Chapter 9: Working with application software

Application Software
With the proper software, a computer is a valuable tool. Software
allows users to create letters, memos, reports, and other documents; develop
multimedia presentations; design Web pages and diagram; draw and alter
images; record and enhance audio and video clips; prepare and file taxes; play
single player or multimedia games; compose email messages and instant
messages; and much more. To accomplish these and many other tasks, user
work with application software
Application Software consists of programs designed to make users
more productive and/or assist them with personal tasks. Application software
has a variety of uses:
 To make business activities more efficient
 To assist with graphics and multimedia projects
 To support home, personal and educational tasks
 To facilitate communications

Kinds of Software
Commercial/Shareware VS Freeware
Shareware is copyrighted software that is distributed as no
cost for a trial period. To use a shareware program beyond that period, you
send payment to the program developer. Shareware developers trust users to
send payment if software use extend beyond the stated trial period. In some
cases, a scaled-down version of the software is distributed free, and payment
entitles the user to fully functional product.
Freeware is copyrighted software provided at no cost by an individual
or a company that retains all rights to the software. Thus programmers
typically cannot incorporate freeware in application they intend to sell. The
work free in freeware indicates software has no charge.
Proprietary VS Open Source
Proprietary Software are Computer programs that are exclusive
property of their developers or publishers, and cannot be copied or distributes
without complying with their licensing agreements. Almost all commercial
(shrink wrapped) software is proprietary, but many excellent new programs
(such as Apache web server, Linux operating system, and StarOffice office
suite) are non-proprietary (and free).

Open source software

 Open-source software (OSS) is software provided for use,
modification and redistribution. This software has no restrictions from the
copyright holder regarding modifications and its redistribution. Open source
software usually can be downloaded from the Internet, often at no cost.
Business Software
Business Software is a application software that assist people in
becoming more effective and efficient while performing their daily business

activities. Business software include programs such as word processing,

spreadsheet, database, presentation, note taking, personal information
manager, business software for phone, business software suites, project
management, accounting, document management, and enterprise computing
software.

 Word Processing Software is one of the more widely used types of

application software. Word processing software, sometimes called a
word processor, allows users to create and manipulate documents
containing mostly text and sometimes graphics. Most people use word
processing software every day to devepo documents such as letter,
memos, reports, mailing, labels, newsletters, and Web pages. A major
advantege of using word processing software is that users easily
change what they have written.
 Spreadsheet Software Spreadsheet software is another widely used
type of application software. Spreadsheet software allows users to
organize data in rows and columns and perform calculations on the
data. These rows and columns collectively are called a worksheet.
Before people used paper to organize data and perform calculations by
hand. In an electronic worksheet, you organize data in the same
manner, and the computer performs the calculations more quickly and
accurately. Because of spreadsheet software’s logical approach in
organizing data, many people use this software to organize and present
nonfinancial data, as well as financila data. Like word processing
software, most spreadsheet software has basic features to help users
create, edit, and format worksheets. Spreadsheet software also
incorporates many of the features found in word processing software
such as macros, checking spelling, changing fonts and font sizes,
adding colors, tracking changes, recognizing handwritten text and
drawings, and creating Web pages from existing spreadsheet
documents.

 Presentation software is application software that allows users to

create visual aids for presentations to communicate ideas, messages,
and other information to the group. The presentations can be viewed as
slides, sometimes called a slide show, that are displayed on a large
monitor or on a projection. Presentation software typically provides a
variety of predefined presentation formats that define conplementary
colors for backgrounds, text, and graphical accents on the slides. This
software also provides a variety of layouts for each individual slide
such as a title slide, a two-colum slide, and a slide with a clip art, a
picture, a chart, atable or a diagram.

 Graphical and multimedia Software

 In addition to business software,many people work with
software designed specifically for their field of work. Power users such
as engineers, architects, desktop publishers, and graphic artist often use
sophisticated software that allows them to work with graphics and
multimedia. This software includes computer aided design, desktop
publishing, paint/image editing, photo editing, video and audio editing,
multimedia authoring, and Web page authoring.
 Computer-Aided Design (CAD) software is a sophisticated type of
application software that assist a professional user in creating
engineering, architectural, and scientific designs. For example,
engineers create design plans for vechicles and security systems.
Architects design bulding structures and floor plans. Scientist design
drawing of molecular structures.

Cad software eliminates the laborious manual drafting that

design processes can require. Three-dimensional CAD
programs allow designers to rotate designs of 3-D objects to
view them from any angle. Some CAD software even
cangenerate material list for building designs

 Desktop publishing
(DTP) software enables professional designers to create sophisticated
documents that contain text, graphic, and many colors. Professional
DTP software is ideal for the production of high quality color
documents such as textbooks, corporate newsletters, marketing
literature, product catalogs, and annual reports. Although many word
processing programs have some of the capabilities of DTP software,
professional designers and graphic artist use DTP software because it
supports page layout.
 Paint/Image Editing Software grpahic artist, multimedia
professionals, technical illustrators, and desktop publishers use paint
software and image editing software to create and modify graphical
images such as those used in DTP documents and Web pages. Paint
software, also called illustration software, allows users to draw
pictures, shapes, and other graphical images with various on-screen
tools such as a pen, brush, eyedropper, and paint bucket.

 Image editing software provides the capabilities of paint software and

also includes the capabilitiy to enhance and modify existing images
and pictures. Modifications can include adjusting or enhancing image
colors, adding special effects such as shadows and glows, creating
animations, and image stiching, which is the process of combining
multiple images into a larger image.
 Photo editing software is a type of image editing software that allows
photographers, videographers, engineers, scientist, and other high-
volume digital photo users to edit and customize digital photos
professional photo editing software allows users to save images in a
wide variety of file formats. With professional photo editing software,
users can retouch photos, crop images, remove red-eye, change image
shapes, color-correct images, straighten images, remove or rearrange
objects in a photo, and apply filters.
 Video editing software allows professionals to modify a segment of a
video, called a clip. For example, users can reduce the length of a
video clip, reorder a series of clips, or add special effects such as
workds that move horizontally across the screen. Video editing
software typically includes audio editing capabilities. Audio editing
software lets users modify audio to video clips. Audio editing software
usually includes filters, which are designed to enhance audio quality.
For example, a filter might remove a distracting background noise
form the audio clip. Most television shows and movies are created or
enhance using video and audio editing software.

 Multimedia authoring
software allows users to
combine text, graphics,
audio, video and
animation in an interactive
application. With this
software, users control the
placement of text and
images and the duaration of sounds, video, and animation. Once
created, multimedia presentations often take the form of interactive
computer-based presentations of Web-based presentations designed to
facilitate learning, demonstrate product fuctionality and elicit direct-
user participation. Training centers, educational institutions, and online
magazine publishers all use multimedia authoring software to develop
interactive applications. These applications may be available on an
optical disc, over a local area network, or via the Internet.
 Web page authoring software helps users all skill levels create Web
pages that include graphical images, video, audio, animation, and other
special effects with interactive content. In addition, many Web page
authoring programs allow users to organize, mange, and maintain Web
sites. Application software, such as Word and Excel, often includes
Web page authoring features. This allows home and small business
users to create basic Web pages using application software they
already own. For more sophisticated Web pages, user work with Web
page authoring software. Many Web page developers
also use multimedia authoring software along with, or instead of, Web
page authoring software for Web page development.

 Communication software is used to provide remote access to systems

and exchange files and messages in text, audio and/or video formats
between different computers or users. This includes terminal
emulators, file transfer programs, chat and instant messaging
programs, as well as similar functionality integrated within MUDs.
The term is also applied to software aperationg a bulletin board system,
 but seldom to that operating a computer network or Stored Program
Control exchange.
 Internet Software
A web browser (commonly referred to as as browser) is a software
application for retrieving, presenting and travesing information resources on
the World Wide Web. An information resource is identified by a Uniform
Resource Identifier (URI/URL) and may be a web page, image, video, or other
piece of content. Hyperlinks present in resources enables users easily to
navigate their browsers to related resources.
Although, browsers are primarily intended to use the World Wide
Web, they can also be used to access information provided by web servers in private
networks or files in file system.
The major web browsers are Firefox, Internet Explorer, and Google Chrome

 Internet Explorer is
one of the most widely used
web browsers, attaining a peak
of about 95% usage share
during 2002 and 2003. Its usage
share has since declined with
the lauch of Firefox (2004) and
Google Chrome (2008), and
with the growing popularity of
operating systems with such as
OX S, Linux, iOS and Android
that do not run Internet
Explorer, Estimates for Internet
Explorer’s overall market share
range form 16.9% to 57.38%
(or even as lows as 13.09% when counting all platforms), as of February 2015
(browser market share is notoriuosly difficult to calculate). Microsoft spent
over US$100 million per year on Internet Explorer in the late 1900s, with over
1000 people working on it by 1999.
 Mozilla Firefox (known simply as Firefox) is a free and open-source web
browser developed for Windows, OS X, and Linux, with a mobile version for
Android, by the Mozzila Foundation and its subsidiary, the Mozzila
Corporation. Firefox uses the Gecko layout engine to render web pages, which
implements current and anticipated web standards.

