What is the difference between  primary memory and auxiliary memory

the main memory is the central storage unit of the computer system. it is relatively large and fast memory used 2 store the programs and data during the computer operation.main memory communicates directly with the CPU. main memory includes RAM and ROMs. devices that provide backup storage are known as auxillary memory. auxillary memory are relatively slow in comparision to the main memory. auxillary memory includes flash memory,magntic disks and floppys. main memory is located inside the CPU but auxillary memory is located out the CPU.the main memory is the central storage unit of the computer system. it is relatively large and fast memory used 2 store the programs and data during the computer operation.main memory communicates directly with the CPU. main memory includes RAM and ROMs. information superhighwaya largescale communications network providing a variety of ofteninteractive services, as text databases, email, and audio andvideo materials, accessed through computers, television sets, etc.A server has many functions, and they come in different types to facilitate different uses. Let's have a brief idea on what is a server before getting to know about the different types of servers.

What is a ServerA server is a device with a particular set of programs or protocols that provide various services, which other machines or clients request, to perform certain tasks. Together, a server and its clients form a client/server network, which provides routing systems and centralized access to information, resources, stored data, etc. At the most ground level, one can consider it as a technology solution that serves files, data, print, fax resources and multiple computers. The advanced server versions, like Windows Small Business Server 2003 R2 enable the user to handle the accounts and passwords, allow or limit the access to shared resources, automatically support the data and access the business information remotely. For example, a file server is a machine that maintains files and allows clients or users to upload and download files from it. Similarly, a web server hosts websites and allows users to access these websites. Clients mainly include computers, printers, faxes or other devices that can be connected to the server. By using a server, one can securely share files and resources like fax machines and printers. Hence, with a server network, employees can access the Internet or company e-mail simultaneously.

Types of Servers

The multiple types of servers or types of network servers are as follows:

Server Platform: Server platform is the fundamental hardware or software for a system which acts as an engine that drives the server. It is often used synonymously with an operating system.

Application Server: Also known as a type of middleware, it occupies a substantial amount of computing region between database servers and the end user, and is commonly used to connect the two.

Audio/Video Server: It provides multimedia capabilities to websites by helping the user to broadcast streaming multimedia content.

Chat Server: It serves the users to exchange data in an environment similar to Internet newsgroup which provides real-time discussion capabilities.

Fax Server: It is one of the best options for organizations that seek minimum incoming and outgoing telephone resources, but require to fax actual documents.

FTP Server: It works on one of the oldest of the Internet services, the file transfer protocol. It provides a secure file transfer between computers while ensuring file security and transfer control.

Groupware Server: It is a software designed that enables the users to work together, irrespective of the location, through the Internet or a corporate intranet and to function together in a virtual atmosphere.

IRC Server: It is an ideal option for those looking for real-time discussion capabilities. Internet Relay Chat comprises different network servers that enable the users to connect to each other through an IRC network.

List Server: It provides a better way of managing mailing lists. The server can be either open interactive discussion for the people or a one-way list that provides announcements, newsletters or advertising.

Mail Server: It transfers and stores mails over corporate networks through LANs, WANs and across the Internet.

News Server: It serves as a distribution and delivery source for many public news groups, approachable over the USENET news network.

Proxy Server: It acts as a mediator between a client program and an external server to filter requests, improve performance and share connections.

Telnet Server: It enables the users to log on to a host computer and execute tasks as if they are working on a remote computer.

Virtual Servers: A virtual server is just like a physical computer because it is committed to an individual customer's demands, can be individually booted and maintains privacy of a separate computer. Basically, the distance among shared and dedicated (hosting) servers is reduced providing freedom to other customers, at a less cost. Now, it has become omnipresent in the data center.

Web Server: It provides static content to a web browser by loading a file from a disk and transferring it across the network to the user's web browser. This exchange is intermediated by the browser and the server, communicating using HTTP.

Other types of servers include Open source servers, Gopher server (like a plain document, similar to WWW and the hypertext being absent) and Name server (applies name-service protocol).

The various servers can be categorized according to their applications. Servers along with managing network resources are also dedicated, i.e., they perform no other task other than their server taskMulti-User Operating SystemsA multi-user operating system allows more than one user to share the same computer system at the same time. It does this by time-slicing the computer processor at regular intervals between the various users.We start off by giving the first user (which we will call Sophia) the processor hardware, and run Sophia's program for 1/5th of a second. When the time is up, we intervene, save Sophia's program state (program code and data) and then start running the second users program (for 1/5th of a second).

This process continues till we eventually get back to user Sophia. To continue running Sophia's program, we restore the programs code and data and then run for 1/5th of a second.This switching between user programs is done by part of the kernel. To switch from one program to another requires,

a regular timed interrupt event (provided by a clock) saving the interrupted programs state and data restoring the next programs state and data running that program till the next timed interrupt occurs

Difference between software and computer language?

Computer language is used to compile the software. A software is compiled by computer language and is a program on the computer.Secure Socket Layer, a protocol for encrypting information over the Internet The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server can be enabled by using

Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use.TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a client that handles SSL but not TLS.

A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) isauthentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.

Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. How It Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from

1. You copy-and-paste the contract (it's a short one!) into an e-mail note.2. Using special software, you obtain a message hash (mathematical summary) of the

contract.3. You then use a private key that you have previously obtained from a public-private key

authority to encrypt the hash.4. The encrypted hash becomes your digital signature of the message. (Note that it will be

different each time you send a message.)At the other end, your lawyer receives the message.

To make sure it's intact and from you, your lawyer makes a hash of the received message.Your lawyer then uses your public key to decrypt the message hash or summary.

