The Internet and Its Uses
The internet versus the web, URLs, HTTP and HTTPS, web browsers, how a page loads through DNS, cookies, digital currency and blockchain, and the full range of cyber security threats and solutions. Topic 5 of the 0478 / 2210 syllabus in full.
We use the internet every day, but few people know what actually happens when they type an address and press Enter. This chapter explains the machinery behind the web: how addresses are turned into the right server, how pages travel to your screen, how websites remember you, and how all of this is kept secure from a long list of threats.
The Internet vs the World Wide Web
People use these two terms as if they mean the same thing, but they do not. This is a guaranteed exam favourite.
| The Internet | The World Wide Web |
|---|---|
| The global physical infrastructure | A collection of websites and web pages |
| A network of networks: cables, routers, servers | Accessed using the internet through a browser |
| Carries all internet traffic (email, streaming, web, calls) | Uses the HTTP and HTTPS protocols |
| Exists on its own | One service that runs on top of the internet |
URLs
A URL (Uniform Resource Locator) is a text-based address that uniquely identifies a web page or resource on the internet. It has three parts.
The protocol says how to communicate (here, HTTPS). The domain name identifies the website. The file path points to the specific page or file. Domain names are turned into IP addresses by DNS servers, which the next sections explain.
HTTP and HTTPS
These are the protocols that move web pages between a server and your browser. The S in HTTPS stands for Secure, and that one letter matters a great deal.
| HTTP | HTTPS | |
|---|---|---|
| Full name | HyperText Transfer Protocol | HyperText Transfer Protocol Secure |
| Purpose | Transfers web pages between server and browser | Same, but with encryption |
| Encryption | None, data is sent in plain text | Uses SSL or TLS to encrypt the data |
| Security | Data can be intercepted and read | Intercepted data is encrypted and unreadable |
| Used for | Basic pages with no sensitive data | Banking, shopping, login pages |
Web Browsers
A web browser is an application whose main purpose is to request, receive and render HTML in order to display web pages to the user.
Functions of a web browser
- Storing bookmarks and favourites
- Recording and displaying browsing history
- Allowing several tabs to be open at once
- Storing and managing cookies
- Providing navigation tools: back, forward, refresh, home
- Providing an address bar for entering URLs
How a Web Page Loads
When you type a URL and press Enter, a sequence of steps happens in under a second. The key player is DNS, the Domain Name System, which acts like a phone book for the internet.
Press Next step to follow a request from the browser to the DNS, then to the web server, and back as a rendered page.
The steps in full
- The browser extracts the domain name from the URL
- The browser sends the domain name to a DNS (Domain Name Server)
- The DNS looks up the domain and returns the matching IP address
- The browser sends an HTTP or HTTPS request to the web server at that IP address
- The web server sends back the requested HTML, along with CSS, JavaScript and images
- The browser renders the HTML and displays the web page to the user
Cookies
A cookie is a small text file stored on a user's device by a website. It lets the website remember information about the user. There are two types.
| Session cookies | Persistent cookies | |
|---|---|---|
| Lifespan | Temporary, deleted when the browser closes | Saved on the device for a set period |
| Used for | Keeping a user logged in during a visit, holding items in a shopping cart, tracking activity in one session | Remembering login details, saving preferences such as language or theme, tracking behaviour across visits |
Digital Currency and Blockchain
A digital currency is money that exists only in electronic form, with no physical coins or notes. Bitcoin is the best-known example. The challenge with digital money is proving who owns what and preventing fraud, and that is the problem blockchain solves.
Blockchain is a digital ledger: a time-stamped, ordered list of transaction records that is distributed across many computers rather than held by one authority. Each block contains a set of transactions and a reference to the previous block, which chains them together.
Each block holds a reference linking it to the one before. Tap a block to alter it, and watch every block after it break, because the references no longer match.
Cyber Security Threats
You need to be able to describe each of these threats and the aim of carrying it out. Read each one carefully, because exam questions often test whether you can tell similar ones apart.
Brute-force attack
Systematically tries every possible password or key until the correct one is found.
Data interception
Captures data packets as they travel across a network to read sensitive information.
DDoS attack
Thousands of devices flood a server with requests at once, making it crash or become unavailable.
Hacking
Gaining unauthorised access to a system to steal, change or destroy data.
Virus
Malware that attaches to legitimate files and spreads when those files are opened or shared.
Worm
Self-replicating malware that spreads across networks without needing to attach to a file.
Trojan horse
Malware disguised as legitimate software. The user installs it willingly, then it causes harm.
Spyware
Secretly monitors activity and sends information such as passwords and keystrokes to an attacker.
Adware
Displays unwanted adverts and may redirect browser searches.
Ransomware
Encrypts the victim's files and demands payment for the decryption key.
Pharming
Redirects users to a fake website even when they type the correct URL, by exploiting DNS.
Phishing
Fake emails or messages pretending to be from trusted sources to trick users into revealing details.
Social engineering
Manipulating people psychologically into revealing confidential information or taking an action.
Cyber Security Solutions
For every threat there are defences. You should be able to explain how each one helps keep data safe.
| Solution | How it helps |
|---|---|
| Access levels | Different users get different permissions, limiting damage from insider threats |
| Anti-malware | Anti-virus and anti-spyware software detects and removes malicious programs |
| Authentication | Username and password, biometrics, or two-step verification confirm identity |
| Automated software updates | Patch security vulnerabilities as soon as fixes are available |
| Checking the URL of a link | Verifying a link before clicking helps avoid phishing and pharming sites |
| Checking email tone and spelling | Suspicious urgency or poor spelling can reveal a phishing attempt |
| Firewall | Monitors and filters incoming and outgoing network traffic against rules |
| Privacy settings | Limit what personal data websites and apps can access |
| Proxy server | Acts as an intermediary that hides the user's IP address and can filter content |
| SSL / HTTPS | Encrypts data between browser and server, shown by the padlock |
Exam Practice
The internet is the global physical infrastructure, the network of networks made up of cables, routers and servers. The world wide web is a collection of websites and web pages that is accessed using the internet through a browser, so it is just one service that runs on top of the internet.
Both transfer web pages between a server and a browser. HTTP sends the data as plain text with no encryption, so it can be intercepted and read, and is used for basic pages. HTTPS uses SSL or TLS to encrypt the data, so intercepted data cannot be read, and is used for sensitive activities like banking and shopping.
The browser extracts the domain name from the URL and sends it to a DNS server. The DNS looks up the domain and returns the matching IP address. The browser then sends an HTTP or HTTPS request to the web server at that IP address. The web server sends back the requested HTML along with any CSS, JavaScript and images. The browser renders the HTML and displays the page to the user.
A session cookie is temporary and is deleted when the browser is closed, used for example to hold items in a shopping cart during a visit. A persistent cookie is saved on the device for a set period and survives the browser being closed, used for example to remember a user's login details or preferences across visits.
Phishing uses fake emails or messages pretending to be from a trusted source to trick a user into revealing details. Pharming redirects a user to a fake website even when they type the correct URL, by exploiting DNS. Social engineering manipulates a person psychologically into revealing confidential information or performing an action, targeting the person rather than the system.
Authentication, such as a username and password, biometrics or two-step verification, confirms the identity of a user before granting access. A firewall monitors and filters incoming and outgoing network traffic against a set of rules, blocking unauthorised connections. Other valid answers include access levels, anti-malware and a proxy server.