As of February 2015, Firefox has between 12% and 20% of worldwide usage
as a “desktop” browser, making it, per different sources, the third most
popular web browser.
 Google Chrome is a freeware web browser developed by Google. It used the
Webkit layout engine until version 27 and, with the exception of its iOS
releases, from version 28 and beyond uses the WebKit fork Blink. It was first
released as a beta version for Microsoft Windows on September 2,2008 and as
a sstable public release on December 11, 2008

As of January 2015, StatCounter estimates that Google Chrome has a 51%

worldwide usage share of web browser as a desktop browser. It is also the
most popular browser on all the other platforms it supports, mobile, tablets
(expect for the iPad where the Safari browser is preinstalled, and because of
that popularity Safari is most popular on all tablets combined) or any
combinations of platforms, such as mobile plus tablets.

Google releases the majority of Chrome’s source code as an open-source

project Chromium. A notable component that is not open source is the built-in
Adobe Flash Player.

 Email Client Software

Outlook Express was an email and news client included with Internet
Explorer version 4.0 through 6.0 As such, it was also bundled with several
version of Microsoft Windows, from Windows 98 to Windows Server 2003,
and was available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac
OS 9. In Windows Vistra, Outlook Express was superseded by Windows Mail,
then again by Windows Live Mail as separate software. Microsoft Entourage
(up to the 2008 edition) and then Microsoft Outlook (in Office 2011), sold as
part of Microsoft Office for Macintosh, has replaced the Machintosh version.

Outlook Express is a different application form Microsoft Outlook. The two

programs do not share a common codebase, but do share a common
architectural philosophy. The similar names lead many people to conclude
incorrectly that Outlook Express is a stripped-down version of Microsoft
Outlook. Outlook Express uses the Windows Address Book to store contact
information and integrate tightly with it On Windows XP, it also integrates
with Windows Messenger.

Mozzila Thunderbird is a free, open source, cross-platform email, news, and

chat client developed by the Mozzila Foundation

The project strategy was modeled after Mozzila Firefox, a project aimed at
creating a web browser. On December 7,2004, version 1.0 was released, and
received more than 500,000 downloads in its first three days of release, and
1,000,000 in 10 days. On July 6, 2012, Mozzila announced the company was
dropping the priority of Thunderbird development because the continuous
effort to extend Thunderbird’s feature set was mostly fruitless. The new
development model is based on Mozzila offering only “Extended Support
 Releases”, which deliver security and maintenance updates, while allowing the
community to take over the development of new features. On November 25,
2014, Kent James of the volunteer-led Thunderbird Council announced that
more staff are required to be working full-time on Thunderbird so that,
through the Council, there can be stable and reliable product releases, and
progress made on features that have been frequently requested by the
community. They have also set up a roadmap for the next major release,
Thunderbird 38, due in May 2015.

 FTP Client Software

The File Transfer Protocol (FTP) is a standard network protocol used to
transfer computer files from one host to another host over a TCP-based
network, such as the Internet.

FTP is built on a client-server architecture and uses separate control and data
connections between the client and the server. FTP users may authenticate
themselves using a clear-text sign-in protocol, normally in the form of a
username and password, but can connect anonymously if the server is
configured to allow it. For secure transmission that protects the username and
password, and encrypts the content, FTP is often secured with SSL/TLS
(FTPS). SSH File Transfer Protocol (STFP) is sometimes also used instead,
but is technologically different.

The first FTP client applications were command-line applications developed

before operating systems had graphical user interfaces, and are still shipped
with most Windows, Unix and Linux operating systems. Many FTP clients
and automation utilities have since been developed for desktops, servers,
mobile devices, and hardware, and FT{ has been incorporated into
productivity applications, such as Web page editors

FileZilla is open source software distributed free of charge under the terms of
the GNU General Public License.

SmartFTP is a network file transfer program for Microsoft Windows that

supports file transfer via FTP, FTPS, SFTP, WebDAV, Amazon S3, Google
Drive and Microsoft OneDrive protocols. It supports SSL/TLS, IPv6 and FXP,
and features a backup tool, a transfer queue, proxy and firewall support,
multiple connections, chmod features and Drag-and-drop. The software uses
the Windows API for its interface. It is available for both IA-32 and x64
editions of Windows.

Instant messaging (IM)

Instant messaging (IM) is a real-time Internet communications

service that notifies you when one or more people are online and then allows
you to exchange messages or files or join a private chat room with them. Real
time means that you and the people with whom you are conversing are online
at the same time.

Popular Instant Messaging clients

o MSN Messener
o Yahoo Messenger
Chat Software
A chat is a real-time typed conversation that takes place on a
computer. A chat room is a location on an Internet server that permits users to
chat with each other. Anyone in the chat room can participate in the
conversation, which usually is specific to a particular topic
Popular Chat Software
o MIRC
o Chatzilla(FOSS)
o Pidgin/Trillian
o Digsby

Popular Video Conferencing software’s

o Skype
o Ekiga(FOSS)

LESSON 9 CASE SETUDY

Web applications are becoming increasingly popular, and some people prefer
the convenience of using a web application instead of application software
installed on their computer. For example, some prefer to use Google docs (a
web application) to Microsoft word. Your manager notices this trend , and
asks you whether it will benefit the company to use web applications instead
of application software. Compare application installed on your computer with
comparable web applications. Are any security risk associated with using the
application software?How do the features compare between a web application
 and the application software? Would you recommend using web application to
application software? Why?

Write the summary of your recommendations and present it to the class.

Chapter 10: Introduction to programming

What is a Computer Program

A computer program is as series of instructions that directs a

computer to perform tasks. A computer programmer, often called a developer,
creates and modifies computer programs. To create a program, programmers
sometimes write, or code, a program’s instructions using a programming language.
A programming language is a set of words, abbreviations, and
symbols that enables a programmer to communicate instructions to a computer. Other
time, programmers use a program development tool to create a program. A program
that provides user-friendly environtment for bulding programs often is called a
program development tool. Just as humans speak a variety of languages, programmers
use a variety of programming languages and tools to create programs. Each language
has its own rules for writing the instructions. Languages often are designed for
specific purposes, such as scientific applications, business solutions, or Web page
development, When solving a problem or building a solution, programmers often use
more than one language; that is, they integrate the languages.

Hardware/Sofware Interaction
The role of software is programming oced written to provide
instructions to the hardware so it can perform tasks. The way hardware and software
interact as computer processes data allows us to use the computer to complete many
tasks. A computer processes data by applying rules called algorithms. An algorithm is
a set of clearly defined, logical steps that solve a problem. A programmer will then
write the code in a formal programming language and then translate to machine
language that the computers understand.
Compilers and Interpretes
Computer understands programs only if it is coded in its machine language.
Because the computer can understand only machine language instructions, programs
that are written in a high-level language must be translated into machine language.
Once a program has been written in a high-level language, the programmer will use a
compiler or an interpreter to make the translation.
There are generally two types of programming languages: compiled
languages and interpreted languages. A compiler is need to translate a program
written in a compiled language into machine-understandable code (that is , bianry
code) beofre you can run the program on your machine. When the transaltion is done,
the binary code can be saved into an application file. You can keep running the
application file without the compiler unless the program (source code) is updated and
you have to recompile it. The binary code or application file is also called executable
code (or an excutable file)
On the other hand, a program written in an interpreted language can be run
immediatedly after you finish writing it – or for that matter, while you are writing it.
But such a program always needs an interpreter to translate the high-level instructions
into machine-understandable instructions (binary code) at runtime. You cannot run
the program on a machine unless the right interpreter is available.
However, there is nothing ingerent to a compiled language to prevent someone
from providing an interpreter for the language; likewise, people can and often do
write compilers for interpreted languages. In fact, it is not common to mix the two
flavors of languages, where a programmer compiles sourec code into a small binary
file, which is then executed by a run time interpreter. It is the job of the programmer
to write and tesh the program. There are four steps in this process: (1) writing and
editing the program, (2) compiling the program, (3) linking the program with the
required library modules, and (4) executing the program,
Five Generations of Programming Languages
First Generation: Machine Language
 Machine language, known as the first generation of programming languages,
is the only language the computer directly recognizes. Machine-language
instructions use a series of binary digist (1s and 0s) or a combination of
numbers and letter that represents binary digits. The binary digits correspond
to the on and off electrical states. As you might imagine, coding in machine
language is tedious and time-cosuming.

Second Generation: Assembly Language

 Assembly language, the second generation of programming languages, a
programmer writes instructions using symbolic instruction codes.

Symbolic instruction codes are meaningful abbreviations. With an assembly

language, a programmer write abbreviations such as A for addition, C for
compare, L for load, and M for multiply. Assembly languages also use
symbolic, addresses. A symbolic address is a meaningful name that identifies
a storage location. For example, a programmer can use the name RATE to
refer to the storage location that contains a pay rate. Despite these advantages,
assembly languages can be difficult to learn. In addition, programmers must
convert an assembly language program into machine language before the
computer can execute or run the program. That is, the computer can execute
the assembly source program. A source program is the program that
countains the language instructions, or code, to be converted to machine
language. To convert the assembly language source program into machine
 language, programmers use a program called an assembler. One assembly
language instruction. In some cases, however, the assembly language includes
marcos. An assembly language macro generates many achine language
instructions for a single assembly language instruction.
Macros save the programmer time during program development. Today,
assembly languages primarily are used to increase the performance of critical
tasks or to control hardware.

