Week 11

Introduction to
Computer
Science
CSC 101
Week 11

Introduction to Computer Science

1
Week 11

Basic Computer network vulnerabilities and security,

Introduction to Computer Networks
A computer network is a collection of interconnected devices that communicate with each
other to share resources and data. Computer networks connect devices to enable
communication and resource sharing. What makes networks particularly fascinating is how
they've evolved from simple connections between a few computers in a single room to vast
systems spanning the globe.

• Importance of Networks:
✓ Facilitates communication (email, video calls).
✓ Enables resource sharing (printers, storage).
✓ Supports collaborative work environments.

• Types of Networks:
✓ Local Area Network (LAN): Covers a small area, such as an office or home. like
your home or office network - devices connected within a limited area, sharing a
printer or accessing a local server.
✓ Wide Area Network (WAN): Connect across countries or continents - the
Internet being the largest WAN we know. Spans large geographical areas (e.g., the
Internet).
✓ Metropolitan Area Network (MAN): Covers a city or large campus. expand this
concept of LAN to cover a city,
• Components:
✓ Hardware: Routers, switches, servers, and client devices.
✓ Software: Operating systems, network management tools, and protocols.

Vulnerabilities in Computer Networks

Vulnerability
Think of a network like a house - it has multiple entry points, each potentially vulnerable to
different types of threats. Unpatched software is like having a broken window that anyone
could climb through. Weak passwords are akin to using a simple lock that's easy to pick.
What makes insider threats particularly dangerous is that they're like having someone with
a key to your house who decides to misuse that trust. Therefore, Vulnerability is a weakness
in a system that can be exploited to compromise security.

• Common Vulnerabilities:
✓ Unpatched Software: Outdated systems without security updates.
✓ Weak Passwords: Easily guessable or reused passwords.
✓ Phishing: Deceptive emails or messages to steal information.

Introduction to Computer Science

2
Week 11

✓ Open Ports: Unsecured network entry points.

✓ Insider Threats: Employees misusing access rights.

• Real-World Examples:
✓ Target Data Breach (2013): Hackers exploited a third-party vendor’s
credentials to access the network.
✓ WannaCry Ransomware Attack (2017): Exploited unpatched Windows
systems.

Security Concepts
• CIA Triad:
The foundation of network security:
✓ Confidentiality: Ensuring data is accessible only to authorized users.
Confidentiality ensures that sensitive information is accessible only to authorized
users, like keeping private conversations private
✓ Integrity: Ensuring data is accurate and untampered. Integrity guarantees that
data remains accurate and unaltered during transmission, like ensuring a
message arrives exactly as it was sent
✓ Availability: Ensuring systems and data are accessible when needed. Availability
means systems remain accessible when needed, like making sure emergency
services can always be reached.

• Tools for Network Security:

✓ Firewalls: Monitors and controls incoming/outgoing network traffic. A firewall
acts as your network's security guard, deciding which traffic to allow or block.
✓ Intrusion Detection Systems (IDS): Identifies potential security breaches. IDS
are like security cameras, watching for suspicious activities and alerting when
something seems amiss.
✓ Encryption: Protects data by converting it into unreadable formats.

Steps to Identify Vulnerabilities

• Network Scanning: Using tools like Nmap to identify open ports and services.
• Penetration Testing: Simulating attacks to uncover weaknesses.
• Monitoring and Logging: Keeping track of network activity for anomalies.

Summary
✓ Networks are essential for modern communication and resource sharing.
✓ Common vulnerabilities include weak passwords, unpatched systems, and insider
threats.
✓ The CIA Triad is the backbone of network security principles.

Introduction to Computer Science

3
Week 11

✓ Tools like firewalls and IDS play a critical role in protecting networks.

1. Review Questions
1. What are the main types of computer networks, and how do they differ?
2. Explain the CIA Triad and its significance in network security.
3. Describe three common vulnerabilities in computer networks and how they can be
mitigated.

Introduction to Computer Science

4
Week 11

Methods of Attack
Cyber-attacks are deliberate attempts to breach the security of information systems,
typically for malicious purposes such as theft, disruption, or espionage.