1. If the hashes match, the received message is valid.

A Digital Signature Certificate, like hand written signature, establishes the identity of the sender filing the documents through internet which sender can not revoke or deny. A Digital Signature Certificate is not only a digital equivalent of a hand written signature it adds extra data electronically to any message or a document where it is used to make it more authentic and more secured. Digital Signature ensures that no tampering of data is done once the document has been digitally signed. A DSC is normally valid for 1 or 2 years, after which renewal is required.These certificates are accepted for IFFCO, Northern Railway, MCA 21, E-filing, E -tendering etc...There are basically 3 types of Digital Signature Certificates  Class-1, Class-2 & Class-3 each having different level of security.All the authorized signatories of company under MCA21 require Class-2 Digital Signature Certificate.Similarly any document filed by CA/CS/CWA & TAX PRACTIONERS under MCA21 require  Class-2 Digital Signature Certificate.

Digital certificates - To implement public key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust. It confirms that each computer is in fact who they say they are and then provides the public keys of each computer to the other. An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.The most widely used standard for digital certificates is X.509role of data base management in information system

The database is in effect the storage/retrieval engine withing the Information System. Data punched in a sequence to the database can be interrogated and recalled in the form of "queries". The database makes the data retrieval more efficient and flexible allowing operators to establish quite complex reports on data needed . Role of the Database in an Organization:

An organization is traditionally viewed as a three level pyramid-operational

activities at the bottom, management planning and control activities in the middle

and strategic planning and policy making in top management. The corporate

database contains data relating to the organization, its operations, its plan and its

environment.

State of Database Management In Organizations:

The needs of organizations and management are changeable, diverse and often ill-defined, yet they must be met. Added to these are outside pressures from federal taxing authorities, federal securities agencies and legislators making privacy laws. Both internal and external forces demand that organizations exercise control over their data resources. 

Decisions and actions in the organization are based upon the image contained in the corporate database. Managerial decisions direct the actions at the operational level and produce plans and expectations which are formally captured and stored in the corporate database. Transactions record actual results of organizational activities and environmental changes and update the database to maintain a current image. 

People in the organization query the database for information to conduct the daily operations. Middle management receives reports comparing actual results to previously recorded plans and expectations. The corporate database provides data for modeling and forecasting which support top management needs. The corporate database supports all levels of an organization and is vital for operations, decision making and the management process.

While management seeks to control data resources, computer applications grow. When a corporation achieves comprehensive support of its operations, for instance, computer applications begin to penetrate into higher management levels. With comprehensive database support of operations, an MIS can mature as a tool for planning, control and decision making. Earlier, in the development of an MIS, an organization must appoint a DBA to manage its data resources. While an organization’s move toward the database approach can be hastened by the acquisition of a DBMS, the latter is not necessary. Most commercially available DBMS’s fall substantially short of ideal capabilities, making their acquisition an interim measure - a move to help the organization learn how to operate in a managed data environment.

In seeking DBMS capability, building one’s own system is unrealistic except for large organizations with special needs, such as a very large database or large volumes of known transactions requiring rapid online response.Data is a vital resource in an organization and must be managed. The organizational database is an essential component in a management information system. Of the four components of a data processing system, attention to data has lagged behind the development of machines and programming technology. Taking a database approach requires an organization to focus on data as a valued resource. Data is separate from programs and application systems which use itWhat is the difference between Windows and Unix?As far as operating systems go, to some it would seem as if UNIX has a clear advantage over Windows. UNIX offers greater flexibility than Windows operating systems; furthermore, it is more stable and it does not crash as much as much as Windows. To some, UNIX is just as easy to use as Windows, offering a GUI interface as well as command line. But there are users out there that believe UNIX is for only for computer gurus only, claiming that the fragmentation of the UNIX GUI is its greatest competitive weakness. 

One thing that has been established though, UNIX is quite a bit more reliable than Windows, and less administration and maintenance is needed in maintaining a UNIX system. This is a huge cost saver for any organization. Rather than employing many individuals to maintain a Windows based system, one part-time employee would be needed for the upkeep of a typical size UNIX system. One key difference between UNIX and Windows is the implementation of multiple users on one computer. When a user logs onto a UNIX system, a shell process is started to service their commands. Keeping track of users and their processes, a UNIX operating system is able to keep track of processes and prevent them from interfering with each other. This is extremely beneficial when all the processes run on the server, which demands a greater use of resources - especially with numerous users and sizeable applications. 

Another main difference between UNIX and Windows is the process hierarchy which UNIX possesses. When a new process is created by a UNIX application, it becomes a child of the process that created it. This hierarchy is very important, so there are system calls for influencing child processes. Windows processes on the other hand do not share a hierarchical relationship. Receiving the process handle and ID of the process it created, the creating process of a Windows system can maintain or simulate a hierarchical relationship if it is needed. The Windows operating system ordinarily treats all processes as belonging to the same generation. 

UNIX uses daemons, Windows has service processes. Daemons are processes that are started when UNIX boots up that provide services to other applications. Daemons typically do not interact with users. A Windows service is the equivalent to a UNIX daemon. When a Windows system is

booted, a service may be started. This is a long running application that does not interact with users, so they do not have a user interface. Services continue running during a logon session and they are controlled by the Windows Service Control Manager. 

UNIX has a novel approach to designing software. Since UNIX is open-sourced, it attracts some very intelligent programmers who develop many applications free of charge. With this in mind, many designers choose to resolve software problems by creating simpler tools that interconnect rather than creating large application programs. In contrast, Windows applications are all proprietary and costly. With UNIX, each generation extends, rather than replaces the previous like Windows it is rarely necessary to upgrade - old and new Unix are all compatible. The main reason for this is the way UNIX is built, which is on a solid theoretical foundation. There are many advantages to this, for instance, a book written 20 years ago that discusses programming UNIX can still be used today. Imagine trying to figure out how to run Windows XP with a Window 3.1 manual - it can't be done. 

