CPE103 Introduction to

Computer Engineering

Computer Network (2)

Internet and Cybersecurity

Dr. Bilal Yousfi

Lecture 09
 “Cybersecurity is not just about
protecting data; it’s about
protecting people.”

2
 As we connect more, we must
protect more

3
WWW Malware DDoS
IPv4 Virus Brute Force
IPv6 Worm Black Hat
URL Trojan White Hat
DNS Ransomware Grey Hat
Cybersecurity Phishing Proxy Server

4
What is internet?
 Internet

▪ A world wide connection of networks

▪ Internet is public → Internet is network of networks → Internet is
global
▪ It is a worldwide collection of interconnected networks.
▪ It is a concept, not something tangible.
▪ It relies on a physical infrastructure (computers, devices,
hardware, servers, service providers) that allows
networks and individual devices to connect to other
networks and devices.
The Internet &
The WWW
WWW explanation

• It is a part of the internet that users can access using

web browser software.
• It consists of a massive collection of web pages, all
stored on web servers.
• Uniform resource locators (URLs) are used to specifiy
the location of web pages.
▪ There are around 1.13 billion websites globally, with about 350.4 million registered in
the U.S. and 11.1 million in the UK.
▪ The country-code top-level domain “.tr” has about 1,303,091 registered domains as of
March 2025.
Intranet VS Extranet
Intranet Extranet
▪ A private network used only inside ▪ An extranet is a private network that
an organisation. allows selected external users to
▪ Provides similar services to the access part of an organisation’s
Internet (web pages, email, file intranet.
sharing). ▪ It connects the company to suppliers,
▪ Not public — only authorised users customers, and business partners.
can access it. ▪ Access is restricted, secure, and
▪ Access is from the local network controlled by the organisation.
or through secure login. ▪ These outside users cannot see
▪ Information is controlled, everything — only what the company
managed, and more secure. allows.
11
IP Address
IP Address: IPv4 vs IPv6
What is an IP Address?
A unique number assigned to every device on a network so it can communicate with other
devices.
IPv6 (Internet Protocol Version 6)
IPv4 (Internet Protocol Version 4) ▪ Uses 128-bit addressing
▪ Uses 32-bit addressing ▪ Written as 8 groups of hexadecimal
▪ Written as four numbers numbers
separated by dots Example:
Example: [Link] [Link]
334
▪ Total addresses: 4.3 billion
▪ Total addresses: 340 undecillion+
▪ Most commonly used today
▪ Running out of available Why IPv6 is Needed
addresses ▪ Increasing number of devices (phones,
IoT, sensors)
▪ IPv6 improves speed, security, and future
scalability
 Web Pages
, URL And DNS
From Internet to Web
A layered revolution in information sharing.

The Internet The World Wide Web Web Pages

The global infrastructure of › An application layer built on top, using › Individual documents linked by URLs.
interconnected networks. HTTP.

The Web revolutionized information sharing by creating a unified system of hyperlinks and URLs on top of the Internet's
infrastructure.
What is a Web Page?
▪ A web page is a document stored on a web server and accessed through the Internet.
▪ Every web page has a unique address (URL)

A web page is a text file

structured with HTML, styled by
CSS, and animated by JavaScript.
 What is a URL?
• URL stands for Uniform resource locators.
• URLs are text addresses used to access websites.
• URLs are basically just IP addresses.

Protocol Domain Domain Domain File

Host Name Type name
Path
 Root Zone (.)
Purpose of Top-Level Domains

▪ The TLD is the rightmost suffix in a Top-Level Domain (TLD)

domain name, sitting at the DNS root .com, .org, .tr, .edu

zone.
▪ It enables global delegation and
Second-Level Domain (SLD)
policy control, while helping users karabuk, google, wikipedia

infer a site's purpose or location.

Key Function: Categorization & Delegation Subdomain / Hostname

mymachine, www, mail
 Country-Code TLDs (ccTLDs)
Two-letter ISO codes managed by national registries, signaling geographic relevance and often subject to
local presence rules.

.tr .uk .jp

They often support native language scripts, fostering regional identity and trust.
 Generic TLD Categories (gTLDs)

.com .edu
Commercial Educational
The most common TLD for Restricted to accredited
businesses. institutions.

.org .gov
Non-profit Government
Traditionally for non-commercial Restricted to governmental
organizations. entities.
 Flow to retrieve a web page
Domain Name Server
DNS server

▪ A system for finding IP [Link]

addresses for a domain name

given in a URL. [Link]
▪ DNS servers contain a
database of URLs with the [Link]

matching IP addresses.
▪ URLs and DNS eliminate the HTML

<h1> .... </h1>

need for a user to memorise Web server

IP addresses.
DNS Server
[Link] [Link]
Cybersecurity?
What Is a Cybersecurity?

Cybersecurity is the study of how to protect computers, networks, systems, and

data from attacks, damage, or unauthorized access.

Increasing Complexity → Increases Vulnerability

The Growing Complexity of Computing Environments

❑ Interconnected Systems: Networks, computers, operating systems,
applications, websites, switches, routers, and gateways.
❑ Driven by Code: Hundreds of millions of lines of code power these systems.

o More devices = More entry points .

o Increased risk of security breaches.