Third Generation: High Level Language

 Procedural Languages The disadvantages of machine and assembly (low-
level) languages let to the development of procedural languages in the late
1950s and 1960s, In a procedural language, the programmer writes
instructions that tell the computer what to accomplish and how to do it. With a
procedural language, often called a third-generation language (3GL), a
programmer uses a series of English-like words to write instructions. For
example, ADD stands for addition or PRINT means to print. Many 3GLs also
use arithmetic operators such as * for multiplication and 1 for addition. These
English-like words and arithmetic symbols simplify the program development
process for the programmer. As with as assembly language program. The 3GL
code (Instructions) is called the source program. Programmers must convert
this source program into machine language before the computer can execute
the program. This translation proess often is very complex, because one 3GL
source program instruction translates into many machine language
instructions. For 3GLs, programmers typically use either a compiler or an
interpreter to perform the translation.

Examples of Procedural Languages

 C programming language, developed in the early 1970s by Dennis Ritchie at

Bell Laboratories, originally was designed for writing system software. Today,
many programs are written in C Figure 13-6) This includes operating systems
and application software such as word processing and spreadsheet programs.
C is a powerful language that requires professional programming skills. Many
programmers use C for business and scientific problems. C runs on almost any
type of computer with any operating system, but it is most often with the
UNIX and Linus operating system.
 COBOL (Common Business-Oriented Language) evolved out o a joint
effort between the United States government, businesses and major
universities in the early 1960s (Figure 13-7). Naval officer Grace Hopper, a
pioneer in computer programming, was a prime developer of COBOL

COBOL is a programming language designed for business applications.

Although COBOL programs often are lengthy, their English-like statements
make the code easy to read, write, and maintain. COBOL especially is useful
for processing transactions, such as payroll and billing, on mainframe
computers. COBOL programs also run on other types of computers.
 Object-Oriented Programming Languages and Program Development
Tools

Computer programmers use an object-oriented programming (OOP_

language or object oriented program development tool to implement an
object-oriented design. An object is an item that can contain both data and the
procedures that read or manipulate that data. An object represents a real
person, place, event, or transaction.

A major benefit of OOP is the ability to reuse and modify existing objects. For
example, once a programmer creates an Employee object, it is available for
use by any other existing or future program. Thus, programmers repeatedly
reuse existing objects.

Programs developed using the object-oriented approach have several

advantages. The objects can reused in many systems, are designed for repeated
use, and become stable over time. In addition, programmers create
applications faster because they design programs using existing objects.

In addition to being able to work with objects, an OOP language is event

driven. An event is an action to which the program responds. Examples of
events include pressing a key on the key board, typing a value in a text box,
moving the mouse, clicking a button, or speaking an instruction. An event-
driven program checks for and responds to events. Some programming
languages are event driven but are not complete OOP languages, other
programing languages such as Java, C#, F#, C++, and the latest versions of
Visual Basic are complete object-oriented languages.

 Object-oriented programming languages and program development tools work

well in a RAD environment. RAD (rapid application development) is a
method of developing software, in which a programmer writes and
implements a program in segments instead of waiting until the entire program
is completed. Users begin working with sections of the program as they are
completed. An important concept in RAD is the use of prebuilt components.
For example, programmers do not have to write code for buttons and text
boxes on Windows forms because they already exist in the programming
language or tools provided with the language. Most object-oriented program
development tools are IDEs.
 An IDE (Integrated development environment) include tools for building
graphical user interface, an editor for entering program code, a computer
and/or interpreter, and a debugger. Some IDEs work with a single
programming language; others, such as Eclipse support multiple languages.
Eclipse is an open source, advance development environment that works with
a variety of programs including Java and C++
Types of Object-Oriented Programming Languages and Program
Development Tool
 The Microsoft.NET Framework or .NET is a set of technologies that
allows almost any type of program to run on the Internet or an internal
business network, as well as stand-alone computers and mobile devices.
Similarly, ASP.NET is a Web application framework that provides the
tools necessary for the creation of dynamic Web sites. Features of .NET
includes the CLR and classes. The CLR (Common Language Runtime) is
an environment that enables programmers to develop .NET programs
using a variety of language. A .NET – compatible language complies the
program source code into a Microsoft Intermediate Language (MSIL). The
CLR then converts the –MSIL into object code using a just in-time
compiler. The CLR supports classes so that .NET programmes can access
a variety of common functions in their programs, which saves
development time. Using .NET and/or ASP.NET, prgorammers easily can
develop Web applications, Web services, and Windows programs.
Examples of languages that support .NET include C++, C#, F#, Visual
Basic, Delphi and Powerbuilder.
 C++ - Developed in the 1980s by Bjarne Sroustrup at Bell Laboratories.
C++ (pronounced as See-plus-plus) is an object oriented programming
language that is an extension of the C programming language. C++ include
all the elements of the C language, plus it has additional features for
working with objects, classes , events and other object-oriented concepts.
Programmers commonly use C++ to delvelop database and Web
applications. Much application software, such as word processing and
spreadsheet programs, also is written in C++. A programmer does not need
C programming experience to be a successful C++ programmer
 C# = C# (pronounced See-sharp) is an object-oriented programming
language based on C++ what was developed primarily by Anders
Hejisberg. Microsoft chief architect and distiguised engineer. C# has been
accepted as a standard for Web applications and XML based Web services.
Web services describe standardized software that enables programmers to
create applications that communicate with other remote computers over
the Internet or on an internal business network.
Like Java, C# uses JIT compiler but its resulting code is MSIL, C#
applications can be built on existing C or C++ applications, saving
development time for companies migrating from C or C++

 F# - F# (pronounced EFF-sharp_ which is included with the latest version

of Visual Studio is a programming language that combines the benefits of
an object oriented language with the benefits of a functional language. A
functional language is a programming language whose natural
programming structure is useful in mathematical programs. Benefits of
programs written in F# include easy access to .NET libraries and
performance similar to that of C# programs.
 Visual Studio – Visual Studio is Microsoft’s suite of program
development tools that assist programmers in building programs for
Windows, Windows Mobile, or operating systems that support .NET
Visual Studio includes enhanced support for building security and
reliability into applications through its programming languages, RAD
tools, IDE, a specialized query language called LINQ (Language
Integrated Query) and other resources that reduced development time, For
example, Visual Studio includes code snippets, which are prewritten code
and templates associated with common programming tasks. Visual Studio
Tools for Office (VSTO) is a set of tools integrated in Visual Studio that
enables developers to create programs that work with Microsoft’s Office
suite, including Word, Excel, PowerPoint. Outlook, and Project. The next
Sections discuss the programming languages in the Visual Studio suite.
 Visual Basic is a programming language that allows programmers easily
to build complex task- oriented object-based programs. Visual Basic is
based on the BASIC programming language, which was developed by
Microsoft Corporation in the early 1900s. This language is easy to learn
and use. Thus, Visual Basic is ideal for beginning programmers.
 Visual C++ is a programming language based on C++. Not only is Visual
C++ a powerful object oriented programming language. It enables
programmers to write Windows, Windows Mobile, and .NET applications
to quickly and efficiently. Features that make Visual C++ so powerful
include reusable templates, direct access to machine level memory
locations, an optimizing compiler, and advance error reporting.
 Visual C# - Visual C# is a programming language that combines
programming elements of C++ with an easier, rapid devepment
environment. The purpose of Visual C# is to take the complexity out of
Visual C++ and still provide an object-orinted programming language.
Programmers familiar with the C/C++ programming language family often
migrate to the easier-to-use Visual C#

A visual programming language is a language that uses a visual or

graphical interface for creating source code. The graphical interface, called
a visual programming environment (VPE). Allows programmers to drag
and drop objects to develop programs Examples of visual programming
languages include ALICE, Midscript and Prograph.

 Delphi – Borland’s Delphi is a powerful program development tool that is

ideal for building large-scale enterprise and Web applications in a RAD
environment. Programmers use Delphi to develop programs quickly for
Windows, Linux, and .NET platform. Delphi also provides visual
modeling tools based on the UML. The UML (unified Modeling
Language) has been adopted as a standard notation for object modeling
and development, With Delphi, programmers easily link the UML designs
to the working solutions
 Fourth Generation: Very High Programming Languages
 A 4GL (fourth generation language) is a nonprocedural language that
enables users and programmers to access data in a database.
 With a nonprocedural language, the programmer writes English-like
instructions or interacts with a graphical environment to retrieve data from
files or a database. Nonprocedural languages typically are easier to use
than procedural languages. Many object-oriented program development
tools use 4GLs. One popular 4GLs is SQL, SQL is a query language that
allows users to manage, update, and retrieve data in relational DBMS
These powerful languages allow database administration to define a
database and its structure. They also enable users to maintain and
access the data in the database.
 Powerbuilder, developed by Sybase, is another powerful program
development RAD tool that is best suited for Web-applications. Programmers
also use Powerbuilder to develop small and medium-scale client/server
applications. Powerbuilder includes a consistent interface, wizards, and many
other features that enable programmers to develop applications. Quickly, In
term of complexity, Powerbuilder is comparable to Delphi.