One argument to be made about UNIX is its lack of standardization. Some feel there are too many choices to be made regarding which GUI to use, or which combination of UNIX hardware and software to support. UNIX operating systems make great high-performance servers, but for end-users, every application on each arrangement of UNIX platform requires a different set, and each application has a different user interface. Microsoft has "the" Windows operating system; there simply isn't one standardized UNIX operating system, or for that matter, a single standardized UNIX GUI. One could argue and say this is a downfall for UNIX, but on the other hand, these variations add flavor and versatility to a solid, reliable operating system. 

In summary, the best way to choose between UNIX and Windows is to determine organizational needs. If an organization uses mostly Microsoft products, such as Access, Front Page, or VBScripts, it's probably better to stick with Windows. But, if reliability, universal compatibility, and stability are a concern, UNIX would probably be the way to go. 

Structure of a Web Address

There are four parts to a web address:

1. a web address always begins with “http://” which stands for hypertext transfer protocol and refers to the manner (also know as the “scheme”) in which web pages are sent over the Internet. In current versions of Internet Explorer, the http:// is automatically inserted for you, so you don’t need to struggle with typing it in.

2. a web address typically includes “www” which is short for World Wide Web. However, some web addresses (including those that allow you to access your e-mail over the web) do not have the www as part of their address. If you’re not sure whether the web site you’d like to visit has a www as part of its address, try it both ways. One of the two is bound to work.

3. a web address includes a site name. In the example above, the site name is “nypl”, which stands for New York Public Library.

4. a web address includes a domain name. In the example above the category is “.org”. There is occasionally a slash (“/”) and some text following the domain name. This typically represents a specific web page within the web site. Some of the largest, most common domains are .com (commercial site), .edu (educational institution), .gov (government site), .mil (military site), .net (network site), and .org (nonprofit or private organization). So, when you next see a web address that ends in .edu, you’ll know that web site belongs to an educational institution.

There are never any empty spaces in a web address but underscored spaces, i.e. “_” are OK.

Also, don’t worry too much about using capital letters. Very rarely is any distinction made

between upper and lower case letters. However, if you want to visit a web site whose web server

uses Unix (instead of the Windows operating system) then you will need to be mindful of the

distinction between the upper and lowercase letters in the address. Also, be careful not to confuse

a web address with an e-mail address. An e-mail address always has an “@” symbol in it and is

very unlikely to ever have a "www.” sequence. Double left-click on the blue Internet Explorer

icon on your desktop screen. If you can’t find the Internet Explorer icon, try left-clicking on

START and then leftclicking on PROGRAMS and then left-clicking on INTERNET

EXPLORER Introduction

The invention of the computers has opened new avenues for the fraudsters. It is an evil

having its origin in the growing dependence on computers in modern life. Though there

is a great talk about the cyber crimes there is nothing called cyber crime. The crimes

such as frauds, forgery are traditional and are covered by the separate statutes such

as  Indian Penal Code or alikes. However the abuse of computer and the related

electronic media has given birth to a gamut of new types of crimes which has some

peculiar features.

A simple yet sturdy definition of these crimes would be “unlawful acts wherein the

equipment transforming the information be it a computer or a mobile is either a tool or a

target or both”. In India the information Technology Act deals with the acts wherein the

computer is a tool for an unlawful act. This kind of activity usually involves a

modification of a conventional crime by using computers. Some examples are:

Financial crimes

Wipro Spectramind lost the telemarketing contract from Capital one due to an organized

crime.The telemarketing executives offered fake discounts, free gifts to the Americans

in order to boost the sales of the Capital one. The internal audit revealed the fact and

surprisingly it was also noted that the superiors of these telemarketers were also

involved in the whole scenario.

Cyber pornography

This would include pornographic websites; pornographic magazines produced using

computers (to publish and print the material) and the Internet (to download and transmit

pornographic pictures, photos, writings etc).

The Delhi Public School is the hot issue in succession with the dirty clips of Miss.

Jammu.11thstandard student while having the oral sex recorded the clip of

approximately 2.30 minutes by his mobile and circulated amongst his friends.The

students were expelled from the school and two big arrests were also made in the same

conjunction. Some more Indian incidents revolving around cyber pornography include

the Air Force Balbharati School case. In the first case of this kind, the Delhi Police

Cyber Crime Cell registered a case under section 67 of the IT act, 2000. A student of

the Air Force Balbharati School, New Delhi, was teased by all his classmates for having

a pockmarked face.

He decided to get back at his tormentors. He created a website at the URL

www.amazing-gents.8m.net. The website was hosted by him on free web space. It was

dedicated to Air Force Bal Bharti School and contained text material. On this site, lucid,

explicit, sexual details were given about various “sexy” girls and teachers of the school.

Girls and teachers were also classified on the basis of their physical attributes and

perceived sexual preferences. The website also became an adult boys’ joke amongst

students.

This continued for sometime till one day, one of the boys told a girl, “featured” on the

site, about it. The father of the girl, being an Air Force officer, registered a case under

section 67 of the IT Act, 2000 with the Delhi Police Cyber Crime Cell.

The police picked up the concerned student and kept him at Timarpur (Delhi) juvenile

home. It was almost after one week that the juvenile board granted bail to the 16- year-

old student.