23
Why Study Cybersecurity?

Importance
▪ Cyber attacks are increasing every year
▪ Every organization needs cybersecurity
▪ Protects personal and business data
▪ Helps prevent financial and security risks

Benefits for Students

▪ High-demand career field
▪ Great salary potential
▪ Useful skills for any IT or engineering job
▪ Builds strong problem-solving and critical thinking

24
Common cyber
threats
Can you guess my Password?
Brute-Force

Definition
A trial-and-error method to crack passwords by
attempting all possible character combinations until
the correct password is found.

Mechanism
Automated software rapidly tests common
passwords first, then systematically tries every
possible combination of characters.

Defense
Strong Passwords: Use long passwords with
letters, numbers, and symbols

Rate Limiting: Lock accounts after failed attempts

MFA:Multi-Factor Authentication is most effective
Mechanics of Brute-Force Attacks
A 'trial and error' method to crack passwords by trying all possible combinations.

→ →
1. Dictionary Attack 2. Systematic Guessing 3. Success
Uses common passwords and Tries all combinations of letters, The process repeats until the
leaked credentials first. numbers, and symbols. correct password is found.

The longer and more complex a password, the harder it is to crack.

Distributed Denial of Service:

Definition
Distributed Denial of Service: Overwhelming a server
with traffic from multiple compromised computers
(botnet) to prevent legitimate access.

Mechanism
Attackers use malware to control thousands of
computers, forcing them to send requests to a target
server simultaneously, exceeding its capacity.

Defense
Traffic Filtering: Use specialized services to
distinguish legitimate traffic
Load Balancing: Distribute traffic across multiple
servers
Rate Limiting: Throttle requests from suspicious
sources
 DDoS Attack: Overwhelming the System

→ →
Target Server
Innocent User Denial of Service
(Finite Resources)

Distributed Denial of Service (DDoS): A criminal uses a botnet to force thousands of computers to send requests,
overloading the server and blocking legitimate users.

Sorry
can't do
x100000 it!
Data Interception: Sniffing & Eavesdropping

Attackers use packet sniffers to capture and

examine data packets sent over a network,
stealing information in transit.

Unencrypted Wi-Fi
Open networks are like public conversations;
anyone can listen.

Compromised Switches
Attackers can configure switches to send
them a copy of all traffic.

Legacy WEP
This outdated encryption can be cracked in
minutes, exposing all data.
Simple Difference
Aspect Sniffing Eavesdropping
Listening in on private
Meaning Capturing network traffic
communication
Stealing or spying on
Purpose Technical monitoring or attack
information
Any communication (network,
Scope Network packets
voice, chat)
Legality Can be legal if authorized Illegal without permission
Interception tools, malware,
Tools Wireshark, tcpdump
spyware
 Encryption: Your Data's Shield
Modern encryption protocols render intercepted data meaningless to
attackers.

WPA3 TLS 1.3 VPN Tunneling

Latest Wi-Fi security Secure web browsing Secure data in transit

Key Features: Forward Secrecy ensures past communications remain secure even if keys are compromised, and
Authenticated Encryption ensures data integrity.
Hacking

Gaining illegal access to a computer system without

permission to delete, alter, or corrupt data.

Defense Strategies
Firewalls: Deploy network firewalls and intrusion
detection systems
Strong Passwords: Use complex, unique
passwords with MFA
Security Audits: Regular testing and vulnerability
assessments
 The Hacker Hat Spectrum

Black Hat Gray Hat White Hat

Hackers who break into systems Hackers who find vulnerabilities without Ethical hackers who test systems
illegally for money, personal gain, permission. Their actions may not be with permission and report
or malicious intent malicious, but they still break rules.. weaknesses to improve security.
 Hacking: Common Entry Points
An initial foothold can lead to privilege escalation and lateral movement, compromising the entire network.

Exposed RDP SQL Injection Credential Stuffing

Remote Desktop Protocol left open to the Exploiting vulnerabilities in web application Using leaked username/password pairs from
internet. code. other sites.

A single vulnerability can lead to a domain-wide compromise.

 Malware = Malicious Code Software

Malware refers to software programs that are intentionally created

to damage a computer, disrupt operations, or steal data from a
system.