Motivations Behind Attacks:

The world of cyber-attacks is driven by complex motivations that shape how these attacks
unfold. Financial gain remains the most common driver - cybercriminals might target
banking systems or deploy ransomware for direct profit. Political motivations often manifest
in hacktivism or state-sponsored attacks, where the goal is to disrupt services or steal
sensitive information. Corporate espionage represents another significant motivation, with
attackers seeking intellectual property or competitive intelligence.
• Financial Gain: Cybercriminals seeking monetary rewards (e.g., ransomware).
• Political or Ideological Reasons: Hacktivism or cyber warfare.
• Espionage: Theft of sensitive data for competitive or national advantage.
• Personal Grievances: Insider threats or revenge attacks.

The Growing Threat Landscape:

• The increase in remote work has expanded the attack surface.
• Greater reliance on interconnected devices (IoT) has introduced new vulnerabilities.

2.2 Types of Cyber Attacks

• Malware (Malicious Software): Software designed to damage or gain unauthorized
access to systems.
 Types of Malware:
✓ Viruses: Attach to legitimate files and spread.
✓ Worms: Self-replicating programs that spread across networks.
✓ Ransomware: Encrypts data and demands payment for decryption.
✓ Spyware: Secretly collects user information.
✓ Adware: Displays unwanted advertisements, sometimes leading to further
malware infections.
 Example: The WannaCry ransomware attack.
• Phishing and Social Engineering: Deceptive methods to trick users into revealing
sensitive information.
 Common Techniques:
✓ Fake emails or websites imitating trusted entities.
✓ Spear-phishing: Highly targeted phishing attacks.
✓ Pretexting: Fabricating a scenario to gain trust.
 Example: The 2016 DNC email breach caused by a phishing attack.

Introduction to Computer Science

5
Week 11

• Denial of Service (DoS) and Distributed Denial of Service (DDoS): Overwhelming

a network or service with traffic to make it unavailable.
 Tools: Botnets (networks of compromised devices).
 Example: The 2016 Mirai botnet attack targeting DNS provider Dyn.

• Man-in-the-Middle (MITM) Attacks: Intercepting communication between two

parties to steal or alter data.
 Common Scenarios:
▪ Eavesdropping on unsecured Wi-Fi networks.
▪ DNS spoofing to redirect users to malicious sites.
• SQL Injection: Exploiting vulnerabilities in a database query to gain unauthorized
access.
 Example: Unauthorized data extraction from poorly coded login forms.

Emerging Threats
• Advanced Persistent Threats (APTs): Prolonged, targeted attacks by well-funded
adversaries, often for espionage.
o Characteristics: Stealthy, multi-phase attacks that focus on persistence
within the target system.
o Example: The Stuxnet worm targeting Iran's nuclear facilities.
• Zero-Day Vulnerabilities: Exploiting software vulnerabilities before developers can
issue patches.
o Example: The 2021 Microsoft Exchange Server vulnerabilities exploited
globally.
• IoT-Based Attacks: Exploiting vulnerabilities in interconnected devices like smart
cameras and thermostats.
o Risks: Compromised IoT devices can be part of botnets for DDoS attacks.

2. Review Questions
1. What are the differences between a virus, a worm, and ransomware?
2. Describe the steps involved in a typical cyber attack.
3. How do phishing and social engineering attacks work? Provide an example.

Introduction to Computer Science

6
Week 11

Computer Network Security Policy and Best Practices

Security Policies
A network security policy is a set of rules and guidelines designed to protect the integrity,
confidentiality, and availability of data and resources in a network.

A computer network security policy is the cornerstone of an organization's cybersecurity

strategy. It defines the rules, guidelines, and practices for securing the organization's IT
resources, including hardware, software, and data.

Purpose of Security Policies:

• Mitigating risks by defining acceptable use.
• Preventing unauthorized access and data breaches.
• Establishing a framework for responding to security incidents.

Importance:
• Aligns security measures with organizational goals.
• Provides clear guidelines for employees and IT teams.
• Ensures compliance with legal and regulatory requirements (e.g., GDPR, HIPAA).