Sale of illegal articles:

This would include sale of narcotics, weapons and wildlife etc., by posting information

on websites, auction websites, and bulletin boards or simply by using email

communication. E.g. many of the auction sites even in India are believed to be selling

cocaine in the name of ‘honey’. The clip of the DPS students was kept for selling on the

site called Bazee.com by a student from IIT Kharagpur

Online gambling

There are millions of websites; all hosted on servers abroad, that offer online gambling.

In fact, it is believed that many of these websites are actually fronts for money

laundering. Cases of hawala transactions and money laundering over the Internet have

been reported. Whether these sites have any relationship with drug trafficking is yet to

be explored. Recent Indian case about cyber lotto was very interesting. A man called

Kola Mohan invented the story of winning the Euro Lottery. He himself created a

website and an email address on the Internet with the address 'eurolottery@usa.net.'

Whenever accessed, the site would name him as the beneficiary of the 12.5 million

pound.After confirmation a telgu newspaper published this as a news. He collected

huge sums from the public as well as from some banks for mobilization of the deposits

in foreign currency. However, the fraud came to light when a cheque discounted by him

with the Andhra Bank for Rs 1.73 million bounced. Mohan had pledged with Andhra

Bank the copy of a bond certificate purportedly issued by Midland Bank, Sheffields,

London stating that a term deposit of 12.5 million was held in his name.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks violations, theft of

computer source code etc. In other words this is also referred to as cybersquatting.

Satyam Vs. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the

Delhi High Court that some cyber squatters had registered domain names such as

barticellular.com and bhartimobile.com with Network solutions under different fictitious

names. The court directed Network Solutions not to transfer the domain names in

question to any third party and the matter is sub-judice. Similar issues had risen before

various High Courts earlier. Yahoo had sued one Akash Arora for use of the domain

name ‘Yahooindia.Com’ deceptively similar to its ‘Yahoo.com’. As this case was

governed by the Trade Marks Act, 1958, the additional defence taken against Yahoo’s

legal action for the interim order was that the Trade Marks Act was applicable only to

goods.

Email spoofing

A spoofed email is one that appears to originate from one source but actually has been

sent from another source. E.g. Gauri has an e-mail address gauri@indiaforensic.com.

Her enemy, Prasad spoofs her e-mail and sends obscene messages to all her

acquaintances. Since the e-mails appear to have originated from Gauri, her friends

could take offence and relationships could be spoiled for life.

Email spoofing can also cause monetary damage. In an American case, a teenager

made millions of dollars by spreading false information about certain companies whose

shares he had short sold. This misinformation was spread by sending spoofed emails,

purportedly from news agencies like Reuters, to share brokers and investors who were

informed that the companies were doing very badly. Even after the truth came out the

values of the shares did not go back to the earlier levels and thousands of investors lost

a lot of money.

Recently, a branch of the Global Trust Bank experienced a run on the bank. Numerous

customers decided to withdraw all their money and close their accounts. It was revealed

that someone had sent out spoofed emails to many of the bank’s customers stating that

the bank was in very bad shape financially and could close operations at any time.

Unfortunately this information proved to be true in the next few days.

But the best example of the email spoofing can be given by the Gujarat Ambuja

Executive’s case. Where he pretended to be a girl and cheated the Abu dhabi based

NRI for crores by blackmailing tactics.

Forgery

Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be

forged using sophisticated computers, printers and scanners.

Outside many colleges across India, one finds touts soliciting the sale of fake mark

sheets or even certificates. These are made using computers, and high quality scanners

and printers. In fact, this has becoming a booming business involving thousands of

Rupees being given to student gangs in exchange for these bogus but authentic looking

certificates.Some of the students are caught but this is very rare phenomenon.

Cyber Defamation:

This occurs when defamation takes place with the help of computers and / or the

Internet. E.g. someone publishes defamatory matter about someone on a website or

sends e-mails containing defamatory information to all of that person’s friends.

India’s first case of cyber defamation was reported when a company’s employee started

sending derogatory, defamatory and obscene e-mails about its Managing Director. The

e-mails were anonymous and frequent, and were sent to many of their business

associates to tarnish the image and goodwill of the company.

The company was able to identify the employee with the help of a private computer

expert and moved the Delhi High Court. The court granted an ad-interim injunction and

restrained the employee from sending, publishing and transmitting e-mails, which are

defamatory or derogatory to the plaintiffs.

Cyber stalking

The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber stalking involves

following a person’s movements across the Internet by posting messages (sometimes

threatening) on the bulletin boards frequented by the victim, entering the chat-rooms

frequented by the victim, constantly bombarding the victim with emails etc.

Ritu Kohli has the dubious distinction of being the first lady to register the cyber stalking

case. A friend of her husband gave her telephonic number in the general chat room.

The general chatting facility is provided by some websites like MIRC and ICQ. Where

person can easily chat without disclosing his true identity. The friend of husband also

encouraged this chatters to speak in slang language to Ms. Kohli.

 

Now, let us examine some of the acts wherein the computer is the target for an unlawful

act. It may be noted that in these activities the computer may also be a tool. This kind of

activity usually involves sophisticated crimes usually out of the purview of conventional

criminal law. Some examples are:

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian law has, however, given a

different connotation to the term hacking, so we will not use the term “unauthorized

access” interchangeably with the term “hacking”. However, as per Indian law,

unauthorized access does occur, if hacking has taken place.

An active hackers’ group, led by one “Dr. Nuker”, who claims to be the founder of

Pakistan Hackerz Club, reportedly hacked the websites of the Indian Parliament,

Ahmedabad Telephone Exchange, Engineering Export Promotion Council, and United

Nations (India).

Theft of information contained in electronic form

This includes information stored in computer hard disks, removable storage media etc.

Email bombing

Email bombing refers to sending a large number of emails to the victim resulting in the

victim’s email account (in case of an individual) or mail servers (in case of a company or

an email service provider) crashing.