Fifth Generation: Natural Language

Natural Language Generation (NLG) is the natural language

processing task of generating natural language from a machine representation
system such as a knowledge base or logical form, Psycholinguist prefer the
term language production when such formal representations are interpreted as
models for mental representations.

Planning a Computer Program

Program development consists of a series of steps programmers use

to build computer programs. The system development life cyclet guides
information technology (IT) professional through the development of an
information system. Likewise, the program development life cycle (PLDC)
guides computer programmers through the development of a program. The
program development life cycle consists of six steps.

1. Analyze Requirements
2. Design Solution
3. Validate Design
4. Implement Design
5. Test Solution
6. Document Solution
The steps in the program development life cycle form a loop. Program
development is an ongoing process within system development. Each
time someone identifies errors in or improvements to a program and
request program modifications. The Analyze Requirements step begins
again,When programmers correct errors or add enhancements to an
existing program, they are said to be maintaining the program.
Program maintenance is an ongoing activity that occurs after a
program has been delivered to users, or place into production.

Steps in Developing a Program

1. Analyze Requirements
The first step in program development is to analyze the
requirements of the problem the program(s) should solve, so that the
programmer can begin to develop an appropriate solution. In most
cases, the solution requires more than one program. The Analyze
Requirements steps consists of three major tasks (1) review the
requirements (2) meet with the system analyst and users, and (3)
identify input, processing output, and data components. First, the
programmer reviews the requirements. The requirements may be in the
form of deliverables such as charts, diagrams, and reports, For
example, screen and report layout charts illustrate input and output
requirements. Structured English, decision tables, and decision tress
convey processing requirements. The data dictionary identifies the data
requirements. By thoroughly reviewing these deliverables, the
programmer understands the nature of the requirements.
2. Design Solution
The next step is to design the solution that will meet the
users’ requirements. Designing the solution involves devising a
solution algorithm to satisfy the requirements. A solution algorithm,
also called a program logic, is a graphical or written description of the
step-by-step procedures to solve the problem. Determining the logic
for a program often is a programmer’s most challenging task. It
requires that the programmer understands programming concepts,
often database concepts, as well as use creativity in problem sovling.
Structured Design
In structured design, sometimes called top-down design, the
programmer typically begins with a general design and moves toward a
more detailed design. This approach breaks down the original set of
requirements into smaller, more manageable sections.
The first step in top-down design is to identify the major function of a
program, sometimes called the main routine or main module, Next ,
the programmer decomposes (breaks down) the main routine into
smaller sections, called subroutines or modules.. Then, the programmer
analyzes each subroutine to determine if it can be decomposed further.
Programmers use a hierarchy chart, also called a structure chart, to
show programs modules graphically, a hierarchy chart contains
rectangles and lines. The rectangles are the modules. The main module
is at the top of the chart. All other modules are placed below the main
modules. Modules connect by lines to indicate their relationships.
Programs developed using structured design benefit from their
simplicity, reliability, readability, reusability and maintainability.
Structured design, however, does not provide a want to package the
data and the program (or procedure) together. Each program has to
define how it will use the data. This can result in redundant
programming code that must change every time the structure of the
data changes. To eliminate this program, some IT professional use the
object-oriented approach for program development.
Design Tools
To help document a solution algorithm, programmers use
design tools. Two structured design tools are program flowcharts and
pseudo code. A design tool for object-oriented designs is the UML.
 A program flowchart or simply flowchart, graphically shows
the logic in a solution algorithm The American National
Standards Institute (ANSI) published a set of standards for
program flowcharts in the early 1960s. These standards, still
used today, specify symbols for various operations in a
program’s logic
 Programmers connect most symbols on a program flowchart
with solid lines. These lines show the direction of the programs
Dotted lines on a flowchart connect comment symbols

A comment symbol, also called a annotation symbol, explains

or clarifies logic in the solution algorithm

Today, programmers use the commercial flowcharting software

to develop flowcharts. This software makes it easy to modify
and update flowcharts. Two popular flowcharting programs are
SmartDraw and Visio

 Pseudocode uses a condensed form of English to convey

program logic. Some programmers prefer to explain the logic
of a solution algorithm with words (pseudocode), instead of a
graphical flowcharting technique
 Heuristics set of steps that usually solves a problem; solution
may be nonoptimal. Good heuristics provide non-optimal but
acceptable solution for difficult problems, Used when optimal
algorithms are complex/non-existent
3. Validate Design
 Once programmers develop the solution algorithm, they
should validate, or chech the program design for accuracy. During this
step, the programmer checks the logic for accuracy and attempts to
uncover logic errors. A logic errors is a flaw in the design that causes
inaccurate results.
4. Implement Design
Implementation of the design includes using a program
development tool that assists the programmer by generating or
providing some or all code, or includes writing the code that translates
the design into a computer program and, if necessary, creating the user
interface – Coding a program involves translating the solution
algorithm into a programming language and then typing the
programming language code into the computer

5. Test Solution
Once a programmer codes and enter the program, the next step
is to test it. Through testing is very important,After programmers place
the program into production, many users rely on the program and its
output to support their daily activities and decisions. The goal of
program testing is to ensure the program runs correctly and is error
free. Errors uncovered during this steps usually are one of two types
(1) syntax errors or (2) logic errors. A syntax error occurs when the
code violates the syntax, or grammar, of the programming language

6. Document Solution
In documenting the solution, the programmer performs two
activities: (1) review the program code and (2) review all the documentation.
First programmers review the program for any dead code and remove it. Dead
code is any program instructions that a program never executes. When
programmers write a program, they often write a section of code at a time. The
programmers should run the program one final time to verify it still works.
After reviewing the program code, the programmer gives the program and all
of its documentation to the system analyst. The documentation includes all
charts, solution algorithms, test data, and program code listings that contain
global and internal comments. The programmer should be sure all
documentation is complete and accurate. This becomes especially valuable if
the program requires changes in the future. Proper documentation greatly
reduces the amount of time a new programmer spends learning about existing
programs.
Introduction to Web Programming
 Web programming refers to the writing, markup and coding involved
in Web development, which includes Web content, Web client and server scripting
and network security. The most common languages used for Web programming are
XML, HTML, JavaScript, Perl 5 and PHP. Web programming is different from just
programming, which requires interdisciplinary knowledge on the application are,
client and server scripting and database technology.
Web programming can be briefly categorized into client and server coding.
The client side needs programming related to accessing data from users and providing
information. It also needs to ensure there are enough plug-ins to enrich user
experience in a graphic user interface including security measures.
1. To improve user experience and related functionalities on the client
side, JavaScript is usually used. It is an excellent client side platform
for designing and implementing Web applications.
2. HTML5 and CSS3 supports most of the client side functionality
provided by other application frameworks,
The server side needs programming mostly related to data retrieval,
security and performance. Some of the tools used here include ASP,
Lotus Notes, PHP , Java , and MySQL.

Web Programming Tools

 PHP started out as a small open source project that evolved as
more and more people found out how useful it was. Ramus
Ledorf unleashed the first version of PHP way back in 1994.

 PHP is a recursive acronym for PHP: Hypertext Preprocessor

 PHP is a server side scripting language that is embedded in HTML. It is used
to manage dynamic content, databases session tracking even build entire e-
commerce sites.
 It is integrated with a number of popular databases, including MySQL,
PostgraSQL, Oracle, Sybacse, Informix and Microsoft SQL server
 PHP is pleasingly zippy in its execution especially when complied as an
Apache module on the Unix side. The my SQL server, once started, executes
even very complex queries with huge results sets in record-setting time.
 PHP supports a large number a major protocols such as POP3, IMAP, and
LDAP. PHP4 added support for Java and distributes object architectures
(COM and CORBA), making n-tier development a possibility for the first
time.
 PHP is forgiving: PHP language tries to be as forgiving as possible
 PHP Syntax is C-like.
 MySQL is the most popular Open Source Relation SQL
database management system. MySQL is one of the best
RDBMS being used for developing web-based software
applications. MySQL is a fast, easy-to-use RDBMS being used
for many small and big businesses. MySQL is developed,
marketed and supported by MySQL AB, which is a Swidish
company.

My SQL is becoming so popular because of many good

reasons:
 MySQL is released under an open-source license. So
you have nothing to pay to use it.
 MySQL is a very powerful program in its own right. It
handles a large subset of the functionality of the most
expensive and powerful database packages.
 MySQL uses a standard form of the well-known SQL
data language
 MySQL works on many operating systems and with
many language including PHP, PERL,C++,JAVA,etc..
 MySQL works very quickly and works well even with
large data sets.
 MySQL is very friendly to PHP, the most appreciated
language for web development
 MySQL supports large databases, up to 50 million rows
or more in a table. The default file size limit for a table
is 4GB, but you can increase this (if your operating
system can handle it) to a theoretical limit of 8 million
terabytes (TB)
 MySQL is customizable. The open-source GPL license
allows programmers to modify the MySQL software to
fit their own specific environments.

 JavaScript is a scripting language that’s run locally on the

user’s browser, allowing webpages to respond to user
interactions such as clicking on elements and timing events.

 Perl is a general-purpose programming language originally

developed for text manipulation and now used for a wide range
of tasks including system administration, web development,
network programming, GUI development, and more.