Why Security Policies Matter:

• Prevent unauthorized access to sensitive data.
• Ensure compliance with legal and regulatory requirements.
• Minimize risks of cyberattacks and data breaches.

Challenges Without a Security Policy:

• Lack of clarity on security roles and responsibilities.
• Increased vulnerability to insider and external threats.
• Difficulty in responding effectively to security incidents.

3.2 Components of a Security Policy

1. Access Control Policies:
✓ Define who can access which systems and resources. That is, define who has access
to what resources and why.
✓ Implement role-based access control (RBAC) or least privilege principles to limit
access based on job roles.
✓ Examples: Only HR staff can access payroll systems.
2. Data Protection Policies:
✓ Establish rules for encrypting sensitive data during storage and transmission.
Adopting guidelines for handling sensitive data (encryption, storage, transmission).

Introduction to Computer Science

7
Week 11

✓ Ensure mandatory compliance with privacy regulations like GDPR, HIPAA, or CCPA
✓ Include procedures for securely disposing of outdated data.
3 Acceptable Use Policy (AUP):
✓ Set expectations for how employees use organizational resources like internet, email,
and devices. Defines appropriate use of organizational resources (e.g., internet, email,
BYOD).
✓ Prohibits activities like downloading pirated content or accessing malicious websites.
4. Incident Response Policy:
✓ Steps to detect, respond to, and recover from security incidents.
✓ Define a structured process for identifying, mitigating, and recovering from security
incidents.
✓ Assign roles for incident response management teams (e.g., IT, legal, and public
relations).
✓ Example: Steps to take if a ransomware attack occurs.
5. Remote Access Policy:
✓ Ensure employees accessing systems remotely use secure methods, such as VPNs and
multi-factor authentication (MFA) and device security standards.
✓ Define security requirements for personal devices used for work (e.g., mandatory
antivirus software).
6. Password Policy:
✓ Guidelines for creating and maintaining strong passwords.
✓ Require employees to create strong passwords (e.g., at least 12 characters, a mix of
uppercase, lowercase, numbers, and symbols).
✓ Enforce regular/ periodic password changes and prohibit password reuse.
✓ Promote the use of password managers for secure storage.
7. Monitoring and Logging:
✓ Mandate the logging of all critical system activities (e.g., logins, data access, and
configuration changes).
✓ Use Security Information and Event Management (SIEM) tools to analyze logs for
suspicious activities.

Best Practices for Network Security

1. Regular Software Updates and Patching:
✓ Ensure operating systems and applications are up to date.
✓ Protects against exploits targeting known vulnerabilities.
2. Multi-Factor Authentication (MFA):
✓ Adds an extra layer of security by requiring two or more verification methods.
Common MFA methods:
✓ OTP (One-Time Passwords) sent to mobile devices.
✓ Biometric authentication (fingerprints, facial recognition).

Introduction to Computer Science

8
Week 11

✓ Examples: Password + biometric authentication.

3. Encryption:
✓ Protect data during storage (disk encryption) and transmission (TLS/SSL).
✓ Ensure end-to-end encryption for sensitive communications.
4. Employee Training:
✓ Conduct regular cybersecurity awareness programs.
✓ Educate employees on phishing, social engineering, and password hygiene.
5. Network Segmentation:
✓ Divide the network into segments to limit access.
✓ Divide the network into smaller, isolated segments to limit the impact of a breach.
✓ Example: Separate public-facing web servers from internal databases or isolate
critical servers from the general user network.
6. Backups:
✓ Maintain regular backups of critical data.
✓ Store backups securely and test restoration processes.
7. Intrusion Detection and Prevention Systems (IDPS):
✓ Monitor network traffic for suspicious activities.
✓ Automatically block potential threats.
8. Zero Trust Model:
✓ Assume that no device or user is trustworthy by default.
✓ Continuously verify user identities and device compliance.

