Lecture 12Internet, Database,

Cyber Crime

Lecturer: Sumaira Hussain

S.M.I University

Internet

A collection of interconnected networks – looks like a single, unified network

Internet

Enables users located at far-way locations to easily share information with others located all over the world

Enables users to easily and inexpensively communicate with others located all over the world

Enables the users to operate and run programs on computers located all over the world

The Internet is unlike any previous human invention. It is a world-wide resource, accessible to all of the humankind.

Key Characteristics

Geographic DistributionGlobal - reaches around the

world Robust Architecture

Adapts to damage and error Speed

Data can travels at near ‘c’ on copper, fiber, airwaves

Key Characteristics

Universal AccessSame functionality to everyone

Growth RateThe fastest growing technology

ever Freedom of Speech

Promotes freedom of speech The Digital Advantage

Is digital: can correct errors

Internet Networking Protocol

Communications on the Internet is controlled by a set of two protocols: TCP and IPTCP/IP Transmission Control Protocol/Internet ProtocolTCP breaks down the message to be sent over the Internet into packetsIP routes these packets through the Internet to get them to their destinationWhen the packets reach the destination computer, TCP reassembles them into the original message

IP Address

A unique identifier for a computer on a TCP/IP network

Format: four 8-bit numbers separated by periods. Each 8-bit number can be 0 to 255

Example: www.smiu.edu.pk (192.254.232.36)

Domain Name

A domain name is a meaningful, easy-to-remember ‘label’ for an IP address

Example: www.smiu.edu.pk (192.254.232.36)

Domain Name System

DNS is the way that Internet domain names are located & translated into IP addresses

Internet Services

FTP Telnet Web eMail Instant messaging VoIP

File Transfer Protocol (FTP)

Used to transfer files between computers on a TCP/IP network (e.g. Internet)

Simple commands allow the user to: List, change, create folders on a remote

computer Upload and download files Typical use: Transferring Web content from

the developer’s PC to the Web server

Telnet Protocol

Using Telnet, a user can remotely log on to a computer (connected to the user’s through a TCP/IP network, e.g. Internet) & have control over it like a local user, including control over running various programs

In contrast, FTP allows file operations only Typical use: Configuring and testing of a

remote Web server

Web

The greatest, shared resource of information created by humankind

A user may access any item on the Web through a URL, e.g.

http://smiu.edu.pk/under-graduate-programs.php

Protocol Identifier

Server Address Directory & File Name

E-Mail Computer-to-computer messaging Components:eMail Clients Programs used for writing, sending, receiving, and

displaying eMail messages Example: YahooMailSMTP: Simple Mail Transfer Protocol A protocol used to send and receive eMail

messages over a TCP/IP networkPOP3: Post Office Protocol A protocol used for receiving eMail messages A POP3 server maintains text files (one file per user

account) containing all messages received by a user

Instant Messaging

The IM services available on the Internet (e.g. ICQ, AIM, MSN Messenger, Yahoo! Messenger) allow us to maintain a list of people (contacts) that we interact with regularly

We can send an instant messages to any of the contacts in our list as long as that contact is online

Voice over IP (VoIP)

Voice delivered from one device to another using the Internet Protocol

Voice is first converted into a digital form, is broken down into packets, and then transmitted over a TCP/IP network (e.g. Internet)

Data & Information

Data refers to raw facts & figures Information is an organized form of

data

Data Integrity

Integrity refers to maintaining the correctness and consistency of the data

– Correctness: Free from errors– Consistency: No conflict among related data items Integrity can be compromised in many ways:– Typing errors– Transmission errors– Hardware malfunctions– Program bugs– Viruses– Fire, flood, etc.

Database

A collection of data organized in such a fashion that the computer can quickly search for a desired data item

Database Management System

DBMS takes care of the storage, retrieval, and management of large data sets on a database

It provides SW tools needed to organize & manipulate that data in a flexible manner

It includes facilities for:– Adding, deleting, and modifying data– Making queries about the stored data– Producing reports summarizing the required contents

