Class XII · Chapter 12Unit 2, Computer Networks (10 marks shared with Ch 10, 11)9 min read
Chapter 12: Security Aspects
CBSE Unit: Unit 2, Computer Networks (10 marks shared with Ch 10, 11) Marks Weightage: ~2-3 marks (partial syllabus coverage) Priority: MEDIUM, theory-based, definitions and short notes
Key Concepts
12.1 Threats and Prevention
- Network security = protection of device and data from illegitimate access or misuse
- Threats = ways to exploit vulnerability/weakness in a network/communication system, A standalone computer (no network) is safest but impractical
12.2 Malware (MALicious softWARE)
Software developed with an intention to damage hardware, steal data, or cause trouble.
Types of Malware
| Malware | Description | Spread Method | Key Feature |
|---|---|---|---|
| Virus | Malicious code that copies itself into programs | Contact with infected files; activated when user opens infected file | Needs a host program; requires human triggering |
| Worm | Standalone malicious program | Self-replicates through network automatically | No host needed; self-replicating without human trigger |
| Ransomware | Blocks/encrypts user data, demands ransom | Various | Demands payment (often cryptocurrency); Example: WannaCry (2017) |
| Trojan | Looks like legitimate software | User installs it thinking it is genuine | Does NOT self-replicate; spreads through user interaction |
| Spyware | Secretly gathers user information | Installed without knowledge | Tracks internet usage, credit card info, passwords |
| Adware | Displays unwanted advertisements | Pop-ups, web pages, installation screens | Generates revenue via ads/"pay per click" |
| Keylogger | Records keyboard keystrokes | Software or hardware | Captures passwords, emails, private conversations |
Virus vs Worm (Critical Difference)
| Feature | Virus | Worm |
|---|---|---|
| Host Program | Needs a host program | Standalone, no host needed |
| Replication | Requires human trigger (opening infected file) | Self-replicates through network |
| Spread | Through infected files/programs | Through network connections automatically |
| Examples | CryptoLocker, ILOVEYOU, MyDoom | Storm Worm, Sobig, MSBlast, Code Red |
Virtual Keyboard vs On-Screen Keyboard
| Feature | On-Screen Keyboard | Online Virtual Keyboard |
|---|---|---|
| Layout | Fixed QWERTY layout | Randomized layout each time |
| Security | Can be exploited by keylogger software | Difficult for keylogger to record (keys change position) |
12.3 Modes of Malware Distribution
- Downloaded from Internet: Disguised as free software/tools
- Spam Email: Unsolicited emails with malicious hyperlinks/attachments
- Removable Storage Devices: Pen drives, SSD cards, music players
- Network Propagation: Worms spreading through network connections
12.4 Signs of Malware Infection, Frequent pop-up windows, Changes to browser homepage, Mass emails sent from your account, Unusually slow computer with frequent crashes, Unknown programs startup automatically, Programs opening/closing automatically, Sudden lack of storage space, Random messages, sounds, or music, Programs/files appearing or disappearing
12.5 Preventive Measures Against Malware, Use and regularly update antivirus/anti-malware software, Configure browser security settings, Check for lock button in address bar during payments, Use FOSS (Free and Open Source Software) instead of pirated software, Apply software updates and patches, Take regular backup of important data, Enable firewall protection, Avoid sensitive data entry on unknown/public computers or networks, Do not click links in unsolicited emails, Scan removable storage devices before use, Never share passwords/PINs, Remove unrecognized programs
12.6 Antivirus, Software for prevention, detection, and removal of malware, Originally developed for viruses only; now handles wide range of malware
Methods of Malware Identification
| Method | How It Works |
|---|---|
| Signature-based Detection | Uses Virus Definition File (VDF) containing known virus signatures; must be updated regularly; fails against polymorphic malware or encrypted code |
| Sandbox Detection | Executes suspicious file in virtual environment; observes behavior; safe but slow |
| Data Mining Techniques | Uses ML/data mining to classify behavior as benign or malicious |
| Heuristics | Compares source code with known viruses in heuristic database; flags if majority matches |
| Real-time Protection | Anti-malware runs in background; monitors behavior of running applications continuously |
12.7 Spam, Unwanted/unsolicited digital communications (email, messaging, forums, ads)
- Email spam = most common form, Email services (Gmail, Hotmail) have automatic spam detection, Users can manually mark emails as "spam"
12.8 HTTP vs HTTPS
| Feature | HTTP | HTTPS |
|---|---|---|
| Full Form | HyperText Transfer Protocol | HyperText Transfer Protocol Secure |
| Encryption | No encryption; data sent as-is | Encrypts data before transmission; decrypts at receiver |
| Security | Vulnerable to attacks | Secure |
| Use Case | Public websites (news, blogs) | Banking, personal information, passwords |
| Certificate | Not required | Requires SSL Digital Certificate |
12.9 Firewall, Network security system protecting trusted private network from unauthorized external access, Can be implemented in software, hardware, or both
- Acts as first barrier against malware, Monitors and controls incoming and outgoing traffic based on predefined security rules
Types of Firewall
| Type | Placement | Function |
|---|---|---|
| Network Firewall | Between two or more networks | Monitors traffic between different networks |
| Host-based Firewall | On a specific computer | Monitors traffic to and from that computer |