Introduction to Computer Science

9
Week 11

Internet
The Internet is a global network of interconnected computer systems that communicate
using standardized protocols to share information and services.
• Purpose:
✓ Facilitates communication and information exchange.
✓ Provides a platform for business, education, and entertainment.
✓ Serves as a backbone for technological innovation.
• Significance:
✓ Enabler of the digital age.
✓ Critical infrastructure for modern societies.

4.2 History and Evolution of the Internet

1. Origins:
✓ Began as ARPANET in the late 1960s, a project by the U.S. Department of Defense.
✓ Initial goal: To create a resilient communication network for military and research
purposes.
2. Key Milestones:
✓ 1970s: Development of TCP/IP protocols, which became the foundation of the
internet.
✓ 1980s: Expansion of ARPANET to academic and research institutions.
✓ 1990s: Emergence of the World Wide Web (WWW) by Tim Berners-Lee.
✓ 2000s: Rise of social media, e-commerce, and mobile internet.
3. Modern Internet:
✓ Over 5 billion users globally.
✓ Technologies like cloud computing, IoT, and 5G have further expanded its
capabilities.

4.3 How the Internet Works

1. Main Components:
✓ Servers: Store and provide access to data and services.
✓ Clients: Devices (e.g., smartphones, laptops) that access data from servers.
✓ Routers and Switches: Direct data packets between networks.
2. Data Transmission:
✓ Information is broken into packets for transmission.
✓ Packets travel across multiple nodes to reach their destination.
3. Protocols:
✓ TCP/IP (Transmission Control Protocol/Internet Protocol): Core protocol for
reliable data transmission.
✓ HTTPS: Protocols for accessing web pages securely.

Introduction to Computer Science

10
Week 11

✓ DNS (Domain Name System): Translates human-readable domain names (e.g.,

google.com) into IP addresses.
4. Internet Service Providers (ISPs):
✓ Companies that provide users with internet access.
✓ Examples: Comcast, AT&T, Vodafone.

4.4 Applications of the Internet

1. Communication:
✓ Email, instant messaging, and video conferencing (e.g., Zoom, Microsoft Teams).
✓ Social media platforms like Facebook, Twitter, and LinkedIn.
2. Education:
✓ E-learning platforms (e.g., Coursera, Khan Academy).
✓ Access to digital libraries and research papers.
3. E-commerce:
✓ Online shopping platforms like Amazon, Alibaba, and eBay.
✓ Payment gateways enabling cashless transactions.
4. Entertainment:
✓ Streaming services (e.g., Netflix, YouTube, Spotify).
✓ Online gaming and virtual reality experiences.
5. Healthcare:
✓ Telemedicine services for remote consultations.
✓ Health tracking devices connected via the Internet of Things (IoT).
6. Business and Industry:
✓ Cloud-based collaboration tools (e.g., Google Workspace, Slack).
✓ Automation and data analytics powered by cloud computing.

4.5 Challenges of the Internet

1. Cybersecurity Threats:
✓ Rise in phishing, ransomware, and other cyberattacks.
✓ Need for robust security measures like firewalls and encryption.
2. Privacy Concerns:
✓ Data collection by websites and apps.
✓ Unauthorized surveillance and tracking.
3. Digital Divide:
✓ Unequal access to the internet across regions and demographics.
✓ Hinders economic and educational opportunities for underserved populations.
4. Misinformation and Fake News:
✓ Spread of false information via social media and websites.
✓ Challenges in distinguishing credible sources.
5. Overreliance:

Introduction to Computer Science

11
Week 11

✓ Dependence on the internet for critical services increases vulnerability to

disruptions (e.g., outages, cyberattacks).

4.6 Emerging Trends and Future of the Internet

1. 5G and Beyond:
o Faster internet speeds enabling innovations in autonomous vehicles, smart cities,
and real-time communication.
2. Internet of Things (IoT):
o Billions of connected devices enhancing automation and efficiency in homes,
industries, and healthcare.
3. Artificial Intelligence (AI) and Machine Learning:
o AI-driven personalization of online services.
o Use of AI in cybersecurity to detect and prevent threats.
o
4. Review Questions
1. What are the key components of the internet, and how do they interact?
2. Explain the role of protocols like TCP/IP and DNS in internet functionality.
3. List three major challenges facing the internet today and suggest possible solutions.
4. How is the Internet of Things (IoT) changing the way devices communicate?