Features of Perl

 Perl is a stable, cross platform programming language

  Through Perl is not officially an acronym but few
people used it as Practical Extraction and Report
Language

LESSON 11 :
INTRODUCTION TO DATABASES AND DATA-MINING

Introduction to Databases

“The history of database system research is one of exceptional

productivity and startling economic impact. Barely 20 years old as a basic
science research field, has database research fueled an information services
industry estimated at $10 billion per year in the U.S. alone. Achievements in
database research underpin fundamental advances in communications
systems, transportation and logistics, financial management, knowledge-
based systems, accessibility to scientific literature, and a host of other
civilian and defense applications. They also serve as the foundation for
considerable progress in the basic science fields ranging from computing to
biology.”

(Silberschatz et al., 1990,1996)

The quotation is from a workshop on database system at the beginning of the

1990s and expanded upon in a subsequent workshop in 1996, and it provides
substantial motivation for the study of the subject of this book: the database system.
Since these workshops, the importance of the database system has, if anything
increased with the significant developments in hardware capability, hardware
capacity, and communications, including the emergence of the Internet, electronic,
commerce, business intelligence, mobile communications, and grid computing. The
database system is arguably the most important development in the field of software
engineering, and the database is now the underlying framework of the information
system, fundamentally changing the way that many organizations operate. Database
technology has been the catalyst for many important developments in software
engineering. The workshop emphasized that the developments in database systems
were not over, as some people thought. In fact, to paraphrase an old saying, it may be
that we are only at the end of the beginning of the development. The application that
will have to be handled in the future are so much more complex that we will have to
rethink many of the algorithms currently being used.
 What is Database?

A database is an organized collection of logically related data. By organized we

mean that the data are structures so as to be easily stored, manipulated, and retrieved
by the users. By related, it means that the data describe a domain of interest to a group
of users and that the users can use the data to answer question concerning the domain.
A database may be of any size and complexity. For example, a salesperson may
maintain a small database of customer contacts on her laptop that consists of a few
megabytes of data. A large corporation may build a very large database consisting of
several terabytes (trillion bytes) of data.
Where are Database used?

Databases are used to store, manipulate, and receive data in nearly every type
of organization including personal or home use, business and offices, education,
government and world wide web. Database technology is routinely used by
individuals on personal computers, by workgroups accessing databases on
network servers, and by all employees using enterprise-wide distributed
applications.
 Databases Types

Flat Files versus Relational Databases

A flat file database is a database that stores data in a plain text file usually
designed around a single table. The flat file design puts all database information on
one table, or list, with fields to represent all parameters. Table in a flat file do not have
interconnection. The example of this type is a student records in an excel file.
 The ECE Instructor’s table

The column in the ICT instructor’s table pertains to the attribute or field in
the database concepts. The row in the ECE instructor’s table to the record or tuple.

Notice that in the previous tables the column Student Reg.No. is shared in all tables.
 ranch Table

ONE FLAT FILE DATABASE

Using the ONE FLAT FILE DATABASE, it would be
very difficult to use if we want to find out who is the best student.

Problem: Searching a text file will not be efficient to large sizes of text file.

Reason: One has to search sequentially through the entire file to gather desired
info.

A relational database is a type of database that organizes data into tables, and
links them, based on defined relationships. These relationship enable you to retrieve
and combine data from one or more tables with a single query.
 Using the relational database above it is now easy to find the best student as shown in the
new generated table below.

Student Reg. No. ICT marks ECA marks Total Marks

001 84 72 156
002 80 83 163
004 67 87 154

Database Management System (DBMS)

What is DBMS?

Database Management Systems (DBMS) is software that allows you to create access
and manage database. A typical DBMS is able to perform data housekeeping, data sorting,
data searching, and report generation.

A DBMS ensures the following characteristics:

Data Integrity- maintains the corrections ad consistency of the data.

a. Domain Integrity- allowable values for an attribute or field.

Example: A credit card number consists of 12 digits. An update attempting to assign a
value with more of fewer digits or one including a non-numeral should be rejected.

b. Entity Integrity- no primary key attribute may be null. All primary key fields MUST have
data.

c. Referential Integrity requires that an item referenced by the data for some other item must
itself exist in the database. Example: If an airline reservation is requested to a particular flight,
then the corresponding flight number must actually exist.
Data Accessibility and Responsiveness- end users withouth programming experience can
often retrieve and display data, even when it crosses traditional departmental boundaries.
* Data Warehousing Concepts
The original concept of a data warehouse was devised by IBM as the "information
warehouse and presented as a solution for accessing data held in non-relational systems. The
information warehouse was proposed to allow organizations to use their data archives to help
them gain a business advantage. However, due to the sheer complexity and performance
problems associated with the implementation of such solutions, the early attempts at creating an
information warehouse were mostly rejected. Since then, the concept of data warehousing has
been raised several times but it is only in recent years that the potential of data warehousing is
now seen as a valuable and viable solution. The latest and most successful advocate for data
warehousing is Bill Inmon, who has earned the title of " father of data warehousing" due to his
active promotion of the concept.
Data warehousing (Inmon) is a subject-oriented, integrated, time-variant, and non- volatile
collection of data in support of management's decision-making process.
In this definition by Inmon (1993), the data is:
•Subject-oriented as the warehouse is organized around the major subjects of the enterprise
(such as customer, products, and sales) rather than the major application areas (such as customer
invoicing, stock control, and produxt sales).

Data Security ensures proper access control to the data residing in the database.
•Integrated because of the coming together of source data form different enterprise-wide
applications systems. The integrated data source must be made consistent to present a unified
view of the data to the users
•Time-variant because data in the warehouse is only accurate and valid at some point in time
or over some time interval. The time-variance of the data warehouse is also shown in the
extended time that the data is held, the implicit or explicit: association of time with all data, and
the fact that the data represents a series of snapshots.
•Non-volatile as the data is not updated in real time but is refreshed from operational
systems on a regular basis. New data is always added as a supplement to the database, rather than
a replacement. The database continually absorbs this new data, incrementally integrating it with
the previous data.
Take note that the ultimate goal of the data warehousing is to integrate enterprise-wide
corporate data into a single repository from which users can easily run queries, produce reports
and perform analysis. In summary, a data warehouse is data management and data analysis
technology.
*Data Mining
Data mining is the process of (automatically) extracting useful information from data. The
following examples of data mining applications.
Retail/Marketing
•Identifying buying patterns of customers.
•Finding associations among customer demograohic characteristics.
•Predicting response to mailing campaigns
•Market basket analysis

Banking
•Detecting patterns of fraudulent credit card use.
•Identifying loyal customers.
•Predicting customers like to change their credit card affiliation
• Determining credit card spending by customers group.

Insurance
• Claims analysis
•Predicting which customers will buy new policies.
Medicine
• Characterizing patient behavior to predct surgery visits.
• Identifying succeeding medical therapies for different illnesses

LESSON 12
INFORMATION AND COMMUNICATION SECURITY

Information Security refers to the process and methodologies which are designed and
implemented to protect print, electronic, or any other form of confidential , private and
 sensitive information or data from unauthrized access, use misuse, disclosure ,
destruction, modification or disruption.

Basic Terminologies
Terms commonly associated in Information and communication security.
Threat- is the expressed potential for the occurrence of a harmful event such as an
attack.
Attack- action taken against a target with the intention of doing harm.
Vulnerability- wekness that makes targets susceptible to an attack.
Hacker-general term that has historically been used to describe a computer programming
expert. More recently, this term is commonly used in a negative way to describe an individual
who attempts to gain unauthorized access to network resources with malicious intent.
Cracker- term that is generally regarded as the more accurate word that is used to
describe an individual who attempts to gain unauthorized access to network resources with
malicious intent.
Phreaker- an individua who manipulates the phone network to cause it to perform a
function that is normally not allowed. A common goal of phreaking is breaking into the phone
network, usually through a payphone, to make free long-distance calls.
Spammer- an individual who sends large number of unsolicited email messages.
Phisher- IT, INTERNET, BANKING a person who attempts to trick people into giving
information over the internet or by email so that they can take money out of their bank
account: Phishers use forged emails and web pages to steal your identity and commit fraud.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames,
passwords and credit card details, often for malicious reasons, by disguising as a trustworthy
entity in an electronic communication.

White hat- A white hat hacker is an individual who uses hacking skills to identify
security vulnerabilities in hardware, software or networks. However, unlike black hat hackers,
white hat hackers respect the rule of law as it applies to hacking.
White hat hackers, also called ethical hackers, only seek vulnerabilities or exploits when
they are legally permitted to do so. White hats may do their research on open source software, as
well as on software or systems that they own or that they have been authorized to investigate,
including products and services that operate bug bounty programs.

Famous white hat hackers

There are a number of well-known white hat hackers in the industry.

Marc Maiffret is known for exposing vulnerabilities in Microsoft products, such as the Code Red
worm, starting when he was a teenager. He later went on to co-found a software security
company and eventually become the chief technology officer of the security company
BeyondTrust.

Kevin Mitnick is another well-known white hat hacker. Formerly known as the most wanted
cybercriminal in America, Mitnick was arrested in 1995 and served five years in jail for his
hacking. After that brush with the law, Mitnick became a white hat hacker and now runs a
security consulting firm.