12.10 Cookies, Small file/data packet stored by a website on the client's computer
- Edited only by the website that created it, Used to store: items in cart, login credentials, language preferences, search queries, browsing history
Types of Cookies
| Type | Purpose |
|---|---|
| Session Cookies | Track current session; auto-terminate on timeout (banking sites) |
| Authentication Cookies | Check if user previously logged in (no re-login needed) |
| Auto-fill Cookies | Store name, address, contact for form auto-fill |
Threats from Cookies
- Supercookies: Malware disguised as cookies
- Zombie Cookies: Recreate themselves after being deleted
- Third-party Cookies: Share user data without consent for advertising/tracking
12.11 Hackers and Crackers
| Type | Intent | Description |
|---|---|---|
| White Hat (Ethical Hacker) | Good | Security experts hired to find and fix vulnerabilities |
| Black Hat (Cracker) | Malicious | Break law, exploit flaws, disrupt security |
| Grey Hat | Neutral | Hack for fun/challenge, not for monetary/political gain |
| Hacktivist | Political/Social | Hack to bring about political or social change |
12.12 Network Security Threats
Denial of Service (DoS), Attacker floods victim resource (server/website) with illegitimate traffic, Makes resource appear busy and unavailable to legitimate users, Can target: websites, email servers, network storage, Recovery: restarting crashed server (but flooding attack harder to recover from)
Distributed Denial of Service (DDoS), DoS attack from multiple compromised computers (Zombies) distributed globally, Attacker uses Bot (malware) installed on Zombie machines, Network of Zombies = Bot-Net
- Much harder to resolve than simple DoS (attack from multiple distributed locations)
| Feature | DoS | DDoS |
|---|---|---|
| Source | Single source | Multiple distributed sources (Zombies/Bot-Net) |
| Blocking | Can block single source | Very difficult to block |
| Scale | Limited | Large scale |
Network Intrusion, Any unauthorized activity on a computer network, Includes: DoS, Trojans, Worms, and other attacks
Types of Intrusion Attacks:
- Asymmetric Routing: Attacker sends packets through multiple paths to bypass detection
- Buffer Overflow: Overwrites memory areas with malicious code; executed when overflow occurs
- Traffic Flooding: Floods intrusion detection system, making it incapable of monitoring
Snooping (Sniffing)
- Secret capture and analysis of network traffic, Traffic packets captured, analyzed, reproduced, and placed back, Can also be used legitimately by network admins for troubleshooting, If data is unencrypted, it is vulnerable to snooping
Eavesdropping
- Unauthorized real-time interception of private communication, Targets: phone calls (VoIP), instant messages, video conferences, fax, Digital devices with microphone/camera can be hacked for eavesdropping
Snooping vs Eavesdropping
| Feature | Snooping | Eavesdropping |
|---|---|---|
| Timing | Captured and stored for later analysis | Real-time interception |
| Target | General network traffic | Private communication channels |
| Analogy | Making a copy of a letter | Listening to a conversation with hidden microphone |
Important Definitions
- Malware: Malicious software designed to damage/steal/disrupt
- Virus: Malware that needs a host program and human trigger to spread
- Worm: Standalone malware that self-replicates through networks
- Ransomware: Malware that blocks/encrypts data and demands payment
- Trojan: Malware disguised as legitimate software
- Spyware: Malware that secretly gathers user information
- Adware: Malware displaying unwanted advertisements for revenue
- Keylogger: Software/hardware that records keystrokes
- Firewall: Network security system that monitors and controls traffic
- Cookie: Small data file stored by websites on client computer
- Spam: Unwanted/unsolicited digital communication
- DoS: Attack that floods resources making them unavailable
- DDoS: Distributed DoS from multiple compromised computers
- Snooping/Sniffing: Secret capture and analysis of network traffic
- Eavesdropping: Real-time interception of private communication
Common Board Exam Question Patterns
- Define/differentiate malware types (2-3 marks): Virus vs Worm, DoS vs DDoS, Snooping vs Eavesdropping
- What is a firewall? (1-2 marks): Definition + types (Network vs Host-based)
- HTTP vs HTTPS (2 marks): Differences and when to use which
- Types of hackers (2 marks): White hat, Black hat, Grey hat
- Name malware type from description (1 mark): Given a scenario, identify the malware
- Preventive measures (2 marks): List measures against malware
- Explain cookies (2 marks): What are cookies, types, threats
- Short note on antivirus methods (2 marks): Signature-based, Sandbox, Heuristics
- How does ransomware work? (1-2 marks): WannaCry example
- Virtual keyboard vs on-screen keyboard (1-2 marks): Security difference
Key Points Students Miss
- Virus needs host + human trigger; Worm is standalone + self-replicating, most important distinction
- Trojan does NOT self-replicate unlike virus and worm
- DoS = single attacker; DDoS = multiple distributed attackers (Bot-Net/Zombies)
- Snooping = stored for later; Eavesdropping = real-time, key timing difference
- HTTP sends data as-is; HTTPS encrypts data, look for HTTPS during banking
- Firewall can be software, hardware, or both
- Zombie cookies recreate after deletion (tricky exam question)
- Online virtual keyboard randomizes layout (safer than fixed on-screen keyboard)
- Antivirus VDF (Virus Definition File) must be regularly updated to be effective
- Cookie is stored on client computer, NOT on the server
- Spam is NOT just email, applies to messaging, forums, chatting, ads too
Prefer watching over reading?
Subscribe for free.