Introduction to Computer Science

12
Week 11

Databases
A database is a structured and organized collection of data that is stored electronically and
managed systematically to facilitate efficient retrieval, manipulation, and storage.

Databases enable users to handle vast amounts of information while maintaining

consistency, security, and accessibility. They serve as the backbone for many applications,
from websites and mobile apps to enterprise systems and research projects.

A database is an organized collection of data that is stored and managed to ensure easy
access, retrieval, and modification.

Importance of Databases:
• Enable efficient data storage and retrieval.
• Facilitate decision-making through data analysis.
• Support the functioning of software applications and websites.

Real-World Examples:
• Banking systems use databases to store account information.
• E-commerce platforms rely on databases to manage product inventories and
customer data.

Features of Databases
1. Data Organization:
o Databases arrange data into formats like tables, records, and fields to ensure
clarity and ease of access.
2. Data Integrity:
o Enforces rules to maintain the accuracy and reliability of data, such as ensuring
no duplicate records.
3. Data Security:
o Protects sensitive information through access controls, encryption, and
authentication mechanisms.
4. Scalability:
o Designed to handle growing data volumes without a loss in performance.
5. Concurrent Access:
o Supports multiple users accessing the database simultaneously without conflicts.

5.2 Why Are Databases Important?

Introduction to Computer Science

13
Week 11

• Centralized Storage: Keeps all relevant data in one place, reducing redundancy and
inconsistency.
• Efficiency: Provides tools to query and analyze data quickly.
• Automation: Powers automated systems, such as billing or inventory management.
• Decision-Making: Enables data-driven decisions by offering insights from analyzed
data.

5.3 Types of Databases

1. Relational Databases (RDBMS):
o Organize data into tables (rows and columns) with relationships between them.
o Use SQL (Structured Query Language) for data management.
o Example: MySQL, PostgreSQL, Oracle Database.
2. NoSQL Databases:
o Handle unstructured, semi-structured, or rapidly changing data.
o Popular for large-scale, distributed systems.
o Example: MongoDB, Cassandra.
3. Object-Oriented Databases:
o Store data as objects, similar to how programming languages like Java or Python
handle data.
o Example: db4o, ObjectDB.
4. Hierarchical Databases:
o Data is organized in a tree-like structure, where each child record has one parent.
o Example: IBM IMS.
5. Network Databases:
o Allow complex relationships with multiple parent-child records.
o Example: Integrated Data Store (IDS).
6. Cloud Databases:
o Hosted on cloud platforms, providing flexibility and scalability.
o Example: Amazon RDS, Google Cloud SQL.

5.4 Database Management Systems (DBMS)

A Database Management System (DBMS) is software that interacts with the database,
users, and applications to capture, store, and analyze data efficiently.
• Core Functions of DBMS:
1. Data Definition: Create and modify database structure.
2. Data Manipulation: Insert, update, delete, and query data.
3. Data Security: Enforce access controls and encrypt sensitive data.
4. Backup and Recovery: Protect data against loss and restore it when
necessary.
• Examples of DBMS Software:

Introduction to Computer Science

14
Week 11

o Microsoft SQL Server.

o Oracle Database.
o SQLite.

5.5 Basic Concepts in Database Design

1. Schema:
o A blueprint that defines the structure of the database, including tables, fields,
and relationships.
2. Primary Key:
o A unique identifier for records in a table.
3. Foreign Key:
o A field in one table that links to the primary key of another table, establishing
relationships.
4. Normalization:
o Process of organizing data to eliminate redundancy and improve efficiency.
5. ACID Properties:
o Ensure reliable transactions in a database:
▪ Atomicity: All operations in a transaction are completed or none are.
▪ Consistency: The database remains in a valid state before and after
transactions.
▪ Isolation: Transactions occur independently without interference.
▪ Durability: Once a transaction is committed, it remains permanent.