Tsutomu Shimomura is the white hat hacker responsible for finally catching Mitnick. A
computer scientist and physicist, Shimomura has worked for the NSA, and he assisted the FBI in
the highly publicized takedown of Mitnick.

Robert "RSnake" Hansen is also a well-known white hat hacker who co-coined the
term clickjacking. He is now the CISO at OutsideIntel.

In the same vein, Dan Kaminsky became famous when he discovered a critical DNS design flaw,
and he went on to become the chief scientist of the security firm White Ops.

Other big names in white hat hacking include Jeff Moss, who founded the Black Hat and
DEFCON security conferences; Dr. Charlie Miller, who hacked for the NSA for five years; and
Apple co-founder Steve Wozniak.

Black hat- A black hat hacker (or black-hat hacker) is a hacker who "violates computer
security for little reason beyond maliciousness or for personal gain"
 MALWARE- or malicious software, is any program or file that is harmful to a computer
user. Malware includes computer viruses, worms, Trojan horses and spyware.
The following is a list of common types of malware, but it's hardly exhaustive:
Worms- Worms infect entire networks of devices, either local or across the internet, by
using network interfaces. It uses each consecutive infected machine to infect more.
Keyloggers- sometimes called a keystroke logger or system monitor, is a type of
surveillance technology used to monitor and record each keystroke typed on a specific
computer's keyboard.
Video frame grabbers- A frame grabber is a hardware device used to convert
a video frame to a single, still bitmapped image. Frame grabbers were initially standalone cards
that attached to a computer port, but now they are available as part of video capture boards or
display adapters in most computers.
Rootkits- is a collection of computer software, typically malicious, designed to enable access to
a computer or areas of its software that is not otherwise allowed (for example, to an unauthorized
user) and often masks its existence or the existence of other software.[1] The term rootkit is
a concatenation of "root" (the traditional name of the privileged account on Unix-like operating
systems) and the word "kit" (which refers to the software components that implement the tool).
The term "rootkit" has negative connotations through its association with malware.[1]
Rootkit installation can be automated, or an attacker can install it after having obtained root or
Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting
a known vulnerability (such as privilege escalation) or a password(obtained by cracking or social
engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as
well as to maintain privileged access. The key is the root or administrator access. Full control
over a system means that existing software can be modified, including software that might
otherwise be used to detect or circumvent it.

Trojan horses- This kind of malware disguises itself as legitimate software, or is

included in legitimate software that has been tampered with. It tends to act discretely
Spyware: No surprise here: spyware is malware designed to spy on you. It hides in the
background and takes notes on what you do online, including your passwords, credit card
numbers, surfing habits and more.

What is Spoofing attack

A spoofing attack is when an attacker or malicious program successfully acts on another person’s
(or program’s) behalf by impersonating data.
Takes place when the attacker pretends to be someone else (or another computer, device, etc.) on
a network in order to trick other computers, devices or people into performing legitimate actions
or giving up sensitive data. Some common types of spoofing attacks include ARP spoofing, DNS
spoofing and IP address spoofing. These types of spoofing attacks are typically used to attack
networks, spread malware and to access confidential information and data.

TYPES OF SPOOFING ATTACKS

1.IP address spoofing attack

The most commonly-used spoofing attack is the IP spoofing attack. This type of spoofing attack
is successful when a malicious attacker copies a legitimate IP address in order to send out IP
packets using a trusted IP address. Replicating the IP address forces systems to believe the
source is trustworthy, opening any victims up to different types of attacks using the ‘trusted’ IP
packets.

The most popular type of IP spoofing attack is a Denial of Service attack, or DoS, which
overwhelm and shut down the targeted servers. One outcome attackers can achieve using IP
spoofing attacks is the ability to perform DoS attacks, using multiple compromised computers to
send out spoofed IP packets of data to a specific server. If too many data packets reach the
server, the server will be unable to handle all of the requests, causing the server to overload. If
trust relationships are being used on a server, IP spoofing can be used to bypass authentication
methods that depend on IP address verification.
2.ARP Spofing attacks

The Address Resolution Protocol (ARP) is a protocol used to translate IP addresses

into Media Access Control (MAC) addresses in order to be properly transmitted. In
short, the protocol maps an IP address to a physical machine address.

This type of spoofing attack occurs when a malicious attacker links the hacker’s
MAC address with the IP address of a company’s network. This allows the attacker to
intercept data intended for the company computer. ARP spoofing attacks can lead to
data theft and deletion, compromised accounts and other malicious consequences.
ARP can also be used for DoS, hijacking and other types of attacks

3.DNS server spoofing attack

The Domain Name System (DNS) is responsible for associating domain names to the
correct IP addresses. When a user types in a domain name, the DNS system
corresponds that name to an IP address, allowing the visitor to connect to the correct
server. For a DNS spoofing attack to be successful, a malicious attacker reroutes the
DNS translation so that it points to a different server which is typically infected with
malware and can be used to help spread viruses and worms. The DNS server spoofing
attack is also sometimes referred to as DNS cache poisoning, due to the lasting effect
when a server caches the malicious DNS responses and serving them up each time the
same request is sent to that server.

SPOOFING ATTACK PREVENTION AND MITIGATION

There are many tools and practices that organizations employ to reduce the threat of
spoofing attacks. Commons measures that organizations can take for spoofing attack prevention
include.
Packet filtering- is a firewall technique used to control network access by monitoring
outgoing and incoming packets and allowing them to pass or halt based on the source and
destination Internet Protocol (IP) addresses, protocols and ports.

 Packet filtering should be implemented so that all packets are filtered and scanned for
inconsistencies. As a result, packets with inconsistencies are blocked, which can
effectively prevent spoofing attacks from being successful.

 Avoid trust relationships- Avoid all types of trust relationships, as trust relationships only
use IP address verification, opening users up to easy spoofing attacks.
  Use spoofing detection software- Use spoofing-detection programs, which inspect and
certify data before transmitting it to avoid attacks, especially ARP spoofing attacks.

 Use cryptographic network protocols- Using secure encryption protocols such as Secure
Shell (SSHs), Transport Layer Security (TLS), and HTTP Secure (HTTPS) help avoid
many types of spoofing attacks, as the protocols encrypt the data, therefore making
verification and must be verified in order to be spoofed.

NETWORK-BASED ATTACK
Are threats that are launched and controlled from a device or devices other than those under
attack. Denial of service attacks and distributed denial of service attacks are examples of network
based attacks.
Types of network-based attacks
DENIAL OF SERVICE ATTACK

The idea of DOS attack is to reduce the quality of service offered by server, or to crash server
with heavy work load. DoS (Denial of Service) attack does not involve breaking into the target
server. This is normally achieved by either overloading the target network or target server, or
by sending network packets that that may cause extreme confusion at target network or target
server.

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent

legitimate users of a service from using that service. Some of the examples are

• Attempts to "flood" a network, thereby preventing legitimate network traffic.

• Attempts to disrupt connections between two machines, thereby preventing access to a

service.
• Attempts to prevent a particular individual from accessing a service.

• Attempts to disrupt service to a specific system or person.

One simple DoS (Denial of Service) attack was called the "Ping of Death." The Ping of Death
was able to exploit simple TCP/IP troubleshooting ping tool. Using ping tool, hackers would
flood a network with large packet requests that may ultimately crash the target server.

COMMON FORMS OF DENIAL OF SERVICE ATTACCK

Buffer overflow attacks- In information security and programming, a buffer overflow,

orbuffer overrun, is an anomaly where a program, while writing data to
a buffer, overruns the buffer'sboundary and overwrites adjacent memory locations
SYN attack-

Before understanding what is SYN attack, we need to know about TCP/IP three-way
handshake mechanism. Transmission Control Protocol/Internet Protocol (TCP/IP) session is
initiated with a three-way handshake. The two communicating computers exchange a SYN,
SYN/ACK and ACK to initiate a session. The initiating computer sends a SYN packet, to
which the responding host will issue a SYN/ACK and wait for an ACK reply from the initiator.
Click the following link to learn more about TCP/IP three-way handshake mechanism.

The SYN flood attack is the most common type of flooding attack. The attack occurs when the
attacker sends large number of SYN packets to the victim, forcing them to wait for replies that
never come. The third part of the TCP three-way handshake is not executed. Since the host is
waiting for large number of replies, the real service requests are not processed, bringing down
the service. The source address of these SYN packets in a SYN flood attack is typically set to
an unreachable host. As a result it is impossible to find the attacking computer.