In one case, a foreigner who had been residing in Simla, India for almost thirty years

wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower

rates. When he made an application it was rejected on the grounds that the scheme

was available only for citizens of India. He decided to take his revenge. Consequently

he sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-

mails till their servers crashed.

Data diddling

This kind of an attack involves altering raw data just before it is processed by a

computer and then changing it back after the processing is completed. Electricity

Boards in India have been victims to data diddling programs inserted when private

parties were computerizing their systems.

The NDMC Electricity Billing Fraud Case that took place in 1996 is a typical example.

The computer network was used for receipt and accounting of electricity bills by the

NDMC, Delhi. Collection of money, computerized accounting, record maintenance and

remittance in he bank were exclusively left to a private contractor who was a computer

professional. He misappropriated huge amount of funds by manipulating data files to

show less receipt and bank remittance.

Salami attacks

These attacks are used for the commission of financial crimes. The key here is to make

the alteration so insignificant that in a single case it would go completely unnoticed. E.g.

a bank employee inserts a program, into the bank’s servers, that deducts a small

amount of money (say Rs. 5 a month) from the account of every customer. No account

holder will probably notice this unauthorized debit, but the bank employee will make a

sizeable amount of money every month.

To cite an example, an employee of a bank in USA was dismissed from his job.

Disgruntled at having been supposedly mistreated by his employers the man first

introduced a logic bomb into the bank’s systems. Logic bombs are programmes, which

get activated on the occurrence of a particular predefined event.

The logic bomb was programmed to take ten cents from all the accounts in the bank

and put them into the account of the person whose name was alphabetically the last in

the bank’s rosters. Then he went and opened an account in the name of Ziegler. The

amount being withdrawn from each of the accounts in the bank was so insignificant that

neither any of the account holders nor the bank officials noticed the fault.

It was brought to their notice when a person by the name of Zygler opened his account

in that bank. He was surprised to find a sizeable amount of money being transferred into

his account every Saturday. Being an honest person, he reported the “mistake” to the

bank authorities and the entire scheme was revealed.

Denial of Service attack

This involves flooding a computer resource with more requests than it can handle. This

causes the resource (e.g. a web server) to crash thereby denying authorized users the

service offered by the resource. Another variation to a typical denial of service attack is

known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are

many and are geographically widespread.

It is very difficult to control such attacks. The attack is initiated by sending excessive

demands to the victim’s computer(s), exceeding the limit that the victim’s servers can

support and making the servers crash. Denial-of-service attacks have had an

impressive history having, in the past, brought down websites like Amazon, CNN,

Yahoo and eBay!

Virus / worm attacks

Viruses are programs that attach themselves to a computer or a file and then circulate

themselves to other files and to other computers on a network. They usually affect the

data on a computer, either by altering or deleting it. Worms, unlike viruses do not need

the host to attach themselves to. They merely make functional copies of themselves

and do this repeatedly till they eat up all the available space on a computer’s memory.

The VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus)

was reportedly written by a Filipino undergraduate.

In May 2000, this deadly virus became the world’s most prevalent virus. It struck one in

every five personal computers in the world. When the virus was brought under check

the true magnitude of the losses was incomprehensible. Losses incurred during this

virus attack were pegged at US $ 10 billion.

VBS_LOVELETTER utilized the addresses in Microsoft Outlook and e-mailed itself to

those addresses. The e-mail which was sent out had "ILOVEYOU" in its subject line.

The attachment file was named "LOVE-LETTER-FOR-YOU.TXT.vbs". People wary of

opening e-mail attachments were conquered by the subject line and those who had

some knowledge of viruses, did not notice the tiny .vbs extension and believed the file

to be a text file. The message in the e-mail was "kindly check the attached

LOVELETTER coming from me".

In addition, the Love Bug also uses the Internet Relay Chat (IRC) for its propagation. It

e-mails itself to users in the same channel as the infected user.

VBS_LOVELETTER first selects certain files and then inserts its own code in lieu of the

original data contained in the file. This way it creates ever-increasing versions of itself.

Probably the world’s most famous worm was the Internet worm let loose on the Internet

by Robert Morris sometime in 1988. The Internet was, then, still in its developing years

and this worm, which affected thousands of computers, almost brought its development

to a complete halt. It took a team of experts almost three days to get rid of the worm and

in the meantime many of the computers had to be disconnected from the network.

Logic bombs

These are event dependent programs. This implies that these programs are created to

do something only when a certain event (known as a trigger event) occurs. E.g. even

some viruses may be termed logic bombs because they lie dormant all through the year

and become active only on a particular date (like the Chernobyl virus).

Trojan attacks

A Trojan as this program is aptly called, is an unauthorized program which functions

from inside what seems to be an authorized program, thereby concealing what it is

actually doing.

There are many simple ways of installing a Trojan in someone’s computer. To cite an

example, two friends Rahul and Mukesh (names changed), had a heated argument over

one girl, Radha (name changed) whom they both liked. When the girl, asked to choose,

chose Mukesh over Rahul, Rahul decided to get even. On the 14th of February, he sent

Mukesh a spoofed e-card, which appeared to have come from Radha’s mail account.

The e-card actually contained a Trojan. As soon as Mukesh opened the card, the Trojan

was installed on his computer. Rahul now had complete control over Mukesh’s

computer and proceeded to harass him thoroughly.