5.6 Applications of Databases

1. Healthcare:
o Patient record management and hospital information systems.
o Example: Electronic Health Records (EHR).
2. Banking and Finance:
o Manage customer accounts, transactions, and fraud detection.
3. E-Commerce:
o Track inventories, customer profiles, and order histories.
4. Education:
o Manage student information, academic records, and learning platforms.
5. Government:
o Handle census data, public service records, and tax systems.

5.7 Challenges in Database Management

1. Security Threats/Data security:
o Risk of data breaches and unauthorized access.
o Solution: Use advanced encryption and multi-factor authentication.

Introduction to Computer Science

15
Week 11

2. Scalability Issues:
o Difficulty in handling growing datasets.
o Solution: Cloud-based and distributed databases.
3. Data Consistency:
o Ensuring accurate and synchronized data across multiple systems.
o Solution: Employ database replication and robust synchronization
mechanisms.
4. Complexity:
• Managing relationships and queries in large databases.
• Solution: Implement user-friendly interfaces and advanced query tools.

5. Review Questions
1. What is the primary purpose of a database?
2. What are the ACID properties, and why are they important?
3. How can cloud databases improve scalability and reliability?

Introduction to Computer Science

16
Week 11

Artificial Intelligence and Application of Computers

Artificial Intelligence
Artificial Intelligence (AI) refers to the development of computer systems that can perform
tasks that typically require human intelligence, such as learning, problem-solving, and
decision-making.

Types of AI
1. Narrow or Weak AI: Designed to perform a specific task, such as facial recognition or
language translation.
2. General or Strong AI: Designed to perform any intellectual task that a human can, such
as reasoning and problem-solving.
3. Superintelligence: Significantly more intelligent than the best human minds.

Applications of AI
1. Robotics: AI is used to control and navigate robots.
2. Natural Language Processing: AI is used to analyze and generate human language.
3. Computer Vision: AI is used to interpret and understand visual data.
4. Expert Systems: AI is used to mimic the decision-making abilities of a human expert.

Advantages of AI
1. Increased Efficiency: AI can automate repetitive tasks.
2. Improved Accuracy: AI can perform tasks with greater accuracy than humans.
3. Enhanced Decision-Making: AI can analyze large amounts of data to make informed
decisions.

Disadvantages of AI
1. Job Displacement: AI can automate jobs, leading to unemployment.
2. Bias and Discrimination: AI can perpetuate existing biases and discrimination.
3. Security Risks: AI can be used to launch cyber attacks.

Application of Computers
Computers are electronic devices that can store, process, and communicate information.

Applications of Computers
1. Business: Computers are used for accounting, management, and communication.
2. Education: Computers are used for online learning, virtual classrooms, and educational
software.
3. Healthcare: Computers are used for medical imaging, patient records, and telemedicine.
4. Science and Engineering: Computers are used for simulations, data analysis, and modeling.

Introduction to Computer Science

17
Week 11

Advantages of Computers
1. Increased Productivity: Computers can automate repetitive tasks.
2. Improved Accuracy: Computers can perform tasks with greater accuracy than humans.
3. Enhanced Communication: Computers can facilitate communication through email, video
conferencing, and social media.

Disadvantages of Computers
1. Dependence on Technology: Computers can lead to a loss of basic skills.
2. Security Risks: Computers can be vulnerable to cyber attacks and data breaches.
3. Environmental Impact: Computers can contribute to e-waste and energy consumption.

Conclusion
Artificial Intelligence and computers have revolutionized the way we live and work. While
they offer numerous advantages, they also pose significant challenges. As we continue to
develop and rely on these technologies, it is essential to consider their impact on society and
the environment.

General Review Questions

1. What are the primary concepts of Data Editing in Microsoft Excel and their functions?
2. Explain the term “Data formatting”
3. Why is Data formatting tool an important tool?
4. When is a data called Big data?
5. Distinguish between the following Structured data, Unstructured data, semi-
structured data
6. What are the different forms data can be represented?
7. Define Network Topology
8. Outline any four (4) network topologies
9. Outline the various Applications of AI

Introduction to Computer Science

18