There are several types of malware:

Trojan
Virus Worm Spyware Rootkit Ransomware
Horse
 Virus

▪ A virus is a program or program code that can self-replicate and

is created to delete files, corrupt data, or cause a computer to
malfunction.
▪ A virus needs an active host program or an already-infected
operating system before it can run, replicate, and cause harm.
▪ Viruses commonly spread through email attachments, infected
websites, or infected software downloaded by the user.
Trojan Horse

▪ Malware that looks like safe or legitimate software but performs

harmful actions when the user runs it.
▪ How it Works:
▪ Appears harmless (e.g., email attachment or file from an
untrusted website).
▪ Hides malicious code or replaces real software.
▪ Consequences:
▪ Gives attackers access to sensitive information (passwords, IP
address, personal data).
▪ Can install other malware such as spyware or ransomware.
 Worm Spyware

▪ A worm is stand-alone malware ▪ Spyware is software that monitors

that can self-replicate without a user’s activities and secretly
needing a host program. collects information from their
▪ It spreads automatically across computer.
computers and networks without ▪ The stolen data (such as bank
user action. details, passwords, or card
▪ Worms keep copying themselves numbers) is sent back to the
until they use up system cybercriminal who created the
resources, causing devices to spyware.
slow down, crash, or fail. ▪ Spyware can be found and
removed using anti-spyware
tools.
Ransomware and Rootkits: Critical Threats

Ransomware Rootkits

Mechanism Mechanism
Encrypts all files on a user's computer, A set of programs that gain and maintain
rendering them completely inaccessible to administrator-level access to a computer
the legitimate owner. without the user's knowledge or consent.

Impact Challenge
Data is held hostage. Cybercriminals Extremely difficult to detect because rootkits
demand a ransom (usually in can hide themselves and subvert the operating
cryptocurrency) for the decryption key. system's monitoring tools.

Best Defense Best Defense

Regular, offline backups are the only reliable When confirmed, the only solution is to
recovery method. Never pay ransoms. reformat the disk and reinstall the operating
system completely.
Phishing and Pharming Attacks

Phishing Pharming

Email-Based Deception DNS-Based Redirection

Sending legitimate-looking emails designed to trick Redirecting users from a genuine website to a
recipients into revealing personal details or clicking fake one by manipulating the DNS server, often
malicious links. without user interaction.
Mechanism: Emails contain links or attachments Mechanism: Attackers compromise DNS
that direct users to fake websites mimicking servers or modify host files to redirect traffic to
legitimate services. fraudulent sites.
Goal: Steal login credentials, financial information, Goal: Collect login details and sensitive
or install malware. information from unsuspecting users.

How to Prevent and Detect

Verify URLs: Always check the address bar for Email Inspection: Be suspicious of generic greetings
HTTPS and correct domain names. and urgent requests for personal information.

Hover Over Links: Check where links actually Update DNS: Use trusted DNS providers and keep
lead before clicking. systems patched.
Examples:
Social Engineering: Exploiting Trust
The use of psychological manipulation to influence individuals into revealing sensitive information
or performing actions that compromise security.

Scareware Baiting Pretexting

Fake pop-ups claiming your Leaving infected USB drives or Creating a false story (e.g.,
computer is infected to pressure you devices in public areas, hoping pretending to be IT support) to
into downloading harmful software. someone plugs them in. convince users to share information.

Smishing Vishing
SMS messages containing malicious Phone calls impersonating trusted
links or requests for personal data. organizations to obtain sensitive
information.

Why It Works Exploited Emotions

Social engineering succeeds because it targets the human Fear Curiosity
element—the weakest link in any security system. Technical Empathy Trust
defenses cannot protect against psychological manipulation.
Threat and Defense Summary

Threat Type Primary Goal Best Defense Strategy

Brute-Force Crack passwords through with strong, unique

systematic attempts Multi-Factor Authentication (MFA)
passwords

DDoS Deny legitimate users access

to services Traffic Filtering and load balancing with rate limiting

Data Interception Steal data in transit over

Encryption (HTTPS/VPN) and avoiding public Wi-Fi
networks

Ransomware Encrypt data and demand

Offline Backups and never paying ransoms
ransom payment

Phishing Steal credentials through and URL verification before clicking

deceptive emails Email Check

Social Engineering Exploit human trust and Skepticism & on psychological manipulation tactics
emotions Training
Security Tools and Technologies
Essential defensive technologies that protect systems and data from cyber threats.

Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on
predetermined security rules.
Function:
Blocks unauthorized access, prevents malware from communicating with external servers.

Antivirus Software
Scans files and programs for known malware signatures and suspicious behavior patterns on individual
computers.
Function:
Detects, quarantines, and removes viruses, trojans, and malware.

Encryption
Converts data into an unreadable format using mathematical algorithms, requiring a decryption key to access
the original data.
Function:
Protects sensitive data at rest and in transit, ensures data confidentiality.
 IDS/IPS
Intrusion Detection/Prevention System that monitors network traffic for suspicious activity and malicious
patterns.
Function:
Detects attacks in real-time and automatically blocks malicious traffic.

VPN
Virtual Private Network that encrypts all internet traffic and routes it through secure servers, masking your
IP address.
Function:
Protects data from interception on public networks and provides anonymity.

Proxy Server
An intermediary server that acts as a gateway between users and the internet, masking the user's IP
address and filtering traffic.
Function:
Provides anonymity, filters content, caches data, and controls access.
 AI-Driven Defense
Leveraging Machine Learning to enhance threat detection and automate responses.

Predictive Analytics Automated Response Reduced False Positives

AI studies large amounts of data
AI can block threats AI makes threat detection more
to spot unusual behavior and
automatically, update security accurate, so security teams only
predict attacks before they
rules, and react faster than focus on real, important alerts..
happen.
humans.
Questions & Discussion