Internet time theft

This connotes the usage by an unauthorized person of the Internet hours paid for by

another person. In May 2000, the economic offences wing, IPR section crime branch of

Delhi police registered its first case involving theft of Internet hours. In this case, the

accused, Mukesh Gupta an engineer with Nicom System (p) Ltd. was sent to the

residence of the complainant to activate his Internet connection. However, the accused

used Col. Bajwa’s login name and password from various places causing wrongful loss

of 100 hours to Col. Bajwa. Delhi police arrested the accused for theft of Internet time.

On further inquiry in the case, it was found that Krishan Kumar, son of an ex army

officer, working as senior executive in M/s Highpoint Tours & Travels had used Col

Bajwa’s login and passwords as many as 207 times from his residence and twice from

his office. He confessed that Shashi Nagpal, from whom he had purchased a computer,

gave the login and password to him. The police could not believe that time could be

stolen. They were not aware of the concept of time-theft at all. Colonel Bajwa’s report

was rejected. He decided to approach The Times of India, New Delhi. They, in turn

carried a report about the inadequacy of the New Delhi Police in handling cyber crimes.

The Commissioner of Police, Delhi then took the case into his own hands and the police

under his directions raided and arrested Krishan Kumar under sections 379, 411, 34 of

IPC and section 25 of the Indian Telegraph Act. In another case, the Economic

Offences Wing of Delhi Police arrested a computer engineer who got hold of the

password of an Internet user, accessed the computer and stole 107 hours of Internet

time from the other person’s account. He was booked for the crime by a Delhi court

during May 2000.

Web jacking

This occurs when someone forcefully takes control of a website (by cracking the

password and later changing it). The actual owner of the website does not have any

more control over what appears on that website. In a recent incident reported in the

USA the owner of a hobby website for children received an e-mail informing her that a

group of hackers had gained control over her website. They demanded a ransom of 1

million dollars from her. The owner, a schoolteacher, did not take the threat seriously.

She felt that it was just a scare tactic and ignored the e-mail.

It was three days later that she came to know, following many telephone calls from all

over the country, that the hackers had web jacked her website. Subsequently, they had

altered a portion of the website which was entitled ‘How to have fun with goldfish’. In all

the places where it had been mentioned, they had replaced the word ‘goldfish’ with the

word ‘piranhas’.

Piranhas are tiny but extremely dangerous flesh-eating fish. Many children had visited

the popular website and had believed what the contents of the website suggested.

These unfortunate children followed the instructions, tried to play with piranhas, which

they bought from pet shops, and were very seriously injured!

Theft of computer system

This type of offence involves the theft of a computer, some part(s) of a computer or a

peripheral attached to the computer.

Physically damaging a computer system

This crime is committed by physically damaging a computer or its peripherals. 

This is just a list of the known frauds in the cyber world.The unknown frauds might be

far ahead of these since the lawbreakers are always onestep ahead of lawmakers.

The categories of cyber-crime are:

Financial - crimes which disrupt businesses' ability to conduct 'e-commerce' (or electronic commerce).

Piracy - the act of copying copyrighted material. The personal computer and the Internet both offer new mediums for committing an 'old' crime. Online theft is defined as any type of 'piracy' that involves the use of the Internet to market or distribute creative works protected by copyright.

Hacking - the act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed.

Cyber-terrorism - the effect of acts of hacking designed to cause terror. Like conventional terrorism, `e-terrorism' is classified as such if the result of hacking is to cause violence against persons or property, or at least cause enough harm to generate fear.

Online Pornography - There are laws against possessing or distributing child pornography. Distributing pornography of any form to a minor is illegal. The Internet is merely a new medium for this `old' crime, but how best to regulate this global medium of communication across international boundaries and age groups has sparked a great deal of controversy and debate.

In Schools - While the Internet can be a unique educational and recreational resource for students, it is important that they are educated about how to safely and responsibly use this powerful tool. The founding goal of B4USurf is to encourage empowering the young through knowledge of the law, their rights, and how best to prevent misuse of the Internet.

Types of Internet Fraud

Fraud can be classified into two: Offline fraud and Online fraud. Most offline fraud incidences happen as a result of theft of your mail, sensitive information related to your bank or credit card accounts, stolen atm/debit/credit cards, forged/ stolen cheques etc. You can protect yourself from such instances by exercising caution while receiving, storing and disposing your account statements as well as your cheques, atm/debit and credit cards. Online fraud occurs when someone poses as a legitimate company (that may or may not be in order to obtain sensitive personal data and illegally conducts transactions on your existing accounts. Often called “phishing”(An online identity theft scam. Typically, criminals send emails that look like they're from legitimate sources, but are not. The fake messages generally include a link to phony, or spoofed, websites, where victims are asked to provide sensitive personal information. The information goes to criminals, rather than the legitimate business.) Or “spoofing” (An online identity theft scam. Typically, criminals send emails that look like they're from legitimate sources, but are not (phishing). The fake messages generally include a link to phony, or spoofed, websites,

where victims are asked to provide sensitive personal information. The information goes to criminals, rather than the legitimate business.) , the most current methods of online fraud are usually through fake emails, Web sites and pop-up windows , or any combination of such methods.

The main objective of both offline as well as online fraud is to steal your ‘identity'. This phenomenon is commonly known as "identity theft". Identity theft (A criminal activity where a thief appropriates vital information such as your name, birth date, account number, or credit card number without your knowledge) occurs when someone illegally obtains your personal information — such as your credit card number, bank account number, or other identification and uses it repeatedly to open new accounts or to initiate transactions in your name.

Identity theft can happen even to those who do not shop, communicate, or transact online. A majority of identity theft occurs offline. Stealing wallets and purses, intercepting or rerouting your mail, and rummaging through your trash are some of the common tactics that thieves can use to obtain personal information. The more you are aware about identity theft the better prepared you will be.