Database Characteristics

Similar items of data form a column Fields placed in a particular row are strongly

interrelated One can sort the table w.r.t. any column That makes searching straight forward e.g., for all

the books written by a certain author Similarly, searching for the 10 cheapest/most

expensive books can be easily accomplished through a sort

Effort required for adding a new column to the table is much smaller

Example

Title Author Publisher Price InStock

The TerribleTwins

Bhola Champion

BholiBooks 199 Y

Calculus &AnalyticalGeometry

SmithSahib

GoodPublishers

325 N

AccountingSecrets

ZaminGeoffry

Sung-e-KilometerPublishers

29 Y

Example

Customer Title Shipment TypeSaad The Terrible

Twins24-10-2014 Air

Asad Calculus &AnalyticalGeometry

23-03-2014 Surface

Ali AccountingSecrets

12-06-2014 Air

They share a column, & are related through it A program can match info from a field in one table with info in a corresponding field of another table to generate a 3rd table that combines requested data from both tables

Question

who has spent the most money on the online bookstore

Answer

Customer PriceSaad 199

Asad 325

Ali 29

Relational Database

Databases consisting of two or more related tables are called relational databases

A typical relational database may have anywhere from 10 to over a thousand tables

Each column of those tables can contain only a single type of data (contrast this with spreadsheet columns!)

Table rows are called records; row elements are called fields

A relational database stores all its data inside tables, and nowhere else

All operations on data are done on those tables or those that are generated by table operations

RDBMS

Relational DBMS software Contains facilities for creating, populating,

modifying, and querying relational databases

Examples:–Access – DB2–FileMaker Pro – Objectivity/DB–SQL Server – MySQL–Oracle – Postgres

Terminologies

Primary Key is a field that uniquely identifies each record stored in a table

Queries are used to view, change, and analyze data. They can be used to:

– Combine data from different tables, efficiently– Extract the exact data that is desired Forms can be used for entering, editing, or viewing data, one

record at a time Reports are an effective, user-friendly way of presenting data. Data normalization is the process of efficiently organizing

data in a database. There are two goals of the normalization process:

– Eliminate redundant data– Storing only related data in a table

Cyber Crime

07 February 2000• Users trying to get on to the Web sites of Yahoo, couldn’t!• Reason: Their servers were extremely busy!• They were experiencing a huge number of hits• The hit-rate was superior to the case when a grave incident (e.g. 9/11) occurs,

andpeople are trying to get info about what has happened• The only problem was that nothing of note had taken place!What was going on?• A coordinated, distributed DoS (Denial of Service) attack was taking place• Traffic reached 1 GB/s; many times of normal!• In the weeks leading to the attack, there was a noticeable rise in the number ofscans that Internet servers were receiving• Many of these scans appeared to originate from IP addresses that traced back toKorea, Indonesia, Taiwan, Australia

Three Phases of the DoS1. Search for Drones• The attackers set about acquiring the control over the computers to be used in theattack … • by scanning – using e.g. Sscan SW – a large numbers of computers attached to theInternet• Once a computer with a weak security scheme is identified, the attackers try abreak-in• Once conquered, that computer – called a drone – will be used to scan others2. Arming the Drones• After several drones have been conquered, the DoS SW is loaded on to them• Examples: Tribal Flood Network, Trinoo, TFN2K• Like a time-bomb, that SW can be set to bring itself into action at a specified time• Alternatively, it can wait for a commencement command from the attacker3. The Actual Attack• At the pre-specified time or on command, the SW implanted on all of the droneswakes-up and starts sending a huge number of messages to the targeted servers• Responding to those messages overburdens the targeted servers and they becomeunable to perform their normal functions 

DoS Attack: A Cyber Crime DoS is a crime, but of a new type - made possible by the

existence of the Internet A new type of policing and legal system is required to tackle

such crimes and their perpetrators Internet does not know any geographical boundaries,

therefore jurisdiction is a key issue when prosecuting the cyber-criminal

Cyber crime can be used to … Damage a home computer Bring down a business Weaken the telecom, financial, or even defense-related

systems of a country

Viruses Self-replicating SW that eludes detection and is

designed to attach itself to other files Infects files on a computers through:– Floppy disks, CD-ROMs, or other storage media– The Internet or other networks Viruses cause tens of billions of dollars of damage each

year One such incident in 2001 – the LoveBug virus – had an

estimated cleanup/lost productivity cost of US$8.75 billion

The first virus that spread world-wide was the Brain virus, and was allegedly designed by someone in Lahore

Antivirus SW

Designed for detecting viruses & inoculating Continuously monitors a computer for known

viruses and for other tell-tale signs like:– Most – but, unfortunately not all – viruses increase

the size of the file they infect– Hard disk reformatting commands– Rewriting of the boot sector of a hard disk The moment it detects an infected file, it can

automatically inoculate it, or failing that, erase it