would share that

experience/knowledge/solution with you. 2. Communication: a. Email: This has brought a revolution in the way we communicate. It has almost replaced our existing snail-mail system (the conventional Letter System). Most of the business, formal or informal

communications are being done through this Electronic Mail. b. Chats: Commonly used only for entertainment/relaxation, or

online live text communication. It requires a small tool that enables people to communicate with each other through written text. Difference between online chat and email is, that both person(s) communicate with each other at the same time. It is also important that both person are online and logged in at the same time so that they can communicate with each other at the same time. They also need to have same type of tool. installed on both computers. Eg: yahoo messenger should be

If one has yahoo and other one has

hotmail, they will not be able to chat amongst themselves. c. Video Conferencing: This is an extension of Chat session. Few of the tools support Live Video images to go across. For this both parties should have a Web-cam, else only one person would be able to view. 3. Entertainment: a. Book Travel Tickets: You may visit a travel page, and there you will be able to search best prices for your airfare. Railways also offer a website which enables us to book our tickets and get it delivered to our doorstep.
20

b. Play online-games: There are lot of multi-user games available. We definitely need a high-speed Internet connection for this as they required to be in touch all the time. 4. Business a. Advertise: Most of the free Email Providers usually bring in lot of advertisements. This is needed for them to keep running and

maintaining their servers. b. Online-Shopping: Now without going to stores, you can find the best and cheapest items. You can even compare there features. You can go to online shopping on various sites eg: www.ebay.in,
www.indiaplaza.com, www.rediff.com

etc.

c. Online-Banking: Now you can manage your account online as well. You dont need to go to bank for most of transactions. Infact, ATMs (Automatic Teller Machine) and Computer banking (or E-Banking) has almost made us forget Who is working in our bank branch. You can go to any bank and deposit or withdraw money, and the balance is reflected almost instantly. All these branch computers are actually linked to a central Banks Server Computer. Once they are updated, all that gets reflected in your respective accounts. d. Extend your office (or) Access your office computer (with help of special tools): With help of few tools, you can actually work on your office computer without actually being there. All you need is that your office computer and your computer (from where you wish to work) should have an Internet access and a computer. It also needs a special application that enables this possibility and keeps it secured enough.

Security of Information: Since times, it is always very important to secure information. There were several ways in which messages were secured. Some of the most

common examples was, When ever any message was sent through a messenger, it will be sealed by special material. This used to ensure that no one has read the message in between. To overcome this limitation, the

messages were encoded on a strip of cloth. It then was wrapped on a cylinder


21

with specified diameter.

A message was written on it, to make it more

complex, further text were also written so that it makes difficult to make out what was written on it. These two objects, the cylinder and piece of cloth were sent via different messengers. When it reached the destination, both had to be combined to read the correct message. See illustration:

As you can see in the illustration, it does not reveal message when cloth is spread. But when it will be wrapped again on same diameter

cylinder, one can read the required message. To make us understand easily, the word WORLD PEACE is in bold. Even today, a similar technology is used to save the original message. It is wrapped on a special sequence of characters where. This process of making a message secure is also called as encrypting. When this message is converted in normal form so that it is easily readable, then this process is called as de-encryption.

Threats to Information The biggest threat to Information stored in a computer is VIRUS. In Latin, it means toxic or poison. It is a computer program that can copy itself and infect a computer without permission or knowledge of user. As common viruses infect people through some media, air, touch, blood transmission etc;
22

similarly a Computer virus also spreads through exchange of information through Floppy, CD media, USB Pen Drives or Internet (Email, websites, downloads). They may make our computer slow, freeze it to perform only few operations, delete data files, or even leave our computer as Not Bootable. There is one more threat which is even more painful and time consuming. A Virus-Hoax. People in threat of a virus, usually format (Erase everything on a disk) and re-install (Eg: Operating System Re-install like Windows, Linux etc). This is a lengthy and time-consuming process. Just imagine a Network Administrator had to re-do the whole Server again. This being a major factor in down-time for the users who were trying to access the Servers. Despite of various options available, to prevent computer threats, still there are chances of your computer getting a virus. The best policy is Prevention is better than cure! Types of Threats There are several type of threats: a) Virus: Computer programs that travel through floppy, CDs, Pen Drives, Games (Usually Demo Versions), Internet. b) Spyware: It is a computer program that gets installed without