SYN cookies provide protection against the SYN flood. A SYN cookie is implemented by
using a specific initial TCP sequence number by TCP software and is used as a defense against
SYN Flood attacks. By using stateful firewalls which reset the pending TCP connections after
a specific timeout, we can reduce the effect of SYN attack.
Teardrop attack- A teardrop attack is a denial-of-service (DoS) attackthat involves sending
fragmented packets to a target machine. Since the machine receiving such packets cannot
reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one
another, crashing the target network device

Smurf attack- is a distributed denial-of-serviceattack in which large numbers of Internet

Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are
broadcast to a computer network using an IP broadcast address
Most devices on a network will, by default, respond to this by sending a reply to the source IP
address. If the number of machines on the network that receive and respond to these packets is
very large, the victim's computer will be flooded with traffic. This can slow down the victim's
computer to the point where it becomes impossible to work on
Viruses- A computer virus is a type of malicious software that, when executed, replicates itself
by modifying other computer programs and inserting its own code. When this replication
succeeds, the affected areas are then said to be "infected" with a computer virus

Physical infrastructure attacks- Cause a Denial of Service (DoS) attack. These physical
infrastructure attacks can be accomplished simply by snipping a fiber-optic cable. They are
typically mitigated by the reality that traffic can quickly be rerouted.
If physical access to a computer system can be obtained, then gaining access to the information
on that computer system can also be obtained

Ways of preventing many forms of Dos attacks

Purchase a lot of bandwidth

Overprovisioning your bandwidth provides extra time to identify and deal with a DDoS attack.
Extra bandwidth also allows your server to accommodate unexpected spikes in traffic,
cushioning you against an intense attack.

Overprovisioning alone will not stop a large DDoS attack, but it could buy you critical time
before your resources are completely overwhelmed.
This technique works well against volumetric DDoS attacks, and many organisations use this
strategy to simply scale bandwidth to soak up large volumes of traffic. However, because of the
arms race between scalable bandwidth and attack power of DDoS attacks, this is mainly an
option for large enterprises willing to pay for the bandwidth needed.
But if an attacker is unable to muster enough traffic to overwhelm this, a volumetric attack is
generally ineffective.

Use Dos detecttion technology

Prepare for DOS response

Additional:
2. Make your architecture as resilient as possible
To withstand an attack, it’s crucial to make your architecture as resilient as possible. It’s not just
crucial for DDoS attacks, it’s highly beneficial for any kind of business continuity in response to
a general outage or disaster.

Priorities for architecture should be geographic and provider diversity. By spreading your
resources across multiple data centres, you’ll ensure that if one service is knocked offline, you’ve
got a backup. Popular cloud providers, like Microsoft Azure or Amazon AWS, often provide the
option to host your services in geographically separate data centres, ensuring you have a backup
if you’re struck.

3. Create a DDoS action plan

Your business must start planning to defend from DDoS attacks, before you’re hit. It’s much
harder to respond after an attack is already under way. While DDoS attacks can’t be prevented,
steps can be taken to make it harder for an attacker to knock you offline.

DDoS attacks can strike whenever, so don’t wait for an attack to bring your business to its knees.
Create a system that can help you survive a DDoS attack, enabling you to mitigate the risk if one
does occur.

A DDoS action plan might include using automated reports to send an internal alert when your
traffic increases beyond normal levels (you should do this as best practice anyway!) and
documenting your IT infrastructure to create a network topology diagram with an asset
inventory.

For more information on creating your own plan, take a look at this DDoS incident response
cheat sheet from GIAC security expert Lenny Zeltser.
4. Improve the security of your Internet of Things (IoT) devices
DDoS attacks are on the rise and hackers are now leveraging massive worldwide botnets
composed of Internet of Things (IoT) devices. The Internet of Things, the worldwide network of
connected devices like fridges and DVRs, is heralded as the next industrial revolution – but it’s
also the best thing to happen to DDoS attackers.

Why? IoT devices typically lack security and hackers are now able to manipulate armies of
connected devices to launch traffic at victims of their choosing.
To reduce the attack power of DDoS attacks, consumers and businesses must boost the security
of their devices. One quick and effective way to do this is by updating from default factory-set
passwords – easily guessed by hackers using bruteforce techniques. Pick a strong password and
change it regularly.

This will also reduce the risk of these devices being used against you, as one university
experienced when attacked by their own internet-connected vending machines.
5. Monitor traffic levels
DDoS attacks cause huge traffic spikes, but this could be hidden amidst real traffic. To disguise
an attack, smart cyber criminals launch DDoS attacks when websites and services are usually
busy, like Christmas or Black Friday.

The best way to detect a DDoS attack is to look out for these abnormal spikes in traffic to your
website. Stay alert, monitor traffic and set thresholds for automated reports when these are
exceeded.

6. Use a Content Delivery Network (CDN)

Image from Pixabay

One of the best defences against a DDoS attack is by using a content delivery network (CDN).
CDNs work by identifying traffic launched as part of a DDoS attack and diverting it to a third-
party cloud infrastructure.

CDNs, however, are not cheap and a typical monthly plan can edge into the five figure mark.
The value proposition will be hard to swallow for small businesses, well worth it for large
enterprises that cannot risk being knocked offline by a DDoS attack.
Organisations can invest in security forever and there’s no end to the money that could be spent.
Some organisations won’t be able to afford a CDN, luckily, it’s not the only option.

7. Practice for attacks

Practice makes perfect and by simulating DDoS attacks on your network you can gauge how
well your service withstands an attack as well as the effectiveness of your action plan.

These faux-attacks could be performed as part of a penetration test, a safe hacking attack
performed by a skilled ethical hacker. These simulations find hidden security flaws and monitor
how well businesses could withstand DDoS attacks. Regardless, you should be conducting
regular penetration tests on your business to ensure you’re as secure as you think you are.
Run a DDoS attack simulation during planned maintenance to spare your end users the
inconvenience, and if you have a CDN you should warn the provider that it’s a test.

8. Buy a dedicated server

Purchasing a dedicated server will give you more bandwidth and greater control over security.
Unlike co-location severs, dedicated servers’ hardware and infrastructure will be managed by a
third-party provider. Dedicated servers can also be purchased with automatic DDoS attack
mitigation in the event of an attack and you’ll receive support from your provider.

9. Educate your customers to be cyber secure

DDoS malware is hidden on innumerable computers across the globe. Cyber security is a global
problem and it’s every businesses responsibility to improve security awareness.

Customer education is an important part of DDoS protection. DDoS attacks will be significantly
reduced in strength if the number of users unknowingly running DDoS malware was reduced.

Proactively guard your customers against cyber bullies by encouraging them to follow security
best practices to secure their devices.
10. Train your staff in incident handling and recovery
Knowledge is power and you’ll need it to prevent and recover from a DDoS attack. Whoever is
responsible for your IT infrastructure should understand proper incident handling procedure, so
in the event of a DDoS attack, they can respond effectively and mitigate any further attacks.

If your businesses is serious about resisting and recovering from DDoS attacks, consider training
a member of your team in one of the myriad security certifications available.

The Global Information Assurance Certification (GIAC) offer a number of qualifications

designed to boost practical cyber security knowledge. One example, GIAC’s GCIH certification,
provides the incident handling knowledge needed to respond to DDoS attacks.
DISTRIBUTED DENIAL-OF-SERVICE ATTACK

A Distributed Denial of Service (DDoS) attack is a type of Denial of Service (DoS). In

Distributed Denial of Service (DDoS) attack multiple systems flood the bandwidth or overload
the resources of a targeted server.

In Distributed Denial of Service (DDoS), an intruder compromise one computer and make it
Distributed Denial of Service (DDoS) master. Using this Distributed Denial of Service (DDoS)
master, the intruder identifies and communicates with other systems that can be compromised.
Then the intruder installs Distributed Denial of Service (DDoS) tools on all compromised
systems. With a single command, the intruder instructs the compromised computers to launch
flood attacks against the target server. Here thousands of compromised computers are flooding
or overloading the resources of the target server preventing the legitimate users from accessing
the services offered by the server.

SOCIAL ENGINEERING

Social engineering, in the context of information security, refers to psychological

manipulation of people into performing actions or divulging confidential information. A type
of confidence trick for the purpose of information gathering, fraud, or system access, it differs
from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation of a human, is also
associated with the social sciences, but its usage has caught on among computer and information
security professionals.[1]

Social engineering relies heavily on the 6 principles of influence established by Robert Cialdini.
Cialdini's theory of influence is based on six key principles: reciprocity, commitment and
consistency, social proof, authority, liking, scarcity.
Six key principles[edit]
 1. Reciprocity – People tend to return a favor, thus the pervasiveness of free samples in
marketing. In his conferences, he often uses the example of Ethiopia providing thousands
of dollars in humanitarian aid to Mexico just after the 1985 earthquake, despite Ethiopia
suffering from a crippling famine and civil war at the time. Ethiopia had been
reciprocating for the diplomatic support Mexico provided when Italy invaded Ethiopia in
1935. The good cop/bad cop strategy is also based on this principle.
2. Commitment and consistency – If people commit, orally or in writing, to an idea or goal,
they are more likely to honor that commitment because of establishing that idea or goal
as being congruent with their self-image. Even if the original incentive or motivation is
removed after they have already agreed, they will continue to honor the agreement.
Cialdini notes Chinese brainwashing of American prisoners of war to rewrite their self-
image and gain automatic unenforced compliance. Another example is marketers make
you close popups by saying “I’ll sign up later” or "No thanks, I prefer not making
money”.
3. Social proof – People will do things that they see other people are doing. For example, in
one experiment, one or more confederates would look up into the sky; bystanders would
then look up into the sky to see what they were seeing. At one point this experiment
aborted, as so many people were looking up that they stopped traffic. See conformity,
and the Asch conformity experiments.
4. Authority – People will tend to obey authority figures, even if they are asked to perform
objectionable acts. Cialdini cites incidents such as the Milgram experiments in the early
1960s and the My Lai massacre.
5. Liking – People are easily persuaded by other people that they like. Cialdini cites the
marketing of Tupperware in what might now be called viral marketing. People were
more likely to buy if they liked the person selling it to them. Some of the many biases
favoring more attractive people are discussed. See physical attractiveness stereotype.
6. Scarcity – Perceived scarcity will generate demand. For example, saying offers are
available for a "limited time only" encourages sales.