Types of Fraud in Detail Phishing Emails

Every user of the Internet should be aware about the common attempts of fraud through means like ‘phishing' or 'spoofing'. 'Phishing' is an attempt by fraudsters to 'fish' for your banking details. 'Phishing' attempts usually appear in the form of an email appearing to be from your bank. Within the email you are then usually encouraged to click a link to a fraudulent log on page designed to capture your details. Email addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to

be from your Bank, this does not mean that your email address, name, or any other information has been taken from the bank.

Although they can be difficult to spot, ‘phishing' emails generally ask you to click on a link which takes you back to a spoof web site that looks similar to your bank's website, wherein you are asked to provide, update or confirm sensitive personal information. To prompt you into action, such emails may signify a sense of urgency or threatening condition concerning your account. The information most commonly sought through such means are:

• Your PIN numbers

• Your Internet Banking Passwords

• You Bank Account/Credit Card/Debit Card number

• Other verification parameters, like; your date of birth, mother's maiden name etc. Some fake emails may also contain a virus known as a “Trojan horse” that can record your keystrokes or could trigger background installations of key logging software or viruses onto your computer. The virus may live in an attachment or be accessed via a link in the email. Never respond to

emails, open attachments, or click on links from suspicious or unknown senders. If you're not sure if a email sent by your Bank is legitimate, Report it to your Bank, without replying to the email.

Counterfeit Web sites Online thieves often direct you to fraudulent Web sites via email and pop-up windows and try to collect your personal information. One way to detect a phony Web site is to consider how you arrived there. Generally, you may have been directed by a link in a fake email requesting your account information. However, if you type, or cut and paste, the URL into a new Web browser window and it does not take you to a legitimate Web

site, or you get an error message, it was probably just a cover for a fake Web site. Cyber Cafe Security If you are accessing any website (including your bank wesite) from cyber cafe, any shared computer or from a computer other than that of your own, please change your passwords after such use from your own PC at workplace or at home. It is very important to do so especially when you have entered your transaction password from such shared computer or cyber cafe computer. Change these Passwords from your own PC at workplace or at house. Email Fraud Beware of fraudulent e-mails requesting online banking security details! Internet Banking is a safe way to manage your money. However, there are Internet fraudsters around who will try to gain access to your accounts by e-mailing you and prompting you to disclose your on-line banking security details to them. Banks will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details, you should not respond. Please note Your Bank is NOT liable for any loss arising from your sharing of your User Ids, passwords, cards, card numbers or PINs with anyone, NOR from their consequent unauthorized use. How do fraudulent e-mails work? Typically you will receive an e-mail claiming to be from your bank, either requesting your security details (perhaps as part of an update or confirmation process) or asking you to follow a link to a site where you will be encouraged to provide a range of information such as your credit card number, personal identification number (PIN), passwords or personal information, such as mother's maiden name. Clicking on the link then takes you to a fake website, designed to look like that of your bank, but operated by the fraudster. Fraudulent e-mails and websites can be very convincing and fraudsters are continually inventing new approaches to get you to divulge your security details. Treat all unsolicited emails with caution and never click on links from such emails and enter any personal information. If you have replied to a suspicious e-mail and provided personal or sensitive information about your account, please call your Bank Customer Care or write to the Bank Director giving all details.

Cyber BullyingHarassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet.Drug TraffickingBelieve it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.

5.1 INTRODUCTION

When the computer starts, it starts the operating system that takes the control of the machine. An Operating System is a set of programs that help in controlling and managing the Hardware and the Software resources of a computer system. A good operating system should have the following features;

1. Help in the loading of programs and data from external sources into the internal memory before they are executed.

2. Help programs to perform input/output operations, such as;

o Print or display the result of a program on the printer or the screen.

o Store the output data or programs written on the computer in storage device.

o Communicate the message from the system to the user through the VDU.

o Accept input from the user through the keyboard or mouse.

5.2 OBJECTIVES

At the end of this lesson, you would be able to;

explain the concept operating system discuss the functions of operating system understand the procedures of loading operating system into the memory use file management features of operating system create separate locations for logically related files copy files from one computer to another use Windows for File Management

5.3 DISK OPERATING SYSTEM

As the name suggests, the operating System is used for operating the system or the computer. It is a set of computer programs and also known as DOS (Disk Operating System). The main functions of DOS  are to manage disk files, allocate system resources according to the requirement. DOS provides features essential to control hardware devices such as Keyboard, Screen, Disk  Devices,  Printers, Modems and programs.

Basically, DOS is the medium through which the user and external devices attached to the system communicate with the system. DOS translate the command issued by the user in the format that is understandable by the computer and instruct computer to work accordingly. It also translates the result and any error message in the format for the user to understand.

 

(a) Loading of DOS

The BOOT Record into the computer memory loads DOS. BOOT Record in turn is triggered by ROM program already there in the computer.

The system start-up routine of ROM runs a reliability test called Power On  Self Test (POST) which initializes the chips  and  the standard equipment attached to the PC, and check whether peripherals connected to the computer are working or not. Then it tests the  RAM memory. Once this process is over, the ROM  bootstrap loader attempts to read the Boot record and if successful, passes the  control  on  to it. The instructions/programs  in  the  boot record  then load the rest of the program. After  the  ROM  boot strap  loader  turns the control over to boot record,  the  boot tries to load the DOS into the memory by reading the  two hidden  files IBMBIO.COM and IBMDOS.COM. If these two are  found, they   are   loaded  along with  the DOS command interpreter COMMAND.COM. COMMAND.COM contains routines that interpret what is typed  in through the keyboard in the DOS command mode. By comparing  the input with the list of command, it acts by  executing the  required routines/commands or by searching for the  required routine utility and loads it into the memory.