informing/knowledge of the user into a computer and takes partial control of the computer. They reside in the computer and monitor, collect personal information, Install additional software, redirecting to any website. Spywares usually gets into computer from websites or Junk Emails. c) Rootkit: It is a program (or a combination of programs) designed to take fundamental control of a computer system, without authorization of user. It may allow unauthorized users to act as system Administrator on your computer; and thus take full control of your computer system. d) Worm: It is a self-replicating computer program. It usually uses a

network to send copies of itself to other computers attached on the same network without informing the user. They may corrupt files or simply choke the bandwidth (Speed) of network.
23

e) Trojan Horses:

A computer program that appears to perform certain

action, but in fact performs some other actions, as a virus would do. Its usually hidden with another free-ware utility tool. Eg: You may download a free alarm software from a website. But it actually gets in your computer and destroys your computer files.

Prevent yourself from the Threats You can prevent but not avoid virus threats and problems. The best way is to Install a Good Antivirus Program with all features and keep it updated. -Why Updated? Let us understand by an example: You

purchased an Antivirus, Anti-Spyware Software on 1.Dec.2006 and installed it successfully. There are hundreds of Viruses Spywares, Trojans etc created new on Internet in every 24 hrs. Now, your Antivirus/Anti-spyware

Programs would not be aware of all the viruses, Spyware, Trojans that were created after 1st of Dec 2006. Then how are you protected? - In this situation you are only protected till you are not attacked by the latest. It is very important for anyone who uses his/her computer; to keep their Antivirus/Anti-Spyware Program updated all the time. From time to time, Software companies keep on releasing fixes. When any operating system / computer program is written, it comprises of several thousands of lines of code. There may be some un-thought possibility left while creating that computer software. Whenever these vulnerable

threats are realized, a new revised patch (small software code to fix known problem) is release from the software company. These are given different names eg: Windows NT Server came with Service Packs (SP1, SP2, SP3 etc). Windows 98 released Windows 98 SE (second edition). Windows XP released Windows XP SP2 (Service Pack 2). Antivirus release its new patches or updates almost daily so that their database of list of viruses and techniques to handle them is always ready to defend with latest threats. One should avoid using free or trial software: simply because they may not be able to avoid most of the threats and it is never provided with complete functionality. Eg: It may detect a virus in your computer, but may
24

not remove virus from your computer. It puts you in jeopardy whether you should purchase an ant virus right away or live with that virus. You may not prefer to purchase it online as if your computer is hacked (someone else monitoring your personal details or capturing your credit card numbers and password), you may be in a greater loss by typing your credit card details!!! One should also avoid use of two different ant viruses at the same time. An Anti virus resides in special place in memory, similar to a virus most of time. The second Antivirus may always give you false alarms of suspicious activity going one in the computer. If you are going to do online shopping/ banking, make sure that address in the address-bar starts with https://. This ensures that you are opening a Secured Website. You should also ensure that the site has right spellings and proper grammar. (Phishing). You should never respond to email where someone is asking your bank details and personal details, unless you are very sure upon it. Banking websites never ask your personal details unless you are logging into their website. Some are also able to fake sites

Digital Signatures The traditional ways used in our common lives are use of stamp and seals. These with witnesses increase genuineness of a document. So that others cannot access this document, it has to be kept in treasure. However, even then these documents are prone to several threats. Similarly, in

computers or cyber space, we can use digital signature to make our documents secure. A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically
25

time-stamped. The ability to ensure that the original signed message arrived; means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. Let us understand its working by an example: Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. You write the contract in your email. Using special software, you obtain a message hash (mathematical summary) of the contract. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.) At the other end, your lawyer receives the message. To make sure it's intact and from you, your lawyer makes a hash of the received message. Your lawyer then uses your public key to decrypt the message hash or summary. If the hashes match, the received message is valid.

26

Potrebbero piacerti anche