Types of Social engineering attacks

Pretexting
"Blagger" redirects here. For the video game, see Blagger (video game).
Pretexting (adj. pretextual), is the act of creating and using an invented scenario (the pretext) to
engage a targeted victim in a manner that increases the chance the victim will divulge
information or perform actions that would be unlikely in ordinary circumstances.[7] An
elaborate lie, it most often involves some prior research or setup and the use of this information
for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish
legitimacy in the mind of the target.[8]
This technique can be used to fool a business into disclosing customer information as well as
by private investigators to obtain telephone records, utility records, banking records and other
information directly from company service representatives.[9] The information can then be used
to establish even greater legitimacy under tougher questioning with a manager, e.g., to make
account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy,
insurance investigators—or any other individual who could have perceived authority or right-to-
know in the mind of the targeted victim. The pretexter must simply prepare answers to questions
that might be asked by the victim. In some cases, all that is needed is a voice that sounds
authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.
Phishing
Main article: Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher
sends an e-mail that appears to come from a legitimate business—a bank, or credit card
company—requesting "verification" of information and warning of some dire consequence if it is
not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—
with company logos and content—and has a form requesting everything from a home address to
an ATM card's PIN or a credit card number. For example, in 2003, there was a phishing scam in
which users received e-mails supposedly from eBay claiming that the user's account was about to
be suspended unless a link provided was clicked to update a credit card (information that the
genuine eBay already had). Because it is relatively simple to make a Web site resemble a
legitimate organization's site by mimicking the HTML code and logos the scam counted on
people being tricked into thinking they were being contacted by eBay and subsequently, were
going to eBay's site to update their account information. By spamming large groups of people,
the "phisher" counted on the e-mail being read by a percentage of people who already had listed
credit card numbers with eBay legitimately, who might respond.
IVR or phone phishing
Main article: Vishing
Phone phishing (or "vishing") uses a rogue interactive voice response (IVR) system to recreate a
legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted
(typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided
in order to "verify" information. A typical "vishing" system will reject log-ins continually,
ensuring the victim enters PINs or passwords multiple times, often disclosing several different
passwords. More advanced systems transfer the victim to the attacker/defrauder, who poses as a
customer service agent or security expert for further questioning of the victim.
Spear phishing
Main article: Spear phishing
Although similar to "phishing", spear phishing is a technique that fraudulently obtains private
information by sending highly customized emails to few end users. It is the main difference
between phishing attacks because phishing campaigns focus on sending out high volumes of
generalized emails with the expectation that only a few people will respond. On the other hand,
spear phishing emails require the attacker to perform additional research on their targets in order
to "trick" end users into performing requested activities. The success rate of spear-phishing
attacks is considerably higher than phishing attacks with people opening roughly 3% of phishing
emails when compared to roughly 70% of potential attempts. Furthermore, when users actually
open the emails phishing emails have a relatively modest 5% success rate to have the link or
attachment clicked when compared to a spear-phishing attack's 50% success rate.[10]
Spear Phishing success is heavily dependent on the amount and quality of OSINT (Open Source
Intelligence) that the attacker can obtain. Social media account activity is one example of a
source of OSINT.
Water holing
Main article: Watering hole attack
Water holing is a targeted social engineering strategy that capitalizes on the trust users have in
websites they regularly visit. The victim feels safe to do things they would not do in a different
situation. A wary person might, for example, purposefully avoid clicking a link in an unsolicited
email, but the same person would not hesitate to follow a link on a website he or she often visits.
So, the attacker prepares a trap for the unwary prey at a favored watering hole. This strategy has
been successfully used to gain access to some (supposedly) very secure systems.[11]
The attacker may set out by identifying a group or individuals to target. The preparation involves
gathering information about websites the targets often visit from the secure system. The
information gathering confirms that the targets visit the websites and that the system allows such
visits. The attacker then tests these websites for vulnerabilities to inject code that may infect a
visitor's system with malware. The injected code trap and malware may be tailored to the specific
target group and the specific systems they use. In time, one or more members of the target group
will get infected and the attacker can gain access to the secure system.
Baiting
Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or
greed of the victim.[12] In this attack, attackers leave malware-infected floppy disks, CD-ROMs,
or USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking
lots, etc.), give them legitimate and curiosity-piquing labels, and waits for victims.
For example, an attacker may create a disk featuring a corporate logo, available from the target's
website, and label it "Executive Salary Summary Q2 2012". The attacker then leaves the disk on
the floor of an elevator or somewhere in the lobby of the target company. An unknowing
employee may find it and insert the disk into a computer to satisfy his or her curiosity, or a good
Samaritan may find it and return it to the company. In any case, just inserting the disk into a
computer installs malware, giving attackers access to the victim's PC and, perhaps, the target
company's internal computer network.
Unless computer controls block infections, insertion compromises PCs "auto-running" media.
Hostile devices can also be used.[13] For instance, a "lucky winner" is sent a free digital audio
player compromising any computer it is plugged to. A "road apple" (the colloquial term for
horse manure, suggesting the device's undesirable nature) is any removable media with malicious
software left in opportunistic or conspicuous places. It may be a CD, DVD, or USB flash drive,
among other media. Curious people take it and plug it into a computer, infecting the host and any
attached networks. Hackers may give them enticing labels, such as "Employee Salaries" or
"Confidential".[14]
One study done in 2016 had researchers drop 297 USB drives around the campus of the
University of Illinois. The drives contained files on them that linked to webpages owned by the
researchers. The researchers were able to see how many of the drives had files on them opened,
but not how many were inserted into a computer without having a file opened. Of the 297 drives
that were dropped, 290 (98%) of them were picked up and 135 (45%) of them "called home".[15]
Quid pro quo
Quid pro quo means something for something:

 An attacker calls random numbers at a company, claiming to be calling back from technical
support. Eventually this person will hit someone with a legitimate problem, grateful that
someone is calling back to help them. The attacker will "help" solve the problem and, in the
process, have the user type commands that give the attacker access or launch malware.
 In a 2003 information security survey, 90% of office workers gave researchers what they
claimed was their password in answer to a survey question in exchange for a
cheap pen.[16] Similar surveys in later years obtained similar results using chocolates and
other cheap lures, although they made no attempt to validate the passwords.[17]
Tailgating[edit]
Main article: Piggybacking (security)
An attacker, seeking entry to a restricted area secured by unattended, electronic access control,
e.g. by RFID card, simply walks in behind a person who has legitimate access. Following
common courtesy, the legitimate person will usually hold the door open for the attacker or the
attackers themselves may ask the employee to hold it open for them. The legitimate person may
fail to ask for identification for any of several reasons, or may accept an assertion that the
attacker has forgotten or lost the appropriate identity token. The attacker may also fake the action
of presenting an identity token.
Vishing
Vishing, otherwise known as "voice phishing", is the criminal practice of using social
engineering over the telephone system to gain access to private personal and financial
information from the public for the purpose of financial reward. It is also employed by attackers
for reconnaissance purposes to gather more detailed intelligence on a target organisation.
Other types
Common confidence tricksters or fraudsters also could be considered "social engineers" in the
wider sense, in that they deliberately deceive and manipulate people, exploiting human
weaknesses to obtain personal benefit. They may, for example, use social engineering techniques
as part of an IT fraud.
A very recent type of social engineering technique includes spoofing or hacking IDs of people
having popular e-mail IDs such as Yahoo!, Gmail, Hotmail, etc. Among the many motivations
for deception are:

 Phishing credit-card account numbers and their passwords.

 Cracking private e-mails and chat histories, and manipulating them by using common editing
techniques before using them to extort money and creating distrust among individuals.
 Cracking websites of companies or organizations and destroying their reputation.
 Computer virus hoaxes
 Convincing users to run malicious code within the web browser via self-XSS attack to allow
access to their web account
How to protect your computer against network security attacks and other accidents
1. Use a firewall
2. Use anti-virus software and keep it up-to-date
3. Regularly check for spyware and adware
4. Don’t open unknown email attachments
5. Disable hidden filename extensions
6. Keep your operating system and other applications patched
7. Disable java and active x if possible
8. Turn off your computer or disconnect from the network when not in use
9. Make regular backups of important data
10. Use multifactor authentication – One of the most valuable pieces of information
attackers seek are user credentials. Using multifactor authentication helps ensure your
account’s protection in the event of system compromise. Imperva Login Protect is an
easy-to-deploy 2FA solution that can increase account security for your applications.
11. Be wary of tempting offers – If an offer sounds too enticing, think twice before
accepting it as fact. Googling the topic can help you quickly determine whether you’re
dealing with a legitimate offer or a trap.
12. Keep your antivirus/antimalware software updated – Make sure automatic updates
are engaged, or make it a habit to download the latest signatures first thing each day.
Periodically check to make sure that the updates have been applied, and scan your system
for possible infections.