5.4 COMPUTER FILES IN DOS BREAKCALL CHCP CLS COPY CTTY DATE DEL(ERASE) DIR EXITFOR GOTO IF PATHPAUSE PROMPT REM RENAME(REN) SHIFT TIME TYPE VER VERIFY VOLAPPEND.EXE ASSIGN.COM ATTRIB.EXE BACKUP.EXE CHKDSK.EXE COMMAND.COM COMP.EXE GRAFTABLE.COM GRAPHICS.COM HELP.EXE JOIN.EXE KEYB.COM LABEL.EXE MEM.EXE MIRROR.COM MODE.COM MORE.COM NLSFUNC.EXE PRINT.EXE QBASIC.EXE RECOVER.EXE REPLACE.EXE RESTORE.EXE SETVER.EXE SHARE.EXE SORT.EXE SUBST.EXE SYS.COM TREE.COM UNDELETE.EXE UNFORMAT.COM XCOPY.EXE

A  file may contain a program or any other kind  of  information. Generally, a file must be given a name that can be used to  identify it. DOS permits the user to assign a name consisting of  two parts  to a file - primary and secondary names. Primary name  can be  of  a maximum of eight

characters consisting  of  Characters, Alphabets, Number  and Hyphen), and the  Secondary name  should consist of three characters, which is optional. The primary  name and the secondary (or extension) name, if any, are to be separated  by  a  dot (.).In MS-DOS there are two ways commands are executed. An Internal command, which is a command embedded into the command.com file, and an external command, which is not embedded into command.com and therefore requires a separate file to be used.

For example, if your computer does not have fdisk.exe and you try using the fdisk command, you would receive an error "Bad command or file name." Fdisk is an external command that will only work if fdisk.exe, or in some cases, fdisk.com, is present.However, as long as MS-DOS is running on your computer internal commands such as the cd command will always be available and does not require any other files to run.

Computer Hope's MS-DOS page lists what commands are external and what are internal on each of the command pages

Primary name can be linked  to  proper  name, whereas  extensions are like surnames of people. Using an  extension with the file name is preferable, though optional.  However, once the extension is specified, using the complete name (primary name and extension, with the period separating them can only refer the file). Using extensions can be an excellent way of naming a file so that it can be identified easily. DOS Internal Commands

The DOS (Windows 9x) internal commands are so-called because their instructions are a part of COMMAND.COM, the DOS (Windows 9x) command line interpreter. 

Recall that COMMAND.COM is placed into memory each time the DOS or Windows 9x OS is booted. Thefore, the internal commands are always in memory and can always be executed from any command line prompt. 

This is in contrast to the disk-bound external commands, which reside in secondary memory up until the moment they are needed, at which time the OS must find them and load them into primary memory. 

The syntax for some frequently used internal commands follows.

TIME Displays current time and allows it to be changed. Syntax: TIME

DATE

Displays current date and allows it to be changed. Syntax: DATE

CLS Clears the screen. Syntax: CLS

DIR Shows directory information of a diskette: name, size, and the date and time stamp of files.

Syntax: DIR [d:][path] Optional switches: /p Display dir info and pauses display when the screen is full /w Display names and extensions only in five columns

To display a file directory listing for D:\LET\ANNUAL D:\LET\ANNUAL>DIR (from D:\LET\ANNUAL) D:\DATA>DIR \LET\ANNUAL (from D:\DATA) C:\WINDOWS>DIR D:\LET\ANNUAL (from C:\WINDOWS)

<="" a=""> COPY Copies a file. Name of copy may be the same as original, or different. Syntax: COPY [d:][path][name.ext] [d:][path][name.ext] Optional switches: /v Verify, copies the file and compares it with the original /b Binary file

The Role of Firewalls A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions

A firewall is a term used for a ``barrier'' between a network of machines and users that operate under a common security policy and generally trust each other, and the outside world. In recent years, firewalls have become enormously popular on the Internet. In large part, this is due to the fact that most existing operating systems have essentially no security, and were designed under the assumption that machines and users would trust each other.

There are two basic reasons for using a firewall at present: to save money in concentrating your security on a small number of components, and to simplify the architecture of a system by

restricting access only to machines that trust each other. Firewalls are often regarded as some as an irritation because they are often regarded as an impediment to accessing resources. This is not a fundamental flaw of firewalls, but rather is the result of failing to keep up with demands to improve the firewall.

There is a fairly large group of determined and capable individuals around the world who take pleasure in breaking into systems. Other than the sense of insecurity that it has instilled in society, the amount of actual damage that has been caused is relatively slight. It highlights the fact that essentially any system can be compromised if an adversary is determined enough. It is a tried and true method to improve security within DOD projects to have a ``black hat'' organization that attempts to break into systems rather than have them found by your real adversaries. By bringing the vulnerabilities of systems to the forefront, the Internet hackers have essentially provided this service, and an impetus to improve existing systems. It is probably a stretch to say that we should thank them, but I believe that it is better to raise these issues early rather than later when our society will be almost 100% dependent on information systems.

1. A wizard is a computer utility designed to simplify the execution of lengthy or complicatedtasks. In a graphical user interface (GUI), a wizard consists of a sequence of menus through which the user navigates in order to achieve a specific objective such as copying files and folders from a hard disk to a CD-Ror CD-RW.

2. In computing and Internet applications, the term wizard is sometimes used in reference to a human hacker or expert user. Wizards are often specialists. A person who is a wizard in a single field such as Unix programming may lack knowledge in other fields such ashardware engineering.

3. In general usage, a wizard is a person who has such exceptional knowledge or expertise in a certain field that he or she appears to possess almost supernatural ability.